last executing test programs:

1m4.771852436s ago: executing program 2 (id=1359):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0xffffffff, 0xfffffffd, 0xe}, {0x10000002, 0x0, 0x4, 0x2}]}, 0x94)
r0 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r2)
recvmsg$unix(r1, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x100}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)

1m4.594290965s ago: executing program 2 (id=1366):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0xb, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000700)="140000003600fb50e35d3c4a0ed8985b0c088c00", 0x14}], 0x1}, 0x84)

1m3.566519377s ago: executing program 2 (id=1368):
r0 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e26, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x7}, 0x80, 0x0}, 0x0)

1m3.558518763s ago: executing program 2 (id=1370):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1942}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r0, 0x29, 0x4e, 0x0, 0x0)

1m3.41990592s ago: executing program 2 (id=1373):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x7, 0x10, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES32=r0, @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x100, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xd, 0xffffffffffffffff, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
mount$bpf(0x0, &(0x7f0000000ac0)='./file0/../file0\x00', 0x0, 0x44000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x21, 0x800, 0x6, &(0x7f0000000000))

1m3.320410512s ago: executing program 2 (id=1374):
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@phonet={0x23, 0x0, 0xfd, 0x1}, 0x80, &(0x7f00000005c0)=[{0x0}, {&(0x7f00000001c0)="b3", 0x1}], 0x2}, 0x0)

48.231259653s ago: executing program 32 (id=1374):
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@phonet={0x23, 0x0, 0xfd, 0x1}, 0x80, &(0x7f00000005c0)=[{0x0}, {&(0x7f00000001c0)="b3", 0x1}], 0x2}, 0x0)

2.398339531s ago: executing program 0 (id=2246):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="1400000017000b63d25a80648c2594f905a3c92b", 0x14}], 0x1}, 0x0)

2.397801642s ago: executing program 0 (id=2248):
socket$kcm(0xa, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
r1 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="e00000001000090500000000000000006f6d888f1d1c4e5ad85ce4966dbd0000002b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004000000000000bf852c8986626691b01b5f44e4ce2d712d282829"], 0xe0}], 0x1}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x4e20, 0x0, @remote, 0x6}, 0x80, 0x0}, 0x8000)
sendmsg$kcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)='2', 0x1}], 0x1}, 0x44000)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x2, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
socket$kcm(0x2d, 0x2, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = socket$kcm(0x29, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r7 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r7, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000040)={r7, r6})
sendmsg$kcm(r5, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0)

2.339681986s ago: executing program 3 (id=2249):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000600)=ANY=[@ANYBLOB="7a0af8ff7525732cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000f700000000b2595285fa97ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5956fc4a33ca263e2b5d47b2b00000000b1a297cfddd73f30f2382f6c2d3ffdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000010000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e3841bef895c5a637b0bf2eac3cb07b74a72291a1a2b523dd81b6651b1ee29e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c92cdfbea882b0b18914781ceb10814cf4ee23ddb79fff5eb156e0a000000000000f2bd164a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8fdf3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c980000cfb215af2c1a3c22243cce23b00000a857d61b0d66c3f6da8aed31027c33204ea0fa0620111920d3f24980e9995a510bd87b06440a0a26130098b901c53a02cfbfd8bcbdec9f34542c3c9652adefde555ecd28ebc88082bab431ee3e1adb5b0ad14c79dd4411ecc96c512f3b72a9b3a0c3e07ec6b427bdc0bf3963e9f802a5feab82a989db62d8d1339f842b3f593d6c24fe015ec63c658ba7c4fae17514f802709ab4fa5caa932d4b65a5ecfc422899513ddde6ec04974f9981a8c155c26e0da70e524832ab04dec9ce66a62ceffbb15b1857c93666fe043a266a451f9a1e1f054211b9ae566b58f4f356c7a4054ce13f6fcc58912a175bd9cc3c4948"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x20000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
r1 = perf_event_open(&(0x7f00000000c0)={0x2, 0x6f, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1943}, 0x5000, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x2, 0x7, 0x84)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x4a, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xff, 0xff}, 0x0, 0x0, 0x0, 0x2, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x100, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0xfca6}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d787fd9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d863b1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c0156e4b754c5c648b4ef8af32c91859f9706048f029634cefd0d767e8b7743262cb8a468ad37dfa47a745495e3f03cfa1d4ed71af55453c0a25fa1122a9054bcc4d9960c9a54f36b6db55154ab7dd19890d9f8ff3549e0fbd5a655319566b7f9c72be0242e7ffb59020356c3ffb5b9c43858e69d7b677a9bc5b8a64721a51b75a254e07199a73726834bea05901455ad53b38116b953c970b2002d0d1f91deb73ccb7266fbb21aa8555599daed7585575ef3efbd737f2523018ba4645d862889d5c3d91b12f04166db8bffecde54ee278d0d5351f3bf1f8902ff3f4c24a8c0c8a4e6addc9baadc471813589324d3128a1b193137c15c01be9f367317b1c885301ff8e9df728efa37df27f65eb0464055091f2ed469fdab48f413e3978f73ff9dffeb85453e841f86594612ac91b50add8d14910748bfa903033662f3e735ce6d299ce52338a96035aa89f63bd59d151fb20c38125236cbc0d795ac6f8da4cafc74714ed62a23b017e15adcaade58385b78c6945fb30a2539c42b1e415879433b9fb6966c6d19ed19f9f90cbd360d936a8b9f8e03bca5a83c063651b4636a7783bbda6417c83e470a16dfb115344a527436242ace9341432b5816b5e6609d97d600e142ca3cf74cbc00e1d9ee203cdfad339ce460b294f3931c5bd8ae6da8fc14d66a01bae4a212ef3d914e58c13217c8ad91628636b56257c7ca41b404cc2d4b5d50e26ebefc74656c62b1b4e9b6c5b6cc8d79101460f719d95925630bf99e042018439c50026513d680ea573620132ded57dea9e2da4e16f17dbc171642b1e80a3f41311ee73441302285668792160db6614fdb30d25a5719d2ae03ab98ea167597c48dd8197e7faf6189d801134462027901506c5ff1ae2558d96722217f65131d2f429693ae9fae19c101319473608976d08cc1c0d98f789b0c364e8aca574321ab2857af1015f1588afd313503085db4d99961a9391db06c10477ceb44199f1648594e8f9b452fafdab49b1962d02ee77ebd31b7931174a729fa943cb18102130e7e08eaba77df066069c2c3564fc85881ba0dad12c4f06a9e6dea9fea53931ff85e38505eb7ad60a52e2a8a248b3f4d0d55eee31f75f110c70e3b12409a79a5a98b0156c6d2a5d94604b8fa202b12746a365c708c671316cc0ffff6e9b7139b337953be22672a4910e1eb28cccc023b77028e20a6d377a339372f0dc235069f41c2692b0a3a7e0f315f4aebeef435a46b2e8b8462739293f9184c01b1434e87bf3fd48be54bf437056a1d2cff0c7aa52578013f96b1d5100ca936ff029cfd6f9a093621f684196ed7e1d363a97c647c34fe5f2370e7ab9dc718a1fc317779ab8a04bc12c01b778d17eea0b546bce03475fc6373c860714df0322dde550186c553ebd61ed18c0b80655f0827a63d209117ca23b026c1ad30bac4d43a4611292c7049f855b829a3a17fd2b83c142078beed8ca07b7cb7cd624705ccc160246c81174a4d3a9f2057caffe84b1ac073375e065c1ff4e9e22e7d87b3adb40ff796132e4ed86e5fc9f9616f8e4116be96497621692fb516e9316cfd15ad01742a1de4aa35fe02861236295823edf4c48fc37faf55226044e393a3733d58e8ef0f0c7941bc30f09739f37dea2f395f2e9e9b2c31a11923a2d6c9b14f1bacce15094cbbd6445f3581c6d45b76943b4d0db8fd4d4acbdb91780f57c872827abd7a1f13290a0d17dda220493476c92ce65e33f07afcf763aec0e67450f547101f1a5ada0f760c8f12137679324e22c7a13fdf78575115acb0ae4a2818b7b3ead27eea5eccba6f7a34c61819382eebfad742a3c603c6d2f332726996b3e8fcbdfd56b436c1173b1b3bc1ab66a717e31f2f918f0bea3f4801e04c14c881c59324fd9bc38745dd0e47da6bc8e98fe74a760304d74f17cd3cfceb33503397cf592d2b6a51b641d559ba8d6dc449e19b289fd1a4b3772b3998181e787723fe3893362d8f3e346c0ab0abe933e9bdd9a82b377914018377af9d2cbc58ab4fc08cea2623174239cea585603b8acd20da923a44799b1745c3bd65640508f96a0d92a6a2fd8314573f10b4f6e6cbf61e8828bd6e69b1b0c47f5795917a5035b3424dc3cadd2aadbbafb9d18349fab41d79ba13660f2c9400ff87784b26c3e88785db8522c93d3d4f12608736a235c8b9fff98a17934fe36792cb1992ea1b72b5e151cfe82b4ebc4f510882e4b34ee9f6ada188b104ba36e8acbd7bafe39b32f957da45c2743017545fd61667d36d58952de0cdbacb3abc549e1001bf6d9b19f9a353bb84bd152e04c061c691b514d6f1b36a8895424ce210a4cd75d537443a2791dc68e9fff510358f7586d3b73ed04223e683adf6a1c79d3bc92aa595cc6167", 0xa91}], 0x3}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0xf00, 0x0, 0x0, {0x1}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWCHAIN={0xdc, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}]}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'wg2\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_HOOK={0x4c, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x10de94b7}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x583198ea}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_virt_wifi\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6b2e621e}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8000000000000000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x5}, @NFTA_COUNTER_BYTES={0xc}]}]}, @NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_USERDATA={0x4}]}], {0x14}}, 0x144}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
socket$kcm(0x2, 0x3, 0x2)
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8916, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = syz_open_procfs$namespace(0x0, 0x0)
ioctl$TUNSETIFF(r6, 0xb701, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
socketpair(0x1, 0x1, 0x0, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e020000000000000000000000000000050400000000"], 0x0, 0x37, 0x0, 0x1}, 0x28)
r8 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000000140)=ANY=[@ANYBLOB="1400000004000000040000000700000004000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="0200090081000000000000020000000000c01b23f5f491d98e0000009800000031"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r8, &(0x7f0000000240), 0x0}, 0x20)

2.149137263s ago: executing program 3 (id=2254):
socket$nl_rdma(0x10, 0x3, 0x14)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100002000a200200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

1.462328782s ago: executing program 0 (id=2264):
r0 = perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x97, 0x420, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x2, 0x0, 0x8, 0x0, 0x10000, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x400000002, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x1, 0x0, {0xa, 0x4e23, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}, 0x97}}}, 0x62, 0x0, 0x0, 0x0, 0x5c8}, 0x2000f765)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b0000"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x21, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.221098906s ago: executing program 3 (id=2266):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newsa={0x16c, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in=@empty, {0x0, 0x0, 0x8, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x7, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa"}}, @tfcpad={0x8, 0x16, 0x4}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x16c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.078289585s ago: executing program 3 (id=2267):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x6}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfff}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000023008000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000100950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb4413c0bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdee75dca3772be2c9d2d29dbaadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e82800026f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde713d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504baa0446e1437af6fa875d9d32fdada251e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4868fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e6b04c7c379e541afe1c5393e4e97c0146d7dc4915525c8bd6c044565badf8cc24727e70e619fa5a7c76a886946446162645e4ad8178185ba9aa929fb924eb2b3cc9ca3cf3a603683711a6f4aa84ffaec2c3b3ee0b13707916ec3cd5d000000000000000000005e717dbc2dfd109e05e37d975b3da80b38d9e021d75cc47a4df9804c36468f767cf23742d78f3d1f0d54ed01d0e282e8d73534e091e7582a53abec46e93d6908a1346180b59d64f70d7046faf247d17f96d9d1dff63704040ce49f2e66431a65155b71339237b591c482b5de7559f856fe20ac39adecdb5f64c003ac1f547bf1b151e84e8eb9ea69d3d752263d24c9d69b1762888ce75a91bdab16cd94d89b072d1bbeeba99cf52b45cdcfb12445b9b9d39bdb0fdfce46edc108aecd16d06f3c4a4e8bb71bdbfb6076d79321f7af34ab3e3b5b5747fda21c18546976e6df51f5cf3c372a550cca7f21d8cef069c0b5a4c3daeb11a0456c000f0fd1f039e1539ac31e037476fdfdc2da415ab02be45bc0f91369bd504e1b6e7403eee4bc957970c5b82259be461703e739f5802da2d036800fbe99198601e5639deb87f6e90a63a5c04993ea41a1ddd1d70548ee41b889705f99ea317f41dd59404d4f2941e4"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8120}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x3, 0x73)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x34, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000013006bcd9e3fe3dc6e48aa31086b876c0c0000007ea60264160af3653c001c000d0000008bc3a0e69ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

757.389743ms ago: executing program 3 (id=2268):
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000120000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r2 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r2, 0x0, 0xfdef)

