last executing test programs:

3.590517695s ago: executing program 0 (id=1752):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = socket$kcm(0x10, 0x3, 0x10)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x221, 0x0, 0x0, 0x8, 0x3fe, 0x7ffeffff, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
recvmsg$kcm(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10000)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000480)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0xffff, '\x00', 0x0, r4, 0x2, 0x4}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8948, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x300060c1)
setsockopt$sock_attach_bpf(r0, 0x6, 0x3, &(0x7f00000000c0), 0x4)
sendmsg$inet(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)}, 0x41)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x10, &(0x7f0000000180), 0x0, 0x0, 0x0, 0xa6820000}, 0x0)
close(r0)

2.706883117s ago: executing program 0 (id=1766):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000600)="5c00000012006b400000000000000077cf8e3359c00048007ea60864160a01660400420008001d1b498186001931a0e6b8e517d34460bc0600e8ea2c0000a705251e6182949a3651f60a84c9f4d4938000e70e4509c5bb937762376e", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x10)

2.706403976s ago: executing program 0 (id=1767):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4004000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, 0x0, 0x4)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000011008188040f46ecdb00e3bd6efb4400080000000a000f00000aba8000001201", 0x24}, {&(0x7f0000000200)="cc182c338cba61617516", 0xa}], 0x2}, 0x0)

2.558939118s ago: executing program 0 (id=1772):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2040, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x412, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = socket$kcm(0x11, 0xa, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e34ff65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd086004c4a56c6cce6e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e430a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b051f47db7aa110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c0000000000000000000a000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3938e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea875583e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba46cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5ccb9f10f615c87c441dc50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246e891e20ecaad7059866506c3000000000c3230e901e885b7a4a36bdfdb5ce7a2e5807a0f4c1d461d1243fccf51b875b49490cd7d044e7a1e1a4c013fae1f070a8a37ab90da2efc6c875b3aab34b75a252072691fc97bef0fed8ee597ab83bb53f89c36bc2ee3ad54904542f66dc94132df75fc9944882d6f2e13b7057e0000000000000000000000000000000000001b726c0ccd24000000000000cfd2f4d005578b9ed06e1c41ef3b411066739de953d39b968caaca1507928d68c8f052"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000000)=r2, 0x4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8b04, 0x0)

2.391202364s ago: executing program 2 (id=1776):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0x1304}, 0x1, 0x0, 0x0, 0x4048011}, 0x0)
fstat(r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
fstat(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$TUNSETGROUP(r1, 0x400454ce, r2)
fstat(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
mount$bpf(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f0000000700), 0xc0ce051f0d1f72bf, &(0x7f00000008c0)={[], [{@fsmagic={'fsmagic', 0x3d, 0x83bd}}, {@euid_eq={'euid', 0x3d, r3}}]})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="380200001a0001"], 0x238}, 0x1, 0x0, 0x0, 0x20000084}, 0x8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
sendmsg$AUDIT_USER(r5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x10, 0x3ed, 0x4, 0x70bd2a, 0x25dfdbfd}, 0x10}}, 0x40000)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020, 0x90024, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x2, 0x6}, 0x8224, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x56d, 0x2}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r6}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000540)="869f4c7d58763bb0f483271e6dea9dfea273df7752777b4da06fc23728d62129ecebf47a72b419d9825572a0be3c11f56c8bf3d9c5786846e5d09d165f4729c13f58fcfe8e2588580621492e992ea81b8b999f4818fdbbcca5f797f7c7f7", &(0x7f00000005c0)="198824270cfddb7f7c9e8615fb819097111e044a73f95c01fba8446305b65671cadcee0b45a25137fee166f21b00770b24b1c159ee09263ff0f610a742b729f43ee756b4e0339a32e775f82ce8d61b477fcffa2c5175b487c7eb7027a767decf3491aefac7280919ba796ffaa329034e74c1f60b8bf98eed9b0ff7579f3bcea843d755dee2e88d2bb9bef31b31d20b51ca57fa2fd4fc4a527927b51cbb", 0x1000, r6}, 0x38)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x40047452, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7000000}, [@map_val={0x18, 0x0, 0x2, 0x0, r7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f0000000180)='syzkaller\x00', 0x3, 0xd2, &(0x7f00000002c0)=""/210}, 0x94)

2.222205858s ago: executing program 1 (id=1778):
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffec0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x122}, 0x0)
close(r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
socket$kcm(0x11, 0x200000000000003, 0x300)

1.598535689s ago: executing program 1 (id=1779):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114815, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x6e59, 0x7f, 0x1, 0x1, 0xceb4}, 0x9}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

1.595643118s ago: executing program 0 (id=1780):
socket$kcm(0x21, 0x2, 0xa)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="bb00000031000b63ddd2806c8c6f94f903f4b76ffa24fc60100003000a00020005358ac137800500026ced000300", 0x2e}, {&(0x7f0000000140)="c512603b5c247ac97270d2d9f9e3a774644b37ffa4c38bc5ac41e6569c22f21809625db64973a31646a005a85e988285af8f70ec763129dac5d3c4e5e28b003aec39da77a70fcc3aec02c9d2148fa6edc37169089bf94207176394", 0x5b}, {&(0x7f0000000380)="e166186d6cb0b5b1d6ffadb2be01b8263d3abab0c802ff3938203ba118ca79aec5641d631a209c4a807a66d32c93d6258379", 0x32}], 0x3}, 0x0)
r4 = socket$kcm(0x2a, 0x2, 0x0)
recvmsg$unix(r2, &(0x7f0000000f40)={&(0x7f0000000540)=@abs, 0x6e, &(0x7f0000003100)=[{&(0x7f00000005c0)=""/215, 0xd7}, {&(0x7f0000000d00)=""/237, 0xed}, {&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f0000000e00)=""/99, 0x63}, {&(0x7f0000000e80)=""/154, 0x9a}, {&(0x7f00000006c0)=""/62, 0x3e}], 0x6}, 0x180)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x890b, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x2000, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b2266"], 0xfdef)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='pids.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x401c5820, &(0x7f0000000040)=0x8000000000000000)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x703, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000010000b0fd25a806c8c6f94f90a24fc60", 0x33fe0}], 0x1, 0x0, 0x0, 0x20000000}, 0x0)

1.470209862s ago: executing program 1 (id=1781):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
socket$kcm(0x2, 0x922000000001, 0x106)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x40c0)
close(0xffffffffffffffff)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000080)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x0, 0x0, 0x61, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1d, 0x4, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x20902, 0x0)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000240)={'ip6gre0\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x41, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000002d000100000000000000000004000080050011802f"], 0x1c}], 0x1}, 0x310)

1.433420832s ago: executing program 2 (id=1782):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0x5, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x29}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.338393628s ago: executing program 2 (id=1783):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="280000003e00070100000000017800000457a8f9600001800400028008000a"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)

1.167478618s ago: executing program 2 (id=1784):
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100f, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x2, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000c00000009000000060000000000002e2e5f2e632e00"/45], 0x0, 0x2d, 0x0, 0x1, 0x6}, 0x28)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000006c0)="10", 0x1}], 0x1}, 0x24000900)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x9c00, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x11, &(0x7f0000000600)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xb0}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x34}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}], {0x95, 0x0, 0x9}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
close(r2)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x50, &(0x7f0000000100), 0x48)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r5=>0x0, <r6=>0x0})
close(r5)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x48)
setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
r7 = socket$kcm(0x1e, 0x4, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000340)={[{0x2b, 'perf_event'}, {0x2d, 'memory'}]}, 0x14)
setsockopt$sock_attach_bpf(r7, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$kcm(r4, &(0x7f0000000100)={&(0x7f0000001540)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e20, 0x1}}, 0x80, 0x0}, 0x0)
r8 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="1400000017000b63d25a80648c2594f934a3c92b", 0x14}], 0x1}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r9, 0x0, 0x0, 0x72, 0x0, &(0x7f0000000180)=""/114, 0x4000, 0x0, 0x0, 0xbe, 0x0, &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5a", 0x0, 0x8000}, 0x50)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

646.188926ms ago: executing program 1 (id=1785):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@map_idx={0x18, 0x8, 0x5, 0x0, 0xc, 0x0, 0x0, 0x0, 0x900}, @generic={0x66}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x20}, 0x94)

539.739642ms ago: executing program 1 (id=1786):
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001800599c6d0eab070004000523"], 0xfe33)

539.285716ms ago: executing program 1 (id=1787):
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f, 0x4c}, 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000000)={&(0x7f0000000080)={0x2a, 0x0, @empty=0x1000000}, 0x5, 0x0}, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000fcff000000000000000000850000002200000085000000070000009500000000000000e3b791f4a4a3972200e1d2acd44498f2cfbf4ae21867953463a9211404aa0e942d2460473901162b5db03303d2731c0e8ff5f76396f3a69ef52a00e8ae396de506de923c26c5bc87e3461c93cca3b186787c11d06d49d19896534d476fb6550cd031867572ce45503f6f46284b1ce64c582ae6c0e66319f800991ca2b186824cd560affec254ea32ac97873b303fdaa7cdbd52b2f10fc45beb3b5eb9b866fea3b1"], &(0x7f0000000080)='GPL\x00', 0x4, 0xcb, &(0x7f0000000340)=""/203}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x2}, 0x48)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000024c0)=@o_path={&(0x7f0000002480)='./file0\x00', 0x0, 0x4008, r3}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002580)={0x6, 0x2b, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff26ba, 0x0, 0x0, 0x0, 0x401}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@exit, @tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @alu={0x7, 0x0, 0x0, 0x7, 0x0, 0x50, 0x10}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x63b}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @exit, @jmp={0x5, 0x1, 0x8, 0xb, 0x5, 0xfffffffffffffe7b, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000001440)='syzkaller\x00', 0x2, 0x27, &(0x7f0000001480)=""/39, 0x41100, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000022c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000002300)={0x3, 0xe, 0x6, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000002500)=[r4, 0xffffffffffffffff, r5], &(0x7f0000002540)=[{0x1, 0x2, 0x10}], 0x10, 0x3}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081130000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

320.234475ms ago: executing program 2 (id=1788):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300009c0e0000850000002d000000850000000e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r0}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x4, 0xfff, 0x5, 0x4}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r3}, 0x10)
bpf$ITER_CREATE(0x21, &(0x7f0000000540)={r1}, 0x8)

447.141µs ago: executing program 2 (id=1789):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xc8, 0xd, 0x0, 0x0, 0x0, 0x7, 0x301ba, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x3d, 0x4}, 0x10a, 0x0, 0x4080001, 0x3, 0x3f8, 0x401, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000034000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f0000000280)="432275e2065074ef2415f73227b2", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

