last executing test programs:

2m13.881033046s ago: executing program 0 (id=1521):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb8}}, 0x0)

2m13.802672878s ago: executing program 0 (id=1522):
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x15, 0x5, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0xfff}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7968dd986c6a6700020006aa"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m11.911642403s ago: executing program 0 (id=1528):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r2, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r3=>0x0}, 0x8)
r4 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r3, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r4, 0x4)

2m11.766128581s ago: executing program 0 (id=1532):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x1}, 0x6d)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0xc, 0x1, &(0x7f0000000500)=@raw=[@generic={0x34, 0x8, 0x3, 0x8, 0xa9ac}], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x23, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)

2m11.706746643s ago: executing program 0 (id=1535):
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x9, 0x80350, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x2a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
close(0xffffffffffffffff)
getpid()
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e502000000000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
r1 = socket$kcm(0xa, 0x3, 0x3a)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x4}, 0xf242, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x541b, &(0x7f0000000100)={r1})

2m11.42706799s ago: executing program 0 (id=1536):
mount$bpf(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x182884, 0x0)

2m11.286454402s ago: executing program 32 (id=1536):
mount$bpf(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x182884, 0x0)

1m36.911699748s ago: executing program 3 (id=2200):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

1m36.864501353s ago: executing program 3 (id=2201):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x2}, {0x0, 0x80004, 0x10104, 0x9}], 0x10, 0x1}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x581, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x20, 0x4, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8, 0x0, 0x0, 0x7}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb791f6f9875f37538e486dd6317ce8102031100fe08000e40000200875a65969ff57b00ff0200000000000000000001ffaaaaaa"], 0xfdef)
close(r6)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{}, 0x0, 0x0}, 0x20)
recvmsg$unix(r5, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7910009875f37538e486dd6317ce81020329"], 0xfdef)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40080, 0x0)
close(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000000408000440000000150900020073797a32"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
ioctl$SIOCSIFHWADDR(r8, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="111100000002"})

1m35.872677234s ago: executing program 3 (id=2220):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x6, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0xc054}, 0x8010)

1m35.812474185s ago: executing program 3 (id=2222):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000a40)=ANY=[], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7786}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0xc, '\x00', r4}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000240)=ANY=[], 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xaa}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000880)={0x9}, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000), 0x8)

1m35.443637707s ago: executing program 1 (id=2233):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0xc220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x3, 0xa, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x3, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
socket$kcm(0x23, 0x5, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dummy0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

1m35.321769419s ago: executing program 1 (id=2235):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x20e, 0x74, 0x0, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb1", 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)

1m35.319321997s ago: executing program 1 (id=2237):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000001b00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)

1m35.251095102s ago: executing program 1 (id=2238):
socket$kcm(0x10, 0x400000002, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, 0x0, 0x20000080)
syz_open_procfs$namespace(0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000580)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x2, 0x3, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x12}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000880}, 0x4)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x11, 0x3, 0x0)
r2 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r2, 0x1, 0x2, &(0x7f00000002c0), 0x4)
sendmsg$inet(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000440)="9bb2", 0x2}], 0x1}, 0x4000044)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x11)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'erspan0\x00'})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000040)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xa001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x50)

1m35.128835447s ago: executing program 1 (id=2241):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

1m34.944563152s ago: executing program 1 (id=2242):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="1800000068006bcd8e3fe3f18e000000008c000000007280", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1m34.833934831s ago: executing program 33 (id=2242):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="1800000068006bcd8e3fe3f18e000000008c000000007280", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1m34.784158091s ago: executing program 3 (id=2244):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030007e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038004000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

1m34.382743983s ago: executing program 3 (id=2245):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x7, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r0, 0x58, &(0x7f0000000340)={0x0, <r1=>0x0}}, 0x10)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r1}, 0xc)
close(r2)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0}, &(0x7f0000000300), &(0x7f00000003c0)=r2}, 0x20)

1m34.382553977s ago: executing program 34 (id=2245):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x7, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r0, 0x58, &(0x7f0000000340)={0x0, <r1=>0x0}}, 0x10)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r1}, 0xc)
close(r2)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0}, &(0x7f0000000300), &(0x7f00000003c0)=r2}, 0x20)

9.358335631s ago: executing program 2 (id=3389):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRESHEX, @ANYRES32], 0xc)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r1, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f00000004c0)='_t', 0x2}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r1, 0x84, 0x1e, &(0x7f0000000000), 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89a0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000780), 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003c40)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xfe}, 0x6, 0x3}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000040)="817f0000", 0x4}, {&(0x7f00000000c0)="0f36ed34", 0x4}], 0x2}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800180001"], 0x50)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188040f56ecdb4cb9cca7480ef436000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x0)

5.348221045s ago: executing program 2 (id=3396):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x1ff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x5450, 0xffffffffffffffff)

2.227246939s ago: executing program 2 (id=3400):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0xc220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x18, 0x7, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x80047453, 0x0)
r2 = socket$kcm(0x2, 0x2, 0x73)
sendmsg$inet(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x11)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x14}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000980), 0x0, 0x2f, 0xe8034000, 0x0, 0x0, 0x0, 0x0, 0x5dc}, 0x50)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1ff, 0x0, 0xa8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
r3 = socket$kcm(0x18, 0x0, 0x2)
recvmsg(r3, &(0x7f0000000180)={&(0x7f0000000100)=@pptp={0x18, 0x2, {0x0, @private}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000040)=""/53, 0x35}, {&(0x7f0000000280)=""/150, 0x96}, {&(0x7f0000000340)=""/239, 0xef}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f0000000500)=""/106, 0x6a}, {&(0x7f0000000580)=""/206, 0xce}], 0x6, &(0x7f0000000700)=""/239, 0xef}, 0x40000000)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f1, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r5=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r6, 0x0, 0x9a)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a40)={&(0x7f0000000840)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xec, 0xec, 0x5, [@const={0xf, 0x0, 0x0, 0xa, 0x3}, @decl_tag={0x9, 0x0, 0x0, 0x11, 0x3, 0x1}, @func={0x8, 0x0, 0x0, 0xc, 0x1}, @decl_tag={0xe, 0x0, 0x0, 0x11, 0x5, 0x3}, @decl_tag={0xa, 0x0, 0x0, 0x11, 0x3}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x4, 0x5}}, @enum64={0x6, 0x1, 0x0, 0x13, 0x1, 0x8, [{0xb, 0x9ca, 0x8}]}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x11, 0x0, 0x27, 0x4}, @var={0xe, 0x0, 0x0, 0xe, 0x3}, @struct={0x2, 0x6, 0x0, 0x4, 0x0, 0x1, [{0x7, 0x4, 0x80}, {0xf, 0x4, 0x5}, {0x10, 0x3, 0x5}, {0xd, 0x1, 0x9cf9}, {0x1, 0x4}, {0x5, 0x3, 0x8e4}]}]}, {0x0, [0x0, 0x5f, 0x2e]}}, &(0x7f0000000980)=""/185, 0x109, 0xb9, 0x1, 0x8, 0x10000, @value=r6}, 0x28)

752.196028ms ago: executing program 2 (id=3419):
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x15, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="180200000000000000000000fdffffff85000000b500000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

752.067621ms ago: executing program 2 (id=3420):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000000), &(0x7f00000004c0), 0x2}, 0x20)

677.751709ms ago: executing program 2 (id=3421):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0xa, 0x3, 0x87)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000001946}, 0x10401, 0x2, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
socketpair(0x28, 0x1, 0x28, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0xfffd, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00)
r3 = socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x400007, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0xfffffffffffffffd}, 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x890b, &(0x7f0000000000))
r4 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$inet(r4, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0)

433.650526ms ago: executing program 4 (id=3427):
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x17, &(0x7f0000000000), 0x4)

327.228441ms ago: executing program 4 (id=3428):
r0 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x21, &(0x7f0000000100), 0x120)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x100001, @private2}, 0x80, &(0x7f00000029c0)=[{&(0x7f00000000c0)="83", 0x1}], 0x1}, 0x851)

241.867731ms ago: executing program 5 (id=3430):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x4, 0x7c000, 0x7ee9e3ad, 0x20}, 0x48)

241.428225ms ago: executing program 4 (id=3431):
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, @perf_config_ext={0x1, 0x1944}, 0x14440, 0x5bc, 0x0, 0x8, 0x3, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ee0000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e4e4e29d8b33fbdd02e86a6432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad84cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbefd9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d85618ba2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009de2323f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978addf2f2a29a387c6f0576b36038f819286eea99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a540f64000000000000fbb4c256409e54daefbb107c381fa729ff5fe607d93430da178d685d7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65f96eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1788a7aca37177cc34102f44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234e282182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574ea68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f24bb68f486e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f0cf74f845d1cc9ec4eee79c290fb0ba939b13707004e2e9cc0d350538c1c8c6bb9a38c6ac5ca07df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e983892c383882809f557affbda5e1850d66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b06a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc86784c9f940d9fb0464a72ce635e14b80dc5c1c64e8f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f938ad16eeb8342278f1c1cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706e587f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2cc0e7c207b8942fafd70530a0fc4622ecf132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af999dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2be0d1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bff348229fa84034faf8421a22c4b4c17a3d24a4aeee0d0850371feefd77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2b59654d49a11c6736ac63e8eb383760fc2b5c976dacf3dda7191c757f28e44f6a5f95db7055f7ed983f5665210f20a494fabb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a5826fdbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db3c22673884dca370558936b85737e14819ab1c57b348a8ff16d36364a20fe846d11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb251ab9eefc8e400191f0f0f8c679b0000000000000000000000b41b0ae67d9351c49e1ff285d05a3cc39a5b0cd20afe0a00086650f8fad20c0e1e7131836c85b2cbacd41593928207312189fdd66abc45a139f0c9dbcc58237cec5bd56ffe0c6de23254a7951a298501ca04ab30b5723df6dd01d0b1a87c197b83b286374ba9a9dd1bd09ea1b71b24a1f527bf59d9633e3d15ed3757acc494f464482e49884c13780cc392bfe67b5d91e5b513daea48cac7645db35f07ba41aa187f65c5344717d7a0ee353a7e36b14fdce5898a613cef224d3addb3d2de74cef73f7520dc8cc8ffaa62cbd25e691ef4c45fdd25675b32c129a8464f08c4da9c08713b54416f3b56a04086dab1d196884e062287ad4758e883d2f99833d8aaf0c56718f6b0434740900faf4ab824662a719bf370fd0b2de04c1455ec14908ce5cbec79466f2f2cc337c53437d626254e00000000000000000000000000000000c34646f8ae68c095e7298300feab8a3dfe2c43fc971385b13b4f3b61ddbf5044ff572defcc67930f0e715774e1e970751534398faf79350255cfa9021378f10c2043e7ecd5649c9720530da7ea227b792f31cb5d688b5f1eba9ff5f85c97b35e00ecf76282912b483e31c76e303e527e98a9ca14f718d495ad45db16c4500011de506f0ca35f7ea96ed1831e3c1219f985b26cb8a70e7c8efcb287984871e0fed3f1985cf63f00289292b378188ad0dfae12c265b88961a9223b48cf7055d641595e0cb926d63c1f8a207f48bd482290b79867285c2155e655e017bca6cbba43f9b49042fb2fb390c436b3306e8a0800000090d159004da838a50235b91f5273c1fe083067ce1e2d8011c9e2b6d3ea69dfc3712e5ce440432fbd29ffd004000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x20e, 0x5ee, 0xfd000004, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e03300fd010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7473be0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)

241.27728ms ago: executing program 5 (id=3432):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0xf, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xb5}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

162.715523ms ago: executing program 5 (id=3433):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300), 0x100000000000032c}, 0x20000080)
r1 = gettid()
syz_open_procfs$namespace(r1, &(0x7f0000000180)='ns/uts\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r2, 0x18000000000002a0, 0x2, 0x0, &(0x7f0000001240)="b9ff", 0x0, 0x4068, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001380)={0x11, 0x11, &(0x7f0000001080)=ANY=[], &(0x7f0000001140)='GPL\x00', 0x4, 0x66, &(0x7f0000001280)=""/102, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000001180)={0x9, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001340)=[{0x1, 0x3, 0x6, 0x1}, {0x3, 0x1, 0x5, 0x8}, {0x5, 0x1, 0xb, 0x4}], 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair(0x25, 0x1, 0x1, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000100)=@ieee802154={0x24, @short={0x2, 0x0, 0x1555d}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000000180)="27031c00160014000200", 0xa}, {&(0x7f0000000280)="7d3ed2ea1f2f23edbb324820e73b5f4b1100201a03df64a4853ed1", 0x1b}, {&(0x7f00000001c0)="d3892a1dd62a92884ea7897528236c198244326e25ea8506", 0x18}], 0x3}, 0x24000008)

55.273236ms ago: executing program 5 (id=3434):
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7"], 0x0, 0x4}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0x0, 0x9, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7968dd986c45630002008daa"], 0xfdef)
recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfdef)

54.88373ms ago: executing program 4 (id=3435):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1800000041000b05d25a806c8c6394f90324fc60100002000a0002", 0x1b}], 0x1}, 0x0)

54.646218ms ago: executing program 5 (id=3436):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)

4.695972ms ago: executing program 4 (id=3437):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8937, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf\xc8>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\a\xf6\xfc\x1d\xd4\x893\xeb)\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O!\xd2q\xda}\xe2\xa2\xfe\xfd)\\\xdf\x9aN\\\xaeyc\xe4g\xc0\x8a\n\v{\xa9H\\\xd1\x9d')

4.292667ms ago: executing program 4 (id=3438):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r0 = socket$kcm(0x2, 0xa, 0x2)
write$cgroup_int(r0, &(0x7f00000008c0)=0x4, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{0x0}], 0x1}, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394", 0xf}], 0x1}, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, @in6=@loopback, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x13}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0x80000001, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

0s ago: executing program 5 (id=3439):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

