last executing test programs:

36.792707608s ago: executing program 2 (id=719):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120800110000000401a80016", 0x33}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006007c09e8fe55a10a0017", 0x1f}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f7d28344b904020000", 0x2}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)

36.743100846s ago: executing program 2 (id=721):
r0 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r0, 0x110, 0x2, 0x0, 0x0)

36.741982687s ago: executing program 2 (id=723):
perf_event_open(&(0x7f0000000440)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x81001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x8, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x7)
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x11, &(0x7f0000000000)=r3, 0x8)

36.692628117s ago: executing program 2 (id=725):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0xc220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c00000003060101000000000000000001000000050001"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="180000008000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000c44185000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000a000000b703000000000000850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sys_enter\x00', r2}, 0x10)
bpf$MAP_CREATE(0x2000000000000015, &(0x7f0000000140), 0x48)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000002740)=ANY=[@ANYBLOB="14000000050000040000000000e62a82462b67fc"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
recvmsg$unix(r6, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x22)
write$cgroup_subtree(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="0763707573751400000000000009"], 0x17)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611234000000000061131b8a0fb7ca9871380000000000bf1000000000000025000200091b00003d200000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f067020000140000ae0015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f7500000006000000540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d56825"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
r9 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r9, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818)
sendmsg$sock(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='k', 0xffffffe2}, {&(0x7f0000000140)="ce15fc9dc237ed5b37773a15b2f2615b0230a382c5bd51f04ff7e6c1f67c42c528244c3436e3d42cd667901a878ce7a4ebb5c55bd9c6f14079c1afebfbd8107a4a469b59ae1543bdc3085d6a10876755db8093b364"}, {&(0x7f0000000040)="fe07e4ad9a397dadc913c79649675cd17df8bf86309a"}, {&(0x7f00000001c0)}], 0x1, &(0x7f0000000080)=[@timestamping={{0x14, 0x1, 0x25, 0x303}}], 0xa}, 0x4000081)

36.017915657s ago: executing program 2 (id=727):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x44051)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x8, 0x800003fe, 0x7fffffff, 0xffff}, 0x0, 0x2, 0xffffffffffffffff, 0x2)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x3fb, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000240)=ANY=[@ANYRESDEC=r0], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000440)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x180, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)=ANY=[], 0x48)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r1, 0x1, 0x2, &(0x7f0000001400), 0x4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x114, 0x4, 0x0, 0xe2a0a06200000010)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x50)
socket$kcm(0x10, 0x2, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x922000000001, 0x106)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000002400010122bd7000fcffff605d0000000800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x4048957}, 0x0)
socket$kcm(0xa, 0x2, 0x0)

35.873168161s ago: executing program 2 (id=728):
socket$kcm(0x2, 0x922000000001, 0x106)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="8800000000010104000000000000000002000000240001801400018008000100ac1e000108000200ac1414000c0002800500010000000000240002800c00028005000100000000001400018008000100ac1e01010800020000000000080007400000000024000e8014000180080001"], 0x88}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$inet6(r1, 0x0, 0x1840)
gettid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe, 0x66c}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5, 0x83501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x940, 0x4, 0x0, 0x0, 0x6d1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0x871a15abc695fa3d, 0x0, 0x25dfdbff, {}, [{0x4c, 0x1, [@m_ctinfo={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x464e3680, 0x90, 0x4, 0xffffff7f, 0x9}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x54004}, 0x0)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020, 0x14000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x2, 0x6}, 0x8224, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x6, 0x28}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='signal_generate\x00', r4, 0x0, 0x3}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x27, &(0x7f0000000000)=""/114}, 0x94)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000003c0007010000000000400000037c00000400fc8010000180"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000bf000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x28, 0x42, 0xb, 0x70bd26, 0x4000, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @ipv4=@empty}, @nested={0xa, 0x1, 0x0, 0x1, [@generic="78a449a0dd64"]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40080b0}, 0x404c000)

35.757433773s ago: executing program 32 (id=728):
socket$kcm(0x2, 0x922000000001, 0x106)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="8800000000010104000000000000000002000000240001801400018008000100ac1e000108000200ac1414000c0002800500010000000000240002800c00028005000100000000001400018008000100ac1e01010800020000000000080007400000000024000e8014000180080001"], 0x88}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$inet6(r1, 0x0, 0x1840)
gettid()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe, 0x66c}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5, 0x83501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x940, 0x4, 0x0, 0x0, 0x6d1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0x871a15abc695fa3d, 0x0, 0x25dfdbff, {}, [{0x4c, 0x1, [@m_ctinfo={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x464e3680, 0x90, 0x4, 0xffffff7f, 0x9}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x54004}, 0x0)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020, 0x14000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x2, 0x6}, 0x8224, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x6, 0x28}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='signal_generate\x00', r4, 0x0, 0x3}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x27, &(0x7f0000000000)=""/114}, 0x94)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000003c0007010000000000400000037c00000400fc8010000180"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000bf000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x28, 0x42, 0xb, 0x70bd26, 0x4000, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @ipv4=@empty}, @nested={0xa, 0x1, 0x0, 0x1, [@generic="78a449a0dd64"]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40080b0}, 0x404c000)

1.158181823s ago: executing program 3 (id=1171):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)

1.15643681s ago: executing program 3 (id=1172):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f0000000000)={&(0x7f0000001a40)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc01000000020000000200000000000000000000000000000800", @ANYRES64], 0xe0}}, 0x0)

1.066608146s ago: executing program 3 (id=1175):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x5421, 0x0)

1.000228107s ago: executing program 3 (id=1177):
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x48, &(0x7f00000000c0)=r0, 0x4)

930.087579ms ago: executing program 1 (id=1180):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x4f}, [@ldst={0x6, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)

929.712635ms ago: executing program 3 (id=1181):
socket$kcm(0x2, 0xa, 0x73)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0x11, 0x200000000000002, 0x300)

800.045785ms ago: executing program 0 (id=1182):
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12)
r0 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$kcm(r0, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x20000800)
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x1)
socket$kcm(0x2, 0x200000000000001, 0x106)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, 0x0}, 0x94)
socket$kcm(0x11, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)

737.780881ms ago: executing program 1 (id=1183):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x34000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0xc8, 0xfffffffe, 0x0, 0x9, 0x4, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef)
close(0xffffffffffffffff)

733.436122ms ago: executing program 1 (id=1184):
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x2, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
close(r1)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000002100)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f93824fc60100c034002000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

711.298784ms ago: executing program 3 (id=1185):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000001946}, 0x10401, 0x2, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a0080ff00000000fc010000000000000000000000000000000000000000000005000500000000000a000000000000000000000000000000000000000000deff00000000000000000800120002000200000000000000000030002b000303"], 0xa0}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000740)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200000800000000000008000f0100810401a80016ea1f0008400304000803600cfa94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00000000000000000000007afd3a15e9d75fb5ae9f", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1}, 0x48)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2, r5}, 0x38)
close(r3)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@map=r7, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket$kcm(0x15, 0x5, 0x0)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

649.083919ms ago: executing program 0 (id=1186):
perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x100, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd632e82ba068e8e1572ef2eb414ba5fccfc3c03e64df6a9cc3936c604aa2c0e2ec7b777475023f29b146af003472ce146a5ff997ba53c51026c0096154f9280a34bbf21d66f57a250b5397766122fc86950ce5252e96868cd04df54764cf2082153d6cedd8aaf9700c734aa4a1cb33a2e0a13c5687be4de327511bff9816d13c3219dac1c1535f10243db6f96960ea6a621f5e1b7babbedf0a6bf0cf74123d2e78d01be2b048883a2459eec630fb0293d28d9799fd3a792caff693fd9f002f14c43fb5a1051cc686b7f114d7927eed559bdf2e8ddea3e61d5d942b63fe90230b2e1948fc563ef94d437281671d2fe5032d2a091fa842b0af2e116ba"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

648.85357ms ago: executing program 1 (id=1187):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=@allocspi={0x158, 0x16, 0x1, 0x0, 0x0, {{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x8}, {@in=@dev, 0x0, 0x6c}, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x7fff}, [@replay_esn_val={0x1c, 0x17, {0x0, 0x70bd2b, 0x70bd28, 0x70bd29, 0x70bd2b, 0x36405ff2}}, @tmpl={0x44, 0x5, [{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x3c}, 0xa, @in=@multicast1, 0x3503, 0x1, 0x2, 0x4, 0x0, 0x7, 0x7ff}]}]}, 0x158}}, 0x0)

560.275949ms ago: executing program 1 (id=1188):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0xb2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

500.173477ms ago: executing program 1 (id=1189):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0xfe8a}], 0x1}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000001f40)=""/4091, 0xffb}], 0x2}, 0x2)
sendmsg$inet(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, 0x0, 0x80)

60.433467ms ago: executing program 0 (id=1190):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x44, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x30, 0x18, 0x0, 0x0, @binary="05ac0f0002ac0f0008ac0f00aaf06bec869c1eba340c8e5349c00de3bf542907da861ef4bbab00d0043522c1"}]}, 0x44}, 0x1, 0x0, 0x0, 0x42804}, 0x84)

60.223462ms ago: executing program 0 (id=1191):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0x6, &(0x7f0000000740)=r1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x24044441)

307.226µs ago: executing program 0 (id=1192):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'netdevsim0\x00', @remote})

