last executing test programs:

1m37.963822978s ago: executing program 1 (id=428):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x1000000}}, &(0x7f0000000300)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a32"], 0x88}}, 0x0)

1m37.882287353s ago: executing program 1 (id=431):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000011c0)=ANY=[@ANYRES8, @ANYBLOB="8b8afa9f780321450e2f7511645fe010a460fbde54c191b8e75708081517c475422b5a12bbdd1fb50985d72e37bcb20074a6cabd3c8237dca06cd729dc44d7550502474ddd1c21b7261ecf7745b9481b3a3cbdeaa21fced0b3e5857337911d093b4088988b2a71c59eac1e2e0ac9a78be44037a8e7086f60766489870e74dbefa7b1a41434e8e8e6917dd6aa2a7af1567141085b52118e3bd17c", @ANYRES16, @ANYBLOB="15e4342ef3f9f5b8bb6fd8a3d2acb186af756ecc217c0fcfe6b82cc340cb18e28e13a5b1f191c921f9f863b085bf90cb9c1e0c192c6727372e4de216eb9be9983fe683e99095ba960e14bc78a302bb4898a4d406bf04777864dfbbe8661499267e5f3919781e179d8c3a42a058ba321d0a36b7f3459a07d4e36d13d1baf8508ea0d1c6ffc4c0c9810c04cc0a1578ccfc4f5b8c8a0bde945c7f30435c3354f9b7dfce43b91ba833f21389aede25f7d3451e28a546d7e2e8d1bbdb197a2700829b96c436bee6be7c3a6e55db2409da5f9e10cf963989bc3f953ef8363b1d1f66830e9d16", @ANYRES8], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7fff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1900000004000000080000000200000028120100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000004000000003000000000000000000000000008575158f7dce9009d30061c3a94ffb3bb4a6959dd21c441d856cb5799b8864b2283dc7b6b203c1bf9f07bd7ea017cce64f367ec721759f95678d5470d77b629a34b54848b4a5c81ed526779a4ded3652f65242c3d247e807b6ee65ffab0d576d2419024df45cf6d1f6ac190d9d0d569f110a43aaa555af23d00a236bafa8b62484b030ac3a888fa813444cdb3ee86794aff5681a0b7b8484b2ff081adddadec7f3ce1b95e1226c0976be8fc99a7e9faa96830e726300a1778a50a056661fbda838e430e500728b50a1d4d8af362ed974d823bebd777c23", @ANYRES32, @ANYRES8=r1], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x40020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r4 = socket$kcm(0x10, 0x3, 0x0)
write$cgroup_subtree(r4, &(0x7f0000001ec0)=ANY=[@ANYBLOB="13120000120091ef04e9befbbd00005c0a"], 0xfe33)
recvmsg$kcm(r4, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000800)}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x142)
perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0x65, 0x1, 0x0, 0x0, 0x400000, 0x3, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x6, 0x104800}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6, 0x1, 0x0, 0x0, 0x0, 0x669}, 0x0, 0xffffffc000000001, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180800000000000000000000000b000218120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000030000001800000000000000000000000000000095000000000000009500000000000000d5b2307878b6a5229917ebb4029a0bea3522c1f874a88524b8256e9616dc84ef9f539900f13815da3cbc479df45e1acd7454a155dd43645345f9a4cddab3d6d9d40e13de56bf656d77b7451f09e02bcb6cf96a4c0fce8ff74fe80460b51e50b4d8105ae605917a45734dbd377e5f99ad246b74853c2ec4862629a63ca0445673c32ad594e33b56f0d0fc6e3a6c84dcd0b6a6746ccfe43cab05ecc5c02583d24d43d968d74062c0f54d148107a22b928921fd"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
close(r2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r0}, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
bpf$MAP_CREATE(0x0, 0x0, 0xb)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000002f00)=ANY=[@ANYBLOB="062b52d00ad49cdc475d13159e63ed482cf8d3162a6225928bf8681f57e2403be48bb1daec614bb87b5d2f75e422b2fb7844e95fb0c15ac19d6dc6e011f6381977d694824fe380021c63e93631e5cdba384fc159758bef26d7862c73c8e4f192daad15294035f4dab94baad32c32c77d945e7edb30b91ab6cc222dd35e2e038e48a0d3f25720930fc49fa5537b44e3db31f32d18b07b29665f26f5fb9e570bfa52b8a729efe0452b8ab203de18bab7008ac263503527c4ecfa55bc8dc313e43b9f5559a2770244fc0e46e2b8ad55c197c6a62b7303b3865c41bda7356f3116f77719dabe17cdb54e18e2cc32324649a80f9ffaf509ab749b5b86f0e5a1b70a2a5d78525228d5a772500b2694af9139f32514dd7bafe97aed8139f017db8261184f2601b5a7a937467647f52c7dcc38fd32c1815c3ea95488be087051f0e5ad39f51104617cf5d2ce16ee5b10e0a15ee7ce6f82b13739ca1bc55b48ab88fb9ce90984df84f9588b899d9b0d02a4bf0246a1a956987737f2f241f98da905e9bb818e69353e31bf268f95f37425bc1276b9d7a2823c4ffe5f8d1bd459015c59ca312ca2da15b7e64cfa7d957af62056272af3e490b685ba41de49cc9caa1289c7bbdaaf4d6081c7a50b92fd27b7ebc04bd26974ba6e898f706a0c32fd082e5b307bcc476ce79ebc9f1e4204618ecdce86902c977524dd274fc0351aca1872dcdde223516aff0923074c4f1c125dfc05ae2a2a23580a4a3db32952e6074eae9b213aa29e5b9fa9df24a070afab9763118b0f8363df96d4a0a43ae0b1eeddfbf15edd45d1eaf0942f7d73aeb6c423d5a008c4d08a682c6dde114aff4615b8da9448651221408c85d3151179d970e60f7643c8e1dc9b09e61fea168206bb64e4e4fbe7d2528343f9c2ef6e50706f71ccb7e533c578c9e6ff8b80c4fd5cd4861bf42bed906c24d21fd0007bf1040b8ae729140281eefb4fa1a60c2481aa0942db11e902d7080ed1ec7a94fa2af39fc9dcd9065b1a598a7e1a9c7d712ec0d085e6ee4f94733c67128e1c9e3409b285784c1237626ff95f1d62c823fe45370000e5d9c9d949d4c064042353d97238f9e3d22adc68a486a19f27cd0f01a10baad671e1404e8084c6d00c8e39c16f349eb4a46f32e8e0cd115e52303b665e18e51bc8790903295e21f76489efbc1dade3202345996d7d3fc7f49b09cbd9fa9f9b65dadfca663c23dd91011550625625dbc54a14886d7aef9cf07500c1974b69f04b68718e93eee39243b31e65615e773238311de22ea853afc1ed4d4bad77c0c25f5779f1db44cad945dbd25a97b2586db4287adcf95d121d5c0ce9ebc6d639b0938683131d866172f5a72c30aabf8eadad02de588aab2ea08608de6cd5f4b79da4b3985b94c55097bb3e402c1365a3e58c985ca72636f578b611eeaab90962b4e1d116436404490f1603afc2a094bf2e20560d04bcbdd98a461e46019da60fe30c6c9ae6b718f2e62366ccd9a2ffc9c29696bdb3aac23af24f5f7cf946f46c3ccd10d4ebfe304db5b01bf24f7e6ac0a7b3e94e0a359a9e82ff1fb34a24d7e8c556fd0127bcbfe73fd018a3551af60cfd976a890af589952d27ceb53ea2485d7389606c4e2b0cd58f46cf99a13247f601535df48012f6ce7967e4585946124c552e2a90fb2700934343f16ac1fa633be397ff603dc266adf64723ed1c59dec711474970dfee1b9d9fa22f22fb659f4720bf09ca4cf4f9226b59149243b2b07af29292fdc52add2e729a49f74dbc466329695c98cb200c8e369747be042a6f392a0081c34a38925bc89886126a9cbe14ed9b0be518c5520099b0bd10d3434b9d010a323f0fdcc5ccaa76c0b2402c9046d8c0e572f50010a37100bfe33e0862cf4fa984e55126e62a4d816cfdb102f979e589df48375bf88f6b18783ef194b56bc08c8cb227530a5b028722738dbc5dd1cb9881d96acc436086669e27a5f726a0e26e78abd78a79506539b60877aed7e71117f992552ff81d34e1770bffff4a2c11c9cd67f7a97117c6ddf1d31577f4f66d7973c4fe7867c788df4dbc44bb9afea1bd77cac67ae5433ef85c7450737eba8c5b5cd2de5adeb88d15a2f1b946cf8f938931985e3bd88c651e787af3a12ae3b324af742c6e7d8df05fe894a4c47d08c380e24e7310eae6d31269a256b683dcee527b5ebda74aafb7d48272d840d66ea8741e1e029f26c5f541ddeebb92d2f84b03e98acabb0b6652b2552d8735e42eeb8b584007ba50a85eaf41ecf7a3ab475ce7052c0c881c5fe05f6f17b7ba65ad5ab69f23ac3ba508a66fc73bdf8553e48b169a916fe52d94a120cd241033cb41dd3832679183be2a83ed3377c9a4c0e836792c2c569ac56ba0c4b5af4e6b1b14b421ece591857daece50d4c6896abff1dffa18d89d9247f316e5913bf8ed5fba4d6a7b9b81bd5fa797a082a2d63ac897960c4781bf500f126b0dad9b1799d0f243edc7aafdea306dfe5daf4323013cd0e3f07db1ab540951f34a77d1c006ed8011deb4aa9c2c02c1d1e2caa98f0800609fc3e02011d9bde12df7ff85fb357e942437c35a4cd844ea52e7f77dd87888f62eb13e6a13fcc1911e09d320a16b0dc58bdd01aeb4a8ea7d009baaa2eace980d97482324611448873fa66e451666ddd648deaa4f649fe4e5f76771d9b376ce5348669cb7e8ff3b3eb863809a7e2a2354efbe56a96d34b2d70a62d30e50a07aa301c3ab2867a226302a43d1717f2c731092bb5f7d533cc413ed0cc266b247e4009d936923408a14e9c7478ec55a3fd6807e6cad402ca7ed4a7a39581ef756be2b52ce44e668c41ee60e35c82799fcdbab060fb81e0c39a0744b21152449ee80e20a3d7f1cdaf608644f7669af436e2d4e9ab058755b1c6ccf2fe41d8c49b5fc5bf985a2b22303f38ba01e9e0f652907a21e168da69af61dfcd9896b50f97aef0bf08009a1b42b90d2fff4d9b1c4a7071b7f5f4a9ca5eb8827b09683c6c1cb4ec1e93a522d1d3235dbdde8304f6767d65c8d7a9697344cfa1c99a848c4fc9943cb28c33c67f6af4f9bba7ad94a1a89e476c767849e570ec4317f95513b2d51236e58d8492064789b048a5f905b4335ce652f5904b2e3b84a85df6b30c8152b73cff797e86c06709ca4725c247a2117f53fb73cb6165fe592ba588e826e4aad24629719fd1c26593b8f6b485d6851c3979b648536d56927eea1d341ad92cb5ae51224323c0eb8d1a4413801d1648f65023504f72211a158a5d6b4243cf21902600d48b289f508a31083b4c01f1679a86f4a060000007082aa8b2b22c075492ec19dae65984df6a9098809862482e9c96c33f8b82b078be5998f2fae38fcb20178ea0bfd11f6f1af3d7b71276844ccaf4c609f9ee5ee5920f306bda892c05767c8761f6d9ba771f22d2813992e43f97a2e6802eb1e89403b99a183b1f7b2c2a280122806d1989b18a0e33a52b6f2a63b16af4b5987fdc94ff69ca034027a29dc4266ad537d65c72c3f8a2b4db1472ff201bcaea1e74d0bea55940ce336d7f0f06a3da553f49e169b244a1ed92901996d021320edc26a51d83146f23e56ae09cb67995e0fae9d778f5719e5a4b22dbe3f6a77cd84b0904b7ce5924dfa6884ac7465a0c86d1a629bb6416c1d43e99732f082df79f6f3b59df5ed8bbc0dde176d38d4c2180a5b89e88e69b8c1f44a5a7224d9c7ad6783a486971e55aa1eab6e7069ac777078d506fd9449e905985d7b6be04f129b64736c135d7e6d608fb4b1f9c90a45e5425109f24dab94245bb7f8e95e0ae68cad14359e8eef07b17ee928bee8861ee90c8dd3b4d00d99965c62bc59cabe007273a3778423405079bd1977bef5fcffe99e87a530fe2ad385d08469e2ff38d0e143eab2b2c148d8337412ade173bd2a80ea09defc5b86100ee52d5161d56732a42af24baddbcca3e070145752bddb5aec690e27e3edddbba682999ae3d83196f262c19156c2143685156dc759320f620fb6f0b600e72157ee7175899ba1b41cdc7f847a482d719afba0b13344575219f87713190ed88559d31a7530da04d338474ee0c4b0d6303dfa6f8615b55736fef9e9753c762bd856567b833bd3739fb06e9289775ea26afe0d418b777ecced98c524597b1023e1332d7fa62e5a6913d1ba0665c18b9cd9d6b7e5d00026aafcb84c25fa0bdfa717f88dd600d2f22a1b7ed7141318b84e5f3d48cf5915bdd1b5cafe83699426c19fb278e202e5270b559c9dcf8ce1c52405e77b1790dbd1aa76573d7ceb5ca5dfea5b7262b80c280fdbc0169e74491996fc09c10698f0f4e1e7903876c28d644dbe06f69763bb92686c27b47367d776d9897df0a8fdc376263edee970c888bd954d4084365c9cba5befbd03f603fba1567c2d3a2549657a06df5970d11e9a156c788f7324a14ba1476b7307bbe265f23f1f78972ac87ffc419d3247f6ec585407f016e1ad9c455520cf0482a979c0b95bbd2651bfff2faf3913671e89f5252da00e8842f6d8be6801ab678eb8d9f671feae9d410c9613662e2b2cdb16904d50f5559bcb013f4225ff72a98975e4524667d07e173944713c9ea18cf7ac1a11ac023764d6a54bc4f50ce4502e71f07df2a52eff422c93fbaf32503adeefd87e2f70b8294232107a3adb90020552b289eb94e69bda5b8a76f5ae2ec4cca371291a272f936624c2f1bab2e15a03dcee46b0a59d38c4100e22b08f6856c53b1898d6a1ad0e4d7412dfc3aef61f22d4237a4a066e80b496e43d0f77856fa70dd5ff5627668a136877aa3ae1398484621dcb75e21059ff887bf3087da157dc16e3c652cffbc5fa31c4ac572ed890950987431a693e752b4f75f5786482dfbb726079a8dab3ac98c6499bd06356f0e7a2033e539f3a0928f32a1d15ba1ba4dea2d2e8cff75782b7b73d71183a67737bbbda40248032500a5217f59a5cfd6b92950c40ac7b54533d9a7418e5db4e101f812379b4170044a6621dc990e2a5a97587ed00a0d3d95c7fe85bee64c2030b4144b0641b08476f0f133336253694dc27ff5d9130028c7472db2e7ca1112d05d9e0bc2a777a657763c03980c36f7cdfde6d7015085058161ac6f5362d052b0625521cdebcdb882826de50e3893906349c0d30c85a3462e0e36da20c4deb389c0d1c57ef9653312891ab586b8c227172fa47ef821934e907f063430e5c74a456cb44ed5a9fdb4cec6df8f43ad2950cc1015e9245d967a9c2ab88eb2f50672186d6be6d01d02407eed2e22cc3a2afbdc6c2053d19c527ee6feeac80363ab2b66daf6968142f48149614fda7976c156a617f150c56c59c6aa2a5123cc92451f9436d9915a65119c3a0423b7f2185cb3c4a34624f7e5ffe4f711a6915fcc21c8fefdf21d191005971a312704e56583697e0b4acf180008e2dc3a4adb74d6a1b439d25b1f4f2692caede3c1dae852f8da8c0aa51ceea63ba374f9a43aec2a4687d400af5fed14b4e7405ca5b36588bbe1a3b0b864e971c5c41d03c3c6ee398bb7cb0043f7f457217c5e7984c549d131e6e7c754ee98da028b76cad17ff85f39dc4ca6a92e4dcc4fb4cea9a607fd7b7e9c8b52e9624d8dd4c48e85e5990c6fba6d6d6c993abbec42936af1b56498d66a4db334128dfd1b3fbbb252e36aabd474806d80a394387599423b46a1f712c8d688a4602b8f1ab2e98878ac263729d0fd097491cf27585fe9f4f163a6c5bd89a87a7e92a0f9c53f9f053cdc836659c3740e6e029d635374e5756d128d1a78614fd84036a9bfc12b6818ca6d56da6802df3859f3b781612325235323fcf8b379394ce839e9c266700"/4125], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x20702, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x400})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x600})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)

