last executing test programs:

25.890453083s ago: executing program 1 (id=828):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)}, 0x9cdc2384056b48b8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080))

25.82130574s ago: executing program 1 (id=829):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r0, 0x18000000000002a0, 0x36, 0x0, &(0x7f0000002140)="b9fe030768045c8c989a14f088a8702f86dda8c6e96fd9d5a7708025810dfbd5833ecda5130155e0b2c6ed515651056c705918431de0", 0x0, 0x8000009e, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

24.950658316s ago: executing program 1 (id=832):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = socket$netlink(0x10, 0x3, 0xf)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, 0x11, 0x100, 0x70bd28, 0x25dfdbfd, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x0)

24.791519993s ago: executing program 1 (id=837):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000500)="2000000013006bcd9e3fe3dc6e48aa310b6b8703360000001f03000000000000", 0x20}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20004002)

24.729558273s ago: executing program 1 (id=838):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x891b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5, 0x83501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x940, 0x4, 0x0, 0x0, 0x6d1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x40000100)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
close(0xffffffffffffffff)
r4 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r4, 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="300000001114010026bd7000fcdbdf2508004a0002000000080003000100faff08004b0013000000080001"], 0x30}, 0x1, 0x0, 0x0, 0x4008844}, 0x80)

24.575970764s ago: executing program 2 (id=844):
write$cgroup_type(0xffffffffffffffff, &(0x7f00000006c0), 0x9)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000740), 0x4)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c020000210001000200000004000000fc020000000000000000000000000000fc02000000000000000000000000000000007fff000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b36b6e0000000000cc011100fc01"], 0x21c}}, 0x0)

24.471381063s ago: executing program 2 (id=845):
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

24.191799747s ago: executing program 2 (id=847):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x88}, [@ldst={0x6}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)

24.021400637s ago: executing program 2 (id=849):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="6400000002060103000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a30001300000500040000000000050005000a00000014000780050015000200000008001240", @ANYRESOCT], 0x64}}, 0x0)

23.901670039s ago: executing program 2 (id=850):
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$kcm(0x11, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'virt_wifi0\x00', 0x11})
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c23003f)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_macvtap\x00', 0x1000})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{}, &(0x7f0000000040), &(0x7f0000000200)=r0}, 0x20)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)
socket$kcm(0x11, 0x200000000000002, 0x300)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x14}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xffffffff}]}, @NFT_MSG_NEWSETELEM={0x5c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x30, 0x3, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPR={0x24, 0x7, 0x0, 0x1, @objref={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0xd}, @NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x3}]}}}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000851}, 0x4008040)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r5)
sendmsg$tipc(r6, 0x0, 0x8044)
sendmsg$kcm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a", 0x23}], 0x1}, 0x24000000)

23.786016244s ago: executing program 1 (id=852):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

23.709518096s ago: executing program 2 (id=853):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x3, 0x10004, 0x5}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f0000000080)={'batadv0\x00'})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff0000000000000000850000005300000085000000230000"], 0x0, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$tipc(r4, 0x0, 0x20000040)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000340)=ANY=[@ANYBLOB="000003009165a101010000"])
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x2441, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x21a300, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x4110, 0x0, 0x0, 0x8, 0x37e, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff77, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x8, 0xfffffffffffffe14, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454da, &(0x7f0000000140)={'batadv0\x00'})
r7 = socket$kcm(0xa, 0x2, 0x88)
r8 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x8001, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(r7, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x50)
sendmsg$kcm(r7, 0x0, 0x40)
ioctl$PERF_EVENT_IOC_RESET(r8, 0x2403, 0x3ff)
r9 = socket$kcm(0x28, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x66480, 0x0)
recvmsg(r9, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x24000840)

8.671410052s ago: executing program 32 (id=852):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

8.623946331s ago: executing program 33 (id=853):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x3, 0x10004, 0x5}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f0000000080)={'batadv0\x00'})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff0000000000000000850000005300000085000000230000"], 0x0, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$tipc(r4, 0x0, 0x20000040)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000340)=ANY=[@ANYBLOB="000003009165a101010000"])
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x2441, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x21a300, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x4110, 0x0, 0x0, 0x8, 0x37e, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff77, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x8, 0xfffffffffffffe14, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454da, &(0x7f0000000140)={'batadv0\x00'})
r7 = socket$kcm(0xa, 0x2, 0x88)
r8 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x8001, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(r7, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x50)
sendmsg$kcm(r7, 0x0, 0x40)
ioctl$PERF_EVENT_IOC_RESET(r8, 0x2403, 0x3ff)
r9 = socket$kcm(0x28, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x66480, 0x0)
recvmsg(r9, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x24000840)

658.279593ms ago: executing program 0 (id=893):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x19, 0x4, 0x8, 0xdab}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
r1 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x541b, &(0x7f0000000000)={r1})

459.425449ms ago: executing program 0 (id=897):
socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x80000001, 0x1946}, 0x0, 0x0, 0x0, 0x1, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x3c)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa0000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, @perf_config_ext={0xfffffffffffffffe, 0x1946}, 0x801, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x80, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x50}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x5, 0x1, 0x100}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, [@map_val={0x18, 0x0, 0x2, 0x0, r0}, @ldst={0x3, 0x0, 0x3, 0x0, 0x0, 0x18}]}, 0x0, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000500), 0x4)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e00)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x9, 0x0, 0x6, 0xfffffffc, 0x3ff}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x7}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x2}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x84)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x890c, 0x0)

372.246949ms ago: executing program 3 (id=899):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x5, 0x4, 0x1000, 0xa, 0x0, 0xffffffffffffffff, 0xd}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

300.274151ms ago: executing program 4 (id=901):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xfa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000340)='cpu\t&0}&\t')

297.726726ms ago: executing program 3 (id=902):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000780)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0x14, 0x0, &(0x7f0000000440)="b9ff033168440372b89e14f00800", 0x0, 0xa, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

240.709561ms ago: executing program 0 (id=903):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

180.381245ms ago: executing program 3 (id=904):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x6b}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)

180.220604ms ago: executing program 4 (id=905):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514200cc00800190007000200060001c00200bc24eab556a705251e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004)

120.782821ms ago: executing program 4 (id=906):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00'}, 0x10)
r0 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@l2tp={0xa, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x80, 0x0}, 0x4000040)

