last executing test programs:

1.938458498s ago: executing program 1 (id=2494):
r0 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x28}}, 0x80, &(0x7f0000001e40)=[{&(0x7f0000000b80)="afd1c9ef", 0x4}, {0x0}], 0x2}, 0xc048854)

1.88922351s ago: executing program 1 (id=2497):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57ca7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58b58d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd144a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a500b2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000004000000060000008000000042"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340), &(0x7f0000000340), 0x619, r0}, 0x38)

1.888815692s ago: executing program 1 (id=2498):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x58, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0xb)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0xcb, 0xfe, 0x0, 0x0, 0x0, 0x2, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x12, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={r5, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000340)=[0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0], 0x0, 0x9b, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x8, 0xc6, 0x8, 0x8, &(0x7f0000000900)}}, 0x10)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r7, &(0x7f0000000080)='syz1\x00', 0x1ff)
r8 = openat$cgroup_ro(r7, 0x0, 0x275a, 0x0)
write$cgroup_int(r8, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x13, 0x1b, &(0x7f0000000600)=ANY=[], 0x0, 0x9, 0xf9, &(0x7f0000000780)=""/249, 0x40f00, 0x4e, '\x00', r6, @fallback=0x28, r8, 0x8, &(0x7f0000000980)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000b40)={0x2, 0xb, 0x6, 0x1}, 0x10, 0x0, r5, 0x1, &(0x7f0000000b80), &(0x7f0000000bc0)=[{0x3, 0x2, 0xd, 0x6}], 0x10, 0xc}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x11, &(0x7f00000002c0)=@raw=[@exit, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], &(0x7f0000000380)='GPL\x00', 0x7fff, 0x0, 0x0, 0x40f00, 0x0, '\x00', r0, 0x25, r8, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r3, r3, 0xffffffffffffffff, 0xffffffffffffffff, r3, r3]}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x40}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffefffffffffffff, r2, 0x0)

1.647421302s ago: executing program 2 (id=2502):
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x20)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001800)=ANY=[@ANYBLOB], 0x124}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.45071887s ago: executing program 0 (id=2503):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000015006b0300224ed86e6c1d000a117ea6e070d6064e22000300000000250002000f00000017d34460bc24eab556a705251e6182949a00003d3b48dfd8cdbf9767b4fa51f62a64c9f4060046d88037e786a6d0a5d700000017", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.289765249s ago: executing program 0 (id=2504):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x891f, &(0x7f0000000080))

1.289421848s ago: executing program 0 (id=2505):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r1, 0x1d, 0xfffffffffffffffe}, 0x10)

1.289295745s ago: executing program 2 (id=2506):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10e, 0x8, 0x0, 0x0)

1.228434896s ago: executing program 0 (id=2507):
r0 = perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0xf, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20008080)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080))

1.227976541s ago: executing program 2 (id=2508):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, @perf_bp={0x0, 0x4}, 0x0, 0xac}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000b000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000200)=ANY=[], 0x12)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x541b, &(0x7f0000000640))

1.16456057s ago: executing program 2 (id=2509):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x8, 0x6, 0x105, 0x0, 0x0, {0x3, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x20044000)
recvmsg(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x40008000)

1.130541555s ago: executing program 2 (id=2510):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="980000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400df0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff0200000000000000000000000000011400040000000000000000000000ffffffffffff0800074000000001040006"], 0x98}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0xc0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x31}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040081}, 0x0)

939.856878ms ago: executing program 1 (id=2511):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000180000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

939.047717ms ago: executing program 0 (id=2512):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0xffffff1f, 0x1}}, 0x20)

938.233338ms ago: executing program 1 (id=2513):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000011c0)=ANY=[@ANYRES8, @ANYBLOB="8b8afa9f780321450e2f7511645fe010a460fbde54c191b8e75708081517c475422b5a12bbdd1fb50985d72e37bcb20074a6cabd3c8237dca06cd729dc44d7550502474ddd1c21b7261ecf7745b9481b3a3cbdeaa21fced0b3e5857337911d093b4088988b2a71c59eac1e2e0ac9a78be44037a8e7086f60766489870e74dbefa7b1a41434e8e8e6917dd6aa2a7af1567141085b52118e3bd17c", @ANYRES16, @ANYBLOB="15e4342ef3f9f5b8bb6fd8a3d2acb186af756ecc217c0fcfe6b82cc340cb18e28e13a5b1f191c921f9f863b085bf90cb9c1e0c192c6727372e4de216eb9be9983fe683e99095ba960e14bc78a302bb4898a4d406bf04777864dfbbe8661499267e5f3919781e179d8c3a42a058ba321d0a36b7f3459a07d4e36d13d1baf8508ea0d1c6ffc4c0c9810c04cc0a1578ccfc4f5b8c8a0bde945c7f30435c3354f9b7dfce43b91ba833f21389", @ANYRES8], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7fff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1900000004000000080000000200000028120100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000004000000003000000000000000000000000008575158f7dce9009d30061c3a94ffb3bb4a6959dd21c441d856cb5799b8864b2283dc7b6b203c1bf9f07bd7ea017cce64f367ec721759f95678d5470d77b629a34b54848b4a5c81ed526779a4ded3652f65242c3d247e807b6ee65ffab0d576d2419024df45cf6d1f6ac190d9d0d569f110a43aaa555af23d00a236bafa8b62484b030ac3a888fa813444cdb3ee86794aff5681a0b7b8484b2ff081adddadec7f3ce1b95e1226c0976be8fc99a7e9faa96830e726300a1778a50a056661fbda838e430e500728b50a1d4d8af362ed974d823bebd777c23", @ANYRES32, @ANYRES8=r1], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x40020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r4 = socket$kcm(0x10, 0x3, 0x0)
write$cgroup_subtree(r4, &(0x7f0000001ec0)=ANY=[@ANYBLOB="13120000120091ef04e9befbbd00005c0a"], 0xfe33)
recvmsg$kcm(r4, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000800)}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x142)
perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0x65, 0x1, 0x0, 0x0, 0x400000, 0x3, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x6, 0x104800}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6, 0x1, 0x0, 0x0, 0x0, 0x669}, 0x0, 0xffffffc000000001, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000030000001800000000000000000000000000000095000000000000009500000000000000d5b2307878b6a5229917ebb4029a0bea3522c1f874a88524b8256e9616dc84ef9f539900f13815da3cbc479df45e1acd7454a155dd43645345f9a4cddab3d6d9d40e13de56bf656d77b7451f09e02bcb6cf96a4c0fce8ff74fe80460b51e50b4d8105ae605917a45734dbd377e5f99ad246b74853c2ec4862629a63ca0445673c32ad594e33b56f0d0fc6e3a6c84dcd0b6a6746ccfe43cab05ecc5c02583d24d43d968d74062c0f54d148107a22b928921fd"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
close(r2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r0}, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
bpf$MAP_CREATE(0x0, 0x0, 0xb)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000002f00)=ANY=[@ANYBLOB="062b52d00ad49cdc475d13159e63ed482cf8d3162a6225928bf8681f57e2403be48bb1daec614bb87b5d2f75e422b2fb7844e95fb0c15ac19d6dc6e011f6381977d694824fe380021c63e93631e5cdba384fc159758bef26d7862c73c8e4f192daad15294035f4dab94baad32c32c77d945e7edb30b91ab6cc222dd35e2e038e48a0d3f25720930fc49fa5537b44e3db31f32d18b07b29665f26f5fb9e570bfa52b8a729efe0452b8ab203de18bab7008ac263503527c4ecfa55bc8dc313e43b9f5559a2770244fc0e46e2b8ad55c197c6a62b7303b3865c41bda7356f3116f77719dabe17cdb54e18e2cc32324649a80f9ffaf509ab749b5b86f0e5a1b70a2a5d78525228d5a772500b2694af9139f32514dd7bafe97aed8139f017db8261184f2601b5a7a937467647f52c7dcc38fd32c1815c3ea95488be087051f0e5ad39f51104617cf5d2ce16ee5b10e0a15ee7ce6f82b13739ca1bc55b48ab88fb9ce90984df84f9588b899d9b0d02a4bf0246a1a956987737f2f241f98da905e9bb818e69353e31bf268f95f37425bc1276b9d7a2823c4ffe5f8d1bd459015c59ca312ca2da15b7e64cfa7d957af62056272af3e490b685ba41de49cc9caa1289c7bbdaaf4d6081c7a50b92fd27b7ebc04bd26974ba6e898f706a0c32fd082e5b307bcc476ce79ebc9f1e4204618ecdce86902c977524dd274fc0351aca1872dcdde223516aff0923074c4f1c125dfc05ae2a2a23580a4a3db32952e6074eae9b213aa29e5b9fa9df24a070afab9763118b0f8363df96d4a0a43ae0b1eeddfbf15edd45d1eaf0942f7d73aeb6c423d5a008c4d08a682c6dde114aff4615b8da9448651221408c85d3151179d970e60f7643c8e1dc9b09e61fea168206bb64e4e4fbe7d2528343f9c2ef6e50706f71ccb7e533c578c9e6ff8b80c4fd5cd4861bf42bed906c24d21fd0007bf1040b8ae729140281eefb4fa1a60c2481aa0942db11e902d7080ed1ec7a94fa2af39fc9dcd9065b1a598a7e1a9c7d712ec0d085e6ee4f94733c67128e1c9e3409b285784c1237626ff95f1d62c823fe45370000e5d9c9d949d4c064042353d97238f9e3d22adc68a486a19f27cd0f01a10baad671e1404e8084c6d00c8e39c16f349eb4a46f32e8e0cd115e52303b665e18e51bc8790903295e21f76489efbc1dade3202345996d7d3fc7f49b09cbd9fa9f9b65dadfca663c23dd91011550625625dbc54a14886d7aef9cf07500c1974b69f04b68718e93eee39243b31e65615e773238311de22ea853afc1ed4d4bad77c0c25f5779f1db44cad945dbd25a97b2586db4287adcf95d121d5c0ce9ebc6d639b0938683131d866172f5a72c30aabf8eadad02de588aab2ea08608de6cd5f4b79da4b3985b94c55097bb3e402c1365a3e58c985ca72636f578b611eeaab90962b4e1d116436404490f1603afc2a094bf2e20560d04bcbdd98a461e46019da60fe30c6c9ae6b718f2e62366ccd9a2ffc9c29696bdb3aac23af24f5f7cf946f46c3ccd10d4ebfe304db5b01bf24f7e6ac0a7b3e94e0a359a9e82ff1fb34a24d7e8c556fd0127bcbfe73fd018a3551af60cfd976a890af589952d27ceb53ea2485d7389606c4e2b0cd58f46cf99a13247f601535df48012f6ce7967e4585946124c552e2a90fb2700934343f16ac1fa633be397ff603dc266adf64723ed1c59dec711474970dfee1b9d9fa22f22fb659f4720bf09ca4cf4f9226b59149243b2b07af29292fdc52add2e729a49f74dbc466329695c98cb200c8e369747be042a6f392a0081c34a38925bc89886126a9cbe14ed9b0be518c5520099b0bd10d3434b9d010a323f0fdcc5ccaa76c0b2402c9046d8c0e572f50010a37100bfe33e0862cf4fa984e55126e62a4d816cfdb102f979e589df48375bf88f6b18783ef194b56bc08c8cb227530a5b028722738dbc5dd1cb9881d96acc436086669e27a5f726a0e26e78abd78a79506539b60877aed7e71117f992552ff81d34e1770bffff4a2c11c9cd67f7a97117c6ddf1d31577f4f66d7973c4fe7867c788df4dbc44bb9afea1bd77cac67ae5433ef85c7450737eba8c5b5cd2de5adeb88d15a2f1b946cf8f938931985e3bd88c651e787af3a12ae3b324af742c6e7d8df05fe894a4c47d08c380e24e7310eae6d31269a256b683dcee527b5ebda74aafb7d48272d840d66ea8741e1e029f26c5f541ddeebb92d2f84b03e98acabb0b6652b2552d8735e42eeb8b584007ba50a85eaf41ecf7a3ab475ce7052c0c881c5fe05f6f17b7ba65ad5ab69f23ac3ba508a66fc73bdf8553e48b169a916fe52d94a120cd241033cb41dd3832679183be2a83ed3377c9a4c0e836792c2c569ac56ba0c4b5af4e6b1b14b421ece591857daece50d4c6896abff1dffa18d89d9247f316e5913bf8ed5fba4d6a7b9b81bd5fa797a082a2d63ac897960c4781bf500f126b0dad9b1799d0f243edc7aafdea306dfe5daf4323013cd0e3f07db1ab540951f34a77d1c006ed8011deb4aa9c2c02c1d1e2caa98f0800609fc3e02011d9bde12df7ff85fb357e942437c35a4cd844ea52e7f77dd87888f62eb13e6a13fcc1911e09d320a16b0dc58bdd01aeb4a8ea7d009baaa2eace980d97482324611448873fa66e451666ddd648deaa4f649fe4e5f76771d9b376ce5348669cb7e8ff3b3eb863809a7e2a2354efbe56a96d34b2d70a62d30e50a07aa301c3ab2867a226302a43d1717f2c731092bb5f7d533cc413ed0cc266b247e4009d936923408a14e9c7478ec55a3fd6807e6cad402ca7ed4a7a39581ef756be2b52ce44e668c41ee60e35c82799fcdbab060fb81e0c39a0744b21152449ee80e20a3d7f1cdaf608644f7669af436e2d4e9ab058755b1c6ccf2fe41d8c49b5fc5bf985a2b22303f38ba01e9e0f652907a21e168da69af61dfcd9896b50f97aef0bf08009a1b42b90d2fff4d9b1c4a7071b7f5f4a9ca5eb8827b09683c6c1cb4ec1e93a522d1d3235dbdde8304f6767d65c8d7a9697344cfa1c99a848c4fc9943cb28c33c67f6af4f9bba7ad94a1a89e476c767849e570ec4317f95513b2d51236e58d8492064789b048a5f905b4335ce652f5904b2e3b84a85df6b30c8152b73cff797e86c06709ca4725c247a2117f53fb73cb6165fe592ba588e826e4aad24629719fd1c26593b8f6b485d6851c3979b648536d56927eea1d341ad92cb5ae51224323c0eb8d1a4413801d1648f65023504f72211a158a5d6b4243cf21902600d48b289f508a31083b4c01f1679a86f4a060000007082aa8b2b22c075492ec19dae65984df6a9098809862482e9c96c33f8b82b078be5998f2fae38fcb20178ea0bfd11f6f1af3d7b71276844ccaf4c609f9ee5ee5920f306bda892c05767c8761f6d9ba771f22d2813992e43f97a2e6802eb1e89403b99a183b1f7b2c2a280122806d1989b18a0e33a52b6f2a63b16af4b5987fdc94ff69ca034027a29dc4266ad537d65c72c3f8a2b4db1472ff201bcaea1e74d0bea55940ce336d7f0f06a3da553f49e169b244a1ed92901996d021320edc26a51d83146f23e56ae09cb67995e0fae9d778f5719e5a4b22dbe3f6a77cd84b0904b7ce5924dfa6884ac7465a0c86d1a629bb6416c1d43e99732f082df79f6f3b59df5ed8bbc0dde176d38d4c2180a5b89e88e69b8c1f44a5a7224d9c7ad6783a486971e55aa1eab6e7069ac777078d506fd9449e905985d7b6be04f129b64736c135d7e6d608fb4b1f9c90a45e5425109f24dab94245bb7f8e95e0ae68cad14359e8eef07b17ee928bee8861ee90c8dd3b4d00d99965c62bc59cabe007273a3778423405079bd1977bef5fcffe99e87a530fe2ad385d08469e2ff38d0e143eab2b2c148d8337412ade173bd2a80ea09defc5b86100ee52d5161d56732a42af24baddbcca3e070145752bddb5aec690e27e3edddbba682999ae3d83196f262c19156c2143685156dc759320f620fb6f0b600e72157ee7175899ba1b41cdc7f847a482d719afba0b13344575219f87713190ed88559d31a7530da04d338474ee0c4b0d6303dfa6f8615b55736fef9e9753c762bd856567b833bd3739fb06e9289775ea26afe0d418b777ecced98c524597b1023e1332d7fa62e5a6913d1ba0665c18b9cd9d6b7e5d00026aafcb84c25fa0bdfa717f88dd600d2f22a1b7ed7141318b84e5f3d48cf5915bdd1b5cafe83699426c19fb278e202e5270b559c9dcf8ce1c52405e77b1790dbd1aa76573d7ceb5ca5dfea5b7262b80c280fdbc0169e74491996fc09c10698f0f4e1e7903876c28d644dbe06f69763bb92686c27b47367d776d9897df0a8fdc376263edee970c888bd954d4084365c9cba5befbd03f603fba1567c2d3a2549657a06df5970d11e9a156c788f7324a14ba1476b7307bbe265f23f1f78972ac87ffc419d3247f6ec585407f016e1ad9c455520cf0482a979c0b95bbd2651bfff2faf3913671e89f5252da00e8842f6d8be6801ab678eb8d9f671feae9d410c9613662e2b2cdb16904d50f5559bcb013f4225ff72a98975e4524667d07e173944713c9ea18cf7ac1a11ac023764d6a54bc4f50ce4502e71f07df2a52eff422c93fbaf32503adeefd87e2f70b8294232107a3adb90020552b289eb94e69bda5b8a76f5ae2ec4cca371291a272f936624c2f1bab2e15a03dcee46b0a59d38c4100e22b08f6856c53b1898d6a1ad0e4d7412dfc3aef61f22d4237a4a066e80b496e43d0f77856fa70dd5ff5627668a136877aa3ae1398484621dcb75e21059ff887bf3087da157dc16e3c652cffbc5fa31c4ac572ed890950987431a693e752b4f75f5786482dfbb726079a8dab3ac98c6499bd06356f0e7a2033e539f3a0928f32a1d15ba1ba4dea2d2e8cff75782b7b73d71183a67737bbbda40248032500a5217f59a5cfd6b92950c40ac7b54533d9a7418e5db4e101f812379b4170044a6621dc990e2a5a97587ed00a0d3d95c7fe85bee64c2030b4144b0641b08476f0f133336253694dc27ff5d9130028c7472db2e7ca1112d05d9e0bc2a777a657763c03980c36f7cdfde6d7015085058161ac6f5362d052b0625521cdebcdb882826de50e3893906349c0d30c85a3462e0e36da20c4deb389c0d1c57ef9653312891ab586b8c227172fa47ef821934e907f063430e5c74a456cb44ed5a9fdb4cec6df8f43ad2950cc1015e9245d967a9c2ab88eb2f50672186d6be6d01d02407eed2e22cc3a2afbdc6c2053d19c527ee6feeac80363ab2b66daf6968142f48149614fda7976c156a617f150c56c59c6aa2a5123cc92451f9436d9915a65119c3a0423b7f2185cb3c4a34624f7e5ffe4f711a6915fcc21c8fefdf21d191005971a312704e56583697e0b4acf180008e2dc3a4adb74d6a1b439d25b1f4f2692caede3c1dae852f8da8c0aa51ceea63ba374f9a43aec2a4687d400af5fed14b4e7405ca5b36588bbe1a3b0b864e971c5c41d03c3c6ee398bb7cb0043f7f457217c5e7984c549d131e6e7c754ee98da028b76cad17ff85f39dc4ca6a92e4dcc4fb4cea9a607fd7b7e9c8b52e9624d8dd4c48e85e5990c6fba6d6d6c993abbec42936af1b56498d66a4db334128dfd1b3fbbb252e36aabd474806d80a394387599423b46a1f712c8d688a4602b8f1ab2e98878ac263729d0fd097491cf27585fe9f4f163a6c5bd89a87a7e92a0f9c53f9f053cdc836659c3740e6e029d635374e5756d128d1a78614fd84036a9bfc12b6818ca6d56da6802df3859f3b781612325235323fcf8b379394ce839e9c266700"/4125], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x20702, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x400})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x600})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)