1m37.429353753s ago: executing program 1 (id=439):
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0xfffffcd0, 0x0, 0x0, 0x300}, 0x2004488c)

1m37.336153734s ago: executing program 1 (id=440):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x1c, 0x37, 0x1, 0xfffffffe, 0x0, {0x1, 0x7c}, [@typed={0x4, 0x8e}, @generic='x[']}, 0x1c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

1m37.335350416s ago: executing program 1 (id=441):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000640)={0x5, 0xffffffffffffff77, 0x8, 0x6, 0xfa, 0xa5, 0x0, 0x0, 0x40, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb, 0x4, @perf_bp={0x0, 0xc}, 0x318a, 0xffffffff80000002, 0x0, 0x5, 0x4121, 0x4, 0xff00, 0x0, 0x200, 0x0, 0x6}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x3, 0x87)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0)

1m35.407351193s ago: executing program 1 (id=447):
r0 = socket$kcm(0x18, 0x0, 0x2)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

1m20.315137934s ago: executing program 32 (id=447):
r0 = socket$kcm(0x18, 0x0, 0x2)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

1.866004634s ago: executing program 2 (id=1721):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0xf0, 0x1e, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x2, 0x0, 0x4e20, 0x0, 0x0, 0x20, 0x0, 0x16}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0x2, 0x1}}, 0xf0}}, 0x0)

1.780073444s ago: executing program 2 (id=1724):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000000010104000000000000000002000200240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800a"], 0x48}}, 0x0)

1.779574509s ago: executing program 2 (id=1727):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5, 0x4}, {0x10000002, 0x5}]}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
close(r0)
r3 = socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r6, 0x10)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r7, 0x10)
close(0x3)

1.506182517s ago: executing program 0 (id=1737):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x7}]}, @NFT_MSG_NEWSETELEM={0x64, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x28, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x14, 0x1, 0x0, 0x1, @connlimit={{0xe}, @void}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe8}, 0x1, 0x0, 0x0, 0x20000841}, 0x0)

1.45077416s ago: executing program 0 (id=1739):
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000380)={@cgroup, 0xffffffffffffffff, 0x4}, 0x20)

1.398153581s ago: executing program 0 (id=1741):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8940, 0x0)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x339)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
openat$cgroup_int(r0, &(0x7f00000001c0)='hugetlb.2MB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8931, &(0x7f0000000000)={'netdevsim0\x00'})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x18, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875a65969ff57b03000000000000000000000000ac1414aa"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdcb}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.210521266s ago: executing program 3 (id=1747):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x4}, 0x100c, 0x0, 0x0, 0x7, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000a0000000000000a07000000080000000000000b0400000009000000010000130c0000000740"], 0x0, 0x4a, 0x0, 0x1, 0x800, 0x10000}, 0x28)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x60000002)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200003, 0x0)
ioctl$TUNGETVNETLE(r1, 0x800454dd, &(0x7f0000000100))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x739, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

300.259704ms ago: executing program 2 (id=1748):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xc, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x7e}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x101}}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r1, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001400)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x8, 0x0, 0x0}}, 0x10)

300.004243ms ago: executing program 3 (id=1749):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x9, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x25}]}, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x2}, 0x94)

275.372954ms ago: executing program 3 (id=1750):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x1159e4047a6348de, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000048000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000408000140000000000900010073797a300000000008000a400000000284000000060a010400000000000000000100000008000b40000000000900010073797a30"], 0x124}}, 0x0)

275.094663ms ago: executing program 2 (id=1751):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x70, 0x70, 0x2, [@ptr={0x4, 0x0, 0x0, 0x2, 0x5}, @enum64={0x3, 0x5, 0x0, 0x13, 0x1, 0x1, [{0xa, 0xffff, 0x6}, {0x2, 0xfff, 0x5}, {0x4, 0x40, 0x3}, {0xa, 0x3, 0x81}, {0x10, 0x473, 0x1}]}, @var={0x6, 0x0, 0x0, 0xe, 0x4}, @func_proto]}}, 0x0, 0x8a, 0x0, 0x1, 0x6, 0x10000}, 0x28)
r0 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f00000003c0)=@caif=@rfm={0x25, 0x15, "fb95785b587f23ba61bfb990191a2af1"}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001800)="a5", 0x48}], 0x1}, 0x0)

270.326056ms ago: executing program 0 (id=1752):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000aff000000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000031200048008000240000000120800014000000000140003006e657464657673696d3060"], 0xac}}, 0x0)

169.957431ms ago: executing program 3 (id=1753):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x6, 0x21, &(0x7f0000001540), 0x20)

169.744371ms ago: executing program 0 (id=1754):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="280000001e00210000000000000000000700000005000000000004000a0002"], 0x28}}, 0x0)

169.293414ms ago: executing program 2 (id=1755):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0xfffffffa}, 0x8)
perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'sit0\x00', @local})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000e00)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'sit0\x00', @random="4f33e363a4b1"})
close(r1)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x100}}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7ffffff}, 0x3000c085)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000f3ffffff1000000003bf7a38ac30a609745ebf8b0000000005000e0300000000000000005f2e000000613f00c36e71f017d1782d3a4159e6a711b37d532e32d665ee1242d71fe7686029655cfe39525b107e9129f985e6ed8c6ee3a50b5afa9f09d1225465edfcf08247b8c04ef457ec1659791c9c56fc093076746dcb6bb02f56831f694b36ce549462fc2d9b3b5a0624a014f60a5822d02270d2a6a59f6c209e27ec7ea3d7767d93a514e49cc9c3556352cad9"], 0x0, 0x31, 0x0, 0x1, 0x8}, 0x28)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000005000000080000000f"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r7}, 0xc)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x14, 0x24, 0x6, 0x6, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_sa2={0x2, 0x13, 0x6, 0x0, 0x0, 0x70bd29, 0x3501}, @sadb_spirange={0x2, 0x10, 0x4d5, 0x4d5}]}, 0x30}}, 0x40000)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10)
r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8)
write$cgroup_int(r9, &(0x7f00000001c0)=0x3, 0x12)
recvmsg$kcm(r4, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r9, 0x541b, 0x20000000)

168.047366ms ago: executing program 3 (id=1756):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="d8000000180081064e80f782db44b9040a1d080000000000000055a10a0015400100142603600e12", 0x28}], 0x1}, 0x0)
close(r1)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x40200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2420, 0x0, 0x0, 0x3, 0x3, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x57270792f8a4110f, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$kcm(0xa, 0x2, 0x0)
socket$kcm(0xa, 0x2, 0x3a)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0xf, 0x0, 0xff, 0x0, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0x1}, 0x80408, 0xca, 0x0, 0x3, 0xdf1c, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYBLOB="3eca", @ANYRES8=r3], 0x9a)

111.518416ms ago: executing program 0 (id=1757):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef}, [@call={0x85, 0x0, 0x0, 0x23}, @printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x480c0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x3, 0x8, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a8}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffff81}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x810}, 0x40)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f00000000c0)="d0", 0x1}], 0x2}, 0x48800)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a7401", 0x17}], 0x1}, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="93430000520033d487277b9b108b4ab502", @ANYRES32, @ANYRES8=r1], 0x4394)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2, 0x5, 0x84)
r2 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000003c0)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$kcm(0x11, 0x6, 0x0)
mkdir(&(0x7f00000027c0)='./file0\x00', 0xfb500f4b7b3e5ea)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x29, 0x0, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000002000004000000000000000002000000000000000000000002000000000000000100000000000001"], 0x0, 0x4e}, 0x20)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000010000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000000000f0ffff000000", @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="010000000100"/27], 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x4)