 hci0: unexpected cc 0x1003 length: 249 > 9
[   64.054652][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.058131][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.060973][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.098234][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.101905][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.105034][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.107820][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.110853][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.147887][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.151450][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.154401][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.157715][ T5234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.161234][ T5234] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.364839][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   64.525593][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   64.531003][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.534107][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.537117][ T5844] bridge_slave_0: entered allmulticast mode
[   64.541100][ T5844] bridge_slave_0: entered promiscuous mode
[   64.575732][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.578557][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.582471][ T5844] bridge_slave_1: entered allmulticast mode
[   64.585446][ T5844] bridge_slave_1: entered promiscuous mode
[   64.608308][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   64.628179][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.650090][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.692923][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.695418][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.697878][ T5851] bridge_slave_0: entered allmulticast mode
[   64.700938][ T5851] bridge_slave_0: entered promiscuous mode
[   64.719026][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.723039][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.725979][ T5851] bridge_slave_1: entered allmulticast mode
[   64.728877][ T5851] bridge_slave_1: entered promiscuous mode
[   64.734285][ T5844] team0: Port device team_slave_0 added
[   64.756501][ T5844] team0: Port device team_slave_1 added
[   64.797741][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.802347][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.805272][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.808211][ T5853] bridge_slave_0: entered allmulticast mode
[   64.812572][ T5853] bridge_slave_0: entered promiscuous mode
[   64.817566][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.821231][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.824174][ T5853] bridge_slave_1: entered allmulticast mode
[   64.828029][ T5853] bridge_slave_1: entered promiscuous mode
[   64.845491][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.849960][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.852841][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.863327][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.887742][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.891170][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.899526][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.921446][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.946799][ T5851] team0: Port device team_slave_0 added
[   64.952491][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.959792][ T5851] team0: Port device team_slave_1 added
[   65.007379][ T5853] team0: Port device team_slave_0 added
[   65.028068][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.031047][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.041821][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.047333][ T5853] team0: Port device team_slave_1 added
[   65.053412][ T5844] hsr_slave_0: entered promiscuous mode
[   65.056212][ T5844] hsr_slave_1: entered promiscuous mode
[   65.059301][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.062428][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.072847][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.149877][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.153560][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.162405][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.176591][ T5851] hsr_slave_0: entered promiscuous mode
[   65.178970][ T5851] hsr_slave_1: entered promiscuous mode
[   65.182111][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   65.184151][ T5851] Cannot create hsr debugfs directory
[   65.186449][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.188932][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.197511][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.254645][ T5853] hsr_slave_0: entered promiscuous mode
[   65.257054][ T5853] hsr_slave_1: entered promiscuous mode
[   65.259221][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   65.261544][ T5853] Cannot create hsr debugfs directory
[   65.483077][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.499314][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.509873][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.523668][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.586698][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.600595][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.618931][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.639772][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.679487][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.688804][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.694820][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.705868][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.796267][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.828236][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   65.847869][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.851027][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.866938][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.879316][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.881811][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.897308][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.930537][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   65.954061][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   65.961462][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.963716][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.978296][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.980671][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.984881][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.987489][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.998292][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.000739][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.070684][ T5234] Bluetooth: hci0: command tx timeout
[   66.124815][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.150695][ T5234] Bluetooth: hci1: command tx timeout
[   66.230232][ T5234] Bluetooth: hci2: command tx timeout
[   66.233676][ T5844] veth0_vlan: entered promiscuous mode
[   66.254316][ T5844] veth1_vlan: entered promiscuous mode
[   66.288609][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.317717][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.324024][ T5844] veth0_macvtap: entered promiscuous mode
[   66.331807][ T5844] veth1_macvtap: entered promiscuous mode
[   66.356495][ T5853] veth0_vlan: entered promiscuous mode
[   66.369251][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.376796][ T5853] veth1_vlan: entered promiscuous mode
[   66.395591][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.416027][ T5874] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.424804][ T5874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.442269][ T5874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.445214][ T5874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.452151][ T5851] veth0_vlan: entered promiscuous mode
[   66.469234][ T5853] veth0_macvtap: entered promiscuous mode
[   66.486996][ T5853] veth1_macvtap: entered promiscuous mode
[   66.489927][ T5851] veth1_vlan: entered promiscuous mode
[   66.532261][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.552613][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.559705][ T4998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.569273][ T4998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.588230][ T5851] veth0_macvtap: entered promiscuous mode
[   66.593073][ T5874] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.611171][ T5874] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.613945][ T5874] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.618236][ T5851] veth1_macvtap: entered promiscuous mode
[   66.625921][ T5874] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.653343][  T415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.656913][  T415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.667054][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.703167][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.705666][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.712341][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.729879][ T5874] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.733659][ T5874] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.736616][ T5874] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.739473][ T5874] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.756693][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.764052][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.766985][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.834582][  T415] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.847364][  T415] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.888301][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.892272][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.032176][ T5916] syzkaller0: entered promiscuous mode
[   67.046094][ T5916] syzkaller0: entered allmulticast mode
[   67.095359][ T5922] =======================================================
[   67.095359][ T5922] WARNING: The mand mount option has been deprecated and
[   67.095359][ T5922]          and is ignored by this kernel. Remove the mand
[   67.095359][ T5922]          option from the mount to silence this warning.
[   67.095359][ T5922] =======================================================
[   67.588441][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.593109][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.607047][ T5949] bridge0: entered allmulticast mode
[   67.633904][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.637171][ T5949] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.641023][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.643452][ T5949] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.649450][ T5949] bridge0: entered promiscuous mode
[   67.659336][ T5953] netlink: 'syz.1.21': attribute type 4 has an invalid length.
[   67.876918][ T5958] netlink: 'syz.1.23': attribute type 13 has an invalid length.
[   67.940418][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.943970][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.004548][ T5958] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.013490][ T5958] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.150597][ T5234] Bluetooth: hci0: command tx timeout
[   68.155546][ T5873] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.158825][ T5873] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.171480][ T5873] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.174893][ T5873] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.230999][ T5234] Bluetooth: hci1: command tx timeout
[   68.310316][ T5234] Bluetooth: hci2: command tx timeout
[   68.536124][ T5981] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.33'.
[   69.670005][    C1] hrtimer: interrupt took 43841 ns
[   69.712249][ T6013] netlink: 'syz.2.48': attribute type 21 has an invalid length.
[   69.746106][ T6015] netlink: 168 bytes leftover after parsing attributes in process `syz.0.49'.
[   69.865034][ T6023] netlink: 'syz.1.53': attribute type 1 has an invalid length.
[   69.868386][ T6023] netlink: 'syz.1.53': attribute type 2 has an invalid length.
[   70.105034][ T6042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.62'.
[   70.111423][ T6042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.62'.
[   70.117460][ T6042] netlink: 'syz.1.62': attribute type 4 has an invalid length.
[   70.189372][ T6048] netlink: 'syz.0.65': attribute type 21 has an invalid length.
[   70.192953][ T6048] netlink: 'syz.0.65': attribute type 4 has an invalid length.
[   70.230787][ T5234] Bluetooth: hci0: command tx timeout
[   70.310603][ T5234] Bluetooth: hci1: command tx timeout
[   70.392306][ T5234] Bluetooth: hci2: command tx timeout
[   70.492475][ T6058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.70'.
[   70.598975][ T6062] netlink: 'syz.0.72': attribute type 1 has an invalid length.
[   71.042613][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.044894][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.433146][ T6084] C: renamed from team_slave_0 (while UP)
[   71.438841][ T6084] netlink: 'syz.0.83': attribute type 8 has an invalid length.
[   71.443301][ T6084] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   71.545943][ T6090] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.85'.
[   71.550066][ T6090] netlink: 6324 bytes leftover after parsing attributes in process `syz.0.85'.
[   71.553104][ T6090] netlink: 2 bytes leftover after parsing attributes in process `syz.0.85'.
[   71.672443][ T6098] x_tables: ip_tables: icmp match: only valid for protocol 1
[   72.312737][ T5234] Bluetooth: hci0: command tx timeout
[   72.392648][ T5234] Bluetooth: hci1: command tx timeout
[   72.470892][ T5234] Bluetooth: hci2: command tx timeout
[   72.610574][ T6117] netlink: 8 bytes leftover after parsing attributes in process `syz.2.98'.
[   72.842351][ T6100] netlink: 24 bytes leftover after parsing attributes in process `syz.0.91'.
[   72.922347][ T6134] Zero length message leads to an empty skb
[   72.936599][ T6134] netlink: 'syz.1.106': attribute type 10 has an invalid length.
[   72.940275][ T6134] dummy0: entered promiscuous mode
[   72.944956][ T6134] bridge0: port 3(dummy0) entered blocking state
[   72.947113][ T6134] bridge0: port 3(dummy0) entered disabled state
[   72.949236][ T6134] dummy0: entered allmulticast mode
[   73.021641][ T6141] hsr0: entered promiscuous mode
[   73.023567][ T6141] hsr0: entered allmulticast mode
[   73.025336][ T6141] hsr_slave_0: entered allmulticast mode
[   73.027619][ T6141] hsr_slave_1: entered allmulticast mode
[   73.621550][ T6166] syz.0.120 uses obsolete (PF_INET,SOCK_PACKET)
[   73.825781][ T6189] raw_sendmsg: syz.0.131 forgot to set AF_INET. Fix it!
[   74.020889][ T6203] __nla_validate_parse: 4 callbacks suppressed
[   74.020901][ T6203] netlink: 146936 bytes leftover after parsing attributes in process `syz.0.138'.
[   74.028156][ T6203] openvswitch: netlink: Message has 6 unknown bytes.
[   74.112049][ T6211] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.138'.
[   74.202412][ T6221] netlink: 40 bytes leftover after parsing attributes in process `syz.2.146'.
[   74.210464][ T6223] xt_time: unknown flags 0xf4
[   74.331886][ T6231] pim6reg1: entered allmulticast mode
[   74.381630][ T6234] netlink: 'syz.2.152': attribute type 10 has an invalid length.
[   74.384267][ T6234] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.152'.
[   74.605710][ T6242] netlink: 'syz.2.156': attribute type 28 has an invalid length.
[   74.608424][ T6242] netlink: 'syz.2.156': attribute type 29 has an invalid length.
[   74.618586][ T6242] netlink: 132 bytes leftover after parsing attributes in process `syz.2.156'.
[   74.656748][ T6242] netlink: 'syz.2.156': attribute type 9 has an invalid length.
[   74.659347][ T6242] netlink: 'syz.2.156': attribute type 8 has an invalid length.
[   74.665893][ T6242] netlink: 143452 bytes leftover after parsing attributes in process `syz.2.156'.
[   74.960904][  T794] cfg80211: failed to load regulatory.db
[   75.220770][ T6261] netlink: 'syz.2.164': attribute type 10 has an invalid length.
[   75.230288][ T6261] veth1_vlan: entered allmulticast mode
[   75.334324][ T6268] netlink: 324 bytes leftover after parsing attributes in process `syz.0.167'.
[   75.461997][ T6261] team0: Device veth1_vlan failed to register rx_handler
[   75.514174][ T6261] syz.2.164 (6261) used greatest stack depth: 18616 bytes left
[   76.435140][ T6297] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.558879][ T6230] Set syz1 is full, maxelem 65536 reached
[   76.597647][ T6309] warning: `syz.1.179' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   76.814987][ T6320] netlink: 'syz.2.185': attribute type 10 has an invalid length.
[   76.923409][ T6332] netlink: 'syz.1.188': attribute type 1 has an invalid length.
[   77.232967][ T6338] netlink: 36 bytes leftover after parsing attributes in process `syz.0.193'.
[   77.288627][ T6320] team0: Port device wlan1 added
[   77.389014][ T6340] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   77.913973][ T6354] bond_slave_1: entered promiscuous mode
[   77.918445][ T6354] bond_slave_1: entered allmulticast mode
[   78.094478][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.205'.
[   78.100978][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.205'.
[   78.149387][ T6370] @: renamed from bond_slave_0 (while UP)
[   78.324814][ T6370] netlink: 'syz.0.207': attribute type 21 has an invalid length.
[   78.327782][ T6370] netlink: 'syz.0.207': attribute type 4 has an invalid length.
[   78.605974][ T6397] netlink: 'syz.1.220': attribute type 1 has an invalid length.
[   78.696080][ T6400] delete_channel: no stack
[   79.045713][ T6433] __nla_validate_parse: 6 callbacks suppressed
[   79.045723][ T6433] netlink: 88 bytes leftover after parsing attributes in process `syz.0.234'.
[   79.216992][ T6445] netlink: 'syz.0.236': attribute type 3 has an invalid length.
[   79.228720][ T6445] netlink: 'syz.0.236': attribute type 3 has an invalid length.
[   79.236788][ T6445] netlink: 130500 bytes leftover after parsing attributes in process `syz.0.236'.
[   80.497248][ T6493] netlink: 16 bytes leftover after parsing attributes in process `syz.1.257'.
[   81.046441][ T6519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.267'.
[   81.703122][ T6522] netlink: 12 bytes leftover after parsing attributes in process `syz.1.268'.
[   81.737584][ T6525] netlink: 'syz.0.269': attribute type 11 has an invalid length.