120.462292ms ago: executing program 3 (id=907):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001640)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000020000005c0000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44aeaced3641110bec4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d4dcecb0c005d2a1bcf9436e101040000f73902ebcf0200822775985b231f000040ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2aa7f1521bc9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e6bfdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d2502000000d9051f22614d1f62734d678039a97d3e783df8b8a17e3aa9fe9c502f9acee4f1b56e1f23128d743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcd7cd6dfc06b02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069f6f24e1e1bc976d965ddabb01085f16bff63a06578d6d184f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8eae87691fae365a70c3f15871565bba8dd8a8ca049f798abe646f738bebdfc9d8a5edd7a19ca6a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c6e6f80d215c9e16e0c47365e78c80854b2baf8eb320d8c34cfc81936315418f26770cca4e2f89800d18c89d7f46f679df6c9e2005f209dda94302a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41df7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9c9e5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea8a1850c4f83306dbca02ee3686da707b6d85db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09834b4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde330289d6348d183ed9d3dae3cccf109f7c78e8479a345e805e47dfa82cafc6b64b1f4659834aecbeded44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c2061d22156b1b7d5f80c580dc31b0963ff953ce09148e8dfea9d03a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e96c247b6025d4376067e25357d3b521a5b927d3392a7503718aea24179528f6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0655bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905925e611be56e9ebe20cab20c290a1f6c09272dbc3b2c0ab2b5baa1b07b16e81f278e54a479f1a06bc06e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6afd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce788c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b41dd0843cf3d85bb820656a88a9e52a4cd7b3eeadfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f709294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b132876159972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1bc225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf067fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b1331ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d9479c5bde0beb38030d0c0ce0598700130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57b5f4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80014ff11d9dbceba41d8dfce410333a054e82b1d0504f1ce0aeacb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6bb956fac1ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70cea5fc1083a169a8263e9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd7d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e661f4b6d430adad1e2116bc385f888405d48f0d386da0cc6747b33395772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfde0c4a37c2d55c176680c4207000000e4aa467f995c9bc99e60441d4dbebead3b436427762618810bac7308c6d3298ea932b66572825e62d18462d3b2342ba48c145ff4674a94fa078cc552d064da2bb69a0d269076f8955076578f44ffb8895f11bd5e06840f8848df72230a28e0304569bfa0350b6dde9e96273de1758505aa1ba89dfb12be7a7c6dd18f6148354df7e60a489dc543ccdee1fff9d8f8d78844de27a77ef1181d5055c2a193a5763ed7749a17296c76818b60426082c86619dacc8a884c4de8572a044faf0c8e4377776c8703ecf2e3f1c3d64100cc000000008369f062639e3ddcf725be54f626448fb7bfc74c183b26e31b71a390ccea4be07278dd12fa16848797397b76908fa03613cd961b98b26a0879ccba4a78c82958764bce07a7f70df1cef6d4db1ddbda1db18e4f41c390fd3cb862216ece39a9ec60bd3be5f9329dcaf33bf2c87cc510557460d14421e1d26322ab64388f2ceae70922989f66827fe9acd2ec3ece39f3b4ffdc4dfea3da6ddb002512e2313253801044e751168e32d7bd6800000000a21008b8d26dabe977c503c30ef7c489e5ea1fff041e54de54cfeb258f2387dad096b72a78d91134927492cfc773c731cca9b13b3f6e7760ab0929c46f51ea5643f3df4f4044f3ad0a6ba739e72d8b8b2935d81534bea8372bc590c111d573e04280659a096eaa495a4154daae7d1800c130d920964845c50c8ba4763b19b6008f6d7a5091895c7a4b7816ab706503be879b18b778b0f61ecfde2f8bbb32cfeb766ec4430ee0ad45a0a263ddc4b2f47680c8d53439f8d388dab87112c83997c83e178be287eb6e8c95badaf8ed85cd5b03a7352a0fb83398566d1bc133582ce2d9f601cd23eba4432180b2d5c3019879cd949a5be1b241b3d0d0d52a3529cc9e704a9d8d54f4f7b776a969a4505e18fe5284985ca7d112c397d776e3baba918b7df456bd970e761e00f3b0efa5ce4246d9f08ba60da3be556c518a1f19504c7cea1491a9eadd27d747ca9cc5f92e30b2ca3cf0b142a8554c87e8026d4e586cf5f7c9d412e6eb4f66a076c8bca6b294305969dabb6c932b57a5dd4234bf1ed3bd095229ee3cbb86883d574c5af4bb78370561de3fbf55bfcd2db3979eb1be120b5795443324023353c959fd965702f1cd5bcb3c16d4b8bdd9fc87c862c247e140379ef098c7b3fa79a6638a245b6a74f14dde9bd4ee48e62cdc70f486ce38641e4e4309aa9f4bd097fa1530db966d9919544ab4890301e51f9525436f5d9591460340f5093161a78a249783945407f2576d6f35a99e3521d7991e3fdfde5ee7f6a8ff8181a68ef15a2ebfe9e22d7c745949ab5cc15b9f5659799b5e00debbf9f623f75bfd4d83c4859ca9b652cea33daeeef07b60c78a21965bcf91919071c7ded19317dc0b7587d9322f8cec9e32675a187465bdfa101bcd9ac680839b375af12c160247dd960e70eb7ee60c52a900440aa9bd9a6b15a4a34dc73c3c4936d8986300fdc264b28537df387e6442c3355fa2a31d24c1ed888a57fcc50400a084a38a3630ffc465f36a4b770fab0946148161184be39134542e934f3a538b011cb3928b430630b8ccc800000000881d4361e7fbd1fc2331b4e34733480bc497662a8234a7eeab3e65d6b0f5d92edff04416eedcd15b9ddbcb3cf9228afda6b17d44a276b205eabd0069f7e26aea50f537dc77b683ed83d2f9110e00a705f48e9d13378cf09bca22e8f45c4f360d5fff8ba35f21c4513bcc0800000000000000dc5cc7ad7290c60bc609bff9be7cd922f474c3faa78fd42cba7c78d6d912656b6313497625e2f9afaba05b17ca242b7ca8d6556175aee38142a8aac5f677c2f8a6967f2cb5e97aae97a5e5579a706243688ac4d38a4601b4aadb2d319fe7d6bf1272fa3fa701338d7bce390e8bf959081ed39e63a431901d615a26ff95e1620a6c26eda4f92d83499a173e7217001f58ed5406bdb59acbc997e8fd3d53b4c2c2a1b314bfe611e5958458af7b3c5319fdb4c40b8d01365fdee93af6fad7c7a8da86460f45c9e99d43264c921b090000000000000000000000000000000000007cf90000008f8a9da7a8a167815c6ffcd1b6863cde9ab45ecd8f06423198bb00cdf76877f407be46b000000000afbb4cb3a8de259a8beb2223f28b855e2bdf4b31b91e5062a42a55bd95e93f77f2499391cf0000000000000000000000000000195007ad27d1d61dc4d5512f117f0ed554c2c88c1713000000000000bb1ff447d6e12da22ee9f0422a84f361684861169f498909c4841f4d5a0f5807a3b7d833075fdcd9c1d169b03d7df7f415f6ac8b9e92eaf86992adbda360dd91de51c6df335445492608162fb0804dabdeac6fb71042f906eefd37f1d190a1c8a0d9de7f34dcc8cbd7b565fc675f3bf7aac559411808ee703ec3ad461c6ddc571994cb504c46eabbc2ff4b97df394bc75b5e7f45b4450753b5d2b8b8414a7fe6a17661bdb5b1d080cfd974811e1d60763d8d9509c75aa729a334b55ee76b0c2d5027e81ceec1a6d7441d0b538d7a4d048d156ebcff102e45c15d2a73b40d74807f5182a319d50edbf430f00b1c29a9e4bd92111caacbb1d4541545c2d262646070da42f76e3f3c6d139eed89cc9300000000000000000000000000000000000072d7e605eb8e978d76796d9d3a728c51a3145da8e1ca4973aa8fed855328e9d2f600000000000000e862eac50e9ba95b6a2a29e8ef08a9ae29792e77fb9952b1ac5c816db5c23a656d9a28f81f6a9465aec94d701ee8646b30650c84b9510a337e82702baf368d29281d3d54b39014756ca5a1be184d4ebb942f99581a6fbac0b9c9f97c920dfac7e2379ef6bb076118aa9bbb4ee12e64aa530f852bf4f970a08a55531934e39fbae483129949a918115571d76740ca6a1cea59df290f2e63675ca30a289775825fe3e5d6f206f3f395346c0738035dc74368bb035fc65a40f8124369b8950ded31af64855cb18b23517ca935a0fa1b630d70c4ca9acbaf0f08910f327fba506d834029a90d47701102045fff90675adb3c83983d125ae730b9497c681a912a6bb70300a2d7fba051f82b9d6f710426b5bd0d0bc0b08a0f801276789613da406905011bd6ebbac91ff17a21d1ed0882e73394025772f31dc8a3048789c703f920c55746f6fc955046f9332d72150be23c26cbb08d1b438e84b83f869fbb866c57567826efc6a16958fd46dc7b8cbea1da2d541324e373e9157696d698a0b4bc84d7cc2fdb069db8a5a491a9d2bbc0a61b73f75d81d07d778a1577db3b06d20a21b19ea17ecd996d7dea947ee8ce55fa2dea5a000000000000000000000000006f0143d8d4038ef9f57d58710d1febe7394cf8b02f59dab24d07db3d3c1ebff5244f438b3d6d15a30ec32aadb3cfa1c2f7dac7c5937c14702a3a0702b53115c163eb91275aedd6ad46b49b100208e73bb2c57068664f8ffd34bc8708faadd12d80875d7f1c0d9cd1ddd292e1efe9780c02487a38a688dfc173fac71249cdee0fc53336ede131253606067e3dd22f2e5db2b9d570b1fb3f3add20b3a02caf5721868b642a2e5cf40a03c49b8fe89fa6b7b4a823104f2314d37e7de67b719bf3aba1273a974f38f7c82d4fa14aa12599ad6ae5197c3c0040e5beb587d917992168e412403cf568acf630927e005b9a75"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000540)="1400000024000b47564cb6288200eb1405000000", 0x14}], 0x1}, 0x4000)

120.267435ms ago: executing program 0 (id=908):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x6d}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)

120.159677ms ago: executing program 4 (id=909):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)

60.64006ms ago: executing program 0 (id=910):
r0 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000040), 0x8)
sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20000014)

60.099884ms ago: executing program 3 (id=911):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200400000000000020000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000009fb3964d00000000000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

59.613086ms ago: executing program 4 (id=912):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)={0x34, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@typed={0x4, 0x8e}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x19, 0x0, 0x1, [@typed={0x8, 0x86, 0x0, 0x0, @pid}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

555.329µs ago: executing program 0 (id=913):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000003600fb50e3d0f15185e981db175d3c4a", 0x14}], 0x1}, 0x0)

328.099µs ago: executing program 3 (id=914):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syz_tun\x00', 0x2})