0s ago: executing program 0 (id=1193):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x7e}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:6688' (ED25519) to the list of known hosts.
syzkaller login: [   56.047249][ T5792] cgroup: Unknown subsys name 'net'
[   56.165868][ T5792] cgroup: Unknown subsys name 'cpuset'
[   56.169771][ T5792] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.964098][ T5792] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.403745][ T5864] chnl_net:caif_netlink_parms(): no params data found
[   68.459686][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.462813][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.465397][ T5864] bridge_slave_0: entered allmulticast mode
[   68.468697][ T5864] bridge_slave_0: entered promiscuous mode
[   68.473202][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.475519][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.477824][ T5864] bridge_slave_1: entered allmulticast mode
[   68.480543][ T5864] bridge_slave_1: entered promiscuous mode
[   68.502838][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.507458][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.527535][ T5864] team0: Port device team_slave_0 added
[   68.530883][ T5864] team0: Port device team_slave_1 added
[   68.549548][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.551704][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.559810][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.564753][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.567167][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.575134][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.605635][ T5864] hsr_slave_0: entered promiscuous mode
[   68.607924][ T5864] hsr_slave_1: entered promiscuous mode
[   68.714005][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   68.719547][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   68.724746][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   68.729502][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.753716][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.756579][ T5864] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.759736][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.762582][ T5864] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.799312][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.809191][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.812020][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.820353][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[   68.827489][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.829783][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.837178][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.839453][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.945178][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.972450][ T5864] veth0_vlan: entered promiscuous mode
[   68.978602][ T5864] veth1_vlan: entered promiscuous mode
[   68.996742][ T5864] veth0_macvtap: entered promiscuous mode
[   69.000707][ T5864] veth1_macvtap: entered promiscuous mode
[   69.011062][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.018260][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.026240][ T5741] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.029879][ T5741] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.033022][ T5741] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.037331][ T5741] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.076633][ T5864] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   69.713642][ T5895] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.719919][ T5898] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   69.725868][ T5898] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   69.727809][ T5876] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.729379][ T5898] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.738400][ T5898] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   69.755470][ T5898] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   69.759111][ T5898] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   69.787992][ T5900] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.796216][ T5900] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.800146][ T5900] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.878604][ T5876] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.907718][ T5238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   69.913415][ T5238] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   69.917070][ T5238] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   69.921394][ T5238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   69.928206][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   69.960700][ T5876] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.110329][ T5894] chnl_net:caif_netlink_parms(): no params data found
[   70.169427][ T5897] chnl_net:caif_netlink_parms(): no params data found
[   70.309910][ T5894] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.312176][ T5894] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.314933][ T5894] bridge_slave_0: entered allmulticast mode
[   70.317725][ T5894] bridge_slave_0: entered promiscuous mode
[   70.321840][ T5894] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.325327][ T5894] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.328099][ T5894] bridge_slave_1: entered allmulticast mode
[   70.331736][ T5894] bridge_slave_1: entered promiscuous mode
[   70.379388][ T5897] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.382166][ T5897] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.385762][ T5897] bridge_slave_0: entered allmulticast mode
[   70.389372][ T5897] bridge_slave_0: entered promiscuous mode
[   70.413422][ T5897] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.415709][ T5897] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.418197][ T5897] bridge_slave_1: entered allmulticast mode
[   70.421160][ T5897] bridge_slave_1: entered promiscuous mode
[   70.458312][ T5894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.466318][ T5897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.488780][ T5894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.494430][ T5897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.568671][ T5894] team0: Port device team_slave_0 added
[   70.579990][ T5897] team0: Port device team_slave_0 added
[   70.587671][ T5894] team0: Port device team_slave_1 added
[   70.596545][ T5897] team0: Port device team_slave_1 added
[   70.624729][ T5902] chnl_net:caif_netlink_parms(): no params data found
[   70.632247][ T5894] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.635067][ T5894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.645125][ T5894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.681636][ T5894] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.684819][ T5894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.692365][ T5894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.700708][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.704795][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.716738][ T5897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.744417][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.746979][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.756600][ T5897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.802436][ T5894] hsr_slave_0: entered promiscuous mode
[   70.805096][ T5894] hsr_slave_1: entered promiscuous mode
[   70.807794][ T5894] debugfs: 'hsr0' already exists in 'hsr'
[   70.810038][ T5894] Cannot create hsr debugfs directory
[   70.847208][ T5902] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.850034][ T5902] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.853032][ T5902] bridge_slave_0: entered allmulticast mode
[   70.856555][ T5902] bridge_slave_0: entered promiscuous mode
[   70.895330][ T5902] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.897444][ T5902] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.899547][ T5902] bridge_slave_1: entered allmulticast mode
[   70.903266][ T5902] bridge_slave_1: entered promiscuous mode
[   70.944891][ T5897] hsr_slave_0: entered promiscuous mode
[   70.948158][ T5897] hsr_slave_1: entered promiscuous mode
[   70.950910][ T5897] debugfs: 'hsr0' already exists in 'hsr'
[   70.953769][ T5897] Cannot create hsr debugfs directory
[   70.982235][ T5902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.003798][ T5902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.074120][ T5902] team0: Port device team_slave_0 added
[   71.089801][ T5902] team0: Port device team_slave_1 added
[   71.147646][ T5902] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.150460][ T5902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.160624][ T5902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.178809][ T5902] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.181039][ T5902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.190314][ T5902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.250166][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[   71.254198][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[   71.305395][ T5876] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.320802][ T5902] hsr_slave_0: entered promiscuous mode
[   71.325255][ T5902] hsr_slave_1: entered promiscuous mode
[   71.328066][ T5902] debugfs: 'hsr0' already exists in 'hsr'
[   71.330303][ T5902] Cannot create hsr debugfs directory
[   71.411330][ T5894] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   71.423321][ T5894] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   71.434559][ T5894] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   71.446588][ T5894] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   71.568357][ T5894] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.588636][ T5894] 8021q: adding VLAN 0 to HW filter on device team0
[   71.597145][ T3581] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.599696][ T3581] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.609403][ T3581] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.611981][ T3581] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.755538][ T5894] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.789306][ T5894] veth0_vlan: entered promiscuous mode
[   71.796599][ T5894] veth1_vlan: entered promiscuous mode
[   71.803734][ T5238] Bluetooth: hci1: command tx timeout
[   71.818503][ T5894] veth0_macvtap: entered promiscuous mode