0s ago: executing program 3 (id=1758):
perf_event_open(0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$OBJ_GET_PROG(0x9, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0100000005000000000000020400000005000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000001bca3acfa0f98d2040772d3464f2c0a627def68915d03bd171cb2bd237f1fedb3a5936a043ab843922f104a0a29905efc3bcae907865ecec2d89216586e2a3557b4bc3538a242c9fd3053e4db27defeb1d615e3ab2f7d6690392e8cc72e6972107470600000085a7e40314609485df48181430b136", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000740)=@in={0x2, 0x4e21, @loopback}, 0x80, &(0x7f0000001bc0)=[{0x0}], 0x1}, 0x40)
socket$key(0xf, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_TYPE={0x5, 0x2, 0x89}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xd5}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x8000)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(0x0, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x1c, 0x44, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}, [@typed={0x8, 0x1, 0x0, 0x0, @pid=r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:40835' (ED25519) to the list of known hosts.
syzkaller login: [   56.052065][ T5840] cgroup: Unknown subsys name 'net'
[   56.203261][ T5840] cgroup: Unknown subsys name 'cpuset'
[   56.210735][ T5840] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.312135][ T5840] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.080080][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.083505][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.085905][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.090329][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.093221][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.175828][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.185995][ T5861] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.189258][ T5861] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.192518][ T5861] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.195380][ T5861] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.198002][ T5861] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.202943][ T5861] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.205606][ T5861] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.209799][ T5865] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.241331][ T5861] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.283785][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   64.482277][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.485707][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.490101][ T5854] bridge_slave_0: entered allmulticast mode
[   64.494077][ T5854] bridge_slave_0: entered promiscuous mode
[   64.517065][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.520627][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.523459][ T5854] bridge_slave_1: entered allmulticast mode
[   64.527402][ T5854] bridge_slave_1: entered promiscuous mode
[   64.569329][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.577736][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.631949][ T5854] team0: Port device team_slave_0 added
[   64.640031][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   64.648888][ T5854] team0: Port device team_slave_1 added
[   64.748182][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.752155][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.762610][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.783110][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.785791][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.796798][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.846062][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   64.890316][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.893254][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.896069][ T5858] bridge_slave_0: entered allmulticast mode
[   64.900473][ T5858] bridge_slave_0: entered promiscuous mode
[   64.904926][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.907713][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.912756][ T5858] bridge_slave_1: entered allmulticast mode
[   64.916567][ T5858] bridge_slave_1: entered promiscuous mode
[   64.933942][ T5854] hsr_slave_0: entered promiscuous mode
[   64.938062][ T5854] hsr_slave_1: entered promiscuous mode
[   64.994601][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.015132][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.087956][ T5858] team0: Port device team_slave_0 added
[   65.126820][ T5858] team0: Port device team_slave_1 added
[   65.135248][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.138203][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.142031][ T5859] bridge_slave_0: entered allmulticast mode
[   65.145886][ T5859] bridge_slave_0: entered promiscuous mode
[   65.151570][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.154303][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.157250][ T5859] bridge_slave_1: entered allmulticast mode
[   65.161703][ T5859] bridge_slave_1: entered promiscuous mode
[   65.244270][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.249222][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.252038][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.262978][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.292160][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.303026][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.305841][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.316462][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.370199][ T5859] team0: Port device team_slave_0 added
[   65.390401][ T5859] team0: Port device team_slave_1 added
[   65.425557][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.428179][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.440319][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.450061][ T5858] hsr_slave_0: entered promiscuous mode
[   65.453153][ T5858] hsr_slave_1: entered promiscuous mode
[   65.455874][ T5858] debugfs: 'hsr0' already exists in 'hsr'
[   65.458147][ T5858] Cannot create hsr debugfs directory
[   65.474181][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.476844][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.486850][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.576313][ T5859] hsr_slave_0: entered promiscuous mode
[   65.580345][ T5859] hsr_slave_1: entered promiscuous mode
[   65.583141][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   65.585320][ T5859] Cannot create hsr debugfs directory
[   65.621865][ T5854] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.637392][ T5854] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.643050][ T5854] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.661199][ T5854] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.830983][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.836568][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.844764][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.858996][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.919577][ T5859] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.924235][ T5859] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.937519][ T5859] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.947707][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.952733][ T5859] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.975353][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   65.998129][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.000736][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.015802][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.018095][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.101696][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.129492][ T5239] Bluetooth: hci0: command tx timeout
[   66.139703][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   66.160109][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.162950][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.180236][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.182991][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.225799][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.271645][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   66.295984][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.299920][ T5239] Bluetooth: hci1: command tx timeout
[   66.302400][ T5239] Bluetooth: hci2: command tx timeout
[   66.307254][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.310216][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.332226][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.335040][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.473297][ T5854] veth0_vlan: entered promiscuous mode
[   66.486347][ T5854] veth1_vlan: entered promiscuous mode
[   66.532829][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.541324][ T5854] veth0_macvtap: entered promiscuous mode
[   66.552484][ T5854] veth1_macvtap: entered promiscuous mode
[   66.594518][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.606549][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.643148][ T5858] veth0_vlan: entered promiscuous mode
[   66.649356][ T5892] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.653826][ T5892] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.661553][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.664334][ T5892] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.667480][ T5858] veth1_vlan: entered promiscuous mode
[   66.684834][ T5892] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.775034][ T5858] veth0_macvtap: entered promiscuous mode
[   66.781926][ T5859] veth0_vlan: entered promiscuous mode
[   66.784553][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.791907][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.795153][ T5858] veth1_macvtap: entered promiscuous mode
[   66.825102][ T5859] veth1_vlan: entered promiscuous mode
[   66.841062][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.845009][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.847861][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.853196][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.863628][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.875595][ T5885] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.880465][ T5885] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.883743][ T5885] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.900547][ T5859] veth0_macvtap: entered promiscuous mode
[   66.913968][ T5859] veth1_macvtap: entered promiscuous mode
[   66.929591][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.938247][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.954249][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.976496][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.995467][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.010355][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.015792][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.017140][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.034425][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.095521][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.108442][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.155869][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.166454][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.194483][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.197077][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.357530][    C1] hrtimer: interrupt took 29929 ns
[   67.547518][ T5937] netlink: 'syz.2.8': attribute type 10 has an invalid length.
[   67.634219][ T5937] team0: Device ipvlan1 failed to register rx_handler
[   67.732246][ T5949] =======================================================
[   67.732246][ T5949] WARNING: The mand mount option has been deprecated and
[   67.732246][ T5949]          and is ignored by this kernel. Remove the mand
[   67.732246][ T5949]          option from the mount to silence this warning.
[   67.732246][ T5949] =======================================================
[   67.826665][ T5937] netlink: 'syz.2.8': attribute type 29 has an invalid length.
[   67.835649][ T5937] netlink: 'syz.2.8': attribute type 3 has an invalid length.
[   67.839789][ T5937] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8'.
[   68.209674][ T5861] Bluetooth: hci0: command tx timeout
[   68.368746][ T5861] Bluetooth: hci2: command tx timeout
[   68.370833][ T5861] Bluetooth: hci1: command tx timeout
[   69.861037][ T5976] Illegal XDP return value 4294967294 on prog  (id 13) dev N/A, expect packet loss!
[   69.976104][ T5982] netlink: 'syz.0.26': attribute type 29 has an invalid length.
[   70.002520][ T5982] netlink: 'syz.0.26': attribute type 29 has an invalid length.
[   70.012708][ T5982] netlink: 'syz.0.26': attribute type 29 has an invalid length.
[   70.151987][ T5986] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28'.
[   70.184394][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.188903][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.301964][ T5239] Bluetooth: hci0: command tx timeout
[   70.478255][ T5239] Bluetooth: hci1: command tx timeout
[   70.481198][ T5861] Bluetooth: hci2: command tx timeout
[   71.094997][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.097636][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.433348][ T6033] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.49'.
