last executing test programs:

3m22.691142653s ago: executing program 0 (id=473):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000340)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x2c}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

3m22.569808726s ago: executing program 0 (id=476):
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x14, 0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)}, 0x0)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x10000, 0x0, 0x0, 0x9, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89a0, &(0x7f0000000080))

3m21.342026427s ago: executing program 0 (id=483):
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@ifindex, 0x36, 0x1, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

3m21.245484709s ago: executing program 0 (id=485):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x8001}, 0x20048000)

3m21.150348279s ago: executing program 0 (id=487):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)

3m21.086878718s ago: executing program 0 (id=489):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004004}, 0x40)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000080))

3m5.625382144s ago: executing program 32 (id=489):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004004}, 0x40)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000080))

1m7.976301935s ago: executing program 2 (id=2134):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0xcc}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x40045}, 0x8800)

1m7.891908459s ago: executing program 2 (id=2135):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000001000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x9, [@struct={0x4, 0x0, 0x0, 0x4, 0x0, 0x1}, @enum={0x6, 0x2, 0x0, 0x6, 0x4, [{0x1, 0x100}, {0x6}]}]}, {0x0, [0x61, 0x0, 0x2e, 0x2e, 0x30, 0x2e, 0x2e]}}, 0x0, 0x49}, 0x28)

1m7.825406403s ago: executing program 2 (id=2137):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x9c}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xfffffff9}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x40}, 0x0)

1m7.825114769s ago: executing program 2 (id=2138):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xaa56}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x2e, 0x0, 0x108)

1m7.667344858s ago: executing program 2 (id=2140):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0)

1m7.603970224s ago: executing program 2 (id=2141):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)=@o_path={&(0x7f0000000240)='./file0\x00'}, 0x18)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d80000001400810d4e81f782db44b9040a11080211000000040000a118000200fc00000000000e1208000f0100810401a80016ea1f000640c9201114c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adb", 0xd7}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x8901, &(0x7f0000000040))
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000000080)="90", 0x1}], 0x1}, 0x24004011)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x5, &(0x7f0000000000)=ANY=[], 0x0}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940), 0x4004)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x81, 0x81f37, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0xb, 0x2}, 0x40, 0x8, 0x800, 0x0, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000004}, 0x0, 0xf, 0xffffffffffffffff, 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080))

52.573226275s ago: executing program 33 (id=2141):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)=@o_path={&(0x7f0000000240)='./file0\x00'}, 0x18)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d80000001400810d4e81f782db44b9040a11080211000000040000a118000200fc00000000000e1208000f0100810401a80016ea1f000640c9201114c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adb", 0xd7}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x8901, &(0x7f0000000040))
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002740)={0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000000080)="90", 0x1}], 0x1}, 0x24004011)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x5, &(0x7f0000000000)=ANY=[], 0x0}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940), 0x4004)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x81, 0x81f37, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0xb, 0x2}, 0x40, 0x8, 0x800, 0x0, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000004}, 0x0, 0xf, 0xffffffffffffffff, 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080))

43.444506318s ago: executing program 3 (id=2375):
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0x2}, 0x10008, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x7, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x40)
socket$kcm(0x2b, 0x1, 0x0)
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f00000000c0)='freezer.self_freezing\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000280)={0x3, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5d34, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x7}, 0x102812, 0x0, 0x0, 0x1, 0x8000000, 0xa9, 0x803}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x2, 0x16, 0x2, 0x3, 0x4, 0x0, 0x0, 0x25dfdbfc, [@sadb_sa={0x1, 0x1, 0x0, 0xb, 0x80, 0x61, 0x2, 0x60000001}]}, 0x20}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001200)='./cgroup/syz0\x00', 0x200002, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000044000900fffffffffddbdf250400000004001f00100001"], 0x28}, 0x1, 0x0, 0x0, 0x4044004}, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$TUNGETVNETLE(r2, 0x40047459, &(0x7f0000001200))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

42.921014033s ago: executing program 3 (id=2378):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x9a9e, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x201, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x3, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
socket$kcm(0x28, 0x5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, 0x0, &(0x7f0000000080)=r3}, 0x20)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xf7e5)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02037f02210000000000000000000000030006000000000002000000ac14142e00000000000000000200010000000000000002007fffffff030005002b00000002000000ac1414aa0000000000000000170008007805"], 0x108}, 0x1, 0x7}, 0x0)

42.014539557s ago: executing program 3 (id=2384):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000006900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r1, 0x0, 0x0}, 0x10)