[   71.824341][ T5894] veth1_macvtap: entered promiscuous mode
[   71.837283][ T5894] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.846501][ T5894] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.855238][ T5918] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.859115][ T5918] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.863252][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.868470][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.883316][ T5238] Bluetooth: hci0: command tx timeout
[   71.941259][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.947462][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.962900][ T5238] Bluetooth: hci2: command tx timeout
[   71.974971][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.977652][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.095900][ T5938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17'.
[   72.657469][ T5960] syzkaller0: tun_chr_ioctl cmd 2147767506
[   73.156960][ T5876] bridge_slave_1: left allmulticast mode
[   73.159519][ T5876] bridge_slave_1: left promiscuous mode
[   73.163034][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.171190][ T5876] bridge_slave_0: left allmulticast mode
[   73.178132][ T5876] bridge_slave_0: left promiscuous mode
[   73.180506][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.489436][ T5876] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   73.499319][ T5876] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.504577][ T5876] bond0 (unregistering): Released all slaves
[   73.633540][ T5982] xt_l2tp: v2 tid > 0xffff: 327812
[   73.733574][ T5876] hsr_slave_0: left promiscuous mode
[   73.747059][ T5876] hsr_slave_1: left promiscuous mode
[   73.754088][ T5876] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.757139][ T5876] batman_adv: batadv0: Removing interface: batadv_slave_0
[   73.769143][ T5876] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.772076][ T5876] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.820367][ T5876] veth1_macvtap: left promiscuous mode
[   73.835280][ T5876] veth0_macvtap: left promiscuous mode
[   73.837687][ T5876] veth1_vlan: left promiscuous mode
[   73.845120][ T5876] veth0_vlan: left promiscuous mode
[   73.883088][ T5238] Bluetooth: hci1: command tx timeout
[   73.963875][ T5238] Bluetooth: hci0: command tx timeout
[   74.042732][ T5238] Bluetooth: hci2: command tx timeout
[   74.127215][ T5999] netlink: 'syz.1.39': attribute type 28 has an invalid length.
[   74.368058][ T5876] team0 (unregistering): Port device team_slave_1 removed
[   74.389946][ T5876] team0 (unregistering): Port device team_slave_0 removed
[   75.096214][ T5897] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.117869][ T5897] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.180375][ T5897] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.202273][ T5897] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.327655][ T5902] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.357856][ T5902] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.375193][ T5902] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.386718][ T5902] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.476748][ T6044] warning: `syz.1.50' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   75.557901][ T5897] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.596332][ T5897] 8021q: adding VLAN 0 to HW filter on device team0
[   75.615797][ T5902] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.622833][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.625703][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.635589][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.638886][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.667991][ T5902] 8021q: adding VLAN 0 to HW filter on device team0
[   75.686550][ T3010] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.689690][ T3010] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.711019][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.713934][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.930295][ T5897] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.962735][ T5238] Bluetooth: hci1: command tx timeout
[   75.980936][ T5902] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.024928][ T5897] veth0_vlan: entered promiscuous mode
[   76.044884][ T5238] Bluetooth: hci0: command tx timeout
[   76.076369][ T5897] veth1_vlan: entered promiscuous mode
[   76.088255][ T5902] veth0_vlan: entered promiscuous mode
[   76.111553][ T5902] veth1_vlan: entered promiscuous mode
[   76.123001][ T5238] Bluetooth: hci2: command tx timeout
[   76.126121][ T6063] netlink: 149044 bytes leftover after parsing attributes in process `syz.1.55'.
[   76.138638][ T5897] veth0_macvtap: entered promiscuous mode
[   76.160379][ T5897] veth1_macvtap: entered promiscuous mode
[   76.194433][ T5897] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.198886][ T5902] veth0_macvtap: entered promiscuous mode
[   76.216037][ T5897] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.222290][ T5902] veth1_macvtap: entered promiscuous mode
[   76.247801][ T5741] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.257589][ T5741] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.261921][ T5741] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.275650][ T5902] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.289651][ T5741] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.305428][ T6067] netlink: 10 bytes leftover after parsing attributes in process `syz.1.57'.
[   76.318783][ T5902] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.402506][    C1] hrtimer: interrupt took 37641 ns
[   76.412081][ T5876] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.416049][ T5876] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.420512][ T5876] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.434961][ T5876] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.467629][ T3010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.481276][ T3010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.527603][ T3010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.534054][ T3010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.550836][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.561122][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.606017][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.610433][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.750053][ T6078] netlink: 20 bytes leftover after parsing attributes in process `syz.1.60'.
[   77.060221][ T6099] netlink: 'syz.1.71': attribute type 210 has an invalid length.
[   77.075304][ T6100] syzkaller1: tun_chr_ioctl cmd 1074025677
[   77.077897][ T6100] syzkaller1: linktype set to 1
[   77.126998][ T6103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.72'.
[   77.217196][ T6106] Zero length message leads to an empty skb
[   77.305985][ T6112] netlink: 'syz.0.77': attribute type 1 has an invalid length.
[   77.352055][ T6106] xt_socket: unknown flags 0x6
[   77.358333][ T6114] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   77.541531][ T6122] netlink: 20 bytes leftover after parsing attributes in process `syz.1.82'.
[   78.043368][ T5238] Bluetooth: hci1: command tx timeout
[   78.122738][ T5238] Bluetooth: hci0: command tx timeout
[   78.212629][ T5238] Bluetooth: hci2: command tx timeout
[   79.011817][ T6155] bridge0: port 3(ip6gretap0) entered blocking state
[   79.014462][ T6155] bridge0: port 3(ip6gretap0) entered disabled state
[   79.017900][ T6155] ip6gretap0: entered allmulticast mode
[   79.021509][ T6155] ip6gretap0: entered promiscuous mode
[   79.025525][ T6155] bridge0: port 3(ip6gretap0) entered blocking state
[   79.028226][ T6155] bridge0: port 3(ip6gretap0) entered forwarding state
[   79.037506][ T6157] netlink: 28 bytes leftover after parsing attributes in process `syz.2.97'.
[   79.071221][ T6157] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   79.261501][ T6166] netlink: 'syz.0.100': attribute type 39 has an invalid length.
[   79.521906][ T6170] netlink: 128 bytes leftover after parsing attributes in process `syz.2.102'.
[   79.531305][ T6170] netlink: 20 bytes leftover after parsing attributes in process `syz.2.102'.
[   79.689599][ T6178] netlink: 294 bytes leftover after parsing attributes in process `syz.0.106'.
[   79.753820][ T6181] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.107'.
[   79.993609][ T6188] syz.2.110 uses obsolete (PF_INET,SOCK_PACKET)
[   80.051536][ T6192] netlink: 12 bytes leftover after parsing attributes in process `syz.2.113'.
[   80.091024][ T6198] netlink: 'syz.2.115': attribute type 2 has an invalid length.
[   80.094099][ T6198] netlink: 120 bytes leftover after parsing attributes in process `syz.2.115'.
[   80.645142][ T6210] netlink: 240 bytes leftover after parsing attributes in process `syz.1.120'.
[   82.372188][ T6219] netlink: 12 bytes leftover after parsing attributes in process `syz.1.123'.
[   82.376030][ T6219] netlink: 8 bytes leftover after parsing attributes in process `syz.1.123'.
[   82.475694][ T6216] Driver unsupported XDP return value 0 on prog  (id 39) dev N/A, expect packet loss!
[   82.758798][ T6233] netlink: 'syz.1.129': attribute type 3 has an invalid length.
[   82.762059][ T6233] netlink: 'syz.1.129': attribute type 1 has an invalid length.
[   82.782197][ T6233] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.129'.
[   84.450178][ T6293] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   84.462428][ T6299] netlink: 'syz.1.158': attribute type 3 has an invalid length.
[   84.467172][ T6293] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   84.943450][ T6305] delete_channel: no stack
[   84.945702][ T6305] delete_channel: no stack
[   85.417992][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.162'.
[   85.472406][ T6320] netlink: 4868 bytes leftover after parsing attributes in process `syz.2.166'.
[   85.472445][ T6320] netlink: 4868 bytes leftover after parsing attributes in process `syz.2.166'.
[   85.472458][ T6320] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'.
[   85.651101][ T6326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'.
[   86.561603][ T6326] syzkaller0: entered promiscuous mode
[   86.564791][ T6326] syzkaller0: entered allmulticast mode
[   86.616401][   T47] cfg80211: failed to load regulatory.db
[   86.662418][ T6343] netlink: 830 bytes leftover after parsing attributes in process `syz.1.171'.
[   86.665673][ T6343] bond_slave_0: entered promiscuous mode