[   71.487904][ T6035] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   71.541265][ T6037] openvswitch: netlink: Tunnel attr 7 has unexpected len 12 expected 0
[   72.370605][ T5239] Bluetooth: hci0: command tx timeout
[   72.530003][ T5861] Bluetooth: hci2: command tx timeout
[   72.532743][ T5239] Bluetooth: hci1: command tx timeout
[   74.487396][ T6050] netlink: 1 bytes leftover after parsing attributes in process `syz.1.57'.
[   74.565335][ T6053] netlink: 'syz.1.59': attribute type 29 has an invalid length.
[   74.593433][ T6053] netlink: 'syz.1.59': attribute type 29 has an invalid length.
[   74.599263][ T6053] netlink: 'syz.1.59': attribute type 29 has an invalid length.
[   74.603553][ T6053] netlink: 'syz.1.59': attribute type 29 has an invalid length.
[   74.974972][ T6067] netlink: 'syz.1.64': attribute type 1 has an invalid length.
[   75.082571][ T6073] Zero length message leads to an empty skb
[   75.091877][ T6073] netlink: 'syz.1.67': attribute type 1 has an invalid length.
[   75.094955][ T6073] netlink: 12 bytes leftover after parsing attributes in process `syz.1.67'.
[   75.593154][ T6095] netlink: 'syz.0.73': attribute type 1 has an invalid length.
[   75.596948][ T6095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.73'.
[   75.610520][ T6100] netlink: 'syz.1.75': attribute type 10 has an invalid length.
[   75.631581][ T6100] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[   75.635847][ T6100] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   75.642042][ T6100] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[   75.773577][ T6104] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   75.987240][ T6116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.83'.
[   76.448828][ T6137] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   76.452007][ T6137] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   76.651857][ T6148] tun0: tun_chr_ioctl cmd 1074812117
[   77.606123][ T6182] syz.0.112 uses obsolete (PF_INET,SOCK_PACKET)
[   78.076507][ T6181] netlink: 14 bytes leftover after parsing attributes in process `syz.0.112'.
[   78.213512][ T6195] warning: `syz.2.117' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   78.492771][ T6208] netlink: 948 bytes leftover after parsing attributes in process `syz.1.122'.
[   78.715556][ T6216] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.125'.
[   79.401674][ T6239] netlink: 'syz.0.136': attribute type 33 has an invalid length.
[   79.406658][ T6239] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.136'.
[   79.539680][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.137'.
[   79.627690][ T6250] unsupported nla_type 52263
[   79.839562][ T6247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.139'.
[   81.334671][ T1273] cfg80211: failed to load regulatory.db
[   81.461004][ T6277] netlink: 44 bytes leftover after parsing attributes in process `syz.1.149'.
[   81.464692][ T6277] netlink: 51 bytes leftover after parsing attributes in process `syz.1.149'.
[   81.468202][ T6277] netlink: 'syz.1.149': attribute type 4 has an invalid length.
[   82.619171][ T6303] : port 1(vlan0) entered blocking state
[   82.621992][ T6303] : port 1(vlan0) entered disabled state
[   82.624792][ T6303] vlan0: entered allmulticast mode
[   82.627052][ T6303] veth0_vlan: entered allmulticast mode
[   82.632518][ T6303] vlan0: entered promiscuous mode
[   82.725745][ T6308] netlink: 176 bytes leftover after parsing attributes in process `syz.2.160'.
[   82.793979][ T6311] lo speed is unknown, defaulting to 1000
[   82.798071][ T6311] lo speed is unknown, defaulting to 1000
[   82.840342][ T6311] lo speed is unknown, defaulting to 1000
[   83.103452][ T6310] C: renamed from team_slave_0 (while UP)
[   83.145687][ T6311] infiniband syz2: set active
[   83.149029][ T6311] infiniband syz2: added lo
[   83.193286][ T6310] netlink: 'syz.2.161': attribute type 3 has an invalid length.
[   83.196193][ T6310] netlink: 152 bytes leftover after parsing attributes in process `syz.2.161'.
[   83.210094][ T6310] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   83.219576][   T10] lo speed is unknown, defaulting to 1000
[   83.245237][ T6311] RDS/IB: syz2: added
[   83.246769][ T6311] smc: adding ib device syz2 with port count 1
[   83.249078][ T6311] smc:    ib device syz2 port 1 has pnetid 
[   83.251732][  T793] lo speed is unknown, defaulting to 1000
[   83.256429][ T6311] lo speed is unknown, defaulting to 1000
[   83.415935][ T6324] netlink: 20 bytes leftover after parsing attributes in process `syz.2.166'.
[   83.500504][ T6311] lo speed is unknown, defaulting to 1000
[   83.519279][ T6329] netlink: 'syz.0.169': attribute type 10 has an invalid length.
[   83.522396][ T6329] netlink: 65015 bytes leftover after parsing attributes in process `syz.0.169'.
[   83.614521][ T6332] netlink: 'syz.0.171': attribute type 39 has an invalid length.
[   83.803392][ T6342] netlink: 60 bytes leftover after parsing attributes in process `syz.2.174'.
[   83.806914][ T6342] netlink: 60 bytes leftover after parsing attributes in process `syz.2.174'.
[   83.866599][ T6311] lo speed is unknown, defaulting to 1000
[   85.596396][ T6356] netlink: 'syz.2.179': attribute type 1 has an invalid length.
[   85.967510][ T6361] __nla_validate_parse: 1 callbacks suppressed
[   85.967527][ T6361] netlink: 56 bytes leftover after parsing attributes in process `syz.0.175'.
[   86.254475][ T6373] netlink: 'syz.1.187': attribute type 10 has an invalid length.
[   86.301979][ T6375] netlink: 'syz.0.188': attribute type 21 has an invalid length.
[   87.079501][ T6408] netlink: 16 bytes leftover after parsing attributes in process `syz.0.195'.
[   87.221607][ T6415] netlink: 'syz.2.198': attribute type 1 has an invalid length.
[   87.343075][ T6423] netlink: 92 bytes leftover after parsing attributes in process `syz.1.201'.
[   87.900145][ T6443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.210'.
[   88.541620][ T6459] netlink: 156 bytes leftover after parsing attributes in process `syz.0.218'.
[   89.065854][ T6478] netlink: 'syz.0.223': attribute type 10 has an invalid length.
[   89.072917][ T6478] geneve0: entered promiscuous mode
[   89.199583][ T6484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.226'.
[   89.293825][ T6478] bond0: (slave geneve0): Enslaving as an active interface with an up link
[   89.623176][ T6504] netlink: 8 bytes leftover after parsing attributes in process `syz.1.236'.
[   90.117792][ T6523] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[   90.201776][ T6523] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   90.285117][ T6533] netlink: 'syz.1.250': attribute type 39 has an invalid length.
[   90.844380][ T6547] netlink: 'syz.1.256': attribute type 1 has an invalid length.
[   90.847663][ T6547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.256'.
[   91.146545][ T6550] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.911058][ T6585] netlink: 140 bytes leftover after parsing attributes in process `syz.0.273'.
[   91.914751][ T6585] netlink: 6 bytes leftover after parsing attributes in process `syz.0.273'.
[   92.244099][ T6607] sit0: entered allmulticast mode
[   92.400123][ T6611] netlink: 'syz.2.284': attribute type 10 has an invalid length.
[   93.427599][ T6625] netlink: 'syz.1.288': attribute type 10 has an invalid length.
[   93.456982][ T6625] 8021q: adding VLAN 0 to HW filter on device team0
[   93.468187][ T6625] bond0: (slave team0): Enslaving as an active interface with an up link
[   94.064284][ T6631] netlink: 96 bytes leftover after parsing attributes in process `syz.0.290'.
[   94.146639][ T6633] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[   95.162954][ T6679] netlink: 136 bytes leftover after parsing attributes in process `syz.1.312'.
[   95.245148][ T6679] netlink: 'syz.1.312': attribute type 39 has an invalid length.
[   95.685725][ T6696] netlink: 'syz.0.320': attribute type 46 has an invalid length.
[   95.688545][ T6696] netlink: 'syz.0.320': attribute type 19 has an invalid length.
[   95.772956][ T6701] netlink: 1018 bytes leftover after parsing attributes in process `syz.0.322'.
[   95.811216][ T6704] netlink: 64019 bytes leftover after parsing attributes in process `syz.1.323'.
[   95.949878][ T6707] syzkaller0: entered promiscuous mode
[   95.958234][ T6707] syzkaller0: entered allmulticast mode
[   95.987119][ T6712] netlink: 132 bytes leftover after parsing attributes in process `syz.2.327'.
[   96.618209][ T6721] netlink: 'syz.2.330': attribute type 23 has an invalid length.
[   96.801192][ T6725] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   97.767200][ T6729] netlink: 'syz.2.334': attribute type 15 has an invalid length.
[   97.894296][ T6737] netlink: 28 bytes leftover after parsing attributes in process `syz.1.337'.
[   97.908488][ T6737] netlink: 28 bytes leftover after parsing attributes in process `syz.1.337'.
[   97.912146][ T6737] netlink: 36 bytes leftover after parsing attributes in process `syz.1.337'.
[   97.937435][ T6740] netlink: 40 bytes leftover after parsing attributes in process `syz.2.339'.
[   97.946115][ T6740] netlink: 'syz.2.339': attribute type 1 has an invalid length.
[   98.140193][ T6755] netlink: 'syz.2.346': attribute type 11 has an invalid length.
[   98.501309][ T5861] Bluetooth: hci0: adv larger than maximum supported
[   99.111964][ T6779] net veth1_virt_wifi : renamed from virt_wifi0
[   99.504295][ T6803] netlink: 168 bytes leftover after parsing attributes in process `syz.0.365'.
[   99.688680][ T6808] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.691161][ T6808] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.695475][ T6808] bridge0: entered allmulticast mode
[   99.712307][ T6808] bridge_slave_1: left allmulticast mode
[   99.714271][ T6808] bridge_slave_1: left promiscuous mode
[   99.717346][ T6808] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.723585][ T6808] bridge_slave_0: left allmulticast mode
[   99.725709][ T6808] bridge_slave_0: left promiscuous mode
[   99.728498][ T6808] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.292581][ T6819] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.372'.
[  100.344715][ T6821] netlink: 12 bytes leftover after parsing attributes in process `syz.2.373'.
[  100.806846][ T6840] netlink: 11562 bytes leftover after parsing attributes in process `syz.1.380'.
[  101.017266][ T6845] netlink: 830 bytes leftover after parsing attributes in process `syz.1.382'.
[  101.029171][ T6848] netlink: 24 bytes leftover after parsing attributes in process `syz.0.384'.
[  101.132416][ T6852] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  102.118191][ T6885] syzkaller0: entered promiscuous mode
[  102.127052][ T6885] syzkaller0: entered allmulticast mode
[  102.133226][ T6885] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487
[  104.646331][ T6891] __nla_validate_parse: 2 callbacks suppressed
[  104.646385][ T6891] netlink: 340 bytes leftover after parsing attributes in process `syz.1.403'.
[  104.658040][ T6891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.403'.
[  105.274741][ T6905] netlink: 'syz.1.405': attribute type 39 has an invalid length.
[  113.448251][ T6909] netlink: 'syz.1.408': attribute type 21 has an invalid length.
[  113.729877][ T6913] delete_channel: no stack
[  117.621416][ T6926] netlink: 'syz.1.415': attribute type 29 has an invalid length.
[  117.628246][ T6926] netlink: 'syz.1.415': attribute type 29 has an invalid length.
[  118.024054][ T6926] netlink: del zone limit has 4 unknown bytes
[  118.661312][ T6946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.424'.
[  118.664540][ T6946] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  118.666965][ T6946] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  119.274502][ T6980] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  120.727865][ T6998] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.446'.
[  121.508104][ T7004] netlink: 14560 bytes leftover after parsing attributes in process `syz.2.449'.
[  121.618540][ T7008] netlink: 20 bytes leftover after parsing attributes in process `syz.0.450'.
[  121.623498][ T7008] netlink: 24 bytes leftover after parsing attributes in process `syz.0.450'.
[  121.692876][ T7012] netlink: 'syz.0.453': attribute type 10 has an invalid length.
[  122.110868][ T7024] sctp: [Deprecated]: syz.0.458 (pid 7024) Use of struct sctp_assoc_value in delayed_ack socket option.
[  122.110868][ T7024] Use struct sctp_sack_info instead
[  122.218047][ T7026] netlink: 10 bytes leftover after parsing attributes in process `syz.2.459'.
[  122.393094][ T7030] netlink: 92 bytes leftover after parsing attributes in process `syz.2.461'.
[  122.406537][ T7029] delete_channel: no stack
[  122.788190][ T7043] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.467'.
[  122.921154][ T7047] netlink: 80 bytes leftover after parsing attributes in process `syz.2.469'.
[  122.981898][ T7053] netlink: 52 bytes leftover after parsing attributes in process `syz.0.472'.
[  123.000079][ T7055] netlink: 'syz.2.473': attribute type 21 has an invalid length.
[  123.368259][ T7076] netlink: 'syz.2.483': attribute type 1 has an invalid length.
[  124.239001][ T7104] syzkaller0: entered promiscuous mode
[  124.241472][ T7104] syzkaller0: entered allmulticast mode
[  125.541201][ T7111] __nla_validate_parse: 2 callbacks suppressed
[  125.541217][ T7111] netlink: 68 bytes leftover after parsing attributes in process `syz.0.499'.