448.964327ms ago: executing program 2 (id=2514):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="8fedcb7907031175f37538e486dd630080"], 0xfdef)
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x83, &(0x7f0000000000)=r3, 0x8)

20.017093ms ago: executing program 0 (id=2515):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000147c0)={&(0x7f0000001200)=ANY=[@ANYBLOB="040100001600010025bd7000ffdbdf2500000000000000000000000000000000fc0100000000000000000000000000014e2200004e200003020020a03a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000000000b000004d533000000ac1414aa00000000000000000000000001000000000000000f00000000000000040000000000000001800000000000000800000000000000f907000000000000f0aa000000000000020000000000000000005000000000000400000000000000040000000000000002000000000000000ac900008a262721080000002bbd7000073500000a0000041000000000000000ff000000020000800c000001"], 0x104}, 0x1, 0x0, 0x0, 0x2}, 0x48000)

0s ago: executing program 1 (id=2516):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="020a00030700000026bd7000fbdbdf2505001a00ac14141c000000000000000000000000e0000002000000000000000000000000030084"], 0x38}}, 0x20000000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:50561' (ED25519) to the list of known hosts.
syzkaller login: [   55.958027][ T5829] cgroup: Unknown subsys name 'net'
[   56.038544][ T5829] cgroup: Unknown subsys name 'cpuset'
[   56.042518][ T5829] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.490925][ T5829] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   62.350402][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.355640][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.360563][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.364067][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.368422][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.371963][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.377013][ T5855] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.377721][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.382091][ T5855] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.386194][ T5855] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.389871][ T5855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.392562][ T5855] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.406270][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.419957][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.424576][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.706014][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   62.743877][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   62.775146][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   62.828162][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.831879][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.835070][ T5846] bridge_slave_0: entered allmulticast mode
[   62.838853][ T5846] bridge_slave_0: entered promiscuous mode
[   62.842662][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.845195][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.847775][ T5846] bridge_slave_1: entered allmulticast mode
[   62.851572][ T5846] bridge_slave_1: entered promiscuous mode
[   62.902675][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.910193][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.945119][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.949597][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.952706][ T5845] bridge_slave_0: entered allmulticast mode
[   62.955984][ T5845] bridge_slave_0: entered promiscuous mode
[   62.959764][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.962726][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.968022][ T5845] bridge_slave_1: entered allmulticast mode
[   62.971919][ T5845] bridge_slave_1: entered promiscuous mode
[   63.026698][ T5846] team0: Port device team_slave_0 added
[   63.040984][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.048586][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.053874][ T5846] team0: Port device team_slave_1 added
[   63.070045][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.072996][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.077546][ T5852] bridge_slave_0: entered allmulticast mode
[   63.081425][ T5852] bridge_slave_0: entered promiscuous mode
[   63.109543][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.112632][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.116781][ T5852] bridge_slave_1: entered allmulticast mode
[   63.120178][ T5852] bridge_slave_1: entered promiscuous mode
[   63.140697][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.143526][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.153438][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.160021][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.162639][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.172937][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.191149][ T5845] team0: Port device team_slave_0 added
[   63.212485][ T5845] team0: Port device team_slave_1 added
[   63.229847][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.273730][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.290371][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.292955][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.302330][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.312467][ T5846] hsr_slave_0: entered promiscuous mode
[   63.316210][ T5846] hsr_slave_1: entered promiscuous mode
[   63.332347][ T5852] team0: Port device team_slave_0 added
[   63.337563][ T5852] team0: Port device team_slave_1 added
[   63.340503][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.343160][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.353725][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.404087][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.407451][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.417816][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.442713][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.445159][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.454563][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.494167][ T5845] hsr_slave_0: entered promiscuous mode
[   63.497235][ T5845] hsr_slave_1: entered promiscuous mode
[   63.499673][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[   63.501640][ T5845] Cannot create hsr debugfs directory
[   63.581360][ T5852] hsr_slave_0: entered promiscuous mode
[   63.583915][ T5852] hsr_slave_1: entered promiscuous mode
[   63.586551][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   63.588356][ T5852] Cannot create hsr debugfs directory
[   63.835799][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.845490][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.862864][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.878232][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.928513][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   63.938278][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   63.949977][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   63.968353][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.010132][ T5852] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.018421][ T5852] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.038166][ T5852] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.057386][ T5852] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.143331][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.170290][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   64.197081][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.200074][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.220337][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.223247][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.234838][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.280022][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   64.302239][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.305093][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.315254][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.331288][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.334188][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.361563][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   64.401739][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.404684][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.408564][ T5855] Bluetooth: hci1: command tx timeout
[   64.413597][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.416691][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.487024][ T5855] Bluetooth: hci0: command tx timeout
[   64.489456][ T5855] Bluetooth: hci2: command tx timeout
[   64.559765][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.613370][ T5845] veth0_vlan: entered promiscuous mode
[   64.629560][ T5845] veth1_vlan: entered promiscuous mode
[   64.663092][ T5845] veth0_macvtap: entered promiscuous mode
[   64.674284][ T5845] veth1_macvtap: entered promiscuous mode
[   64.682007][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.714176][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.728137][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.738169][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.753403][ T5694] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.760493][ T5694] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.771988][ T5694] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.775346][ T5694] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.822808][ T5852] veth0_vlan: entered promiscuous mode
[   64.848675][ T5852] veth1_vlan: entered promiscuous mode
[   64.871282][ T5846] veth0_vlan: entered promiscuous mode
[   64.901184][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.904266][ T5846] veth1_vlan: entered promiscuous mode
[   64.904408][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.967728][ T5852] veth0_macvtap: entered promiscuous mode
[   64.967742][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.971991][ T5852] veth1_macvtap: entered promiscuous mode
[   64.974789][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.978363][ T5846] veth0_macvtap: entered promiscuous mode
[   64.991384][ T5846] veth1_macvtap: entered promiscuous mode
[   65.024122][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.034574][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   65.050257][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.060798][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.069880][ T5877] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.079128][ T5897] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.097750][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.104028][ T5897] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.118398][ T5897] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.148151][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.169335][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.182579][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.187365][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.235183][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.242744][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.294787][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.299159][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.330366][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.333558][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.405887][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.413424][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.664264][ T5927] warning: `syz.0.7' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.805550][    C0] hrtimer: interrupt took 50036 ns
[   66.133853][ T5940] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.486189][ T5855] Bluetooth: hci1: command tx timeout
[   66.565859][ T5855] Bluetooth: hci0: command tx timeout
[   66.566258][ T5235] Bluetooth: hci2: command tx timeout
[   66.743564][ T5962] netlink: 48 bytes leftover after parsing attributes in process `syz.1.23'.
[   66.792222][ T5966] tap0: tun_chr_ioctl cmd 1074025672
[   66.794808][ T5966] tap0: ignored: set checksum enabled
[   67.254882][ T5998] netlink: 'syz.1.40': attribute type 27 has an invalid length.
[   67.258594][ T5998] netlink: 164 bytes leftover after parsing attributes in process `syz.1.40'.
[   67.974381][ T6020] =======================================================
[   67.974381][ T6020] WARNING: The mand mount option has been deprecated and
[   67.974381][ T6020]          and is ignored by this kernel. Remove the mand
[   67.974381][ T6020]          option from the mount to silence this warning.
[   67.974381][ T6020] =======================================================
[   68.157092][ T6026] veth1_macvtap: left promiscuous mode
[   68.163759][ T6026] macsec0: entered allmulticast mode
[   68.277498][ T6035] netlink: 'syz.2.56': attribute type 31 has an invalid length.
[   68.285043][ T6037] netlink: 'syz.0.57': attribute type 7 has an invalid length.
[   68.409981][ T6046] netlink: 'syz.2.61': attribute type 10 has an invalid length.
[   68.413036][ T6046] netlink: 44 bytes leftover after parsing attributes in process `syz.2.61'.
[   68.452935][ T6048] openvswitch: netlink: Flow key attr not present in new flow.
[   68.565963][ T5235] Bluetooth: hci1: command tx timeout
[   68.623810][ T6059] C: renamed from team_slave_0 (while UP)
[   68.635887][ T6059] netlink: 'syz.0.66': attribute type 3 has an invalid length.
[   68.643511][ T6059] netlink: 152 bytes leftover after parsing attributes in process `syz.0.66'.
[   68.648669][ T5235] Bluetooth: hci2: command tx timeout
[   68.653239][ T6059] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   68.659382][ T5235] Bluetooth: hci0: command tx timeout
[   68.816521][ T6066] xt_time: invalid argument - start or stop time greater than 23:59:59