[   86.667710][ T6343] bond_slave_1: entered promiscuous mode
[   86.758766][ T6347] netlink: 188 bytes leftover after parsing attributes in process `syz.1.176'.
[   88.005133][ T6373] netlink: 'syz.1.189': attribute type 13 has an invalid length.
[   88.008300][ T6373] netlink: 'syz.1.189': attribute type 58 has an invalid length.
[   88.011604][ T6373] netlink: 152 bytes leftover after parsing attributes in process `syz.1.189'.
[   88.174160][ T6377] netlink: 'syz.2.192': attribute type 2 has an invalid length.
[   89.559937][   T33] audit: type=1107 audit(1758099732.842:2): pid=6410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=','
[   91.097778][ T6491] netlink: 132 bytes leftover after parsing attributes in process `syz.0.237'.
[   91.288233][ T6499] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.552942][ T6511] syzkaller0: entered promiscuous mode
[   91.554720][ T6511] syzkaller0: entered allmulticast mode
[   91.759754][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.251'.
[   91.770777][ T6526] netlink: 'syz.2.251': attribute type 40 has an invalid length.
[   93.527464][ T6526] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   94.139788][ T6575] netlink: 'syz.2.273': attribute type 1 has an invalid length.
[   94.535525][ T6597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.284'.
[   94.575632][ T6597] netlink: 'syz.2.284': attribute type 4 has an invalid length.
[   94.578776][ T6597] netlink: 152 bytes leftover after parsing attributes in process `syz.2.284'.
[   94.645993][ T6597] .`: renamed from bond0 (while UP)
[   94.840605][ T6611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.289'.
[   94.859122][ T6597] syz.2.284 (6597) used greatest stack depth: 19536 bytes left
[   94.982671][ T6621] netlink: 'syz.0.295': attribute type 2 has an invalid length.
[   94.985685][ T6621] netlink: 'syz.0.295': attribute type 1 has an invalid length.
[   94.988635][ T6621] netlink: 'syz.0.295': attribute type 8 has an invalid length.
[   94.991565][ T6621] netlink: 44 bytes leftover after parsing attributes in process `syz.0.295'.
[   98.957270][ T6664] netlink: 'syz.1.313': attribute type 1 has an invalid length.
[   99.213354][ T6678] netlink: 92 bytes leftover after parsing attributes in process `syz.0.319'.
[   99.322066][ T6684] pim6reg1: entered promiscuous mode
[   99.326296][ T6684] pim6reg1: entered allmulticast mode
[   99.770388][ T6711] netlink: 60 bytes leftover after parsing attributes in process `syz.1.334'.
[   99.792379][ T6711] netlink: 60 bytes leftover after parsing attributes in process `syz.1.334'.
[   99.807716][ T6711] netlink: 60 bytes leftover after parsing attributes in process `syz.1.334'.
[  100.038261][    C1] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  100.593368][ T6742] netlink: 'syz.2.348': attribute type 3 has an invalid length.
[  100.597192][ T6742] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.348'.
[  100.774087][ T6746] syzkaller0: entered promiscuous mode
[  100.776504][ T6746] syzkaller0: entered allmulticast mode
[  102.606469][ T6752] netlink: 56 bytes leftover after parsing attributes in process `syz.0.351'.
[  102.610087][ T6752] netlink: 12 bytes leftover after parsing attributes in process `syz.0.351'.
[  102.622780][ T6752] netlink: 43 bytes leftover after parsing attributes in process `syz.0.351'.
[  102.625506][ T6752] netlink: 43 bytes leftover after parsing attributes in process `syz.0.351'.
[  103.213361][ T6736] syz.1.345: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  103.219946][ T6736] CPU: 0 UID: 0 PID: 6736 Comm: syz.1.345 Not tainted syzkaller #0 PREEMPT(full) 
[  103.219959][ T6736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  103.219966][ T6736] Call Trace:
[  103.219971][ T6736]  <TASK>
[  103.219976][ T6736]  dump_stack_lvl+0x189/0x250
[  103.219999][ T6736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.220010][ T6736]  ? __pfx__printk+0x10/0x10
[  103.220022][ T6736]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  103.220033][ T6736]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  103.220043][ T6736]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  103.220054][ T6736]  warn_alloc+0x214/0x310
[  103.220065][ T6736]  ? __pfx_warn_alloc+0x10/0x10
[  103.220076][ T6736]  ? __get_vm_area_node+0x28f/0x300
[  103.220088][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220101][ T6736]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  103.220131][ T6736]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  103.220143][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220154][ T6736]  ? __get_vm_area_node+0x28f/0x300
[  103.220166][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220177][ T6736]  __vmalloc_node_range_noprof+0x56a/0x12f0
[  103.220189][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220198][ T6736]  ? do_syscall_64+0xfa/0x3b0
[  103.220221][ T6736]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  103.220236][ T6736]  ? rcu_is_watching+0x15/0xb0
[  103.220245][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220255][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220264][ T6736]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  103.220276][ T6736]  ? hash_ipportip_create+0x358/0xfe0
[  103.220287][ T6736]  ? hash_ipportip_create+0x2fe/0xfe0
[  103.220299][ T6736]  hash_ipportip_create+0x358/0xfe0
[  103.220313][ T6736]  ? __nla_parse+0x40/0x60
[  103.220322][ T6736]  ? __pfx_hash_ipportip_create+0x10/0x10
[  103.220333][ T6736]  ip_set_create+0xa97/0x1940
[  103.220346][ T6736]  ? ip_set_create+0x4a2/0x1940
[  103.220363][ T6736]  ? __pfx_ip_set_create+0x10/0x10
[  103.220390][ T6736]  nfnetlink_rcv_msg+0xb4d/0x1130
[  103.220405][ T6736]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  103.220425][ T6736]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  103.220437][ T6736]  ? kasan_save_free_info+0x46/0x50
[  103.220468][ T6736]  netlink_rcv_skb+0x208/0x470
[  103.220478][ T6736]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  103.220491][ T6736]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  103.220505][ T6736]  ? bpf_lsm_capable+0x9/0x20
[  103.220516][ T6736]  ? security_capable+0x7e/0x2e0
[  103.220528][ T6736]  nfnetlink_rcv+0x26a/0x2520
[  103.220541][ T6736]  ? __dev_queue_xmit+0x1d79/0x3b50
[  103.220558][ T6736]  ? __dev_queue_xmit+0x27b/0x3b50
[  103.220574][ T6736]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  103.220587][ T6736]  ? __pfx___dev_queue_xmit+0x10/0x10
[  103.220629][ T6736]  ? ref_tracker_free+0x63a/0x7d0
[  103.220642][ T6736]  ? __asan_memcpy+0x40/0x70
[  103.220657][ T6736]  ? __pfx_ref_tracker_free+0x10/0x10
[  103.220664][ T6736]  ? __skb_clone+0x63/0x7a0
[  103.220677][ T6736]  ? __skb_clone+0x483/0x7a0
[  103.220690][ T6736]  ? skb_clone+0x246/0x3a0
[  103.220703][ T6736]  ? __netlink_deliver_tap+0x807/0x850
[  103.220711][ T6736]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.220723][ T6736]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.220735][ T6736]  netlink_unicast+0x82f/0x9e0
[  103.220747][ T6736]  ? __pfx_netlink_unicast+0x10/0x10
[  103.220756][ T6736]  ? netlink_sendmsg+0x642/0xb30
[  103.220764][ T6736]  ? skb_put+0x11b/0x210
[  103.220775][ T6736]  netlink_sendmsg+0x805/0xb30
[  103.220788][ T6736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.220799][ T6736]  ? aa_sock_msg_perm+0xf1/0x1d0
[  103.220808][ T6736]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  103.220818][ T6736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.220827][ T6736]  __sock_sendmsg+0x21c/0x270
[  103.220842][ T6736]  ____sys_sendmsg+0x505/0x830
[  103.220855][ T6736]  ? __pfx_____sys_sendmsg+0x10/0x10
[  103.220869][ T6736]  ? import_iovec+0x74/0xa0
[  103.220883][ T6736]  ___sys_sendmsg+0x21f/0x2a0
[  103.220894][ T6736]  ? __pfx____sys_sendmsg+0x10/0x10
[  103.220921][ T6736]  ? __fget_files+0x2a/0x420
[  103.220942][ T6736]  ? __fget_files+0x3a0/0x420
[  103.220956][ T6736]  __x64_sys_sendmsg+0x19b/0x260
[  103.220968][ T6736]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  103.220983][ T6736]  ? rcu_is_watching+0x15/0xb0
[  103.220994][ T6736]  ? do_syscall_64+0xbe/0x3b0
[  103.221005][ T6736]  do_syscall_64+0xfa/0x3b0
[  103.221013][ T6736]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.221022][ T6736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.221030][ T6736]  ? exc_page_fault+0x9f/0xf0
[  103.221039][ T6736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.221047][ T6736] RIP: 0033:0x7fdb4a18eba9
[  103.221056][ T6736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.221063][ T6736] RSP: 002b:00007fdb4b044038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.221072][ T6736] RAX: ffffffffffffffda RBX: 00007fdb4a3d5fa0 RCX: 00007fdb4a18eba9
[  103.221078][ T6736] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  103.221083][ T6736] RBP: 00007fdb4a211e19 R08: 0000000000000000 R09: 0000000000000000
[  103.221088][ T6736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.221092][ T6736] R13: 00007fdb4a3d6038 R14: 00007fdb4a3d5fa0 R15: 00007ffc94c9fc68
[  103.221105][ T6736]  </TASK>
[  103.221195][ T6736] Mem-Info:
[  103.408776][ T6736] active_anon:5614 inactive_anon:0 isolated_anon:0
[  103.408776][ T6736]  active_file:1284 inactive_file:38259 isolated_file:0
[  103.408776][ T6736]  unevictable:1768 dirty:330 writeback:0
[  103.408776][ T6736]  slab_reclaimable:9566 slab_unreclaimable:53956
[  103.408776][ T6736]  mapped:18097 shmem:2434 pagetables:992
[  103.408776][ T6736]  sec_pagetables:0 bounce:0
[  103.408776][ T6736]  kernel_misc_reclaimable:0
[  103.408776][ T6736]  free:267963 free_pcp:18892 free_cma:0
[  103.423431][ T6736] Node 0 active_anon:13108kB inactive_anon:0kB active_file:3212kB inactive_file:147656kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42472kB dirty:1128kB writeback:0kB shmem:4840kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5272kB pagetables:2352kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  103.435333][ T6736] Node 1 active_anon:9348kB inactive_anon:0kB active_file:1924kB inactive_file:5380kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:29916kB dirty:192kB writeback:0kB shmem:4896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6236kB pagetables:1616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  103.455920][ T6736] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  103.465510][ T6736] lowmem_reserve[]: 0 811 811 811 811