[  125.621394][ T7117] netlink: 'syz.2.502': attribute type 13 has an invalid length.
[  125.627059][ T7117] netlink: 'syz.2.502': attribute type 17 has an invalid length.
[  125.680343][ T7119] netlink: 188 bytes leftover after parsing attributes in process `syz.0.503'.
[  125.684784][ T7117] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.687032][ T7117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.690200][ T7117] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.692411][ T7117] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.703326][ T7117] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  125.893682][ T7134] netlink: 7 bytes leftover after parsing attributes in process `syz.2.511'.
[  125.897725][ T7134] netlink: 24 bytes leftover after parsing attributes in process `syz.2.511'.
[  126.001412][ T7139] netlink: 28 bytes leftover after parsing attributes in process `syz.0.513'.
[  126.004888][ T7139] netlink: 24 bytes leftover after parsing attributes in process `syz.0.513'.
[  126.011472][ T7139] netlink: 28 bytes leftover after parsing attributes in process `syz.0.513'.
[  126.015920][ T7139] netlink: 24 bytes leftover after parsing attributes in process `syz.0.513'.
[  126.197915][ T7144] netlink: 'syz.2.514': attribute type 10 has an invalid length.
[  126.760729][ T7144] bond0: (slave bond_slave_0): Releasing backup interface
[  128.422151][ T7163] netlink: 4 bytes leftover after parsing attributes in process `syz.2.520'.
[  129.410296][ T7194] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[  130.270866][ T7222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.547'.
[  130.273963][ T7222] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  130.653236][ T7228] netlink: 'syz.0.549': attribute type 2 has an invalid length.
[  130.655742][ T7228] netlink: 119 bytes leftover after parsing attributes in process `syz.0.549'.
[  131.282148][ T7234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.552'.
[  131.563025][ T7252] netlink: 72 bytes leftover after parsing attributes in process `syz.0.560'.
[  131.631028][ T7252] netlink: 72 bytes leftover after parsing attributes in process `syz.0.560'.
[  131.708983][ T7252] netlink: 72 bytes leftover after parsing attributes in process `syz.0.560'.
[  131.746199][ T7262] netlink: 'syz.2.564': attribute type 10 has an invalid length.
[  132.028036][ T7269] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  132.060784][ T7264] : renamed from gre0 (while UP)
[  132.533447][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.535470][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.692180][ T7283] pim6reg0: tun_chr_ioctl cmd 1074025681
[  133.011005][ T7291] netlink: 28 bytes leftover after parsing attributes in process `syz.2.576'.
[  133.465085][ T7298] netlink: 152 bytes leftover after parsing attributes in process `syz.0.579'.
[  133.471128][ T7298] tc_dump_action: action bad kind
[  135.325962][ T7332] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  135.893437][ T7342] netlink: 64 bytes leftover after parsing attributes in process `syz.0.600'.
[  136.148152][ T7348] netlink: 'syz.2.602': attribute type 1 has an invalid length.
[  136.155848][ T7348] netlink: 24 bytes leftover after parsing attributes in process `syz.2.602'.
[  136.351706][ T7355] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.606'.
[  136.367714][ T7355] netlink: 8 bytes leftover after parsing attributes in process `syz.2.606'.
[  136.431820][ T7357] openvswitch: netlink: Flow key attr not present in new flow.
[  136.535195][ T7360] netlink: 56 bytes leftover after parsing attributes in process `syz.2.610'.
[  136.822306][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.837104][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  136.842287][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  136.845600][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  136.850095][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  136.854465][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  136.877063][ T7370] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.613'.
[  136.907050][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.948199][ T5239] Bluetooth: hci2: unexpected event 0x0f length: 15 > 4
[  136.969479][ T7371] lo speed is unknown, defaulting to 1000
[  137.017537][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.086569][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.291468][   T12] bridge_slave_1: left allmulticast mode
[  137.298468][   T12] bridge_slave_1: left promiscuous mode
[  137.301826][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.327151][   T12] bridge_slave_0: left allmulticast mode
[  137.332445][   T12] bridge_slave_0: left promiscuous mode
[  137.334804][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.876213][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  137.886024][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.899775][   T12] bond0 (unregistering): (slave team0): Releasing backup interface
[  137.905225][   T12] bond0 (unregistering): Released all slaves
[  138.106816][ T7371] chnl_net:caif_netlink_parms(): no params data found
[  138.532035][ T7371] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.579032][ T7371] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.582018][ T7371] bridge_slave_0: entered allmulticast mode
[  138.608069][ T7371] bridge_slave_0: entered promiscuous mode
[  138.681826][ T7371] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.684619][ T7371] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.694567][ T7371] bridge_slave_1: entered allmulticast mode
[  138.698938][ T7371] bridge_slave_1: entered promiscuous mode
[  138.723851][ T7437] netlink: 830 bytes leftover after parsing attributes in process `syz.2.631'.
[  138.822733][   T12] hsr_slave_0: left promiscuous mode
[  138.908173][   T12] hsr_slave_1: left promiscuous mode
[  138.926346][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  138.929543][ T5239] Bluetooth: hci0: command tx timeout
[  138.936066][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  138.944801][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  138.953746][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  139.015305][   T12] veth1_macvtap: left promiscuous mode
[  139.017530][   T12] veth0_macvtap: left promiscuous mode
[  139.024466][   T12] veth1_vlan: left promiscuous mode
[  139.030150][   T12] veth0_vlan: left promiscuous mode
[  139.511652][   T12] team0 (unregistering): Port device team_slave_1 removed
[  139.544500][   T12] team0 (unregistering): Port device team_slave_0 removed
[  139.913684][ T1089] smc: removing ib device syz2
[  139.943772][ T7371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.955969][   T24] lo speed is unknown, defaulting to 1000
[  139.962175][ T7371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.970779][   T24] syz2: Port: 1 Link DOWN
[  140.035645][ T7460] openvswitch: netlink: Flow key attribute not present in set flow.
[  140.154887][ T7464] netlink: 12 bytes leftover after parsing attributes in process `syz.2.638'.
[  140.160888][ T7464] netlink: 'syz.2.638': attribute type 4 has an invalid length.
[  140.165234][ T7464] netlink: 152 bytes leftover after parsing attributes in process `syz.2.638'.
[  140.173256][ T7371] team0: Port device team_slave_0 added
[  140.207621][ T7464] .`: renamed from bond0 (while UP)
[  140.231213][ T7371] team0: Port device team_slave_1 added
[  140.392250][ T7371] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.399562][ T7371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.431483][ T7371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.443672][ T7371] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.451775][ T7371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.503135][ T7371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.567328][ T7472] netlink: 'syz.0.640': attribute type 1 has an invalid length.
[  140.695915][ T7371] hsr_slave_0: entered promiscuous mode
[  140.708855][ T7371] hsr_slave_1: entered promiscuous mode
[  140.852331][ T7487] netlink: 'syz.2.645': attribute type 11 has an invalid length.
[  140.860786][ T7487] netlink: 140 bytes leftover after parsing attributes in process `syz.2.645'.
[  140.941458][ T7492] netlink: 'syz.2.647': attribute type 10 has an invalid length.
[  140.968365][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.971606][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.992603][ T7492] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.995492][ T7492] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.998513][ T7492] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.001010][ T7492] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.008956][ T5861] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  141.012655][ T5239] Bluetooth: hci0: command tx timeout
[  141.014780][ T5861] Bluetooth: hci2: Injecting HCI hardware error event
[  141.018170][ T5861] Bluetooth: hci2: hardware error 0x00
[  141.036999][ T7492] .`: (slave bridge0): Enslaving as an active interface with an up link
[  141.049041][ T7371] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  141.593387][ T7371] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  141.602728][ T7371] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  141.610039][ T7371] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  141.698725][ T7371] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.717920][ T7371] 8021q: adding VLAN 0 to HW filter on device team0
[  141.729691][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.731958][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.744274][  T246] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.746710][  T246] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.783817][ T7524] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.656'.
[  141.790777][ T7371] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  141.833960][ T7530] netlink: 60 bytes leftover after parsing attributes in process `syz.0.658'.
[  141.838696][ T7530] netlink: 60 bytes leftover after parsing attributes in process `syz.0.658'.
[  141.843198][ T7530] netlink: 60 bytes leftover after parsing attributes in process `syz.0.658'.
[  141.914736][ T7371] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.956808][ T7371] veth0_vlan: entered promiscuous mode
[  141.973371][ T7371] veth1_vlan: entered promiscuous mode
[  142.009635][ T7371] veth0_macvtap: entered promiscuous mode
[  142.016702][ T7371] veth1_macvtap: entered promiscuous mode
[  142.034985][ T7371] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.052842][ T7371] batman_adv: batadv0: Interface activated: batadv_slave_1
[  142.065307][ T5885] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.073107][ T5885] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.091982][ T5885] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.120617][ T5885] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.141123][ T7546] netlink: 'syz.0.661': attribute type 2 has an invalid length.
[  142.144502][ T7546] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.661'.
[  142.147842][ T7546] nbd: must specify at least one socket
[  142.213027][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.216200][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.258551][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.262248][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.282329][ T7556] netlink: 12 bytes leftover after parsing attributes in process `syz.2.667'.
[  142.586861][ T7574] ref_ctr_offset mismatch. inode: 0xe8 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  142.645228][ T7579] netlink: 304 bytes leftover after parsing attributes in process `syz.2.677'.
[  142.886887][ T7599] openvswitch: netlink: Invalid VLAN frame
[  143.072624][ T7617] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.695'.
[  143.090335][ T5861] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  143.093036][ T5861] Bluetooth: hci0: command tx timeout
[  143.305406][ T7623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.697'.
[  143.680242][ T7637] netlink: 144 bytes leftover after parsing attributes in process `syz.0.704'.
[  143.724399][ T7642] xt_bpf: check failed: parse error
[  143.776200][ T7646] netlink: 'syz.2.707': attribute type 29 has an invalid length.
[  144.408059][ T7694] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  144.472294][ T7700] proc: Bad value for 'gid'
[  144.766581][ T7719] netlink: 'syz.0.737': attribute type 1 has an invalid length.
[  145.168619][ T5239] Bluetooth: hci0: command tx timeout
[  146.496172][ T7752] syzkaller0: entered promiscuous mode
[  146.499341][ T7752] syzkaller0: entered allmulticast mode
[  149.557248][ T7812] netlink: 'syz.3.771': attribute type 29 has an invalid length.
[  149.876167][ T7825] __nla_validate_parse: 5 callbacks suppressed
[  149.876183][ T7825] netlink: 277 bytes leftover after parsing attributes in process `syz.0.770'.
[  150.055848][ T7828] netlink: 'syz.2.769': attribute type 10 has an invalid length.
[  150.066582][ T7828] 8021q: adding VLAN 0 to HW filter on device .`
[  150.077178][ T7828] team0: Port device .` added
[  150.411367][ T7842] lo speed is unknown, defaulting to 1000
[  150.414084][ T7842] lo speed is unknown, defaulting to 1000
[  150.417340][ T7842] lo speed is unknown, defaulting to 1000