0s ago: executing program 0 (id=1790):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x1, 0x2}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000000)='}', 0x1}], 0x1}, 0xfffe)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:41062' (ED25519) to the list of known hosts.
syzkaller login: [   56.618855][ T5778] cgroup: Unknown subsys name 'net'
[   56.715792][ T5778] cgroup: Unknown subsys name 'cpuset'
[   56.722554][ T5778] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.085255][ T5778] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.682076][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.695104][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.695824][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.699218][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.704874][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.710090][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.711640][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.718962][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.718961][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.725795][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.784025][ T5237] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.787168][ T5237] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.792111][ T5237] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.801342][ T5237] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.804517][ T5237] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.156848][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   65.193580][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   65.220380][ T5856] chnl_net:caif_netlink_parms(): no params data found
[   65.369841][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.373727][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.377390][ T5849] bridge_slave_0: entered allmulticast mode
[   65.381702][ T5849] bridge_slave_0: entered promiscuous mode
[   65.407011][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.410095][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.413489][ T5849] bridge_slave_1: entered allmulticast mode
[   65.417547][ T5849] bridge_slave_1: entered promiscuous mode
[   65.503950][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.508314][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.511885][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.514906][ T5846] bridge_slave_0: entered allmulticast mode
[   65.518936][ T5846] bridge_slave_0: entered promiscuous mode
[   65.525108][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.528009][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.531586][ T5846] bridge_slave_1: entered allmulticast mode
[   65.535580][ T5846] bridge_slave_1: entered promiscuous mode
[   65.555937][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.559637][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.563306][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.566468][ T5856] bridge_slave_0: entered allmulticast mode
[   65.570450][ T5856] bridge_slave_0: entered promiscuous mode
[   65.619453][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.622674][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.625558][ T5856] bridge_slave_1: entered allmulticast mode
[   65.629417][ T5856] bridge_slave_1: entered promiscuous mode
[   65.636326][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.674446][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.680241][ T5849] team0: Port device team_slave_0 added
[   65.715052][ T5849] team0: Port device team_slave_1 added
[   65.720479][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.753304][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.758932][ T5846] team0: Port device team_slave_0 added
[   65.804304][ T5846] team0: Port device team_slave_1 added
[   65.807938][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.810840][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.823583][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.859649][ T5856] team0: Port device team_slave_0 added
[   65.863397][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.866388][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.879707][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.889317][ T5856] team0: Port device team_slave_1 added
[   65.906598][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.909370][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.918404][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.945413][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.948076][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.957218][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.979928][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.983624][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.994747][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.001762][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.004662][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.015332][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.067936][ T5846] hsr_slave_0: entered promiscuous mode
[   66.071305][ T5846] hsr_slave_1: entered promiscuous mode
[   66.079924][ T5849] hsr_slave_0: entered promiscuous mode
[   66.083610][ T5849] hsr_slave_1: entered promiscuous mode
[   66.086701][ T5849] debugfs: 'hsr0' already exists in 'hsr'
[   66.089119][ T5849] Cannot create hsr debugfs directory
[   66.189105][ T5856] hsr_slave_0: entered promiscuous mode
[   66.192994][ T5856] hsr_slave_1: entered promiscuous mode
[   66.195810][ T5856] debugfs: 'hsr0' already exists in 'hsr'
[   66.198138][ T5856] Cannot create hsr debugfs directory
[   66.515225][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.526864][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.536940][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.558156][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.634154][ T5849] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.642065][ T5849] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.649446][ T5849] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.669704][ T5849] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.749508][ T5856] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.757778][ T5856] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.762737][ T5237] Bluetooth: hci1: command tx timeout
[   66.762752][ T5853] Bluetooth: hci0: command tx timeout
[   66.772259][ T5856] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.786236][ T5856] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.842825][ T5237] Bluetooth: hci2: command tx timeout
[   66.876356][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.926565][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   66.935781][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.960321][ T4042] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.963574][ T4042] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.984875][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.987978][ T3633] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.994297][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   67.014130][ T4042] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.017673][ T4042] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.045144][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.047650][ T3633] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.114086][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.128068][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.168452][ T5856] 8021q: adding VLAN 0 to HW filter on device team0
[   67.189003][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.191931][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.221078][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.223857][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.365661][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.456959][ T5846] veth0_vlan: entered promiscuous mode
[   67.474593][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.489829][ T5846] veth1_vlan: entered promiscuous mode
[   67.535841][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.559959][ T5849] veth0_vlan: entered promiscuous mode
[   67.567891][ T5846] veth0_macvtap: entered promiscuous mode
[   67.583059][ T5846] veth1_macvtap: entered promiscuous mode
[   67.590952][ T5849] veth1_vlan: entered promiscuous mode
[   67.632958][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.646468][ T5856] veth0_vlan: entered promiscuous mode
[   67.656981][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.674338][ T5856] veth1_vlan: entered promiscuous mode
[   67.685525][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.690275][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.704476][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.709495][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.715065][ T5849] veth0_macvtap: entered promiscuous mode
[   67.722747][ T5849] veth1_macvtap: entered promiscuous mode
[   67.768739][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.778996][ T5856] veth0_macvtap: entered promiscuous mode
[   67.793731][ T5856] veth1_macvtap: entered promiscuous mode
[   67.798834][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.822891][ T5860] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.840425][ T5860] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.846621][ T5860] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.877666][ T5860] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.896501][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.908941][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.915134][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.928032][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.979239][ T5860] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.989771][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.996507][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.014003][ T5860] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.023670][ T5860] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.027663][ T5860] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.036104][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.039528][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.152061][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.161335][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.165597][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   68.191702][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.194634][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.277541][ T5915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'.
[   68.285080][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.289648][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.294141][ T5915] netlink: 'syz.1.2': attribute type 1 has an invalid length.
[   68.473305][    C0] hrtimer: interrupt took 74798 ns
[   68.608695][ T5922] Zero length message leads to an empty skb
[   68.648349][ T5926] netlink: 160 bytes leftover after parsing attributes in process `syz.1.6'.
[   68.807003][ T5926] netlink: 'syz.1.6': attribute type 10 has an invalid length.
[   68.841294][ T5237] Bluetooth: hci1: command tx timeout
[   68.842967][ T5853] Bluetooth: hci0: command tx timeout
[   68.921767][ T5853] Bluetooth: hci2: command tx timeout
[   69.069167][ T5926] batman_adv: batadv0: Adding interface: netdevsim0
[   69.077666][ T5926] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.107638][ T5926] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[   69.189451][ T5934] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   69.203023][ T5934] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   69.229094][ T5926] syz.1.6 (5926) used greatest stack depth: 19320 bytes left