[  103.467719][ T6736] Node 0 DMA32 free:177044kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12700kB inactive_anon:0kB active_file:3212kB inactive_file:147656kB unevictable:3536kB writepending:1128kB present:1556484kB managed:830888kB mlocked:0kB bounce:0kB free_pcp:23188kB local_pcp:8824kB free_cma:0kB
[  103.478940][ T6736] lowmem_reserve[]: 0 0 0 0 0
[  103.480702][ T6736] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[  103.492405][ T6736] lowmem_reserve[]: 0 0 854 854 854
[  103.494252][ T6736] Node 1 Normal free:420956kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8532kB inactive_anon:0kB active_file:1924kB inactive_file:5380kB unevictable:3536kB writepending:192kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:54372kB local_pcp:15704kB free_cma:0kB
[  103.504946][ T6736] lowmem_reserve[]: 0 0 0 0 0
[  103.506748][ T6736] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  103.512717][ T6736] Node 0 DMA32: 158*4kB (M) 124*8kB (ME) 113*16kB (UM) 66*32kB (ME) 31*64kB (ME) 18*128kB (M) 7*256kB (UME) 7*512kB (UM) 6*1024kB (ME) 4*2048kB (ME) 36*4096kB (M) = 177000kB
[  103.518879][ T6736] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[  103.530075][ T6736] Node 1 Normal: 1646*4kB (UM) 904*8kB (UM) 437*16kB (UME) 154*32kB (UME) 102*64kB (UM) 59*128kB (UM) 31*256kB (UE) 25*512kB (UM) 24*1024kB (UME) 4*2048kB (UM) 80*4096kB (UM) = 421000kB
[  103.539532][ T6736] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  103.542298][ T6736] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  103.549142][ T6736] 41977 total pagecache pages
[  103.551063][ T6736] 0 pages in swap cache
[  103.556474][ T6736] Free swap  = 124996kB
[  103.558205][ T6736] Total swap = 124996kB
[  103.562878][ T6736] 786301 pages RAM
[  103.564453][ T6736] 0 pages HighMem/MovableOnly
[  103.566274][ T6736] 241347 pages reserved
[  103.567914][ T6736] 0 pages cma reserved
[  103.951697][ T5238] Bluetooth: hci0: unexpected event 0x3b length: 15 > 10
[  105.490606][ T6789] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.365'.
[  105.559187][ T6793] netlink: 16 bytes leftover after parsing attributes in process `syz.0.367'.
[  106.442143][ T6827] netlink: 32 bytes leftover after parsing attributes in process `syz.0.381'.
[  106.500513][ T6827] openvswitch: netlink: Missing key (keys=40, expected=100)
[  106.625607][ T6843] netlink: 152 bytes leftover after parsing attributes in process `syz.2.387'.
[  106.643733][ T6843] netlink: 6 bytes leftover after parsing attributes in process `syz.2.387'.
[  107.156421][ T6861] netlink: 92 bytes leftover after parsing attributes in process `syz.2.397'.
[  107.371511][ T6861] netlink: 'syz.2.397': attribute type 39 has an invalid length.
[  107.992290][ T6885] netlink: 180 bytes leftover after parsing attributes in process `syz.0.407'.
[  108.041901][ T6887] C: renamed from team_slave_0 (while UP)
[  108.054620][ T6887] netlink: 164 bytes leftover after parsing attributes in process `syz.0.408'.
[  108.206924][ T6898] netlink: 28 bytes leftover after parsing attributes in process `syz.1.413'.
[  108.210713][ T6898] netlink: 28 bytes leftover after parsing attributes in process `syz.1.413'.
[  109.264037][ T6914] netlink: 'syz.2.420': attribute type 10 has an invalid length.
[  109.266886][ T6914] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.270108][ T6914] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.283023][ T6914] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.285967][ T6914] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.288789][ T6914] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.291473][ T6914] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.298550][ T6914] team0: Port device bridge0 added
[  109.318902][ T6914] bridge_slave_1: left allmulticast mode
[  109.321115][ T6914] bridge_slave_1: left promiscuous mode
[  109.339422][ T6914] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.350246][ T6914] bridge_slave_0: left allmulticast mode
[  109.354314][ T6914] bridge_slave_0: left promiscuous mode
[  109.356374][ T6914] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.388615][ T6914] team0: Port device bridge0 removed
[  116.011102][ T6994] __nla_validate_parse: 3 callbacks suppressed
[  116.011118][ T6994] netlink: 277 bytes leftover after parsing attributes in process `syz.1.456'.
[  116.018126][ T6993] netlink: 24032 bytes leftover after parsing attributes in process `syz.2.454'.
[  116.021953][ T6993] netlink: 104088 bytes leftover after parsing attributes in process `syz.2.454'.
[  116.045625][ T5238] Bluetooth: hci1: unexpected subevent 0x0c length: 150 > 5
[  116.049169][ T6993] netlink: 24032 bytes leftover after parsing attributes in process `syz.2.454'.
[  116.114308][ T6998] netlink: 44 bytes leftover after parsing attributes in process `syz.1.458'.
[  116.170208][ T7003] netlink: 'syz.0.460': attribute type 21 has an invalid length.
[  116.238237][ T7007] tap0: tun_chr_ioctl cmd 1074025677
[  116.241163][ T7007] tap0: linktype set to 804
[  116.709123][ T7030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.473'.
[  116.756476][ T7035] netlink: 204 bytes leftover after parsing attributes in process `syz.0.473'.
[  117.737836][ T7062] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.486'.
[  117.817030][ T7068] delete_channel: no stack
[  117.819351][ T7067] delete_channel: no stack
[  117.839311][ T7070] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.490'.
[  117.843274][ T7070] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.490'.
[  118.208131][ T5238] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[  118.271881][ T7101] netlink: 'syz.1.502': attribute type 13 has an invalid length.
[  118.328675][ T7103] netlink: 'syz.2.503': attribute type 12 has an invalid length.
[  118.377005][ T7109] netlink: 'syz.1.506': attribute type 29 has an invalid length.
[  118.381299][ T7109] netlink: 'syz.1.506': attribute type 29 has an invalid length.
[  118.385176][ T7109] netlink: 'syz.1.506': attribute type 29 has an invalid length.
[  118.477675][ T5238] Bluetooth: hci1: unexpected event 0x08 length: 15 > 4
[  118.916524][ T7143] netlink: 'syz.0.518': attribute type 39 has an invalid length.
[  119.123980][ T7143] veth0_macvtap: left promiscuous mode
[  120.282683][ T5900] Bluetooth: hci2: command tx timeout
[  120.523707][ T5900] Bluetooth: hci1: command 0x0406 tx timeout
[  122.290635][ T7235] netlink: 'syz.2.557': attribute type 12 has an invalid length.
[  122.296334][ T7235] __nla_validate_parse: 4 callbacks suppressed
[  122.296344][ T7235] netlink: 132 bytes leftover after parsing attributes in process `syz.2.557'.
[  122.833895][ T7256] netlink: 'syz.0.566': attribute type 4 has an invalid length.
[  122.836471][ T7256] netlink: 152 bytes leftover after parsing attributes in process `syz.0.566'.
[  122.849510][ T7256] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  122.937971][ T7259] netlink: 20 bytes leftover after parsing attributes in process `syz.1.568'.
[  122.987393][ T7263] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.570'.
[  123.300669][ T7271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.573'.
[  123.765915][ T7280] ksmbd: Unknown IPC event: 1, ignore.
[  123.869082][ T7286] delete_channel: no stack
[  123.958606][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.584'.
[  123.962706][ T7295] netlink: 32 bytes leftover after parsing attributes in process `syz.0.584'.
[  125.419087][ T7327] netlink: 'syz.2.598': attribute type 14 has an invalid length.
[  125.422030][ T7327] netlink: 164 bytes leftover after parsing attributes in process `syz.2.598'.
[  126.329139][ T7359] netlink: 'syz.2.611': attribute type 10 has an invalid length.
[  126.340161][ T7359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.345263][ T7359] .`: (slave batadv0): Enslaving as an active interface with an up link
[  126.564083][ T7366] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.614'.
[  127.085567][ T5238] Bluetooth: hci1: unexpected event 0x10 length: 15 > 1
[  127.086411][ T5238] Bluetooth: hci1: hardware error 0x00
[  127.383639][ T7396] netlink: 'syz.0.626': attribute type 1 has an invalid length.
[  127.387432][ T7396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'.
[  127.698230][ T7402] netlink: 16 bytes leftover after parsing attributes in process `syz.2.629'.
[  128.191180][ T7416] netlink: 'syz.0.634': attribute type 21 has an invalid length.
[  128.198354][ T7416] netlink: 14565 bytes leftover after parsing attributes in process `syz.0.634'.
[  128.252085][ T7419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.635'.
[  129.170831][ T5238] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  129.432363][ T7434] netlink: 88 bytes leftover after parsing attributes in process `syz.2.641'.
[  129.591541][ T7447] netlink: 156 bytes leftover after parsing attributes in process `syz.1.645'.
[  129.727425][ T7456] C: renamed from team_slave_0 (while UP)
[  129.793193][ T7456] netlink: 'syz.2.650': attribute type 3 has an invalid length.
[  129.802667][ T7456] netlink: 152 bytes leftover after parsing attributes in process `syz.2.650'.
[  129.887578][ T7464] IPv6: NLM_F_CREATE should be specified when creating new route
[  129.999804][ T7470] =======================================================
[  129.999804][ T7470] WARNING: The mand mount option has been deprecated and
[  129.999804][ T7470]          and is ignored by this kernel. Remove the mand
[  129.999804][ T7470]          option from the mount to silence this warning.
[  129.999804][ T7470] =======================================================
[  130.025535][ T7470] tmpfs: Bad value for 'gid'
[  130.027491][ T7470] tmpfs: Bad value for 'gid'
[  130.399906][ T7483] netlink: 64 bytes leftover after parsing attributes in process `syz.2.663'.
[  130.706973][ T7494] netlink: 'syz.2.668': attribute type 10 has an invalid length.
[  130.710793][ T7494] syz_tun: entered promiscuous mode
[  130.723342][ T7494] .`: (slave syz_tun): Enslaving as an active interface with an up link
[  131.029836][ T7504] netlink: 132 bytes leftover after parsing attributes in process `syz.0.673'.
[  132.687643][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  132.690249][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  133.168629][ T7554] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  133.175528][ T7550] : port 1(vlan0) entered blocking state
[  133.177950][ T7550] : port 1(vlan0) entered disabled state
[  133.180381][ T7550] vlan0: entered allmulticast mode
[  133.184052][ T7550] veth0_vlan: entered allmulticast mode
[  133.187844][ T7550] vlan0: entered promiscuous mode
[  133.193106][ T7550] : port 1(vlan0) entered blocking state