[   81.743973][ T6525] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.269'.
[   82.457480][ T6541] netlink: 703 bytes leftover after parsing attributes in process `syz.0.275'.
[   82.659460][ T6555] netlink: 60 bytes leftover after parsing attributes in process `syz.1.281'.
[   82.707490][ T6559] netlink: 60 bytes leftover after parsing attributes in process `syz.0.283'.
[   82.711935][ T6559] netlink: 60 bytes leftover after parsing attributes in process `syz.0.283'.
[   82.995755][ T6583] openvswitch: netlink: push_nsh: missing base or metadata attributes
[   83.002402][ T6583] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   84.885624][ T6666] __nla_validate_parse: 3 callbacks suppressed
[   84.885637][ T6666] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.332'.
[   85.162482][ T6682] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   85.285443][ T6686] netlink: 316 bytes leftover after parsing attributes in process `syz.0.341'.
[   85.416393][ T6696] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.346'.
[   85.466502][ T6696] netlink: 'syz.1.346': attribute type 4 has an invalid length.
[   85.498284][ T6700] netlink: 'syz.2.348': attribute type 21 has an invalid length.
[   85.654211][ T6696] netlink: 'syz.1.346': attribute type 10 has an invalid length.
[   85.703552][ T6696] dummy0: left allmulticast mode
[   85.706350][ T6696] dummy0: left promiscuous mode
[   85.709053][ T6696] bridge0: port 3(dummy0) entered disabled state
[   85.797068][ T6696] team0: Port device dummy0 added
[   85.883601][ T6696] syz.1.346 (6696) used greatest stack depth: 17808 bytes left
[   85.989650][ T6723] netlink: 'syz.1.358': attribute type 2 has an invalid length.
[   85.999314][ T6723] netlink: 'syz.1.358': attribute type 7 has an invalid length.
[   86.011566][ T6723] netlink: 85 bytes leftover after parsing attributes in process `syz.1.358'.
[   86.015048][ T6723] netlink: 130140 bytes leftover after parsing attributes in process `syz.1.358'.
[   86.018632][ T6723] netlink: 'syz.1.358': attribute type 2 has an invalid length.
[   86.026112][ T6723] netlink: 'syz.1.358': attribute type 7 has an invalid length.
[   86.029329][ T6723] netlink: 85 bytes leftover after parsing attributes in process `syz.1.358'.
[   86.230640][ T6746] netlink: 'syz.0.369': attribute type 4 has an invalid length.
[   86.233372][ T6746] netlink: 'syz.0.369': attribute type 3 has an invalid length.
[   86.235998][ T6746] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.369'.
[   86.509261][ T5234] Bluetooth: hci2: unexpected event 0x09 length: 15 > 3
[   86.831421][ T6780] mac80211_hwsim hwsim5 O3c: renamed from wlan1 (while UP)
[   87.117459][ T6791] netlink: 12 bytes leftover after parsing attributes in process `syz.0.390'.
[   87.122960][ T6791] netlink: 12 bytes leftover after parsing attributes in process `syz.0.390'.
[   87.393929][ T6803] : port 1(vlan0) entered blocking state
[   87.396759][ T6803] : port 1(vlan0) entered disabled state
[   87.398806][ T6803] vlan0: entered allmulticast mode
[   87.402225][ T6803] veth0_vlan: entered allmulticast mode
[   87.406302][ T6803] vlan0: entered promiscuous mode
[   87.415564][ T6805] : port 1(vlan0) entered blocking state
[   87.418004][ T6805] : port 1(vlan0) entered forwarding state
[   87.580304][ T6814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.399'.
[   88.649009][ T5234] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[   88.691195][ T6873] netlink: 'syz.1.426': attribute type 21 has an invalid length.
[   89.942287][ T6908] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[   90.016507][ T6914] __nla_validate_parse: 5 callbacks suppressed
[   90.016519][ T6914] netlink: 172 bytes leftover after parsing attributes in process `syz.2.445'.
[   90.024002][ T6914] netlink: 16 bytes leftover after parsing attributes in process `syz.2.445'.
[   90.317281][ T6933] netlink: 14380 bytes leftover after parsing attributes in process `syz.2.453'.
[   90.712194][ T5234] Bluetooth: hci2: command tx timeout
[   91.751633][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.478'.
[   91.904001][ T7005] validate_nla: 2 callbacks suppressed
[   91.904022][ T7005] netlink: 'syz.1.486': attribute type 1 has an invalid length.
[   93.435252][ T7051] netlink: 96 bytes leftover after parsing attributes in process `syz.0.503'.
[   93.579455][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1109292395 wd_nsec: 1109292414
[   93.647474][ T7053] netlink: 'syz.2.504': attribute type 2 has an invalid length.
[   93.649916][ T7053] netlink: 'syz.2.504': attribute type 1 has an invalid length.
[   93.653038][ T7053] netlink: 152 bytes leftover after parsing attributes in process `syz.2.504'.
[   93.858809][ T7067] netlink: 40 bytes leftover after parsing attributes in process `syz.2.511'.
[   93.867518][ T7067] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.113011][ T7072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'.
[   94.431782][ T7067] bridge_slave_0 (unregistering): left allmulticast mode
[   94.441550][ T7067] bridge_slave_0 (unregistering): left promiscuous mode
[   94.447315][ T7067] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.676309][ T7088] netlink: 72 bytes leftover after parsing attributes in process `syz.0.518'.
[   94.738596][ T7088] netlink: 72 bytes leftover after parsing attributes in process `syz.0.518'.
[   94.848566][ T7105] netlink: 'syz.1.524': attribute type 29 has an invalid length.
[   94.854880][ T7105] netlink: 'syz.1.524': attribute type 29 has an invalid length.
[   95.130788][ T7118] __nla_validate_parse: 1 callbacks suppressed
[   95.131083][ T7118] netlink: 144 bytes leftover after parsing attributes in process `syz.0.528'.
[   95.814323][ T5234] Bluetooth: hci1: unexpected subevent 0x0e length: 150 > 15
[   95.816996][ T5234] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[   95.992848][ T7134] unsupported nla_type 256
[   96.023595][ T7138] netlink: 'syz.2.538': attribute type 10 has an invalid length.
[   96.026123][ T7138] netlink: 152 bytes leftover after parsing attributes in process `syz.2.538'.
[   96.032503][ T7138] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[   96.038133][ T7140] netlink: 'syz.0.539': attribute type 8 has an invalid length.
[   96.043539][ T7140] netlink: 'syz.0.539': attribute type 6 has an invalid length.
[   96.052952][ T7140] netlink: 144448 bytes leftover after parsing attributes in process `syz.0.539'.
[   96.215871][ T7162] netlink: 'syz.2.550': attribute type 1 has an invalid length.
[   96.219000][ T7162] netlink: 'syz.2.550': attribute type 1 has an invalid length.
[   96.633952][    C0] Illegal XDP return value 16128 on prog  (id 158) dev bond_slave_1, expect packet loss!
[   97.806921][ T7194] netlink: 188 bytes leftover after parsing attributes in process `syz.0.565'.
[   98.128036][ T7217] netlink: 192 bytes leftover after parsing attributes in process `syz.0.574'.
[   98.163673][ T7219] validate_nla: 1 callbacks suppressed
[   98.163686][ T7219] netlink: 'syz.0.575': attribute type 2 has an invalid length.
[   98.167944][ T7219] netlink: 'syz.0.575': attribute type 1 has an invalid length.
[   98.170928][ T7219] netlink: 'syz.0.575': attribute type 1 has an invalid length.
[   98.287542][ T7222] xt_time: invalid argument - start or stop time greater than 23:59:59
[   98.558777][ T7233] netlink: 'syz.0.581': attribute type 4 has an invalid length.
[   98.561691][ T7233] netlink: 152 bytes leftover after parsing attributes in process `syz.0.581'.
[   98.575352][ T7233] .`: renamed from bond0 (while UP)
[   99.322526][ T7266] netlink: 188 bytes leftover after parsing attributes in process `syz.2.596'.
[   99.719243][ T7300] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.612'.
[   99.808150][ T7308] netlink: 16 bytes leftover after parsing attributes in process `syz.2.616'.
[   99.922931][ T7316] netlink: 92 bytes leftover after parsing attributes in process `syz.0.620'.
[   99.956977][ T7318] lo speed is unknown, defaulting to 1000
[   99.959299][ T7318] lo speed is unknown, defaulting to 1000
[   99.965587][ T7318] lo speed is unknown, defaulting to 1000
[   99.971923][ T7318] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   99.979519][ T7318] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  100.003109][ T7318] lo speed is unknown, defaulting to 1000
[  100.006448][ T7318] lo speed is unknown, defaulting to 1000
[  100.014578][ T7318] lo speed is unknown, defaulting to 1000
[  100.158594][ T7326] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.165834][ T7326] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.420505][ T7347] bridge_slave_1: left allmulticast mode
[  100.422488][ T7347] bridge_slave_1: left promiscuous mode
[  100.424412][ T7347] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.530475][ T7347] bridge_slave_0: left allmulticast mode
[  100.532462][ T7347] bridge_slave_0: left promiscuous mode
[  100.534428][ T7347] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.880887][ T7360] xt_policy: too many policy elements
[  101.009660][ T7366] syzkaller0: entered promiscuous mode
[  101.012415][ T7366] syzkaller0: entered allmulticast mode
[  101.026150][ T7369] __nla_validate_parse: 2 callbacks suppressed
[  101.026160][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.642'.
[  101.031268][ T7369] netlink: 44 bytes leftover after parsing attributes in process `syz.2.642'.
[  102.473545][ T7415] netlink: 'syz.1.661': attribute type 10 has an invalid length.
[  102.478026][ T7415] bond0: (slave bond_slave_0): Releasing backup interface
[  102.560286][ T7417] netlink: 'syz.2.662': attribute type 40 has an invalid length.
[  102.570261][ T7417] netlink: 40 bytes leftover after parsing attributes in process `syz.2.662'.
[  102.571285][ T7424] netlink: 24 bytes leftover after parsing attributes in process `syz.0.664'.
[  102.733462][ T7431] netlink: 132 bytes leftover after parsing attributes in process `syz.0.668'.
[  102.917034][ T7446] netlink: 92 bytes leftover after parsing attributes in process `syz.1.674'.
[  102.920954][ T7446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.674'.
[  103.159269][ T7467] bond_slave_1: entered promiscuous mode
[  103.161849][ T7467] bond_slave_1: entered allmulticast mode
[  103.409340][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.694'.
[  103.468444][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.696'.
[  103.472524][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.696'.
[  103.530840][ T7493] netlink: 'syz.2.694': attribute type 10 has an invalid length.
[  103.788650][ T7503] !: renamed from bond_slave_0
[  103.871401][ T7520] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  103.963595][ T7530] syz.2.715: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  103.969333][ T7530] CPU: 0 UID: 0 PID: 7530 Comm: syz.2.715 Not tainted syzkaller #0 PREEMPT(full) 
[  103.969346][ T7530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  103.969352][ T7530] Call Trace:
[  103.969357][ T7530]  <TASK>
[  103.969375][ T7530]  dump_stack_lvl+0x189/0x250
[  103.969397][ T7530]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.969409][ T7530]  ? __pfx__printk+0x10/0x10
[  103.969424][ T7530]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  103.969438][ T7530]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  103.969452][ T7530]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  103.969468][ T7530]  warn_alloc+0x214/0x310
[  103.969484][ T7530]  ? stack_depot_save_flags+0x41b/0x860
[  103.969499][ T7530]  ? __pfx_warn_alloc+0x10/0x10
[  103.969517][ T7530]  ? kasan_save_track+0x4f/0x80
[  103.969529][ T7530]  ? xskq_create+0x56/0x170
[  103.969538][ T7530]  ? xsk_init_queue+0xb0/0x110
[  103.969546][ T7530]  ? xsk_setsockopt+0x57b/0x8d0
[  103.969554][ T7530]  ? do_sock_setsockopt+0x17c/0x1b0
[  103.969567][ T7530]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  103.969574][ T7530]  ? do_syscall_64+0xfa/0x3b0
[  103.969584][ T7530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.969602][ T7530]  __vmalloc_node_range_noprof+0x125/0x12f0
[  103.969656][ T7530]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  103.969676][ T7530]  ? __kasan_kmalloc+0x93/0xb0
[  103.969692][ T7530]  vmalloc_user_noprof+0xad/0xf0
[  103.969705][ T7530]  ? xskq_create+0xbf/0x170
[  103.969717][ T7530]  xskq_create+0xbf/0x170
[  103.969732][ T7530]  xsk_init_queue+0xb0/0x110
[  103.969746][ T7530]  xsk_setsockopt+0x57b/0x8d0
[  103.969760][ T7530]  ? __pfx_xsk_setsockopt+0x10/0x10
[  103.969771][ T7530]  ? __pfx_aa_sk_perm+0x10/0x10
[  103.969788][ T7530]  ? __fget_files+0x2a/0x420
[  103.969794][ T7530]  ? aa_sock_opt_perm+0xff/0x1b0
[  103.969806][ T7530]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  103.969815][ T7530]  ? __pfx_xsk_setsockopt+0x10/0x10
[  103.969855][ T7530]  do_sock_setsockopt+0x17c/0x1b0
[  103.969877][ T7530]  __x64_sys_setsockopt+0x13f/0x1b0
[  103.969895][ T7530]  do_syscall_64+0xfa/0x3b0
[  103.969907][ T7530]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.969919][ T7530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.969927][ T7530]  ? exc_page_fault+0x9f/0xf0
[  103.969942][ T7530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.969950][ T7530] RIP: 0033:0x7fdc4e38ebe9
[  103.969975][ T7530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.969983][ T7530] RSP: 002b:00007fdc4f2d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  103.969993][ T7530] RAX: ffffffffffffffda RBX: 00007fdc4e5b5fa0 RCX: 00007fdc4e38ebe9
[  103.969999][ T7530] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  103.970004][ T7530] RBP: 00007fdc4e411e19 R08: 0000000000000004 R09: 0000000000000000
[  103.970009][ T7530] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  103.970014][ T7530] R13: 00007fdc4e5b6038 R14: 00007fdc4e5b5fa0 R15: 00007ffe86b30f68
[  103.970043][ T7530]  </TASK>
[  104.068404][ T7530] Mem-Info:
[  104.069842][ T7530] active_anon:5393 inactive_anon:0 isolated_anon:0
[  104.069842][ T7530]  active_file:10913 inactive_file:38224 isolated_file:0
[  104.069842][ T7530]  unevictable:1768 dirty:136 writeback:0
[  104.069842][ T7530]  slab_reclaimable:9598 slab_unreclaimable:79676
[  104.069842][ T7530]  mapped:18027 shmem:2436 pagetables:926
[  104.069842][ T7530]  sec_pagetables:0 bounce:0
[  104.069842][ T7530]  kernel_misc_reclaimable:0
[  104.069842][ T7530]  free:261969 free_pcp:24287 free_cma:0
[  104.088581][ T7530] Node 0 active_anon:10104kB inactive_anon:0kB active_file:26456kB inactive_file:88828kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:28608kB dirty:524kB writeback:0kB shmem:4812kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4228kB pagetables:1816kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  104.099240][ T7530] Node 1 active_anon:11468kB inactive_anon:0kB active_file:17196kB inactive_file:64068kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:43500kB dirty:20kB writeback:0kB shmem:4932kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7048kB pagetables:1888kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  104.109602][ T7530] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  104.120270][ T7530] lowmem_reserve[]: 0 811 811 811 811
[  104.122210][ T7530] Node 0 DMA32 free:277732kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10104kB inactive_anon:0kB active_file:26456kB inactive_file:88828kB unevictable:3536kB writepending:524kB present:1556484kB managed:830960kB mlocked:0kB bounce:0kB free_pcp:56392kB local_pcp:38032kB free_cma:0kB
[  104.133766][ T7530] lowmem_reserve[]: 0 0 0 0 0
[  104.135536][ T7530] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[  104.145411][ T7530] lowmem_reserve[]: 0 0 854 854 854
[  104.147619][ T7530] Node 1 Normal free:296292kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11468kB inactive_anon:0kB active_file:17196kB inactive_file:64068kB unevictable:3536kB writepending:20kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:40632kB local_pcp:18336kB free_cma:0kB
[  104.161667][ T7530] lowmem_reserve[]: 0 0 0 0 0
[  104.163568][ T7530] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  104.168845][ T7530] Node 0 DMA32: 263*4kB (UME) 155*8kB (M) 175*16kB (UME) 270*32kB (UM) 125*64kB (UM) 80*128kB (UME) 12*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (M) 58*4096kB (UM) = 277732kB
[  104.179929][ T7530] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[  104.187979][ T7530] Node 1 Normal: 339*4kB (UME) 298*8kB (UME) 684*16kB (UM) 1256*32kB (UME) 328*64kB (UME) 116*128kB (UME) 47*256kB (UME) 24*512kB (UM) 19*1024kB (U) 11*2048kB (UM) 34*4096kB (UM) = 296284kB
[  104.195948][ T7530] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  104.199104][ T7530] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  104.203146][ T7530] 51573 total pagecache pages
[  104.204656][ T7530] 0 pages in swap cache
[  104.206622][ T7530] Free swap  = 124996kB
[  104.207968][ T7530] Total swap = 124996kB
[  104.209405][ T7530] 786301 pages RAM
[  104.211260][ T7530] 0 pages HighMem/MovableOnly
[  104.213211][ T7530] 241329 pages reserved
[  104.214510][ T7530] 0 pages cma reserved
[  105.071773][ T7578] netlink: 'syz.0.738': attribute type 2 has an invalid length.
[  105.074376][ T7578] netlink: 'syz.0.738': attribute type 8 has an invalid length.
[  105.869003][ T7646] netlink: 'syz.1.770': attribute type 11 has an invalid length.
[  106.686297][ T7685] __nla_validate_parse: 13 callbacks suppressed
[  106.686317][ T7685] netlink: 12 bytes leftover after parsing attributes in process `syz.1.788'.
[  106.707244][ T7687] netlink: 60 bytes leftover after parsing attributes in process `syz.0.787'.
[  106.969459][ T7705] syzkaller0: entered promiscuous mode
[  106.971999][ T7705] syzkaller0: entered allmulticast mode
[  108.388435][ T7731] debugfs: '!' already exists in 'ieee80211'
[  108.776838][ T7757] netlink: 15999 bytes leftover after parsing attributes in process `syz.2.819'.
[  108.799542][ T7757] netlink: 'syz.2.819': attribute type 4 has an invalid length.
[  108.909599][ T7757] netlink: 'syz.2.819': attribute type 10 has an invalid length.
[  109.008357][ T7757] team0: Port device dummy0 added
[  109.563555][ T7778] netlink: 'syz.0.834': attribute type 1 has an invalid length.
[  109.566021][ T7778] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.834'.
[  109.572131][ T7775] mac80211_hwsim hwsim7 O3c: renamed from wlan1
[  110.024983][ T7793] delete_channel: no stack
[  110.027206][ T7793] delete_channel: no stack
[  110.696954][ T7827] netlink: 'syz.1.851': attribute type 27 has an invalid length.
[  110.699551][ T7827] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.851'.
[  110.733671][ T7829] netlink: 180 bytes leftover after parsing attributes in process `syz.1.852'.