[  150.425714][ T7842] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  150.441868][ T7842] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  150.472230][ T7842] lo speed is unknown, defaulting to 1000
[  150.477682][ T7842] lo speed is unknown, defaulting to 1000
[  150.482883][ T7842] lo speed is unknown, defaulting to 1000
[  150.868167][ T7851] tap0: tun_chr_ioctl cmd 1074025677
[  150.872240][ T7851] tap0: linktype set to 6
[  150.880872][ T7853] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.787'.
[  151.014619][ T7859] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.790'.
[  151.018507][ T7859] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  151.028082][ T7862] netlink: 'syz.3.791': attribute type 8 has an invalid length.
[  151.031497][ T7862] netlink: 'syz.3.791': attribute type 6 has an invalid length.
[  151.034799][ T7862] netlink: 144448 bytes leftover after parsing attributes in process `syz.3.791'.
[  151.224295][ T7874] netlink: 192 bytes leftover after parsing attributes in process `syz.3.795'.
[  151.382791][ T7885] netlink: 16 bytes leftover after parsing attributes in process `syz.2.797'.
[  153.014997][ T7977] netlink: 60 bytes leftover after parsing attributes in process `syz.3.818'.
[  153.022978][ T7977] netlink: 60 bytes leftover after parsing attributes in process `syz.3.818'.
[  153.056886][ T7979] netlink: 'syz.3.819': attribute type 32 has an invalid length.
[  153.107504][ T7985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.822'.
[  154.160852][ T8008] openvswitch: netlink: IP tunnel dst address not specified
[  154.425036][ T8015] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  154.445276][ T8015] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  154.819865][ T8038] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.843'.
[  154.903751][ T8051] netlink: 'syz.2.848': attribute type 1 has an invalid length.
[  154.906792][ T8051] netlink: 12 bytes leftover after parsing attributes in process `syz.2.848'.
[  155.316976][ T8072] 0: renamed from bond_slave_1 (while UP)
[  155.498589][ T8079] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  155.675996][ T8077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.853'.
[  156.726814][ T8115] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.877'.
[  156.956181][ T8119] netdevsim netdevsim0 : renamed from netdevsim0 (while UP)
[  157.555388][ T8127] netlink: 'syz.2.882': attribute type 1 has an invalid length.
[  157.557901][ T8127] netlink: 'syz.2.882': attribute type 2 has an invalid length.
[  157.561358][ T8127] netlink: 'syz.2.882': attribute type 3 has an invalid length.
[  157.563937][ T8127] netlink: 'syz.2.882': attribute type 5 has an invalid length.
[  157.566390][ T8127] netlink: 'syz.2.882': attribute type 6 has an invalid length.
[  157.570779][ T8127] netlink: 'syz.2.882': attribute type 7 has an invalid length.
[  157.573897][ T8127] netlink: 'syz.2.882': attribute type 1 has an invalid length.
[  157.577537][ T8127] netlink: 449 bytes leftover after parsing attributes in process `syz.2.882'.
[  157.583086][ T8127] netlink: 130080 bytes leftover after parsing attributes in process `syz.2.882'.
[  157.598151][ T8127] netlink: 'syz.2.882': attribute type 1 has an invalid length.
[  157.602763][ T8127] netlink: 'syz.2.882': attribute type 2 has an invalid length.
[  157.605290][ T8127] netlink: 449 bytes leftover after parsing attributes in process `syz.2.882'.
[  157.796582][ T8143] lo speed is unknown, defaulting to 1000
[  157.819923][ T8146] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  157.845682][ T8145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.891'.
[  157.866802][ T8145] netlink: 10 bytes leftover after parsing attributes in process `syz.0.891'.
[  158.069595][ T8165] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.898'.
[  158.157729][ T8172] netlink: 152 bytes leftover after parsing attributes in process `syz.3.902'.
[  158.175931][ T8172] .`: renamed from bond0 (while UP)
[  158.245466][ T8174] syzkaller0: entered promiscuous mode
[  158.247818][ T8174] syzkaller0: entered allmulticast mode
[  160.842713][ T8227] tun0: tun_chr_ioctl cmd 1074025675
[  160.845085][ T8227] tun0: persist enabled
[  160.847586][ T8227] tun0: tun_chr_ioctl cmd 1074025675
[  160.851359][ T8227] tun0: persist disabled
[  160.938757][ T8235] IPv6: NLM_F_CREATE should be specified when creating new route
[  161.031316][ T8248] netlink: 22 bytes leftover after parsing attributes in process `syz.0.932'.
[  162.172598][ T8282] syzkaller0: entered promiscuous mode
[  162.174759][ T8282] syzkaller0: entered allmulticast mode
[  163.422593][ T8299] netlink: 56 bytes leftover after parsing attributes in process `syz.0.951'.
[  163.731431][ T8313] validate_nla: 6 callbacks suppressed
[  163.731459][ T8313] netlink: 'syz.2.959': attribute type 46 has an invalid length.
[  163.736401][ T8313] netlink: 55 bytes leftover after parsing attributes in process `syz.2.959'.
[  163.741943][ T8314] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.957'.
[  163.860783][ T8314] netlink: 44 bytes leftover after parsing attributes in process `syz.3.957'.
[  163.863993][ T8314] netlink: 68 bytes leftover after parsing attributes in process `syz.3.957'.
[  163.873316][ T8322] netlink: 'syz.0.958': attribute type 2 has an invalid length.
[  164.937993][ T8358] netlink: 'syz.3.979': attribute type 29 has an invalid length.
[  164.944796][ T8359] tun0: tun_chr_ioctl cmd 1074025677
[  164.946269][ T8358] netlink: 'syz.3.979': attribute type 10 has an invalid length.
[  164.947014][ T8359] tun0: linktype set to 270
[  164.968235][ T8361] netlink: 104 bytes leftover after parsing attributes in process `syz.0.980'.
[  165.059792][ T8358] 8021q: adding VLAN 0 to HW filter on device .`
[  165.093389][ T8358] team0: Port device .` added
[  165.160580][ T8358] syz.3.979 (8358) used greatest stack depth: 18104 bytes left
[  165.195762][ T8372] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  165.282159][ T8381] openvswitch: netlink: Missing valid actions attribute.
[  165.285080][ T8381] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  165.636640][ T8402] netlink: 64 bytes leftover after parsing attributes in process `syz.2.999'.
[  168.723690][ T8422] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1008'.
[  168.728167][ T8422] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1008'.
[  168.736212][ T8422] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1008'.
[  169.717133][ T8439] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1016'.
[  169.746358][ T8441] cgroup: Unknown subsys name '0x0000000000000000'
[  169.841551][ T8443] netlink: 'syz.2.1018': attribute type 10 has an invalid length.
[  169.853423][ T8443] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1018'.
[  169.875483][ T8443] batman_adv: batadv0: Adding interface: virt_wifi0
[  169.878019][ T8443] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  169.893724][ T8443] batman_adv: batadv0: Interface activated: virt_wifi0
[  169.980120][ T8456] netlink: 'syz.3.1024': attribute type 7 has an invalid length.
[  170.151854][ T8467] netlink: 'syz.0.1029': attribute type 1 has an invalid length.
[  170.154945][ T8467] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1029'.
[  170.998793][ T8487] netlink: 'syz.3.1035': attribute type 10 has an invalid length.
[  171.293614][ T8478] delete_channel: no stack
[  171.297807][ T8478] delete_channel: no stack
[  171.337630][ T8487] .`: (slave bond_slave_0): Releasing backup interface
[  171.436700][ T8495] netlink: 'syz.0.1040': attribute type 2 has an invalid length.
[  171.440779][ T8495] netlink: 'syz.0.1040': attribute type 1 has an invalid length.
[  171.555414][ T8501] netlink: 'syz.3.1043': attribute type 1 has an invalid length.
[  171.558645][ T8501] netlink: 'syz.3.1043': attribute type 2 has an invalid length.
[  171.561898][ T8501] netlink: 'syz.3.1043': attribute type 3 has an invalid length.
[  171.564986][ T8501] netlink: 'syz.3.1043': attribute type 5 has an invalid length.
[  171.567925][ T8501] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1043'.
[  171.573000][ T8501] netlink: 130080 bytes leftover after parsing attributes in process `syz.3.1043'.
[  171.576577][ T8501] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1043'.
[  171.783522][ T8505] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1045'.
[  171.811382][ T8505] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.902823][ T8508] syzkaller0: entered promiscuous mode
[  171.904983][ T8508] syzkaller0: entered allmulticast mode
[  173.226315][ T5239] Bluetooth: hci1: unexpected event 0x08 length: 15 > 4
[  173.942698][ T8546] __nla_validate_parse: 1 callbacks suppressed
[  173.942793][ T8546] netlink: 194196 bytes leftover after parsing attributes in process `syz.0.1063'.
[  174.152829][ T8564] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.1070'.
[  174.156164][ T8564] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  174.161338][ T8564] openvswitch: netlink: Duplicate key (type 0).
[  175.250511][ T5861] Bluetooth: hci1: command 0x0406 tx timeout
[  175.453760][ T8596] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.1083'.
[  175.674062][ T8600] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1084'.
[  175.682716][ T8600] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1084'.
[  175.690432][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1084'.
[  175.700226][ T8602] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1085'.
[  176.178283][ T8618] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1092'.
[  176.182732][ T8618] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1092'.
[  176.286775][ T8626] validate_nla: 15 callbacks suppressed
[  176.286791][ T8626] netlink: 'syz.3.1097': attribute type 3 has an invalid length.
[  176.296095][ T8626] netlink: 'syz.3.1097': attribute type 1 has an invalid length.
[  176.300562][ T8626] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.1097'.
[  176.354318][ T8630] netlink: 'syz.3.1098': attribute type 1 has an invalid length.
[  176.596180][ T5239] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[  176.596474][ T5239] Bluetooth: hci1: connection err: -111
[  176.620213][ T8648] netlink: 'syz.3.1105': attribute type 21 has an invalid length.
[  176.651182][ T8650] delete_channel: no stack
[  176.653055][ T8650] delete_channel: no stack
[  176.694951][ T8652] netlink: 'syz.3.1107': attribute type 2 has an invalid length.
[  176.697490][ T8652] netlink: 'syz.3.1107': attribute type 3 has an invalid length.
[  176.712078][ T8652] netlink: 'syz.3.1107': attribute type 4 has an invalid length.
[  176.721042][ T8652] netlink: 'syz.3.1107': attribute type 5 has an invalid length.
[  176.726104][ T8652] netlink: 'syz.3.1107': attribute type 6 has an invalid length.
[  176.735966][ T8652] netlink: 'syz.3.1107': attribute type 8 has an invalid length.
[  177.727554][ T5239] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3
[  177.779982][ T8702] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.786963][ T8702] bridge0: entered allmulticast mode
[  177.847786][ T8702] bridge_slave_1: left allmulticast mode
[  177.851396][ T8702] bridge_slave_1: left promiscuous mode
[  177.856594][ T8702] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.956528][ T8702] bridge_slave_0: left promiscuous mode
[  177.965445][ T8702] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.318182][ T8756] __nla_validate_parse: 8 callbacks suppressed
[  179.318199][ T8756] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1154'.
[  180.346727][ T8781] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1165'.
[  180.965326][ T8826] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  181.171535][ T5239] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[  182.575995][ T8881] validate_nla: 3 callbacks suppressed
[  182.576012][ T8881] netlink: 'syz.2.1210': attribute type 21 has an invalid length.
[  182.865011][ T8885] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1210'.
[  183.197983][ T8884] netlink: 'syz.2.1210': attribute type 4 has an invalid length.
[  183.203399][ T8884] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1210'.
[  183.209900][ T8884] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  183.383320][ T8897] netlink: 'syz.3.1215': attribute type 23 has an invalid length.
[  183.498006][ T8909] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1221'.
[  184.085766][ T8941] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.1236'.
[  184.091041][ T8940] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.1236'.
[  184.095084][ T8941] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.1236'.
[  184.294160][ T8949] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1240'.
[  186.510188][ T8970] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1249'.
[  186.514369][ T8970] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1249'.
[  187.151551][ T8977] netlink: 'syz.0.1252': attribute type 10 has an invalid length.
[  187.154746][ T8977] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1252'.
[  187.160567][ T8977] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  187.760986][ T9007] netlink: 'syz.3.1264': attribute type 29 has an invalid length.
[  187.771712][ T9003] netlink: 'syz.3.1264': attribute type 29 has an invalid length.
[  187.776550][ T9003] netlink: 'syz.3.1264': attribute type 29 has an invalid length.
[  187.794524][ T9003] netlink: 'syz.3.1264': attribute type 29 has an invalid length.
[  187.952285][ T9021] netlink: 'syz.2.1272': attribute type 29 has an invalid length.