657.689396ms ago: executing program 0 (id=2270):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x30}, 0x40880)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000006000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd00006ed3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808b80200000000000000334d83239d1d2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cefd07e002cab5ebfcaad34732181feb215139f15eadddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a580900000000000000b4f22cdf550ef091a78098534f0d973058594119d06d5ea9a8d085734000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a1f3db9c24db65c1e00015c1d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86e0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8e34fc7eac9e8af3904ea0f3698cd9492794b82649b50d726bff873339c4cad4ead1348474250eda2c8067ab730c1d85969b95a2a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c02000000000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860a44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cddcb24ebb6eddb9e87c9ece87a42c0000abdf0100000001000000aea1b6eca5a883702b0bf3aeebb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3e0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5bf55b98d926d3c27e7945b2999600000000f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac23c3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa17bc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984aea1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a57094616020f72f1c55ee3d325c7496a7c2f10cfea516ae436751227378f00ca0f1f6c1dcf879700dd90b96a330f92bff736c83ca53e7f02b734d1a9292896f5d7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cdeac995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb7961c07b47521973cf0bb6f5530f6216b447b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d413e7b2a9e2f87f7b44949fe14c00000000000047030c09f62d444b4981db81799776eeb444000000009705fa8b56779bc876ad4f8d8c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dee145ff221159aed2768edc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982e3ddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bf4d30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def613204c2b7c1ad48b01c208f4032e93408000000000000e96db049b92fc32ee34fe7a3419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab84213bf50000000000000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba375dfa55a49b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be573f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bc850f8035040ad9e562be58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc0555d4bfcfd057980136d6e9000003b24fa300ef90bfe4ad364256937796f941c2faad94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808f109b5e36fc7fdd41def361427b6b9c118e5c9a0a1d5ca24886e33a7f81b2188ec75a5fc9302e3695bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124ba263e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3010975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df74d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf3010100007e206a758a3f02816b4e097cfa3d46e45e7949c5b10691d49b9693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000000000000000019a4e9a9c2cbc906f97fd6eb71b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea12023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6088630d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac6398c1b28bdd33b69b4b86d7c5f30cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a9f9355aea34fe55fd0d3011cb83ac03268dc66dd108a4e9944241e1d4ba69212ee0e7526e72c19346d08d3c3c82cb987f1bd2fd9ce2c88082ea23abbf23c6bd43fc9f9f8ea7656e25d3d73cd056b1f782de1fe349fc33546558366ed99940c0fda039272d277a3576d4e0469779d711e10b6bf040f7274fd9577c1c33326d2e60ee611ae226ef00e2944fb727832dc8dad36a6072aacfc4bcefb808ab7b3b95e0f60616320b2a9e1f8fac812daac9983639b35184803b7d192ce1f226e97fa23c37ff95d067a54a8b412644cad9ecc251fbe418a81aaf00cc8d15758ff0eb885a40630396ba76b8fadc09e62ef70c8a0121e7e8322cb8bc0f50ad33a17143a29c14eca0e214d1257e4dd1b6244e31b888d8f3fa03208d3e9a4826a98f31995509015ebdc89f2f3106e54d5898d3758b9bfc9e4924e9cedf7f8fd584e7185703cc5f23741ffb480b5a87cd7efcceb409d354bdab211ebd50affffffff000000003a59a0f952153c2efd10e72ec9ee5fa2a00f9637851ddb81d059f9a363c4ada68dd25f19ee9e4841ac047c1b35ad6f9d54cf4939ce78a55a04e655d7746a3989c6f33b02f8497aacb6bfca7456111900000000000000000048d35af24acb66fdd4d1fb150138f0ee6abfc7049c94346868ed76d3a5df7335184386a5c532d425f1a098ff93efd05e5dd8b765121fbdfe5ef44f6472b939c31883f45889142e82086c2448da60d7a40774d71c2da2e7f6d4fe5d36923213cc7b7d71a1c90006e8f8d84953f284b0eb4366beff5df5595827dcd736e8cfab28cfa416e83c06213ca7fd21af56e3de1d80e77060447e20a8b317a4c06e24e99239824d08abf670a685bc46c8168bee4cfc30cc6d0dc030a592925bad3e0f805f0d4b2b600dc3f0c4c6f75bb4e49982f4198ac90ab77c5572c956d415858bad5ee117b3e5f1507bbd0d7a30388865deb11106a932"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r0, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000140)="b9ff0300600d698cff9e14f008004de7f9c7643600e0ff8700", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

409.235997ms ago: executing program 3 (id=2273):
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa0000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x80, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x0, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xaa56}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x100600, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0xc, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000006c0), 0x2, 0x0)
syz_clone(0x200000, &(0x7f0000000140), 0x0, &(0x7f0000000200), &(0x7f0000000280), 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x48000}, 0x4040000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)

408.997171ms ago: executing program 0 (id=2274):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac141410e00000010000000028000000000000000000000007"], 0x48}, 0x0)

300.635446ms ago: executing program 0 (id=2276):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0xc220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x200, 0x0, 0x0, 0x0, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000440)={@cgroup, 0x26, 0x1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
close(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="d4020000200000001800000000000000000000000000000095"], 0x0, 0x7, 0xaa, &(0x7f0000000280)=""/170}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYBLOB], 0xc)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x420c0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mount$bpf(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x2102050, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, 0xffffffffffffffff)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188040f56ecdb4cb9cca7480ef436000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x0)

250.641039ms ago: executing program 1 (id=2277):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047ce4ff07004280040008000c000180060006"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)

250.387948ms ago: executing program 1 (id=2278):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000005000000000000000100000f0400000000000000000000000100000000000009b000000000000061"], 0x0, 0x3d}, 0x28)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0)

171.338554ms ago: executing program 1 (id=2279):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002d00)={&(0x7f0000001bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}, @decl_tag={0x1, 0x0, 0x0, 0x11, 0x2, 0x8}]}, {0x0, [0x5f]}}, 0x0, 0x43, 0x0, 0x1}, 0x28)

171.199664ms ago: executing program 1 (id=2280):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000003000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

67.449199ms ago: executing program 1 (id=2281):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB="e000000013000107"], 0xe0}, 0x1, 0x0, 0x0, 0x44000}, 0x800)
recvmsg(r0, &(0x7f0000001100)={0x0, 0x0, 0x0}, 0x2)