[  110.807904][ T7833] netlink: 124 bytes leftover after parsing attributes in process `syz.2.854'.
[  110.890669][ T7842] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.857'.
[  111.059537][ T7852] IPv6: Can't replace route, no match found
[  111.776355][ T7860] netlink: 132 bytes leftover after parsing attributes in process `syz.0.862'.
[  112.050917][ T7880] netlink: 1057 bytes leftover after parsing attributes in process `syz.2.872'.
[  112.261626][ T7895] netlink: 'syz.0.879': attribute type 4 has an invalid length.
[  112.546099][ T7908] netlink: 36 bytes leftover after parsing attributes in process `syz.1.885'.
[  112.549738][ T7908] netlink: 35 bytes leftover after parsing attributes in process `syz.1.885'.
[  112.559674][ T7908] netlink: 35 bytes leftover after parsing attributes in process `syz.1.885'.
[  113.269415][ T7937] : port 1(vlan0) entered blocking state
[  113.278304][ T7937] : port 1(vlan0) entered disabled state
[  113.281713][ T7937] vlan0: entered allmulticast mode
[  113.283548][ T7937] veth0_vlan: entered allmulticast mode
[  113.286788][ T7937] vlan0: entered promiscuous mode
[  113.360049][ T7946] netlink: 'syz.0.901': attribute type 2 has an invalid length.
[  113.366314][ T7946] netlink: 'syz.0.901': attribute type 7 has an invalid length.
[  113.392030][ T7946] netlink: 85 bytes leftover after parsing attributes in process `syz.0.901'.
[  113.395124][ T7946] netlink: 130140 bytes leftover after parsing attributes in process `syz.0.901'.
[  113.398330][ T7946] netlink: 'syz.0.901': attribute type 2 has an invalid length.
[  113.401002][ T7946] netlink: 'syz.0.901': attribute type 7 has an invalid length.
[  113.403582][ T7946] netlink: 85 bytes leftover after parsing attributes in process `syz.0.901'.
[  114.886625][ T7970] netlink: 188 bytes leftover after parsing attributes in process `syz.1.914'.
[  114.922728][ T7974] sock: sock_set_timeout: `syz.0.916' (pid 7974) tries to set negative timeout
[  115.128824][ T7983] netlink: 'syz.2.920': attribute type 13 has an invalid length.
[  115.264133][ T7999] netlink: 'syz.2.928': attribute type 1 has an invalid length.
[  115.274442][ T8001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.929'.
[  115.512933][ T8027] netlink: 'syz.2.942': attribute type 291 has an invalid length.
[  116.448521][ T8073] netlink: 'syz.1.960': attribute type 21 has an invalid length.
[  116.451516][ T8073] netlink: 'syz.1.960': attribute type 4 has an invalid length.
[  117.203017][ T8120] netlink: 'syz.1.981': attribute type 12 has an invalid length.
[  117.206362][ T8120] __nla_validate_parse: 5 callbacks suppressed
[  117.206376][ T8120] netlink: 132 bytes leftover after parsing attributes in process `syz.1.981'.
[  117.419908][ T8131] lo speed is unknown, defaulting to 1000
[  117.424019][ T8131] lo speed is unknown, defaulting to 1000
[  117.426413][ T8131] lo speed is unknown, defaulting to 1000
[  117.439636][ T8131] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  117.461219][ T8131] lo speed is unknown, defaulting to 1000
[  117.475783][ T8131] lo speed is unknown, defaulting to 1000
[  117.484507][ T8131] lo speed is unknown, defaulting to 1000
[  117.817947][ T8147] netlink: 'syz.0.993': attribute type 29 has an invalid length.
[  117.830931][ T8147] netlink: 'syz.0.993': attribute type 29 has an invalid length.
[  117.834664][ T8147] netlink: 'syz.0.993': attribute type 29 has an invalid length.
[  117.845158][ T8147] netlink: 'syz.0.993': attribute type 29 has an invalid length.
[  117.942776][ T8159] netlink: 60 bytes leftover after parsing attributes in process `syz.2.998'.
[  117.947460][ T8159] netlink: 60 bytes leftover after parsing attributes in process `syz.2.998'.
[  117.955740][ T8159] netlink: 60 bytes leftover after parsing attributes in process `syz.2.998'.
[  119.177157][ T8196] netlink: 26 bytes leftover after parsing attributes in process `syz.1.1016'.
[  122.086810][ T8221] syzkaller0: entered promiscuous mode
[  122.375287][ T8237] netlink: 'syz.0.1031': attribute type 1 has an invalid length.
[  122.434696][ T8243] tap0: tun_chr_ioctl cmd 1074025675
[  122.437806][ T8243] tap0: persist enabled
[  122.437929][ T8245] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1035'.
[  122.443539][ T8243] tap0: tun_chr_ioctl cmd 1074025675
[  122.445219][ T8243] tap0: persist enabled
[  122.469764][ T8247] netlink: 'syz.1.1036': attribute type 11 has an invalid length.
[  123.294505][ T8275] syzkaller0: entered promiscuous mode
[  123.297041][ T8275] syzkaller0: entered allmulticast mode
[  123.612806][ T8287] netlink: 'syz.2.1052': attribute type 39 has an invalid length.
[  124.430751][ T8287] veth0_macvtap: left promiscuous mode
[  124.528722][ T8295] netlink: 'syz.2.1055': attribute type 39 has an invalid length.
[  124.647259][ T5234] Bluetooth: hci0: unexpected event 0x08 length: 15 > 4
[  124.753642][ T8311] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.1064'.
[  124.814695][ T8317] netlink: 'syz.1.1067': attribute type 10 has an invalid length.
[  124.830842][ T8317] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1067'.
[  124.838668][ T8317] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check.
[  124.946492][ T8324] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1070'.
[  124.951876][ T8324] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1070'.
[  126.595873][ T8365] netlink: 'syz.2.1089': attribute type 10 has an invalid length.
[  126.598409][ T8365] macvlan1: entered allmulticast mode
[  126.605440][ T8365] team0: Device macvlan1 is up. Set it down before adding it as a team port
[  126.632078][ T8369] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  126.649922][ T8371] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1092'.
[  126.687793][ T8375] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1095'.
[  126.698620][ T8375] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1095'.
[  126.705210][ T8375] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1095'.
[  126.764540][ T8382] netlink: 'syz.2.1097': attribute type 58 has an invalid length.
[  126.772936][ T8382] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1097'.
[  126.815615][ T8387] netlink: 'syz.1.1100': attribute type 21 has an invalid length.
[  126.872305][ T8391] siw: device registration error -23
[  126.997835][ T5234] Bluetooth: hci0: Malformed HCI Event: 0x22
[  127.045308][ T8404] netlink: 'syz.1.1108': attribute type 4 has an invalid length.
[  127.049215][ T8404] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  127.159548][ T8413] netlink: 'syz.2.1109': attribute type 10 has an invalid length.
[  127.899115][ T8413] team0: Port device O3c removed
[  127.905451][ T8413] bond0: (slave O3c): Enslaving as an active interface with an up link
[  128.042907][ T8424] netlink: 'syz.0.1116': attribute type 27 has an invalid length.
[  128.251740][ T8440] __nla_validate_parse: 4 callbacks suppressed
[  128.251755][ T8440] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1125'.
[  128.329902][ T8449] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1128'.
[  128.335157][ T8449] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1128'.
[  128.338783][ T8449] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1128'.
[  128.404282][ T8454] netlink: 208128 bytes leftover after parsing attributes in process `syz.0.1132'.
[  128.407234][ T8454] openvswitch: netlink: Message has 4 unknown bytes.
[  128.433801][ T8456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1133'.
[  129.567076][ T8501] netlink: 'syz.1.1154': attribute type 29 has an invalid length.
[  129.573305][ T8501] netlink: 'syz.1.1154': attribute type 29 has an invalid length.
[  129.589038][ T8503] netlink: 'syz.0.1155': attribute type 2 has an invalid length.
[  129.625700][ T8505] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1156'.
[  129.955278][ T8524] netlink: 14560 bytes leftover after parsing attributes in process `syz.1.1165'.
[  130.436307][ T8549] netlink: 'syz.2.1177': attribute type 10 has an invalid length.
[  130.485184][ T8549] : port 1(vlan0) entered disabled state
[  130.485214][ T8553] openvswitch: netlink: Missing key (keys=c0, expected=200000)
[  130.490722][ T8549] team0: Device veth0_vlan failed to register rx_handler
[  130.503134][ T8549] : port 1(vlan0) entered disabled state
[  130.535946][ T8555] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1180'.
[  130.837061][ T8574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1189'.
[  131.089748][ T8596] netlink: 'syz.2.1200': attribute type 21 has an invalid length.
[  131.093613][ T8596] netlink: 'syz.2.1200': attribute type 4 has an invalid length.
[  132.476561][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.479176][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  133.608313][ T8750] __nla_validate_parse: 7 callbacks suppressed
[  133.608331][ T8750] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1255'.
[  133.616524][ T8750] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1255'.
[  134.097982][ T8778] netlink: 'syz.1.1266': attribute type 41 has an invalid length.
[  134.570117][ T8812] netlink: 'syz.0.1280': attribute type 19 has an invalid length.
[  134.623228][ T8819] netlink: 'syz.0.1284': attribute type 1 has an invalid length.
[  134.684148][ T8823] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.1287'.
[  134.802856][ T8831] syzkaller0: entered promiscuous mode
[  134.804891][ T8831] syzkaller0: entered allmulticast mode
[  134.953148][ T8840] netlink: 'syz.2.1295': attribute type 41 has an invalid length.
[  134.955833][ T8840] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1295'.
[  135.068134][ T8843] netlink: 'syz.2.1296': attribute type 10 has an invalid length.
[  135.139591][ T8843] team0: Device ipvlan1 failed to register rx_handler
[  135.167752][ T8842] netlink: 'syz.2.1296': attribute type 29 has an invalid length.
[  135.173158][ T8842] netlink: 'syz.2.1296': attribute type 3 has an invalid length.
[  135.175757][ T8842] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1296'.
[  135.188293][ T8847] xt_HMARK: proto mask must be zero with L3 mode
[  135.287350][ T8849] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1298'.
[  135.290996][ T8849] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1298'.
[  135.294232][ T8849] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1298'.
[  135.407428][ T8853] netlink: 'syz.0.1300': attribute type 1 has an invalid length.
[  135.606117][ T8879] netdevsim0: mtu greater than device maximum
[  136.288530][ T8916] netlink: 'syz.2.1327': attribute type 2 has an invalid length.
[  136.292244][ T8916] netlink: 'syz.2.1327': attribute type 1 has an invalid length.
[  137.149530][ T5234] Bluetooth: hci0: unexpected event 0x03 length: 15 > 11
[  137.177176][ T8931] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1334'.
[  137.266846][ T8940] ksmbd: Unknown IPC event: 3, ignore.
[  137.437211][ T8951] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1343'.
[  137.669479][ T8971] veth1_to_bond: entered allmulticast mode
[  138.444557][ T5234] Bluetooth: hci1: Malformed LE Event: 0x0d
[  139.409878][   T33] audit: type=1107 audit(1755608950.386:2): pid=9041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  139.417104][ T9039] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  139.453033][ T9039] CPU: 0 UID: 0 PID: 9039 Comm: syz.2.1386 Not tainted syzkaller #0 PREEMPT(full) 
[  139.453058][ T9039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  139.453067][ T9039] Call Trace:
[  139.453076][ T9039]  <TASK>
[  139.453084][ T9039]  dump_stack_lvl+0x189/0x250
[  139.453105][ T9039]  ? kernfs_path_from_node+0x2f/0x290
[  139.453125][ T9039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.453149][ T9039]  ? __pfx__printk+0x10/0x10
[  139.453193][ T9039]  ? kernfs_path_from_node+0x2f/0x290
[  139.453211][ T9039]  ? kernfs_path_from_node+0x250/0x290
[  139.453225][ T9039]  ? kernfs_path_from_node+0x2f/0x290
[  139.453274][ T9039]  sysfs_warn_dup+0x8e/0xa0
[  139.453296][ T9039]  sysfs_do_create_link_sd+0xc0/0x110
[  139.453325][ T9039]  device_add_class_symlinks+0x1cf/0x240
[  139.453361][ T9039]  device_add+0x475/0xb50
[  139.453400][ T9039]  wiphy_register+0x1ba6/0x28d0
[  139.453490][ T9039]  ? __pfx_wiphy_register+0x10/0x10
[  139.453504][ T9039]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  139.453535][ T9039]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  139.453564][ T9039]  ieee80211_register_hw+0x3425/0x4080
[  139.453608][ T9039]  ? ieee80211_register_hw+0x1471/0x4080
[  139.453635][ T9039]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  139.453654][ T9039]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  139.453682][ T9039]  ? __hrtimer_setup+0x187/0x210
[  139.453691][ T9039]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  139.453712][ T9039]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  139.453787][ T9039]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  139.453798][ T9039]  ? trace_kmalloc+0x1f/0xd0
[  139.453809][ T9039]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  139.453820][ T9039]  ? kstrndup+0xbf/0x160
[  139.453852][ T9039]  hwsim_new_radio_nl+0xea4/0x1b10
[  139.453872][ T9039]  ? __pfx___nla_validate_parse+0x10/0x10
[  139.453915][ T9039]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  139.453954][ T9039]  ? __nla_parse+0x40/0x60
[  139.453977][ T9039]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  139.454006][ T9039]  genl_family_rcv_msg_doit+0x215/0x300
[  139.454032][ T9039]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  139.454069][ T9039]  ? bpf_lsm_capable+0x9/0x20
[  139.454079][ T9039]  ? security_capable+0x7e/0x2e0
[  139.454108][ T9039]  genl_rcv_msg+0x60e/0x790
[  139.454134][ T9039]  ? __pfx_genl_rcv_msg+0x10/0x10
[  139.454145][ T9039]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  139.454163][ T9039]  ? perf_trace_run_bpf_submit+0x100/0x170
[  139.454194][ T9039]  netlink_rcv_skb+0x208/0x470
[  139.454205][ T9039]  ? __lock_acquire+0xab9/0xd20
[  139.454221][ T9039]  ? __pfx_genl_rcv_msg+0x10/0x10
[  139.454264][ T9039]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  139.454323][ T9039]  ? down_read+0x1ad/0x2e0
[  139.454346][ T9039]  genl_rcv+0x28/0x40
[  139.454358][ T9039]  netlink_unicast+0x82f/0x9e0
[  139.454392][ T9039]  ? __pfx_netlink_unicast+0x10/0x10
[  139.454410][ T9039]  ? netlink_sendmsg+0x642/0xb30
[  139.454420][ T9039]  ? skb_put+0x11b/0x210
[  139.454444][ T9039]  netlink_sendmsg+0x805/0xb30
[  139.454492][ T9039]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.454512][ T9039]  ? perf_trace_run_bpf_submit+0x100/0x170
[  139.454523][ T9039]  ? aa_sock_msg_perm+0xf1/0x1d0
[  139.454546][ T9039]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  139.454557][ T9039]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.454575][ T9039]  __sock_sendmsg+0x21c/0x270
[  139.454598][ T9039]  ____sys_sendmsg+0x505/0x830
[  139.454622][ T9039]  ? __pfx_____sys_sendmsg+0x10/0x10
[  139.454653][ T9039]  ? import_iovec+0x74/0xa0
[  139.454675][ T9039]  ___sys_sendmsg+0x21f/0x2a0
[  139.454692][ T9039]  ? __pfx____sys_sendmsg+0x10/0x10
[  139.454747][ T9039]  ? __fget_files+0x2a/0x420
[  139.454783][ T9039]  ? __fget_files+0x2a/0x420
[  139.454791][ T9039]  ? __fget_files+0x3a0/0x420
[  139.454823][ T9039]  __x64_sys_sendmsg+0x19b/0x260
[  139.454840][ T9039]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  139.454873][ T9039]  ? rcu_is_watching+0x15/0xb0
[  139.454895][ T9039]  ? do_syscall_64+0xbe/0x3b0
[  139.454917][ T9039]  do_syscall_64+0xfa/0x3b0
[  139.454928][ T9039]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.454941][ T9039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.454951][ T9039]  ? exc_page_fault+0x9f/0xf0
[  139.454969][ T9039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.454978][ T9039] RIP: 0033:0x7fdc4e38ebe9
[  139.454991][ T9039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.454999][ T9039] RSP: 002b:00007fdc4f2d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.455009][ T9039] RAX: ffffffffffffffda RBX: 00007fdc4e5b5fa0 RCX: 00007fdc4e38ebe9
[  139.455016][ T9039] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000005
[  139.455022][ T9039] RBP: 00007fdc4e411e19 R08: 0000000000000000 R09: 0000000000000000
[  139.455027][ T9039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  139.455032][ T9039] R13: 00007fdc4e5b6038 R14: 00007fdc4e5b5fa0 R15: 00007ffe86b30f68
[  139.455073][ T9039]  </TASK>
[  139.667017][ T9047] validate_nla: 8 callbacks suppressed
[  139.667036][ T9047] netlink: 'syz.0.1388': attribute type 10 has an invalid length.
[  139.673552][ T9047] __nla_validate_parse: 13 callbacks suppressed
[  139.673563][ T9047] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1388'.
[  139.888482][ T9059] netlink: set zone limit has 4 unknown bytes
[  139.894069][ T9059] netlink: del zone limit has 4 unknown bytes
[  139.917844][ T9065] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  140.092967][ T9080] netlink: 'syz.0.1404': attribute type 1 has an invalid length.
[  140.097209][ T9080] netlink: 'syz.0.1404': attribute type 2 has an invalid length.
[  140.155971][ T9084] netlink: 'syz.0.1406': attribute type 1 has an invalid length.
[  140.158568][ T9084] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  140.272011][ T9091] bpf: Bad value for 'mode'
[  140.407562][ T9102] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1415'.
[  140.442295][ T9105] netlink: 'syz.2.1416': attribute type 10 has an invalid length.
[  140.468560][ T9103] syzkaller0: entered promiscuous mode
[  140.471127][ T9103] syzkaller0: entered allmulticast mode
[  140.486914][ T9105] batman_adv: batadv0: Adding interface: netdevsim0
[  140.489217][ T9105] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.498699][ T9105] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  140.753765][ T9115] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1421'.
[  141.816194][ T9138] netlink: 'syz.0.1432': attribute type 10 has an invalid length.
[  142.136795][ T9149] netlink: 'syz.1.1437': attribute type 2 has an invalid length.
[  142.139297][ T9149] netlink: 'syz.1.1437': attribute type 1 has an invalid length.
[  142.152069][ T9151] netlink: 22 bytes leftover after parsing attributes in process `syz.0.1438'.
[  142.253205][ T9159] netlink: 'syz.0.1442': attribute type 33 has an invalid length.
[  142.255966][ T9159] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1442'.
[  142.381927][ T9166] sctp: [Deprecated]: syz.1.1445 (pid 9166) Use of struct sctp_assoc_value in delayed_ack socket option.
[  142.381927][ T9166] Use struct sctp_sack_info instead
[  142.806068][ T9191] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1456'.