0s ago: executing program 4 (id=915):
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r1=>0xffffffffffffffff})
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, 0x0)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
socketpair(0x28, 0x1, 0x28, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e50200000000000000"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='kfree_skb\x00', r4}, 0x18)
r5 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r5, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900)
socket$kcm(0x21, 0x2, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x8}, 0x100010}, 0xffffffffffffffff, 0x0, r0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:18694' (ED25519) to the list of known hosts.
syzkaller login: [   56.285239][ T5831] cgroup: Unknown subsys name 'net'
[   56.396942][ T5831] cgroup: Unknown subsys name 'cpuset'
[   56.405325][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.228400][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.141548][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.156275][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.159091][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.161639][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.164727][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.169503][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.172621][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.175068][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.178128][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.180574][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.255327][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.258340][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.261224][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.265313][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.268260][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.495294][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   63.623282][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   63.725596][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.728800][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.733829][ T5848] bridge_slave_0: entered allmulticast mode
[   63.737794][ T5848] bridge_slave_0: entered promiscuous mode
[   63.762788][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.765601][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.768599][ T5848] bridge_slave_1: entered allmulticast mode
[   63.774384][ T5848] bridge_slave_1: entered promiscuous mode
[   63.840948][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.845531][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   63.860336][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.863555][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.866505][ T5845] bridge_slave_0: entered allmulticast mode
[   63.870379][ T5845] bridge_slave_0: entered promiscuous mode
[   63.876457][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.879591][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.883254][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.886180][ T5845] bridge_slave_1: entered allmulticast mode
[   63.890198][ T5845] bridge_slave_1: entered promiscuous mode
[   63.950269][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.965082][ T5848] team0: Port device team_slave_0 added
[   63.984443][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.990148][ T5848] team0: Port device team_slave_1 added
[   64.041470][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.043889][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.053017][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.077571][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.079988][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.089657][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.103805][ T5845] team0: Port device team_slave_0 added
[   64.122863][ T5845] team0: Port device team_slave_1 added
[   64.125192][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.127955][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.130950][ T5854] bridge_slave_0: entered allmulticast mode
[   64.134606][ T5854] bridge_slave_0: entered promiscuous mode
[   64.138969][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.141325][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.144188][ T5854] bridge_slave_1: entered allmulticast mode
[   64.147467][ T5854] bridge_slave_1: entered promiscuous mode
[   64.204543][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.207247][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.217163][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.222816][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.226301][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.228976][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.238580][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.260426][ T5848] hsr_slave_0: entered promiscuous mode
[   64.263870][ T5848] hsr_slave_1: entered promiscuous mode
[   64.269657][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.340791][ T5854] team0: Port device team_slave_0 added
[   64.344923][ T5854] team0: Port device team_slave_1 added
[   64.350954][ T5845] hsr_slave_0: entered promiscuous mode
[   64.353336][ T5845] hsr_slave_1: entered promiscuous mode
[   64.355410][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[   64.357207][ T5845] Cannot create hsr debugfs directory
[   64.404751][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.407629][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.417722][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.439792][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.443566][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.452990][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.555677][ T5854] hsr_slave_0: entered promiscuous mode
[   64.558328][ T5854] hsr_slave_1: entered promiscuous mode
[   64.560830][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   64.564199][ T5854] Cannot create hsr debugfs directory
[   64.686936][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.694008][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.711511][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.717104][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.781530][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.807591][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.815503][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.825429][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.891395][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.904120][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   64.916068][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   64.939790][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.993860][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.041401][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   65.059193][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.061847][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.074317][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.084514][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.086839][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.107253][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   65.134934][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.137949][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.157469][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.160592][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.185523][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.224465][ T5235] Bluetooth: hci1: command tx timeout
[   65.224485][ T5846] Bluetooth: hci0: command tx timeout
[   65.247675][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   65.258339][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.261357][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.281915][ T5845] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.289037][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.301945][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.305105][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.308530][ T5235] Bluetooth: hci2: command tx timeout
[   65.383521][ T5854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.457136][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.492069][ T5848] veth0_vlan: entered promiscuous mode
[   65.517576][ T5848] veth1_vlan: entered promiscuous mode
[   65.533941][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.578549][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.598982][ T5848] veth0_macvtap: entered promiscuous mode
[   65.609560][ T5848] veth1_macvtap: entered promiscuous mode
[   65.629322][ T5845] veth0_vlan: entered promiscuous mode
[   65.647604][ T5845] veth1_vlan: entered promiscuous mode
[   65.654940][ T5854] veth0_vlan: entered promiscuous mode
[   65.660834][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.680030][ T5854] veth1_vlan: entered promiscuous mode
[   65.685390][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.705033][ T5858] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.708441][ T5875] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.720443][ T5875] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.726105][ T5875] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.738155][ T5845] veth0_macvtap: entered promiscuous mode
[   65.747941][ T5854] veth0_macvtap: entered promiscuous mode
[   65.770457][ T5845] veth1_macvtap: entered promiscuous mode
[   65.789194][ T5854] veth1_macvtap: entered promiscuous mode