0s ago: executing program 1 (id=2282):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x6060, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61158c000000000061138c0000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18487b6feb89752cd600000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bbff4bbe0000000000000000000000000044585397feaadda3fcc64e7b0c08f7ac5c64cb190f1712a3b10fc34eb758705f1751d8c8b712eb39d2b8ad44f129c2c9aedb15"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:54510' (ED25519) to the list of known hosts.
syzkaller login: [   49.821751][ T5777] cgroup: Unknown subsys name 'net'
[   49.960339][ T5777] cgroup: Unknown subsys name 'cpuset'
[   49.964260][ T5777] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.359949][ T5777] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.204778][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.209766][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.213349][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.217528][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.221256][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.234528][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.239531][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.247758][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.258035][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.261946][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.313190][ T5236] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.317777][ T5236] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.321105][ T5236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.324958][ T5236] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.330340][ T5236] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.629430][ T5868] chnl_net:caif_netlink_parms(): no params data found
[   64.702623][ T5871] chnl_net:caif_netlink_parms(): no params data found
[   64.786519][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   64.791932][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.794539][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.797044][ T5868] bridge_slave_0: entered allmulticast mode
[   64.801197][ T5868] bridge_slave_0: entered promiscuous mode
[   64.820779][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.823320][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.826442][ T5868] bridge_slave_1: entered allmulticast mode
[   64.830067][ T5868] bridge_slave_1: entered promiscuous mode
[   64.865043][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.868342][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.870598][ T5871] bridge_slave_0: entered allmulticast mode
[   64.873199][ T5871] bridge_slave_0: entered promiscuous mode
[   64.890890][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.893870][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.896763][ T5871] bridge_slave_1: entered allmulticast mode
[   64.901711][ T5871] bridge_slave_1: entered promiscuous mode
[   64.919249][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.937150][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.988046][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.991050][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.994002][ T5875] bridge_slave_0: entered allmulticast mode
[   64.999333][ T5875] bridge_slave_0: entered promiscuous mode
[   65.005142][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.011607][ T5868] team0: Port device team_slave_0 added
[   65.015693][ T5868] team0: Port device team_slave_1 added
[   65.018082][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.020357][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.022743][ T5875] bridge_slave_1: entered allmulticast mode
[   65.025444][ T5875] bridge_slave_1: entered promiscuous mode
[   65.029562][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.075417][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.091766][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.094659][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.104375][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.121129][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.125801][ T5871] team0: Port device team_slave_0 added
[   65.136133][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.139441][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.148932][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.154660][ T5871] team0: Port device team_slave_1 added
[   65.181149][ T5875] team0: Port device team_slave_0 added
[   65.205788][ T5875] team0: Port device team_slave_1 added
[   65.219183][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.222140][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.233069][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.263286][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.266098][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.276629][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.281274][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.284141][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.295778][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.301333][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.303929][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.315275][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.324565][ T5868] hsr_slave_0: entered promiscuous mode
[   65.329412][ T5868] hsr_slave_1: entered promiscuous mode
[   65.365449][ T5875] hsr_slave_0: entered promiscuous mode
[   65.370272][ T5875] hsr_slave_1: entered promiscuous mode
[   65.373150][ T5875] debugfs: 'hsr0' already exists in 'hsr'
[   65.375531][ T5875] Cannot create hsr debugfs directory
[   65.431948][ T5871] hsr_slave_0: entered promiscuous mode
[   65.434230][ T5871] hsr_slave_1: entered promiscuous mode
[   65.436869][ T5871] debugfs: 'hsr0' already exists in 'hsr'
[   65.440136][ T5871] Cannot create hsr debugfs directory
[   65.686572][ T5868] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.697777][ T5868] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.703157][ T5868] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.715353][ T5868] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.775140][ T5875] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.780861][ T5875] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.786538][ T5875] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.802877][ T5875] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.837168][ T5871] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.850261][ T5871] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.856614][ T5871] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.868156][ T5871] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.926993][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.951101][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[   65.975881][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.979024][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.998654][  T179] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.001289][  T179] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.036630][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.053978][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.073270][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   66.094109][ T5871] 8021q: adding VLAN 0 to HW filter on device team0
[   66.107930][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.110277][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.114218][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.116855][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.130138][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.133144][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.167697][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.170734][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.277950][ T5873] Bluetooth: hci1: command tx timeout
[   66.279279][ T5236] Bluetooth: hci0: command tx timeout
[   66.297026][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.364488][ T5868] veth0_vlan: entered promiscuous mode
[   66.367791][ T5236] Bluetooth: hci2: command tx timeout
[   66.380116][ T5868] veth1_vlan: entered promiscuous mode
[   66.400726][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.429690][ T5868] veth0_macvtap: entered promiscuous mode
[   66.445315][ T5868] veth1_macvtap: entered promiscuous mode
[   66.485056][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.491482][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.501239][ T5871] veth0_vlan: entered promiscuous mode
[   66.505354][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.523748][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.530794][ T5898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.535047][ T5898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.542202][ T5871] veth1_vlan: entered promiscuous mode
[   66.550045][ T5898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.599350][ T5875] veth0_vlan: entered promiscuous mode
[   66.615798][ T5875] veth1_vlan: entered promiscuous mode
[   66.641477][ T5871] veth0_macvtap: entered promiscuous mode
[   66.654548][ T5871] veth1_macvtap: entered promiscuous mode
[   66.674612][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.683172][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.702073][ T5875] veth0_macvtap: entered promiscuous mode
[   66.709525][ T5875] veth1_macvtap: entered promiscuous mode
[   66.713930][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.740416][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.748121][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.751614][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.780945][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.792470][ T5868] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.799424][ T5879] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.812173][ T5879] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.815837][ T5879] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.821101][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.839165][ T5879] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.844573][ T5879] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.883578][ T5934] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8'.
[   66.889372][ T5879] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.910135][ T5879] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.919755][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.942235][ T5934] bridge_slave_0 (unregistering): left allmulticast mode
[   66.945165][ T5934] bridge_slave_0 (unregistering): left promiscuous mode
[   66.949054][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.974820][ T5879] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.008292][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.010745][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.032757][ T5145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.036378][ T5145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.053543][ T5145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.060440][ T5145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.071221][ T5145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.073765][ T5145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.312728][ T5948] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.15'.
[   67.969491][ T5977] openvswitch: netlink: EtherType 50a is less than min 600
[   68.047424][    C1] hrtimer: interrupt took 30075 ns
[   68.266087][ T5983] Driver unsupported XDP return value 0 on prog  (id 7) dev N/A, expect packet loss!
[   68.359566][ T5236] Bluetooth: hci0: command tx timeout
[   68.437636][ T5236] Bluetooth: hci2: command tx timeout
[   68.464149][ T5236] Bluetooth: hci1: command tx timeout
[   68.698623][ T5998] netlink: 'syz.2.39': attribute type 4 has an invalid length.
[   68.702042][ T5998] netlink: 152 bytes leftover after parsing attributes in process `syz.2.39'.
[   68.714980][ T5998] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   68.945069][ T6001] netlink: 'syz.0.41': attribute type 29 has an invalid length.
[   68.965769][ T6001] netlink: 'syz.0.41': attribute type 29 has an invalid length.
[   68.975741][ T6001] netlink: 500 bytes leftover after parsing attributes in process `syz.0.41'.
[   69.432338][ T6009] Zero length message leads to an empty skb
[   69.809162][ T6024] syzkaller1: tun_chr_ioctl cmd 1074025677
[   69.812108][ T6024] syzkaller1: linktype set to 823
[   70.040561][ T6033] warning: `syz.1.55' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   70.061833][ T6037] netlink: 10 bytes leftover after parsing attributes in process `syz.2.57'.
[   70.197156][ T6043] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   70.216900][ T6045] netlink: 830 bytes leftover after parsing attributes in process `syz.0.61'.
[   70.314077][ T6050] netlink: 'syz.2.63': attribute type 10 has an invalid length.
[   70.316983][ T6050] netlink: 168 bytes leftover after parsing attributes in process `syz.2.63'.
[   70.438901][ T5236] Bluetooth: hci0: command tx timeout
[   70.517608][ T5236] Bluetooth: hci1: command tx timeout
[   70.519862][ T5236] Bluetooth: hci2: command tx timeout
[   70.821201][ T6087] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[   71.251107][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.256365][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.375771][ T6119] openvswitch: netlink: Flow key attr not present in new flow.
[   71.577372][ T6127] netlink: 12 bytes leftover after parsing attributes in process `syz.2.100'.
[   71.866249][ T6147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.105'.
[   71.870726][ T6147] netlink: 12 bytes leftover after parsing attributes in process `syz.1.105'.
[   72.379779][ T6157] netlink: 188 bytes leftover after parsing attributes in process `syz.0.114'.
[   72.523056][ T5236] Bluetooth: hci0: command tx timeout
[   72.598213][ T5873] Bluetooth: hci2: command tx timeout
[   72.600559][ T5236] Bluetooth: hci1: command tx timeout
[   73.249867][ T6179] netlink: 156 bytes leftover after parsing attributes in process `syz.0.123'.
[   73.354591][ T6166] netlink: 60 bytes leftover after parsing attributes in process `syz.1.117'.
[   73.407955][ T6185] netlink: 'syz.1.124': attribute type 13 has an invalid length.
[   73.422819][ T6185] gretap0: refused to change device tx_queue_len
[   73.426457][ T6185] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   73.557756][ T6194] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode
[   73.563388][ T6194] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[   73.626790][ T6195] IPv6: Can't replace route, no match found
[   73.631205][ T6199] netlink: 'syz.0.130': attribute type 41 has an invalid length.
[   75.462228][ T6229] netlink: 'syz.2.143': attribute type 10 has an invalid length.
[   75.594897][ T6238] openvswitch: netlink: IPv6 tunnel dst address is zero
[   75.686899][ T5236] Bluetooth: hci0: unexpected event 0x03 length: 151 > 11
[   75.812265][ T6255] netlink: 14 bytes leftover after parsing attributes in process `syz.2.155'.
[   75.820188][ T6255] hsr0: entered promiscuous mode
[   75.822237][ T6255] hsr0: entered allmulticast mode
[   75.825182][ T6255] hsr_slave_0: entered allmulticast mode
[   75.829871][ T6255] hsr_slave_1: entered allmulticast mode
[   75.902658][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.154'.
[   75.941089][ T6265] netlink: 'syz.1.158': attribute type 3 has an invalid length.
[   75.944233][ T6265] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.158'.
[   75.955069][ T6267] =======================================================
[   75.955069][ T6267] WARNING: The mand mount option has been deprecated and
[   75.955069][ T6267]          and is ignored by this kernel. Remove the mand
[   75.955069][ T6267]          option from the mount to silence this warning.
[   75.955069][ T6267] =======================================================