[   68.822950][ T5235] Bluetooth: hci1: unexpected event 0x09 length: 15 > 3
[   69.175212][ T6081] netlink: 'syz.0.77': attribute type 5 has an invalid length.
[   69.750519][ T6112] netlink: 12 bytes leftover after parsing attributes in process `syz.0.89'.
[   69.782061][ T6112] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   69.972018][ T6121] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.94'.
[   70.273081][ T6135] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.101'.
[   70.350920][ T6137] netlink: 'syz.1.102': attribute type 41 has an invalid length.
[   70.354909][ T6137] netlink: 40 bytes leftover after parsing attributes in process `syz.1.102'.
[   70.567975][ T6143] netlink: 'syz.0.104': attribute type 12 has an invalid length.
[   70.570712][ T6143] netlink: 132 bytes leftover after parsing attributes in process `syz.0.104'.
[   70.649310][ T5235] Bluetooth: hci1: command tx timeout
[   70.758751][ T5235] Bluetooth: hci0: command tx timeout
[   70.761440][ T5235] Bluetooth: hci2: command tx timeout
[   71.288598][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.291379][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.383474][ T6171] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.111'.
[   71.770450][ T6226] netlink: 492 bytes leftover after parsing attributes in process `syz.1.117'.
[   71.894042][ T6227] Zero length message leads to an empty skb
[   72.381511][ T6256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.131'.
[   72.439174][ T6259] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[   72.813985][ T6274] Driver unsupported XDP return value 0 on prog  (id 54) dev N/A, expect packet loss!
[   72.927280][ T6280] netlink: 'syz.1.141': attribute type 27 has an invalid length.
[   72.929868][ T6280] netlink: 152 bytes leftover after parsing attributes in process `syz.1.141'.
[   72.959019][ T6280] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   73.332319][ T6306] netlink: 182 bytes leftover after parsing attributes in process `syz.2.153'.
[   73.647976][ T5855] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[   73.679724][ T6336] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.168'.
[   73.687021][ T6336] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   73.691168][ T6336] openvswitch: netlink: Message has 6324 unknown bytes.
[   73.728068][ T6337] netlink: 'syz.1.167': attribute type 10 has an invalid length.
[   73.731083][ T6337] netlink: 2 bytes leftover after parsing attributes in process `syz.1.167'.
[   73.736309][ T6337] bond0: entered promiscuous mode
[   73.738344][ T6337] bond_slave_0: entered promiscuous mode
[   73.741494][ T6337] bond_slave_1: entered promiscuous mode
[   73.743937][ T6337] bridge0: port 3(bond0) entered blocking state
[   73.747964][ T6337] bridge0: port 3(bond0) entered disabled state
[   73.750880][ T6337] bond0: entered allmulticast mode
[   73.753090][ T6337] bond_slave_0: entered allmulticast mode
[   73.755362][ T6337] bond_slave_1: entered allmulticast mode
[   73.770526][ T6337] bridge0: port 3(bond0) entered blocking state
[   73.772859][ T6337] bridge0: port 3(bond0) entered forwarding state
[   73.951614][ T6350] netlink: 'syz.2.173': attribute type 1 has an invalid length.
[   74.240556][ T6355] can: request_module (can-proto-0) failed.
[   74.360607][ T6362] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.179'.
[   74.441685][ T6364] wlan1 speed is unknown, defaulting to 1000
[   74.451118][ T6364] wlan1 speed is unknown, defaulting to 1000
[   74.455497][ T6364] wlan1 speed is unknown, defaulting to 1000
[   74.533094][ T6364] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   74.551088][ T6374] netlink: 'syz.0.184': attribute type 1 has an invalid length.
[   74.581204][ T6364] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   74.609132][ T6364] wlan1 speed is unknown, defaulting to 1000
[   74.664439][ T6364] wlan1 speed is unknown, defaulting to 1000
[   74.670230][ T6364] wlan1 speed is unknown, defaulting to 1000
[   74.801972][ T6382] netlink: 132 bytes leftover after parsing attributes in process `syz.0.185'.
[   75.502272][ T6399] netlink: 'syz.0.192': attribute type 28 has an invalid length.
[   75.505357][ T6399] netlink: 'syz.0.192': attribute type 29 has an invalid length.
[   75.525280][ T6399] netlink: 132 bytes leftover after parsing attributes in process `syz.0.192'.
[   75.581428][ T6399] netlink: 'syz.0.192': attribute type 9 has an invalid length.
[   75.585373][ T6399] netlink: 'syz.0.192': attribute type 8 has an invalid length.
[   75.599362][ T6399] netlink: 143452 bytes leftover after parsing attributes in process `syz.0.192'.
[   75.685718][ T5855] Bluetooth: hci1: command tx timeout
[   76.936255][ T6439] netlink: 'syz.1.209': attribute type 16 has an invalid length.
[   76.940475][ T6439] __nla_validate_parse: 6 callbacks suppressed
[   76.940490][ T6439] netlink: 156 bytes leftover after parsing attributes in process `syz.1.209'.
[   77.367582][ T6451] netlink: 100 bytes leftover after parsing attributes in process `syz.0.216'.
[   77.408350][ T6459] netlink: 'syz.1.219': attribute type 10 has an invalid length.
[   77.419176][ T6459] bridge0: port 3(bond0) entered disabled state
[   77.422276][ T6459] bond0: left allmulticast mode
[   77.424258][ T6459] bond_slave_0: left allmulticast mode
[   77.433190][ T6459] bond_slave_1: left allmulticast mode
[   77.436737][ T6459] bond0: left promiscuous mode
[   77.438983][ T6459] bond_slave_0: left promiscuous mode
[   77.441377][ T6459] bond_slave_1: left promiscuous mode
[   77.444007][ T6459] bridge0: port 3(bond0) entered disabled state
[   78.208323][ T6480] netlink: 'syz.1.226': attribute type 3 has an invalid length.
[   78.211604][ T6480] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.226'.
[   78.391444][ T6490] netlink: 'syz.2.231': attribute type 1 has an invalid length.
[   78.395761][ T6490] netlink: 'syz.2.231': attribute type 4 has an invalid length.
[   78.401875][ T6490] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.231'.
[   78.639062][ T6503] netlink: 'syz.2.237': attribute type 10 has an invalid length.
[   79.286983][ T6503] syz.2.237 (6503) used greatest stack depth: 20432 bytes left
[   79.433341][ T6514] netlink: 'syz.1.242': attribute type 10 has an invalid length.
[   79.925363][ T6514] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   80.010230][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   80.011555][ T6522] syzkaller0: entered promiscuous mode
[   80.015450][ T6522] syzkaller0: entered allmulticast mode
[   80.016659][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.022288][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.027537][ T5235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.031950][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   80.061467][ T5897] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.103972][ T5897] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.130200][ T6527] wlan1 speed is unknown, defaulting to 1000
[   81.219810][ T5897] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.377652][ T5897] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.472262][ T6527] chnl_net:caif_netlink_parms(): no params data found
[   81.582761][ T6551] netlink: 'syz.2.255': attribute type 4 has an invalid length.
[   81.588083][ T6551] netlink: 152 bytes leftover after parsing attributes in process `syz.2.255'.
[   81.705115][ T6551] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   81.760817][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.764977][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.768218][ T6527] bridge_slave_0: entered allmulticast mode
[   81.771493][ T6527] bridge_slave_0: entered promiscuous mode
[   81.779885][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.783579][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.787826][ T6527] bridge_slave_1: entered allmulticast mode
[   81.791817][ T6527] bridge_slave_1: entered promiscuous mode
[   81.900434][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.923284][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.937771][ T5897] bridge_slave_1: left allmulticast mode
[   81.940382][ T5897] bridge_slave_1: left promiscuous mode
[   81.944499][ T5897] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.959359][ T5897] bridge_slave_0: left allmulticast mode
[   81.965883][ T5897] bridge_slave_0: left promiscuous mode
[   81.968520][ T5897] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.087292][ T5855] Bluetooth: hci1: command tx timeout
[   82.308550][ T5897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.316658][ T5897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.323461][ T5897] bond0 (unregistering): Released all slaves
[   82.501275][ T6527] team0: Port device team_slave_0 added
[   82.518645][ T6527] team0: Port device team_slave_1 added
[   82.629673][ T6570] netlink: 'syz.1.262': attribute type 6 has an invalid length.
[   82.632719][ T6570] netlink: 'syz.1.262': attribute type 1 has an invalid length.
[   82.638582][ T6570] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.262'.
[   82.920471][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.922949][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.944849][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.985272][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.988423][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.999400][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.041681][ T6527] hsr_slave_0: entered promiscuous mode
[   83.057284][ T6527] hsr_slave_1: entered promiscuous mode
[   83.065304][ T6527] debugfs: 'hsr0' already exists in 'hsr'
[   83.068478][ T6527] Cannot create hsr debugfs directory
[   83.069388][ T6581] netlink: 20 bytes leftover after parsing attributes in process `syz.2.264'.
[   83.102002][ T5897] hsr_slave_0: left promiscuous mode
[   83.136476][ T5897] hsr_slave_1: left promiscuous mode
[   83.139495][ T5897] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.142417][ T5897] batman_adv: batadv0: Removing interface: batadv_slave_0
[   83.147665][ T5897] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.150564][ T5897] batman_adv: batadv0: Removing interface: batadv_slave_1
[   83.174781][ T5897] veth1_macvtap: left promiscuous mode
[   83.177858][ T5897] veth0_macvtap: left promiscuous mode
[   83.180687][ T5897] veth1_vlan: left promiscuous mode
[   83.183139][ T5897] veth0_vlan: left promiscuous mode
[   83.285372][ T6590] netlink: 'syz.2.268': attribute type 39 has an invalid length.
[   83.627232][ T5897] team0 (unregistering): Port device team_slave_1 removed
[   83.662887][ T5897] team0 (unregistering): Port device C removed
[   84.169190][ T5855] Bluetooth: hci1: command tx timeout
[   84.299683][ T6598] netlink: 14 bytes leftover after parsing attributes in process `syz.1.269'.
[   85.404417][ T6527] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.417671][ T6527] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.422355][ T6527] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.424683][ T6642] netlink: 'syz.2.283': attribute type 10 has an invalid length.
[   85.434428][ T6642] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.443886][ T6645] netlink: 'syz.1.284': attribute type 17 has an invalid length.
[   85.444428][ T6642] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.448868][ T6645] netlink: 'syz.1.284': attribute type 16 has an invalid length.
[   85.453600][ T6645] netlink: 152 bytes leftover after parsing attributes in process `syz.1.284'.
[   85.464327][ T6642] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[   85.470417][ T6527] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.642657][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.663803][ T6527] 8021q: adding VLAN 0 to HW filter on device team0
[   85.674009][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.677253][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.714609][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.717950][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.988545][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.013019][ T6527] veth0_vlan: entered promiscuous mode
[   86.049319][ T6527] veth1_vlan: entered promiscuous mode
[   86.064574][ T6527] veth0_macvtap: entered promiscuous mode
[   86.069266][ T6527] veth1_macvtap: entered promiscuous mode
[   86.082189][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.090385][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.245776][ T5855] Bluetooth: hci1: command tx timeout
[   86.651676][ T1271] cfg80211: failed to load regulatory.db
[   87.875771][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.926668][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.930654][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.934481][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.969896][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.974619][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.015102][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.022345][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.346191][ T5855] Bluetooth: hci1: command tx timeout
[   88.545089][ T6707] syzkaller0: create flow: hash 3258760680 index 1
[   88.943907][ T6709] netlink: 531 bytes leftover after parsing attributes in process `syz.1.300'.
[   89.037052][ T6701] syzkaller0: delete flow: hash 3258760680 index 1
[   89.672179][ T6732] netlink: 'syz.0.311': attribute type 11 has an invalid length.
[   89.675310][ T6732] netlink: 'syz.0.311': attribute type 11 has an invalid length.
[   89.681119][ T6732] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.311'.
[   89.714432][ T6734] netlink: 132 bytes leftover after parsing attributes in process `syz.0.312'.
[   89.753051][ T5855] Bluetooth: hci1: unknown advertising packet type: 0x0c
[   90.581262][ T6714] wlan1 speed is unknown, defaulting to 1000