[   65.807431][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.829134][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.845780][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.858793][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.863141][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.866947][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.875255][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.898344][  T312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.903219][  T312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.915659][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.950901][ T5875] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.969621][ T5875] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.975412][ T5875] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.978591][ T5875] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.010976][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.021237][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.061023][  T624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.070034][  T624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.111977][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.118673][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.139409][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.151945][  T312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.160208][  T312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.236065][  T312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.239498][  T312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.299290][ T5914] netlink: 'syz.0.1': attribute type 4 has an invalid length.
[   66.303388][ T5914] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1'.
[   66.319069][ T5914] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   66.482171][    C0] hrtimer: interrupt took 103757 ns
[   67.303721][ T5235] Bluetooth: hci1: command tx timeout
[   67.333978][ T5235] Bluetooth: hci0: command tx timeout
[   67.382787][ T5235] Bluetooth: hci2: command tx timeout
[   67.409321][ T5933] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   67.536486][ T5937] lo speed is unknown, defaulting to 1000
[   67.539551][ T5937] lo speed is unknown, defaulting to 1000
[   67.550948][ T5937] lo speed is unknown, defaulting to 1000
[   67.585434][ T5937] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   67.676252][ T5937] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   67.873183][ T5937] lo speed is unknown, defaulting to 1000
[   67.890299][ T5937] lo speed is unknown, defaulting to 1000
[   67.919243][ T5937] lo speed is unknown, defaulting to 1000
[   67.982697][ T5937] syz.1.11 (5937) used greatest stack depth: 19256 bytes left
[   69.386707][ T5235] Bluetooth: hci0: command tx timeout
[   69.386745][ T5846] Bluetooth: hci1: command tx timeout
[   69.465177][ T5846] Bluetooth: hci2: command tx timeout
[   69.490910][ T5976] netlink: 'syz.2.26': attribute type 21 has an invalid length.
[   69.499374][ T5976] netlink: 100 bytes leftover after parsing attributes in process `syz.2.26'.
[   70.775028][ T6004] netlink: 830 bytes leftover after parsing attributes in process `syz.0.36'.
[   70.800269][ T6004] bond_slave_0: entered promiscuous mode
[   70.803342][ T6004] bond_slave_1: entered promiscuous mode
[   70.840868][ T6004] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.36'.
[   71.076965][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.080214][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.466245][ T5846] Bluetooth: hci1: command tx timeout
[   71.469044][ T5846] Bluetooth: hci0: command tx timeout
[   71.542951][ T5235] Bluetooth: hci2: command tx timeout
[   71.859995][ T6042] netlink: 12 bytes leftover after parsing attributes in process `syz.1.53'.
[   72.609743][ T6055] syzkaller0: entered promiscuous mode
[   72.612241][ T6055] syzkaller0: entered allmulticast mode
[   74.449755][ T6097] netlink: 12 bytes leftover after parsing attributes in process `syz.0.77'.
[   74.530040][ T6101] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   74.640153][ T6112] netlink: 'syz.0.84': attribute type 39 has an invalid length.
[   75.304070][ T6151] netlink: 'syz.0.101': attribute type 1 has an invalid length.
[   75.307080][ T6151] netlink: 17 bytes leftover after parsing attributes in process `syz.0.101'.
[   77.118997][ T6177] netlink: 10 bytes leftover after parsing attributes in process `syz.0.113'.
[   77.634500][ T6196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.118'.
[   78.411039][ T6214] netlink: 'syz.0.128': attribute type 39 has an invalid length.
[   79.777800][ T6239] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[   79.983014][ T6249] netlink: 60 bytes leftover after parsing attributes in process `syz.2.142'.
[   80.011292][ T6254] netlink: 28 bytes leftover after parsing attributes in process `syz.0.146'.
[   80.017182][ T6254] netlink: 28 bytes leftover after parsing attributes in process `syz.0.146'.
[   80.373604][ T6274] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.156'.
[   81.438974][  T796] cfg80211: failed to load regulatory.db
[   81.886194][ T6316] warning: `syz.1.173' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   82.078656][ T6327] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.178'.
[   86.027587][ T6338] syz.1.183 uses obsolete (PF_INET,SOCK_PACKET)
[   86.386357][ T6358] netlink: 108 bytes leftover after parsing attributes in process `syz.1.193'.
[   86.492664][ T6360] : entered promiscuous mode
[   87.205756][ T6397] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.210'.
[   87.423495][ T6405] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   87.488540][ T6405] Zero length message leads to an empty skb
[   87.568488][ T6417] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.571740][ T6417] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.586555][ T6417] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.589611][ T6417] batman_adv: batadv0: Removing interface: batadv_slave_1
[   88.089036][ T6434] sit0: entered allmulticast mode
[   88.135279][ T6434] sit0: entered promiscuous mode
[   88.960213][ T6464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.238'.
[   90.891505][ T6530] netlink: 388 bytes leftover after parsing attributes in process `syz.2.269'.
[   90.954010][ T6536] netlink: 32 bytes leftover after parsing attributes in process `syz.0.272'.
[   90.957889][ T6536] openvswitch: netlink: Missing key (keys=40, expected=100)
[   91.096934][ T6544] lo speed is unknown, defaulting to 1000
[   91.890593][ T6559] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   91.898668][ T6559] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   91.900541][ T6558] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.279'.
[   92.920668][ T6598] netlink: 'syz.0.297': attribute type 21 has an invalid length.
[   93.046017][ T6609] netlink: 'syz.0.302': attribute type 15 has an invalid length.
[   93.049072][ T6609] netlink: 'syz.0.302': attribute type 7 has an invalid length.
[   93.052759][ T6609] netlink: 52 bytes leftover after parsing attributes in process `syz.0.302'.
[   93.365001][ T6627] netlink: 'syz.1.307': attribute type 1 has an invalid length.
[   93.368819][ T6627] netlink: 'syz.1.307': attribute type 1 has an invalid length.
[   93.371936][ T6627] netlink: 'syz.1.307': attribute type 2 has an invalid length.
[   93.465388][ T6631] netlink: 92 bytes leftover after parsing attributes in process `syz.2.310'.
[   93.491387][ T5235] Bluetooth: hci1: ACL packet too small
[   93.678624][ T6645] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   93.683802][  T796] lo speed is unknown, defaulting to 1000
[   93.825488][ T6649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.318'.
[   93.829332][ T6649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.318'.
[   93.836516][ T6649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.318'.
[   94.217320][ T6666] netlink: 26 bytes leftover after parsing attributes in process `syz.0.326'.
[   94.450442][ T6674] netlink: 8 bytes leftover after parsing attributes in process `syz.2.329'.
[   95.081441][ T6681] netlink: 'syz.1.332': attribute type 29 has an invalid length.
[   96.263408][ T6704] netlink: 'syz.0.341': attribute type 2 has an invalid length.
[   96.265897][ T6704] netlink: 120 bytes leftover after parsing attributes in process `syz.0.341'.
[   97.245323][ T6717] netlink: 'syz.1.346': attribute type 4 has an invalid length.
[   97.247924][ T6717] netlink: 'syz.1.346': attribute type 3 has an invalid length.
[   97.250492][ T6717] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.346'.
[   97.294240][ T6719] netlink: 348 bytes leftover after parsing attributes in process `syz.0.347'.
[   97.365115][ T5235] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[   97.853331][ T6761] netlink: 172 bytes leftover after parsing attributes in process `syz.1.366'.
[   97.858826][ T6761] netlink: 16 bytes leftover after parsing attributes in process `syz.1.366'.
[   98.059521][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.0.372'.
[   99.059292][ T6813] netlink: 92 bytes leftover after parsing attributes in process `syz.2.389'.
[   99.068037][ T6813] netlink: 12 bytes leftover after parsing attributes in process `syz.2.389'.
[   99.071641][ T6813] netlink: 20 bytes leftover after parsing attributes in process `syz.2.389'.
[   99.382789][ T5235] Bluetooth: hci2: command tx timeout
[   99.795442][ T5235] Bluetooth: hci0: ISO packet for unknown connection handle 0
[   99.823525][ T6869] validate_nla: 1 callbacks suppressed
[   99.823558][ T6869] netlink: 'syz.0.407': attribute type 11 has an invalid length.
[   99.828265][ T6869] netlink: 168 bytes leftover after parsing attributes in process `syz.0.407'.
[  100.001657][ T6881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'.
[  100.036001][ T6887] netlink: 'syz.1.416': attribute type 39 has an invalid length.
[  100.326194][ T6894] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  100.381306][ T6900] netlink: 'syz.1.422': attribute type 1 has an invalid length.