[   76.198488][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.330396][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.401801][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.441666][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.467044][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   76.470461][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   76.474113][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   76.480353][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   76.484349][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   76.592430][   T13] bridge_slave_1: left allmulticast mode
[   76.595228][   T13] bridge_slave_1: left promiscuous mode
[   76.598816][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.606644][   T13] bridge_slave_0: left allmulticast mode
[   76.609131][   T13] bridge_slave_0: left promiscuous mode
[   76.611508][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.812862][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.822058][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   76.826870][   T13] bond0 (unregistering): Released all slaves
[   77.085344][ T6279] chnl_net:caif_netlink_parms(): no params data found
[   77.284811][ T6301] bridge0: port 3(ip6gretap0) entered blocking state
[   77.289906][ T6301] bridge0: port 3(ip6gretap0) entered disabled state
[   77.293587][ T6301] ip6gretap0: entered allmulticast mode
[   77.298463][ T6301] ip6gretap0: entered promiscuous mode
[   77.301824][ T6301] bridge0: port 3(ip6gretap0) entered blocking state
[   77.305059][ T6301] bridge0: port 3(ip6gretap0) entered forwarding state
[   77.389124][   T13] hsr_slave_0: left promiscuous mode
[   77.392454][   T13] hsr_slave_1: left promiscuous mode
[   77.395417][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.400611][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.412034][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.415281][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.441913][   T13] veth1_macvtap: left promiscuous mode
[   77.444757][   T13] veth0_macvtap: left promiscuous mode
[   77.447357][   T13] veth1_vlan: left promiscuous mode
[   77.451651][   T13] veth0_vlan: left promiscuous mode
[   77.662047][ T6311] netlink: 596 bytes leftover after parsing attributes in process `syz.0.173'.
[   77.774402][   T13] team0 (unregistering): Port device team_slave_1 removed
[   77.796068][   T13] team0 (unregistering): Port device team_slave_0 removed
[   78.060563][ T6279] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.063779][ T6279] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.067322][ T6279] bridge_slave_0: entered allmulticast mode
[   78.071981][ T6279] bridge_slave_0: entered promiscuous mode
[   78.078482][ T6309] netlink: 'syz.0.173': attribute type 29 has an invalid length.
[   78.083076][ T6310] netlink: 'syz.0.173': attribute type 29 has an invalid length.
[   78.087894][ T6279] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.090578][ T6279] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.093726][ T6279] bridge_slave_1: entered allmulticast mode
[   78.096440][ T6279] bridge_slave_1: entered promiscuous mode
[   78.176819][ T6279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.191639][ T6279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.304953][ T6279] team0: Port device team_slave_0 added
[   78.308564][ T6279] team0: Port device team_slave_1 added
[   78.384264][ T6326] nftables ruleset with unbound chain
[   78.517676][ T5873] Bluetooth: hci2: command tx timeout
[   78.609841][ T6279] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.630075][ T6279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.641753][ T6279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.654228][ T6279] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.657330][ T6279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.701622][ T6279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.783403][ T6279] hsr_slave_0: entered promiscuous mode
[   78.786107][ T6279] hsr_slave_1: entered promiscuous mode
[   78.800167][ T6279] debugfs: 'hsr0' already exists in 'hsr'
[   78.802591][ T6279] Cannot create hsr debugfs directory
[   79.086360][ T6345] netlink: 'syz.1.183': attribute type 3 has an invalid length.
[   79.094233][ T6345] netlink: 'syz.1.183': attribute type 2 has an invalid length.
[   79.104148][ T6345] netlink: 198112 bytes leftover after parsing attributes in process `syz.1.183'.
[   79.506725][ T6359] netlink: 'syz.0.187': attribute type 1 has an invalid length.
[   79.511122][ T6359] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.187'.
[   80.606250][ T5873] Bluetooth: hci2: command tx timeout
[   81.283320][ T6279] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   81.310045][ T6279] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   81.320327][ T6279] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   81.338074][ T6279] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.502914][ T6279] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.534459][ T6279] 8021q: adding VLAN 0 to HW filter on device team0
[   81.549568][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.552827][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.581185][ T6357] Set syz1 is full, maxelem 65536 reached
[   81.592962][  T179] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.596149][  T179] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.660612][ T6279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.801058][ T6399] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   81.893255][ T6279] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.954359][ T6279] veth0_vlan: entered promiscuous mode
[   81.968803][ T6404] netlink: 60 bytes leftover after parsing attributes in process `syz.0.199'.
[   81.976406][ T6279] veth1_vlan: entered promiscuous mode
[   81.995742][ T6404] netlink: 60 bytes leftover after parsing attributes in process `syz.0.199'.
[   82.024035][ T6279] veth0_macvtap: entered promiscuous mode
[   82.045257][ T6279] veth1_macvtap: entered promiscuous mode
[   82.072313][ T6279] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.085531][ T6279] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.108607][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.112578][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.116487][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.127010][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.220003][ T6417] netlink: 'syz.0.205': attribute type 2 has an invalid length.
[   82.220887][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.232804][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.279760][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.283151][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.336124][ T6414] ip6gretap0: left allmulticast mode
[   82.367711][ T6414] ip6gretap0: left promiscuous mode
[   82.371479][ T6414] bridge0: port 3(ip6gretap0) entered disabled state
[   82.482088][ T6414] bridge_slave_1: left allmulticast mode
[   82.501190][ T6414] bridge_slave_1: left promiscuous mode
[   82.511672][ T6414] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.604074][ T6414] bridge_slave_0: left allmulticast mode
[   82.606589][ T6414] bridge_slave_0: left promiscuous mode
[   82.619655][ T6414] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.690782][ T5873] Bluetooth: hci2: command tx timeout
[   82.693517][ T6425] netlink: 20 bytes leftover after parsing attributes in process `syz.0.207'.
[   83.356886][ T6430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.209'.
[   83.500587][ T6439] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   83.503024][ T6439] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   84.757934][ T5873] Bluetooth: hci2: command tx timeout
[   86.609791][   T24] cfg80211: failed to load regulatory.db
[   86.846529][ T6466] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.223'.
[   87.124038][ T6482] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.232'.
[   87.310001][ T6490] : renamed from wg2 (while UP)
[   87.472116][ T6497] syz.2.239 uses obsolete (PF_INET,SOCK_PACKET)
[   87.475488][ T6500] netlink: 56 bytes leftover after parsing attributes in process `syz.0.241'.
[   87.637263][ T6506] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[   87.695025][ T6509] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[   87.816125][ T6509] team0: Device hsr_slave_0 failed to register rx_handler
[   88.003553][ T6524] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.750369][ T6595] netlink: 152 bytes leftover after parsing attributes in process `syz.0.280'.
[   90.767855][ T6595] netlink: 6 bytes leftover after parsing attributes in process `syz.0.280'.
[   91.333185][ T6624] netlink: 'syz.0.292': attribute type 2 has an invalid length.
[   91.336462][ T6624] netlink: 8196 bytes leftover after parsing attributes in process `syz.0.292'.
[   91.652211][ T6638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.299'.
[   91.670097][ T6638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.299'.
[   93.114606][ T6649] sit0: entered allmulticast mode
[   93.124269][ T6649] sit0: entered promiscuous mode
[   93.193804][ T6654] netlink: 340 bytes leftover after parsing attributes in process `syz.1.306'.
[   93.198043][ T6654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.306'.
[   93.824922][ T6668] syzkaller0: entered promiscuous mode
[   93.826818][ T6668] syzkaller0: entered allmulticast mode
[   93.828204][ T6660] syz.1.308: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   93.839612][ T6660] CPU: 1 UID: 0 PID: 6660 Comm: syz.1.308 Not tainted syzkaller #0 PREEMPT(full) 
[   93.839624][ T6660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.839629][ T6660] Call Trace:
[   93.839633][ T6660]  <TASK>
[   93.839637][ T6660]  dump_stack_lvl+0x189/0x250
[   93.839654][ T6660]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.839664][ T6660]  ? __pfx__printk+0x10/0x10
[   93.839676][ T6660]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   93.839686][ T6660]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   93.839696][ T6660]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   93.839705][ T6660]  warn_alloc+0x214/0x310
[   93.839713][ T6660]  ? stack_depot_save_flags+0x41b/0x860
[   93.839727][ T6660]  ? __pfx_warn_alloc+0x10/0x10
[   93.839734][ T6660]  ? kasan_save_track+0x4f/0x80
[   93.839744][ T6660]  ? xskq_create+0x56/0x170
[   93.839752][ T6660]  ? xsk_init_queue+0xb0/0x110
[   93.839758][ T6660]  ? xsk_setsockopt+0x57b/0x8d0
[   93.839770][ T6660]  ? do_sock_setsockopt+0x17c/0x1b0
[   93.839779][ T6660]  ? __x64_sys_setsockopt+0x13f/0x1b0
[   93.839787][ T6660]  ? do_syscall_64+0xfa/0x3b0
[   93.839795][ T6660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.839805][ T6660]  __vmalloc_node_range_noprof+0x125/0x12f0
[   93.839828][ T6660]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   93.839841][ T6660]  ? __kasan_kmalloc+0x93/0xb0
[   93.839853][ T6660]  vmalloc_user_noprof+0xad/0xf0
[   93.839864][ T6660]  ? xskq_create+0xbf/0x170
[   93.839871][ T6660]  xskq_create+0xbf/0x170
[   93.839879][ T6660]  xsk_init_queue+0xb0/0x110
[   93.839888][ T6660]  xsk_setsockopt+0x57b/0x8d0
[   93.839900][ T6660]  ? __pfx_xsk_setsockopt+0x10/0x10
[   93.839911][ T6660]  ? __pfx_aa_sk_perm+0x10/0x10
[   93.839920][ T6660]  ? __fget_files+0x2a/0x420
[   93.839926][ T6660]  ? aa_sock_opt_perm+0xff/0x1b0
[   93.839935][ T6660]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   93.839944][ T6660]  ? __pfx_xsk_setsockopt+0x10/0x10
[   93.839955][ T6660]  do_sock_setsockopt+0x17c/0x1b0
[   93.839966][ T6660]  __x64_sys_setsockopt+0x13f/0x1b0
[   93.840001][ T6660]  do_syscall_64+0xfa/0x3b0
[   93.840009][ T6660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.840016][ T6660]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   93.840025][ T6660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.840033][ T6660] RIP: 0033:0x7fbbbbb8eba9
[   93.840041][ T6660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.840047][ T6660] RSP: 002b:00007fbbbc93e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   93.840056][ T6660] RAX: ffffffffffffffda RBX: 00007fbbbbdd5fa0 RCX: 00007fbbbbb8eba9
[   93.840062][ T6660] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[   93.840066][ T6660] RBP: 00007fbbbbc11e19 R08: 0000000000000004 R09: 0000000000000000
[   93.840070][ T6660] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[   93.840074][ T6660] R13: 00007fbbbbdd6038 R14: 00007fbbbbdd5fa0 R15: 00007ffee35ddfd8
[   93.840086][ T6660]  </TASK>
[   93.840127][ T6660] Mem-Info:
[   93.971765][ T6660] active_anon:11109 inactive_anon:0 isolated_anon:0
[   93.971765][ T6660]  active_file:13281 inactive_file:38258 isolated_file:0
[   93.971765][ T6660]  unevictable:1768 dirty:294 writeback:0
[   93.971765][ T6660]  slab_reclaimable:9649 slab_unreclaimable:53835
[   93.971765][ T6660]  mapped:23418 shmem:8090 pagetables:961
[   93.971765][ T6660]  sec_pagetables:0 bounce:0
[   93.971765][ T6660]  kernel_misc_reclaimable:0
[   93.971765][ T6660]  free:279896 free_pcp:22371 free_cma:0
[   93.990733][ T6660] Node 0 active_anon:35408kB inactive_anon:0kB active_file:25860kB inactive_file:144924kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:32424kB dirty:892kB writeback:0kB shmem:27396kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6864kB pagetables:1804kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   94.066361][ T6660] Node 1 active_anon:10048kB inactive_anon:0kB active_file:27264kB inactive_file:8108kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:69952kB dirty:284kB writeback:0kB shmem:5984kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4568kB pagetables:2040kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   94.087023][ T6660] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   94.101920][ T6660] lowmem_reserve[]: 0 811 811 811 811
[   94.107729][ T6660] Node 0 DMA32 free:251656kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46968kB inactive_anon:0kB active_file:28376kB inactive_file:144924kB unevictable:3536kB writepending:892kB present:1556484kB managed:830876kB mlocked:0kB bounce:0kB free_pcp:24012kB local_pcp:19368kB free_cma:0kB
[   94.123522][ T6660] lowmem_reserve[]: 0 0 0 0 0
[   94.142725][ T6660] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:116kB free_cma:0kB
[   94.157130][ T6660] lowmem_reserve[]: 0 0 854 854 854
[   94.165493][ T6660] Node 1 Normal free:385652kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9980kB inactive_anon:0kB active_file:27264kB inactive_file:8108kB unevictable:3536kB writepending:284kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:58728kB local_pcp:36284kB free_cma:0kB
[   94.252346][ T6660] lowmem_reserve[]: 0 0 0 0 0
[   94.254545][ T6660] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   94.260219][ T6660] Node 0 DMA32: 816*4kB (UM) 529*8kB (UME) 187*16kB (UME) 9*32kB (UM) 163*64kB (UME) 85*128kB (UM) 35*256kB (UM) 17*512kB (UM) 17*1024kB (UME) 7*2048kB (UM) 40*4096kB (M) = 245336kB
[   94.278920][ T6660] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[   94.288806][ T6660] Node 1 Normal: 518*4kB (UME) 635*8kB (UME) 253*16kB (UM) 295*32kB (UM) 99*64kB (UM) 67*128kB (UM) 5*256kB (UME) 1*512kB (M) 2*1024kB (ME) 3*2048kB (UE) 85*4096kB (M) = 393696kB
[   94.296190][ T6660] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   94.300316][ T6660] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   94.304256][ T6660] 66208 total pagecache pages
[   94.306274][ T6660] 0 pages in swap cache
[   94.315521][ T6660] Free swap  = 124996kB
[   94.319678][ T6660] Total swap = 124996kB
[   94.321213][ T6660] 786301 pages RAM
[   94.322723][ T6660] 0 pages HighMem/MovableOnly
[   94.329494][ T6660] 241350 pages reserved
[   94.331041][ T6660] 0 pages cma reserved
[   94.491754][ T6686] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   94.665850][ T5873] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[   94.669071][ T5873] Bluetooth: hci1: connection err: -111