[  142.909623][ T9196] delete_channel: no stack
[  143.933727][ T9225] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  144.196624][ T9240] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1479'.
[  144.466408][ T5234] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[  144.540944][ T9263] netlink: 'syz.0.1489': attribute type 3 has an invalid length.
[  144.545723][ T9263] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1489'.
[  144.759620][ T9277] netlink: 147608 bytes leftover after parsing attributes in process `syz.2.1496'.
[  144.769821][ T9277] netlink: 61827 bytes leftover after parsing attributes in process `syz.2.1496'.
[  144.786566][ T9277] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.789417][ T9277] bridge0: left promiscuous mode
[  144.791130][ T9277] bridge0: left allmulticast mode
[  144.797612][ T9277] bridge_slave_1: left allmulticast mode
[  144.799881][ T9277] bridge_slave_1: left promiscuous mode
[  144.803895][ T9277] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.994284][ T9306] netlink: 'syz.2.1507': attribute type 3 has an invalid length.
[  146.534515][ T9316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1512'.
[  146.543236][ T9316] netlink: 'syz.1.1512': attribute type 2 has an invalid length.
[  146.549088][ T9316] netlink: 'syz.1.1512': attribute type 1 has an invalid length.
[  146.553924][ T9316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1512'.
[  148.982088][ T9347] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1525'.
[  149.002107][ T9347] netlink: 'syz.1.1525': attribute type 11 has an invalid length.
[  149.005426][ T9347] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1525'.
[  149.700807][ T9345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  150.176208][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  150.179761][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  150.184493][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  150.187983][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  150.191810][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  150.224747][ T9391] lo speed is unknown, defaulting to 1000
[  150.274900][ T9393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1543'.
[  150.277804][ T9393] netlink: 125 bytes leftover after parsing attributes in process `syz.2.1543'.
[  150.282111][ T9393] netlink: 142 bytes leftover after parsing attributes in process `syz.2.1543'.
[  150.345239][ T9391] chnl_net:caif_netlink_parms(): no params data found
[  150.430116][ T9391] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.433139][ T9391] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.436018][ T9391] bridge_slave_0: entered allmulticast mode
[  150.439674][ T9391] bridge_slave_0: entered promiscuous mode
[  150.443777][ T9391] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.446541][ T9391] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.449260][ T9391] bridge_slave_1: entered allmulticast mode
[  150.453474][ T9391] bridge_slave_1: entered promiscuous mode
[  150.479148][ T9391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.486010][ T9391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.520385][ T9391] team0: Port device team_slave_0 added
[  150.526705][ T9391] team0: Port device team_slave_1 added
[  150.561117][ T9391] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.563938][ T9391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.574517][ T9391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.581054][ T9391] batman_adv: batadv0: Adding interface: batadv_slave_1
[  150.583804][ T9391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.593486][ T9391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.628778][ T9391] hsr_slave_0: entered promiscuous mode
[  150.632447][ T9391] hsr_slave_1: entered promiscuous mode
[  150.635554][ T9391] debugfs: 'hsr0' already exists in 'hsr'
[  150.637898][ T9391] Cannot create hsr debugfs directory
[  150.786685][ T9391] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  150.791551][ T9391] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  150.798730][ T9391] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  150.804374][ T9391] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  150.834964][ T9391] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.837518][ T9391] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.840352][ T9391] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.842719][ T9391] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.887978][ T9391] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.907703][ T9391] 8021q: adding VLAN 0 to HW filter on device team0
[  150.913093][   T29] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.916187][   T29] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.935818][   T29] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.938936][   T29] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.954599][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.956989][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.123282][ T9391] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.166445][ T9391] veth0_vlan: entered promiscuous mode
[  151.175928][ T9391] veth1_vlan: entered promiscuous mode
[  151.183652][ T9420] sctp: [Deprecated]: syz.1.1546 (pid 9420) Use of int in max_burst socket option deprecated.
[  151.183652][ T9420] Use struct sctp_assoc_value instead
[  151.202617][ T9391] veth0_macvtap: entered promiscuous mode
[  151.207408][ T9391] veth1_macvtap: entered promiscuous mode
[  151.227494][ T9391] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.238130][ T9391] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.250851][ T5874] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.253921][ T5874] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.257586][ T5874] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.263083][ T9424] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1550'.
[  151.271214][ T5874] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.332867][ T4998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.335261][ T4998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.374995][ T4998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.377962][ T4998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.435497][ T9428] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.1537'.
[  151.545996][ T9432] bpf: Bad value for 'gid'
[  151.946168][ T9454] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1564'.
[  151.949839][ T9454] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1564'.
[  152.054006][ T9455] netlink: 'syz.3.1564': attribute type 21 has an invalid length.
[  152.057616][ T9455] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1564'.
[  152.065605][ T9455] netlink: 'syz.3.1564': attribute type 4 has an invalid length.
[  152.073758][ T9455] netlink: 'syz.3.1564': attribute type 5 has an invalid length.
[  152.081445][ T9455] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1564'.
[  152.228963][   T54] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[  152.231229][ T5234] Bluetooth: hci0: command tx timeout
[  152.759766][ T9483] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1577'.
[  153.638304][ T9548] netlink: 'syz.3.1609': attribute type 3 has an invalid length.
[  154.066026][ T9592] netlink: 'syz.3.1631': attribute type 28 has an invalid length.
[  154.321498][   T54] Bluetooth: hci0: command tx timeout
[  154.335618][ T9609] netlink: 'syz.2.1639': attribute type 10 has an invalid length.
[  154.349825][ T9609] macvlan0: entered promiscuous mode
[  154.352694][ T9609] macvlan0: entered allmulticast mode
[  155.754768][ T9668] netlink: 'syz.1.1665': attribute type 21 has an invalid length.
[  155.758099][ T9668] __nla_validate_parse: 10 callbacks suppressed
[  155.758112][ T9668] netlink: 14045 bytes leftover after parsing attributes in process `syz.1.1665'.
[  156.390466][   T54] Bluetooth: hci0: command tx timeout
[  156.652504][ T9662] lo speed is unknown, defaulting to 1000
[  156.882351][ T9688] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1671'.
[  157.143076][ T9717] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.1686'.
[  157.207081][ T9723] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1689'.
[  157.213565][ T9719] macvtap0: refused to change device tx_queue_len
[  157.317515][ T9730] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1692'.
[  158.470937][   T54] Bluetooth: hci0: command tx timeout
[  159.226674][ T9824] netlink: 'syz.2.1727': attribute type 1 has an invalid length.
[  159.229716][ T9824] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1727'.
[  159.234163][ T9824] netlink: 125920 bytes leftover after parsing attributes in process `syz.2.1727'.
[  159.237810][ T9824] netlink: 'syz.2.1727': attribute type 1 has an invalid length.
[  159.241620][ T9824] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1727'.
[  159.367667][ T9829] netlink: 'syz.3.1729': attribute type 10 has an invalid length.
[  159.372871][ T9829] syz_tun: entered promiscuous mode
[  159.401405][ T9829] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  160.004144][ T9860] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.1744'.
[  160.090942][ T9864] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1745'.
[  160.373910][ T9889] C: renamed from team_slave_0 (while UP)
[  160.401496][ T9889] netlink: 'syz.2.1757': attribute type 3 has an invalid length.
[  160.615597][ T9902] netlink: 'syz.2.1763': attribute type 3 has an invalid length.
[  160.618402][ T9902] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  161.107161][ T9913] netlink: 'syz.1.1768': attribute type 2 has an invalid length.
[  161.116090][ T9913] __nla_validate_parse: 2 callbacks suppressed
[  161.116101][ T9913] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1768'.
[  161.203430][ T9919] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1771'.
[  161.668657][ T9946] netlink: 'syz.2.1785': attribute type 2 has an invalid length.
[  161.672182][ T9946] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1785'.
[  162.334249][ T9988] netlink: 'syz.2.1804': attribute type 10 has an invalid length.
[  162.347974][ T9988] team0: Device ipvlan1 failed to register rx_handler
[  162.728660][T10001] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1810'.
[  163.637042][T10037] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1823'.
[  163.642537][T10037] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1823'.
[  163.646106][T10037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1823'.
[  164.437634][T10056] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1830'.
[  164.679793][T10059] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1831'.
[  165.129427][T10074] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1837'.
[  166.081346][T10099] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  166.148723][T10095] openvswitch: netlink: Missing key (keys=c0, expected=200000)
[  166.264129][T10115] __nla_validate_parse: 1 callbacks suppressed
[  166.264140][T10115] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1856'.
[  166.269081][T10115] netlink: 'syz.1.1856': attribute type 3 has an invalid length.
[  166.383849][T10125] netlink: 'syz.2.1862': attribute type 5 has an invalid length.
[  166.432207][T10134] sit0: entered allmulticast mode
[  166.445794][T10127] sit0: entered promiscuous mode
[  166.474370][T10138] netlink: 'syz.2.1867': attribute type 21 has an invalid length.
[  167.226977][T10151] netlink: 40227 bytes leftover after parsing attributes in process `syz.2.1871'.
[  167.579633][T10175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1882'.
[  167.824473][T10194] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1889'.
[  168.167100][T10202] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1893'.
[  168.653252][T10240] netlink: 'syz.3.1905': attribute type 1 has an invalid length.
[  168.664523][T10241] netlink: 'syz.2.1906': attribute type 16 has an invalid length.
[  168.667849][T10241] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1906'.
[  168.713658][T10243] netlink: 'syz.3.1907': attribute type 2 has an invalid length.
[  168.823370][T10249] netdevsim netdevsim2 : renamed from netdevsim0
[  169.203939][T10268] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1919'.
[  169.207398][T10268] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1919'.
[  170.262645][T10283] lo speed is unknown, defaulting to 1000
[  170.276916][T10284] netlink: 'syz.3.1924': attribute type 9 has an invalid length.
[  170.367468][T10290] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1927'.
[  170.372452][T10290] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1927'.
[  171.504410][T10345] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  171.583599][T10346] __nla_validate_parse: 3 callbacks suppressed
[  171.583653][T10346] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1952'.
[  171.706063][T10358] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1959'.
[  171.857499][T10373] netlink: 'syz.3.1965': attribute type 13 has an invalid length.
[  171.991898][T10373] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.994981][T10373] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.173561][T10373] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.188196][T10373] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.214438][T10401] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1976'.
[  172.489273][ T5713] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.498642][ T5713] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.507283][ T5713] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.515491][T10407] pim6reg1: entered allmulticast mode
[  172.520447][   T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.974209][T10434] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1989'.
[  172.979166][T10434] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1989'.
[  173.717051][T10472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2007'.
[  173.735788][T10474] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2008'.
[  174.263178][T10531] netlink: 'syz.3.2033': attribute type 11 has an invalid length.
[  174.266874][T10531] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2033'.
[  174.523708][T10556] Dead loop on virtual device ip6_vti0, fix it urgently!
[  175.439567][T10568] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2051'.
[  175.831379][T10593] netlink: 'syz.2.2063': attribute type 10 has an invalid length.
[  175.834942][T10593] team0: Device ip6_vti0 is of different type
[  176.125609][T10603] netlink: 'syz.1.2068': attribute type 10 has an invalid length.
[  176.129196][T10603] netlink: 'syz.1.2068': attribute type 19 has an invalid length.
[  176.140042][T10603] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2068'.
[  176.306194][T10611] syzkaller0: entered promiscuous mode
[  176.308370][T10611] syzkaller0: entered allmulticast mode
[  176.328255][T10616] netlink: 'syz.3.2074': attribute type 4 has an invalid length.
[  176.979484][T10635] netlink: 'syz.3.2083': attribute type 10 has an invalid length.
[  176.984371][T10635] __nla_validate_parse: 3 callbacks suppressed
[  176.984428][T10635] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2083'.
[  178.266169][T10635] dummy0: entered promiscuous mode
[  178.271385][T10635] bridge0: port 3(dummy0) entered blocking state
[  178.274110][T10635] bridge0: port 3(dummy0) entered disabled state
[  178.276830][T10635] dummy0: entered allmulticast mode
[  178.436432][T10654] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2092'.
[  180.043521][T10713] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2118'.
[  180.161943][T10717] netlink: zone id is out of range
[  180.164880][T10717] netlink: zone id is out of range
[  180.167184][T10717] netlink: zone id is out of range
[  180.169415][T10717] netlink: zone id is out of range
[  180.171959][T10717] netlink: zone id is out of range
[  180.174118][T10717] netlink: zone id is out of range
[  180.176362][T10717] netlink: zone id is out of range
[  180.178669][T10717] netlink: zone id is out of range
[  180.183004][T10717] netlink: zone id is out of range
[  180.185792][T10717] netlink: zone id is out of range
[  180.236562][T10719] netlink: 'syz.1.2121': attribute type 21 has an invalid length.
[  180.240174][T10719] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2121'.
[  180.548622][T10731] netlink: 'syz.1.2126': attribute type 30 has an invalid length.
[  181.527562][T10739] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2130'.
[  181.995010][T10784] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2152'.
[  182.473961][T10796] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2156'.
[  182.477396][T10796] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2156'.
[  182.566350][T10800] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2158'.
[  183.123250][T10826] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2170'.
[  183.250834][T10831] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  183.352960][T10840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2177'.
[  183.406325][T10846] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2180'.
[  183.556649][T10861] netlink: 'syz.3.2186': attribute type 21 has an invalid length.
[  183.559185][T10861] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2186'.
[  183.615540][T10867] netlink: 'syz.1.2190': attribute type 10 has an invalid length.
[  183.618683][T10867] vlan0: entered allmulticast mode
[  183.623136][T10867] veth0_vlan: entered allmulticast mode
[  184.321264][T10901] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2205'.
[  185.373115][T10957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2230'.
[  186.163700][T10987] bond0: (slave syz_tun): Releasing backup interface
[  186.552244][ T5874] dummy0: left allmulticast mode
[  186.554772][ T5874] bridge0: port 3(dummy0) entered disabled state
[  186.560879][ T5874] bridge_slave_1: left allmulticast mode
[  186.562785][ T5874] bridge_slave_1: left promiscuous mode
[  186.565198][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.574122][ T5874] bridge_slave_0: left allmulticast mode
[  186.575924][ T5874] bridge_slave_0: left promiscuous mode
[  186.577762][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.879252][ T5874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  186.884649][ T5874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  186.888811][ T5874] bond0 (unregistering): Released all slaves
[  187.179517][ T5874] hsr_slave_0: left promiscuous mode
[  187.186538][ T5874] hsr_slave_1: left promiscuous mode