[   90.882308][ T6754] netlink: 20 bytes leftover after parsing attributes in process `syz.2.321'.
[   91.142597][ T6772] netlink: 731 bytes leftover after parsing attributes in process `syz.1.330'.
[   91.201402][ T6777] netlink: 60 bytes leftover after parsing attributes in process `syz.2.325'.
[   91.276869][ T5855] Bluetooth: hci2: unexpected event 0x2c length: 82 > 17
[   91.276899][ T5855] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[   91.780542][ T6786] wlan1 speed is unknown, defaulting to 1000
[   91.965304][ T6797] netlink: 'syz.1.339': attribute type 29 has an invalid length.
[   91.969657][ T6797] netlink: 'syz.1.339': attribute type 29 has an invalid length.
[   91.973302][ T6797] netlink: 'syz.1.339': attribute type 29 has an invalid length.
[   92.100109][ T6800] sctp: [Deprecated]: syz.2.340 (pid 6800) Use of int in max_burst socket option deprecated.
[   92.100109][ T6800] Use struct sctp_assoc_value instead
[   92.369615][ T6816] netlink: 12 bytes leftover after parsing attributes in process `syz.2.347'.
[   92.528179][ T6825] netlink: 'syz.1.352': attribute type 1 has an invalid length.
[   92.533216][ T6825] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.352'.
[   92.668313][ T6830] netlink: 'syz.1.354': attribute type 6 has an invalid length.
[   92.673015][ T6830] netlink: 140 bytes leftover after parsing attributes in process `syz.1.354'.
[   92.859354][ T6840] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.359'.
[   92.864224][ T6840] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   93.330281][ T6855] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[   93.835328][ T6873] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   94.117405][ T6885] __nla_validate_parse: 3 callbacks suppressed
[   94.117422][ T6885] netlink: 14 bytes leftover after parsing attributes in process `syz.0.378'.
[   94.969403][ T6908] netlink: 4 bytes leftover after parsing attributes in process `syz.2.387'.
[   95.163232][ T6915] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[   95.370458][ T6914] netlink: 56537 bytes leftover after parsing attributes in process `syz.1.389'.
[   96.034485][ T6955] sctp: [Deprecated]: syz.1.407 (pid 6955) Use of int in maxseg socket option.
[   96.034485][ T6955] Use struct sctp_assoc_value instead
[   96.352294][ T6963] netlink: 'syz.1.411': attribute type 39 has an invalid length.
[   96.567236][ T6965] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   96.570975][ T6965] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   96.614970][ T6968] netlink: 'syz.1.412': attribute type 21 has an invalid length.
[   96.620826][ T6968] netlink: 132 bytes leftover after parsing attributes in process `syz.1.412'.
[   96.633287][ T6967] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.674492][ T6970] netlink: 108 bytes leftover after parsing attributes in process `syz.2.414'.
[   96.683955][ T6968] netlink: 'syz.1.412': attribute type 5 has an invalid length.
[   97.373243][ T7004] netlink: 16038 bytes leftover after parsing attributes in process `syz.0.428'.
[   97.913212][ T6965] syz.1.412 (6965) used greatest stack depth: 20176 bytes left
[   98.077993][ T7025] IPv6: Can't replace route, no match found
[   99.050408][ T7047] tap0: tun_chr_ioctl cmd 1074025678
[   99.052871][ T7047] tap0: group set to 0
[   99.179714][ T7057] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.446'.
[   99.185186][ T7057] netlink: zone id is out of range
[   99.201399][ T7057] netlink: get zone limit has 8 unknown bytes
[   99.471410][ T7076] netlink: 4200 bytes leftover after parsing attributes in process `syz.0.452'.
[   99.869726][ T7095] netlink: 'syz.0.461': attribute type 12 has an invalid length.
[   99.873958][ T7095] netlink: 132 bytes leftover after parsing attributes in process `syz.0.461'.
[   99.993954][ T7096] syz.0.461 (7096) used obsolete PPPIOCDETACH ioctl
[  100.073544][ T7095] syz.0.461 uses obsolete (PF_INET,SOCK_PACKET)
[  101.621794][ T7148] netlink: 60 bytes leftover after parsing attributes in process `syz.2.481'.
[  101.630561][ T5855] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[  101.631301][ T7148] netlink: 60 bytes leftover after parsing attributes in process `syz.2.481'.
[  101.642517][ T7148] netlink: 60 bytes leftover after parsing attributes in process `syz.2.481'.
[  102.291699][ T7159] netlink: 'syz.1.488': attribute type 11 has an invalid length.
[  102.294644][ T7159] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.488'.
[  102.304834][ T7159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  102.751131][ T7163] netlink: 60 bytes leftover after parsing attributes in process `syz.2.490'.
[  102.760191][ T7163] netlink: 60 bytes leftover after parsing attributes in process `syz.2.490'.
[  102.899521][ T7172] netlink: 'syz.1.493': attribute type 7 has an invalid length.
[  103.282821][ T7186] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.499'.
[  103.889258][ T7192] netlink: 'syz.1.501': attribute type 19 has an invalid length.
[  107.038882][ T7210] __nla_validate_parse: 2 callbacks suppressed
[  107.038902][ T7210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.509'.
[  108.939003][ T7219] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[  108.950447][ T7219] 8021q: adding VLAN 0 to HW filter on device team0
[  108.955372][ T7219] bond0: (slave team0): Enslaving as an active interface with an up link
[  109.061383][ T7219] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[  109.145848][ T7219] can: request_module (can-proto-0) failed.
[  109.198491][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.514'.
[  109.201677][ T7223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.514'.
[  109.656933][ T7243] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  111.425177][ T7275] netlink: 12 bytes leftover after parsing attributes in process `syz.2.536'.
[  111.439648][ T7275] netlink: 68 bytes leftover after parsing attributes in process `syz.2.536'.
[  111.724873][ T7287] netlink: 'syz.2.541': attribute type 5 has an invalid length.
[  111.740875][ T7287] : entered promiscuous mode
[  112.156963][ T7297] netlink: 220 bytes leftover after parsing attributes in process `syz.1.544'.
[  112.171831][ T7297] openvswitch: netlink: Key 0 has unexpected len 4 expected 0
[  113.218210][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.1.553'.
[  113.386619][ T7324] netlink: 80 bytes leftover after parsing attributes in process `syz.1.555'.
[  114.474428][ T7360] netlink: 'syz.2.573': attribute type 1 has an invalid length.
[  114.579003][ T7372] netlink: 'syz.0.578': attribute type 1 has an invalid length.
[  114.582056][ T7372] netlink: 'syz.0.578': attribute type 4 has an invalid length.
[  114.584951][ T7372] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.578'.
[  114.594847][ T7372] netlink: 'syz.0.578': attribute type 1 has an invalid length.
[  114.601002][ T7372] netlink: 'syz.0.578': attribute type 4 has an invalid length.
[  114.604002][ T7372] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.578'.
[  115.911416][ T7410] netlink: 56 bytes leftover after parsing attributes in process `syz.1.594'.
[  116.061260][ T7422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.600'.
[  116.065174][ T7422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.600'.
[  116.075900][ T7422] netlink: 2 bytes leftover after parsing attributes in process `syz.0.600'.
[  117.236969][ T7443] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.610'.
[  117.382824][ T7454] netlink: 'syz.1.615': attribute type 10 has an invalid length.
[  117.409865][ T7454] team0: Device ipvlan1 failed to register rx_handler
[  117.455783][ T7454] syz.1.615 (7454) used greatest stack depth: 19704 bytes left
[  117.670817][ T7464] netlink: 92 bytes leftover after parsing attributes in process `syz.1.619'.
[  117.675076][ T7464] netlink: 92 bytes leftover after parsing attributes in process `syz.1.619'.
[  118.499606][ T7499] veth1_macvtap: left promiscuous mode
[  118.501894][ T7499] macsec0: entered promiscuous mode
[  118.504126][ T7499] macsec0: entered allmulticast mode
[  118.518411][ T7499] veth1_macvtap: entered promiscuous mode
[  118.520929][ T7499] veth1_macvtap: entered allmulticast mode
[  118.696577][ T7474] delete_channel: no stack
[  118.721250][ T7503] netlink: 68 bytes leftover after parsing attributes in process `syz.0.635'.
[  118.968638][ T7519] netlink: 2 bytes leftover after parsing attributes in process `syz.2.643'.
[  119.155099][ T7535] netlink: 'syz.2.651': attribute type 1 has an invalid length.
[  119.307550][ T7548] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664
[  120.422738][ T7567] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.664'.
[  120.483956][ T7572] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.666'.
[  120.611797][ T7578] netlink: 60 bytes leftover after parsing attributes in process `syz.1.669'.
[  120.659395][ T7581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.670'.
[  121.004553][ T7592] netlink: 'syz.1.675': attribute type 1 has an invalid length.
[  121.028090][ T7592] netlink: 'syz.1.675': attribute type 2 has an invalid length.
[  121.109765][ T7594] netlink: 'syz.1.676': attribute type 3 has an invalid length.
[  121.113203][ T7594] netlink: 135800 bytes leftover after parsing attributes in process `syz.1.676'.
[  121.318840][ T5855] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  122.570968][ T7641] __nla_validate_parse: 1 callbacks suppressed
[  122.570981][ T7641] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.696'.
[  123.320184][ T7647] netlink: 10 bytes leftover after parsing attributes in process `syz.2.697'.
[  123.342434][ T7657] wlan1 speed is unknown, defaulting to 1000
[  124.860118][ T7708] netlink: 15999 bytes leftover after parsing attributes in process `syz.2.724'.
[  124.904170][ T7713] netlink: 'syz.2.726': attribute type 29 has an invalid length.
[  126.716389][ T7666] syz.1.703 (7666) used greatest stack depth: 19616 bytes left
[  127.158488][ T7746] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.738'.
[  127.942236][ T7778] wlan1 speed is unknown, defaulting to 1000
[  128.015037][ T7782] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  128.111502][ T7795] netlink: 'syz.0.758': attribute type 2 has an invalid length.
[  128.127126][ T7795] netlink: 'syz.0.758': attribute type 1 has an invalid length.
[  128.243757][ T7801] netlink: 'syz.0.761': attribute type 2 has an invalid length.
[  128.268179][ T7801] netlink: 17267 bytes leftover after parsing attributes in process `syz.0.761'.
[  128.729442][ T1271] wlan1 speed is unknown, defaulting to 1000
[  128.732612][ T1271] syz0: Port: 1 Link DOWN
[  128.917227][ T7827] netlink: 'syz.2.771': attribute type 12 has an invalid length.
[  128.920862][ T7827] netlink: 132 bytes leftover after parsing attributes in process `syz.2.771'.
[  129.030055][ T7835] tmpfs: Bad value for 'mode'
[  129.102604][ T7837] netlink: 40 bytes leftover after parsing attributes in process `syz.2.776'.
[  129.106752][ T7837] netlink: 4 bytes leftover after parsing attributes in process `syz.2.776'.
[  130.530611][ T7886] netlink: 'syz.1.796': attribute type 21 has an invalid length.
[  130.634018][ T7891] wlan1 speed is unknown, defaulting to 1000
[  130.733779][ T7903] netlink: 'syz.1.802': attribute type 10 has an invalid length.
[  130.739605][ T7903] vlan0: entered allmulticast mode
[  130.741926][ T7903] veth0_vlan: entered allmulticast mode
[  130.751742][ T7903] team0: Port device vlan0 added
[  130.866815][ T7911] netlink: 'syz.2.808': attribute type 21 has an invalid length.
[  131.322171][ T5855] Bluetooth: hci1: adv larger than maximum supported
[  131.738232][ T7938] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.820'.
[  131.770852][ T7942] netlink: 763 bytes leftover after parsing attributes in process `syz.1.822'.
[  131.824451][ T7944] netlink: 'syz.0.823': attribute type 39 has an invalid length.
[  131.872956][ T7952] netlink: 48 bytes leftover after parsing attributes in process `syz.2.827'.
[  131.929007][ T7956] netlink: 26 bytes leftover after parsing attributes in process `syz.2.829'.
[  132.177827][ T7960] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  132.330639][ T7963] netlink: 20 bytes leftover after parsing attributes in process `syz.1.831'.
[  132.343241][ T7963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.831'.
[  132.622493][ T7944] hsr_slave_0 (unregistering): left promiscuous mode
[  132.719344][ T7968] sit0: entered allmulticast mode
[  132.732133][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.734982][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.751831][ T7968] sit0: entered promiscuous mode
[  132.870089][ T7973] netlink: 'syz.2.835': attribute type 31 has an invalid length.
[  133.442637][ T7977] netlink: 64 bytes leftover after parsing attributes in process `syz.1.836'.
[  133.446236][ T7977] netlink: 64 bytes leftover after parsing attributes in process `syz.1.836'.
[  133.762836][ T7999] netlink: 2 bytes leftover after parsing attributes in process `syz.1.846'.
[  133.770266][ T7995] netlink: 'syz.2.845': attribute type 39 has an invalid length.
[  133.850845][ T8004] netlink: 'syz.0.849': attribute type 30 has an invalid length.
[  133.888059][ T8006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.850'.
[  133.953004][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.853'.
[  134.217827][ T8037] netlink: 'syz.0.865': attribute type 27 has an invalid length.
[  134.220873][ T8037] netlink: 'syz.0.865': attribute type 4 has an invalid length.
[  134.223884][ T8037] netlink: 152 bytes leftover after parsing attributes in process `syz.0.865'.
[  134.410287][ T8053] netlink: 'syz.2.872': attribute type 21 has an invalid length.
[  134.414360][ T8053] netlink: 16166 bytes leftover after parsing attributes in process `syz.2.872'.
[  134.898186][ T8089] netlink: 'syz.1.890': attribute type 10 has an invalid length.