[   94.790770][ T6698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.324'.
[   95.266368][ T6684] bridge0: port 1(ip6gretap0) entered blocking state
[   95.269787][ T6684] bridge0: port 1(ip6gretap0) entered disabled state
[   95.272581][ T6684] ip6gretap0: entered allmulticast mode
[   95.275841][ T6684] ip6gretap0: entered promiscuous mode
[   95.279493][ T6684] bridge0: port 1(ip6gretap0) entered blocking state
[   95.282125][ T6684] bridge0: port 1(ip6gretap0) entered forwarding state
[   95.606505][ T6727] netlink: 'syz.2.337': attribute type 7 has an invalid length.
[   95.610569][ T6727] netlink: 140 bytes leftover after parsing attributes in process `syz.2.337'.
[   95.833138][ T6741] openvswitch: netlink: VXLAN extension message has 3 unknown bytes.
[   96.005791][ T6747] netlink: 'syz.0.346': attribute type 21 has an invalid length.
[   96.008826][ T6747] netlink: 'syz.0.346': attribute type 4 has an invalid length.
[   96.599693][ T6774] netlink: 'syz.0.357': attribute type 39 has an invalid length.
[   96.725544][ T6779] IPv6: Can't replace route, no match found
[   96.755801][ T6781] netlink: 12 bytes leftover after parsing attributes in process `syz.0.360'.
[   97.156290][ T6798] netlink: 176 bytes leftover after parsing attributes in process `syz.1.367'.
[   97.260402][ T5873] Bluetooth: hci0: ISO packet for unknown connection handle 0
[   97.268837][ T5873] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   97.285398][ T6811] netlink: 'syz.1.372': attribute type 2 has an invalid length.
[   97.292222][ T6811] netlink: 'syz.1.372': attribute type 8 has an invalid length.
[   97.297861][ T6811] netlink: 132 bytes leftover after parsing attributes in process `syz.1.372'.
[   97.323748][ T6813] netlink: del zone limit has 4 unknown bytes
[   97.429254][ T6819] netlink: 'syz.1.376': attribute type 3 has an invalid length.
[   97.443429][ T6819] netlink: 'syz.1.376': attribute type 1 has an invalid length.
[   97.452192][ T6819] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.376'.
[   97.964960][ T6852] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   97.969618][ T6852] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   98.739093][ T6875] netlink: 'syz.2.401': attribute type 1 has an invalid length.
[   98.860196][ T6852] syz.1.391 (6852) used greatest stack depth: 19128 bytes left
[   99.268302][ T6927] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x32
[   99.534401][ T6941] netlink: 177 bytes leftover after parsing attributes in process `syz.2.433'.
[   99.540767][ T6943] netlink: 'syz.0.434': attribute type 2 has an invalid length.
[   99.909774][ T6964] netlink: 197860 bytes leftover after parsing attributes in process `syz.2.443'.
[   99.911847][ T6967] netlink: 16 bytes leftover after parsing attributes in process `syz.1.444'.
[  100.894154][ T7017] netlink: 132 bytes leftover after parsing attributes in process `syz.0.461'.
[  100.933672][ T7019] netlink: 8 bytes leftover after parsing attributes in process `syz.2.462'.
[  100.937802][ T7019] netlink: 8 bytes leftover after parsing attributes in process `syz.2.462'.
[  101.301152][ T7037] delete_channel: no stack
[  101.405214][ T7037] delete_channel: no stack
[  101.573752][ T7051] validate_nla: 5 callbacks suppressed
[  101.573766][ T7051] netlink: 'syz.2.477': attribute type 25 has an invalid length.
[  101.846038][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.486'.
[  101.957857][ T7077] netlink: 'syz.0.488': attribute type 10 has an invalid length.
[  102.034035][ T7077] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  102.086871][ T7079] netlink: 4 bytes leftover after parsing attributes in process `syz.1.489'.
[  102.244286][ T7089] netlink: 'syz.1.493': attribute type 21 has an invalid length.
[  102.247167][ T7089] netlink: 156 bytes leftover after parsing attributes in process `syz.1.493'.
[  103.305597][ T7111] netlink: 60 bytes leftover after parsing attributes in process `syz.2.501'.
[  103.310450][ T7111] netlink: 60 bytes leftover after parsing attributes in process `syz.2.501'.
[  103.314650][ T7111] netlink: 60 bytes leftover after parsing attributes in process `syz.2.501'.
[  104.077938][ T7146] netlink: 'syz.1.517': attribute type 11 has an invalid length.
[  104.152197][ T7144] wg2: entered promiscuous mode
[  104.154434][ T7144] wg2: entered allmulticast mode
[  104.384453][ T7156] syzkaller0: entered promiscuous mode
[  104.386906][ T7156] syzkaller0: entered allmulticast mode
[  105.669502][ T7165] netlink: 28 bytes leftover after parsing attributes in process `syz.0.526'.
[  105.840156][ T7173] openvswitch: netlink: Flow key attribute not present in set flow.
[  105.993574][ T7182] netlink: 12 bytes leftover after parsing attributes in process `syz.0.534'.
[  106.009490][ T7182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.534'.
[  106.195761][ T7189] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.537'.
[  107.690437][ T7216] syzkaller0: entered promiscuous mode
[  107.692780][ T7216] syzkaller0: entered allmulticast mode
[  109.193983][ T7231] macvlan0: entered promiscuous mode
[  109.196703][ T7231] macvlan0: entered allmulticast mode
[  109.201629][ T7231] veth1_vlan: entered allmulticast mode
[  109.679211][ T7246] delete_channel: no stack
[  109.867148][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.577'.
[  109.936223][ T7282] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  110.221401][ T7300] netlink: 60 bytes leftover after parsing attributes in process `syz.0.585'.
[  110.225850][ T7300] netlink: 60 bytes leftover after parsing attributes in process `syz.0.585'.
[  110.234207][ T7299] netlink: 404 bytes leftover after parsing attributes in process `syz.1.587'.
[  110.237269][ T7297] netlink: 60 bytes leftover after parsing attributes in process `syz.0.585'.
[  110.506101][ T7316] netlink: 48 bytes leftover after parsing attributes in process `syz.1.596'.
[  110.512517][ T7316] netlink: 'syz.1.596': attribute type 1 has an invalid length.
[  110.582885][ T7312] netlink: 48 bytes leftover after parsing attributes in process `syz.2.592'.
[  110.705382][ T7325] netlink: 64 bytes leftover after parsing attributes in process `syz.1.598'.
[  110.927895][ T7328] netlink: 12 bytes leftover after parsing attributes in process `syz.2.600'.
[  110.935078][ T7331] netlink: 44 bytes leftover after parsing attributes in process `syz.1.601'.
[  110.942665][ T7331] netlink: 'syz.1.601': attribute type 5 has an invalid length.
[  112.296679][ T7379] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  112.348867][ T7379] syzkaller0: entered promiscuous mode
[  112.351473][ T7379] syzkaller0: entered allmulticast mode
[  112.739043][ T7401] netlink: 'syz.1.631': attribute type 21 has an invalid length.
[  112.742424][ T7401] netlink: 'syz.1.631': attribute type 20 has an invalid length.
[  112.800576][ T7403] netlink: 'syz.1.632': attribute type 10 has an invalid length.
[  113.334740][ T7403] veth0_vlan: left promiscuous mode
[  113.339858][ T7403] veth0_vlan: entered promiscuous mode
[  113.346521][ T7403] team0: Device veth0_vlan failed to register rx_handler
[  113.652996][ T7403] syz.1.632 (7403) used greatest stack depth: 18552 bytes left
[  114.361493][ T7472] raw_sendmsg: syz.2.660 forgot to set AF_INET. Fix it!
[  115.942577][ T5236] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  115.947309][ T5236] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  115.952740][ T5236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  115.958285][ T5236] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  115.962154][ T5236] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  116.091317][ T7514] __nla_validate_parse: 14 callbacks suppressed
[  116.091335][ T7514] netlink: 12 bytes leftover after parsing attributes in process `syz.1.675'.
[  116.156830][ T7508] chnl_net:caif_netlink_parms(): no params data found
[  116.255556][ T7508] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.259296][ T7508] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.263464][ T7508] bridge_slave_0: entered allmulticast mode
[  116.267965][ T7508] bridge_slave_0: entered promiscuous mode
[  116.272682][ T7508] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.275833][ T7508] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.279836][ T7508] bridge_slave_1: entered allmulticast mode
[  116.283651][ T7508] bridge_slave_1: entered promiscuous mode
[  116.331481][ T7508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.338398][ T7508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.409210][ T7508] team0: Port device team_slave_0 added
[  116.421476][ T7508] team0: Port device team_slave_1 added
[  116.919576][ T7508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.922612][ T7508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.935210][ T7508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.949197][ T7508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.951593][ T7508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.960677][ T7508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.006435][ T7508] hsr_slave_0: entered promiscuous mode
[  117.009361][ T7508] hsr_slave_1: entered promiscuous mode
[  117.011681][ T7508] debugfs: 'hsr0' already exists in 'hsr'
[  117.013752][ T7508] Cannot create hsr debugfs directory
[  117.150527][ T7508] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.301255][ T7508] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.349179][ T7508] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.419870][ T7508] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.523920][ T7508] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  117.530784][ T7508] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  117.535687][ T7508] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  117.549503][ T7508] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  117.605608][ T7508] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.619641][ T7508] 8021q: adding VLAN 0 to HW filter on device team0
[  117.625811][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.628751][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.638872][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.641770][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.774068][ T7508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.803196][ T7508] veth0_vlan: entered promiscuous mode
[  117.813027][ T7508] veth1_vlan: entered promiscuous mode
[  117.845134][ T7508] veth0_macvtap: entered promiscuous mode
[  117.853593][ T7508] veth1_macvtap: entered promiscuous mode
[  117.864019][ T7508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.880607][ T7508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.887096][ T5879] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.901979][ T5879] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.922784][ T5879] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.937639][ T5879] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.960734][ T5145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.965402][ T5145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.974666][ T7560] netlink: 228 bytes leftover after parsing attributes in process `syz.1.688'.
[  117.998287][ T5145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.003114][ T5145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.037622][ T5236] Bluetooth: hci2: command tx timeout
[  118.265197][ T7584] : renamed from wg2 (while UP)
[  118.345988][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'.
[  119.163206][ T7636] netlink: 24 bytes leftover after parsing attributes in process `syz.1.715'.
[  119.166605][ T7636] netlink: 24 bytes leftover after parsing attributes in process `syz.1.715'.
[  120.123212][ T5236] Bluetooth: hci2: command tx timeout
[  120.429158][ T7660] netlink: 'syz.1.726': attribute type 1 has an invalid length.
[  120.434086][ T7660] netlink: 'syz.1.726': attribute type 2 has an invalid length.
[  120.543299][ T7668] veth0_vlan: entered allmulticast mode
[  120.606309][ T7668] veth0_vlan: left promiscuous mode
[  120.633117][ T7668] veth0_vlan: entered promiscuous mode
[  122.076303][ T7722] netlink: 'syz.2.745': attribute type 4 has an invalid length.
[  122.079114][ T7722] netlink: 'syz.2.745': attribute type 16 has an invalid length.
[  122.082395][ T7722] netlink: 132 bytes leftover after parsing attributes in process `syz.2.745'.
[  122.208098][ T5236] Bluetooth: hci2: command tx timeout
[  124.340622][ T5236] Bluetooth: hci2: command tx timeout
[  125.902657][ T7759] netlink: 104 bytes leftover after parsing attributes in process `syz.0.761'.
[  126.480397][ T7777] netlink: 'syz.1.769': attribute type 10 has an invalid length.
[  126.716517][ T7782] netlink: 12 bytes leftover after parsing attributes in process `syz.2.770'.
[  126.805255][ T7786] blkio.reset_stats is deprecated
[  127.240568][ T7793] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  127.302761][ T7799] netlink: 24 bytes leftover after parsing attributes in process `syz.1.778'.
[  128.233540][ T7829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.790'.
[  132.570723][ T7867] netlink: 11562 bytes leftover after parsing attributes in process `syz.1.805'.
[  132.612679][ T7871] netlink: 'syz.2.807': attribute type 21 has an invalid length.
[  132.615661][ T7871] netlink: 152 bytes leftover after parsing attributes in process `syz.2.807'.
[  132.689202][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.691596][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  134.057803][ T7927] netlink: 'syz.0.829': attribute type 29 has an invalid length.
[  134.064606][ T7927] netlink: 'syz.0.829': attribute type 29 has an invalid length.
[  134.082363][ T7927] netlink: 'syz.0.829': attribute type 29 has an invalid length.
[  134.086879][ T7927] netlink: 'syz.0.829': attribute type 29 has an invalid length.
[  134.361424][ T7945] netlink: 'syz.2.836': attribute type 5 has an invalid length.
[  134.643597][ T7956] netlink: 'syz.2.842': attribute type 3 has an invalid length.
[  134.646486][ T7956] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.842'.
[  134.775007][   T33] audit: type=1107 audit(1757889630.298:2): pid=7963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  134.849472][ T7969] netlink: 60 bytes leftover after parsing attributes in process `syz.1.848'.
[  134.976334][ T7977] netlink: 'syz.2.851': attribute type 29 has an invalid length.
[  134.982946][ T7976] netlink: 'syz.2.851': attribute type 29 has an invalid length.
[  135.352018][ T7994] netlink: 'syz.1.858': attribute type 29 has an invalid length.
[  135.456480][ T8004] netlink: 136 bytes leftover after parsing attributes in process `syz.2.861'.
[  135.776996][ T7994] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.894430][ T7994] team0: Port device bond0 added
[  136.240986][ T8008] netlink: 17 bytes leftover after parsing attributes in process `syz.0.864'.
[  136.283308][ T8010] netlink: 164 bytes leftover after parsing attributes in process `syz.0.865'.
[  136.371116][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.866'.
[  136.417608][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.866'.
[  136.481330][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.866'.
[  136.724877][ T8037] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  136.728296][ T8037] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  138.851389][ T8108] validate_nla: 3 callbacks suppressed
[  138.851399][ T8108] netlink: 'syz.1.909': attribute type 210 has an invalid length.
[  139.960652][ T8150] tmpfs: Bad value for 'gid'
[  139.963730][ T8150] tmpfs: Bad value for 'gid'
[  140.133177][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.1.935'.
[  141.032226][ T8182] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  141.261109][ T8193] netlink: 'syz.2.949': attribute type 1 has an invalid length.
[  141.412412][ T8202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.952'.