[  187.189275][ T5874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.197544][ T5874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.580273][T11017] net_ratelimit: 78 callbacks suppressed
[  187.580291][T11017] openvswitch: netlink: ct_state flags 0000e7cd unsupported
[  187.671915][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  187.677273][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  187.680632][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  187.683549][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  187.686307][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  187.705992][T11020] netlink: 'syz.2.2250': attribute type 21 has an invalid length.
[  187.733677][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  187.737577][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  187.741599][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  187.756374][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  187.768527][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  187.847730][ T5874] team0 (unregistering): Port device team_slave_1 removed
[  187.881861][ T5874] team0 (unregistering): Port device team_slave_0 removed
[  188.166398][T11020] __nla_validate_parse: 1 callbacks suppressed
[  188.166410][T11020] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2250'.
[  188.253323][T11019] lo speed is unknown, defaulting to 1000
[  188.309211][T11022] lo speed is unknown, defaulting to 1000
[  188.606889][T11019] chnl_net:caif_netlink_parms(): no params data found
[  188.673041][T11044] netlink: 'syz.2.2255': attribute type 28 has an invalid length.
[  188.824731][T11022] chnl_net:caif_netlink_parms(): no params data found
[  188.952287][T11019] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.955135][T11019] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.958006][T11019] bridge_slave_0: entered allmulticast mode
[  188.962398][T11019] bridge_slave_0: entered promiscuous mode
[  188.988530][T11019] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.996473][T11019] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.999668][T11019] bridge_slave_1: entered allmulticast mode
[  189.004785][T11019] bridge_slave_1: entered promiscuous mode
[  189.087581][T11019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.121479][T11019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.148056][T11022] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.152979][T11022] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.155511][T11022] bridge_slave_0: entered allmulticast mode
[  189.158677][T11022] bridge_slave_0: entered promiscuous mode
[  189.163329][T11022] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.165573][T11022] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.168010][T11022] bridge_slave_1: entered allmulticast mode
[  189.181122][T11022] bridge_slave_1: entered promiscuous mode
[  189.208813][T11019] team0: Port device team_slave_0 added
[  189.235976][T11019] team0: Port device team_slave_1 added
[  189.281717][T11022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.327126][T11019] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.329840][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.335894][T11073] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2262'.
[  189.340462][T11019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.348338][T11022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.382144][T11076] netlink: 948 bytes leftover after parsing attributes in process `syz.2.2263'.
[  189.389800][T11019] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.394569][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.405385][T11019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.426774][ T5874] bridge_slave_1: left allmulticast mode
[  189.429075][ T5874] bridge_slave_1: left promiscuous mode
[  189.437956][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.445873][ T5874] bridge_slave_0: left allmulticast mode
[  189.448260][ T5874] bridge_slave_0: left promiscuous mode
[  189.451806][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.750163][   T54] Bluetooth: hci0: command tx timeout
[  189.830650][   T54] Bluetooth: hci1: command tx timeout
[  189.847550][ T5874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.854947][ T5874] bond0 (unregistering): Released all slaves
[  189.869103][T11022] team0: Port device team_slave_0 added
[  189.887422][T11022] team0: Port device team_slave_1 added
[  189.967266][T11022] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.969839][T11022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.980574][T11022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  190.002982][T11019] hsr_slave_0: entered promiscuous mode
[  190.005885][T11019] hsr_slave_1: entered promiscuous mode
[  190.008526][T11019] debugfs: 'hsr0' already exists in 'hsr'
[  190.011654][T11019] Cannot create hsr debugfs directory
[  190.048127][T11022] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.054776][T11022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.064728][T11022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.194230][T11022] hsr_slave_0: entered promiscuous mode
[  190.200870][T11022] hsr_slave_1: entered promiscuous mode
[  190.203086][T11022] debugfs: 'hsr0' already exists in 'hsr'
[  190.204939][T11022] Cannot create hsr debugfs directory
[  190.488444][ T5874] hsr_slave_0: left promiscuous mode
[  190.495943][ T5874] hsr_slave_1: left promiscuous mode
[  190.498713][ T5874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  190.502487][ T5874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.768372][ T5874] team0 (unregistering): Port device team_slave_1 removed
[  190.799213][ T5874] team0 (unregistering): Port device team_slave_0 removed
[  190.881714][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  191.005566][ T5874] team0 (unregistering): Port device dummy0 removed
[  191.098905][T11019] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  191.105534][T11019] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  191.145736][T11019] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  191.159259][T11019] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  191.241020][T11111] netlink: 'syz.2.2273': attribute type 22 has an invalid length.
[  191.243697][T11111] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2273'.
[  191.312824][T11022] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  191.321225][T11022] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  191.341668][T11022] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  191.359379][T11019] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.363841][T11022] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  191.419756][T11019] 8021q: adding VLAN 0 to HW filter on device team0
[  191.433508][ T1093] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.435932][ T1093] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.461842][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.464172][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.576268][T11022] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.609488][T11022] 8021q: adding VLAN 0 to HW filter on device team0
[  191.624267][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.627451][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.652085][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.655141][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.706764][T11022] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  191.715036][T11140] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  191.717401][T11140] IPv6: NLM_F_CREATE should be set when creating new route
[  191.720511][T11140] IPv6: NLM_F_CREATE should be set when creating new route
[  191.722840][T11140] IPv6: NLM_F_CREATE should be set when creating new route
[  191.729511][T11022] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.798244][T11019] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.845551][ T5234] Bluetooth: hci0: command tx timeout
[  191.922176][ T5234] Bluetooth: hci1: command tx timeout
[  191.977453][T11022] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.118086][T11019] veth0_vlan: entered promiscuous mode
[  192.143029][T11019] veth1_vlan: entered promiscuous mode
[  192.219137][T11019] veth0_macvtap: entered promiscuous mode
[  192.228943][T11019] veth1_macvtap: entered promiscuous mode
[  192.271513][T11019] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.301426][T11019] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.347535][ T5713] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.361333][ T5713] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.365498][ T5713] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.585027][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.614845][T11022] veth0_vlan: entered promiscuous mode
[  192.620565][T11022] veth1_vlan: entered promiscuous mode
[  192.737581][T11022] veth0_macvtap: entered promiscuous mode
[  192.749384][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.752088][T11022] veth1_macvtap: entered promiscuous mode
[  192.759380][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.787327][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.789833][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.815558][T11022] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.833105][T11022] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.862838][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.869303][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.875410][T11180] netlink: 'syz.2.2283': attribute type 33 has an invalid length.
[  192.886319][T11180] netlink: 'syz.2.2283': attribute type 3 has an invalid length.
[  192.889666][T11180] netlink: 153952 bytes leftover after parsing attributes in process `syz.2.2283'.
[  192.899556][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.928740][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.091909][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.095079][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.288533][ T5234] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3
[  193.333900][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.340157][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.526496][T11206] syzkaller0: entered promiscuous mode
[  193.539834][T11206] syzkaller0: entered allmulticast mode
[  193.654103][T11216] netlink: 'syz.4.2293': attribute type 19 has an invalid length.
[  193.926831][ T5234] Bluetooth: hci0: command tx timeout
[  193.936435][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  193.939160][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  193.990898][   T54] Bluetooth: hci1: command tx timeout
[  195.142484][T11236] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2302'.
[  195.995383][   T54] Bluetooth: hci0: command tx timeout
[  196.071183][   T54] Bluetooth: hci1: command tx timeout
[  196.835008][T11302] netlink: 'syz.2.2323': attribute type 10 has an invalid length.
[  197.404683][T11302] team0: Port device geneve1 added
[  199.152417][T11378] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2351'.
[  199.283276][T11393] openvswitch: netlink: nsh attribute has 8 unknown bytes.
[  199.485414][T11407] netlink: 'syz.5.2365': attribute type 1 has an invalid length.
[  199.487842][T11407] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2365'.
[  199.839453][T11435] netlink: 'syz.4.2380': attribute type 29 has an invalid length.
[  199.846297][T11435] netlink: 'syz.4.2380': attribute type 29 has an invalid length.
[  199.852842][T11435] netlink: 'syz.4.2380': attribute type 29 has an invalid length.
[  199.859444][T11435] netlink: 'syz.4.2380': attribute type 29 has an invalid length.
[  199.949650][   T54] Bluetooth: hci2: adv larger than maximum supported
[  199.949683][   T54] Bluetooth: hci2: Unknown advertising packet type: 0x73
[  200.062988][T11445] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2379'.
[  201.851862][T11463] netlink: 'syz.4.2392': attribute type 14 has an invalid length.
[  201.854628][T11463] netlink: 164 bytes leftover after parsing attributes in process `syz.4.2392'.
[  201.955953][T11476] netlink: 'syz.2.2398': attribute type 10 has an invalid length.
[  201.959107][T11476] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2398'.
[  202.019253][T11480] netlink: 'syz.5.2400': attribute type 3 has an invalid length.
[  202.026155][T11480] netlink: 130984 bytes leftover after parsing attributes in process `syz.5.2400'.
[  202.158998][   T54] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  202.316426][T11516] C: renamed from team_slave_0 (while UP)
[  202.326551][T11516] netlink: 'syz.4.2416': attribute type 3 has an invalid length.
[  202.329550][T11516] netlink: 'syz.4.2416': attribute type 1 has an invalid length.
[  202.332541][T11516] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2416'.
[  202.341973][T11516] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  202.547829][T11532] netlink: 'syz.2.2423': attribute type 10 has an invalid length.
[  202.551178][T11532] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2423'.
[  202.768442][T11546] netlink: 'syz.5.2430': attribute type 21 has an invalid length.
[  202.772923][T11546] netlink: 14532 bytes leftover after parsing attributes in process `syz.5.2430'.
[  203.067549][   T54] Bluetooth: hci2: unexpected event 0x1c length: 15 > 5
[  203.778926][T11558] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2433'.
[  203.802679][T11556] delete_channel: no stack
[  204.062764][T11581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2442'.
[  204.082196][T11581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2442'.
[  204.137488][T11584] veth0_vlan: entered allmulticast mode
[  204.385115][T11589] openvswitch: netlink: Duplicate or invalid key (type 0).
[  204.387628][T11589] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  204.579380][T11591] tun0: tun_chr_ioctl cmd 1074025675
[  204.581580][T11591] tun0: persist enabled
[  204.584088][T11591] tun0: tun_chr_ioctl cmd 1074025675
[  204.586062][T11591] tun0: persist disabled
[  204.775316][T11600] netlink: 'syz.5.2450': attribute type 13 has an invalid length.
[  204.884326][T11606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2453'.
[  204.887999][T11606] openvswitch: netlink: nsh attr 165 is out of range max 3
[  204.898252][T11606] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  205.380234][   T54] Bluetooth: hci0: unexpected event 0x18 length: 151 > 23
[  206.434827][T11691] netlink: 'syz.4.2493': attribute type 13 has an invalid length.
[  206.783569][T11683] syzkaller0: entered promiscuous mode
[  206.785686][T11683] syzkaller0: entered allmulticast mode
[  207.082515][T11691] : renamed from syz_tun (while UP)
[  207.087998][T11691] : refused to change device tx_queue_len
[  207.090911][T11691] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  207.296221][T11702] delete_channel: no stack
[  207.298490][T11702] delete_channel: no stack
[  207.346587][T11704] __nla_validate_parse: 5 callbacks suppressed
[  207.346603][T11704] netlink: 596 bytes leftover after parsing attributes in process `syz.4.2499'.
[  208.364191][T11693] netlink: 'syz.5.2494': attribute type 10 has an invalid length.
[  208.366672][T11693] netlink: 65015 bytes leftover after parsing attributes in process `syz.5.2494'.
[  208.369931][T11713] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2503'.
[  208.496872][T11726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2509'.
[  208.536273][T11723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2507'.
[  208.634109][T11732] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[  208.793411][T11739] netlink: 'syz.5.2512': attribute type 39 has an invalid length.
[  209.493528][T11749] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2518'.
[  209.636143][T11758] netlink: 128124 bytes leftover after parsing attributes in process `syz.5.2522'.
[  209.808187][T11768] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2526'.
[  210.160790][T11792] netlink: 7 bytes leftover after parsing attributes in process `syz.4.2538'.
[  210.165208][T11792] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2538'.
[  210.516667][T11812] netlink: 'syz.2.2548': attribute type 29 has an invalid length.
[  210.521682][T11812] netlink: 'syz.2.2548': attribute type 29 has an invalid length.
[  210.525007][T11812] netlink: 'syz.2.2548': attribute type 29 has an invalid length.
[  210.806522][T11830] netlink: 'syz.5.2557': attribute type 19 has an invalid length.
[  211.373882][T11859] veth1_macvtap: left promiscuous mode
[  211.376061][T11859] macsec0: entered promiscuous mode
[  211.512266][T11867] netlink: 'syz.2.2572': attribute type 1 has an invalid length.
[  212.356668][T11882] netlink: 'syz.4.2579': attribute type 11 has an invalid length.
[  212.359375][T11882] __nla_validate_parse: 3 callbacks suppressed
[  212.359382][T11882] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2579'.
[  212.370346][T11882] netlink: 'syz.4.2579': attribute type 11 has an invalid length.
[  212.372901][T11882] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2579'.
[  212.488305][T11881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  212.815631][T11905] nftables ruleset with unbound chain
[  212.964857][T11912] netlink: 'syz.4.2593': attribute type 10 has an invalid length.
[  213.302515][T11912] team0: Device ipvlan1 failed to register rx_handler
[  213.506627][T11924] netlink: 'syz.5.2599': attribute type 2 has an invalid length.
[  213.572848][T11928] tap0: tun_chr_ioctl cmd 1074812118
[  215.048833][T11953] netlink: 147608 bytes leftover after parsing attributes in process `syz.5.2612'.
[  215.053709][T11953] netlink: 62227 bytes leftover after parsing attributes in process `syz.5.2612'.
[  215.098758][T11959] netlink: 14601 bytes leftover after parsing attributes in process `syz.5.2615'.
[  215.146440][T11961] openvswitch: netlink: IPv4 tunnel dst address is zero
[  215.701835][T11989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2628'.
[  216.003233][T11989] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  216.525836][T12009] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.2637'.
[  216.540872][T12009] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2637'.
[  216.754114][T12012] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2638'.
[  216.922537][T12024] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2642'.
[  217.486609][T12055] netlink: 'syz.2.2656': attribute type 13 has an invalid length.
[  217.490672][T12055] __nla_validate_parse: 2 callbacks suppressed
[  217.490684][T12055] netlink: 24859 bytes leftover after parsing attributes in process `syz.2.2656'.
[  218.467928][T12069] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2661'.