[   69.318304][ T5940] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[   69.728909][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'.
[   69.736349][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'.
[   70.070943][ T5954] netlink: 9292 bytes leftover after parsing attributes in process `syz.0.16'.
[   70.922273][ T5853] Bluetooth: hci0: command tx timeout
[   70.924541][ T5853] Bluetooth: hci1: command tx timeout
[   71.003661][ T5237] Bluetooth: hci2: command tx timeout
[   71.415571][ T5979] netlink: 'syz.0.28': attribute type 2 has an invalid length.
[   71.433531][ T5979] netlink: 'syz.0.28': attribute type 5 has an invalid length.
[   71.450516][ T5979] netlink: 'syz.0.28': attribute type 6 has an invalid length.
[   71.463304][ T5979] netlink: 'syz.0.28': attribute type 7 has an invalid length.
[   71.474810][ T5979] netlink: 9 bytes leftover after parsing attributes in process `syz.0.28'.
[   71.485534][ T5979] netlink: 130080 bytes leftover after parsing attributes in process `syz.0.28'.
[   71.500280][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.506191][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.511865][ T5979] netlink: 'syz.0.28': attribute type 2 has an invalid length.
[   71.524698][ T5979] netlink: 'syz.0.28': attribute type 5 has an invalid length.
[   71.533894][ T5979] netlink: 'syz.0.28': attribute type 6 has an invalid length.
[   71.537402][ T5979] netlink: 'syz.0.28': attribute type 7 has an invalid length.
[   71.553377][ T5979] netlink: 9 bytes leftover after parsing attributes in process `syz.0.28'.
[   72.137280][ T5982] delete_channel: no stack
[   72.255484][ T6002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.38'.
[   72.283744][ T6002] netlink: 132 bytes leftover after parsing attributes in process `syz.1.38'.
[   72.455187][ T6011] syz.1.41 uses obsolete (PF_INET,SOCK_PACKET)
[   73.001777][ T5237] Bluetooth: hci1: command tx timeout
[   73.003643][ T5237] Bluetooth: hci0: command tx timeout
[   73.084733][ T5237] Bluetooth: hci2: command tx timeout
[   73.373473][ T6065] validate_nla: 6 callbacks suppressed
[   73.373507][ T6065] netlink: 'syz.2.65': attribute type 1 has an invalid length.
[   73.378808][ T6065] __nla_validate_parse: 4 callbacks suppressed
[   73.378823][ T6065] netlink: 17 bytes leftover after parsing attributes in process `syz.2.65'.
[   73.384424][ T6067] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.68'.
[   73.634722][ T6071] netlink: 'syz.0.70': attribute type 1 has an invalid length.
[   75.710282][ T6125] netlink: 84 bytes leftover after parsing attributes in process `syz.0.93'.
[   76.508187][ T6152] netlink: 156 bytes leftover after parsing attributes in process `syz.0.105'.
[   76.607524][ T6158] netlink: 'syz.2.103': attribute type 25 has an invalid length.
[   76.873317][ T6164] netlink: 'syz.1.109': attribute type 10 has an invalid length.
[   76.876779][ T6164] batman_adv: batadv0: Removing interface: netdevsim0
[   77.380586][ T6186] netlink: 56 bytes leftover after parsing attributes in process `syz.0.120'.
[   77.392074][ T6186] netlink: 12 bytes leftover after parsing attributes in process `syz.0.120'.
[   77.395855][ T6186] netlink: 43 bytes leftover after parsing attributes in process `syz.0.120'.
[   77.408131][ T6186] netlink: 43 bytes leftover after parsing attributes in process `syz.0.120'.
[   78.558910][ T6202] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.124'.
[   78.674944][ T5237] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[   79.999296][ T6244] netlink: 'syz.2.142': attribute type 1 has an invalid length.
[   80.049823][ T6246] netlink: 'syz.1.143': attribute type 2 has an invalid length.
[   80.368696][ T6260] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.150'.
[   80.527949][ T6268] =======================================================
[   80.527949][ T6268] WARNING: The mand mount option has been deprecated and
[   80.527949][ T6268]          and is ignored by this kernel. Remove the mand
[   80.527949][ T6268]          option from the mount to silence this warning.
[   80.527949][ T6268] =======================================================
[   81.685787][ T6289] Driver unsupported XDP return value 0 on prog  (id 67) dev N/A, expect packet loss!
[   81.929525][   T33] audit: type=1107 audit(1758387374.827:2): pid=6305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[   83.193315][ T6353] syzkaller0: entered promiscuous mode
[   83.195559][ T6353] syzkaller0: entered allmulticast mode
[   83.308569][ T6365] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[   85.381891][ T6393] netlink: 'syz.2.201': attribute type 21 has an invalid length.
[   85.431095][ T6393] netlink: 132 bytes leftover after parsing attributes in process `syz.2.201'.
[   85.456438][ T6393] netlink: 'syz.2.201': attribute type 5 has an invalid length.
[   85.545736][ T6402] netlink: 'syz.0.205': attribute type 13 has an invalid length.
[   85.548567][ T6402] netlink: 'syz.0.205': attribute type 17 has an invalid length.
[   85.604381][ T6402] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   85.644194][ T6408] Unknown options in mask b7f2
[   85.706088][ T6413] netlink: 28 bytes leftover after parsing attributes in process `syz.0.210'.
[   85.714638][ T6413] netlink: 28 bytes leftover after parsing attributes in process `syz.0.210'.
[   86.744887][    T9] cfg80211: failed to load regulatory.db
[   86.999163][ T6441] netlink: 208252 bytes leftover after parsing attributes in process `syz.2.223'.
[   87.004401][ T6441] netlink: 'syz.2.223': attribute type 1 has an invalid length.
[   87.039095][ T6441] netlink: 'syz.2.223': attribute type 2 has an invalid length.
[   87.044853][ T6441] netlink: 'syz.2.223': attribute type 3 has an invalid length.
[   87.049035][ T6441] netlink: 'syz.2.223': attribute type 4 has an invalid length.
[   87.448560][ T6456] netlink: 44 bytes leftover after parsing attributes in process `syz.1.229'.
[   87.507695][ T6451] netlink: 36 bytes leftover after parsing attributes in process `syz.2.228'.
[   87.663312][ T6467] netlink: 16 bytes leftover after parsing attributes in process `syz.2.234'.
[   88.016366][ T6490] netlink: 'syz.0.242': attribute type 1 has an invalid length.
[   88.020281][ T6490] netlink: 'syz.0.242': attribute type 2 has an invalid length.
[   88.981838][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'.
[   89.374935][ T6529] netlink: 12374 bytes leftover after parsing attributes in process `syz.0.261'.
[   92.223500][ T6577] netlink: 112 bytes leftover after parsing attributes in process `syz.0.281'.
[   92.314447][ T6586] Set syz1 is full, maxelem 9 reached
[   92.979834][ T6607] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   92.982362][ T6607] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   93.509428][ T6620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.297'.
[   93.806878][ T6637] validate_nla: 1 callbacks suppressed
[   93.806895][ T6637] netlink: 'syz.1.307': attribute type 3 has an invalid length.
[   93.817649][ T6637] netlink: 132 bytes leftover after parsing attributes in process `syz.1.307'.
[   94.020078][ T6651] netlink: 'syz.2.314': attribute type 10 has an invalid length.
[   94.027398][ T6651] macvlan0: entered promiscuous mode
[   94.029516][ T6651] macvlan0: entered allmulticast mode
[   94.048118][ T6651] veth1_vlan: entered allmulticast mode
[   94.054640][ T6651] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   94.425070][ T5237] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11
[   94.549944][ T6673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.324'.
[   94.557117][ T6673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.324'.
[   95.020409][ T6710] netlink: 'syz.2.340': attribute type 7 has an invalid length.
[   95.116458][ T6715] netlink: 88 bytes leftover after parsing attributes in process `syz.1.342'.
[   95.159055][ T6721] netlink: 56 bytes leftover after parsing attributes in process `syz.0.344'.
[   95.162593][ T6721] netlink: 56 bytes leftover after parsing attributes in process `syz.0.344'.
[   95.167055][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.345'.
[   95.173283][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.345'.
[   95.937193][ T6755] syzkaller0: tun_chr_ioctl cmd 2147767506
[   96.096165][ T6729] delete_channel: no stack
[   96.466173][ T6782] lo speed is unknown, defaulting to 1000
[   96.477185][ T6782] lo speed is unknown, defaulting to 1000
[   96.513008][ T6782] lo speed is unknown, defaulting to 1000
[   96.659924][ T6796] raw_sendmsg: syz.2.378 forgot to set AF_INET. Fix it!
[   96.699558][ T6782] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   96.933474][ T6782] lo speed is unknown, defaulting to 1000
[   96.970531][ T6782] lo speed is unknown, defaulting to 1000
[   96.986876][ T6782] lo speed is unknown, defaulting to 1000
[   97.103838][ T6822] netlink: 'syz.1.391': attribute type 3 has an invalid length.
[  102.914450][ T6890] netlink: 'syz.1.418': attribute type 10 has an invalid length.
[  103.018289][ T6893] __nla_validate_parse: 7 callbacks suppressed
[  103.018306][ T6893] netlink: 32 bytes leftover after parsing attributes in process `syz.0.419'.
[  103.320965][ T6890] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.459653][ T6890] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  105.600462][ T6980] xt_HMARK: proto mask must be zero with L3 mode
[  105.691640][ T6984] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  105.908306][ T6993] netdevsim netdevsim0 : renamed from netdevsim0 (while UP)
[  106.132096][ T7002] netlink: 'syz.0.463': attribute type 22 has an invalid length.
[  106.135588][ T7002] netlink: 'syz.0.463': attribute type 1 has an invalid length.
[  106.139137][ T7002] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.463'.
[  106.186326][ T7006] openvswitch: netlink: Message has 16 unknown bytes.
[  106.189079][ T7006] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.310652][ T7042] netlink: 'syz.0.480': attribute type 39 has an invalid length.
[  107.372601][ T7044] netlink: 44 bytes leftover after parsing attributes in process `syz.2.481'.
[  107.393412][ T7044] netlink: 'syz.2.481': attribute type 13 has an invalid length.
[  107.396574][ T7044] netlink: 152 bytes leftover after parsing attributes in process `syz.2.481'.
[  107.400158][ T7044] : renamed from syz_tun (while UP)
[  107.424441][ T7044] : refused to change device tx_queue_len
[  107.427384][ T7044] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  107.528319][ T7052] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.992880][ T7056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'.
[  107.997702][ T7056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'.
[  109.495401][ T7084] delete_channel: no stack
[  109.545742][ T7091] netlink: 304 bytes leftover after parsing attributes in process `syz.0.499'.
[  110.637153][ T7123] netlink: 'syz.2.513': attribute type 39 has an invalid length.
[  110.919126][ T7139] netlink: 7 bytes leftover after parsing attributes in process `syz.1.521'.
[  110.923713][ T7139] netlink: 7 bytes leftover after parsing attributes in process `syz.1.521'.
[  110.979225][ T7141] netlink: 'syz.1.523': attribute type 1 has an invalid length.
[  110.984449][ T7141] netlink: 15554 bytes leftover after parsing attributes in process `syz.1.523'.
[  111.130843][ T7147] netlink: 36 bytes leftover after parsing attributes in process `syz.1.525'.
[  111.137274][ T7147] netlink: 36 bytes leftover after parsing attributes in process `syz.1.525'.
[  111.147023][ T7147] netlink: 20 bytes leftover after parsing attributes in process `syz.1.525'.
[  111.295671][ T7163] netlink: 68 bytes leftover after parsing attributes in process `syz.1.534'.