[  100.497519][ T6910] netlink: 'syz.0.426': attribute type 21 has an invalid length.
[  101.113609][ T6942] bridge_slave_1: left allmulticast mode
[  101.116136][ T6942] bridge_slave_1: left promiscuous mode
[  101.119459][ T6942] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.320967][ T6942] bridge_slave_0: left allmulticast mode
[  101.324170][ T6942] bridge_slave_0: left promiscuous mode
[  101.326625][ T6942] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.399662][ T6948] syz.1.442: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  101.410786][ T6948] CPU: 1 UID: 0 PID: 6948 Comm: syz.1.442 Not tainted syzkaller #0 PREEMPT(full) 
[  101.410800][ T6948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  101.410806][ T6948] Call Trace:
[  101.410811][ T6948]  <TASK>
[  101.410829][ T6948]  dump_stack_lvl+0x189/0x250
[  101.410852][ T6948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.410864][ T6948]  ? __pfx__printk+0x10/0x10
[  101.410879][ T6948]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  101.410892][ T6948]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  101.410905][ T6948]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  101.410919][ T6948]  warn_alloc+0x214/0x310
[  101.410934][ T6948]  ? stack_depot_save_flags+0x41b/0x860
[  101.410950][ T6948]  ? __pfx_warn_alloc+0x10/0x10
[  101.410965][ T6948]  ? kasan_save_track+0x4f/0x80
[  101.410977][ T6948]  ? xskq_create+0x56/0x170
[  101.410988][ T6948]  ? xsk_init_queue+0xb0/0x110
[  101.410996][ T6948]  ? xsk_setsockopt+0x57b/0x8d0
[  101.411004][ T6948]  ? do_sock_setsockopt+0x17c/0x1b0
[  101.411017][ T6948]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  101.411023][ T6948]  ? do_syscall_64+0xfa/0x3b0
[  101.411033][ T6948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.411050][ T6948]  __vmalloc_node_range_noprof+0x125/0x12f0
[  101.411097][ T6948]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  101.411116][ T6948]  ? __kasan_kmalloc+0x93/0xb0
[  101.411132][ T6948]  vmalloc_user_noprof+0xad/0xf0
[  101.411143][ T6948]  ? xskq_create+0xbf/0x170
[  101.411155][ T6948]  xskq_create+0xbf/0x170
[  101.411170][ T6948]  xsk_init_queue+0xb0/0x110
[  101.411190][ T6948]  xsk_setsockopt+0x57b/0x8d0
[  101.411206][ T6948]  ? __pfx_xsk_setsockopt+0x10/0x10
[  101.411217][ T6948]  ? __pfx_aa_sk_perm+0x10/0x10
[  101.411234][ T6948]  ? __fget_files+0x2a/0x420
[  101.411241][ T6948]  ? aa_sock_opt_perm+0xff/0x1b0
[  101.411255][ T6948]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  101.411264][ T6948]  ? __pfx_xsk_setsockopt+0x10/0x10
[  101.411277][ T6948]  do_sock_setsockopt+0x17c/0x1b0
[  101.411295][ T6948]  __x64_sys_setsockopt+0x13f/0x1b0
[  101.411310][ T6948]  do_syscall_64+0xfa/0x3b0
[  101.411320][ T6948]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.411331][ T6948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.411339][ T6948]  ? exc_page_fault+0x9f/0xf0
[  101.411352][ T6948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.411360][ T6948] RIP: 0033:0x7f4cc638ebe9
[  101.411370][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.411377][ T6948] RSP: 002b:00007f4cc713d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  101.411386][ T6948] RAX: ffffffffffffffda RBX: 00007f4cc65b5fa0 RCX: 00007f4cc638ebe9
[  101.411392][ T6948] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  101.411397][ T6948] RBP: 00007f4cc6411e19 R08: 0000000000000004 R09: 0000000000000000
[  101.411402][ T6948] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  101.411408][ T6948] R13: 00007f4cc65b6038 R14: 00007f4cc65b5fa0 R15: 00007ffda7c4e908
[  101.411434][ T6948]  </TASK>
[  101.411438][ T6948] Mem-Info:
[  101.434781][ T6946] netlink: zone id is out of range
[  101.445149][ T6948] active_anon:21689 inactive_anon:0 isolated_anon:0
[  101.445149][ T6948]  active_file:10880 inactive_file:38219 isolated_file:0
[  101.445149][ T6948]  unevictable:1768 dirty:20 writeback:0
[  101.445149][ T6948]  slab_reclaimable:9502 slab_unreclaimable:51840
[  101.445149][ T6948]  mapped:27861 shmem:15692 pagetables:934
[  101.445149][ T6948]  sec_pagetables:0 bounce:0
[  101.445149][ T6948]  kernel_misc_reclaimable:0
[  101.445149][ T6948]  free:279350 free_pcp:17776 free_cma:0
[  101.445228][ T6948] Node 0 active_anon:27372kB inactive_anon:0kB active_file:38132kB inactive_file:33520kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:71040kB dirty:72kB writeback:0kB shmem:19756kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6424kB pagetables:2200kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  101.445252][ T6948] Node 1 active_anon:59384kB inactive_anon:0kB active_file:5388kB inactive_file:119356kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:40404kB dirty:8kB writeback:0kB shmem:43012kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4832kB pagetables:1536kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  101.445274][ T6948] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  101.445301][ T6948] lowmem_reserve[]: 0 811 811 811 811
[  101.445327][ T6948] Node 0 DMA32 free:353396kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27372kB inactive_anon:0kB active_file:38132kB inactive_file:33520kB unevictable:3536kB writepending:72kB present:1556484kB managed:830960kB mlocked:0kB bounce:0kB free_pcp:38628kB local_pcp:19644kB free_cma:0kB
[  101.445353][ T6948] lowmem_reserve[]: 0 0 0 0 0
[  101.445377][ T6948] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:116kB free_cma:0kB
[  101.445400][ T6948] lowmem_reserve[]: 0 0 854 854 854
[  101.445423][ T6948] Node 1 Normal free:290152kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59384kB inactive_anon:0kB active_file:5388kB inactive_file:119356kB unevictable:3536kB writepending:8kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:32360kB local_pcp:15860kB free_cma:0kB
[  101.445471][ T6948] lowmem_reserve[]: 0 0 0 0 0
[  101.445513][ T6948] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  101.445609][ T6948] Node 0 DMA32: 1*4kB (M) 6*8kB (E) 4*16kB (ME) 310*32kB (UM) 103*64kB (UM) 101*128kB (UM) 7*256kB (ME) 5*512kB (ME) 4*1024kB (UME) 2*2048kB (M) 76*4096kB (UM) = 353396kB
[  101.445732][ T6948] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[  101.445831][ T6948] Node 1 Normal: 2*4kB (UE) 109*8kB (UE) 104*16kB (UME) 101*32kB (UE) 135*64kB (UE) 42*128kB (U) 16*256kB (UME) 8*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 63*4096kB (M) = 290128kB
[  101.446026][ T6948] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  101.446034][ T6948] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  101.446041][ T6948] 64791 total pagecache pages
[  101.446047][ T6948] 0 pages in swap cache
[  101.446051][ T6948] Free swap  = 124996kB
[  101.446056][ T6948] Total swap = 124996kB
[  101.446060][ T6948] 786301 pages RAM
[  101.446064][ T6948] 0 pages HighMem/MovableOnly
[  101.446068][ T6948] 241329 pages reserved
[  101.446072][ T6948] 0 pages cma reserved
[  101.738570][ T6946] netlink: zone id is out of range
[  101.740568][ T6946] netlink: get zone limit has 8 unknown bytes
[  102.251107][ T6970] openvswitch: netlink: Message has 4 unknown bytes.
[  102.971394][ T6985] lo speed is unknown, defaulting to 1000
[  103.187997][ T6989] __nla_validate_parse: 8 callbacks suppressed
[  103.188046][ T6989] netlink: 1057 bytes leftover after parsing attributes in process `syz.0.459'.
[  103.669958][ T7016] netlink: 'syz.1.471': attribute type 291 has an invalid length.
[  104.149348][ T5235] Bluetooth: hci1: unexpected subevent 0x0e length: 150 > 15
[  104.151750][ T5235] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  104.685953][ T7047] netlink: 'syz.2.485': attribute type 2 has an invalid length.
[  104.688595][ T7047] netlink: 'syz.2.485': attribute type 1 has an invalid length.
[  104.691009][ T7047] netlink: 'syz.2.485': attribute type 1 has an invalid length.
[  104.799974][ T7055] netlink: 36 bytes leftover after parsing attributes in process `syz.0.489'.
[  104.808075][ T7055] netlink: 36 bytes leftover after parsing attributes in process `syz.0.489'.
[  104.885663][ T7057] netlink: 'syz.1.490': attribute type 1 has an invalid length.
[  104.929807][ T7060] netlink: 128 bytes leftover after parsing attributes in process `syz.1.491'.
[  104.957052][ T7055] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  105.589242][ T7073] netlink: 'syz.2.497': attribute type 39 has an invalid length.
[  106.332280][ T7107] netlink: 830 bytes leftover after parsing attributes in process `syz.0.513'.
[  106.430271][ T7116] netlink: 136 bytes leftover after parsing attributes in process `syz.2.516'.
[  106.439952][ T7115] C: renamed from team_slave_0 (while UP)
[  106.444598][ T7115] netlink: 'syz.0.513': attribute type 3 has an invalid length.
[  106.447893][ T7115] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  106.728177][ T7132] openvswitch: netlink: Message has 1 unknown bytes.
[  106.730261][ T7132] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  108.010766][ T7162] netlink: 60 bytes leftover after parsing attributes in process `syz.0.537'.
[  108.069786][ T7165] netlink: 'syz.0.539': attribute type 2 has an invalid length.
[  108.095117][ T7165] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.539'.
[  108.098994][ T7165] nbd: must specify a device to reconfigure
[  108.233626][ T7175] ]X: renamed from veth0_vlan (while UP)
[  108.684642][ T7191] netlink: 202920 bytes leftover after parsing attributes in process `syz.2.550'.
[  108.748960][ T7198] netlink: 'syz.0.553': attribute type 10 has an invalid length.
[  108.759185][ T7198] team0: Device veth1_macvtap failed to register rx_handler
[  109.465149][ T7236] netlink: 4 bytes leftover after parsing attributes in process `syz.1.571'.
[  109.665810][ T7242] Driver unsupported XDP return value 0 on prog  (id 220) dev N/A, expect packet loss!