[  219.072873][T12083] netlink: 830 bytes leftover after parsing attributes in process `syz.4.2663'.
[  219.075820][T12083] bond_slave_0: entered promiscuous mode
[  219.077862][T12083] bond_slave_1: entered promiscuous mode
[  219.116004][T12086] C: renamed from team_slave_0 (while UP)
[  219.119494][T12086] netlink: 'syz.5.2669': attribute type 2 has an invalid length.
[  219.130202][T12086] netlink: 116 bytes leftover after parsing attributes in process `syz.5.2669'.
[  219.135702][T12086] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  219.197271][T12093] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.2672'.
[  219.823276][T12133] netlink: 'syz.5.2689': attribute type 2 has an invalid length.
[  220.073125][T12145] syzkaller0: entered promiscuous mode
[  220.075520][T12145] syzkaller0: entered allmulticast mode
[  221.408058][T12157] : entered promiscuous mode
[  222.457837][T12181] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.2711'.
[  222.461202][T12181] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  222.463867][T12181] openvswitch: netlink: Key type 256 is out of range max 32
[  222.506606][T12183] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2713'.
[  222.550463][T12186] netlink: 'syz.4.2709': attribute type 39 has an invalid length.
[  223.812552][T12242] netlink: 13 bytes leftover after parsing attributes in process `syz.5.2739'.
[  224.193629][T12266] netlink: 'syz.5.2750': attribute type 8 has an invalid length.
[  224.196775][T12266] netlink: 'syz.5.2750': attribute type 3 has an invalid length.
[  224.203293][T12266] netlink: 153952 bytes leftover after parsing attributes in process `syz.5.2750'.
[  224.348485][T12270] veth1_macvtap: left promiscuous mode
[  224.351535][T12270] macsec0: entered allmulticast mode
[  224.594999][T12290] netlink: 10 bytes leftover after parsing attributes in process `syz.5.2762'.
[  224.622351][T12288] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2763'.
[  224.632065][T12294] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2765'.
[  224.858604][ T5234] Bluetooth: hci2: Opcode 0x206a failed: -110
[  224.861539][ T5234] Bluetooth: hci2: command 0x0406 tx timeout
[  224.926146][T12299] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.938396][T12299] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.957670][T12299] bridge0: entered allmulticast mode
[  225.389124][T12317] netlink: 2 bytes leftover after parsing attributes in process `syz.5.2774'.
[  225.396389][T12317] batadv_slave_1: entered promiscuous mode
[  225.646020][T12324] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.2777'.
[  225.649140][T12327] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2778'.
[  225.836099][T12333] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2781'.
[  226.804457][T12355] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  226.855978][T12353] netlink: 'syz.2.2790': attribute type 2 has an invalid length.
[  226.859686][T12353] netlink: 'syz.2.2790': attribute type 3 has an invalid length.
[  226.985935][   T54] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  227.115470][T12367] netlink: 'syz.4.2798': attribute type 10 has an invalid length.
[  227.381870][T12367] team0: Port device wlan1 added
[  227.596073][T12384] __nla_validate_parse: 8 callbacks suppressed
[  227.596168][T12384] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2804'.
[  228.344114][T12401] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2812'.
[  228.349035][T12401] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2812'.
[  229.021087][T12404] netlink: 14593 bytes leftover after parsing attributes in process `syz.5.2813'.
[  229.219746][T12415] syzkaller0: entered promiscuous mode
[  229.223746][T12415] syzkaller0: entered allmulticast mode
[  229.295453][   T33] audit: type=1107 audit(1755609040.276:3): pid=12420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  229.581481][T12438] netlink: 'syz.2.2829': attribute type 2 has an invalid length.
[  229.584784][T12438] netlink: 137592 bytes leftover after parsing attributes in process `syz.2.2829'.
[  229.643211][T12445] netlink: 'syz.5.2832': attribute type 210 has an invalid length.
[  229.698775][T12448] netlink: 'syz.5.2833': attribute type 13 has an invalid length.
[  229.966450][T12452] netlink: 'syz.5.2835': attribute type 11 has an invalid length.
[  229.969517][T12452] netlink: 149476 bytes leftover after parsing attributes in process `syz.5.2835'.
[  230.028016][T12453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  230.068685][T12455] netlink: 'syz.5.2836': attribute type 1 has an invalid length.
[  230.709777][T12503] netlink: 'syz.5.2858': attribute type 1 has an invalid length.
[  230.760903][T12509] netlink: 'syz.5.2861': attribute type 21 has an invalid length.
[  230.763907][T12509] netlink: 144 bytes leftover after parsing attributes in process `syz.5.2861'.
[  230.852030][T12515] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2865'.
[  230.985100][T12527] veth1_macvtap: left promiscuous mode
[  230.987379][T12527] macsec0: entered promiscuous mode
[  231.141395][T12529] @: renamed from bond_slave_0 (while UP)
[  231.141645][   T54] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[  231.144152][   T54] Bluetooth: hci1: connection err: -111
[  231.356077][T12537] netlink: 'syz.2.2873': attribute type 39 has an invalid length.
[  231.387507][T12536] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2871'.
[  231.437469][T12538] netlink: 64859 bytes leftover after parsing attributes in process `syz.4.2871'.
[  231.462987][T12537] hsr_slave_0 (unregistering): left promiscuous mode
[  231.849278][T12544] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  231.855077][T12544] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  232.420961][T12557] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  232.863118][T12575] netlink: 'syz.2.2890': attribute type 4 has an invalid length.
[  232.870290][T12575] netlink: 'syz.2.2890': attribute type 16 has an invalid length.
[  232.880124][T12575] __nla_validate_parse: 2 callbacks suppressed
[  232.880140][T12575] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2890'.
[  233.172104][T12590] netlink: 'syz.2.2897': attribute type 21 has an invalid length.
[  233.175205][T12590] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2897'.
[  233.486191][T12604] netlink: 8392 bytes leftover after parsing attributes in process `syz.5.2904'.
[  237.384203][   T95] sched: DL replenish lagged too much
[  239.355283][T12641] netlink: 'syz.5.2916': attribute type 4 has an invalid length.
[  239.403436][T12647] netlink: 147608 bytes leftover after parsing attributes in process `syz.4.2918'.
[  239.406426][T12647] netlink: 'syz.4.2918': attribute type 3 has an invalid length.
[  239.477556][T12655] netlink: 1053 bytes leftover after parsing attributes in process `syz.5.2922'.
[  239.707129][T12671] netlink: 'syz.5.2928': attribute type 33 has an invalid length.
[  239.711474][T12671] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2928'.
[  240.359117][T12688] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2933'.
[  240.402206][T12690] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  240.405383][T12690] batman_adv: batadv0: Removing interface: batadv_slave_0
[  240.434404][T12690] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.437471][T12690] batman_adv: batadv0: Removing interface: batadv_slave_1
[  240.447458][T12690] batman_adv: batadv0: Removing interface: 
[  240.605624][   T54] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[  240.695242][T12708] netlink: 'syz.5.2944': attribute type 2 has an invalid length.
[  240.701123][T12708] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2944'.
[  240.785468][T12712] netlink: 'syz.2.2946': attribute type 3 has an invalid length.
[  240.788631][T12712] netlink: 'syz.2.2946': attribute type 4 has an invalid length.
[  240.794193][T12712] netlink: 9067 bytes leftover after parsing attributes in process `syz.2.2946'.
[  242.644150][   T54] Bluetooth: hci1: command tx timeout
[  244.084828][T12732] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2955'.
[  244.504598][T12768] netlink: 1010 bytes leftover after parsing attributes in process `syz.5.2972'.
[  244.508464][T12768] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  244.555274][T12772] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2975'.
[  244.564861][T12772] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2975'.
[  244.644679][T12774] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  244.648618][T12774] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  245.210432][ T5874] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.683033][ T5874] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.782222][ T5874] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.788635][T12812] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  245.852741][ T5874] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.864918][T12818] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.2993'.
[  246.004990][ T5874] vlan0: left allmulticast mode
[  246.018771][ T5874] veth0_vlan: left allmulticast mode
[  246.025795][ T5874] vlan0: left promiscuous mode
[  246.028085][ T5874] : port 1(vlan0) entered disabled state
[  246.616870][ T5874] .` (unregistering): (slave 5@): Releasing backup interface
[  246.622770][ T5874] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.627810][ T5874] .` (unregistering): Released all slaves
[  247.778272][ T5874] hsr_slave_0: left promiscuous mode
[  247.780935][ T5874] hsr_slave_1: left promiscuous mode
[  247.783013][ T5874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  247.785491][ T5874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  247.788471][ T5874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  247.791808][ T5874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  247.805472][ T5874] veth1_macvtap: left promiscuous mode
[  247.807845][ T5874] veth0_macvtap: left promiscuous mode
[  247.809878][ T5874] veth1_vlan: left promiscuous mode
[  247.813385][T12850] netlink: 202232 bytes leftover after parsing attributes in process `syz.5.3006'.
[  247.816310][T12850] netlink: zone id is out of range
[  247.817977][T12850] netlink: zone id is out of range
[  247.819832][ T5874] veth0_vlan: left promiscuous mode
[  247.874910][T12853] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3007'.
[  248.455837][T12883] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3020'.
[  248.459576][T12883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3020'.
[  248.700930][ T5874] team0 (unregistering): Port device team_slave_1 removed
[  248.729380][ T5874] team0 (unregistering): Port device C removed
[  248.802357][T12901] netlink: 'syz.5.3029': attribute type 1 has an invalid length.
[  248.804833][T12901] netlink: 157116 bytes leftover after parsing attributes in process `syz.5.3029'.
[  249.104965][T12864] syzkaller0: tun_chr_ioctl cmd 2147767520
[  250.178751][T12914] netlink: 'syz.4.3035': attribute type 4 has an invalid length.
[  250.263376][T12922] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3038'.
[  251.509748][T12967] wg2: entered promiscuous mode
[  251.518393][T12967] wg2: entered allmulticast mode
[  252.116564][   T54] Bluetooth: hci2: adv larger than maximum supported
[  252.116597][   T54] Bluetooth: hci2: Unknown advertising packet type: 0x18
[  252.119227][   T54] Bluetooth: hci2: Malformed LE Event: 0x0d
[  252.683387][T13048] netlink: 'syz.2.3068': attribute type 2 has an invalid length.
[  252.698468][T13048] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3068'.
[  252.709491][T13048] netlink: 'syz.2.3068': attribute type 2 has an invalid length.
[  252.721780][T13048] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3068'.
[  252.834774][T13056] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3072'.
[  252.863135][T13060] netlink: 1053 bytes leftover after parsing attributes in process `syz.4.3074'.
[  252.937430][T13069] netlink: 'syz.2.3079': attribute type 21 has an invalid length.
[  252.970805][T13072] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3080'.
[  253.144445][T13077] netlink: 'syz.2.3081': attribute type 2 has an invalid length.
[  253.147440][T13077] netlink: 'syz.2.3081': attribute type 8 has an invalid length.
[  253.167099][T13077] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3081'.
[  254.154768][T13104] syzkaller0: entered promiscuous mode
[  254.156830][T13104] syzkaller0: entered allmulticast mode
[  255.347480][T13129] netlink: 'syz.5.3105': attribute type 13 has an invalid length.
[  255.396077][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.399036][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  255.405367][T13129] netlink: 'syz.5.3105': attribute type 17 has an invalid length.
[  255.579529][T13129] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  255.617604][T13145] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3111'.
[  256.107023][T13179] netlink: 63503 bytes leftover after parsing attributes in process `syz.5.3126'.
[  257.734778][   T54] Bluetooth: hci0: unexpected event 0x34 length: 15 > 6
[  258.424615][T13247] netlink: 'syz.4.3158': attribute type 29 has an invalid length.
[  258.430667][T13247] netlink: 'syz.4.3158': attribute type 29 has an invalid length.
[  258.433643][T13247] netlink: 'syz.4.3158': attribute type 29 has an invalid length.
[  258.436524][T13247] netlink: 'syz.4.3158': attribute type 29 has an invalid length.
[  258.505412][T13250] netlink: 'syz.2.3154': attribute type 2 has an invalid length.
[  258.683906][T13268] openvswitch: netlink: Message has 4 unknown bytes.
[  258.705766][T13269] syzkaller0: entered promiscuous mode
[  258.708021][T13269] syzkaller0: entered allmulticast mode
[  258.721036][T13271] netlink: 'syz.5.3169': attribute type 21 has an invalid length.
[  258.724018][T13271] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3169'.
[  259.818602][T13279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3172'.
[  259.823099][T13279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3172'.
[  260.015937][T13293] delete_channel: no stack
[  260.033833][T13300] netlink: 492 bytes leftover after parsing attributes in process `syz.4.3182'.
[  260.060909][T13302] netlink: 'syz.2.3183': attribute type 10 has an invalid length.
[  260.268021][T13302] bond0: (slave O3c): Releasing backup interface
[  261.032628][   T54] Bluetooth: hci1: unexpected subevent 0x0a length: 150 > 30
[  261.385463][T13341] netlink: 'syz.2.3199': attribute type 1 has an invalid length.
[  261.387941][T13341] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.3199'.
[  261.400639][T13343] netlink: 'syz.5.3200': attribute type 11 has an invalid length.
[  261.410078][T13343] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.3200'.
[  261.427673][T13345] netlink: 'syz.4.3201': attribute type 29 has an invalid length.
[  261.433032][T13345] netlink: 'syz.4.3201': attribute type 29 has an invalid length.
[  261.435941][T13345] netlink: 'syz.4.3201': attribute type 29 has an invalid length.
[  261.438739][T13345] netlink: 'syz.4.3201': attribute type 29 has an invalid length.
[  261.981503][T13342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  262.041620][T13366] netlink: 'syz.2.3211': attribute type 6 has an invalid length.
[  262.263163][T13383] netlink: 'syz.2.3219': attribute type 1 has an invalid length.
[  262.321596][T13380] netlink: 'syz.4.3218': attribute type 27 has an invalid length.
[  262.325242][T13380] netlink: 'syz.4.3218': attribute type 3 has an invalid length.
[  262.327900][T13380] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3218'.
[  262.452770][T13401] netlink: 'syz.2.3227': attribute type 21 has an invalid length.
[  262.478731][T13403] netlink: 26 bytes leftover after parsing attributes in process `syz.2.3228'.
[  263.073019][T13416] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3234'.
[  263.110628][   T54] Bluetooth: hci1: command tx timeout
[  263.157873][T13428] netlink: 180 bytes leftover after parsing attributes in process `syz.4.3240'.
[  263.195443][T13434] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3243'.
[  263.513749][T13460] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3256'.
[  264.442991][T13521] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3284'.
[  264.447047][T13521] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3284'.
[  266.398147][T13552] validate_nla: 5 callbacks suppressed
[  266.398168][T13552] netlink: 'syz.4.3298': attribute type 16 has an invalid length.
[  266.413805][T13552] __nla_validate_parse: 1 callbacks suppressed
[  266.413816][T13552] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3298'.
[  266.575706][T13570] netlink: 'syz.4.3307': attribute type 6 has an invalid length.
[  266.578601][T13570] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3307'.
[  266.659941][T13574] netlink: 'syz.4.3310': attribute type 62 has an invalid length.
[  266.862335][T13579] netlink: 'syz.5.3311': attribute type 10 has an invalid length.
[  266.865616][T13579] netlink: 156 bytes leftover after parsing attributes in process `syz.5.3311'.
[  267.036848][T13577] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  267.319573][T13584] netlink: 'syz.4.3314': attribute type 10 has an invalid length.
[  268.322762][T13584] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  268.358551][T13588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3315'.
[  268.614161][T13601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3321'.
[  268.754754][T13613] vxcan1: entered allmulticast mode
[  268.759272][T13617] netlink: 260 bytes leftover after parsing attributes in process `syz.2.3328'.
[  268.774490][T13617] netlink: 260 bytes leftover after parsing attributes in process `syz.2.3328'.
[  269.428803][T13648] netlink: ct family unspecified
[  269.434127][T13648] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  270.085562][T13664] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  270.362911][T13684] netlink: 'syz.5.3360': attribute type 29 has an invalid length.
[  270.367818][T13684] netlink: 'syz.5.3360': attribute type 29 has an invalid length.
[  270.372484][T13684] netlink: 'syz.5.3360': attribute type 29 has an invalid length.
[  270.646580][T13693] veth0_vlan: entered allmulticast mode
[  271.225104][T13724] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3375'.
[  271.385083][T13744] netlink: 182 bytes leftover after parsing attributes in process `syz.2.3385'.
[  271.492498][T13752] netlink: 'syz.2.3389': attribute type 10 has an invalid length.
[  271.495468][T13752] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3389'.
[  271.564426][T13755] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3390'.