[  111.548087][ T7172] netlink: 'syz.1.538': attribute type 10 has an invalid length.
[  111.567844][ T7172] batman_adv: batadv0: Adding interface: team0
[  111.581171][ T7172] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.592258][ T7172] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  112.415449][ T7182] netlink: 10 bytes leftover after parsing attributes in process `syz.1.542'.
[  112.486717][ T7184] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  113.070875][ T7191] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  113.239426][ T7216] netlink: 8 bytes leftover after parsing attributes in process `syz.2.556'.
[  113.294694][ T7214] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.305002][ T7214] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.409325][ T7226] netlink: 'syz.2.560': attribute type 39 has an invalid length.
[  114.528890][ T7249] netlink: 'syz.0.571': attribute type 7 has an invalid length.
[  114.956237][ T7259] netlink: 'syz.2.575': attribute type 21 has an invalid length.
[  115.355309][ T7262] C: renamed from team_slave_0 (while UP)
[  115.406667][ T7267] __nla_validate_parse: 3 callbacks suppressed
[  115.406684][ T7267] netlink: 14 bytes leftover after parsing attributes in process `syz.2.575'.
[  115.447932][ T7262] netlink: 'syz.2.575': attribute type 4 has an invalid length.
[  115.540376][ T7262] netlink: 116 bytes leftover after parsing attributes in process `syz.2.575'.
[  115.560788][ T7262] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  115.889695][ T7281] netlink: del zone limit has 4 unknown bytes
[  115.986600][ T5237] Bluetooth: hci2: unexpected event 0x17 length: 15 > 6
[  116.014860][ T7285] netlink: 8 bytes leftover after parsing attributes in process `syz.1.585'.
[  116.041589][ T7285] netlink: 6 bytes leftover after parsing attributes in process `syz.1.585'.
[  116.255277][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.592'.
[  116.383393][ T7308] netlink: 'syz.2.597': attribute type 1 has an invalid length.
[  116.437136][ T7313] siw: device registration error -23
[  118.126562][ T7365] netlink: 60 bytes leftover after parsing attributes in process `syz.1.615'.
[  120.270184][ T7375] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.620'.
[  120.388455][ T7381] netlink: 'syz.0.622': attribute type 28 has an invalid length.
[  120.392278][ T7381] netlink: 'syz.0.622': attribute type 29 has an invalid length.
[  120.395117][ T7381] netlink: 132 bytes leftover after parsing attributes in process `syz.0.622'.
[  121.645601][ T5913] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  122.286964][ T7419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.638'.
[  122.290876][ T7419] netlink: 130076 bytes leftover after parsing attributes in process `syz.2.638'.
[  122.302999][ T7419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.638'.
[  122.426631][ T7424] netlink: 'syz.0.640': attribute type 10 has an invalid length.
[  122.480942][ T7429] netlink: 177 bytes leftover after parsing attributes in process `syz.2.642'.
[  122.599551][ T7424] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  122.615367][ T7424] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  122.628756][ T7424] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  122.649219][ T7435] netlink: 'syz.2.645': attribute type 39 has an invalid length.
[  122.900224][ T7443] warning: `syz.0.649' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  123.267733][ T7447] netlink: 830 bytes leftover after parsing attributes in process `syz.0.649'.
[  123.271411][ T7447] bond_slave_0: entered promiscuous mode
[  123.273678][ T7447] bond_slave_1: entered promiscuous mode
[  123.475489][ T7451] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  123.503709][ T7453] netlink: 'syz.1.653': attribute type 1 has an invalid length.
[  123.507097][ T7453] netlink: 4 bytes leftover after parsing attributes in process `syz.1.653'.
[  123.510547][ T7453] netlink: 16 bytes leftover after parsing attributes in process `syz.1.653'.
[  123.692472][ T7458] netlink: 132 bytes leftover after parsing attributes in process `syz.0.655'.
[  123.760168][ T7461] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.657'.
[  123.764751][ T7461] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.657'.
[  123.767848][ T7461] tc_dump_action: action bad kind
[  123.838306][ T7463] mac80211_hwsim hwsim5 .3c: renamed from wlan1 (while UP)
[  124.038791][ T7478] tmpfs: Bad value for 'mode'
[  127.239065][ T7562] openvswitch: netlink: IP tunnel dst address not specified
[  127.325187][ T7566] lo speed is unknown, defaulting to 1000
[  127.387080][ T7574] netlink: 'syz.2.709': attribute type 5 has an invalid length.
[  127.498565][ T7581] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.712'.
[  127.502372][ T7582] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.711'.
[  127.880642][ T7572] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  128.777102][ T7618] netlink: 1000 bytes leftover after parsing attributes in process `syz.1.728'.
[  128.957797][ T7633] netlink: 188 bytes leftover after parsing attributes in process `syz.2.734'.
[  129.704835][ T7672] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37
[  130.096706][ T7686] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.099965][ T7686] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.151371][ T7686] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.154651][ T7686] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.167033][ T7686] batman_adv: batadv0: Removing interface: team0
[  130.187492][ T7686] bond0: (slave batadv0): Releasing backup interface
[  130.243446][ T7691] netlink: 24 bytes leftover after parsing attributes in process `syz.0.761'.
[  130.334438][ T7695] netlink: 'syz.2.763': attribute type 25 has an invalid length.
[  130.413707][ T7703] netlink: 'syz.0.767': attribute type 23 has an invalid length.
[  130.417061][ T7703] IPv6: NLM_F_CREATE should be specified when creating new route
[  130.486198][ T7709] netlink: 'syz.2.770': attribute type 3 has an invalid length.
[  130.530610][ T7712] netlink: 'syz.2.771': attribute type 11 has an invalid length.
[  130.534381][ T7712] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.771'.
[  130.693698][ T7710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.984346][ T7748] netlink: 'syz.2.789': attribute type 13 has an invalid length.
[  131.003141][ T7748] gretap0: refused to change device tx_queue_len
[  131.006073][ T7748] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  131.095008][ T7753] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.790'.
[  131.124013][ T7753] netlink: 5 bytes leftover after parsing attributes in process `syz.0.790'.
[  131.146703][ T7761] netlink: 'syz.1.795': attribute type 29 has an invalid length.
[  131.206700][ T7763] netlink: 180 bytes leftover after parsing attributes in process `syz.0.790'.
[  131.414320][ T7772] netlink: 68 bytes leftover after parsing attributes in process `syz.1.798'.
[  131.974229][ T7795] lo speed is unknown, defaulting to 1000
[  132.391939][ T7825] netlink: 'syz.1.823': attribute type 19 has an invalid length.
[  132.613364][ T5237] Bluetooth: hci0: unexpected event 0x32 length: 82 > 9
[  132.843834][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.849347][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.969688][ T7854] netlink: 'syz.2.835': attribute type 3 has an invalid length.
[  132.977297][ T7854] __nla_validate_parse: 2 callbacks suppressed
[  132.977308][ T7854] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.835'.
[  133.632599][ T7872] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.843'.
[  133.658373][ T7874] netlink: 'syz.1.844': attribute type 10 has an invalid length.
[  134.403632][ T7892] netlink: 'syz.1.850': attribute type 6 has an invalid length.
[  134.406941][ T7892] netlink: 140 bytes leftover after parsing attributes in process `syz.1.850'.
[  134.714028][ T7901] netlink: 'syz.2.856': attribute type 21 has an invalid length.
[  134.716616][ T7901] netlink: 128 bytes leftover after parsing attributes in process `syz.2.856'.
[  134.719751][ T7901] netlink: 3 bytes leftover after parsing attributes in process `syz.2.856'.
[  134.804272][ T7906] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  134.807521][ T7906] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  135.087953][ T7918] netlink: 15478 bytes leftover after parsing attributes in process `syz.0.864'.
[  135.786321][ T7928] validate_nla: 1 callbacks suppressed
[  135.786336][ T7928] netlink: 'syz.1.869': attribute type 4 has an invalid length.
[  136.129095][ T7937] netlink: 'syz.2.873': attribute type 2 has an invalid length.
[  136.131780][ T7937] netlink: 'syz.2.873': attribute type 9 has an invalid length.
[  136.134565][ T7937] netlink: 132 bytes leftover after parsing attributes in process `syz.2.873'.
[  136.198966][ T7945] netlink: 12 bytes leftover after parsing attributes in process `syz.2.877'.
[  136.340271][ T5237] Bluetooth: hci1: unexpected subevent 0x12 length: 150 > 5
[  137.220346][ T7987] netlink: 14 bytes leftover after parsing attributes in process `syz.2.894'.
[  137.349420][ T7987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  137.357751][ T7987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.367470][ T7987] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  137.373718][ T7987] veth1_vlan: left allmulticast mode
[  137.379892][ T7987] bond0 (unregistering): Released all slaves
[  137.969181][ T7993] netlink: 'syz.0.896': attribute type 28 has an invalid length.
[  137.975610][ T7993] netlink: 'syz.0.896': attribute type 29 has an invalid length.
[  137.979177][ T7993] netlink: 132 bytes leftover after parsing attributes in process `syz.0.896'.
[  139.014596][ T8019] netlink: 10 bytes leftover after parsing attributes in process `syz.2.907'.
[  139.790002][ T8064] netlink: zone id is out of range
[  139.804260][ T8064] netlink: del zone limit has 8 unknown bytes
[  145.869321][ T8101] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.940'.
[  145.876127][ T8101] netlink: get zone limit has 8 unknown bytes
[  146.022682][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.945'.
[  146.105811][ T8117] netlink: 'syz.1.947': attribute type 11 has an invalid length.
[  146.108879][ T8117] netlink: 147436 bytes leftover after parsing attributes in process `syz.1.947'.
[  146.689978][ T8148] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.962'.
[  146.964014][ T8148] syzkaller0: entered promiscuous mode
[  146.967130][ T8148] syzkaller0: entered allmulticast mode
[  148.157736][ T8186] netlink: 'syz.1.980': attribute type 4 has an invalid length.
[  148.162869][ T8186] netlink: 17 bytes leftover after parsing attributes in process `syz.1.980'.
[  148.415864][ T8203] netlink: 104 bytes leftover after parsing attributes in process `syz.0.988'.
[  148.607874][ T8214] netlink: 'syz.1.993': attribute type 11 has an invalid length.
[  148.615851][ T8214] netlink: 140 bytes leftover after parsing attributes in process `syz.1.993'.
[  148.645284][ T8213] delete_channel: no stack
[  148.769439][ T8221] netlink: 16 bytes leftover after parsing attributes in process `syz.2.996'.
[  149.052340][ T8240] netlink: 'syz.0.1005': attribute type 2 has an invalid length.
[  149.055778][ T8240] netlink: 'syz.0.1005': attribute type 8 has an invalid length.
[  149.058304][ T8240] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1005'.
[  149.320384][ T8260] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1014'.
[  149.372990][ T8264] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.392088][ T8264] bridge_slave_0 (unregistering): left promiscuous mode
[  149.394718][ T8264] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.432242][   T24] syz1: Port: 1 Link DOWN
[  149.954150][ T8285] netlink: 'syz.2.1024': attribute type 1 has an invalid length.