[  141.599053][ T8223] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  142.316640][ T8250] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  142.319275][ T8250] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  143.036440][ T8283] netlink: 'syz.0.989': attribute type 4 has an invalid length.
[  143.040074][ T8283] netlink: 112 bytes leftover after parsing attributes in process `syz.0.989'.
[  143.471880][ T8303] netlink: 'syz.1.998': attribute type 1 has an invalid length.
[  143.728966][ T8330] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1008'.
[  143.734454][ T8329] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1011'.
[  143.738989][ T8323] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1008'.
[  143.743176][ T8329] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1011'.
[  143.747025][ T8330] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1008'.
[  143.884826][ T8335] netlink: 'syz.1.1013': attribute type 3 has an invalid length.
[  144.523387][ T8344] netlink: 'syz.2.1016': attribute type 33 has an invalid length.
[  144.526091][ T8344] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1016'.
[  144.585431][ T8348] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1019'.
[  144.796024][ T5236] Bluetooth: hci1: unexpected subevent 0x19 length: 150 > 28
[  144.799499][ T5236] Bluetooth: hci1: Unable to find connection with handle 0x0000
[  145.053029][ T8377] netlink: 'syz.2.1031': attribute type 21 has an invalid length.
[  145.120317][ T8383] netlink: 'syz.1.1034': attribute type 1 has an invalid length.
[  145.317761][ T8394] __nla_validate_parse: 2 callbacks suppressed
[  145.317775][ T8394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1040'.
[  145.684817][ T8403] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1043'.
[  146.305649][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1053'.
[  146.319908][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1053'.
[  146.442263][ T8437] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1058'.
[  146.563217][ T8444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1061'.
[  146.730318][ T8450] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1065'.
[  146.744379][ T8450] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1065'.
[  146.988407][ T8471] netlink: 'syz.0.1072': attribute type 29 has an invalid length.
[  146.998342][ T8469] netlink: 'syz.0.1072': attribute type 29 has an invalid length.
[  147.092438][ T8465] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  147.095405][ T8465] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  147.461378][ T8487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1080'.
[  148.443640][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1101'.
[  149.058618][ T8576] netlink: 'syz.1.1114': attribute type 11 has an invalid length.
[  149.061005][ T5236] Bluetooth: hci2: ACL packet too small
[  149.275767][ T8574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  149.535947][ T8591] netlink: 'syz.0.1117': attribute type 1 has an invalid length.
[  149.596293][ T5236] Bluetooth: hci1: unexpected cc 0x1004 length: 12 > 11
[  151.070747][ T8630] __nla_validate_parse: 4 callbacks suppressed
[  151.070763][ T8630] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1131'.
[  151.092775][ T8627] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  151.581986][ T8641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1140'.
[  151.585087][ T8641] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1140'.
[  151.870248][ T8654] netlink: del zone limit has 4 unknown bytes
[  151.979520][ T8663] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1149'.
[  151.984204][ T8663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1149'.
[  151.988305][ T8663] netlink: 31 bytes leftover after parsing attributes in process `syz.0.1149'.
[  151.992350][ T8663] netlink: 'syz.0.1149': attribute type 2 has an invalid length.
[  151.995808][ T8663] netlink: 31 bytes leftover after parsing attributes in process `syz.0.1149'.
[  152.524324][ T8692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1162'.
[  152.677802][ T8704] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1167'.
[  152.685490][ T5236] Bluetooth: hci2: unexpected event 0x31 length: 82 > 6
[  153.307178][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1182'.
[  153.545640][ T8743] netlink: 'syz.2.1186': attribute type 6 has an invalid length.
[  153.643310][ T5236] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  153.646922][ T5236] Bluetooth: hci1: Injecting HCI hardware error event
[  153.650460][ T5236] Bluetooth: hci1: hardware error 0x00
[  155.321613][ T8788] netlink: 'syz.1.1202': attribute type 2 has an invalid length.
[  155.717664][ T5236] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  156.855732][ T8799] netlink: 'syz.0.1208': attribute type 1 has an invalid length.
[  156.859992][ T8799] netlink: 'syz.0.1208': attribute type 2 has an invalid length.
[  156.932151][ T8806] syzkaller0: entered promiscuous mode
[  156.934268][ T8806] syzkaller0: entered allmulticast mode
[  156.938236][ T8806] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487
[  157.987237][ T8826] netlink: 'syz.0.1220': attribute type 2 has an invalid length.
[  157.995273][ T8826] netlink: 'syz.0.1220': attribute type 8 has an invalid length.
[  158.002293][ T8826] __nla_validate_parse: 1 callbacks suppressed
[  158.002304][ T8826] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1220'.
[  158.286870][ T8843] netlink: 'syz.1.1227': attribute type 1 has an invalid length.
[  160.026063][ T8902] netlink: 'syz.0.1253': attribute type 21 has an invalid length.
[  160.848067][ T8902] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1253'.
[  161.039716][ T8916] netlink: 'syz.2.1260': attribute type 7 has an invalid length.
[  161.084429][ T8925] sctp: [Deprecated]: syz.1.1263 (pid 8925) Use of int in max_burst socket option deprecated.
[  161.084429][ T8925] Use struct sctp_assoc_value instead
[  161.598790][ T8951] netlink: 'syz.2.1276': attribute type 2 has an invalid length.
[  161.802580][ T8966] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1281'.
[  161.811891][ T8965] syzkaller0: tun_chr_ioctl cmd 2147767520
[  162.604428][ T5879] syzkaller0: tun_net_xmit 76
[  162.606676][ T5879] syzkaller0: tun_net_xmit 48
[  163.232075][ T8983] netlink: 137592 bytes leftover after parsing attributes in process `syz.2.1290'.
[  163.235837][ T8983] nbd: must specify a size in bytes for the device
[  163.644402][ T8992] netlink: 'syz.1.1294': attribute type 6 has an invalid length.
[  163.890364][ T9007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1300'.
[  165.552236][ T5236] Bluetooth: hci0: unexpected subevent 0x12 length: 150 > 5
[  166.404570][ T9044] netlink: 'syz.2.1315': attribute type 21 has an invalid length.
[  166.496915][ T9047] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1314'.
[  166.500846][ T9047] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  166.719624][ T9053] syzkaller0: entered promiscuous mode
[  166.721889][ T9053] syzkaller0: entered allmulticast mode
[  167.266930][ T9059] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  169.927106][ T9063] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1321'.
[  169.964396][ T9065] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  170.237638][ T9077] netlink: 'syz.1.1328': attribute type 29 has an invalid length.
[  170.242385][ T9077] netlink: 'syz.1.1328': attribute type 29 has an invalid length.
[  170.246636][ T9077] netlink: 'syz.1.1328': attribute type 29 has an invalid length.
[  170.260423][ T9077] netlink: 'syz.1.1328': attribute type 29 has an invalid length.
[  170.608876][ T9090] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1333'.
[  170.735046][ T9094] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1335'.
[  170.803534][ T9098] netlink: 'syz.2.1337': attribute type 3 has an invalid length.
[  170.806862][ T9098] netlink: 'syz.2.1337': attribute type 16 has an invalid length.
[  170.812855][ T9098] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1337'.
[  171.095675][ T9109] netlink: 'syz.1.1341': attribute type 1 has an invalid length.
[  173.894718][ T9170] syzkaller0: entered promiscuous mode
[  173.898019][ T9170] syzkaller0: entered allmulticast mode
[  175.340394][ T9196] netlink: 'syz.1.1377': attribute type 1 has an invalid length.
[  175.825232][ T9201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1379'.
[  175.830017][ T9201] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1379'.
[  178.083002][ T9257] delete_channel: no stack
[  178.180508][ T9264] netlink: 'syz.1.1407': attribute type 21 has an invalid length.
[  178.184057][ T9264] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1407'.
[  178.719898][ T9275] netlink: 260 bytes leftover after parsing attributes in process `syz.1.1412'.
[  178.724730][ T9275] netlink: 'syz.1.1412': attribute type 1 has an invalid length.
[  178.987338][ T9277] netlink: 'syz.0.1413': attribute type 13 has an invalid length.
[  179.424696][ T9277] bridge0: port 1(ip6gretap0) entered disabled state
[  179.452365][ T9277] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.866739][ T9301] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1423'.
[  179.948847][ T9277] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.963862][ T9277] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  180.149340][ T5879] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.153132][ T5879] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.157004][ T5879] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.187585][ T5879] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.199142][ T9309] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1427'.
[  180.343217][ T9319] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1431'.
[  180.446463][ T9324] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1434'.
[  180.549487][ T9329] netlink: 'syz.0.1436': attribute type 29 has an invalid length.
[  180.553919][ T9329] netlink: 'syz.0.1436': attribute type 29 has an invalid length.
[  180.564117][ T9329] netlink: 'syz.0.1436': attribute type 29 has an invalid length.
[  180.569046][ T9329] netlink: 'syz.0.1436': attribute type 29 has an invalid length.
[  180.872887][ T9346] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1444'.
[  182.160392][ T9380] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.1459'.
[  183.127093][ T9405] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.1470'.
[  183.473753][ T9416] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1475'.
[  184.293187][ T9429] netlink: 'syz.1.1481': attribute type 1 has an invalid length.
[  184.296667][ T9429] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1481'.
[  184.761266][ T9443] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1488'.
[  185.616614][ T9466] netlink: 'syz.1.1498': attribute type 15 has an invalid length.
[  186.473592][ T9485] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1507'.
[  186.708160][ T9491] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.1510'.
[  186.716557][ T9491] netlink: 'syz.0.1510': attribute type 1 has an invalid length.
[  186.729386][ T9491] netlink: 6320 bytes leftover after parsing attributes in process `syz.0.1510'.
[  188.373551][ T9513] netlink: 'syz.1.1521': attribute type 25 has an invalid length.
[  188.376861][ T9513] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.1521'.
[  188.568878][ T9517] netlink: 'syz.0.1522': attribute type 21 has an invalid length.
[  188.578248][ T9517] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1522'.
[  188.900606][ T9530] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1528'.
[  189.553989][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  189.570124][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  189.573934][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  189.582370][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  189.586195][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  189.944985][ T9566] netlink: 'syz.0.1541': attribute type 11 has an invalid length.
[  189.954318][ T5898] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.112572][ T9568] netlink: 'syz.0.1542': attribute type 1 has an invalid length.
[  190.117293][ T9568] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1542'.
[  190.131998][ T5898] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.182930][ T9548] chnl_net:caif_netlink_parms(): no params data found
[  190.202911][ T5898] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.279043][ T5898] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.368847][ T9548] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.376490][ T9548] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.380575][ T9548] bridge_slave_0: entered allmulticast mode
[  190.384515][ T9548] bridge_slave_0: entered promiscuous mode
[  190.395261][ T9548] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.399571][ T9548] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.402568][ T9548] bridge_slave_1: entered allmulticast mode
[  190.418542][ T9548] bridge_slave_1: entered promiscuous mode
[  190.510924][ T9548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.523590][ T9548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  190.567059][ T5898] bridge_slave_1: left allmulticast mode
[  190.570136][ T5898] bridge_slave_1: left promiscuous mode
[  190.572767][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.578533][ T5898] bridge_slave_0: left allmulticast mode
[  190.580960][ T5898] bridge_slave_0: left promiscuous mode
[  190.583423][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.994312][ T5898] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.000728][ T5898] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.004763][ T5898] bond0 (unregistering): Released all slaves
[  191.077829][ T5870] Bluetooth: hci0: command 0x0406 tx timeout
[  191.638558][ T5236] Bluetooth: hci3: command tx timeout
[  192.038718][ T9548] team0: Port device team_slave_0 added
[  192.046360][ T9548] team0: Port device team_slave_1 added
[  192.150606][ T9548] batman_adv: batadv0: Adding interface: batadv_slave_0
[  192.153574][ T9548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.165658][ T9548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  192.171362][ T9548] batman_adv: batadv0: Adding interface: batadv_slave_1
[  192.174308][ T9548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.192404][ T9548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.262725][ T5898] hsr_slave_0: left promiscuous mode
[  192.346251][ T5898] hsr_slave_1: left promiscuous mode
[  192.351900][ T5898] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.354407][ T5898] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.361819][ T5898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.364455][ T5898] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.394175][ T5898] veth1_macvtap: left promiscuous mode
[  192.396127][ T5898] veth0_macvtap: left promiscuous mode
[  192.398475][ T5898] veth1_vlan: left promiscuous mode
[  192.400319][ T5898] veth0_vlan: left promiscuous mode
[  192.713084][ T5898] team0 (unregistering): Port device team_slave_1 removed
[  192.750522][ T5898] team0 (unregistering): Port device team_slave_0 removed
[  192.753207][ T9632] netlink: 'syz.0.1561': attribute type 21 has an invalid length.
[  192.935655][ T9604] delete_channel: no stack
[  193.048542][ T9632] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1561'.
[  193.170138][ T9548] hsr_slave_0: entered promiscuous mode
[  193.173268][ T9548] hsr_slave_1: entered promiscuous mode
[  193.176124][ T9548] debugfs: 'hsr0' already exists in 'hsr'
[  193.184591][ T9548] Cannot create hsr debugfs directory
[  193.506272][ T9548] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  193.532139][ T9548] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  193.540852][ T9659] netlink: 'syz.0.1571': attribute type 62 has an invalid length.
[  193.549478][ T9548] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  193.562724][ T9548] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  193.675289][ T9548] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.687282][ T9548] 8021q: adding VLAN 0 to HW filter on device team0