[  133.195574][ T7550] : port 1(vlan0) entered forwarding state
[  133.267151][ T7563] netlink: 12 bytes leftover after parsing attributes in process `syz.1.699'.
[  133.400151][ T7569] : renamed from gre0 (while UP)
[  133.454853][ T7575] netlink: 'syz.1.701': attribute type 1 has an invalid length.
[  133.458117][ T7575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.701'.
[  133.507806][ T7577] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.705'.
[  133.659235][ T7590] netlink: 'syz.1.711': attribute type 3 has an invalid length.
[  133.672747][ T7590] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.711'.
[  133.796599][ T7596] C: renamed from team_slave_0 (while UP)
[  133.800801][ T7596] netlink: 'syz.1.714': attribute type 1 has an invalid length.
[  133.805030][ T7596] netlink: 152 bytes leftover after parsing attributes in process `syz.1.714'.
[  133.808794][ T7596] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  133.906761][ T7604] netlink: 20 bytes leftover after parsing attributes in process `syz.2.718'.
[  133.910294][ T7604] netlink: 16 bytes leftover after parsing attributes in process `syz.2.718'.
[  133.954219][ T7606] netlink: 'syz.2.719': attribute type 22 has an invalid length.
[  134.809258][ T5902] .`: (slave syz_tun): Releasing backup interface
[  135.136265][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.733'.
[  135.209808][ T7642] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'.
[  135.293637][ T5900] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  135.297893][ T5900] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  135.303776][ T5900] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  135.307935][ T5900] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  135.310881][ T5900] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  135.579102][ T7647] chnl_net:caif_netlink_parms(): no params data found
[  135.751789][ T7647] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.756101][ T7647] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.759845][ T7647] bridge_slave_0: entered allmulticast mode
[  135.764102][ T7647] bridge_slave_0: entered promiscuous mode
[  135.768621][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.771418][ T7647] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.779785][ T7647] bridge_slave_1: entered allmulticast mode
[  135.783492][ T7647] bridge_slave_1: entered promiscuous mode
[  135.951478][ T7647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  135.978483][ T7647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.051856][ T7647] team0: Port device team_slave_0 added
[  136.062353][ T7647] team0: Port device team_slave_1 added
[  136.173666][ T7647] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.176493][ T7647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.199648][ T7647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  136.206883][ T7647] batman_adv: batadv0: Adding interface: batadv_slave_1
[  136.209656][ T7647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.220068][ T7647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  136.297217][ T7647] hsr_slave_0: entered promiscuous mode
[  136.300629][ T7647] hsr_slave_1: entered promiscuous mode
[  136.330067][ T7677] netlink: 65055 bytes leftover after parsing attributes in process `syz.1.746'.
[  136.504758][ T7647] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  136.516637][ T7647] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  136.525994][ T7647] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  136.531131][ T7647] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  136.607180][ T7691] netlink: 'syz.1.750': attribute type 39 has an invalid length.
[  136.611814][ T7647] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.616405][ T7691] veth0_macvtap: left promiscuous mode
[  136.649510][ T7647] 8021q: adding VLAN 0 to HW filter on device team0
[  136.658402][  T731] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.661038][  T731] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.668696][  T731] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.671342][  T731] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.841209][ T7647] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.881009][ T7647] veth0_vlan: entered promiscuous mode
[  136.889549][ T7647] veth1_vlan: entered promiscuous mode
[  136.911294][ T7647] veth0_macvtap: entered promiscuous mode
[  136.918540][ T7647] veth1_macvtap: entered promiscuous mode
[  136.935925][ T7647] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.959085][ T7647] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.984798][ T5918] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.990888][ T5918] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.996079][ T5918] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  137.000831][ T5918] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  137.063707][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.066344][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.104539][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.107313][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.402928][ T5238] Bluetooth: hci2: command tx timeout
[  138.094123][ T7757] netlink: 'syz.1.777': attribute type 10 has an invalid length.
[  138.144229][ T7757] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  138.287964][ T7759] netlink: 'syz.1.778': attribute type 2 has an invalid length.
[  138.644551][ T7769] __nla_validate_parse: 2 callbacks suppressed
[  138.644566][ T7769] netlink: 132 bytes leftover after parsing attributes in process `syz.3.782'.
[  138.791776][ T7777] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  138.794954][ T7777] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.021782][ T7781] netlink: 'syz.3.788': attribute type 10 has an invalid length.
[  139.025951][ T7781] netlink: 55 bytes leftover after parsing attributes in process `syz.3.788'.
[  139.507859][ T5238] Bluetooth: hci2: command tx timeout
[  140.667043][ T7820] netlink: 'syz.0.804': attribute type 9 has an invalid length.
[  141.562633][ T5238] Bluetooth: hci2: command tx timeout
[  143.642899][ T5238] Bluetooth: hci2: command tx timeout
[  143.837842][ T7830] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.810'.
[  144.114624][ T7843] netlink: 'syz.0.815': attribute type 10 has an invalid length.
[  144.853560][ T7843] veth1_vlan: entered allmulticast mode
[  144.873732][ T7843] team0: Device veth1_vlan failed to register rx_handler
[  145.041395][ T7849] netlink: 'syz.3.817': attribute type 5 has an invalid length.
[  145.135743][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.818'.
[  145.139138][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.818'.
[  145.205998][ T7854] netlink: 'syz.3.819': attribute type 2 has an invalid length.
[  145.478472][ T7865] netlink: 'syz.3.824': attribute type 10 has an invalid length.
[  145.493330][ T7865] batman_adv: batadv0: Adding interface: netdevsim0
[  145.496206][ T7865] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.522844][ T7865] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  145.743082][ T7876] netlink: 'syz.0.827': attribute type 1 has an invalid length.
[  145.746344][ T7876] netlink: 'syz.0.827': attribute type 4 has an invalid length.
[  145.762004][ T7876] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.827'.
[  145.813543][ T7876] netlink: 'syz.0.827': attribute type 1 has an invalid length.
[  145.817073][ T7876] netlink: 'syz.0.827': attribute type 4 has an invalid length.
[  145.820253][ T7876] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.827'.
[  146.000827][ T7891] netlink: 124 bytes leftover after parsing attributes in process `syz.1.834'.
[  146.012993][ T7891] netlink: 32 bytes leftover after parsing attributes in process `syz.1.834'.
[  146.186560][ T7915] netlink: 'syz.0.845': attribute type 2 has an invalid length.
[  146.189682][ T7915] netlink: 'syz.0.845': attribute type 1 has an invalid length.
[  146.192955][ T7915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'.
[  146.989548][ T7923] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.216509][ T7923] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  147.305668][ T7923] syz.0.848 (7923) used greatest stack depth: 19512 bytes left
[  147.503776][ T7946] netlink: 55 bytes leftover after parsing attributes in process `syz.3.856'.
[  148.995838][ T8003] netlink: 152 bytes leftover after parsing attributes in process `syz.1.881'.
[  149.018078][ T8004] netlink: 132 bytes leftover after parsing attributes in process `syz.3.880'.
[  149.607261][ T8024] validate_nla: 3 callbacks suppressed
[  149.607322][ T8024] netlink: 'syz.1.886': attribute type 27 has an invalid length.
[  149.613924][ T8024] netlink: 152 bytes leftover after parsing attributes in process `syz.1.886'.
[  149.617638][ T8024] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  149.801132][ T8030] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.891'.
[  149.805400][ T8030] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  151.216737][ T8069] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  151.456904][ T8072] netlink: 'syz.3.902': attribute type 16 has an invalid length.
[  151.460812][ T8072] netlink: 'syz.3.902': attribute type 3 has an invalid length.
[  151.481603][ T8072] netlink: 132 bytes leftover after parsing attributes in process `syz.3.902'.
[  153.202006][ T8111] netlink: 830 bytes leftover after parsing attributes in process `syz.3.921'.
[  153.630221][ T8124] tap0: tun_chr_ioctl cmd 2148553947
[  153.690956][ T5238] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4
[  153.909046][ T8132] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.931'.
[  154.192347][ T8137] netlink: 92 bytes leftover after parsing attributes in process `syz.3.933'.
[  154.212730][ T8137] netlink: 92 bytes leftover after parsing attributes in process `syz.3.933'.
[  154.805996][ T8157] netlink: 40 bytes leftover after parsing attributes in process `syz.3.941'.
[  154.808868][ T8157] netlink: 'syz.3.941': attribute type 1 has an invalid length.
[  154.891878][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.945'.
[  155.952145][ T8103] Set syz1 is full, maxelem 65536 reached
[  156.642698][ T8198] netlink: 13 bytes leftover after parsing attributes in process `syz.3.959'.
[  156.751991][ T8208] netlink: 20 bytes leftover after parsing attributes in process `syz.3.964'.
[  156.946049][ T8218] netlink: 'syz.3.969': attribute type 5 has an invalid length.
[  156.948726][ T8218] netlink: 168 bytes leftover after parsing attributes in process `syz.3.969'.