[  187.956847][ T9021] netlink: 'syz.2.1272': attribute type 29 has an invalid length.
[  187.983020][ T9021] netlink: 'syz.2.1272': attribute type 29 has an invalid length.
[  187.987895][ T9023] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  187.999341][ T9021] netlink: 'syz.2.1272': attribute type 29 has an invalid length.
[  188.032641][ T9025] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1274'.
[  188.152846][ T9037] netlink: 'syz.0.1280': attribute type 46 has an invalid length.
[  188.155280][ T9037] netlink: 'syz.0.1280': attribute type 19 has an invalid length.
[  188.157717][ T9037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1280'.
[  188.167438][ T9039] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1281'.
[  188.180101][ T9039] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1281'.
[  188.183134][ T9039] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1281'.
[  188.193225][ T9041] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.1282'.
[  188.739264][ T9086] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1304'.
[  188.748629][ T9086] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  191.090119][ T5861] Bluetooth: hci1: command 0x0406 tx timeout
[  191.214715][ T9195] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  191.217460][ T9195] IPv6: NLM_F_CREATE should be set when creating new route
[  191.220209][ T9195] IPv6: NLM_F_CREATE should be set when creating new route
[  191.222709][ T9195] IPv6: NLM_F_CREATE should be set when creating new route
[  191.468524][ T9209] nbd: couldn't find device at index 16
[  192.399703][ T9266] __nla_validate_parse: 11 callbacks suppressed
[  192.399720][ T9266] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1387'.
[  192.429317][ T9266] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1387'.
[  192.448126][ T9266] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1387'.
[  192.569848][ T9280] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1394'.
[  192.718100][ T9289] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1398'.
[  192.793937][ T9293] validate_nla: 18 callbacks suppressed
[  192.793954][ T9293] netlink: 'syz.2.1401': attribute type 4 has an invalid length.
[  192.800143][ T9293] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1401'.
[  193.983105][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  193.985209][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  194.639671][ T9352] delete_channel: no stack
[  194.897008][ T9384] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1443'.
[  195.038081][ T9396] netlink: 'syz.3.1449': attribute type 29 has an invalid length.
[  195.047104][ T9396] netlink: 'syz.3.1449': attribute type 29 has an invalid length.
[  195.055026][ T9396] netlink: 'syz.3.1449': attribute type 29 has an invalid length.
[  195.740425][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1454'.
[  197.989795][ T9423] netlink: 'syz.3.1461': attribute type 2 has an invalid length.
[  198.001085][ T9423] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1461'.
[  198.012481][ T9423] nbd: must specify an index to disconnect
[  198.035445][ T9423] netlink: 'syz.3.1461': attribute type 1 has an invalid length.
[  198.999831][ T9430] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1465'.
[  199.003511][ T9430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1465'.
[  199.061061][ T9434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1466'.
[  199.221585][ T9440] netlink: 'syz.0.1469': attribute type 2 has an invalid length.
[  199.224666][ T9440] netlink: 130532 bytes leftover after parsing attributes in process `syz.0.1469'.
[  199.464013][ T9442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1470'.
[  200.070105][ T9456] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1475'.
[  200.321611][ T9468] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1481'.
[  200.367209][ T9473] netlink: 'syz.3.1484': attribute type 10 has an invalid length.
[  200.660489][ T9487] netlink: 'syz.2.1489': attribute type 3 has an invalid length.
[  200.663865][ T9487] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1489'.
[  200.777159][ T9493] netlink: 'syz.2.1492': attribute type 2 has an invalid length.
[  200.782023][ T9493] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.1492'.
[  201.994425][ T9517] syzkaller0: entered promiscuous mode
[  201.996941][ T9517] syzkaller0: entered allmulticast mode
[  204.937199][ T9597] __nla_validate_parse: 2 callbacks suppressed
[  204.937214][ T9597] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1538'.
[  205.156420][ T9610] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1543'.
[  205.343074][ T9614] netlink: 'syz.3.1545': attribute type 21 has an invalid length.
[  205.346306][ T9614] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1545'.
[  205.814186][ T5239] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  205.995610][ T9636] netlink: 182 bytes leftover after parsing attributes in process `syz.0.1554'.
[  206.007110][ T9636] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1554'.
[  206.013978][ T9636] netlink: 'syz.0.1554': attribute type 10 has an invalid length.
[  206.127404][ T9646] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1554'.
[  206.210930][ T9636] team0: Device veth0_vlan failed to register rx_handler
[  206.488806][ T9636] syz.0.1554 (9636) used greatest stack depth: 17656 bytes left
[  206.582127][ T9666] netlink: 'syz.3.1567': attribute type 49 has an invalid length.
[  206.609516][ T9672] netlink: 822 bytes leftover after parsing attributes in process `syz.0.1570'.
[  206.655633][ T9678] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1573'.
[  206.659488][ T9678] hsr0: entered promiscuous mode
[  206.661110][ T9678] hsr0: entered allmulticast mode
[  206.662761][ T9678] hsr_slave_0: entered allmulticast mode
[  206.664738][ T9678] hsr_slave_1: entered allmulticast mode
[  206.811426][ T9685] openvswitch: netlink: EtherType 50a is less than min 600
[  206.847542][ T9676] tap0: tun_chr_ioctl cmd 1074025677
[  206.858255][ T9676] tap0: linktype set to 0
[  206.982834][ T9697] netlink: 'syz.3.1581': attribute type 21 has an invalid length.
[  207.016590][ T9701] netlink: 'syz.2.1584': attribute type 9 has an invalid length.
[  207.027824][ T9701] netlink: 211924 bytes leftover after parsing attributes in process `syz.2.1584'.
[  207.049560][ T9704] netlink: 'syz.3.1585': attribute type 10 has an invalid length.
[  207.056123][ T9704] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1585'.
[  207.068691][ T9704] .`: entered promiscuous mode
[  207.070431][ T9704] 0: entered promiscuous mode
[  207.111409][ T9704] team0: Port device .` removed
[  207.595591][ T9728] wg2: entered promiscuous mode
[  207.597309][ T9728] wg2: entered allmulticast mode
[  208.032106][ T9736] netlink: 'syz.0.1600': attribute type 29 has an invalid length.
[  208.036426][ T9736] netlink: 'syz.0.1600': attribute type 29 has an invalid length.
[  208.044595][ T9736] netlink: 'syz.0.1600': attribute type 29 has an invalid length.
[  208.054868][ T9736] netlink: 'syz.0.1600': attribute type 29 has an invalid length.
[  209.338049][ T9789] tmpfs: Bad value for 'mode'
[  210.587256][ T9809] netlink: 'syz.2.1634': attribute type 9 has an invalid length.
[  210.597839][ T9809] __nla_validate_parse: 5 callbacks suppressed
[  210.597854][ T9809] netlink: 211988 bytes leftover after parsing attributes in process `syz.2.1634'.
[  210.706215][ T9812] netlink: 'syz.3.1632': attribute type 21 has an invalid length.
[  210.709734][ T9812] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1632'.
[  210.832330][ T9820] : entered promiscuous mode
[  210.927274][ T9828] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1642'.
[  211.301328][ T9845] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1650'.
[  211.512458][ T9853] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  211.516865][ T9853] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  211.597113][ T9866] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1655'.
[  211.728902][ T9872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1655'.
[  212.473715][ T9890] netlink: 'syz.2.1665': attribute type 2 has an invalid length.
[  212.481043][ T9890] netlink: 'syz.2.1665': attribute type 1 has an invalid length.
[  212.485697][ T9890] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.1665'.
[  212.574767][ T9898] netlink: 'syz.0.1669': attribute type 1 has an invalid length.
[  212.697686][ T9907] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1673'.
[  213.173731][ T9931] syzkaller1: tun_chr_ioctl cmd 1074025677
[  213.176331][ T9931] syzkaller1: linktype set to 780
[  213.275249][ T9933] netlink: 'syz.3.1685': attribute type 1 has an invalid length.
[  213.303937][ T9926] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1682'.
[  213.320440][ T9926] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1682'.
[  213.437847][ T9941] netlink: zone id is out of range
[  213.446112][ T9941] netlink: zone id is out of range
[  213.463108][ T9941] netlink: del zone limit has 4 unknown bytes
[  213.522201][ T9943] netlink: 'syz.0.1690': attribute type 10 has an invalid length.
[  213.525950][ T9943] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  214.265333][ T9955] hsr0: entered promiscuous mode
[  214.376337][ T9963] erspan0: default FDB implementation only supports local addresses
[  214.785542][ T9997] netlink: 'syz.3.1715': attribute type 10 has an invalid length.
[  214.797202][ T9997] macvlan0: entered promiscuous mode
[  214.810472][ T9997] .`: (slave macvlan0): Enslaving as an active interface with an up link
[  214.825224][T10001] netlink: 'syz.0.1716': attribute type 25 has an invalid length.
[  214.956960][T10019] netlink: 'syz.0.1726': attribute type 1 has an invalid length.
[  215.005511][T10025] netlink: 'syz.3.1729': attribute type 11 has an invalid length.
[  215.009673][T10025] netlink: 'syz.3.1729': attribute type 11 has an invalid length.
[  215.223425][T10041] xt_limit: Overflow, try lower: 271964/0
[  215.472455][T10063] IPv6: NLM_F_CREATE should be specified when creating new route
[  215.474945][T10063] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  215.477203][T10063] IPv6: NLM_F_CREATE should be set when creating new route
[  216.503583][T10075] __nla_validate_parse: 10 callbacks suppressed
[  216.503599][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1752'.
[  216.513686][T10077] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1750'.
[  216.514551][T10075] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1752'.
[  216.604675][T10083] sit0: entered allmulticast mode
[  216.620813][T10083] sit0: entered promiscuous mode
[  216.625868][T10086] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.1757'.
[  216.640414][ T5239] Bluetooth: hci0: Malformed LE Event: 0x0d
[  216.819646][T10095] ==================================================================
[  216.822348][T10095] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  216.824848][T10095] Read of size 2 at addr ffff888026e95342 by task syz.2.1759/10095
[  216.828645][T10095] 
[  216.829419][T10095] CPU: 0 UID: 0 PID: 10095 Comm: syz.2.1759 Not tainted syzkaller #0 PREEMPT(full) 
[  216.829437][T10095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  216.829445][T10095] Call Trace:
[  216.829451][T10095]  <TASK>
[  216.829459][T10095]  dump_stack_lvl+0x189/0x250
[  216.829479][T10095]  ? __kasan_check_byte+0x12/0x40
[  216.829493][T10095]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.829507][T10095]  ? lock_release+0x4b/0x3e0
[  216.829529][T10095]  ? __virt_addr_valid+0x4a5/0x5c0
[  216.829545][T10095]  print_report+0xca/0x240
[  216.829557][T10095]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  216.829573][T10095]  kasan_report+0x118/0x150
[  216.829588][T10095]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  216.829604][T10095]  __xfrm_state_lookup+0x6ad/0x8d0
[  216.829617][T10095]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  216.829629][T10095]  xfrm_state_add+0x27d/0xc40
[  216.829642][T10095]  xfrm_add_sa+0x35a1/0x4070
[  216.829652][T10095]  ? __pfx_xfrm_add_sa+0x10/0x10
[  216.829658][T10095]  ? apparmor_capable+0x137/0x1b0
[  216.829670][T10095]  ? __nla_parse+0x40/0x60
[  216.829680][T10095]  xfrm_user_rcv_msg+0x7a3/0xab0
[  216.829688][T10095]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  216.829702][T10095]  ? __pfx___mutex_trylock_common+0x10/0x10
[  216.829711][T10095]  ? rcu_is_watching+0x15/0xb0
[  216.829719][T10095]  ? trace_contention_end+0x39/0x120
[  216.829726][T10095]  ? __mutex_lock+0x335/0x1350
[  216.829737][T10095]  netlink_rcv_skb+0x208/0x470
[  216.829747][T10095]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  216.829754][T10095]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  216.829767][T10095]  ? netlink_deliver_tap+0x2e/0x1b0
[  216.829776][T10095]  ? netlink_deliver_tap+0x2e/0x1b0
[  216.829786][T10095]  xfrm_netlink_rcv+0x79/0x90
[  216.829793][T10095]  netlink_unicast+0x82f/0x9e0
[  216.829802][T10095]  ? __pfx_netlink_unicast+0x10/0x10
[  216.829810][T10095]  ? netlink_sendmsg+0x642/0xb30
[  216.829819][T10095]  ? skb_put+0x11b/0x210
[  216.829829][T10095]  netlink_sendmsg+0x805/0xb30
[  216.829840][T10095]  ? __pfx_netlink_sendmsg+0x10/0x10
[  216.829850][T10095]  ? aa_sock_msg_perm+0xf1/0x1d0
[  216.829858][T10095]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  216.829868][T10095]  ? __pfx_netlink_sendmsg+0x10/0x10