41.953731117s ago: executing program 3 (id=2385):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0xfffffffd, 0x1}, 0x0, 0x100000001, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffff91, 0xfffffffffffffff8}, 0x16620, 0x1004, 0x0, 0x0, 0x0, 0x2, 0x7ff, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000500)='\t!~&\x00\xaeH\xfc\xf7\xf7\xd4\x1c\x94\xcb\r^\xd6<\xda9\xdc\xac(\x8cj\x13hk\xfc\xa8\v#)\xddk\x93\x12\xbfh\x95\xb9\xb7-:\xebr\xf2%\xaf\x8fH\x89MO\xf7\xbe\x1b\xd7\xd7S\b\x00\x00\x00\x00\x00\x00')

41.754199523s ago: executing program 3 (id=2391):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000640)={0x5, 0xffffffffffffff77, 0x8, 0x6, 0xfa, 0xa5, 0x0, 0x0, 0x40, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb, 0x4, @perf_bp={0x0, 0xc}, 0x318a, 0xffffffff80000002, 0x0, 0x5, 0x4121, 0x4, 0xff00, 0x0, 0x200, 0x0, 0x6}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x3, 0x87)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0)

39.053453554s ago: executing program 3 (id=2414):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c230000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, 0x0, &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0xa, 0x5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000001440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@datasec={0x2, 0x1, 0x0, 0xf, 0x3, [{0x2, 0x1, 0x9}], "44942d"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "84"}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x44, 0x0, 0x1}, 0x28)
close(0x3)
socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x7}}], 0x18}, 0x40000)
r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(r0, 0x541b, 0xf0ff1f00000000)

24.06429143s ago: executing program 34 (id=2414):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c230000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, 0x0, &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0xa, 0x5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000001440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@datasec={0x2, 0x1, 0x0, 0xf, 0x3, [{0x2, 0x1, 0x9}], "44942d"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "84"}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x44, 0x0, 0x1}, 0x28)
close(0x3)
socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x7}}], 0x18}, 0x40000)
r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(r0, 0x541b, 0xf0ff1f00000000)

5.350033823s ago: executing program 5 (id=2685):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$inet6(r1, &(0x7f0000000300)={&(0x7f0000000000)={0xa, 0x4e23, 0x10000, @mcast1, 0x7}, 0x1c, 0x0}, 0x2004810)

5.349687695s ago: executing program 5 (id=2686):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="2400000076001f03000000000000000008000000ffffffff0c000d8008"], 0x24}], 0x1}, 0x0)

3.66352365s ago: executing program 5 (id=2690):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x2, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x38}, 0x94)

3.586393365s ago: executing program 5 (id=2692):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="050000000100000009000000ae00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="1e002803008c71ef288563"], 0xffdd)

3.290324197s ago: executing program 4 (id=2695):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x81, 0x4, 0x2}, 0x50)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r0, &(0x7f00000003c0), &(0x7f0000000580)=@tcp=r1}, 0x20)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r0, &(0x7f0000000600), &(0x7f0000000340)=@udp6=r2, 0x1}, 0x20)

3.199609348s ago: executing program 4 (id=2696):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a", 0xd9d}], 0x1}, 0x0)

3.107975643s ago: executing program 4 (id=2698):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x15, 0x10, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x86}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {}, [@jmp={0x5, 0x1, 0x6, 0x9, 0x9, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)

3.03454707s ago: executing program 4 (id=2700):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x8000, 0x0, 0x1ff, 0xffffffff, 0x0, 0x0, 0x3ff, 0x0, 0x8000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080))

1.080257726s ago: executing program 4 (id=2702):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x104000, 0x2, 0xfffffffe, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f0000000040), 0x4)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x801)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x88c0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000005000000000000008510000002000000850000007600"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x1ff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x4}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x6, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000600)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b80)=@bpf_ext={0x1c, 0x2, &(0x7f00000004c0)=ANY=[@ANYBLOB], &(0x7f0000000840)='syzkaller\x00', 0x1, 0x0, 0x0, 0x71be12af7866cf22, 0xe, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1b081, r3, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3f26}, 0x0, 0xffffffffffffec25, 0x7, 0x8, 0xffffffffffffffff}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x11, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002c000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

1.079701376s ago: executing program 5 (id=2703):
socket$kcm(0x2, 0x922000000001, 0x106)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='rxrpc_call\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_call\x00', r3}, 0x10)
r4 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000012006b04000000d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003680601000008000300ff000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x101080, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8660, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xc}, 0x2490, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x10)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080))