[  134.952247][ T5855] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  135.485752][ T8096] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.893'.
[  135.770662][ T8104] netlink: 'syz.1.897': attribute type 10 has an invalid length.
[  135.801211][ T8104] bond0: (slave team0): Releasing backup interface
[  135.812316][ T8104] team0: Cannot enslave team device to itself
[  136.245002][ T8126] netlink: 60 bytes leftover after parsing attributes in process `syz.0.908'.
[  136.464232][ T8128] netlink: set zone limit has 4 unknown bytes
[  136.500382][ T8132] netlink: 48 bytes leftover after parsing attributes in process `syz.0.911'.
[  136.525318][ T8134] netlink: 'syz.1.912': attribute type 10 has an invalid length.
[  136.593084][ T8139] netlink: 'syz.0.914': attribute type 2 has an invalid length.
[  136.599150][ T8139] netlink: 'syz.0.914': attribute type 1 has an invalid length.
[  136.602197][ T8139] nbd: couldn't find device at index 65542
[  138.368450][ T8194] tc_dump_action: action bad kind
[  138.733035][ T8207] delete_channel: no stack
[  138.818934][ T8215] bond0: (slave bond_slave_1): Error -28 calling ndo_bpf
[  138.884921][ T8217] netlink: 'syz.2.939': attribute type 10 has an invalid length.
[  139.113080][ T8217] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  139.492202][ T8224] __nla_validate_parse: 5 callbacks suppressed
[  139.492214][ T8224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.945'.
[  139.499583][ T8223] netlink: 60 bytes leftover after parsing attributes in process `syz.1.945'.
[  139.504742][ T8224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.945'.
[  139.677829][ T8234] netlink: 17 bytes leftover after parsing attributes in process `syz.0.950'.
[  139.751722][ T8234] netlink: zone id is out of range
[  139.754737][ T8234] netlink: zone id is out of range
[  139.760299][ T8234] netlink: zone id is out of range
[  139.763366][ T8234] netlink: zone id is out of range
[  139.774581][ T8234] netlink: zone id is out of range
[  139.778646][ T8234] netlink: zone id is out of range
[  139.781769][ T8234] netlink: zone id is out of range
[  139.784883][ T8234] netlink: zone id is out of range
[  139.792569][ T8234] netlink: zone id is out of range
[  139.795410][ T8234] netlink: zone id is out of range
[  139.847743][ T8246] netlink: 'syz.0.956': attribute type 41 has an invalid length.
[  139.851131][ T8246] netlink: 40 bytes leftover after parsing attributes in process `syz.0.956'.
[  140.027120][ T8257] netlink: 'syz.1.961': attribute type 46 has an invalid length.
[  140.645321][ T8307] netlink: 144 bytes leftover after parsing attributes in process `syz.0.984'.
[  141.042102][ T8315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.986'.
[  141.714327][ T8348] netlink: 'syz.1.1002': attribute type 29 has an invalid length.
[  141.722660][ T8350] netlink: 'syz.1.1002': attribute type 29 has an invalid length.
[  143.392788][ T8387] netlink: 'syz.0.1017': attribute type 10 has an invalid length.
[  143.652047][ T8396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1021'.
[  143.655925][ T8396] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1021'.
[  145.382479][ T5855] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[  145.382769][ T5855] Bluetooth: hci0: connection err: -111
[  146.062105][ T8466] netlink: 'syz.2.1053': attribute type 17 has an invalid length.
[  146.065287][ T8466] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1053'.
[  146.071176][ T8466] net_ratelimit: 76 callbacks suppressed
[  146.071190][ T8466] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  146.699449][ T8496] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1066'.
[  146.746264][ T8498] openvswitch: netlink: ct_state flags 0000e7cd unsupported
[  146.860880][ T8504] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1070'.
[  146.864835][ T8504] unsupported nlmsg_type 40
[  148.478076][ T8527] syz.2.1080 (8527) used greatest stack depth: 17296 bytes left
[  148.992884][ T8561] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1096'.
[  148.998033][ T8561] bond_slave_0: entered promiscuous mode
[  149.001703][ T8561] bond_slave_1: entered promiscuous mode
[  149.004269][ T8561] batadv_slave_0: entered promiscuous mode
[  149.007139][ T8561] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  149.492977][ T8587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1108'.
[  150.409604][ T8579] infiniband syz!: set active
[  150.412707][ T8579] infiniband syz!: added team_slave_0
[  150.416240][ T8579] syz!: rxe_create_cq: returned err = -12
[  150.419314][ T8579] infiniband syz!: Couldn't create ib_mad CQ
[  150.421459][ T8579] infiniband syz!: Couldn't open port 1
[  150.446345][ T8579] RDS/IB: syz!: added
[  150.449025][ T8579] smc: adding ib device syz! with port count 1
[  150.453462][ T8579] smc:    ib device syz! port 1 has pnetid 
[  150.767735][ T8613] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  151.056797][ T5855] Bluetooth: hci2: unexpected event 0x0b length: 15 > 11
[  151.121025][ T8626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1125'.
[  151.318737][ T5855] Bluetooth: hci0: Malformed LE Event: 0x0d
[  151.619526][ T8638] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.1131'.
[  152.514350][ T8680] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1149'.
[  152.518211][ T8680] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1149'.
[  152.560836][ T8684] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1151'.
[  153.450698][ T8728] netlink: 'syz.2.1164': attribute type 2 has an invalid length.
[  153.583394][ T8738] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1169'.
[  153.591682][ T8738] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1169'.
[  154.692558][ T8793] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1194'.
[  154.864674][ T8804] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1199'.
[  155.032200][ T8816] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  156.793032][ T8882] option changes via remount are deprecated (pid=8881 comm=syz.2.1237)
[  158.338351][ T8922] : entered promiscuous mode
[  158.372364][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1256'.
[  158.467304][ T8933] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1260'.
[  158.588206][ T8943] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1263'.
[  158.676042][ T8940] xt_time: unknown flags 0xf4
[  158.871043][ T8957] syzkaller0: entered promiscuous mode
[  158.872991][ T8957] syzkaller0: entered allmulticast mode
[  159.017319][ T8973] netlink: 'syz.2.1273': attribute type 4 has an invalid length.
[  159.072113][ T8969] netlink: 'syz.1.1271': attribute type 4 has an invalid length.
[  160.062430][ T9011] syzkaller0: entered promiscuous mode
[  160.064662][ T9011] syzkaller0: entered allmulticast mode
[  160.393240][ T9019] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1288'.
[  160.600474][ T9031] syzkaller0: entered promiscuous mode
[  160.603251][ T9031] syzkaller0: entered allmulticast mode
[  161.780222][ T9045] netlink: 'syz.2.1301': attribute type 1 has an invalid length.
[  161.944353][ T9052] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.947878][ T9052] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.952851][ T9052] bridge0: entered allmulticast mode
[  161.962822][ T9052] bridge_slave_1: left allmulticast mode
[  161.965289][ T9052] bridge_slave_1: left promiscuous mode
[  161.969359][ T9052] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.984963][ T9052] bridge_slave_0: left allmulticast mode
[  161.988026][ T9052] bridge_slave_0: left promiscuous mode
[  161.991099][ T9052] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.259133][ T9072] netlink: 'syz.2.1314': attribute type 4 has an invalid length.
[  162.262576][ T9072] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1314'.
[  163.321533][ T9095] pim6reg1: entered allmulticast mode
[  163.464928][ T9112] netlink: 65027 bytes leftover after parsing attributes in process `syz.0.1332'.
[  164.281055][ T9121] C: renamed from team_slave_0 (while UP)
[  164.284609][ T9121] netlink: 'syz.1.1335': attribute type 1 has an invalid length.
[  164.287990][ T9121] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1335'.
[  164.513813][ T5855] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  164.525313][ T5855] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  164.529776][ T5855] CPU: 1 UID: 0 PID: 5855 Comm: kworker/u11:4 Not tainted syzkaller #0 PREEMPT(full) 
[  164.529798][ T5855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  164.529809][ T5855] Workqueue: hci2 hci_rx_work
[  164.529832][ T5855] Call Trace:
[  164.529842][ T5855]  <TASK>
[  164.529853][ T5855]  dump_stack_lvl+0x189/0x250
[  164.529890][ T5855]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.529912][ T5855]  ? __pfx__printk+0x10/0x10
[  164.529966][ T5855]  ? kernfs_path_from_node+0x250/0x290
[  164.529982][ T5855]  ? kernfs_path_from_node+0x2f/0x290
[  164.530012][ T5855]  sysfs_create_dir_ns+0x259/0x280
[  164.530044][ T5855]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  164.530073][ T5855]  ? do_raw_spin_unlock+0x4d/0x240
[  164.530111][ T5855]  kobject_add_internal+0x59f/0xb40
[  164.530189][ T5855]  kobject_add+0x155/0x220
[  164.530237][ T5855]  ? __pfx_kobject_add+0x10/0x10
[  164.530267][ T5855]  ? _raw_spin_unlock+0x28/0x50
[  164.530302][ T5855]  ? get_device_parent+0x366/0x3a0
[  164.530338][ T5855]  device_add+0x408/0xb50
[  164.530374][ T5855]  hci_conn_add_sysfs+0xd5/0x1e0
[  164.530407][ T5855]  le_conn_complete_evt+0xc3a/0x1220
[  164.530474][ T5855]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  164.530502][ T5855]  ? __pfx_bt_warn+0x10/0x10
[  164.530514][ T5855]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  164.530557][ T5855]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  164.530574][ T5855]  ? skb_pull_data+0xfb/0x200
[  164.530611][ T5855]  hci_le_conn_complete_evt+0x187/0x450
[  164.530661][ T5855]  hci_event_packet+0x78f/0x1200
[  164.530695][ T5855]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  164.530729][ T5855]  ? __pfx_hci_event_packet+0x10/0x10
[  164.530756][ T5855]  ? kcov_remote_start+0x4d3/0x7f0
[  164.530781][ T5855]  ? lockdep_hardirqs_on+0x90/0x150
[  164.530816][ T5855]  ? hci_send_to_monitor+0xe2/0x570
[  164.530853][ T5855]  hci_rx_work+0x46a/0xe80
[  164.530902][ T5855]  ? process_scheduled_works+0x9ef/0x17b0
[  164.530951][ T5855]  process_scheduled_works+0xae1/0x17b0
[  164.531073][ T5855]  ? __pfx_process_scheduled_works+0x10/0x10
[  164.531151][ T5855]  worker_thread+0x8a0/0xda0
[  164.531288][ T5855]  kthread+0x711/0x8a0
[  164.531326][ T5855]  ? __pfx_worker_thread+0x10/0x10
[  164.531344][ T5855]  ? __pfx_kthread+0x10/0x10
[  164.531377][ T5855]  ? _raw_spin_unlock_irq+0x23/0x50
[  164.531399][ T5855]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.531415][ T5855]  ? __pfx_kthread+0x10/0x10
[  164.531443][ T5855]  ret_from_fork+0x3fc/0x770
[  164.531474][ T5855]  ? __pfx_ret_from_fork+0x10/0x10
[  164.531516][ T5855]  ? __switch_to_asm+0x39/0x70
[  164.531531][ T5855]  ? __switch_to_asm+0x33/0x70
[  164.531546][ T5855]  ? __pfx_kthread+0x10/0x10
[  164.531573][ T5855]  ret_from_fork_asm+0x1a/0x30
[  164.531645][ T5855]  </TASK>
[  164.531706][ T5855] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  164.663228][ T5855] Bluetooth: hci2: failed to register connection device
[  164.896687][ T9149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1344'.
[  164.900411][ T9149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1344'.
[  164.913413][ T9149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1344'.
[  168.708572][ T9172] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1358'.
[  169.467059][ T9183] netlink: 'syz.2.1361': attribute type 29 has an invalid length.
[  169.472872][ T9183] netlink: 'syz.2.1361': attribute type 29 has an invalid length.
[  169.477579][ T9183] netlink: 'syz.2.1361': attribute type 29 has an invalid length.
[  169.502448][ T9186] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1365'.
[  169.702973][ T9197] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1369'.
[  169.728003][ T9199] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1370'.
[  169.832183][ T9207] netlink: 'syz.1.1375': attribute type 29 has an invalid length.
[  169.845392][ T9207] netlink: 'syz.1.1375': attribute type 29 has an invalid length.
[  169.853997][ T9207] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1375'.
[  169.942238][ T9217] netlink: 'syz.0.1379': attribute type 11 has an invalid length.
[  169.950624][ T9217] netlink: 149476 bytes leftover after parsing attributes in process `syz.0.1379'.
[  170.009929][ T9222] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  170.342937][ T9226] netlink: 'syz.0.1382': attribute type 10 has an invalid length.
[  170.367798][ T9226] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  171.723280][ T9264] netlink: 'syz.2.1398': attribute type 1 has an invalid length.
[  171.726977][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1398'.
[  172.407465][ T9295] syzkaller1: tun_chr_ioctl cmd 1074025677
[  172.410207][ T9295] syzkaller1: linktype set to 823
[  173.349136][ T9318] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1419'.
[  173.359334][ T9317] netlink: 'syz.2.1421': attribute type 21 has an invalid length.
[  173.362656][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1421'.
[  173.472718][ T9326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1427'.
[  173.811498][ T9354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1438'.
[  174.778099][ T9390] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1455'.
[  174.782977][ T9390] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1455'.
[  174.787973][ T9390] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1455'.
[  174.942748][ T9400] netlink: 'syz.2.1460': attribute type 21 has an invalid length.