[  110.078287][ T7263] netlink: 'syz.0.584': attribute type 11 has an invalid length.
[  110.124103][ T7265] netlink: 'syz.2.579': attribute type 10 has an invalid length.
[  110.528787][ T7265] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  110.737887][ T7261] lo speed is unknown, defaulting to 1000
[  111.315374][ T7298] netlink: 164 bytes leftover after parsing attributes in process `syz.1.599'.
[  111.349473][ T7300] netlink: 'syz.1.600': attribute type 21 has an invalid length.
[  111.356358][ T7300] netlink: 128 bytes leftover after parsing attributes in process `syz.1.600'.
[  111.359642][ T7300] netlink: 'syz.1.600': attribute type 4 has an invalid length.
[  111.363363][ T7300] netlink: 'syz.1.600': attribute type 5 has an invalid length.
[  111.365979][ T7300] netlink: 3 bytes leftover after parsing attributes in process `syz.1.600'.
[  111.382875][ T5235] Bluetooth: hci0: unexpected event 0x1c length: 15 > 5
[  111.402779][ T7294] netlink: 56 bytes leftover after parsing attributes in process `syz.2.597'.
[  111.546362][ T7315] netlink: 'syz.0.607': attribute type 10 has an invalid length.
[  111.549084][ T7315] netlink: 156 bytes leftover after parsing attributes in process `syz.0.607'.
[  111.739215][ T7334] netlink: 188 bytes leftover after parsing attributes in process `syz.0.617'.
[  112.051991][ T7363] netlink: 'syz.2.630': attribute type 25 has an invalid length.
[  112.057690][ T7363] netlink: 'syz.2.630': attribute type 1 has an invalid length.
[  112.060635][ T7363] bridge0: port 1(bridge_slave_0) entered learning state
[  113.587149][ T7423] netlink: 60 bytes leftover after parsing attributes in process `syz.0.654'.
[  113.591933][ T7423] netlink: 60 bytes leftover after parsing attributes in process `syz.0.654'.
[  113.758092][ T7434] delete_channel: no stack
[  113.937672][ T7452] __nla_validate_parse: 1 callbacks suppressed
[  113.937683][ T7452] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.668'.
[  113.981133][ T7456] netlink: 48 bytes leftover after parsing attributes in process `syz.2.670'.
[  113.986006][ T7456] netlink: 'syz.2.670': attribute type 1 has an invalid length.
[  114.033283][ T7462] syzkaller0: entered promiscuous mode
[  114.035291][ T7462] syzkaller0: entered allmulticast mode
[  115.181090][ T7490] netlink: 'syz.1.686': attribute type 11 has an invalid length.
[  115.186709][ T7490] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.686'.
[  115.191044][ T7489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  116.048678][ T7498] openvswitch: netlink: Message has 16 unknown bytes.
[  116.050984][ T7498] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  117.362956][ T7553] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  117.536305][ T7566] netlink: 20 bytes leftover after parsing attributes in process `syz.1.718'.
[  117.540476][ T7566] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  117.820708][ T7591] netlink: 'syz.2.730': attribute type 10 has an invalid length.
[  117.861263][ T7591] team0: Port device geneve1 added
[  118.081329][   T33] audit: type=1107 audit(1755609526.679:2): pid=7595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=','
[  118.471063][ T7620] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.743'.
[  118.501566][ T7618] lo speed is unknown, defaulting to 1000
[  118.505063][ T7618] lo speed is unknown, defaulting to 1000
[  118.507825][ T7618] lo speed is unknown, defaulting to 1000
[  118.640621][  T796] lo speed is unknown, defaulting to 1000
[  118.643160][ T7618] infiniband syz1: set active
[  118.644920][ T7618] infiniband syz1: added lo
[  118.681980][ T7618] RDS/IB: syz1: added
[  118.683865][ T7618] smc: adding ib device syz1 with port count 1
[  118.686251][ T7618] smc:    ib device syz1 port 1 has pnetid 
[  118.689201][  T796] lo speed is unknown, defaulting to 1000
[  118.694780][ T7618] lo speed is unknown, defaulting to 1000
[  118.876638][ T7618] lo speed is unknown, defaulting to 1000
[  119.429878][ T7618] lo speed is unknown, defaulting to 1000
[  119.600735][ T7659] netlink: 'syz.2.753': attribute type 1 has an invalid length.
[  119.607005][ T7659] netlink: 'syz.2.753': attribute type 2 has an invalid length.
[  119.609787][ T7659] netlink: 12374 bytes leftover after parsing attributes in process `syz.2.753'.
[  120.805649][ T7695] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.766'.
[  121.273669][ T7710] netlink: 'syz.2.772': attribute type 4 has an invalid length.
[  122.199758][ T7747] netlink: 156 bytes leftover after parsing attributes in process `syz.0.788'.
[  122.510086][ T7770] netlink: 52 bytes leftover after parsing attributes in process `syz.2.800'.
[  122.524034][ T7773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.801'.
[  122.528735][ T7773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.801'.
[  122.543230][ T7773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.801'.
[  122.713062][ T7787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.808'.
[  122.737161][ T7787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.808'.
[  122.886802][ T7795] netlink: 'syz.2.813': attribute type 3 has an invalid length.
[  122.889377][ T7795] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.813'.
[  123.769758][ T7816] netlink: 'syz.2.823': attribute type 3 has an invalid length.
[  123.968312][ T7832] netlink: 'syz.2.830': attribute type 21 has an invalid length.
[  124.986119][ T7847] __nla_validate_parse: 1 callbacks suppressed
[  124.986139][ T7847] netlink: 132 bytes leftover after parsing attributes in process `syz.0.836'.
[  125.003153][ T7849] veth0_vlan: entered allmulticast mode
[  125.040836][ T7853] netlink: 'syz.0.839': attribute type 3 has an invalid length.
[  125.435058][ T7868] netlink: 'syz.0.846': attribute type 6 has an invalid length.
[  125.442410][ T7868] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.846'.
[  125.974579][ T7879] netlink: 'syz.0.851': attribute type 21 has an invalid length.
[  125.977647][ T7879] netlink: 132 bytes leftover after parsing attributes in process `syz.0.851'.
[  125.981101][ T7879] netlink: 'syz.0.851': attribute type 1 has an invalid length.
[  126.011419][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.851'.
[  126.023207][ T7879] netlink: 32 bytes leftover after parsing attributes in process `syz.0.851'.
[  127.197155][    C0] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1204173903 wd_nsec: 1204173831
[  135.582582][    C0] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 5868360607 wd_nsec: 5868360266
[  137.001053][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  137.003854][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  137.351878][  T796] sched: DL replenish lagged too much
[  141.684952][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  141.688835][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  141.692018][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  141.697645][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  141.701080][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  141.761799][ T5235] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  141.767414][ T5235] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  141.770605][ T5235] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  141.783997][ T5235] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  141.787232][ T5235] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  141.833624][ T7893] lo speed is unknown, defaulting to 1000
[  141.839460][ T7893] lo speed is unknown, defaulting to 1000
[  141.864814][ T7897] lo speed is unknown, defaulting to 1000
[  142.003754][ T7897] lo speed is unknown, defaulting to 1000
[  142.247652][ T7893] chnl_net:caif_netlink_parms(): no params data found
[  143.782329][ T5846] Bluetooth: hci3: command tx timeout
[  143.862322][ T5846] Bluetooth: hci4: command tx timeout
[  145.247386][ T7893] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.249972][ T7893] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.256083][ T7893] bridge_slave_0: entered allmulticast mode
[  145.259318][ T7893] bridge_slave_0: entered promiscuous mode
[  145.357612][ T7893] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.360775][ T7893] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.364332][ T7893] bridge_slave_1: entered allmulticast mode
[  145.368156][ T7893] bridge_slave_1: entered promiscuous mode
[  145.459097][ T7897] chnl_net:caif_netlink_parms(): no params data found
[  145.471615][ T7893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.488863][ T7893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.540167][ T7893] team0: Port device team_slave_0 added
[  145.549343][ T7893] team0: Port device team_slave_1 added
[  145.597238][ T7897] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.599659][ T7897] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.601976][ T7897] bridge_slave_0: entered allmulticast mode
[  145.606742][ T7897] bridge_slave_0: entered promiscuous mode
[  145.613114][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.615851][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.626630][ T7893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.631125][ T7897] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.633991][ T7897] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.636593][ T7897] bridge_slave_1: entered allmulticast mode
[  145.639651][ T7897] bridge_slave_1: entered promiscuous mode
[  145.657614][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.660471][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.672275][ T7893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.695794][ T7897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.702547][ T7897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.761657][ T7893] hsr_slave_0: entered promiscuous mode
[  145.766054][ T7893] hsr_slave_1: entered promiscuous mode