[  271.659109][T13752] vlan0 (unregistering): left allmulticast mode
[  271.663673][T13752] veth0_vlan (unregistering): left allmulticast mode
[  271.666639][T13752] vlan0 (unregistering): left promiscuous mode
[  271.669152][T13752] : port 1(vlan0) entered disabled state
[  275.807724][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 3717505147 wd_nsec: 3717489271
[  278.626519][T13779] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3401'.
[  278.678267][T13781] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3401'.
[  278.697213][T13779] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.715987][T13779] bridge_slave_0 (unregistering): left allmulticast mode
[  278.718871][T13779] bridge_slave_0 (unregistering): left promiscuous mode
[  278.722487][T13779] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.877246][T13793] netlink: 948 bytes leftover after parsing attributes in process `syz.4.3407'.
[  279.917932][T13810] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  280.816098][T13857] netlink: 'syz.5.3436': attribute type 10 has an invalid length.
[  280.829328][T13857] team0: Device veth1_macvtap failed to register rx_handler
[  280.881331][T13861] netlink: 'syz.5.3439': attribute type 5 has an invalid length.
[  280.884900][T13861] netlink: 130080 bytes leftover after parsing attributes in process `syz.5.3439'.
[  280.919112][T13863] ==================================================================
[  280.921748][T13863] BUG: KFENCE: use-after-free read in __xfrm_state_insert+0x855/0x1450
[  280.921748][T13863] 
[  280.925077][T13863] Use-after-free read at 0xffff888136558330 (in kfence-#171):
[  280.927404][T13863]  __xfrm_state_insert+0x855/0x1450
[  280.929584][T13863]  xfrm_state_insert+0x54/0x60
[  280.931791][T13863]  ipcomp6_init_state+0x655/0x900
[  280.933558][T13863]  __xfrm_init_state+0xa76/0x13f0
[  280.935257][T13863]  xfrm_add_sa+0x2f5b/0x4070
[  280.936786][T13863]  xfrm_user_rcv_msg+0x7a3/0xab0
[  280.938438][T13863]  netlink_rcv_skb+0x208/0x470
[  280.940015][T13863]  xfrm_netlink_rcv+0x79/0x90
[  280.941618][T13863]  netlink_unicast+0x82f/0x9e0
[  280.943200][T13863]  netlink_sendmsg+0x805/0xb30
[  280.944941][T13863]  __sock_sendmsg+0x21c/0x270
[  280.946492][T13863]  ____sys_sendmsg+0x505/0x830
[  280.948132][T13863]  ___sys_sendmsg+0x21f/0x2a0
[  280.949695][T13863]  __x64_sys_sendmsg+0x19b/0x260
[  280.951575][T13863]  do_syscall_64+0xfa/0x3b0
[  280.953428][T13863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.955862][T13863] 
[  280.956882][T13863] kfence-#171: 0xffff888136558000-0xffff8881365580ef, size=240, cache=skbuff_head_cache
[  280.956882][T13863] 
[  280.961619][T13863] allocated by task 5827 on cpu 0 at 278.820641s (2.140977s ago):
[  280.964738][T13863]  __alloc_skb+0x112/0x2d0
[  280.966552][T13863]  __tcp_send_ack+0xaf/0x620
[  280.968315][T13863]  tcp_recvmsg_locked+0x2d7f/0x3660
[  280.970059][T13863]  tcp_recvmsg+0x216/0x810
[  280.971655][T13863]  inet_recvmsg+0x147/0x250
[  280.973164][T13863]  sock_recvmsg+0x1a8/0x270
[  280.974723][T13863]  sock_read_iter+0x231/0x2f0
[  280.976302][T13863]  vfs_read+0x55a/0xa30
[  280.977686][T13863]  ksys_read+0x145/0x250
[  280.979114][T13863]  do_syscall_64+0xfa/0x3b0
[  280.980993][T13863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.983418][T13863] 
[  280.984417][T13863] freed by task 5827 on cpu 0 at 278.820869s (2.163547s ago):
[  280.987410][T13863]  tcp_rcv_established+0xe9e/0x1eb0
[  280.989238][T13863]  tcp_v4_do_rcv+0xa23/0xce0
[  280.990861][T13863]  tcp_v4_rcv+0x26a6/0x2f40
[  280.992712][T13863]  ip_protocol_deliver_rcu+0x221/0x440
[  280.994683][T13863]  ip_local_deliver_finish+0x3bb/0x6f0
[  280.996554][T13863]  NF_HOOK+0x30c/0x3a0
[  280.997932][T13863]  NF_HOOK+0x30c/0x3a0
[  280.999364][T13863]  __netif_receive_skb+0x143/0x380
[  281.001480][T13863]  process_backlog+0x60e/0x14f0
[  281.003543][T13863]  __napi_poll+0xc7/0x360
[  281.005161][T13863]  net_rx_action+0x707/0xe30
[  281.006803][T13863]  handle_softirqs+0x286/0x870
[  281.008379][T13863]  do_softirq+0xec/0x180
[  281.009783][T13863]  __local_bh_enable_ip+0x17d/0x1c0
[  281.011873][T13863]  __dev_queue_xmit+0x1d79/0x3b50
[  281.013949][T13863]  ip_finish_output2+0xd03/0x1160
[  281.015778][T13863]  ip_output+0x2a1/0x3c0
[  281.017303][T13863]  __ip_queue_xmit+0x1106/0x1b00
[  281.019254][T13863]  __tcp_transmit_skb+0x2215/0x3680
[  281.021015][T13863]  tcp_recvmsg_locked+0x2d7f/0x3660
[  281.023041][T13863]  tcp_recvmsg+0x216/0x810
[  281.024880][T13863]  inet_recvmsg+0x147/0x250
[  281.026751][T13863]  sock_recvmsg+0x1a8/0x270
[  281.028644][T13863]  sock_read_iter+0x231/0x2f0
[  281.030596][T13863]  vfs_read+0x55a/0xa30
[  281.032447][T13863]  ksys_read+0x145/0x250
[  281.034243][T13863]  do_syscall_64+0xfa/0x3b0
[  281.036136][T13863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.038560][T13863] 
[  281.039568][T13863] CPU: 1 UID: 0 PID: 13863 Comm: syz.4.3438 Not tainted syzkaller #0 PREEMPT(full) 
[  281.043356][T13863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  281.047083][T13863] RIP: 0010:__xfrm_state_insert+0x855/0x1450
[  281.049144][T13863] Code: d8 0f 94 c1 08 c1 74 0a e8 98 e1 9e f7 e9 aa 00 00 00 4d 8d ac 24 30 03 00 00 4d 89 ee 49 c1 ee 03 41 0f b6 04 1e 84 c0 75 48 <41> 0f b6 6d 00 83 e5 0c bf 08 00 00 00 89 ee e8 67 e4 9e f7 83 fd
[  281.056659][T13863] RSP: 0018:ffffc9000358f0f8 EFLAGS: 00010246
[  281.059136][T13863] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[  281.062447][T13863] RDX: ffff8880229d1cc0 RSI: 0000000000000000 RDI: 0000000000000008
[  281.065462][T13863] RBP: 0000000000000004 R08: dffffc0000000000 R09: 0000000000000002
[  281.068064][T13863] R10: 000000000000000a R11: 0000000000000002 R12: ffff888136558000
[  281.070802][T13863] R13: ffff888136558330 R14: 1ffff11026cab066 R15: 0000000000000004
[  281.073741][T13863] FS:  00007fc23bab96c0(0000) GS:ffff8881a3c1c000(0000) knlGS:0000000000000000
[  281.077359][T13863] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  281.080039][T13863] CR2: ffff888136558330 CR3: 000000011204e000 CR4: 00000000000006f0
[  281.083294][T13863] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  281.086508][T13863] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  281.089708][T13863] Call Trace:
[  281.091117][T13863]  <TASK>
[  281.092348][T13863]  ? xfrm_state_insert+0x44/0x60
[  281.094419][T13863]  xfrm_state_insert+0x54/0x60
[  281.096402][T13863]  ipcomp6_init_state+0x655/0x900
[  281.098277][T13863]  __xfrm_init_state+0xa76/0x13f0
[  281.100413][T13863]  ? __xfrm_init_state+0x7ef/0x13f0
[  281.102676][T13863]  xfrm_add_sa+0x2f5b/0x4070
[  281.104684][T13863]  ? __pfx_xfrm_add_sa+0x10/0x10
[  281.106820][T13863]  ? apparmor_capable+0x137/0x1b0
[  281.109017][T13863]  ? __nla_parse+0x40/0x60
[  281.110971][T13863]  xfrm_user_rcv_msg+0x7a3/0xab0
[  281.113108][T13863]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  281.115418][T13863]  ? __pfx___mutex_trylock_common+0x10/0x10
[  281.117301][T13863]  ? rcu_is_watching+0x15/0xb0
[  281.118814][T13863]  ? trace_contention_end+0x39/0x120
[  281.120490][T13863]  ? __mutex_lock+0x335/0x1360
[  281.122014][T13863]  netlink_rcv_skb+0x208/0x470
[  281.123482][T13863]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  281.125221][T13863]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  281.126940][T13863]  ? netlink_deliver_tap+0x2e/0x1b0
[  281.128589][T13863]  ? netlink_deliver_tap+0x2e/0x1b0
[  281.130239][T13863]  xfrm_netlink_rcv+0x79/0x90
[  281.131718][T13863]  netlink_unicast+0x82f/0x9e0
[  281.133272][T13863]  ? __pfx_netlink_unicast+0x10/0x10
[  281.134981][T13863]  ? netlink_sendmsg+0x642/0xb30
[  281.136789][T13863]  ? skb_put+0x11b/0x210
[  281.138209][T13863]  netlink_sendmsg+0x805/0xb30
[  281.139757][T13863]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.141538][T13863]  ? perf_trace_run_bpf_submit+0x100/0x170
[  281.143392][T13863]  ? aa_sock_msg_perm+0xf1/0x1d0
[  281.145013][T13863]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  281.146982][T13863]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.149164][T13863]  __sock_sendmsg+0x21c/0x270
[  281.151142][T13863]  ____sys_sendmsg+0x505/0x830
[  281.153146][T13863]  ? __pfx_____sys_sendmsg+0x10/0x10
[  281.154957][T13863]  ? import_iovec+0x74/0xa0
[  281.156436][T13863]  ___sys_sendmsg+0x21f/0x2a0
[  281.157989][T13863]  ? __pfx____sys_sendmsg+0x10/0x10
[  281.159678][T13863]  ? __fget_files+0x2a/0x420
[  281.161243][T13863]  ? __fget_files+0x2a/0x420
[  281.163143][T13863]  ? __fget_files+0x3a0/0x420
[  281.165087][T13863]  __x64_sys_sendmsg+0x19b/0x260
[  281.167123][T13863]  ? perf_trace_run_bpf_submit+0x100/0x170
[  281.169505][T13863]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  281.171773][T13863]  ? do_syscall_64+0xbe/0x3b0
[  281.173704][T13863]  do_syscall_64+0xfa/0x3b0
[  281.175592][T13863]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.177588][T13863]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.179659][T13863]  ? exc_page_fault+0x9f/0xf0
[  281.181588][T13863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.184028][T13863] RIP: 0033:0x7fc23ab8ebe9
[  281.185864][T13863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.193713][T13863] RSP: 002b:00007fc23bab9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.196845][T13863] RAX: ffffffffffffffda RBX: 00007fc23adb5fa0 RCX: 00007fc23ab8ebe9
[  281.199495][T13863] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  281.202318][T13863] RBP: 00007fc23ac11e19 R08: 0000000000000000 R09: 0000000000000000
[  281.205558][T13863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  281.208133][T13863] R13: 00007fc23adb6038 R14: 00007fc23adb5fa0 R15: 00007fff81157498
[  281.210634][T13863]  </TASK>
[  281.211699][T13863] ==================================================================
[  281.214350][T13863] Kernel panic - not syncing: KFENCE: panic_on_warn set ...
[  281.217243][T13863] CPU: 1 UID: 0 PID: 13863 Comm: syz.4.3438 Not tainted syzkaller #0 PREEMPT(full) 
[  281.220407][T13863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  281.224347][T13863] Call Trace:
[  281.225444][T13863]  <TASK>
[  281.226427][T13863]  dump_stack_lvl+0x99/0x250
[  281.228019][T13863]  ? __asan_memcpy+0x40/0x70
[  281.229541][T13863]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.231204][T13863]  ? __pfx__printk+0x10/0x10
[  281.232785][T13863]  vpanic+0x281/0x750
[  281.234107][T13863]  ? __pfx_vpanic+0x10/0x10
[  281.235559][T13863]  ? is_bpf_text_address+0x292/0x2b0
[  281.237254][T13863]  panic+0xb9/0xc0
[  281.238543][T13863]  ? __pfx_panic+0x10/0x10
[  281.239979][T13863]  ? __pfx__printk+0x10/0x10
[  281.241597][T13863]  check_panic_on_warn+0x89/0xb0
[  281.243649][T13863]  kfence_report_error+0x748/0xa40
[  281.245791][T13863]  ? __pfx_kfence_report_error+0x10/0x10
[  281.247616][T13863]  ? __xfrm_state_insert+0x855/0x1450
[  281.249382][T13863]  ? xfrm_state_insert+0x54/0x60
[  281.250966][T13863]  ? ipcomp6_init_state+0x655/0x900
[  281.252711][T13863]  ? __xfrm_init_state+0xa76/0x13f0
[  281.254390][T13863]  ? xfrm_add_sa+0x2f5b/0x4070
[  281.256087][T13863]  ? xfrm_user_rcv_msg+0x7a3/0xab0
[  281.257751][T13863]  ? netlink_rcv_skb+0x208/0x470
[  281.259390][T13863]  ? xfrm_netlink_rcv+0x79/0x90
[  281.261003][T13863]  ? netlink_unicast+0x82f/0x9e0
[  281.262979][T13863]  ? netlink_sendmsg+0x805/0xb30
[  281.264703][T13863]  ? __sock_sendmsg+0x21c/0x270
[  281.266255][T13863]  ? ____sys_sendmsg+0x505/0x830
[  281.267827][T13863]  ? ___sys_sendmsg+0x21f/0x2a0
[  281.269452][T13863]  ? __x64_sys_sendmsg+0x19b/0x260
[  281.271089][T13863]  ? do_syscall_64+0xfa/0x3b0
[  281.272974][T13863]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.275660][T13863]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  281.277809][T13863]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  281.279744][T13863]  ? search_bpf_extables+0x26/0x3f0
[  281.281488][T13863]  kfence_handle_page_fault+0x358/0x4d0
[  281.283730][T13863]  page_fault_oops+0x19f/0xa10
[  281.285399][T13863]  ? trace_call_bpf+0x5ba/0x850
[  281.286966][T13863]  ? __pfx_fixup_exception+0x10/0x10
[  281.288662][T13863]  ? __pfx_page_fault_oops+0x10/0x10
[  281.290364][T13863]  ? is_prefetch+0x403/0x640
[  281.291851][T13863]  ? __pfx_trace_call_bpf+0x10/0x10
[  281.293527][T13863]  ? __pfx_is_prefetch+0x10/0x10
[  281.295153][T13863]  __bad_area_nosemaphore+0x11a/0x780
[  281.296857][T13863]  ? irqentry_enter+0x3d/0x60
[  281.298415][T13863]  ? __pfx___bad_area_nosemaphore+0x10/0x10
[  281.300305][T13863]  ? do_kern_addr_fault+0x30/0x80
[  281.301938][T13863]  exc_page_fault+0xc3/0xf0
[  281.303405][T13863]  asm_exc_page_fault+0x26/0x30
[  281.305004][T13863] RIP: 0010:__xfrm_state_insert+0x855/0x1450
[  281.307208][T13863] Code: d8 0f 94 c1 08 c1 74 0a e8 98 e1 9e f7 e9 aa 00 00 00 4d 8d ac 24 30 03 00 00 4d 89 ee 49 c1 ee 03 41 0f b6 04 1e 84 c0 75 48 <41> 0f b6 6d 00 83 e5 0c bf 08 00 00 00 89 ee e8 67 e4 9e f7 83 fd
[  281.314477][T13863] RSP: 0018:ffffc9000358f0f8 EFLAGS: 00010246
[  281.316945][T13863] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[  281.320058][T13863] RDX: ffff8880229d1cc0 RSI: 0000000000000000 RDI: 0000000000000008
[  281.323155][T13863] RBP: 0000000000000004 R08: dffffc0000000000 R09: 0000000000000002
[  281.326302][T13863] R10: 000000000000000a R11: 0000000000000002 R12: ffff888136558000
[  281.329454][T13863] R13: ffff888136558330 R14: 1ffff11026cab066 R15: 0000000000000004
[  281.332661][T13863]  ? __xfrm_state_insert+0x7bf/0x1450
[  281.334844][T13863]  ? xfrm_state_insert+0x44/0x60
[  281.336800][T13863]  xfrm_state_insert+0x54/0x60
[  281.338720][T13863]  ipcomp6_init_state+0x655/0x900
[  281.340788][T13863]  __xfrm_init_state+0xa76/0x13f0
[  281.342778][T13863]  ? __xfrm_init_state+0x7ef/0x13f0
[  281.344923][T13863]  xfrm_add_sa+0x2f5b/0x4070
[  281.346794][T13863]  ? __pfx_xfrm_add_sa+0x10/0x10
[  281.348955][T13863]  ? apparmor_capable+0x137/0x1b0
[  281.351046][T13863]  ? __nla_parse+0x40/0x60
[  281.352907][T13863]  xfrm_user_rcv_msg+0x7a3/0xab0
[  281.354944][T13863]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  281.357283][T13863]  ? __pfx___mutex_trylock_common+0x10/0x10
[  281.359447][T13863]  ? rcu_is_watching+0x15/0xb0
[  281.361096][T13863]  ? trace_contention_end+0x39/0x120
[  281.362919][T13863]  ? __mutex_lock+0x335/0x1360
[  281.364855][T13863]  netlink_rcv_skb+0x208/0x470
[  281.366864][T13863]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  281.368814][T13863]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  281.370958][T13863]  ? netlink_deliver_tap+0x2e/0x1b0
[  281.372856][T13863]  ? netlink_deliver_tap+0x2e/0x1b0
[  281.374656][T13863]  xfrm_netlink_rcv+0x79/0x90
[  281.376235][T13863]  netlink_unicast+0x82f/0x9e0
[  281.377908][T13863]  ? __pfx_netlink_unicast+0x10/0x10
[  281.379724][T13863]  ? netlink_sendmsg+0x642/0xb30
[  281.381448][T13863]  ? skb_put+0x11b/0x210
[  281.383070][T13863]  netlink_sendmsg+0x805/0xb30
[  281.385197][T13863]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.387390][T13863]  ? perf_trace_run_bpf_submit+0x100/0x170
[  281.389789][T13863]  ? aa_sock_msg_perm+0xf1/0x1d0
[  281.391855][T13863]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  281.393999][T13863]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.395964][T13863]  __sock_sendmsg+0x21c/0x270
[  281.397928][T13863]  ____sys_sendmsg+0x505/0x830
[  281.399914][T13863]  ? __pfx_____sys_sendmsg+0x10/0x10
[  281.402114][T13863]  ? import_iovec+0x74/0xa0
[  281.403990][T13863]  ___sys_sendmsg+0x21f/0x2a0
[  281.405927][T13863]  ? __pfx____sys_sendmsg+0x10/0x10
[  281.408104][T13863]  ? __fget_files+0x2a/0x420
[  281.410031][T13863]  ? __fget_files+0x2a/0x420
[  281.411928][T13863]  ? __fget_files+0x3a0/0x420
[  281.413893][T13863]  __x64_sys_sendmsg+0x19b/0x260
[  281.415949][T13863]  ? perf_trace_run_bpf_submit+0x100/0x170
[  281.418343][T13863]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  281.420599][T13863]  ? do_syscall_64+0xbe/0x3b0
[  281.422559][T13863]  do_syscall_64+0xfa/0x3b0
[  281.424422][T13863]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.426553][T13863]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.429033][T13863]  ? exc_page_fault+0x9f/0xf0
[  281.431144][T13863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.433624][T13863] RIP: 0033:0x7fc23ab8ebe9
[  281.435503][T13863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.442419][T13863] RSP: 002b:00007fc23bab9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.445180][T13863] RAX: ffffffffffffffda RBX: 00007fc23adb5fa0 RCX: 00007fc23ab8ebe9
[  281.447716][T13863] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  281.450349][T13863] RBP: 00007fc23ac11e19 R08: 0000000000000000 R09: 0000000000000000
[  281.453031][T13863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  281.455547][T13863] R13: 00007fc23adb6038 R14: 00007fc23adb5fa0 R15: 00007fff81157498
[  281.458281][T13863]  </TASK>
[  281.459981][T13863] Kernel Offset: disabled
[  281.461844][T13863] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:11:32  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=0000000000000001 RCX=2d17ada7a0ea0f00 RDX=ffff88801f6ab980
RSI=ffffffff8dba5cac RDI=ffffffff8be33300 RBP=00000000ffffffff RSP=ffffc9000357f3f8
R8 =0000000000000000 R9 =ffffffff81cb03c7 R10=dffffc0000000000 R11=fffff91fe28cd676
R12=0000000000000046 R13=ffff88801f6ab980 R14=ffffffff8e139ea0 R15=0000000000000000
RIP=ffffffff8b793c13 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7bdab386c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d421ff8 CR3=0000000033906000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000082 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81748653 ffffffff81748632
XMM02=00007f7bd9f87498 ffffffff81748632 XMM03=00007f7bd9f874a8 00007f7bd9f874a0
XMM04=00007f7bdaaed100 00007f7bd9f87460 XMM05=00007f7bd9f87478 00007f7bd9f874c0
XMM06=00007f7bd9f874b8 00007f7bd9f874b0 XMM07=00007f7bd9f874a8 00007f7bd9f874a0
XMM08=0000000000000000 00007f7bd9e12ee7 XMM09=0000000000000000 00007f7bd9e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000003ba3 RDI=0000000000003ba4 RBP=00000000000003f8 RSP=ffffc9000358e370
R8 =ffff888020c28237 R9 =1ffff11004185046 R10=dffffc0000000000 R11=ffffffff854efa30
R12=dffffc0000000000 R13=ffffffff99af98c2 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854efaac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc23bab96c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=ffff888136558330 CR3=000000011204e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=0000000000000000 00007fdc4e412ee7 XMM09=0000000000000000 00007fdc4e412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