[  174.954197][ T9400] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1460'.
[  175.033588][ T9406] netlink: 'syz.2.1463': attribute type 3 has an invalid length.
[  175.040664][ T9406] netlink: 'syz.2.1463': attribute type 1 has an invalid length.
[  175.044535][ T9406] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1463'.
[  175.487469][ T9419] syzkaller0: entered promiscuous mode
[  175.489849][ T9419] syzkaller0: entered allmulticast mode
[  175.831396][ T9438] netlink: 'syz.0.1476': attribute type 21 has an invalid length.
[  175.834736][ T9438] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1476'.
[  175.971465][ T9448] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  175.974619][ T9448] IPv6: NLM_F_CREATE should be set when creating new route
[  175.978062][ T9448] IPv6: NLM_F_CREATE should be set when creating new route
[  175.981192][ T9448] IPv6: NLM_F_CREATE should be set when creating new route
[  177.283307][ T9486] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1492'.
[  177.467431][ T9495] tmpfs: Bad value for 'uid'
[  177.469549][ T9495] tmpfs: Bad value for 'uid'
[  177.511576][ T9499] netlink: 124 bytes leftover after parsing attributes in process `syz.0.1498'.
[  178.109189][ T9514] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.1503'.
[  178.201472][ T9516] sit0: entered promiscuous mode
[  178.203436][ T9516] sit0: entered allmulticast mode
[  178.404350][ T9522] netlink: 'syz.0.1508': attribute type 10 has an invalid length.
[  178.414339][ T9522] batman_adv: batadv0: Adding interface: netdevsim0
[  178.418129][ T9522] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  178.948147][ T9561] netlink: 'syz.2.1526': attribute type 1 has an invalid length.
[  178.951566][ T9561] __nla_validate_parse: 2 callbacks suppressed
[  178.951579][ T9561] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1526'.
[  178.980348][ T9564] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1527'.
[  178.983662][ T9564] bond_slave_0: entered promiscuous mode
[  178.985721][ T9564] bond_slave_1: entered promiscuous mode
[  178.987772][ T9564] dummy0: entered promiscuous mode
[  179.014208][ T9567] netlink: 'syz.2.1528': attribute type 33 has an invalid length.
[  179.018096][ T9567] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1528'.
[  179.022461][ T9567] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check.
[  179.072987][ T9568] openvswitch: netlink: IP tunnel dst address not specified
[  179.228271][ T9571] syzkaller0: entered promiscuous mode
[  179.230803][ T9571] syzkaller0: entered allmulticast mode
[  179.233966][ T9574] netlink: 'syz.0.1531': attribute type 29 has an invalid length.
[  179.240947][ T9574] netlink: 'syz.0.1531': attribute type 29 has an invalid length.
[  179.245320][ T9574] netlink: 'syz.0.1531': attribute type 29 has an invalid length.
[  180.940678][ T9604] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1542'.
[  180.944266][ T9604] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1542'.
[  181.029443][ T9608] netlink: 182 bytes leftover after parsing attributes in process `syz.2.1544'.
[  181.794412][ T9626] : renamed from wg2 (while UP)
[  181.950422][ T9632] wlan1 speed is unknown, defaulting to 1000
[  182.117182][ T5855] Bluetooth: hci0: adv larger than maximum supported
[  182.117209][ T5855] Bluetooth: hci0: Unknown advertising packet type: 0x18
[  182.120268][ T5855] Bluetooth: hci0: Malformed LE Event: 0x0d
[  182.321143][ T9653] syzkaller0: entered promiscuous mode
[  182.323700][ T9653] syzkaller0: entered allmulticast mode
[  182.332212][ T9655] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1562'.
[  182.534640][ T9663] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1567'.
[  183.502691][ T9667] openvswitch: netlink: Message has 4 unknown bytes.
[  183.509544][ T9667] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  184.467379][ T9697] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1581'.
[  185.785354][ T9750] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1605'.
[  185.874704][ T9760] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1610'.
[  185.909355][ T9762] validate_nla: 1 callbacks suppressed
[  185.909370][ T9762] netlink: 'syz.0.1609': attribute type 1 has an invalid length.
[  185.915303][ T9762] netlink: 'syz.0.1609': attribute type 2 has an invalid length.
[  185.922417][ T9762] netlink: 'syz.0.1609': attribute type 7 has an invalid length.
[  185.932336][ T9762] netlink: 21 bytes leftover after parsing attributes in process `syz.0.1609'.
[  185.936452][ T9762] netlink: 101636 bytes leftover after parsing attributes in process `syz.0.1609'.
[  185.942173][ T9762] netlink: 'syz.0.1609': attribute type 1 has an invalid length.
[  185.946079][ T9762] netlink: 'syz.0.1609': attribute type 2 has an invalid length.
[  185.949433][ T9762] netlink: 'syz.0.1609': attribute type 7 has an invalid length.
[  185.953135][ T9762] netlink: 21 bytes leftover after parsing attributes in process `syz.0.1609'.
[  186.025669][ T5848] Bluetooth: hci0: command 0x0406 tx timeout
[  186.028617][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  186.170106][ T9772] netlink: 'syz.2.1613': attribute type 10 has an invalid length.
[  186.173473][ T9772] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1613'.
[  186.577387][ T9781] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1619'.
[  187.192880][ T9793] netlink: 'syz.2.1623': attribute type 2 has an invalid length.
[  187.212741][ T9793] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1623'.
[  187.217892][ T9793] nbd: must specify an index to disconnect
[  187.266728][ T9797] x_tables: ip_tables: icmp match: only valid for protocol 1
[  187.442801][ T9811] openvswitch: netlink: Message has 4 unknown bytes.
[  187.571663][ T9821] netlink: 'syz.0.1635': attribute type 21 has an invalid length.
[  187.580265][ T9822] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1636'.
[  187.693679][ T9814] netlink: 'syz.1.1629': attribute type 39 has an invalid length.
[  187.725306][ T9814] veth0_macvtap: left promiscuous mode
[  188.094158][ T9840] C: renamed from team_slave_0 (while UP)
[  188.098980][ T9840] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  188.744046][ T9807] wlan1 speed is unknown, defaulting to 1000
[  188.814573][ T9862] bridge_slave_0: entered allmulticast mode
[  189.541300][ T9894] __nla_validate_parse: 6 callbacks suppressed
[  189.541390][ T9894] netlink: 197860 bytes leftover after parsing attributes in process `syz.1.1666'.
[  189.724589][ T9902] netlink: 324 bytes leftover after parsing attributes in process `syz.1.1670'.
[  189.755094][ T9904] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1671'.
[  190.003879][ T9914] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1676'.
[  190.032383][ T9914] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1676'.
[  190.585949][ T9923] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  190.653438][ T9926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1680'.
[  190.941280][ T9931] validate_nla: 7 callbacks suppressed
[  190.941299][ T9931] netlink: 'syz.1.1682': attribute type 1 has an invalid length.
[  191.013333][ T9935] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1684'.
[  191.046124][ T9937] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  191.411669][ T9953] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  191.473913][ T9957] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1693'.
[  191.493587][ T9959] netlink: 'syz.0.1695': attribute type 17 has an invalid length.
[  191.496947][ T9959] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1695'.
[  191.787680][ T9983] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  191.879073][ T9986] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1706'.
[  192.903535][T10032] syzkaller0: tun_chr_ioctl cmd 2147767506
[  193.003981][T10042] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  193.258877][T10053] TCP: TCP_TX_DELAY enabled
[  193.294201][T10047] netlink: 'syz.2.1730': attribute type 10 has an invalid length.
[  193.525075][T10068] netlink: 'syz.0.1740': attribute type 10 has an invalid length.
[  193.624822][T10047] delete_channel: no stack
[  193.688751][T10068] team0 (unregistering): Port device C removed
[  193.696932][T10068] team0 (unregistering): Port device team_slave_1 removed
[  194.196255][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.199285][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  195.608917][T10128] netlink: 'syz.2.1766': attribute type 2 has an invalid length.
[  195.612277][T10128] __nla_validate_parse: 8 callbacks suppressed
[  195.612393][T10128] netlink: 137592 bytes leftover after parsing attributes in process `syz.2.1766'.
[  195.853384][T10149] tc_dump_action: action bad kind
[  196.111851][T10145] netlink: 'syz.1.1773': attribute type 10 has an invalid length.
[  196.544297][T10145] team0: Port device  added
[  196.663880][T10162] netlink: 'syz.1.1781': attribute type 2 has an invalid length.
[  196.666799][T10162] netlink: 'syz.1.1781': attribute type 8 has an invalid length.
[  196.669531][T10162] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1781'.
[  196.732320][T10164] : entered promiscuous mode
[  196.769553][T10168] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1784'.
[  196.870993][T10181] netlink: 'syz.0.1790': attribute type 6 has an invalid length.
[  196.873783][T10181] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1790'.
[  196.884677][T10178] netlink: 'syz.1.1789': attribute type 4 has an invalid length.
[  196.890141][T10178] netlink: 'syz.1.1789': attribute type 11 has an invalid length.
[  196.896770][T10178] netlink: 196896 bytes leftover after parsing attributes in process `syz.1.1789'.
[  196.943845][T10183] netlink: 'syz.0.1791': attribute type 10 has an invalid length.
[  196.949452][T10183] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1791'.
[  197.178079][T10198] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1797'.
[  197.182480][T10198] openvswitch: netlink: Message has 4 unknown bytes.
[  197.439938][ T5855] Bluetooth: hci2: unexpected subevent 0x04 length: 150 > 11
[  197.536133][T10210] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  197.823587][T10221] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1807'.
[  197.829429][T10221] tc_dump_action: action bad kind
[  198.033372][T10229] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.1811'.
[  198.052535][T10229] workqueue: name exceeds WQ_NAME_LEN. Truncating to: `]Iq!>s*!)\S
[  199.008757][T10260] openvswitch: netlink: Flow actions attr not present in new flow.
[  199.737747][T10268] netlink: 'syz.2.1827': attribute type 1 has an invalid length.
[  200.055270][T10286] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1833'.
[  200.359147][T10300] netlink: 'syz.1.1842': attribute type 21 has an invalid length.
[  201.052276][T10323] netlink: 'syz.2.1853': attribute type 1 has an invalid length.
[  201.188583][T10323] netlink: 'syz.2.1853': attribute type 3 has an invalid length.
[  201.198193][T10323] __nla_validate_parse: 1 callbacks suppressed
[  201.198273][T10323] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1853'.
[  204.139195][ T5855] Bluetooth: hci0: unexpected event 0x09 length: 15 > 3
[  204.176478][T10399] netlink: 'syz.1.1883': attribute type 28 has an invalid length.
[  204.245658][T10406] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1887'.
[  204.462485][T10421] raw_sendmsg: syz.0.1894 forgot to set AF_INET. Fix it!
[  206.489243][ T5855] Bluetooth: hci1: command 0x0406 tx timeout
[  206.871639][T10462] netlink: 'syz.1.1912': attribute type 3 has an invalid length.
[  206.875096][T10462] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1912'.
[  206.925244][T10469] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1914'.
[  208.778888][T10513] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1934'.
[  208.950057][T10527] netlink: 'syz.2.1939': attribute type 1 has an invalid length.
[  208.953354][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1939'.
[  209.033316][T10533] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1941'.
[  209.173084][T10533] netlink: 'syz.2.1941': attribute type 10 has an invalid length.
[  209.177365][T10533] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1941'.
[  209.234886][T10547] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1943'.
[  209.602442][T10552] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1944'.
[  209.607609][T10554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1945'.
[  209.777482][T10562] netlink: 'syz.0.1949': attribute type 21 has an invalid length.
[  209.780999][T10562] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1949'.
[  210.203540][T10578] netlink: 'syz.2.1956': attribute type 7 has an invalid length.
[  210.317291][T10586] netlink: 'syz.0.1960': attribute type 1 has an invalid length.
[  210.781170][T10603] openvswitch: netlink: Missing key (keys=2000040, expected=2000)
[  210.834728][T10609] netlink: 'syz.2.1970': attribute type 1 has an invalid length.
[  210.839698][T10609] netlink: 'syz.2.1970': attribute type 1 has an invalid length.
[  212.437385][T10658] __nla_validate_parse: 1 callbacks suppressed
[  212.437396][T10658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1993'.
[  213.331197][ T5235] Bluetooth: hci0: unexpected subevent 0x19 length: 150 > 28
[  213.333999][ T5235] Bluetooth: hci0: Unable to find connection with handle 0x0000
[  213.636050][T10681] syzkaller0: entered promiscuous mode
[  213.638499][T10681] syzkaller0: entered allmulticast mode
[  214.713911][T10649] Set syz1 is full, maxelem 65536 reached
[  214.736844][T10699] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  214.857951][T10705] wlan1 speed is unknown, defaulting to 1000
[  214.883420][T10714] netlink: 'syz.0.2016': attribute type 4 has an invalid length.
[  214.891070][T10714] netlink: 'syz.0.2016': attribute type 10 has an invalid length.