[  145.769076][ T7893] debugfs: 'hsr0' already exists in 'hsr'
[  145.771413][ T7893] Cannot create hsr debugfs directory
[  145.777202][ T7897] team0: Port device team_slave_0 added
[  145.804467][ T7897] team0: Port device team_slave_1 added
[  145.862512][ T5846] Bluetooth: hci3: command tx timeout
[  145.873837][ T7897] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.877462][ T7897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.889741][ T7897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.900024][ T5846] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  145.910874][ T7897] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.914230][ T7897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.922364][ T7897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.943469][ T5846] Bluetooth: hci4: command tx timeout
[  146.034209][ T7897] hsr_slave_0: entered promiscuous mode
[  146.037273][ T7897] hsr_slave_1: entered promiscuous mode
[  146.040220][ T7897] debugfs: 'hsr0' already exists in 'hsr'
[  146.043250][ T7897] Cannot create hsr debugfs directory
[  146.232675][ T7893] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  146.245287][ T7928] netlink: 196 bytes leftover after parsing attributes in process `syz.0.864'.
[  146.245679][ T7893] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  146.292579][ T7893] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  146.300632][ T7893] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  146.359763][ T7897] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  146.382326][ T7897] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  146.424236][ T7897] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  146.431884][ T7897] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  146.609438][ T7893] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.640467][ T7893] 8021q: adding VLAN 0 to HW filter on device team0
[  146.654796][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.657837][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.680723][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.683435][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.716963][ T7897] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.780750][ T7897] 8021q: adding VLAN 0 to HW filter on device team0
[  146.797343][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.799744][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.815021][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.817375][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.029506][ T7897] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.063605][ T7893] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.109652][ T7893] veth0_vlan: entered promiscuous mode
[  147.117729][ T7893] veth1_vlan: entered promiscuous mode
[  147.136922][ T7893] veth0_macvtap: entered promiscuous mode
[  147.141635][ T7893] veth1_macvtap: entered promiscuous mode
[  147.169527][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.179936][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.206962][ T5910] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.210814][ T5910] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.229360][ T5910] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.249200][ T5910] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.332840][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.336154][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.353425][ T7897] veth0_vlan: entered promiscuous mode
[  147.384123][ T7897] veth1_vlan: entered promiscuous mode
[  147.393883][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.397546][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.418840][ T7897] veth0_macvtap: entered promiscuous mode
[  147.437778][ T7897] veth1_macvtap: entered promiscuous mode
[  147.451560][ T7897] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.459025][ T7897] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.479766][ T5910] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.485717][ T5910] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.488992][ T5875] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.510506][ T5875] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.591377][ T6202] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.599590][ T6202] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.630340][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.635108][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.914530][ T7987] netlink: 56 bytes leftover after parsing attributes in process `syz.3.877'.
[  147.918238][ T7987] netlink: 56 bytes leftover after parsing attributes in process `syz.3.877'.
[  147.944193][ T5846] Bluetooth: hci3: command tx timeout
[  148.024519][ T5846] Bluetooth: hci4: command tx timeout
[  148.111910][ T7998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.881'.
[  148.230089][ T8004] veth0_vlan: entered allmulticast mode
[  148.744525][ T8015] netlink: 64 bytes leftover after parsing attributes in process `syz.3.887'.
[  148.895306][ T8010] tun0: tun_chr_ioctl cmd 1074025675
[  148.897749][ T8010] tun0: persist enabled
[  148.899563][ T8013] tun0: tun_chr_ioctl cmd 1074025675
[  148.901468][ T8013] tun0: persist disabled
[  149.050052][ T8023] netlink: 'syz.0.891': attribute type 13 has an invalid length.
[  149.470854][ T8045] netlink: 596 bytes leftover after parsing attributes in process `syz.4.900'.
[  149.765059][ T8070] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  149.837877][ T8079] ==================================================================
[  149.840596][ T8079] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  149.843071][ T8079] Read of size 2 at addr ffff88802934c5c2 by task syz.0.917/8079
[  149.847171][ T8079] 
[  149.848092][ T8079] CPU: 0 UID: 0 PID: 8079 Comm: syz.0.917 Not tainted syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  149.848109][ T8079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  149.848118][ T8079] Call Trace:
[  149.848125][ T8079]  <TASK>
[  149.848131][ T8079]  dump_stack_lvl+0x189/0x250
[  149.848176][ T8079]  ? __kasan_check_byte+0x12/0x40
[  149.848197][ T8079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.848212][ T8079]  ? lock_release+0x4b/0x3e0
[  149.848233][ T8079]  ? __virt_addr_valid+0x4a5/0x5c0
[  149.848252][ T8079]  print_report+0xca/0x240
[  149.848264][ T8079]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  149.848282][ T8079]  kasan_report+0x118/0x150
[  149.848300][ T8079]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  149.848320][ T8079]  __xfrm_state_lookup+0x6ad/0x8d0
[  149.848343][ T8079]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  149.848363][ T8079]  ? xfrm_state_lookup+0x45/0x1e0
[  149.848376][ T8079]  xfrm_state_lookup+0x11e/0x1e0
[  149.848391][ T8079]  pfkey_get+0x2ae/0x880
[  149.848406][ T8079]  pfkey_sendmsg+0xbfe/0x1090
[  149.848423][ T8079]  ? trace_sched_exit_tp+0x36/0x110
[  149.848444][ T8079]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  149.848470][ T8079]  ? aa_sock_msg_perm+0xf1/0x1d0
[  149.848490][ T8079]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  149.848505][ T8079]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  149.848522][ T8079]  __sock_sendmsg+0x21c/0x270
[  149.848539][ T8079]  ____sys_sendmsg+0x505/0x830
[  149.848554][ T8079]  ? __pfx_____sys_sendmsg+0x10/0x10
[  149.848569][ T8079]  ? import_iovec+0x74/0xa0
[  149.848584][ T8079]  ___sys_sendmsg+0x21f/0x2a0
[  149.848597][ T8079]  ? __pfx____sys_sendmsg+0x10/0x10
[  149.848620][ T8079]  ? __fget_files+0x2a/0x420
[  149.848631][ T8079]  ? __fget_files+0x3a0/0x420
[  149.848644][ T8079]  __x64_sys_sendmsg+0x19b/0x260
[  149.848657][ T8079]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  149.848677][ T8079]  do_syscall_64+0xfa/0x3b0
[  149.848695][ T8079]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.848710][ T8079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.848722][ T8079]  ? exc_page_fault+0x9f/0xf0
[  149.848738][ T8079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.848750][ T8079] RIP: 0033:0x7fd605b8ebe9
[  149.848762][ T8079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.848773][ T8079] RSP: 002b:00007fd606a3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  149.848787][ T8079] RAX: ffffffffffffffda RBX: 00007fd605db5fa0 RCX: 00007fd605b8ebe9
[  149.848800][ T8079] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000004
[  149.848813][ T8079] RBP: 00007fd605c11e19 R08: 0000000000000000 R09: 0000000000000000
[  149.848822][ T8079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  149.848834][ T8079] R13: 00007fd605db6038 R14: 00007fd605db5fa0 R15: 00007fffa2d0b9e8
[  149.848848][ T8079]  </TASK>
[  149.848854][ T8079] 
[  149.953785][ T8079] Allocated by task 6719:
[  149.955457][ T8079]  kasan_save_track+0x3e/0x80
[  149.957278][ T8079]  __kasan_slab_alloc+0x6c/0x80
[  149.959148][ T8079]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  149.961210][ T8079]  xfrm_state_alloc+0x24/0x2f0
[  149.963029][ T8079]  __find_acq_core+0x8a7/0x1c00
[  149.964813][ T8079]  xfrm_find_acq+0x78/0xa0
[  149.966491][ T8079]  xfrm_alloc_userspi+0x6b3/0xc90
[  149.968421][ T8079]  xfrm_user_rcv_msg+0x7a3/0xab0
[  149.970323][ T8079]  netlink_rcv_skb+0x208/0x470
[  149.972178][ T8079]  xfrm_netlink_rcv+0x79/0x90
[  149.973978][ T8079]  netlink_unicast+0x82f/0x9e0
[  149.975823][ T8079]  netlink_sendmsg+0x805/0xb30
[  149.977658][ T8079]  __sock_sendmsg+0x21c/0x270
[  149.979475][ T8079]  ____sys_sendmsg+0x505/0x830
[  149.981306][ T8079]  ___sys_sendmsg+0x21f/0x2a0
[  149.983033][ T8079]  __x64_sys_sendmsg+0x19b/0x260
[  149.984843][ T8079]  do_syscall_64+0xfa/0x3b0
[  149.986604][ T8079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.988853][ T8079] 
[  149.989778][ T8079] Freed by task 5313:
[  149.991318][ T8079]  kasan_save_track+0x3e/0x80
[  149.993107][ T8079]  kasan_save_free_info+0x46/0x50
[  149.995072][ T8079]  __kasan_slab_free+0x5b/0x80
[  149.996930][ T8079]  kmem_cache_free+0x18f/0x400
[  149.998775][ T8079]  xfrm_state_gc_task+0x52d/0x6b0
[  150.000730][ T8079]  process_scheduled_works+0xae1/0x17b0
[  150.002847][ T8079]  worker_thread+0x8a0/0xda0
[  150.004604][ T8079]  kthread+0x711/0x8a0
[  150.006177][ T8079]  ret_from_fork+0x3fc/0x770
[  150.007951][ T8079]  ret_from_fork_asm+0x1a/0x30
[  150.009750][ T8079] 
[  150.010689][ T8079] The buggy address belongs to the object at ffff88802934c480
[  150.010689][ T8079]  which belongs to the cache xfrm_state of size 928
[  150.015809][ T8079] The buggy address is located 322 bytes inside of
[  150.015809][ T8079]  freed 928-byte region [ffff88802934c480, ffff88802934c820)
[  150.021082][ T8079] 
[  150.022045][ T8079] The buggy address belongs to the physical page:
[  150.024512][ T8079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802934c480 pfn:0x2934c
[  150.028307][ T8079] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  150.031538][ T8079] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  150.034407][ T8079] page_type: f5(slab)
[  150.035956][ T8079] raw: 00fff00000000040 ffff88801afdd780 dead000000000122 0000000000000000
[  150.039196][ T8079] raw: ffff88802934c480 00000000800e000d 00000000f5000000 0000000000000000
[  150.042449][ T8079] head: 00fff00000000040 ffff88801afdd780 dead000000000122 0000000000000000
[  150.045699][ T8079] head: ffff88802934c480 00000000800e000d 00000000f5000000 0000000000000000
[  150.048964][ T8079] head: 00fff00000000002 ffffea0000a4d301 00000000ffffffff 00000000ffffffff
[  150.052247][ T8079] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  150.055455][ T8079] page dumped because: kasan: bad access detected
[  150.057888][ T8079] page_owner tracks the page as allocated
[  150.060057][ T8079] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5961, tgid 5960 (syz.1.21), ts 68872849888, free_ts 68567178319
[  150.067079][ T8079]  post_alloc_hook+0x240/0x2a0
[  150.068918][ T8079]  get_page_from_freelist+0x21e4/0x22c0
[  150.071020][ T8079]  __alloc_frozen_pages_noprof+0x181/0x370
[  150.073266][ T8079]  alloc_pages_mpol+0x232/0x4a0
[  150.075147][ T8079]  allocate_slab+0x8a/0x370
[  150.076889][ T8079]  ___slab_alloc+0xbeb/0x1410
[  150.078696][ T8079]  kmem_cache_alloc_noprof+0x283/0x3c0
[  150.080845][ T8079]  xfrm_state_alloc+0x24/0x2f0
[  150.082715][ T8079]  xfrm_add_sa+0x17d1/0x4070
[  150.084526][ T8079]  xfrm_user_rcv_msg+0x7a3/0xab0
[  150.086586][ T8079]  netlink_rcv_skb+0x208/0x470
[  150.088467][ T8079]  xfrm_netlink_rcv+0x79/0x90
[  150.090305][ T8079]  netlink_unicast+0x82f/0x9e0
[  150.092188][ T8079]  netlink_sendmsg+0x805/0xb30
[  150.093990][ T8079]  __sock_sendmsg+0x21c/0x270
[  150.095769][ T8079]  ____sys_sendmsg+0x505/0x830
[  150.097791][ T8079] page last free pid 5957 tgid 5953 stack trace:
[  150.100249][ T8079]  __free_frozen_pages+0xbc4/0xd30
[  150.102247][ T8079]  stack_depot_save_flags+0x436/0x860
[  150.104330][ T8079]  kasan_save_track+0x4f/0x80
[  150.106165][ T8079]  __kasan_kmalloc+0x93/0xb0
[  150.107955][ T8079]  __kmalloc_node_noprof+0x276/0x4e0
[  150.109992][ T8079]  bpf_map_area_alloc+0x64/0x180
[  150.111927][ T8079]  array_map_alloc+0x28b/0x700
[  150.113768][ T8079]  map_create+0xaa3/0x14d0
[  150.115508][ T8079]  __sys_bpf+0x60f/0x870
[  150.117183][ T8079]  __x64_sys_bpf+0x7c/0x90
[  150.118892][ T8079]  do_syscall_64+0xfa/0x3b0
[  150.120662][ T8079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.122946][ T8079] 
[  150.123881][ T8079] Memory state around the buggy address:
[  150.126022][ T8079]  ffff88802934c480: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.129077][ T8079]  ffff88802934c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.132145][ T8079] >ffff88802934c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.135199][ T8079]                                            ^
[  150.137558][ T8079]  ffff88802934c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.140627][ T8079]  ffff88802934c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.143649][ T8079] ==================================================================
[  150.150228][ T5846] Bluetooth: hci3: command tx timeout
[  150.152628][ T5846] Bluetooth: hci4: command tx timeout
Connection to localhost closed by remote host.
[  150.222476][ T8079] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  150.225052][ T8079] CPU: 1 UID: 0 PID: 8079 Comm: syz.0.917 Not tainted syzkaller #0 PREEMPT(full) 
[  150.228830][ T8079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  150.232437][ T8079] Call Trace:
[  150.233715][ T8079]  <TASK>
[  150.234665][ T8079]  dump_stack_lvl+0x99/0x250
[  150.236166][ T8079]  ? __asan_memcpy+0x40/0x70
[  150.237856][ T8079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.239803][ T8079]  ? __pfx__printk+0x10/0x10
[  150.241425][ T8079]  vpanic+0x281/0x750
[  150.242727][ T8079]  ? preempt_schedule+0xae/0xc0
[  150.244254][ T8079]  ? __pfx_vpanic+0x10/0x10
[  150.245675][ T8079]  ? preempt_schedule_common+0x83/0xd0
[  150.247397][ T8079]  ? preempt_schedule+0xae/0xc0
[  150.248920][ T8079]  ? __pfx_preempt_schedule+0x10/0x10
[  150.250614][ T8079]  panic+0xb9/0xc0
[  150.251787][ T8079]  ? __pfx_panic+0x10/0x10
[  150.253241][ T8079]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  150.255608][ T8079]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  150.257788][ T8079]  check_panic_on_warn+0x89/0xb0
[  150.259817][ T8079]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  150.261992][ T8079]  end_report+0x78/0x160
[  150.263777][ T8079]  kasan_report+0x129/0x150
[  150.265657][ T8079]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  150.267820][ T8079]  __xfrm_state_lookup+0x6ad/0x8d0
[  150.269741][ T8079]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  150.271500][ T8079]  ? xfrm_state_lookup+0x45/0x1e0
[  150.273070][ T8079]  xfrm_state_lookup+0x11e/0x1e0
[  150.274640][ T8079]  pfkey_get+0x2ae/0x880
[  150.275955][ T8079]  pfkey_sendmsg+0xbfe/0x1090
[  150.277434][ T8079]  ? trace_sched_exit_tp+0x36/0x110
[  150.279274][ T8079]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  150.281042][ T8079]  ? aa_sock_msg_perm+0xf1/0x1d0
[  150.282629][ T8079]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  150.284562][ T8079]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  150.286213][ T8079]  __sock_sendmsg+0x21c/0x270
[  150.287750][ T8079]  ____sys_sendmsg+0x505/0x830
[  150.289263][ T8079]  ? __pfx_____sys_sendmsg+0x10/0x10
[  150.290992][ T8079]  ? import_iovec+0x74/0xa0
[  150.292762][ T8079]  ___sys_sendmsg+0x21f/0x2a0
[  150.294296][ T8079]  ? __pfx____sys_sendmsg+0x10/0x10
[  150.295932][ T8079]  ? __fget_files+0x2a/0x420
[  150.297392][ T8079]  ? __fget_files+0x3a0/0x420
[  150.299188][ T8079]  __x64_sys_sendmsg+0x19b/0x260
[  150.301247][ T8079]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  150.303472][ T8079]  do_syscall_64+0xfa/0x3b0
[  150.305091][ T8079]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.306973][ T8079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.309262][ T8079]  ? exc_page_fault+0x9f/0xf0
[  150.311031][ T8079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.313388][ T8079] RIP: 0033:0x7fd605b8ebe9
[  150.315172][ T8079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.321765][ T8079] RSP: 002b:00007fd606a3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  150.324383][ T8079] RAX: ffffffffffffffda RBX: 00007fd605db5fa0 RCX: 00007fd605b8ebe9
[  150.327001][ T8079] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000004
[  150.330171][ T8079] RBP: 00007fd605c11e19 R08: 0000000000000000 R09: 0000000000000000
[  150.333334][ T8079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  150.336485][ T8079] R13: 00007fd605db6038 R14: 00007fd605db5fa0 R15: 00007fffa2d0b9e8
[  150.339779][ T8079]  </TASK>
[  150.341449][ T8079] Kernel Offset: disabled
[  150.343034][ T8079] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:19:18  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000128d RDI=000000000000128e RBP=00000000000003f8 RSP=ffffc9000612eed0
R8 =ffff8881073a0237 R9 =1ffff11020e74046 R10=dffffc0000000000 R11=ffffffff854efa30
R12=dffffc0000000000 R13=ffffffff99af98ff R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854efaac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd606a3f6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000040 CR3=0000000028fc2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fd605d87498 00007fd605d87470 XMM03=00007fd605d874a8 00007fd605d874a0
XMM04=00007fd6068ed100 00007fd605d87460 XMM05=00007fd605d87478 00007fd605d874c0
XMM06=00007fd605d874b8 00007fd605d874b0 XMM07=00007fd605d874a8 00007fd605d874a0
XMM08=0000000000000000 00007fd605c12ee7 XMM09=0000000000000000 00007fd605c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff8880344f8168 RCX=0000000000000001 RDX=0000000000000001
RSI=0000000000000802 RDI=ffffffff99cc74d0 RBP=ffff88810f842cc0 RSP=ffffc900001df6c0
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=fffff5200003beb4
R12=ffff88810f842cc8 R13=ffff88810f842cb0 R14=dffffc0000000000 R15=1ffff11021f08598
RIP=ffffffff8b7bce10 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8aaea236c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000100000000 CR3=0000000028d10000 CR4=000006f0
DR0=0000000000000000 DR1=0000200000000300 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f8aadd87498 00007f8aadd87470 XMM03=00007f8aadd874a8 00007f8aadd874a0
XMM04=00007f8aae8ed100 00007f8aadd87460 XMM05=00007f8aadd87478 00007f8aadd874c0
XMM06=00007f8aadd874b8 00007f8aadd874b0 XMM07=00007f8aadd874a8 00007f8aadd874a0
XMM08=0000000000000000 00007f8aadc12ee7 XMM09=0000000000000000 00007f8aadc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