[  193.710119][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.712487][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.716776][  T179] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.719190][  T179] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.723897][ T9678] netlink: 948 bytes leftover after parsing attributes in process `syz.0.1576'.
[  193.727747][ T5236] Bluetooth: hci3: command tx timeout
[  193.729827][ T9675] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1575'.
[  193.889661][ T9548] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.926298][ T9548] veth0_vlan: entered promiscuous mode
[  193.932525][ T9698] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1581'.
[  193.948561][ T9548] veth1_vlan: entered promiscuous mode
[  193.974930][ T9548] veth0_macvtap: entered promiscuous mode
[  193.983996][ T9548] veth1_macvtap: entered promiscuous mode
[  193.997134][ T9548] batman_adv: batadv0: Interface activated: batadv_slave_0
[  194.003813][ T9548] batman_adv: batadv0: Interface activated: batadv_slave_1
[  194.010477][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  194.024606][ T5879] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  194.030531][ T5879] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  194.033506][ T5879] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  194.093748][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.096989][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.102896][ T9709] netlink: 'syz.1.1586': attribute type 10 has an invalid length.
[  194.142734][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  194.145349][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  194.173536][ T5145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.177090][ T5145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.291846][ T9718] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.1589'.
[  195.236942][ T9746] netlink: 'syz.1.1601': attribute type 21 has an invalid length.
[  195.287049][ T9752] netlink: 'syz.0.1605': attribute type 10 has an invalid length.
[  195.290934][ T9752] veth1_vlan: entered allmulticast mode
[  195.325139][ T9754] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1604'.
[  195.328559][ T9754] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1604'.
[  195.393723][ T9763] netlink: 'syz.0.1608': attribute type 2 has an invalid length.
[  195.734846][ T9788] netlink: 'syz.3.1619': attribute type 21 has an invalid length.
[  195.808173][ T5236] Bluetooth: hci3: command tx timeout
[  195.852740][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1622'.
[  195.865562][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1622'.
[  195.895068][ T9801] netlink: 'syz.3.1623': attribute type 1 has an invalid length.
[  196.076700][ T9815] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.1631'.
[  197.106267][ T9826] delete_channel: no stack
[  197.383394][ T5236] Bluetooth: hci0: unexpected event 0x1d length: 15 > 5
[  197.877768][ T5236] Bluetooth: hci3: command tx timeout
[  199.945741][ T9860] __nla_validate_parse: 1 callbacks suppressed
[  199.945755][ T9860] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1648'.
[  200.105134][ T9867] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1651'.
[  200.505192][ T9874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  200.522098][ T9880] netlink: 'syz.1.1655': attribute type 2 has an invalid length.
[  200.532372][ T9874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  200.574659][ T9883] netlink: 'syz.3.1657': attribute type 7 has an invalid length.
[  200.736160][ T9889] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1660'.
[  200.740358][ T9889] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1660'.
[  200.743778][ T9889] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1660'.
[  200.748193][ T9889] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1660'.
[  200.875420][ T9900] netlink: 'syz.0.1662': attribute type 1 has an invalid length.
[  200.887708][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1666'.
[  200.890911][ T9900] netlink: 'syz.0.1662': attribute type 2 has an invalid length.
[  200.897528][ T9902] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1666'.
[  200.960205][ T9906] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  200.963769][ T9906] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  201.275524][ T9912] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1670'.
[  201.279642][ T9912] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1670'.
[  202.065857][ T9925] syzkaller0: entered promiscuous mode
[  202.068360][ T9925] syzkaller0: entered allmulticast mode
[  203.381792][ T9948] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  203.521561][ T9962] netlink: 'syz.1.1691': attribute type 11 has an invalid length.
[  203.588760][ T9971] netlink: 'syz.1.1695': attribute type 1 has an invalid length.
[  203.995886][ T9985] netlink: 'syz.0.1701': attribute type 9 has an invalid length.
[  204.054415][ T9988] xt_limit: Overflow, try lower: 324382443/4200216956
[  204.225021][ T9999] netlink: 'syz.3.1706': attribute type 4 has an invalid length.
[  204.294087][T10004] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.327629][T10004] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.392486][T10004] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.395882][T10004] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.263679][T10056] __nla_validate_parse: 4 callbacks suppressed
[  205.263693][T10056] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1726'.
[  205.273181][T10056] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1726'.
[  205.862525][T10070] netlink: 'syz.0.1730': attribute type 3 has an invalid length.
[  205.865917][T10070] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1730'.
[  205.888285][T10070] netlink: 'syz.0.1730': attribute type 3 has an invalid length.
[  205.891628][T10070] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1730'.
[  206.960814][T10108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1749'.
[  207.822432][T10143] netlink: 15678 bytes leftover after parsing attributes in process `syz.0.1764'.
[  208.564000][T10185] netlink: 'syz.0.1782': attribute type 2 has an invalid length.
[  208.570038][T10185] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1782'.
[  208.850088][T10206] netlink: 'syz.0.1791': attribute type 2 has an invalid length.
[  208.853716][T10206] netlink: 51 bytes leftover after parsing attributes in process `syz.0.1791'.
[  208.881442][T10209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1793'.
[  208.885166][T10209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1793'.
[  209.523960][T10230] netlink: 'syz.0.1801': attribute type 10 has an invalid length.
[  209.531441][T10230] veth0_vlan: left promiscuous mode
[  209.535282][T10230] veth0_vlan: entered promiscuous mode
[  209.539357][T10230] team0: Device veth0_vlan failed to register rx_handler
[  209.843570][T10233] pim6reg0: tun_chr_ioctl cmd 1074025681
[  209.894724][T10235] netlink: 'syz.0.1804': attribute type 1 has an invalid length.
[  210.018732][T10241] netlink: 'syz.0.1807': attribute type 10 has an invalid length.
[  210.734664][T10252] netlink: 'syz.1.1811': attribute type 10 has an invalid length.
[  211.184159][T10252] team0: Port device geneve1 added
[  211.582055][T10268] netlink: 'syz.1.1817': attribute type 10 has an invalid length.
[  212.281461][T10257] __nla_validate_parse: 1 callbacks suppressed
[  212.281566][T10257] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1812'.
[  213.459884][T10321] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1840'.
[  213.949888][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1860'.
[  214.536141][T10393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1873'.
[  214.540995][T10393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1873'.
[  214.576930][T10397] netlink: 'syz.1.1874': attribute type 21 has an invalid length.
[  214.891745][T10412] netlink: 18187 bytes leftover after parsing attributes in process `syz.0.1882'.
[  214.996175][T10419] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  215.029261][T10421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1886'.
[  215.032608][T10421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1886'.
[  215.151243][T10433] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1892'.
[  215.155017][T10433] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1892'.
[  215.267079][T10438] netlink: zone id is out of range
[  215.277228][T10438] netlink: zone id is out of range
[  215.308674][T10438] netlink: set zone limit has 4 unknown bytes
[  215.323934][T10438] netlink: del zone limit has 4 unknown bytes
[  216.143125][ T5236] Bluetooth: hci3: unexpected event 0x12 length: 151 > 8
[  216.483141][T10503] netlink: 'syz.1.1925': attribute type 21 has an invalid length.
[  216.517960][T10503] netlink: 'syz.1.1925': attribute type 6 has an invalid length.
[  216.586000][T10505] lo: entered allmulticast mode
[  216.605460][T10509] netlink: 'syz.0.1929': attribute type 280 has an invalid length.
[  216.609745][T10505] lo: entered promiscuous mode
[  216.611459][T10505] lo: left allmulticast mode
[  217.099592][T10535] netlink: 'syz.0.1938': attribute type 2 has an invalid length.
[  217.833058][T10555] netlink: 'syz.3.1947': attribute type 1 has an invalid length.
[  217.836492][T10555] __nla_validate_parse: 8 callbacks suppressed
[  217.836502][T10555] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1947'.
[  218.055942][T10571] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1954'.
[  218.668460][T10594] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1965'.
[  218.672363][T10594] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1965'.
[  219.224203][T10610] netlink: 495 bytes leftover after parsing attributes in process `syz.1.1972'.
[  219.376135][T10620] netlink: 'syz.0.1977': attribute type 3 has an invalid length.
[  219.379216][T10620] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1977'.
[  219.467333][T10622] netlink: 'syz.1.1978': attribute type 16 has an invalid length.
[  219.540615][T10629] netlink: 809 bytes leftover after parsing attributes in process `syz.1.1978'.
[  219.548010][T10629] netlink: 130160 bytes leftover after parsing attributes in process `syz.1.1978'.
[  219.551937][T10629] netlink: 809 bytes leftover after parsing attributes in process `syz.1.1978'.
[  219.612998][T10633] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  219.961338][T10622] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1978'.
[  219.961536][   T12] bridge_slave_1: left allmulticast mode
[  219.968374][   T12] bridge_slave_1: left promiscuous mode
[  219.970919][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.976074][   T12] bridge_slave_0: left allmulticast mode
[  219.979067][   T12] bridge_slave_0: left promiscuous mode
[  219.982820][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.395177][T10648] netlink: 'syz.0.1990': attribute type 39 has an invalid length.
[  220.421803][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.433102][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.443224][   T12] bond0 (unregistering): Released all slaves
[  220.884437][T10656] netlink: 'syz.3.1993': attribute type 21 has an invalid length.
[  220.893630][T10656] IPv6: NLM_F_CREATE should be specified when creating new route
[  221.283383][   T12] hsr_slave_0: left promiscuous mode
[  221.288682][   T12] hsr_slave_1: left promiscuous mode
[  221.291593][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  221.294813][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  221.304230][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.307357][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.330331][   T12] veth1_macvtap: left promiscuous mode
[  221.332280][   T12] veth0_macvtap: left promiscuous mode
[  221.334206][   T12] veth1_vlan: left promiscuous mode
[  221.336000][   T12] veth0_vlan: left promiscuous mode
[  221.701938][   T12] team0 (unregistering): Port device team_slave_1 removed
[  221.723394][   T12] team0 (unregistering): Port device team_slave_0 removed
[  221.974464][T10666] bridge_slave_1: left allmulticast mode
[  221.976854][T10666] bridge_slave_1: left promiscuous mode
[  221.981038][T10666] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.049375][T10666] bridge_slave_0: left allmulticast mode
[  222.054497][T10666] bridge_slave_0: left promiscuous mode
[  222.056889][T10666] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.920512][ T5236] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  222.961201][T10730] netlink: 'syz.0.2026': attribute type 29 has an invalid length.
[  222.976207][T10730] netlink: 'syz.0.2026': attribute type 29 has an invalid length.
[  222.981679][T10730] netlink: 'syz.0.2026': attribute type 29 has an invalid length.
[  222.991321][T10724] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  223.038826][T10732] netlink: 'syz.0.2027': attribute type 1 has an invalid length.
[  223.042146][T10732] __nla_validate_parse: 7 callbacks suppressed
[  223.042155][T10732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2027'.
[  223.170049][T10746] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2034'.
[  223.170833][T10744] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2033'.
[  224.530819][T10775] netlink: 'syz.0.2045': attribute type 10 has an invalid length.
[  224.560144][T10775] team0: Device ipvlan1 failed to register rx_handler
[  224.624504][T10778] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.2047'.
[  224.717755][T10781] netlink: 'syz.1.2048': attribute type 10 has an invalid length.
[  224.720410][T10781] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2048'.
[  224.725625][T10779] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2046'.
[  224.811477][T10794] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[  224.849898][T10798] netlink: 'syz.0.2055': attribute type 6 has an invalid length.
[  224.853528][T10798] netlink: 'syz.0.2055': attribute type 3 has an invalid length.
[  224.856813][T10798] netlink: 199728 bytes leftover after parsing attributes in process `syz.0.2055'.
[  225.110599][T10816] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2062'.
[  227.053196][T10872] netlink: 'syz.3.2085': attribute type 27 has an invalid length.
[  227.056214][T10872] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2085'.
[  227.861587][ T5236] Bluetooth: hci3: unexpected event 0x08 length: 15 > 4
[  228.075361][T10923] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2107'.
[  228.675513][T10939] netlink: 'syz.1.2113': attribute type 39 has an invalid length.
[  228.682848][T10940] netlink: 'syz.0.2114': attribute type 64 has an invalid length.
[  229.147609][T10955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2120'.
[  229.221752][T10965] sctp: [Deprecated]: syz.1.2124 (pid 10965) Use of int in max_burst socket option deprecated.
[  229.221752][T10965] Use struct sctp_assoc_value instead
[  229.245260][T10967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2125'.
[  229.250981][T10967] openvswitch: netlink: Missing key (keys=40, expected=80)
[  229.639876][T10991] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2137'.
[  229.644124][T10991] unsupported nlmsg_type 40
[  229.877560][ T5870] Bluetooth: hci3: command 0x0406 tx timeout
[  230.552783][T11026] netlink: 'syz.3.2154': attribute type 2 has an invalid length.
[  230.704982][T11036] netlink: 'syz.1.2158': attribute type 10 has an invalid length.
[  231.030036][T11063] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2171'.
[  231.260114][T11079] netlink: 147608 bytes leftover after parsing attributes in process `syz.1.2179'.
[  231.264465][T11079] netlink: 'syz.1.2179': attribute type 2 has an invalid length.
[  231.269077][T11079] netlink: 62135 bytes leftover after parsing attributes in process `syz.1.2179'.
[  232.287568][T11102] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2188'.