[  214.910885][T10714] bond0: (slave dummy0): Releasing backup interface
[  215.452966][T10740] netlink: 495 bytes leftover after parsing attributes in process `syz.0.2028'.
[  215.868555][T10762] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  215.904473][T10764] netlink: 'syz.0.2039': attribute type 1 has an invalid length.
[  215.907784][T10764] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2039'.
[  216.509943][T10786] sit0: entered allmulticast mode
[  219.270199][T10796] netlink: 7 bytes leftover after parsing attributes in process `syz.0.2051'.
[  219.274584][T10796] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2051'.
[  219.337753][T10798] netlink: 'syz.0.2053': attribute type 29 has an invalid length.
[  219.342988][T10798] netlink: 'syz.0.2053': attribute type 29 has an invalid length.
[  219.469956][T10802] netlink: 'syz.0.2054': attribute type 3 has an invalid length.
[  219.486865][T10802] netlink: 'syz.0.2054': attribute type 10 has an invalid length.
[  219.555981][T10802] veth1_macvtap (unregistering): left allmulticast mode
[  221.387670][T10834] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2064'.
[  221.397919][T10834] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2064'.
[  221.402374][T10834] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2064'.
[  221.801523][T10856] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.804707][T10856] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.082501][T10865] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2077'.
[  222.491468][T10883] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2085'.
[  222.881105][T10899] C: renamed from team_slave_0 (while UP)
[  223.404888][T10898] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2093'.
[  223.568875][T10899] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2093'.
[  224.665330][T10913] netlink: 'syz.1.2097': attribute type 39 has an invalid length.
[  224.799618][T10918] netlink: 'syz.2.2100': attribute type 10 has an invalid length.
[  225.482872][T10936] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2109'.
[  225.732685][T10948] option changes via remount are deprecated (pid=10947 comm=syz.1.2113)
[  225.977820][T10957] netlink: 'syz.1.2116': attribute type 10 has an invalid length.
[  225.981942][T10957] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2116'.
[  225.988785][T10957] team0: entered promiscuous mode
[  225.991180][T10957] C: entered promiscuous mode
[  225.994741][T10957] team_slave_1: entered promiscuous mode
[  226.004620][T10957] vlan0: entered promiscuous mode
[  226.017573][T10957] netdevsim netdevsim1 : entered promiscuous mode
[  226.022950][T10957] team0: entered allmulticast mode
[  226.030873][T10957] C: entered allmulticast mode
[  226.033823][T10957] team_slave_1: entered allmulticast mode
[  226.037380][T10957] netdevsim netdevsim1 : entered allmulticast mode
[  226.061829][T10957] 8021q: adding VLAN 0 to HW filter on device team0
[  226.072369][T10957] bridge0: port 3(team0) entered blocking state
[  226.076616][T10957] bridge0: port 3(team0) entered disabled state
[  226.090444][T10957] bridge0: port 3(team0) entered blocking state
[  226.093115][T10957] bridge0: port 3(team0) entered forwarding state
[  226.232318][T10968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2121'.
[  226.236980][T10968] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2121'.
[  226.241731][T10968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2121'.
[  226.248586][T10968] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2121'.
[  226.283537][T10970] netlink: 'syz.1.2122': attribute type 13 has an invalid length.
[  226.289051][T10970] netlink: 160 bytes leftover after parsing attributes in process `syz.1.2122'.
[  226.363120][T10970] erspan0: refused to change device tx_queue_len
[  226.366039][T10970] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  226.744915][T10980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2125'.
[  226.793662][T10983] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2127'.
[  227.923742][T11013] netlink: 'syz.1.2141': attribute type 29 has an invalid length.
[  228.058769][T11019] netlink: 'syz.1.2141': attribute type 29 has an invalid length.
[  228.068109][T11025] netlink: 'syz.1.2141': attribute type 29 has an invalid length.
[  228.091867][T11013] netlink: 'syz.1.2141': attribute type 29 has an invalid length.
[  229.061652][T11040] siw: device registration error -23
[  229.133308][T11052] netlink: 'syz.0.2157': attribute type 1 has an invalid length.
[  229.539017][T11072] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  230.210668][T11096] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2175'.
[  232.346733][T11196] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2219'.
[  232.612522][T11206] tap0: tun_chr_ioctl cmd 1074025675
[  232.614764][T11206] tap0: persist enabled
[  232.617597][T11206] tap0: tun_chr_ioctl cmd 1074025675
[  232.619647][T11206] tap0: persist enabled
[  232.650505][T11208] netlink: 'syz.1.2225': attribute type 22 has an invalid length.
[  232.653555][T11208] netlink: 'syz.1.2225': attribute type 1 has an invalid length.
[  232.658843][T11208] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2225'.
[  233.349545][T11232] netlink: 'syz.2.2230': attribute type 16 has an invalid length.
[  233.355565][T11232] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2230'.
[  233.364581][T11232] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.540412][T11286] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2259'.
[  234.605088][T11290] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2261'.
[  234.638626][T11294] netlink: 'syz.1.2263': attribute type 10 has an invalid length.
[  234.641991][T11294] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2263'.
[  234.790990][T11306] netlink: 'syz.1.2268': attribute type 9 has an invalid length.
[  235.017897][T11320] netlink: 'syz.0.2275': attribute type 10 has an invalid length.
[  235.022227][T11320] geneve0: entered promiscuous mode
[  235.035446][T11320] bond0: (slave geneve0): Enslaving as an active interface with an up link
[  235.350257][T11333] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.2282'.
[  235.423067][T11328] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2279'.
[  236.616522][T11361] sit0: left promiscuous mode
[  236.748781][T11368] sit0: entered promiscuous mode
[  237.521247][T11385] netlink: 'syz.1.2303': attribute type 27 has an invalid length.
[  237.523975][T11385] netlink: 'syz.1.2303': attribute type 4 has an invalid length.
[  237.528958][T11385] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2303'.
[  237.562232][T11393] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2306'.
[  238.065304][T11402] netlink: 'syz.2.2309': attribute type 10 has an invalid length.
[  238.077133][T11402] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2309'.
[  238.081142][T11402] bond0: entered promiscuous mode
[  238.090301][T11402] bridge0: port 3(bond0) entered blocking state
[  238.094644][T11402] bridge0: port 3(bond0) entered disabled state
[  238.102568][T11402] bond0: entered allmulticast mode
[  238.104761][T11402] bond_slave_0: entered allmulticast mode
[  238.110425][T11402] bond_slave_1: entered allmulticast mode
[  238.112978][T11402] batadv_slave_0: entered allmulticast mode
[  238.123187][T11402] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  238.151679][T11402] bridge0: port 3(bond0) entered blocking state
[  238.154233][T11402] bridge0: port 3(bond0) entered forwarding state
[  238.165038][T11406] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2311'.
[  238.437932][T11413] netlink: 'syz.0.2313': attribute type 11 has an invalid length.
[  239.212865][T11423] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  239.910934][T11419] netlink: 'syz.0.2316': attribute type 29 has an invalid length.
[  240.105676][T11446] netlink: 'syz.1.2329': attribute type 12 has an invalid length.
[  240.108385][T11446] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2329'.
[  240.153120][T11448] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2331'.
[  240.902136][T11456] delete_channel: no stack
[  241.030205][T11471] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2341'.
[  241.099474][T11476] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2343'.
[  241.159956][ T5235] Bluetooth: hci0: unexpected event 0x09 length: 15 > 3
[  241.323878][T11491] netlink: 'syz.2.2351': attribute type 4 has an invalid length.
[  241.514567][ T5235] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[  241.557283][T11507] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2358'.
[  241.845174][T11524] netlink: 22 bytes leftover after parsing attributes in process `syz.0.2364'.
[  242.402159][T11544] netlink: 'syz.2.2372': attribute type 10 has an invalid length.
[  242.424345][T11544] bridge0: port 3(bond0) entered disabled state
[  242.571628][T11559] netlink: 'syz.2.2377': attribute type 16 has an invalid length.
[  242.574496][T11559] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2377'.
[  242.590925][T11560] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2376'.
[  242.597759][T11557] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2376'.
[  242.602154][T11560] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2376'.
[  242.773901][T11571] netlink: 'syz.1.2382': attribute type 4 has an invalid length.
[  242.778620][T11571] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2382'.
[  242.783460][T11571] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  243.519362][T11599] netlink: 'syz.2.2396': attribute type 10 has an invalid length.
[  245.432701][T11656] netlink: 'syz.1.2422': attribute type 1 has an invalid length.
[  245.498321][T11660] netlink: 124 bytes leftover after parsing attributes in process `syz.1.2423'.
[  245.535179][T11662] netlink: 'syz.0.2424': attribute type 13 has an invalid length.
[  245.571480][T11662] netlink: 'syz.0.2424': attribute type 17 has an invalid length.
[  245.674887][T11670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2427'.
[  245.782874][T11662] sit0: left promiscuous mode
[  245.785375][T11662] sit0: left allmulticast mode
[  245.938956][T11662] dummy0: left promiscuous mode
[  245.960412][T11662] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  246.263394][T11685] netlink: 'syz.0.2433': attribute type 29 has an invalid length.
[  246.271046][T11685] netlink: 'syz.0.2433': attribute type 29 has an invalid length.
[  246.282160][T11685] netlink: 'syz.0.2433': attribute type 29 has an invalid length.
[  246.340873][T11685] netlink: 'syz.0.2433': attribute type 29 has an invalid length.
[  246.656595][T11702] syzkaller0: entered promiscuous mode
[  246.658420][T11702] syzkaller0: entered allmulticast mode
[  247.480098][ T5235] Bluetooth: hci2: unexpected event 0x34 length: 15 > 6
[  247.858507][T11711] netlink: 'syz.0.2444': attribute type 4 has an invalid length.
[  248.336980][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2447'.
[  248.524855][T11730] wlan1 speed is unknown, defaulting to 1000
[  248.590754][T11734] netlink: 'syz.0.2454': attribute type 21 has an invalid length.
[  248.854174][T11757] smc: removing ib device syz!
[  249.788999][T11775] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2472'.
[  250.225147][T11804] netlink: 'syz.2.2485': attribute type 10 has an invalid length.
[  251.768218][T11804] team0: Port device geneve1 added
[  251.835265][T11809] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  251.878836][T11809] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  253.914026][T11880] ==================================================================
[  253.917462][T11880] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  253.920185][T11880] Read of size 4 at addr ffff8881076e2944 by task syz.0.2515/11880
[  253.923989][T11880] 
[  253.924826][T11880] CPU: 0 UID: 0 PID: 11880 Comm: syz.0.2515 Not tainted syzkaller #0 PREEMPT(full) 
[  253.924837][T11880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.924843][T11880] Call Trace:
[  253.924849][T11880]  <TASK>
[  253.924853][T11880]  dump_stack_lvl+0x189/0x250
[  253.924869][T11880]  ? __kasan_check_byte+0x12/0x40
[  253.924881][T11880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.924890][T11880]  ? lock_release+0x4b/0x3e0
[  253.924903][T11880]  ? __virt_addr_valid+0x4a5/0x5c0
[  253.924914][T11880]  print_report+0xca/0x240
[  253.924922][T11880]  ? xfrm_alloc_spi+0x570/0xf30
[  253.924931][T11880]  kasan_report+0x118/0x150
[  253.924942][T11880]  ? xfrm_alloc_spi+0x570/0xf30
[  253.924951][T11880]  xfrm_alloc_spi+0x570/0xf30
[  253.924959][T11880]  ? xfrm_alloc_spi+0x2a0/0xf30
[  253.924968][T11880]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  253.924976][T11880]  ? xfrm_find_acq+0x87/0xa0
[  253.924984][T11880]  xfrm_alloc_userspi+0x70b/0xc90
[  253.924994][T11880]  ? apparmor_capable+0x137/0x1b0
[  253.925004][T11880]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  253.925018][T11880]  ? __nla_parse+0x40/0x60
[  253.925030][T11880]  xfrm_user_rcv_msg+0x7a3/0xab0
[  253.925039][T11880]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  253.925052][T11880]  ? __pfx___mutex_trylock_common+0x10/0x10
[  253.925060][T11880]  ? rcu_is_watching+0x15/0xb0
[  253.925068][T11880]  ? trace_contention_end+0x39/0x120
[  253.925076][T11880]  ? __mutex_lock+0x335/0x1360
[  253.925089][T11880]  netlink_rcv_skb+0x208/0x470
[  253.925099][T11880]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  253.925107][T11880]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  253.925119][T11880]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.925128][T11880]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.925138][T11880]  xfrm_netlink_rcv+0x79/0x90
[  253.925146][T11880]  netlink_unicast+0x82f/0x9e0
[  253.925156][T11880]  ? __pfx_netlink_unicast+0x10/0x10
[  253.925190][T11880]  ? netlink_sendmsg+0x642/0xb30