[  149.956733][ T8285] netlink: 'syz.2.1024': attribute type 2 has an invalid length.
[  149.959442][ T8285] netlink: 'syz.2.1024': attribute type 3 has an invalid length.
[  149.963744][ T8285] netlink: 'syz.2.1024': attribute type 5 has an invalid length.
[  149.967672][ T8285] netlink: 'syz.2.1024': attribute type 6 has an invalid length.
[  151.767501][ T8337] __nla_validate_parse: 6 callbacks suppressed
[  151.767519][ T8337] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1048'.
[  152.755998][ T8366] : entered promiscuous mode
[  152.928930][ T8376] validate_nla: 7 callbacks suppressed
[  152.928946][ T8376] netlink: 'syz.2.1065': attribute type 39 has an invalid length.
[  153.001376][ T8384] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1066'.
[  153.010777][ T8378] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1066'.
[  153.021820][ T8384] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1066'.
[  153.028058][ T8380] netlink: 'syz.2.1067': attribute type 12 has an invalid length.
[  153.059396][ T8380] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1067'.
[  153.391673][ T8393] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1072'.
[  153.419546][ T8393] netlink: 'syz.2.1072': attribute type 1 has an invalid length.
[  153.423121][ T8393] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1072'.
[  154.009530][ T8420] netlink: 22 bytes leftover after parsing attributes in process `syz.1.1085'.
[  154.101392][ T8414] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1082'.
[  154.261818][ T8433] netlink: 'syz.0.1090': attribute type 2 has an invalid length.
[  154.379870][ T8435] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1091'.
[  154.734845][ T8462] netlink: 'syz.1.1103': attribute type 1 has an invalid length.
[  154.805630][ T8468] netlink: 'syz.1.1106': attribute type 16 has an invalid length.
[  155.043128][ T5237] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  155.270049][ T8494] netlink: 'syz.2.1117': attribute type 21 has an invalid length.
[  156.297777][ T8534] netlink: 'syz.2.1134': attribute type 13 has an invalid length.
[  156.302358][ T8534] : refused to change device tx_queue_len
[  156.304263][ T8534] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  156.763610][ T8552] netlink: 'syz.1.1142': attribute type 11 has an invalid length.
[  156.768814][ T8551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.547467][ T8582] __nla_validate_parse: 8 callbacks suppressed
[  157.547487][ T8582] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1156'.
[  157.681593][ T8596] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1163'.
[  157.922080][ T8617] netlink: 'syz.0.1173': attribute type 1 has an invalid length.
[  157.943922][ T8619] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1174'.
[  159.256313][ T8665] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1193'.
[  159.559330][ T8678] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1196'.
[  161.347062][ T5237] Bluetooth: hci2: unexpected event 0x0f length: 15 > 4
[  161.473102][ T5860] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.536417][ T5860] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.619589][ T5860] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.711871][ T5860] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.828986][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  161.834850][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  161.839291][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  161.848456][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  161.852994][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  161.996891][ T8712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1214'.
[  162.000530][ T8712] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1214'.
[  162.023972][ T8713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1213'.
[  162.026652][ T8705] lo speed is unknown, defaulting to 1000
[  162.028753][ T5860] bridge_slave_1: left allmulticast mode
[  162.039140][ T5860] bridge_slave_1: left promiscuous mode
[  162.051935][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.265145][ T8718] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[  162.984876][ T8705] chnl_net:caif_netlink_parms(): no params data found
[  163.881196][ T5237] Bluetooth: hci1: command tx timeout
[  163.894700][ T5860] hsr_slave_0: left promiscuous mode
[  163.898152][ T5860] hsr_slave_1: left promiscuous mode
[  163.900957][ T5860] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  163.904388][ T5860] batman_adv: batadv0: Removing interface: batadv_slave_0
[  163.912781][ T5860] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  163.915713][ T5860] batman_adv: batadv0: Removing interface: batadv_slave_1
[  163.970482][ T5860] veth1_macvtap: left promiscuous mode
[  163.991905][ T5860] veth0_macvtap: left promiscuous mode
[  163.994386][ T5860] veth1_vlan: left promiscuous mode
[  163.996791][ T5860] veth0_vlan: left promiscuous mode
[  165.316133][ T5860] team0 (unregistering): Port device team_slave_1 removed
[  165.971668][ T5237] Bluetooth: hci1: command tx timeout
[  166.150250][ T5860] team0 (unregistering): Port device C removed
[  166.669802][ T8705] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.679412][ T8705] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.686144][ T8705] bridge_slave_0: entered allmulticast mode
[  166.693320][ T8705] bridge_slave_0: entered promiscuous mode
[  166.709980][ T8705] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.719025][ T8705] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.730089][ T8705] bridge_slave_1: entered allmulticast mode
[  166.747477][ T8705] bridge_slave_1: entered promiscuous mode
[  166.886996][ T8705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.914226][ T8705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.944754][ T8705] team0: Port device team_slave_0 added
[  166.955791][ T8705] team0: Port device team_slave_1 added
[  166.998219][ T8705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.004727][ T8705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.013918][ T8705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.020116][ T8705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.024600][ T8705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.043726][ T8705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.217571][ T8705] hsr_slave_0: entered promiscuous mode
[  167.234853][ T8705] hsr_slave_1: entered promiscuous mode
[  167.237867][ T8705] debugfs: 'hsr0' already exists in 'hsr'
[  167.240106][ T8705] Cannot create hsr debugfs directory
[  167.431292][ T8810] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  167.694932][ T8825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1249'.
[  167.738019][ T8825] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1249'.
[  167.778449][ T8828] sctp: [Deprecated]: syz.0.1248 (pid 8828) Use of struct sctp_assoc_value in delayed_ack socket option.
[  167.778449][ T8828] Use struct sctp_sack_info instead
[  168.032414][ T8705] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  168.046677][ T8705] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  168.051175][ T5237] Bluetooth: hci1: command tx timeout
[  168.054948][ T8845] netlink: 'syz.0.1253': attribute type 11 has an invalid length.
[  168.075647][ T8705] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  168.094718][ T8705] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  168.241827][ T8705] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.276859][ T8705] 8021q: adding VLAN 0 to HW filter on device team0
[  168.297715][ T3633] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.300569][ T3633] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.312802][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.315178][ T3633] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.516389][ T8705] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.565672][ T8705] veth0_vlan: entered promiscuous mode
[  168.575722][ T8705] veth1_vlan: entered promiscuous mode
[  168.610671][ T8705] veth0_macvtap: entered promiscuous mode
[  168.619241][ T8705] veth1_macvtap: entered promiscuous mode
[  168.637563][ T8705] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.649384][ T8705] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.663179][ T5913] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.666778][ T5913] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.670887][ T5913] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.954186][ T5913] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.021909][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.024341][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.055811][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.059626][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.140820][ T8878] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  169.175897][ T8880] netlink: 'syz.1.1262': attribute type 6 has an invalid length.
[  169.178605][ T8880] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1262'.
[  169.520415][ T8897] netlink: zone id is out of range
[  169.541353][ T8897] netlink: zone id is out of range
[  169.549178][ T8897] netlink: zone id is out of range
[  169.652218][ T8915] netlink: 'syz.1.1277': attribute type 32 has an invalid length.
[  169.777947][ T8897] netlink: set zone limit has 4 unknown bytes
[  170.121904][ T5237] Bluetooth: hci1: command tx timeout
[  170.178004][ T8954] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1292'.
[  170.178820][ T8956] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1294'.
[  170.192372][ T8954] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1292'.
[  170.360513][ T8970] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1301'.
[  170.656853][ T8986] netlink: 'syz.0.1308': attribute type 1 has an invalid length.
[  174.088233][ T9046] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1334'.
[  174.237356][ T9046] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.354691][ T9046] bridge_slave_0 (unregistering): left allmulticast mode
[  174.398529][ T9046] bridge_slave_0 (unregistering): left promiscuous mode
[  174.404844][ T9046] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.159481][ T9091] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1354'.
[  175.464409][ T9117] netlink: 'syz.2.1364': attribute type 291 has an invalid length.
[  175.696268][ T9131] netlink: 'syz.1.1372': attribute type 1 has an invalid length.
[  175.699523][ T9131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1372'.
[  176.138808][ T9162] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1387'.
[  176.619429][ T9187] netlink: zone id is out of range
[  176.630131][ T9187] netlink: zone id is out of range
[  176.633938][ T9187] netlink: zone id is out of range
[  176.637113][ T9187] netlink: zone id is out of range
[  176.640045][ T9187] netlink: zone id is out of range
[  176.644988][ T9187] netlink: zone id is out of range
[  176.648179][ T9187] netlink: zone id is out of range
[  176.652027][ T9187] netlink: zone id is out of range
[  176.655475][ T9187] netlink: zone id is out of range
[  176.658270][ T9187] netlink: zone id is out of range
[  177.305059][ T9195] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1400'.
[  177.995971][ T9206] : renamed from vlan0 (while UP)
[  178.684709][ T9246] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1424'.
[  178.769690][ T9260] netlink: 276 bytes leftover after parsing attributes in process `syz.0.1430'.
[  180.315604][ T9299] netlink: 'syz.1.1447': attribute type 21 has an invalid length.
[  180.324190][ T9299] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1447'.