[  216.829877][T10095]  __sock_sendmsg+0x21c/0x270
[  216.829885][T10095]  ____sys_sendmsg+0x505/0x830
[  216.829911][T10095]  ? __pfx_____sys_sendmsg+0x10/0x10
[  216.829924][T10095]  ? import_iovec+0x74/0xa0
[  216.829937][T10095]  ___sys_sendmsg+0x21f/0x2a0
[  216.829949][T10095]  ? __pfx____sys_sendmsg+0x10/0x10
[  216.829966][T10095]  ? __fget_files+0x2a/0x420
[  216.829974][T10095]  ? __fget_files+0x3a0/0x420
[  216.829984][T10095]  __x64_sys_sendmsg+0x19b/0x260
[  216.829993][T10095]  ? perf_trace_run_bpf_submit+0x100/0x170
[  216.830003][T10095]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  216.830015][T10095]  ? rcu_is_watching+0x15/0xb0
[  216.830022][T10095]  ? do_syscall_64+0xbe/0x3b0
[  216.830033][T10095]  do_syscall_64+0xfa/0x3b0
[  216.830042][T10095]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.830050][T10095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.830057][T10095]  ? exc_page_fault+0x9f/0xf0
[  216.830065][T10095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.830078][T10095] RIP: 0033:0x7f509218ec29
[  216.830087][T10095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.830094][T10095] RSP: 002b:00007f5092fe0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  216.830103][T10095] RAX: ffffffffffffffda RBX: 00007f50923d5fa0 RCX: 00007f509218ec29
[  216.830109][T10095] RDX: 0000000024000058 RSI: 0000200000000540 RDI: 0000000000000003
[  216.830114][T10095] RBP: 00007f5092211e41 R08: 0000000000000000 R09: 0000000000000000
[  216.830119][T10095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  216.830124][T10095] R13: 00007f50923d6038 R14: 00007f50923d5fa0 R15: 00007fff561937c8
[  216.830133][T10095]  </TASK>
[  216.830136][T10095] 
[  216.966663][T10095] Allocated by task 8582:
[  216.968392][T10095]  kasan_save_track+0x3e/0x80
[  216.970206][T10095]  __kasan_slab_alloc+0x6c/0x80
[  216.972047][T10095]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  216.974220][T10095]  xfrm_state_alloc+0x24/0x2f0
[  216.976101][T10095]  __find_acq_core+0x8a7/0x1c00
[  216.978035][T10095]  xfrm_find_acq+0x78/0xa0
[  216.979753][T10095]  xfrm_alloc_userspi+0x6b3/0xc90
[  216.981643][T10095]  xfrm_user_rcv_msg+0x7a3/0xab0
[  216.983590][T10095]  netlink_rcv_skb+0x208/0x470
[  216.985436][T10095]  xfrm_netlink_rcv+0x79/0x90
[  216.987332][T10095]  netlink_unicast+0x82f/0x9e0
[  216.989205][T10095]  netlink_sendmsg+0x805/0xb30
[  216.991110][T10095]  __sock_sendmsg+0x21c/0x270
[  216.992983][T10095]  ____sys_sendmsg+0x505/0x830
[  216.994881][T10095]  ___sys_sendmsg+0x21f/0x2a0
[  216.996733][T10095]  __x64_sys_sendmsg+0x19b/0x260
[  216.998704][T10095]  do_syscall_64+0xfa/0x3b0
[  217.000530][T10095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.002837][T10095] 
[  217.003805][T10095] Freed by task 5893:
[  217.005393][T10095]  kasan_save_track+0x3e/0x80
[  217.007237][T10095]  kasan_save_free_info+0x46/0x50
[  217.009225][T10095]  __kasan_slab_free+0x5b/0x80
[  217.011160][T10095]  kmem_cache_free+0x18f/0x400
[  217.013053][T10095]  xfrm_state_gc_task+0x52d/0x6b0
[  217.015045][T10095]  process_scheduled_works+0xae1/0x17b0
[  217.017229][T10095]  worker_thread+0x8a0/0xda0
[  217.019046][T10095]  kthread+0x711/0x8a0
[  217.020668][T10095]  ret_from_fork+0x439/0x7d0
[  217.022495][T10095]  ret_from_fork_asm+0x1a/0x30
[  217.024377][T10095] 
[  217.025323][T10095] The buggy address belongs to the object at ffff888026e95200
[  217.025323][T10095]  which belongs to the cache xfrm_state of size 928
[  217.030531][T10095] The buggy address is located 322 bytes inside of
[  217.030531][T10095]  freed 928-byte region [ffff888026e95200, ffff888026e955a0)
[  217.035691][T10095] 
[  217.036665][T10095] The buggy address belongs to the physical page:
[  217.039179][T10095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026e95200 pfn:0x26e94
[  217.043064][T10095] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  217.046359][T10095] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  217.049208][T10095] page_type: f5(slab)
[  217.050770][T10095] raw: 00fff00000000040 ffff88801cbbeb40 dead000000000122 0000000000000000
[  217.054016][T10095] raw: ffff888026e95200 00000000800e0004 00000000f5000000 0000000000000000
[  217.057211][T10095] head: 00fff00000000040 ffff88801cbbeb40 dead000000000122 0000000000000000
[  217.060528][T10095] head: ffff888026e95200 00000000800e0004 00000000f5000000 0000000000000000
[  217.063894][T10095] head: 00fff00000000002 ffffea00009ba501 00000000ffffffff 00000000ffffffff
[  217.067292][T10095] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  217.070614][T10095] page dumped because: kasan: bad access detected
[  217.073010][T10095] page_owner tracks the page as allocated
[  217.075185][T10095] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5978, tgid 5977 (syz.2.24), ts 69894639528, free_ts 69883842141
[  217.082087][T10095]  post_alloc_hook+0x240/0x2a0
[  217.083914][T10095]  get_page_from_freelist+0x21e4/0x22c0
[  217.085976][T10095]  __alloc_frozen_pages_noprof+0x181/0x370
[  217.088206][T10095]  alloc_pages_mpol+0x232/0x4a0
[  217.090146][T10095]  allocate_slab+0x8a/0x370
[  217.091929][T10095]  ___slab_alloc+0xbeb/0x1420
[  217.093791][T10095]  kmem_cache_alloc_noprof+0x283/0x3c0
[  217.095957][T10095]  xfrm_state_alloc+0x24/0x2f0
[  217.097768][T10095]  xfrm_add_sa+0x17d1/0x4070
[  217.099501][T10095]  xfrm_user_rcv_msg+0x7a3/0xab0
[  217.101398][T10095]  netlink_rcv_skb+0x208/0x470
[  217.103194][T10095]  xfrm_netlink_rcv+0x79/0x90
[  217.105074][T10095]  netlink_unicast+0x82f/0x9e0
[  217.106888][T10095]  netlink_sendmsg+0x805/0xb30
[  217.108704][T10095]  __sock_sendmsg+0x21c/0x270
[  217.110554][T10095]  ____sys_sendmsg+0x505/0x830
[  217.112436][T10095] page last free pid 5854 tgid 5854 stack trace:
[  217.114833][T10095]  __free_frozen_pages+0xbc4/0xd30
[  217.116774][T10095]  __slab_free+0x303/0x3c0
[  217.118557][T10095]  qlist_free_all+0x97/0x140
[  217.120342][T10095]  kasan_quarantine_reduce+0x148/0x160
[  217.122641][T10095]  __kasan_slab_alloc+0x22/0x80
[  217.124582][T10095]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  217.126752][T10095]  getname_flags+0xb8/0x540
[  217.128550][T10095]  __x64_sys_unlink+0x3a/0x50
[  217.130429][T10095]  do_syscall_64+0xfa/0x3b0
[  217.132191][T10095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.134526][T10095] 
[  217.135486][T10095] Memory state around the buggy address:
[  217.137689][T10095]  ffff888026e95200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  217.140810][T10095]  ffff888026e95280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  217.143880][T10095] >ffff888026e95300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  217.147010][T10095]                                            ^
[  217.149438][T10095]  ffff888026e95380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  217.152593][T10095]  ffff888026e95400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  217.155714][T10095] ==================================================================
[  217.159044][T10095] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  217.161854][T10095] CPU: 0 UID: 0 PID: 10095 Comm: syz.2.1759 Not tainted syzkaller #0 PREEMPT(full) 
[  217.165474][T10095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  217.169374][T10095] Call Trace:
[  217.170711][T10095]  <TASK>
[  217.171887][T10095]  dump_stack_lvl+0x99/0x250
[  217.173713][T10095]  ? __asan_memcpy+0x40/0x70
[  217.175518][T10095]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.177572][T10095]  ? __pfx__printk+0x10/0x10
[  217.179398][T10095]  vpanic+0x281/0x750
[  217.181090][T10095]  ? __pfx_vpanic+0x10/0x10
[  217.182836][T10095]  ? irqentry_exit+0x74/0x90
[  217.184547][T10095]  panic+0xb9/0xc0
[  217.186014][T10095]  ? __pfx_panic+0x10/0x10
[  217.187790][T10095]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  217.190142][T10095]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  217.192459][T10095]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  217.194521][T10095]  check_panic_on_warn+0x89/0xb0
[  217.196416][T10095]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  217.198415][T10095]  end_report+0x78/0x160
[  217.200058][T10095]  kasan_report+0x129/0x150
[  217.201754][T10095]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  217.203841][T10095]  __xfrm_state_lookup+0x6ad/0x8d0
[  217.205867][T10095]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  217.208079][T10095]  xfrm_state_add+0x27d/0xc40
[  217.209957][T10095]  xfrm_add_sa+0x35a1/0x4070
[  217.211747][T10095]  ? __pfx_xfrm_add_sa+0x10/0x10
[  217.213628][T10095]  ? apparmor_capable+0x137/0x1b0
[  217.215551][T10095]  ? __nla_parse+0x40/0x60
[  217.217345][T10095]  xfrm_user_rcv_msg+0x7a3/0xab0
[  217.219316][T10095]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  217.221476][T10095]  ? __pfx___mutex_trylock_common+0x10/0x10
[  217.223818][T10095]  ? rcu_is_watching+0x15/0xb0
[  217.225699][T10095]  ? trace_contention_end+0x39/0x120
[  217.227775][T10095]  ? __mutex_lock+0x335/0x1350
[  217.229736][T10095]  netlink_rcv_skb+0x208/0x470
[  217.231719][T10095]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  217.233938][T10095]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  217.236107][T10095]  ? netlink_deliver_tap+0x2e/0x1b0
[  217.238277][T10095]  ? netlink_deliver_tap+0x2e/0x1b0
[  217.240387][T10095]  xfrm_netlink_rcv+0x79/0x90
[  217.242307][T10095]  netlink_unicast+0x82f/0x9e0
[  217.244263][T10095]  ? __pfx_netlink_unicast+0x10/0x10
[  217.246359][T10095]  ? netlink_sendmsg+0x642/0xb30
[  217.248385][T10095]  ? skb_put+0x11b/0x210
[  217.250083][T10095]  netlink_sendmsg+0x805/0xb30
[  217.252042][T10095]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.254191][T10095]  ? aa_sock_msg_perm+0xf1/0x1d0
[  217.256246][T10095]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  217.258402][T10095]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.260575][T10095]  __sock_sendmsg+0x21c/0x270
[  217.262433][T10095]  ____sys_sendmsg+0x505/0x830
[  217.264258][T10095]  ? __pfx_____sys_sendmsg+0x10/0x10
[  217.266429][T10095]  ? import_iovec+0x74/0xa0
[  217.268314][T10095]  ___sys_sendmsg+0x21f/0x2a0
[  217.270259][T10095]  ? __pfx____sys_sendmsg+0x10/0x10
[  217.272366][T10095]  ? __fget_files+0x2a/0x420
[  217.274209][T10095]  ? __fget_files+0x3a0/0x420
[  217.276083][T10095]  __x64_sys_sendmsg+0x19b/0x260
[  217.278034][T10095]  ? perf_trace_run_bpf_submit+0x100/0x170
[  217.280341][T10095]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  217.282457][T10095]  ? rcu_is_watching+0x15/0xb0
[  217.284428][T10095]  ? do_syscall_64+0xbe/0x3b0
[  217.286374][T10095]  do_syscall_64+0xfa/0x3b0
[  217.288214][T10095]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.290311][T10095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.292775][T10095]  ? exc_page_fault+0x9f/0xf0
[  217.294679][T10095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.297025][T10095] RIP: 0033:0x7f509218ec29
[  217.298786][T10095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.306409][T10095] RSP: 002b:00007f5092fe0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.309596][T10095] RAX: ffffffffffffffda RBX: 00007f50923d5fa0 RCX: 00007f509218ec29
[  217.312740][T10095] RDX: 0000000024000058 RSI: 0000200000000540 RDI: 0000000000000003
[  217.315828][T10095] RBP: 00007f5092211e41 R08: 0000000000000000 R09: 0000000000000000
[  217.318904][T10095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.322087][T10095] R13: 00007f50923d6038 R14: 00007f50923d5fa0 R15: 00007fff561937c8
[  217.325228][T10095]  </TASK>
[  217.327151][T10095] Kernel Offset: disabled
[  217.328861][T10095] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:04:22  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000162c RDI=000000000000162d RBP=00000000000003f8 RSP=ffffc90002e3e9d0
R8 =ffff888020568237 R9 =1ffff110040ad046 R10=dffffc0000000000 R11=ffffffff85504bc0
R12=dffffc0000000000 R13=ffffffff99b048f4 R14=ffffffff99df9420 R15=0000000000000000
RIP=ffffffff85504c3c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5092fe06c0 ffffffff 00c00000
GS =0000 ffff8880b8611000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000540 CR3=0000000041cae000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f50923a7498 00007f50923a7470 XMM03=00007f50923a74a8 00007f50923a74a0
XMM04=00007f5092f0d100 00007f50923a7460 XMM05=00007f50923a7478 00007f50923a74c0
XMM06=00007f50923a74b8 00007f50923a74b0 XMM07=00007f50923a74a8 00007f50923a74a0
XMM08=0000000000000000 00007f5092212f0f XMM09=0000000000000000 00007f5092212fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc90007620000 RBX=00000000000000c3 RCX=ffff8880229992d0 RDX=0000000000186a00
RSI=0000000000004a38 RDI=0000000000004e20 RBP=ffffc900001e0b88 RSP=ffffc900001e09e0
R8 =ffff888109b45640 R9 =0000000000000003 R10=0000000000000002 R11=0000000000000100
R12=dffffc0000000000 R13=0000000000004a38 R14=00000000004e2000 R15=0000000000000000
RIP=ffffffff8699c9f9 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8e38c396c0 ffffffff 00c00000
GS =0000 ffff8881a3c11000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f29b8471fe4 CR3=000000011e1f4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f5108e12e7b
XMM06=0000000000000000 00007f5108e12e75 XMM07=0000000000000000 00007f5108e12e89
XMM08=0000000000000000 00007f5108e12f0f XMM09=0000000000000000 00007f5108e12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