[  253.925200][T11880]  ? skb_put+0x11b/0x210
[  253.925208][T11880]  netlink_sendmsg+0x805/0xb30
[  253.925221][T11880]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.925232][T11880]  ? aa_sock_msg_perm+0xf1/0x1d0
[  253.925244][T11880]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  253.925253][T11880]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.925265][T11880]  __sock_sendmsg+0x21c/0x270
[  253.925275][T11880]  ____sys_sendmsg+0x505/0x830
[  253.925283][T11880]  ? __pfx_____sys_sendmsg+0x10/0x10
[  253.925291][T11880]  ? import_iovec+0x74/0xa0
[  253.925300][T11880]  ___sys_sendmsg+0x21f/0x2a0
[  253.925307][T11880]  ? __pfx____sys_sendmsg+0x10/0x10
[  253.925319][T11880]  ? __fget_files+0x2a/0x420
[  253.925326][T11880]  ? __fget_files+0x3a0/0x420
[  253.925333][T11880]  __x64_sys_sendmsg+0x19b/0x260
[  253.925340][T11880]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  253.925348][T11880]  ? rcu_is_watching+0x15/0xb0
[  253.925356][T11880]  ? do_syscall_64+0xbe/0x3b0
[  253.925368][T11880]  do_syscall_64+0xfa/0x3b0
[  253.925379][T11880]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.925392][T11880]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.925404][T11880]  ? exc_page_fault+0x9f/0xf0
[  253.925415][T11880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.925426][T11880] RIP: 0033:0x7f06feb8ebe9
[  253.925439][T11880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.925447][T11880] RSP: 002b:00007f06ff9e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  253.925456][T11880] RAX: ffffffffffffffda RBX: 00007f06fedb5fa0 RCX: 00007f06feb8ebe9
[  253.925461][T11880] RDX: 0000000000048000 RSI: 00002000000001c0 RDI: 0000000000000003
[  253.925466][T11880] RBP: 00007f06fec11e19 R08: 0000000000000000 R09: 0000000000000000
[  253.925470][T11880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.925474][T11880] R13: 00007f06fedb6038 R14: 00007f06fedb5fa0 R15: 00007ffc6be8cf68
[  253.925482][T11880]  </TASK>
[  253.925485][T11880] 
[  254.076892][T11880] Allocated by task 10865:
[  254.078819][T11880]  kasan_save_track+0x3e/0x80
[  254.080819][T11880]  __kasan_slab_alloc+0x6c/0x80
[  254.082894][T11880]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  254.085224][T11880]  xfrm_state_alloc+0x24/0x2f0
[  254.087305][T11880]  __find_acq_core+0x8a7/0x1c00
[  254.089523][T11880]  xfrm_find_acq+0x78/0xa0
[  254.091882][T11880]  xfrm_alloc_userspi+0x6b3/0xc90
[  254.094481][T11880]  xfrm_user_rcv_msg+0x7a3/0xab0
[  254.097621][T11880]  netlink_rcv_skb+0x208/0x470
[  254.100716][T11880]  xfrm_netlink_rcv+0x79/0x90
[  254.104763][T11880]  netlink_unicast+0x82f/0x9e0
[  254.107612][T11880]  netlink_sendmsg+0x805/0xb30
[  254.110295][T11880]  __sock_sendmsg+0x21c/0x270
[  254.113986][T11880]  ____sys_sendmsg+0x505/0x830
[  254.115980][T11880]  ___sys_sendmsg+0x21f/0x2a0
[  254.118444][T11880]  __x64_sys_sendmsg+0x19b/0x260
[  254.120545][T11880]  do_syscall_64+0xfa/0x3b0
[  254.123022][T11880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.125753][T11880] 
[  254.126788][T11880] Freed by task 791:
[  254.128961][T11880]  kasan_save_track+0x3e/0x80
[  254.131316][T11880]  kasan_save_free_info+0x46/0x50
[  254.133639][T11880]  __kasan_slab_free+0x5b/0x80
[  254.135821][T11880]  kmem_cache_free+0x18f/0x400
[  254.138189][T11880]  xfrm_state_gc_task+0x52d/0x6b0
[  254.140345][T11880]  process_scheduled_works+0xae1/0x17b0
[  254.142815][T11880]  worker_thread+0x8a0/0xda0
[  254.144864][T11880]  kthread+0x711/0x8a0
[  254.146787][T11880]  ret_from_fork+0x3fc/0x770
[  254.148770][T11880]  ret_from_fork_asm+0x1a/0x30
[  254.150686][T11880] 
[  254.151653][T11880] The buggy address belongs to the object at ffff8881076e2880
[  254.151653][T11880]  which belongs to the cache xfrm_state of size 928
[  254.157147][T11880] The buggy address is located 196 bytes inside of
[  254.157147][T11880]  freed 928-byte region [ffff8881076e2880, ffff8881076e2c20)
[  254.162933][T11880] 
[  254.163995][T11880] The buggy address belongs to the physical page:
[  254.166695][T11880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881076e2400 pfn:0x1076e0
[  254.170715][T11880] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  254.174037][T11880] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  254.177232][T11880] page_type: f5(slab)
[  254.178828][T11880] raw: 057ff00000000040 ffff888104f97780 dead000000000122 0000000000000000
[  254.182418][T11880] raw: ffff8881076e2400 00000000800e0008 00000000f5000000 0000000000000000
[  254.186001][T11880] head: 057ff00000000040 ffff888104f97780 dead000000000122 0000000000000000
[  254.189635][T11880] head: ffff8881076e2400 00000000800e0008 00000000f5000000 0000000000000000
[  254.193332][T11880] head: 057ff00000000002 ffffea00041db801 00000000ffffffff 00000000ffffffff
[  254.196739][T11880] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  254.200475][T11880] page dumped because: kasan: bad access detected
[  254.203076][T11880] page_owner tracks the page as allocated
[  254.205480][T11880] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7279, tgid 7278 (syz.0.538), ts 111447361369, free_ts 111311671911
[  254.213419][T11880]  post_alloc_hook+0x240/0x2a0
[  254.215564][T11880]  get_page_from_freelist+0x21e4/0x22c0
[  254.217982][T11880]  __alloc_frozen_pages_noprof+0x181/0x370
[  254.220550][T11880]  alloc_pages_mpol+0x232/0x4a0
[  254.222710][T11880]  allocate_slab+0x8a/0x370
[  254.224659][T11880]  ___slab_alloc+0xbeb/0x1410
[  254.226573][T11880]  kmem_cache_alloc_noprof+0x283/0x3c0
[  254.228853][T11880]  xfrm_state_alloc+0x24/0x2f0
[  254.230836][T11880]  __find_acq_core+0x8a7/0x1c00
[  254.232884][T11880]  xfrm_find_acq+0x78/0xa0
[  254.234794][T11880]  pfkey_getspi+0x65d/0xee0
[  254.236718][T11880]  pfkey_sendmsg+0xbfe/0x1090
[  254.238737][T11880]  __sock_sendmsg+0x21c/0x270
[  254.240768][T11880]  ____sys_sendmsg+0x505/0x830
[  254.242805][T11880]  ___sys_sendmsg+0x21f/0x2a0
[  254.244864][T11880]  __x64_sys_sendmsg+0x19b/0x260
[  254.246897][T11880] page last free pid 5845 tgid 5845 stack trace:
[  254.249530][T11880]  __free_frozen_pages+0xbc4/0xd30
[  254.251749][T11880]  __put_partials+0x156/0x1a0
[  254.253819][T11880]  put_cpu_partial+0x17c/0x250
[  254.255872][T11880]  __slab_free+0x2d5/0x3c0
[  254.257785][T11880]  qlist_free_all+0x97/0x140
[  254.259791][T11880]  kasan_quarantine_reduce+0x148/0x160
[  254.262215][T11880]  __kasan_slab_alloc+0x22/0x80
[  254.264054][T11880]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  254.265900][T11880]  vm_area_dup+0x2b/0x680
[  254.267376][T11880]  dup_mmap+0x90c/0x1ac0
[  254.268847][T11880]  copy_mm+0x13c/0x4b0
[  254.270334][T11880]  copy_process+0x1706/0x3c00
[  254.272283][T11880]  kernel_clone+0x21e/0x840
[  254.274150][T11880]  __x64_sys_clone+0x18b/0x1e0
[  254.276256][T11880]  do_syscall_64+0xfa/0x3b0
[  254.278235][T11880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.280825][T11880] 
[  254.281859][T11880] Memory state around the buggy address:
[  254.284217][T11880]  ffff8881076e2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  254.287589][T11880]  ffff8881076e2880: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.291013][T11880] >ffff8881076e2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.294405][T11880]                                            ^
[  254.297089][T11880]  ffff8881076e2980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.300190][T11880]  ffff8881076e2a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  254.303497][T11880] ==================================================================
[  254.307107][T11880] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  254.310254][T11880] CPU: 0 UID: 0 PID: 11880 Comm: syz.0.2515 Not tainted syzkaller #0 PREEMPT(full) 
[  254.314233][T11880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  254.318451][T11880] Call Trace:
[  254.319944][T11880]  <TASK>
[  254.321278][T11880]  dump_stack_lvl+0x99/0x250
[  254.323313][T11880]  ? __asan_memcpy+0x40/0x70
[  254.325316][T11880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.327589][T11880]  ? __pfx__printk+0x10/0x10
[  254.329654][T11880]  vpanic+0x281/0x750
[  254.331450][T11880]  ? __pfx_vpanic+0x10/0x10
[  254.333408][T11880]  ? irqentry_exit+0x74/0x90
[  254.335338][T11880]  panic+0xb9/0xc0
[  254.336955][T11880]  ? __pfx_panic+0x10/0x10
[  254.338894][T11880]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  254.341470][T11880]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  254.343981][T11880]  ? xfrm_alloc_spi+0x570/0xf30
[  254.346006][T11880]  check_panic_on_warn+0x89/0xb0
[  254.348146][T11880]  ? xfrm_alloc_spi+0x570/0xf30
[  254.350353][T11880]  end_report+0x78/0x160
[  254.352247][T11880]  kasan_report+0x129/0x150
[  254.354225][T11880]  ? xfrm_alloc_spi+0x570/0xf30
[  254.356350][T11880]  xfrm_alloc_spi+0x570/0xf30
[  254.358414][T11880]  ? xfrm_alloc_spi+0x2a0/0xf30
[  254.360537][T11880]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  254.362781][T11880]  ? xfrm_find_acq+0x87/0xa0
[  254.364763][T11880]  xfrm_alloc_userspi+0x70b/0xc90
[  254.366958][T11880]  ? apparmor_capable+0x137/0x1b0
[  254.369137][T11880]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  254.371594][T11880]  ? __nla_parse+0x40/0x60
[  254.373553][T11880]  xfrm_user_rcv_msg+0x7a3/0xab0
[  254.375677][T11880]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  254.377958][T11880]  ? __pfx___mutex_trylock_common+0x10/0x10
[  254.380514][T11880]  ? rcu_is_watching+0x15/0xb0
[  254.382589][T11880]  ? trace_contention_end+0x39/0x120
[  254.384895][T11880]  ? __mutex_lock+0x335/0x1360
[  254.387022][T11880]  netlink_rcv_skb+0x208/0x470
[  254.389065][T11880]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  254.391350][T11880]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  254.393520][T11880]  ? netlink_deliver_tap+0x2e/0x1b0
[  254.395659][T11880]  ? netlink_deliver_tap+0x2e/0x1b0
[  254.397823][T11880]  xfrm_netlink_rcv+0x79/0x90
[  254.399901][T11880]  netlink_unicast+0x82f/0x9e0
[  254.402040][T11880]  ? __pfx_netlink_unicast+0x10/0x10
[  254.404248][T11880]  ? netlink_sendmsg+0x642/0xb30
[  254.406342][T11880]  ? skb_put+0x11b/0x210
[  254.408200][T11880]  netlink_sendmsg+0x805/0xb30
[  254.410257][T11880]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.412385][T11880]  ? aa_sock_msg_perm+0xf1/0x1d0
[  254.414423][T11880]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  254.416574][T11880]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.418764][T11880]  __sock_sendmsg+0x21c/0x270
[  254.420800][T11880]  ____sys_sendmsg+0x505/0x830
[  254.422876][T11880]  ? __pfx_____sys_sendmsg+0x10/0x10
[  254.425184][T11880]  ? import_iovec+0x74/0xa0
[  254.427086][T11880]  ___sys_sendmsg+0x21f/0x2a0
[  254.429186][T11880]  ? __pfx____sys_sendmsg+0x10/0x10
[  254.431382][T11880]  ? __fget_files+0x2a/0x420
[  254.433301][T11880]  ? __fget_files+0x3a0/0x420
[  254.435311][T11880]  __x64_sys_sendmsg+0x19b/0x260
[  254.437396][T11880]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  254.439640][T11880]  ? rcu_is_watching+0x15/0xb0
[  254.441724][T11880]  ? do_syscall_64+0xbe/0x3b0
[  254.443797][T11880]  do_syscall_64+0xfa/0x3b0
[  254.445821][T11880]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.448079][T11880]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.450813][T11880]  ? exc_page_fault+0x9f/0xf0
[  254.452836][T11880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.455351][T11880] RIP: 0033:0x7f06feb8ebe9
[  254.457295][T11880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.465346][T11880] RSP: 002b:00007f06ff9e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  254.468608][T11880] RAX: ffffffffffffffda RBX: 00007f06fedb5fa0 RCX: 00007f06feb8ebe9
[  254.471897][T11880] RDX: 0000000000048000 RSI: 00002000000001c0 RDI: 0000000000000003
[  254.475141][T11880] RBP: 00007f06fec11e19 R08: 0000000000000000 R09: 0000000000000000
[  254.478439][T11880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  254.481542][T11880] R13: 00007f06fedb6038 R14: 00007f06fedb5fa0 R15: 00007ffc6be8cf68
[  254.484766][T11880]  </TASK>
[  254.486936][T11880] Kernel Offset: disabled
[  254.488862][T11880] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:43:28  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000010d7 RDI=00000000000010d8 RBP=00000000000003f8 RSP=ffffc900081869f0
R8 =ffff88801f788237 R9 =1ffff11003ef1046 R10=dffffc0000000000 R11=ffffffff854efef0
R12=dffffc0000000000 R13=ffffffff99af98f7 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff6c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f06ff9e26c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000001200 CR3=000000003fba0000 CR4=000006f0
DR0=0000000000000000 DR1=0000200000000300 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f06fed87498 00007f06fed87470 XMM03=00007f06fed874a8 00007f06fed874a0
XMM04=00007f06ff8ed100 00007f06fed87460 XMM05=00007f06fed87478 00007f06fed874c0
XMM06=00007f06fed874b8 00007f06fed874b0 XMM07=00007f06fed874a8 00007f06fed874a0
XMM08=0000000000000000 00007f06fec12ee7 XMM09=0000000000000000 00007f06fec12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000003 RBX=ffffea00045c7058 RCX=0000000000000002 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff8e139ee0 RBP=ffffea00045c7040 RSP=ffffc90003377320
R8 =0000000000000000 R9 =0000000000000000 R10=dffffc0000000000 R11=fffff940008b8e09
R12=ffffffff822e5c7d R13=0000000000000000 R14=1ffffd40008b8e09 R15=0000000000000001
RIP=ffffffff819d5e59 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555572ce7500 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007feaedce56c0 CR3=00000000222dc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007feaed012e53
XMM06=0000000000000000 00007feaed012e4d XMM07=0000000000000000 00007feaed012e61
XMM08=0000000000000000 00007feaed012ee7 XMM09=0000000000000000 00007feaed012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