[  180.333541][ T9299] netlink: 'syz.1.1447': attribute type 4 has an invalid length.
[  180.802835][ T9324] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1458'.
[  180.898314][ T9328] netlink: 'syz.2.1460': attribute type 21 has an invalid length.
[  180.937047][ T9328] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1460'.
[  180.942867][ T9328] netlink: 'syz.2.1460': attribute type 4 has an invalid length.
[  182.214215][ T9357] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1473'.
[  182.442050][ T9370] netlink: 'syz.0.1479': attribute type 23 has an invalid length.
[  182.741711][ T9375] netlink: 264 bytes leftover after parsing attributes in process `syz.0.1481'.
[  182.745372][ T9375] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1481'.
[  183.133014][ T9381] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1483'.
[  183.289476][ T9395] netlink: 'syz.2.1490': attribute type 33 has an invalid length.
[  183.300271][ T9395] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1490'.
[  183.359885][ T9401] netlink: 'syz.1.1493': attribute type 11 has an invalid length.
[  184.024685][ T9414] netlink: 'syz.1.1499': attribute type 12 has an invalid length.
[  184.028436][ T9414] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1499'.
[  184.228180][ T9438] netlink: 'syz.0.1505': attribute type 10 has an invalid length.
[  184.657520][ T9438] bond0: (slave bond_slave_0): Releasing backup interface
[  184.662533][ T9438] bond_slave_0: left promiscuous mode
[  184.966951][ T9446] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1510'.
[  185.227903][ T9450] syzkaller0: entered promiscuous mode
[  185.230051][ T9450] syzkaller0: entered allmulticast mode
[  185.285109][ T9461] net_ratelimit: 50 callbacks suppressed
[  185.285141][ T9461] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  186.989589][ T9493] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1531'.
[  186.998458][ T9493] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1531'.
[  187.018616][ T9493] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1531'.
[  187.283289][ T9504] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1536'.
[  187.296448][ T9504] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1536'.
[  187.313040][ T9504] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1536'.
[  187.763750][ T9521] netlink: 'syz.0.1543': attribute type 1 has an invalid length.
[  187.766938][ T9521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1543'.
[  187.927590][ T9530] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1547'.
[  188.000076][ T9534] netlink: 'syz.0.1549': attribute type 2 has an invalid length.
[  188.009615][ T9534] netlink: 51 bytes leftover after parsing attributes in process `syz.0.1549'.
[  188.357530][ T9549] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1557'.
[  189.045623][ T9563] C: renamed from team_slave_0 (while UP)
[  189.051561][ T9563] netlink: 'syz.2.1563': attribute type 1 has an invalid length.
[  189.280336][ T9578] netlink: 'syz.1.1569': attribute type 5 has an invalid length.
[  190.464355][ T9599] netlink: 'syz.2.1578': attribute type 21 has an invalid length.
[  191.242524][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  191.243921][ T5850] Bluetooth: hci0: command 0x0406 tx timeout
[  191.586589][ T9620] netlink: 'syz.0.1587': attribute type 29 has an invalid length.
[  191.596538][ T9624] netlink: 'syz.0.1587': attribute type 29 has an invalid length.
[  191.603551][ T9620] netlink: 'syz.0.1587': attribute type 29 has an invalid length.
[  191.618257][ T9620] netlink: 'syz.0.1587': attribute type 29 has an invalid length.
[  191.695182][ T9624] netlink: 'syz.0.1587': attribute type 2 has an invalid length.
[  192.008821][ T9634] __nla_validate_parse: 11 callbacks suppressed
[  192.008873][ T9634] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1590'.
[  192.518869][ T9670] openvswitch: netlink: Missing key (keys=c0, expected=200000)
[  192.671484][ T2206] syz0: Port: 1 Link DOWN
[  192.877971][ T9692] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  192.881234][ T9692] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  194.013816][ T9718] validate_nla: 2 callbacks suppressed
[  194.013828][ T9718] netlink: 'syz.1.1630': attribute type 4 has an invalid length.
[  194.018719][ T9718] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1630'.
[  194.027766][ T9717] netlink: 'syz.0.1628': attribute type 10 has an invalid length.
[  194.030389][ T9717] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1628'.
[  194.034225][ T9717] team0: entered promiscuous mode
[  194.036218][ T9717] team_slave_0: entered promiscuous mode
[  194.038994][ T9717] team_slave_1: entered promiscuous mode
[  194.042641][ T9717] bridge0: port 1(team0) entered blocking state
[  194.045542][ T9717] bridge0: port 1(team0) entered disabled state
[  194.048379][ T9717] team0: entered allmulticast mode
[  194.050635][ T9717] team_slave_0: entered allmulticast mode
[  194.053889][ T9717] team_slave_1: entered allmulticast mode
[  194.062540][ T9717] bridge0: port 1(team0) entered blocking state
[  194.065222][ T9717] bridge0: port 1(team0) entered forwarding state
[  194.293411][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.295532][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  194.345484][ T9743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1641'.
[  194.798855][ T9765] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1650'.
[  194.887507][ T9769] C: renamed from team_slave_0 (while UP)
[  194.908335][ T9769] netlink: 'syz.1.1652': attribute type 3 has an invalid length.
[  194.911900][ T9769] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1652'.
[  194.917966][ T9769] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  195.006595][ T9773] netlink: 'syz.1.1654': attribute type 1 has an invalid length.
[  195.305398][ T9800] netlink: 'syz.2.1667': attribute type 1 has an invalid length.
[  196.122046][ T9806] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  196.280011][ T9816] netlink: 35840 bytes leftover after parsing attributes in process `syz.1.1675'.
[  196.329254][ T9820] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1677'.
[  196.333308][ T9820] bond_slave_0: entered promiscuous mode
[  196.335201][ T9820] bond_slave_1: entered promiscuous mode
[  197.051866][ T9859] netlink: 'syz.0.1696': attribute type 21 has an invalid length.
[  197.055425][ T9859] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1696'.
[  197.183412][ T9867] netlink: 'syz.1.1697': attribute type 11 has an invalid length.
[  197.186172][ T9867] netlink: 149476 bytes leftover after parsing attributes in process `syz.1.1697'.
[  197.246242][ T9870] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  197.254143][ T9872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  198.704684][ T9921] syz.2.1721: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  198.723685][ T9925] netlink: 'syz.1.1724': attribute type 4 has an invalid length.
[  198.728847][ T9925] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1724'.
[  198.738389][ T9921] CPU: 1 UID: 0 PID: 9921 Comm: syz.2.1721 Not tainted syzkaller #0 PREEMPT(full) 
[  198.738410][ T9921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  198.738420][ T9921] Call Trace:
[  198.738427][ T9921]  <TASK>
[  198.738440][ T9921]  dump_stack_lvl+0x189/0x250
[  198.738470][ T9921]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.738486][ T9921]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.738502][ T9921]  ? __pfx__printk+0x10/0x10
[  198.738528][ T9921]  warn_alloc+0x214/0x310
[  198.738541][ T9921]  ? stack_depot_save_flags+0x40/0x860
[  198.738565][ T9921]  ? __pfx_warn_alloc+0x10/0x10
[  198.738576][ T9921]  ? kasan_save_track+0x4f/0x80
[  198.738591][ T9921]  ? xskq_create+0x56/0x170
[  198.738599][ T9921]  ? xsk_init_queue+0xb0/0x110
[  198.738606][ T9921]  ? xsk_setsockopt+0x57b/0x8d0
[  198.738617][ T9921]  ? do_sock_setsockopt+0x17c/0x1b0
[  198.738626][ T9921]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  198.738634][ T9921]  ? do_syscall_64+0xfa/0x3b0
[  198.738642][ T9921]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.738654][ T9921]  __vmalloc_node_range_noprof+0x125/0x12f0
[  198.738698][ T9921]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  198.738712][ T9921]  ? __kasan_kmalloc+0x93/0xb0
[  198.738723][ T9921]  vmalloc_user_noprof+0xad/0xf0
[  198.738734][ T9921]  ? xskq_create+0xbf/0x170
[  198.738742][ T9921]  xskq_create+0xbf/0x170
[  198.738751][ T9921]  xsk_init_queue+0xb0/0x110
[  198.738759][ T9921]  xsk_setsockopt+0x57b/0x8d0
[  198.738771][ T9921]  ? __pfx_xsk_setsockopt+0x10/0x10
[  198.738782][ T9921]  ? __pfx_aa_sk_perm+0x10/0x10
[  198.738791][ T9921]  ? __fget_files+0x2a/0x420
[  198.738797][ T9921]  ? aa_sock_opt_perm+0xff/0x1b0
[  198.738806][ T9921]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  198.738815][ T9921]  ? __pfx_xsk_setsockopt+0x10/0x10
[  198.738826][ T9921]  do_sock_setsockopt+0x17c/0x1b0
[  198.738838][ T9921]  __x64_sys_setsockopt+0x13f/0x1b0
[  198.738849][ T9921]  do_syscall_64+0xfa/0x3b0
[  198.738858][ T9921]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.738864][ T9921]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  198.738874][ T9921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.738881][ T9921] RIP: 0033:0x7fc5a2f8eba9
[  198.738890][ T9921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.738896][ T9921] RSP: 002b:00007fc5a3db8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  198.738906][ T9921] RAX: ffffffffffffffda RBX: 00007fc5a31d5fa0 RCX: 00007fc5a2f8eba9
[  198.738912][ T9921] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  198.738916][ T9921] RBP: 00007fc5a3011e19 R08: 0000000000000004 R09: 0000000000000000
[  198.738921][ T9921] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  198.738926][ T9921] R13: 00007fc5a31d6038 R14: 00007fc5a31d5fa0 R15: 00007ffd17deb088
[  198.738940][ T9921]  </TASK>
[  198.739000][ T9921] Mem-Info:
[  198.856726][ T9921] active_anon:8317 inactive_anon:0 isolated_anon:0
[  198.856726][ T9921]  active_file:15201 inactive_file:38290 isolated_file:0
[  198.856726][ T9921]  unevictable:1768 dirty:22 writeback:0
[  198.856726][ T9921]  slab_reclaimable:9866 slab_unreclaimable:65516
[  198.856726][ T9921]  mapped:18043 shmem:2448 pagetables:907
[  198.856726][ T9921]  sec_pagetables:0 bounce:0
[  198.856726][ T9921]  kernel_misc_reclaimable:0
[  198.856726][ T9921]  free:275118 free_pcp:13240 free_cma:0
[  198.872884][ T9921] Node 0 active_anon:20512kB inactive_anon:0kB active_file:45600kB inactive_file:7316kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24588kB dirty:40kB writeback:0kB shmem:5088kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7396kB pagetables:1872kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  198.883043][ T9921] Node 1 active_anon:12756kB inactive_anon:0kB active_file:15204kB inactive_file:145844kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:47584kB dirty:48kB writeback:0kB shmem:4704kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4048kB pagetables:1756kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  198.894847][ T9921] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  198.897668][ T9925] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  198.905043][ T9921] lowmem_reserve[]: 0 811 811 811 811
[  198.913814][ T9921] Node 0 DMA32 free:374436kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20512kB inactive_anon:0kB active_file:45600kB inactive_file:7316kB unevictable:3536kB writepending:40kB present:1556484kB managed:830888kB mlocked:0kB bounce:0kB free_pcp:24308kB local_pcp:15652kB free_cma:0kB
[  198.927926][ T9921] lowmem_reserve[]: 0 0 0 0 0
[  198.930080][ T9921] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  198.945406][ T9921] lowmem_reserve[]: 0 0 854 854 854