[  232.962710][T11111] netlink: 763 bytes leftover after parsing attributes in process `syz.3.2191'.
[  233.767983][T11142] netlink: 'syz.3.2205': attribute type 21 has an invalid length.
[  233.964873][T11166] netlink: 'syz.3.2217': attribute type 32 has an invalid length.
[  233.971821][T11168] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2218'.
[  234.226504][T11178] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2216'.
[  234.480105][T11189] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[  234.483170][T11189] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2227'.
[  234.797273][T11209] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2237'.
[  235.099044][T11233] netlink: 'syz.1.2247': attribute type 1 has an invalid length.
[  235.295980][T11249] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2252'.
[  235.384477][T11254] delete_channel: no stack
[  235.608518][T11256] netlink: 204732 bytes leftover after parsing attributes in process `syz.3.2254'.
[  235.609678][T11259] delete_channel: no stack
[  236.116523][T11276] netlink: 14601 bytes leftover after parsing attributes in process `syz.1.2265'.
[  236.130983][T11276] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2265'.
[  236.449746][T11287] netlink: 'syz.3.2267': attribute type 28 has an invalid length.
[  237.200625][T11310] netlink: 'syz.0.2276': attribute type 10 has an invalid length.
[  237.204810][T11312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2277'.
[  237.205963][T11310] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2276'.
[  237.804750][T11324] ==================================================================
[  237.808011][T11324] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  237.811015][T11324] Read of size 4 at addr ffff88801fe2b6c4 by task syz.1.2283/11324
[  237.815099][T11324] 
[  237.816013][T11324] CPU: 1 UID: 0 PID: 11324 Comm: syz.1.2283 Not tainted syzkaller #0 PREEMPT(full) 
[  237.816024][T11324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  237.816030][T11324] Call Trace:
[  237.816035][T11324]  <TASK>
[  237.816040][T11324]  dump_stack_lvl+0x189/0x250
[  237.816053][T11324]  ? __kasan_check_byte+0x12/0x40
[  237.816067][T11324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.816075][T11324]  ? lock_release+0x4b/0x3e0
[  237.816088][T11324]  ? __virt_addr_valid+0x4a5/0x5c0
[  237.816100][T11324]  print_report+0xca/0x240
[  237.816108][T11324]  ? xfrm_alloc_spi+0x570/0xf30
[  237.816119][T11324]  kasan_report+0x118/0x150
[  237.816129][T11324]  ? xfrm_alloc_spi+0x570/0xf30
[  237.816140][T11324]  xfrm_alloc_spi+0x570/0xf30
[  237.816150][T11324]  ? xfrm_alloc_spi+0x2a0/0xf30
[  237.816160][T11324]  ? __local_bh_enable_ip+0x16c/0x1c0
[  237.816170][T11324]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  237.816180][T11324]  ? xfrm_find_acq+0x87/0xa0
[  237.816191][T11324]  pfkey_getspi+0x7a8/0xee0
[  237.816203][T11324]  pfkey_sendmsg+0xbfe/0x1090
[  237.816211][T11324]  ? trace_sched_exit_tp+0x36/0x110
[  237.816224][T11324]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  237.816236][T11324]  ? aa_sock_msg_perm+0xf1/0x1d0
[  237.816244][T11324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  237.816253][T11324]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  237.816261][T11324]  __sock_sendmsg+0x21c/0x270
[  237.816278][T11324]  ____sys_sendmsg+0x505/0x830
[  237.816292][T11324]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.816308][T11324]  ? import_iovec+0x74/0xa0
[  237.816324][T11324]  ___sys_sendmsg+0x21f/0x2a0
[  237.816368][T11324]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.816393][T11324]  ? __fget_files+0x2a/0x420
[  237.816405][T11324]  ? __fget_files+0x3a0/0x420
[  237.816419][T11324]  __x64_sys_sendmsg+0x19b/0x260
[  237.816433][T11324]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  237.816460][T11324]  ? rcu_is_watching+0x15/0xb0
[  237.816475][T11324]  ? do_syscall_64+0xbe/0x3b0
[  237.816491][T11324]  do_syscall_64+0xfa/0x3b0
[  237.816502][T11324]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.816511][T11324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.816519][T11324]  ? exc_page_fault+0x9f/0xf0
[  237.816526][T11324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.816534][T11324] RIP: 0033:0x7fbbbbb8eba9
[  237.816543][T11324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.816549][T11324] RSP: 002b:00007fbbbc93e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.816559][T11324] RAX: ffffffffffffffda RBX: 00007fbbbbdd5fa0 RCX: 00007fbbbbb8eba9
[  237.816565][T11324] RDX: 0000000020008004 RSI: 0000200000000180 RDI: 0000000000000003
[  237.816570][T11324] RBP: 00007fbbbbc11e19 R08: 0000000000000000 R09: 0000000000000000
[  237.816575][T11324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  237.816579][T11324] R13: 00007fbbbbdd6038 R14: 00007fbbbbdd5fa0 R15: 00007ffee35ddfd8
[  237.816588][T11324]  </TASK>
[  237.816590][T11324] 
[  237.936524][T11324] Allocated by task 10527:
[  237.938359][T11324]  kasan_save_track+0x3e/0x80
[  237.940317][T11324]  __kasan_slab_alloc+0x6c/0x80
[  237.942390][T11324]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  237.944625][T11324]  xfrm_state_alloc+0x24/0x2f0
[  237.946618][T11324]  ipcomp4_init_state+0x2c4/0xb20
[  237.948717][T11324]  __xfrm_init_state+0xa76/0x13f0
[  237.950827][T11324]  xfrm_add_sa+0x2f5b/0x4070
[  237.952746][T11324]  xfrm_user_rcv_msg+0x7a3/0xab0
[  237.954882][T11324]  netlink_rcv_skb+0x208/0x470
[  237.957014][T11324]  xfrm_netlink_rcv+0x79/0x90
[  237.959113][T11324]  netlink_unicast+0x82f/0x9e0
[  237.961207][T11324]  netlink_sendmsg+0x805/0xb30
[  237.963355][T11324]  __sock_sendmsg+0x21c/0x270
[  237.965436][T11324]  ____sys_sendmsg+0x505/0x830
[  237.967557][T11324]  ___sys_sendmsg+0x21f/0x2a0
[  237.969649][T11324]  __x64_sys_sendmsg+0x19b/0x260
[  237.971785][T11324]  do_syscall_64+0xfa/0x3b0
[  237.973785][T11324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.976359][T11324] 
[  237.977442][T11324] Freed by task 10:
[  237.979130][T11324]  kasan_save_track+0x3e/0x80
[  237.981206][T11324]  kasan_save_free_info+0x46/0x50
[  237.983453][T11324]  __kasan_slab_free+0x5b/0x80
[  237.985565][T11324]  kmem_cache_free+0x18f/0x400
[  237.987671][T11324]  xfrm_state_gc_task+0x52d/0x6b0
[  237.989840][T11324]  process_scheduled_works+0xae1/0x17b0
[  237.992260][T11324]  worker_thread+0x8a0/0xda0
[  237.994296][T11324]  kthread+0x711/0x8a0
[  237.996102][T11324]  ret_from_fork+0x439/0x7d0
[  237.998131][T11324]  ret_from_fork_asm+0x1a/0x30
[  238.000250][T11324] 
[  238.001296][T11324] The buggy address belongs to the object at ffff88801fe2b600
[  238.001296][T11324]  which belongs to the cache xfrm_state of size 928
[  238.007173][T11324] The buggy address is located 196 bytes inside of
[  238.007173][T11324]  freed 928-byte region [ffff88801fe2b600, ffff88801fe2b9a0)
[  238.012856][T11324] 
[  238.013940][T11324] The buggy address belongs to the physical page:
[  238.016747][T11324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801fe29b00 pfn:0x1fe28
[  238.021119][T11324] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  238.024771][T11324] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  238.028049][T11324] page_type: f5(slab)
[  238.029814][T11324] raw: 00fff00000000040 ffff88810068a780 dead000000000122 0000000000000000
[  238.033542][T11324] raw: ffff88801fe29b00 00000000800e0007 00000000f5000000 0000000000000000
[  238.037223][T11324] head: 00fff00000000040 ffff88810068a780 dead000000000122 0000000000000000
[  238.040979][T11324] head: ffff88801fe29b00 00000000800e0007 00000000f5000000 0000000000000000
[  238.044681][T11324] head: 00fff00000000002 ffffea00007f8a01 00000000ffffffff 00000000ffffffff
[  238.048449][T11324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  238.052142][T11324] page dumped because: kasan: bad access detected
[  238.054876][T11324] page_owner tracks the page as allocated
[  238.057356][T11324] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6001, tgid 6000 (syz.0.41), ts 68981790158, free_ts 68821706734
[  238.065476][T11324]  post_alloc_hook+0x240/0x2a0
[  238.067604][T11324]  get_page_from_freelist+0x21e4/0x22c0
[  238.070058][T11324]  __alloc_frozen_pages_noprof+0x181/0x370
[  238.072639][T11324]  alloc_pages_mpol+0x232/0x4a0
[  238.074831][T11324]  allocate_slab+0x8a/0x370
[  238.076858][T11324]  ___slab_alloc+0xbeb/0x1420
[  238.078865][T11324]  kmem_cache_alloc_noprof+0x283/0x3c0
[  238.081251][T11324]  xfrm_state_alloc+0x24/0x2f0
[  238.083382][T11324]  __find_acq_core+0x8a7/0x1c00
[  238.085541][T11324]  xfrm_find_acq+0x78/0xa0
[  238.087504][T11324]  xfrm_alloc_userspi+0x6b3/0xc90
[  238.089661][T11324]  xfrm_user_rcv_msg+0x7a3/0xab0
[  238.091825][T11324]  netlink_rcv_skb+0x208/0x470
[  238.093888][T11324]  xfrm_netlink_rcv+0x79/0x90
[  238.095909][T11324]  netlink_unicast+0x82f/0x9e0
[  238.098035][T11324]  netlink_sendmsg+0x805/0xb30
[  238.100163][T11324] page last free pid 972 tgid 972 stack trace:
[  238.102852][T11324]  __free_frozen_pages+0xbc4/0xd30
[  238.105118][T11324]  __slab_free+0x303/0x3c0
[  238.107098][T11324]  qlist_free_all+0x97/0x140
[  238.109157][T11324]  kasan_quarantine_reduce+0x148/0x160
[  238.111532][T11324]  __kasan_slab_alloc+0x22/0x80
[  238.113712][T11324]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  238.116354][T11324]  __alloc_skb+0x112/0x2d0
[  238.118354][T11324]  mld_newpack+0x13c/0xc40
[  238.120359][T11324]  add_grhead+0x5a/0x2a0
[  238.122236][T11324]  add_grec+0x1452/0x1740
[  238.124179][T11324]  mld_send_initial_cr+0x288/0x550
[  238.126471][T11324]  mld_dad_work+0x46/0x490
[  238.128446][T11324]  process_scheduled_works+0xae1/0x17b0
[  238.130857][T11324]  worker_thread+0x8a0/0xda0
[  238.132916][T11324]  kthread+0x711/0x8a0
[  238.134688][T11324]  ret_from_fork+0x439/0x7d0
[  238.136304][T11324] 
[  238.137391][T11324] Memory state around the buggy address:
[  238.139856][T11324]  ffff88801fe2b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  238.143393][T11324]  ffff88801fe2b600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.146737][T11324] >ffff88801fe2b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.150192][T11324]                                            ^
[  238.152850][T11324]  ffff88801fe2b700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.156370][T11324]  ffff88801fe2b780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.159881][T11324] ==================================================================
[  238.163847][T11324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  238.167019][T11324] CPU: 1 UID: 0 PID: 11324 Comm: syz.1.2283 Not tainted syzkaller #0 PREEMPT(full) 
[  238.171036][T11324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  238.175421][T11324] Call Trace:
[  238.176938][T11324]  <TASK>
[  238.178274][T11324]  dump_stack_lvl+0x99/0x250
[  238.180318][T11324]  ? __asan_memcpy+0x40/0x70
[  238.182352][T11324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.184606][T11324]  ? __pfx__printk+0x10/0x10
[  238.186658][T11324]  vpanic+0x281/0x750
[  238.188438][T11324]  ? __pfx_vpanic+0x10/0x10
[  238.190392][T11324]  ? irqentry_exit+0x74/0x90
[  238.192368][T11324]  panic+0xb9/0xc0
[  238.193931][T11324]  ? __pfx_panic+0x10/0x10
[  238.195689][T11324]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  238.198076][T11324]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  238.200524][T11324]  ? xfrm_alloc_spi+0x570/0xf30
[  238.202448][T11324]  check_panic_on_warn+0x89/0xb0
[  238.204561][T11324]  ? xfrm_alloc_spi+0x570/0xf30
[  238.206499][T11324]  end_report+0x78/0x160
[  238.208277][T11324]  kasan_report+0x129/0x150
[  238.210200][T11324]  ? xfrm_alloc_spi+0x570/0xf30
[  238.212293][T11324]  xfrm_alloc_spi+0x570/0xf30
[  238.214174][T11324]  ? xfrm_alloc_spi+0x2a0/0xf30
[  238.216216][T11324]  ? __local_bh_enable_ip+0x16c/0x1c0
[  238.218141][T11324]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  238.220214][T11324]  ? xfrm_find_acq+0x87/0xa0
[  238.221758][T11324]  pfkey_getspi+0x7a8/0xee0
[  238.223387][T11324]  pfkey_sendmsg+0xbfe/0x1090
[  238.225066][T11324]  ? trace_sched_exit_tp+0x36/0x110
[  238.226882][T11324]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  238.228741][T11324]  ? aa_sock_msg_perm+0xf1/0x1d0
[  238.230643][T11324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  238.232630][T11324]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  238.234241][T11324]  __sock_sendmsg+0x21c/0x270
[  238.235893][T11324]  ____sys_sendmsg+0x505/0x830
[  238.237404][T11324]  ? __pfx_____sys_sendmsg+0x10/0x10
[  238.239280][T11324]  ? import_iovec+0x74/0xa0
[  238.241203][T11324]  ___sys_sendmsg+0x21f/0x2a0
[  238.243185][T11324]  ? __pfx____sys_sendmsg+0x10/0x10
[  238.245242][T11324]  ? __fget_files+0x2a/0x420
[  238.247008][T11324]  ? __fget_files+0x3a0/0x420
[  238.248735][T11324]  __x64_sys_sendmsg+0x19b/0x260
[  238.250480][T11324]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  238.252521][T11324]  ? rcu_is_watching+0x15/0xb0
[  238.254310][T11324]  ? do_syscall_64+0xbe/0x3b0
[  238.256223][T11324]  do_syscall_64+0xfa/0x3b0
[  238.257988][T11324]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.260138][T11324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.262307][T11324]  ? exc_page_fault+0x9f/0xf0
[  238.264124][T11324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.266265][T11324] RIP: 0033:0x7fbbbbb8eba9
[  238.268144][T11324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.275365][T11324] RSP: 002b:00007fbbbc93e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  238.278846][T11324] RAX: ffffffffffffffda RBX: 00007fbbbbdd5fa0 RCX: 00007fbbbbb8eba9
[  238.281434][T11324] RDX: 0000000020008004 RSI: 0000200000000180 RDI: 0000000000000003
[  238.284303][T11324] RBP: 00007fbbbbc11e19 R08: 0000000000000000 R09: 0000000000000000
[  238.287098][T11324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  238.289744][T11324] R13: 00007fbbbbdd6038 R14: 00007fbbbbdd5fa0 R15: 00007ffee35ddfd8
[  238.292523][T11324]  </TASK>
[  238.294375][T11324] Kernel Offset: disabled
[  238.295796][T11324] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:42:13  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000154 RBX=ffff88804b023900 RCX=0000000000000838 RDX=0000000000000000
RSI=0000000000000154 RDI=0000000000000838 RBP=0000000000000000 RSP=ffffc90000007408
R8 =0000000000000000 R9 =ffffffff81ae170e R10=0000000000000003 R11=ffffffff81704490
R12=0000000010000863 R13=dffffc0000000000 R14=0000000000000154 R15=0000000000000020
RIP=ffffffff81717179 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3d3fabc6c0 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33b20ffc CR3=000000011131a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00090044fb6ebde3 00000036f40e48a7
XMM02=8c5a0000000180ba 00000010000a000e XMM03=831d36d3a6e7c133 a959dcf30afa7437
XMM04=9f64c2cd098fe9a4 f787f1a4b9bcce8c XMM05=0782d466c61ec601 270311aada6e8256
XMM06=56df9c310000b283 1d36d3a6e7c133a9 XMM07=59dcf30afa74378c 5a0000000180ba00
XMM08=0000000000000000 00007f274a812ee7 XMM09=0000000000000000 00007f274a812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000061 RBX=0000000000000061 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000011ec RDI=00000000000011ed RBP=00000000000003f8 RSP=ffffc90006a36eb0
R8 =ffff888107be8237 R9 =1ffff11020f7d046 R10=dffffc0000000000 R11=ffffffff854fab40
R12=dffffc0000000000 R13=ffffffff99b00904 R14=ffffffff99df5420 R15=0000000000000000
RIP=ffffffff854fabbc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fbbbc93e6c0 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000180 CR3=0000000105ca8000 CR4=000006f0
DR0=0000000000000000 DR1=0000200000000300 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fbbbbda7498 00007fbbbbda7470 XMM03=00007fbbbbda74a8 00007fbbbbda74a0
XMM04=00007fbbbc90d100 00007fbbbbda7460 XMM05=00007fbbbbda7478 00007fbbbbda74c0
XMM06=00007fbbbbda74b8 00007fbbbbda74b0 XMM07=00007fbbbbda74a8 00007fbbbbda74a0
XMM08=0000000000000000 00007fbbbbc12ee7 XMM09=0000000000000000 00007fbbbbc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