[  157.048609][ T8219] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  157.051933][ T8219] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.072208][ T8219] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.083873][ T8219] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.124680][ T8219] bond0: (slave batadv0): Releasing backup interface
[  158.272727][ T8255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.984'.
[  158.579080][ T8281] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[  158.582242][ T8281] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  158.614757][ T8284] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  158.740503][ T8296] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1003'.
[  158.754625][ T8296] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1003'.
[  159.173309][ T8317] netlink: 'syz.1.1012': attribute type 29 has an invalid length.
[  159.184689][ T8317] netlink: 'syz.1.1012': attribute type 29 has an invalid length.
[  159.192445][ T8317] netlink: 'syz.1.1012': attribute type 29 has an invalid length.
[  159.205495][ T8317] netlink: 'syz.1.1012': attribute type 29 has an invalid length.
[  159.219594][ T5876] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.078690][ T8381] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1042'.
[  160.120455][ T8383] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  160.125313][ T8383] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  160.258525][ T8388] syzkaller0: entered promiscuous mode
[  160.261023][ T8388] syzkaller0: entered allmulticast mode
[  162.377102][ T8419] netlink: 'syz.0.1056': attribute type 2 has an invalid length.
[  162.380224][ T8419] netlink: 'syz.0.1056': attribute type 8 has an invalid length.
[  162.386312][ T8419] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1056'.
[  163.068287][ T8443] netlink: 'syz.0.1067': attribute type 25 has an invalid length.
[  163.079308][ T8443] netlink: 2418 bytes leftover after parsing attributes in process `syz.0.1067'.
[  163.325224][ T8452] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1071'.
[  163.510712][ T8452] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1071'.
[  163.628034][ T8452] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1071'.
[  163.771487][ T8484] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1085'.
[  164.002356][ T8499] netlink: 'syz.1.1091': attribute type 21 has an invalid length.
[  164.066367][ T8499] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1091'.
[  164.070856][ T8499] netlink: 'syz.1.1091': attribute type 5 has an invalid length.
[  164.075935][ T8499] netlink: 'syz.1.1091': attribute type 6 has an invalid length.
[  164.078423][ T8499] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1091'.
[  164.233651][ T8513] netlink: 'syz.3.1097': attribute type 4 has an invalid length.
[  164.424731][ T8520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1096'.
[  165.048303][ T8536] D`: renamed from hsr_slave_1
[  165.551434][ T8556] netlink: 'syz.3.1114': attribute type 26 has an invalid length.
[  165.641157][ T8562] __nla_validate_parse: 1 callbacks suppressed
[  165.641199][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'.
[  166.118958][ T5238] Bluetooth: hci2: unexpected event 0x32 length: 82 > 9
[  166.291428][ T8581] openvswitch: netlink: Missing key (keys=40, expected=80)
[  166.565629][ T8596] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1133'.
[  166.569504][ T8596] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1133'.
[  167.051593][ T8609] : entered promiscuous mode
[  167.387671][ T8621] netlink: 'syz.3.1145': attribute type 10 has an invalid length.
[  167.760736][ T8633] netlink: 'syz.3.1149': attribute type 10 has an invalid length.
[  168.350155][ T8643] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1154'.
[  168.478382][ T8648] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1156'.
[  168.899754][ T8657] tap0: tun_chr_ioctl cmd 1074025672
[  168.901907][ T8657] tap0: ignored: set checksum enabled
[  169.588986][ T8686] netlink: 'syz.3.1171': attribute type 21 has an invalid length.
[  169.591552][ T8686] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1171'.
[  169.638374][ T8690] netlink: 'syz.1.1173': attribute type 280 has an invalid length.
[  170.077970][ T8714] netlink: 'syz.1.1184': attribute type 3 has an invalid length.
[  170.080774][ T8714] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1184'.
[  170.199936][ T8721] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1185'.
[  170.815413][ T8739] ==================================================================
[  170.817985][ T8739] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  170.820357][ T8739] Read of size 4 at addr ffff888111c6a044 by task syz.0.1194/8739
[  170.823699][ T8739] 
[  170.824883][ T8739] CPU: 0 UID: 0 PID: 8739 Comm: syz.0.1194 Not tainted syzkaller #0 PREEMPT(full) 
[  170.824903][ T8739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  170.824914][ T8739] Call Trace:
[  170.824919][ T8739]  <TASK>
[  170.824924][ T8739]  dump_stack_lvl+0x189/0x250
[  170.824938][ T8739]  ? __kasan_check_byte+0x12/0x40
[  170.824952][ T8739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.824961][ T8739]  ? lock_release+0x4b/0x3e0
[  170.824977][ T8739]  ? __virt_addr_valid+0x4a5/0x5c0
[  170.824988][ T8739]  print_report+0xca/0x240
[  170.824996][ T8739]  ? xfrm_alloc_spi+0x570/0xf30
[  170.825007][ T8739]  kasan_report+0x118/0x150
[  170.825019][ T8739]  ? xfrm_alloc_spi+0x570/0xf30
[  170.825031][ T8739]  xfrm_alloc_spi+0x570/0xf30
[  170.825042][ T8739]  ? xfrm_alloc_spi+0x2a0/0xf30
[  170.825055][ T8739]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  170.825065][ T8739]  ? xfrm_find_acq+0x87/0xa0
[  170.825077][ T8739]  xfrm_alloc_userspi+0x70b/0xc90
[  170.825091][ T8739]  ? apparmor_capable+0x137/0x1b0
[  170.825101][ T8739]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  170.825113][ T8739]  ? __nla_parse+0x40/0x60
[  170.825122][ T8739]  xfrm_user_rcv_msg+0x7a3/0xab0
[  170.825135][ T8739]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  170.825153][ T8739]  ? __pfx___mutex_trylock_common+0x10/0x10
[  170.825162][ T8739]  ? rcu_is_watching+0x15/0xb0
[  170.825171][ T8739]  ? trace_contention_end+0x39/0x120
[  170.825179][ T8739]  ? __mutex_lock+0x335/0x1350
[  170.825189][ T8739]  netlink_rcv_skb+0x208/0x470
[  170.825199][ T8739]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  170.825211][ T8739]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  170.825227][ T8739]  ? netlink_deliver_tap+0x2e/0x1b0
[  170.825236][ T8739]  ? netlink_deliver_tap+0x2e/0x1b0
[  170.825249][ T8739]  xfrm_netlink_rcv+0x79/0x90
[  170.825267][ T8739]  netlink_unicast+0x82f/0x9e0
[  170.825280][ T8739]  ? __pfx_netlink_unicast+0x10/0x10
[  170.825292][ T8739]  ? netlink_sendmsg+0x642/0xb30
[  170.825303][ T8739]  ? skb_put+0x11b/0x210
[  170.825319][ T8739]  netlink_sendmsg+0x805/0xb30
[  170.825333][ T8739]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.825346][ T8739]  ? aa_sock_msg_perm+0xf1/0x1d0
[  170.825361][ T8739]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  170.825375][ T8739]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.825387][ T8739]  __sock_sendmsg+0x21c/0x270
[  170.825405][ T8739]  ____sys_sendmsg+0x505/0x830
[  170.825421][ T8739]  ? __pfx_____sys_sendmsg+0x10/0x10
[  170.825442][ T8739]  ? import_iovec+0x74/0xa0
[  170.825460][ T8739]  ___sys_sendmsg+0x21f/0x2a0
[  170.825474][ T8739]  ? __pfx____sys_sendmsg+0x10/0x10
[  170.825490][ T8739]  ? __fget_files+0x2a/0x420
[  170.825497][ T8739]  ? __fget_files+0x3a0/0x420
[  170.825506][ T8739]  __x64_sys_sendmsg+0x19b/0x260
[  170.825515][ T8739]  ? perf_trace_run_bpf_submit+0x100/0x170
[  170.825524][ T8739]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  170.825536][ T8739]  ? rcu_is_watching+0x15/0xb0
[  170.825544][ T8739]  ? do_syscall_64+0xbe/0x3b0
[  170.825555][ T8739]  do_syscall_64+0xfa/0x3b0
[  170.825563][ T8739]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.825571][ T8739]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.825579][ T8739]  ? exc_page_fault+0x9f/0xf0
[  170.825586][ T8739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.825594][ T8739] RIP: 0033:0x7f295518eba9
[  170.825603][ T8739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.825611][ T8739] RSP: 002b:00007f2956039038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.825620][ T8739] RAX: ffffffffffffffda RBX: 00007f29553d5fa0 RCX: 00007f295518eba9
[  170.825626][ T8739] RDX: 0000000000048000 RSI: 0000200000000000 RDI: 0000000000000003
[  170.825632][ T8739] RBP: 00007f2955211e19 R08: 0000000000000000 R09: 0000000000000000
[  170.825637][ T8739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  170.825642][ T8739] R13: 00007f29553d6038 R14: 00007f29553d5fa0 R15: 00007fffcaea83e8
[  170.825652][ T8739]  </TASK>
[  170.825655][ T8739] 
[  170.949165][ T8739] Allocated by task 7220:
[  170.950515][ T8739]  kasan_save_track+0x3e/0x80
[  170.951992][ T8739]  __kasan_slab_alloc+0x6c/0x80
[  170.953604][ T8739]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  170.955369][ T8739]  xfrm_state_alloc+0x24/0x2f0
[  170.957008][ T8739]  __find_acq_core+0x8a7/0x1c00
[  170.958540][ T8739]  xfrm_find_acq+0x78/0xa0
[  170.959939][ T8739]  xfrm_alloc_userspi+0x6b3/0xc90
[  170.961651][ T8739]  xfrm_user_rcv_msg+0x7a3/0xab0
[  170.963147][ T8739]  netlink_rcv_skb+0x208/0x470
[  170.964659][ T8739]  xfrm_netlink_rcv+0x79/0x90
[  170.966414][ T8739]  netlink_unicast+0x82f/0x9e0
[  170.967996][ T8739]  netlink_sendmsg+0x805/0xb30
[  170.969635][ T8739]  __sock_sendmsg+0x21c/0x270
[  170.971361][ T8739]  ____sys_sendmsg+0x505/0x830
[  170.973134][ T8739]  ___sys_sendmsg+0x21f/0x2a0
[  170.974775][ T8739]  __x64_sys_sendmsg+0x19b/0x260
[  170.976670][ T8739]  do_syscall_64+0xfa/0x3b0
[  170.978166][ T8739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.980185][ T8739] 
[  170.980896][ T8739] Freed by task 24:
[  170.982114][ T8739]  kasan_save_track+0x3e/0x80
[  170.983941][ T8739]  kasan_save_free_info+0x46/0x50
[  170.985879][ T8739]  __kasan_slab_free+0x5b/0x80
[  170.987378][ T8739]  kmem_cache_free+0x18f/0x400
[  170.988883][ T8739]  xfrm_state_gc_task+0x52d/0x6b0
[  170.990426][ T8739]  process_scheduled_works+0xae1/0x17b0
[  170.992403][ T8739]  worker_thread+0x8a0/0xda0
[  170.994248][ T8739]  kthread+0x711/0x8a0
[  170.995690][ T8739]  ret_from_fork+0x439/0x7d0
[  170.997150][ T8739]  ret_from_fork_asm+0x1a/0x30