[  198.948393][ T9921] Node 1 Normal free:252060kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12744kB inactive_anon:0kB active_file:15204kB inactive_file:145844kB unevictable:3536kB writepending:48kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:29132kB local_pcp:13192kB free_cma:0kB
[  198.959848][ T9921] lowmem_reserve[]: 0 0 0 0 0
[  198.962675][ T9921] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  198.969972][ T9921] Node 0 DMA32: 905*4kB (UE) 458*8kB (UE) 427*16kB (UME) 365*32kB (UME) 181*64kB (UM) 177*128kB (UME) 26*256kB (UM) 11*512kB (UME) 5*1024kB (ME) 5*2048kB (UME) 70*4096kB (M) = 374404kB
[  198.980627][ T9921] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  198.990604][ T9921] Node 1 Normal: 715*4kB (UM) 122*8kB (UME) 130*16kB (UME) 174*32kB (UME) 161*64kB (UM) 111*128kB (UM) 26*256kB (UM) 9*512kB (UM) 6*1024kB (UM) 9*2048kB (UM) 44*4096kB (UM) = 252060kB
[  198.999986][ T9921] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  199.006115][ T9921] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  199.009679][ T9921] 55941 total pagecache pages
[  199.011742][ T9921] 0 pages in swap cache
[  199.013464][ T9921] Free swap  = 124996kB
[  199.015740][ T9921] Total swap = 124996kB
[  199.018085][ T9921] 786301 pages RAM
[  199.020171][ T9921] 0 pages HighMem/MovableOnly
[  199.024757][ T9921] 241347 pages reserved
[  199.027064][ T9921] 0 pages cma reserved
[  199.080781][ T9930] netlink: 'syz.1.1726': attribute type 2 has an invalid length.
[  199.348780][ T5237] Bluetooth: hci1: adv larger than maximum supported
[  199.688174][ T9961] netlink: 15678 bytes leftover after parsing attributes in process `syz.1.1738'.
[  199.726833][ T9963] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1739'.
[  199.730752][ T9963] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  199.736292][ T9963] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.875397][ T9927] delete_channel: no stack
[  199.917879][ T9979] netlink: 'syz.2.1747': attribute type 1 has an invalid length.
[  199.920792][ T9979] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.1747'.
[  200.056707][ T9986] netlink: 'syz.0.1750': attribute type 1 has an invalid length.
[  200.634623][T10012] netlink: 'syz.1.1761': attribute type 3 has an invalid length.
[  200.637869][T10012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1761'.
[  200.644404][T10012] netlink: 'syz.1.1761': attribute type 3 has an invalid length.
[  200.647451][T10012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1761'.
[  200.651152][T10012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1761'.
[  201.066969][T10026] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1767'.
[  201.105285][T10031] netlink: 'syz.1.1769': attribute type 9 has an invalid length.
[  202.385824][T10063] __nla_validate_parse: 2 callbacks suppressed
[  202.385842][T10063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1783'.
[  202.396098][T10063] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  202.689233][T10059] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  202.692279][T10059] CPU: 1 UID: 0 PID: 10059 Comm: syz.1.1781 Not tainted syzkaller #0 PREEMPT(full) 
[  202.692293][T10059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  202.692300][T10059] Call Trace:
[  202.692305][T10059]  <TASK>
[  202.692310][T10059]  dump_stack_lvl+0x189/0x250
[  202.692326][T10059]  ? kernfs_path_from_node+0x2f/0x290
[  202.692339][T10059]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.692355][T10059]  ? __pfx__printk+0x10/0x10
[  202.692371][T10059]  ? kernfs_path_from_node+0x2f/0x290
[  202.692380][T10059]  ? kernfs_path_from_node+0x250/0x290
[  202.692388][T10059]  ? kernfs_path_from_node+0x2f/0x290
[  202.692400][T10059]  sysfs_warn_dup+0x8e/0xa0
[  202.692410][T10059]  sysfs_do_create_link_sd+0xc0/0x110
[  202.692421][T10059]  device_add_class_symlinks+0x1cf/0x240
[  202.692434][T10059]  device_add+0x475/0xb50
[  202.692446][T10059]  wiphy_register+0x1ba6/0x28d0
[  202.692466][T10059]  ? __pfx_wiphy_register+0x10/0x10
[  202.692474][T10059]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  202.692490][T10059]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  202.692503][T10059]  ieee80211_register_hw+0x3484/0x4100
[  202.692524][T10059]  ? ieee80211_register_hw+0x13e1/0x4100
[  202.692540][T10059]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  202.692549][T10059]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  202.692560][T10059]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  202.692572][T10059]  ? __hrtimer_setup+0x187/0x210
[  202.692579][T10059]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  202.692589][T10059]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  202.692620][T10059]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  202.692631][T10059]  ? trace_kmalloc+0x1f/0xd0
[  202.692640][T10059]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  202.692651][T10059]  ? kstrndup+0xbf/0x160
[  202.692665][T10059]  hwsim_new_radio_nl+0xea4/0x1b10
[  202.692679][T10059]  ? __pfx___nla_validate_parse+0x10/0x10
[  202.692696][T10059]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  202.692715][T10059]  ? __nla_parse+0x40/0x60
[  202.692726][T10059]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  202.692743][T10059]  genl_family_rcv_msg_doit+0x215/0x300
[  202.692758][T10059]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  202.692777][T10059]  ? bpf_lsm_capable+0x9/0x20
[  202.692788][T10059]  ? security_capable+0x7e/0x2e0
[  202.692800][T10059]  genl_rcv_msg+0x60e/0x790
[  202.692816][T10059]  ? __pfx_genl_rcv_msg+0x10/0x10
[  202.692826][T10059]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  202.692837][T10059]  ? kasan_check_range+0x9f/0x2c0
[  202.692849][T10059]  ? __pfx_ref_tracker_free+0x10/0x10
[  202.692862][T10059]  netlink_rcv_skb+0x208/0x470
[  202.692869][T10059]  ? __lock_acquire+0xab9/0xd20
[  202.692881][T10059]  ? __pfx_genl_rcv_msg+0x10/0x10
[  202.692892][T10059]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  202.692912][T10059]  ? down_read+0x1ad/0x2e0
[  202.692924][T10059]  genl_rcv+0x28/0x40
[  202.692933][T10059]  netlink_unicast+0x82f/0x9e0
[  202.692946][T10059]  ? __pfx_netlink_unicast+0x10/0x10
[  202.692955][T10059]  ? netlink_sendmsg+0x642/0xb30
[  202.692962][T10059]  ? skb_put+0x11b/0x210
[  202.692974][T10059]  netlink_sendmsg+0x805/0xb30
[  202.692988][T10059]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.693035][T10059]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.693053][T10059]  __sock_sendmsg+0x21c/0x270
[  202.693075][T10059]  ____sys_sendmsg+0x505/0x830
[  202.693089][T10059]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.693106][T10059]  ? import_iovec+0x74/0xa0
[  202.693119][T10059]  ___sys_sendmsg+0x21f/0x2a0
[  202.693131][T10059]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.693144][T10059]  ? rcu_is_watching+0x15/0xb0
[  202.693162][T10059]  ? __fget_files+0x2a/0x420
[  202.693178][T10059]  ? __fget_files+0x2a/0x420
[  202.693184][T10059]  ? __fget_files+0x3a0/0x420
[  202.693198][T10059]  __x64_sys_sendmsg+0x19b/0x260
[  202.693207][T10059]  ? clockevents_program_event+0x24d/0x360
[  202.693219][T10059]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  202.693240][T10059]  ? do_syscall_64+0xbe/0x3b0
[  202.693252][T10059]  do_syscall_64+0xfa/0x3b0
[  202.693262][T10059]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.693269][T10059]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  202.693280][T10059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.693288][T10059] RIP: 0033:0x7f6467b8eba9
[  202.693296][T10059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.693302][T10059] RSP: 002b:00007f6465dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  202.693311][T10059] RAX: ffffffffffffffda RBX: 00007f6467dd6090 RCX: 00007f6467b8eba9
[  202.693317][T10059] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000009
[  202.693322][T10059] RBP: 00007f6467c11e19 R08: 0000000000000000 R09: 0000000000000000
[  202.693327][T10059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  202.693331][T10059] R13: 00007f6467dd6128 R14: 00007f6467dd6090 R15: 00007ffdb28e36e8
[  202.693354][T10059]  </TASK>
[  203.744767][T10084] ==================================================================
[  203.748111][T10084] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  203.751345][T10084] Read of size 1 at addr ffff8880221f47b0 by task syz.0.1790/10084
[  203.755775][T10084] 
[  203.756638][T10084] CPU: 0 UID: 0 PID: 10084 Comm: syz.0.1790 Not tainted syzkaller #0 PREEMPT(full) 
[  203.756653][T10084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  203.756660][T10084] Call Trace:
[  203.756668][T10084]  <TASK>
[  203.756674][T10084]  dump_stack_lvl+0x189/0x250
[  203.756691][T10084]  ? __kasan_check_byte+0x12/0x40
[  203.756708][T10084]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.756720][T10084]  ? lock_release+0x4b/0x3e0
[  203.756738][T10084]  ? __virt_addr_valid+0x4a5/0x5c0
[  203.756752][T10084]  print_report+0xca/0x240
[  203.756761][T10084]  ? xfrm_state_find+0x2cf2/0x5400
[  203.756772][T10084]  kasan_report+0x118/0x150
[  203.756786][T10084]  ? xfrm_state_find+0x2cf2/0x5400
[  203.756799][T10084]  xfrm_state_find+0x2cf2/0x5400
[  203.756811][T10084]  ? __lock_acquire+0xab9/0xd20
[  203.756829][T10084]  ? xfrm_state_find+0x1da/0x5400
[  203.756841][T10084]  ? __pfx_xfrm_state_find+0x10/0x10
[  203.756856][T10084]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  203.756876][T10084]  ? xfrm_policy_lookup_bytype+0x2a7/0x1250
[  203.756891][T10084]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  203.756931][T10084]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  203.756948][T10084]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  203.756972][T10084]  ? xfrm_expand_policies+0x41f/0x6a0
[  203.756987][T10084]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  203.757004][T10084]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  203.757020][T10084]  xfrm_lookup_route+0x3c/0x1c0
[  203.757033][T10084]  udp_sendmsg+0x142e/0x2170
[  203.757051][T10084]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  203.757065][T10084]  ? __pfx_udp_sendmsg+0x10/0x10
[  203.757086][T10084]  ? __local_bh_enable_ip+0x12d/0x1c0
[  203.757095][T10084]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  203.757105][T10084]  ? do_raw_spin_unlock+0x4d/0x240
[  203.757115][T10084]  ? inet_sendmsg+0x14f/0x370
[  203.757129][T10084]  ? inet_sendmsg+0x29c/0x370
[  203.757143][T10084]  __sock_sendmsg+0x19c/0x270
[  203.757158][T10084]  ____sys_sendmsg+0x505/0x830
[  203.757171][T10084]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.757184][T10084]  ? import_iovec+0x74/0xa0
[  203.757199][T10084]  ___sys_sendmsg+0x21f/0x2a0
[  203.757211][T10084]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.757232][T10084]  ? __fget_files+0x2a/0x420
[  203.757240][T10084]  ? __fget_files+0x3a0/0x420
[  203.757251][T10084]  __x64_sys_sendmsg+0x19b/0x260
[  203.757263][T10084]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  203.757277][T10084]  ? rcu_is_watching+0x15/0xb0
[  203.757287][T10084]  ? do_syscall_64+0xbe/0x3b0
[  203.757299][T10084]  do_syscall_64+0xfa/0x3b0
[  203.757309][T10084]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.757318][T10084]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.757334][T10084]  ? exc_page_fault+0x9f/0xf0
[  203.757344][T10084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.757354][T10084] RIP: 0033:0x7fcfbf18eba9
[  203.757367][T10084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.757375][T10084] RSP: 002b:00007fcfc004d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  203.757389][T10084] RAX: ffffffffffffffda RBX: 00007fcfbf3d5fa0 RCX: 00007fcfbf18eba9