[  170.998659][ T8739] 
[  170.999639][ T8739] The buggy address belongs to the object at ffff888111c69f80
[  170.999639][ T8739]  which belongs to the cache xfrm_state of size 928
[  171.003875][ T8739] The buggy address is located 196 bytes inside of
[  171.003875][ T8739]  freed 928-byte region [ffff888111c69f80, ffff888111c6a320)
[  171.008975][ T8739] 
[  171.009933][ T8739] The buggy address belongs to the physical page:
[  171.012502][ T8739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888111c6b180 pfn:0x111c68
[  171.016251][ T8739] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  171.018825][ T8739] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  171.021299][ T8739] page_type: f5(slab)
[  171.022555][ T8739] raw: 057ff00000000040 ffff88801d3d73c0 dead000000000122 0000000000000000
[  171.025160][ T8739] raw: ffff888111c6b180 00000000800e0006 00000000f5000000 0000000000000000
[  171.027800][ T8739] head: 057ff00000000040 ffff88801d3d73c0 dead000000000122 0000000000000000
[  171.030440][ T8739] head: ffff888111c6b180 00000000800e0006 00000000f5000000 0000000000000000
[  171.033426][ T8739] head: 057ff00000000002 ffffea0004471a01 00000000ffffffff 00000000ffffffff
[  171.036946][ T8739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  171.040392][ T8739] page dumped because: kasan: bad access detected
[  171.042880][ T8739] page_owner tracks the page as allocated
[  171.045084][ T8739] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6453, tgid 6452 (syz.0.222), ts 90506450741, free_ts 90055282169
[  171.052275][ T8739]  post_alloc_hook+0x240/0x2a0
[  171.053941][ T8739]  get_page_from_freelist+0x21e4/0x22c0
[  171.056010][ T8739]  __alloc_frozen_pages_noprof+0x181/0x370
[  171.057843][ T8739]  alloc_pages_mpol+0x232/0x4a0
[  171.059711][ T8739]  allocate_slab+0x8a/0x370
[  171.061476][ T8739]  ___slab_alloc+0xbeb/0x1420
[  171.063302][ T8739]  kmem_cache_alloc_noprof+0x283/0x3c0
[  171.065075][ T8739]  xfrm_state_alloc+0x24/0x2f0
[  171.066912][ T8739]  xfrm_add_sa+0x17d1/0x4070
[  171.068748][ T8739]  xfrm_user_rcv_msg+0x7a3/0xab0
[  171.070942][ T8739]  netlink_rcv_skb+0x208/0x470
[  171.072764][ T8739]  xfrm_netlink_rcv+0x79/0x90
[  171.074660][ T8739]  netlink_unicast+0x82f/0x9e0
[  171.076558][ T8739]  netlink_sendmsg+0x805/0xb30
[  171.078082][ T8739]  __sock_sendmsg+0x21c/0x270
[  171.079946][ T8739]  ____sys_sendmsg+0x505/0x830
[  171.081873][ T8739] page last free pid 6440 tgid 6439 stack trace:
[  171.084374][ T8739]  __free_frozen_pages+0xbc4/0xd30
[  171.086432][ T8739]  __slab_free+0x303/0x3c0
[  171.088236][ T8739]  qlist_free_all+0x97/0x140
[  171.089844][ T8739]  kasan_quarantine_reduce+0x148/0x160
[  171.091501][ T8739]  __kasan_slab_alloc+0x22/0x80
[  171.093022][ T8739]  __kmalloc_cache_noprof+0x1be/0x3d0
[  171.094680][ T8739]  kset_create_and_add+0x5a/0x170
[  171.096356][ T8739]  netdev_register_kobject+0x1a2/0x310
[  171.098094][ T8739]  register_netdevice+0x126c/0x1ae0
[  171.099796][ T8739]  tun_set_iff+0x844/0xef0
[  171.101442][ T8739]  __tun_chr_ioctl+0x788/0x1df0
[  171.103338][ T8739]  __se_sys_ioctl+0xfc/0x170
[  171.104943][ T8739]  do_syscall_64+0xfa/0x3b0
[  171.106724][ T8739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.108948][ T8739] 
[  171.109880][ T8739] Memory state around the buggy address:
[  171.112037][ T8739]  ffff888111c69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  171.115090][ T8739]  ffff888111c69f80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.117946][ T8739] >ffff888111c6a000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.121014][ T8739]                                            ^
[  171.123388][ T8739]  ffff888111c6a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.126442][ T8739]  ffff888111c6a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.129540][ T8739] ==================================================================
[  171.132815][ T8739] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  171.135558][ T8739] CPU: 0 UID: 0 PID: 8739 Comm: syz.0.1194 Not tainted syzkaller #0 PREEMPT(full) 
[  171.139145][ T8739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  171.143082][ T8739] Call Trace:
[  171.144394][ T8739]  <TASK>
[  171.145561][ T8739]  dump_stack_lvl+0x99/0x250
[  171.147374][ T8739]  ? __asan_memcpy+0x40/0x70
[  171.149230][ T8739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.150875][ T8739]  ? __pfx__printk+0x10/0x10
[  171.152398][ T8739]  vpanic+0x281/0x750
[  171.153809][ T8739]  ? __pfx_vpanic+0x10/0x10
[  171.155304][ T8739]  ? irqentry_exit+0x74/0x90
[  171.156828][ T8739]  panic+0xb9/0xc0
[  171.158053][ T8739]  ? __pfx_panic+0x10/0x10
[  171.159512][ T8739]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  171.161547][ T8739]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  171.163679][ T8739]  ? xfrm_alloc_spi+0x570/0xf30
[  171.165231][ T8739]  check_panic_on_warn+0x89/0xb0
[  171.166678][ T8739]  ? xfrm_alloc_spi+0x570/0xf30
[  171.168735][ T8739]  end_report+0x78/0x160
[  171.170482][ T8739]  kasan_report+0x129/0x150
[  171.172350][ T8739]  ? xfrm_alloc_spi+0x570/0xf30
[  171.174344][ T8739]  xfrm_alloc_spi+0x570/0xf30
[  171.176210][ T8739]  ? xfrm_alloc_spi+0x2a0/0xf30
[  171.177920][ T8739]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  171.179543][ T8739]  ? xfrm_find_acq+0x87/0xa0
[  171.180995][ T8739]  xfrm_alloc_userspi+0x70b/0xc90
[  171.182573][ T8739]  ? apparmor_capable+0x137/0x1b0
[  171.184165][ T8739]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  171.185915][ T8739]  ? __nla_parse+0x40/0x60
[  171.187339][ T8739]  xfrm_user_rcv_msg+0x7a3/0xab0
[  171.188922][ T8739]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  171.190626][ T8739]  ? __pfx___mutex_trylock_common+0x10/0x10
[  171.192442][ T8739]  ? rcu_is_watching+0x15/0xb0
[  171.193944][ T8739]  ? trace_contention_end+0x39/0x120
[  171.195599][ T8739]  ? __mutex_lock+0x335/0x1350
[  171.197106][ T8739]  netlink_rcv_skb+0x208/0x470
[  171.198600][ T8739]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  171.200313][ T8739]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  171.201952][ T8739]  ? netlink_deliver_tap+0x2e/0x1b0
[  171.203563][ T8739]  ? netlink_deliver_tap+0x2e/0x1b0
[  171.205488][ T8739]  xfrm_netlink_rcv+0x79/0x90
[  171.207297][ T8739]  netlink_unicast+0x82f/0x9e0
[  171.208985][ T8739]  ? __pfx_netlink_unicast+0x10/0x10
[  171.210670][ T8739]  ? netlink_sendmsg+0x642/0xb30
[  171.212250][ T8739]  ? skb_put+0x11b/0x210
[  171.213582][ T8739]  netlink_sendmsg+0x805/0xb30
[  171.215100][ T8739]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.216756][ T8739]  ? aa_sock_msg_perm+0xf1/0x1d0
[  171.218327][ T8739]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  171.220460][ T8739]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.222542][ T8739]  __sock_sendmsg+0x21c/0x270
[  171.224464][ T8739]  ____sys_sendmsg+0x505/0x830
[  171.226318][ T8739]  ? __pfx_____sys_sendmsg+0x10/0x10
[  171.228005][ T8739]  ? import_iovec+0x74/0xa0
[  171.229432][ T8739]  ___sys_sendmsg+0x21f/0x2a0
[  171.231122][ T8739]  ? __pfx____sys_sendmsg+0x10/0x10
[  171.233216][ T8739]  ? __fget_files+0x2a/0x420
[  171.235086][ T8739]  ? __fget_files+0x3a0/0x420
[  171.236987][ T8739]  __x64_sys_sendmsg+0x19b/0x260
[  171.238985][ T8739]  ? perf_trace_run_bpf_submit+0x100/0x170
[  171.241112][ T8739]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  171.242823][ T8739]  ? rcu_is_watching+0x15/0xb0
[  171.244245][ T8739]  ? do_syscall_64+0xbe/0x3b0
[  171.245704][ T8739]  do_syscall_64+0xfa/0x3b0
[  171.247121][ T8739]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.248752][ T8739]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.250648][ T8739]  ? exc_page_fault+0x9f/0xf0
[  171.252121][ T8739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.253992][ T8739] RIP: 0033:0x7f295518eba9
[  171.255365][ T8739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.261280][ T8739] RSP: 002b:00007f2956039038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.263863][ T8739] RAX: ffffffffffffffda RBX: 00007f29553d5fa0 RCX: 00007f295518eba9
[  171.266299][ T8739] RDX: 0000000000048000 RSI: 0000200000000000 RDI: 0000000000000003
[  171.268874][ T8739] RBP: 00007f2955211e19 R08: 0000000000000000 R09: 0000000000000000
[  171.271484][ T8739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  171.274265][ T8739] R13: 00007f29553d6038 R14: 00007f29553d5fa0 R15: 00007fffcaea83e8
[  171.276778][ T8739]  </TASK>
[  171.278546][ T8739] Kernel Offset: disabled
[  171.279901][ T8739] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:03:34  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bee60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=00000000000013bf RDI=00000000000013c0 RBP=ffffffff99df76b0 RSP=ffffc9000391e990
R8 =ffff888107220237 R9 =1ffff11020e44046 R10=dffffc0000000000 R11=ffffffff854f9e30
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99df7420 R15=0000000000000000
RIP=ffffffff854f9ea7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f29560396c0 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2956038fc8 CR3=0000000041358000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f29553a7498 00007f29553a7470 XMM03=00007f29553a74a8 00007f29553a74a0
XMM04=00007f2955f0d100 00007f29553a7460 XMM05=00007f29553a7478 00007f29553a74c0
XMM06=00007f29553a74b8 00007f29553a74b0 XMM07=00007f29553a74a8 00007f29553a74a0
XMM08=0000000000000000 00007f2955212ee7 XMM09=0000000000000000 00007f2955212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffc90000177d38 RCX=000000000000080b RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000002 RBP=0000000000000001 RSP=ffffc900001e0fc8
R8 =ffff888136623b0f R9 =1ffff11026cc4761 R10=dffffc0000000000 R11=ffffed1026cc4762
R12=dffffc0000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8171711f RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000561a56d747e8 CR3=0000000027f1e000 CR4=000006f0
DR0=0000200000000300 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 0000000000000034
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0800129003000000 0000000000000000 XMM05=0124808010000004 0100000008060601
XMM06=68e6040800600300 1000500300100040 XMM07=0302100030030598 10000a9f90030008
XMM08=0012900300000000 0000000000000000 XMM09=626f72705f6b636f 73765f6f69747269
XMM10=6666666666660a37 2e79656b5f5f2e65 XMM11=7269762062203034 6538313061396666
XMM12=3966666666666666 660a676e6974756f XMM13=70616f696f6e2042 2030363061313061
XMM14=6666666666660a65 74756f7265726369 XMM15=6963702062203038 3061313061396666