[  203.757397][T10084] RDX: 000000000000fffe RSI: 0000200000007940 RDI: 0000000000000005
[  203.757403][T10084] RBP: 00007fcfbf211e19 R08: 0000000000000000 R09: 0000000000000000
[  203.757410][T10084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  203.757428][T10084] R13: 00007fcfbf3d6038 R14: 00007fcfbf3d5fa0 R15: 00007ffecff120a8
[  203.757441][T10084]  </TASK>
[  203.757444][T10084] 
[  203.881379][T10084] Allocated by task 6829:
[  203.882860][T10084]  kasan_save_track+0x3e/0x80
[  203.884515][T10084]  __kasan_slab_alloc+0x6c/0x80
[  203.886178][T10084]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  203.888044][T10084]  xfrm_state_alloc+0x24/0x2f0
[  203.889792][T10084]  __find_acq_core+0x8a7/0x1c00
[  203.891522][T10084]  xfrm_find_acq+0x78/0xa0
[  203.893122][T10084]  xfrm_alloc_userspi+0x6b3/0xc90
[  203.895010][T10084]  xfrm_user_rcv_msg+0x7a3/0xab0
[  203.896882][T10084]  netlink_rcv_skb+0x208/0x470
[  203.898573][T10084]  xfrm_netlink_rcv+0x79/0x90
[  203.900525][T10084]  netlink_unicast+0x82f/0x9e0
[  203.902288][T10084]  netlink_sendmsg+0x805/0xb30
[  203.904035][T10084]  __sock_sendmsg+0x21c/0x270
[  203.905653][T10084]  ____sys_sendmsg+0x505/0x830
[  203.907367][T10084]  ___sys_sendmsg+0x21f/0x2a0
[  203.909003][T10084]  __x64_sys_sendmsg+0x19b/0x260
[  203.911006][T10084]  do_syscall_64+0xfa/0x3b0
[  203.912631][T10084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.914670][T10084] 
[  203.915517][T10084] Freed by task 9:
[  203.916828][T10084]  kasan_save_track+0x3e/0x80
[  203.918507][T10084]  kasan_save_free_info+0x46/0x50
[  203.920591][T10084]  __kasan_slab_free+0x5b/0x80
[  203.922486][T10084]  kmem_cache_free+0x18f/0x400
[  203.924295][T10084]  xfrm_state_gc_task+0x52d/0x6b0
[  203.926070][T10084]  process_scheduled_works+0xae1/0x17b0
[  203.928038][T10084]  worker_thread+0x8a0/0xda0
[  203.929686][T10084]  kthread+0x711/0x8a0
[  203.931168][T10084]  ret_from_fork+0x439/0x7d0
[  203.932829][T10084]  ret_from_fork_asm+0x1a/0x30
[  203.934517][T10084] 
[  203.935382][T10084] The buggy address belongs to the object at ffff8880221f4480
[  203.935382][T10084]  which belongs to the cache xfrm_state of size 928
[  203.940088][T10084] The buggy address is located 816 bytes inside of
[  203.940088][T10084]  freed 928-byte region [ffff8880221f4480, ffff8880221f4820)
[  203.944780][T10084] 
[  203.945629][T10084] The buggy address belongs to the physical page:
[  203.947848][T10084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880221f5680 pfn:0x221f4
[  203.951373][T10084] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  203.954399][T10084] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  203.957058][T10084] page_type: f5(slab)
[  203.958453][T10084] raw: 00fff00000000040 ffff888104d30b40 dead000000000122 0000000000000000
[  203.961776][T10084] raw: ffff8880221f5680 00000000800e0009 00000000f5000000 0000000000000000
[  203.964986][T10084] head: 00fff00000000040 ffff888104d30b40 dead000000000122 0000000000000000
[  203.968130][T10084] head: ffff8880221f5680 00000000800e0009 00000000f5000000 0000000000000000
[  203.971313][T10084] head: 00fff00000000002 ffffea0000887d01 00000000ffffffff 00000000ffffffff
[  203.975019][T10084] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  203.978112][T10084] page dumped because: kasan: bad access detected
[  203.980345][T10084] page_owner tracks the page as allocated
[  203.982324][T10084] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6314, tgid 6313 (syz.2.175), ts 82021587371, free_ts 69436936635
[  203.988670][T10084]  post_alloc_hook+0x240/0x2a0
[  203.990402][T10084]  get_page_from_freelist+0x21e4/0x22c0
[  203.992414][T10084]  __alloc_frozen_pages_noprof+0x181/0x370
[  203.994491][T10084]  alloc_pages_mpol+0x232/0x4a0
[  203.996275][T10084]  allocate_slab+0x8a/0x370
[  203.997817][T10084]  ___slab_alloc+0xbeb/0x1420
[  203.999452][T10084]  kmem_cache_alloc_noprof+0x283/0x3c0
[  204.001344][T10084]  xfrm_state_alloc+0x24/0x2f0
[  204.003001][T10084]  xfrm_add_sa+0x17d1/0x4070
[  204.004569][T10084]  xfrm_user_rcv_msg+0x7a3/0xab0
[  204.006239][T10084]  netlink_rcv_skb+0x208/0x470
[  204.007911][T10084]  xfrm_netlink_rcv+0x79/0x90
[  204.009554][T10084]  netlink_unicast+0x82f/0x9e0
[  204.011276][T10084]  netlink_sendmsg+0x805/0xb30
[  204.013063][T10084]  __sock_sendmsg+0x21c/0x270
[  204.014781][T10084]  ____sys_sendmsg+0x505/0x830
[  204.016475][T10084] page last free pid 5297 tgid 5297 stack trace:
[  204.018654][T10084]  __free_frozen_pages+0xbc4/0xd30
[  204.020752][T10084]  __slab_free+0x303/0x3c0
[  204.022441][T10084]  qlist_free_all+0x97/0x140
[  204.024096][T10084]  kasan_quarantine_reduce+0x148/0x160
[  204.026091][T10084]  __kasan_slab_alloc+0x22/0x80
[  204.027872][T10084]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  204.030046][T10084]  shmem_alloc_inode+0x28/0x40
[  204.032013][T10084]  alloc_inode+0x6a/0x1b0
[  204.033787][T10084]  new_inode+0x22/0x170
[  204.035290][T10084]  shmem_get_inode+0x346/0xe90
[  204.036967][T10084]  shmem_mknod+0x18c/0x3e0
[  204.038548][T10084]  path_openat+0x14f4/0x3830
[  204.040182][T10084]  do_filp_open+0x1fa/0x410
[  204.042085][T10084]  do_sys_openat2+0x121/0x1c0
[  204.043815][T10084]  __x64_sys_openat+0x138/0x170
[  204.045565][T10084]  do_syscall_64+0xfa/0x3b0
[  204.047185][T10084] 
[  204.048150][T10084] Memory state around the buggy address:
[  204.050150][T10084]  ffff8880221f4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.053112][T10084]  ffff8880221f4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.056046][T10084] >ffff8880221f4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.058737][T10084]                                      ^
[  204.060710][T10084]  ffff8880221f4800: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  204.063507][T10084]  ffff8880221f4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  204.066305][T10084] ==================================================================
[  204.081134][T10084] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  204.083930][T10084] CPU: 0 UID: 0 PID: 10084 Comm: syz.0.1790 Not tainted syzkaller #0 PREEMPT(full) 
[  204.087057][T10084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  204.090418][T10084] Call Trace:
[  204.091590][T10084]  <TASK>
[  204.092735][T10084]  dump_stack_lvl+0x99/0x250
[  204.094404][T10084]  ? __asan_memcpy+0x40/0x70
[  204.096122][T10084]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.097970][T10084]  ? __pfx__printk+0x10/0x10
[  204.099594][T10084]  vpanic+0x281/0x750
[  204.101033][T10084]  ? preempt_schedule+0xae/0xc0
[  204.102761][T10084]  ? __pfx_vpanic+0x10/0x10
[  204.104338][T10084]  ? preempt_schedule_common+0x83/0xd0
[  204.106358][T10084]  ? preempt_schedule+0xae/0xc0
[  204.108141][T10084]  ? __pfx_preempt_schedule+0x10/0x10
[  204.110065][T10084]  panic+0xb9/0xc0
[  204.111520][T10084]  ? __pfx_panic+0x10/0x10
[  204.113189][T10084]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  204.115282][T10084]  ? xfrm_state_find+0x2cf2/0x5400
[  204.117097][T10084]  check_panic_on_warn+0x89/0xb0
[  204.118813][T10084]  ? xfrm_state_find+0x2cf2/0x5400
[  204.120612][T10084]  end_report+0x78/0x160
[  204.122118][T10084]  kasan_report+0x129/0x150
[  204.123661][T10084]  ? xfrm_state_find+0x2cf2/0x5400
[  204.125389][T10084]  xfrm_state_find+0x2cf2/0x5400
[  204.127092][T10084]  ? __lock_acquire+0xab9/0xd20
[  204.128782][T10084]  ? xfrm_state_find+0x1da/0x5400
[  204.130534][T10084]  ? __pfx_xfrm_state_find+0x10/0x10
[  204.132557][T10084]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  204.134893][T10084]  ? xfrm_policy_lookup_bytype+0x2a7/0x1250
[  204.137474][T10084]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  204.140037][T10084]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  204.142335][T10084]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  204.144612][T10084]  ? xfrm_expand_policies+0x41f/0x6a0
[  204.146649][T10084]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  204.148728][T10084]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  204.150928][T10084]  xfrm_lookup_route+0x3c/0x1c0
[  204.153173][T10084]  udp_sendmsg+0x142e/0x2170
[  204.155097][T10084]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  204.157176][T10084]  ? __pfx_udp_sendmsg+0x10/0x10
[  204.158942][T10084]  ? __local_bh_enable_ip+0x12d/0x1c0
[  204.160833][T10084]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  204.162804][T10084]  ? do_raw_spin_unlock+0x4d/0x240
[  204.164561][T10084]  ? inet_sendmsg+0x14f/0x370
[  204.166184][T10084]  ? inet_sendmsg+0x29c/0x370
[  204.167887][T10084]  __sock_sendmsg+0x19c/0x270
[  204.169651][T10084]  ____sys_sendmsg+0x505/0x830
[  204.171489][T10084]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.173509][T10084]  ? import_iovec+0x74/0xa0
[  204.175176][T10084]  ___sys_sendmsg+0x21f/0x2a0
[  204.176820][T10084]  ? __pfx____sys_sendmsg+0x10/0x10
[  204.178662][T10084]  ? __fget_files+0x2a/0x420
[  204.180330][T10084]  ? __fget_files+0x3a0/0x420
[  204.182031][T10084]  __x64_sys_sendmsg+0x19b/0x260
[  204.183742][T10084]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  204.185645][T10084]  ? rcu_is_watching+0x15/0xb0
[  204.187448][T10084]  ? do_syscall_64+0xbe/0x3b0
[  204.189239][T10084]  do_syscall_64+0xfa/0x3b0
[  204.191026][T10084]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.192850][T10084]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.195002][T10084]  ? exc_page_fault+0x9f/0xf0
[  204.196838][T10084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.199239][T10084] RIP: 0033:0x7fcfbf18eba9
[  204.200896][T10084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.207790][T10084] RSP: 002b:00007fcfc004d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.210995][T10084] RAX: ffffffffffffffda RBX: 00007fcfbf3d5fa0 RCX: 00007fcfbf18eba9
[  204.214049][T10084] RDX: 000000000000fffe RSI: 0000200000007940 RDI: 0000000000000005
[  204.216937][T10084] RBP: 00007fcfbf211e19 R08: 0000000000000000 R09: 0000000000000000
[  204.219678][T10084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  204.222427][T10084] R13: 00007fcfbf3d6038 R14: 00007fcfbf3d5fa0 R15: 00007ffecff120a8
[  204.225279][T10084]  </TASK>
[  204.226988][T10084] Kernel Offset: disabled
[  204.228768][T10084] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:58:16  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001470 RDI=0000000000001471 RBP=00000000000003f8 RSP=ffffc900076268b0
R8 =ffff888106a58237 R9 =1ffff11020d4b046 R10=dffffc0000000000 R11=ffffffff854fa300
R12=dffffc0000000000 R13=ffffffff99b028f5 R14=ffffffff99df7420 R15=0000000000000000
RIP=ffffffff854fa37c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fcfc004d6c0 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=00000000352b6000 CR4=000006f0
DR0=0000200000000300 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fcfbf3a7498 00007fcfbf3a7470 XMM03=00007fcfbf3a74a8 00007fcfbf3a74a0
XMM04=00007fcfbff0d100 00007fcfbf3a7460 XMM05=00007fcfbf3a7478 00007fcfbf3a74c0
XMM06=00007fcfbf3a74b8 00007fcfbf3a74b0 XMM07=00007fcfbf3a74a8 00007fcfbf3a74a0
XMM08=0000000000000000 00007fcfbf212ee7 XMM09=0000000000000000 00007fcfbf212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b4621b RBX=1ffff11009608341 RCX=ffff888109888000 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc90006a277e0 RSP=ffffc90006a27660
R8 =ffffffff8fa3a937 R9 =1ffffffff1f47526 R10=dffffc0000000000 R11=fffffbfff1f47527
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b46203 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f6467c12e53
XMM06=0000000000000000 00007f6467c12e4d XMM07=0000000000000000 00007f6467c12e61
XMM08=0000000000000000 00007f6467c12ee7 XMM09=0000000000000000 00007f6467c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