787.322422ms ago: executing program 4 (id=2706):
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2a, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x2000, 0x2, 0xfffffffe, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1}, 0x50)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r4 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f00000002c0)=r3, 0x161)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x44)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r5, &(0x7f0000000540)='cgroup.max.descendants\x00', 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xb80b}], 0x1}, 0xd000000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703380000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e50200"/32], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r6)

582.61144ms ago: executing program 1 (id=2707):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x43, 0x1, 0x0, 0x0, 0x0, 0x0, 0x94565, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0eab070004000523"], 0xfe33)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={0x0, 0x2}, 0x10a8, 0x6, 0x0, 0x0, 0x9, 0x7ffffc, 0xfffc, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=@newtaction={0x68, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x7f, 0x0, 0x2, 0x4, 0x8}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0)

426.665151ms ago: executing program 5 (id=2708):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_user\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
recvmsg$unix(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x2020)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000015c0)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r3}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
sendmsg$inet(r1, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000a40)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xaf\xcc\xeeR\xf2/\x00\x00E>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xcc\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')

349.250207ms ago: executing program 1 (id=2709):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1900000004000000040000000900000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000010000000000000"], 0x50)

120.325938ms ago: executing program 1 (id=2710):
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x38)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x400007, 0x8, 0x1c004, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0xfffffffffffffffd}, 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000))
r1 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0)

57.605482ms ago: executing program 1 (id=2711):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1405, 0x1, 0x70bd26, 0x25dfdbfe, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x1}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4044045}, 0x0)

471.309µs ago: executing program 1 (id=2712):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002dc0)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_RANGE_TO_DATA={0x8, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, ']'}]}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}}, 0x0)

0s ago: executing program 1 (id=2713):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:37178' (ED25519) to the list of known hosts.
syzkaller login: [   56.555112][ T5793] cgroup: Unknown subsys name 'net'
[   56.670715][ T5793] cgroup: Unknown subsys name 'cpuset'
[   56.678710][ T5793] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.496307][ T5793] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.076287][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.081264][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.086384][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.090415][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.094134][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.126644][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.130625][ T5237] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.135078][ T5237] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.140025][ T5237] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.144056][ T5237] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.248874][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.253500][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.258080][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.262241][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.266063][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.431886][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   64.525271][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   64.567034][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.570868][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.576925][ T5850] bridge_slave_0: entered allmulticast mode
[   64.581107][ T5850] bridge_slave_0: entered promiscuous mode
[   64.609257][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.612410][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.616150][ T5850] bridge_slave_1: entered allmulticast mode
[   64.620170][ T5850] bridge_slave_1: entered promiscuous mode
[   64.691836][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.750465][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.756057][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.759128][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.762191][ T5855] bridge_slave_0: entered allmulticast mode
[   64.766495][ T5855] bridge_slave_0: entered promiscuous mode
[   64.771754][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.775370][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.778394][ T5855] bridge_slave_1: entered allmulticast mode
[   64.782547][ T5855] bridge_slave_1: entered promiscuous mode
[   64.869176][ T5850] team0: Port device team_slave_0 added
[   64.894514][ T5850] team0: Port device team_slave_1 added
[   64.900197][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.918100][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   64.928254][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.981992][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.985940][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.996209][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.019197][ T5855] team0: Port device team_slave_0 added
[   65.022600][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.025903][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.036050][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.057506][ T5855] team0: Port device team_slave_1 added
[   65.136941][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.139707][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.150124][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.156721][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.159548][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.170483][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.197933][ T5850] hsr_slave_0: entered promiscuous mode
[   65.201482][ T5850] hsr_slave_1: entered promiscuous mode
[   65.258478][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.260829][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.263636][ T5859] bridge_slave_0: entered allmulticast mode
[   65.267706][ T5859] bridge_slave_0: entered promiscuous mode
[   65.313840][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.317311][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.320498][ T5859] bridge_slave_1: entered allmulticast mode
[   65.325705][ T5859] bridge_slave_1: entered promiscuous mode
[   65.394823][ T5855] hsr_slave_0: entered promiscuous mode
[   65.398789][ T5855] hsr_slave_1: entered promiscuous mode
[   65.401888][ T5855] debugfs: 'hsr0' already exists in 'hsr'
[   65.404319][ T5855] Cannot create hsr debugfs directory
[   65.446159][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.477311][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.542742][ T5859] team0: Port device team_slave_0 added
[   65.570392][ T5859] team0: Port device team_slave_1 added
[   65.633923][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.636321][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.646368][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.670144][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.672493][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.683354][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.798234][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.809359][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.826303][ T5859] hsr_slave_0: entered promiscuous mode
[   65.829446][ T5859] hsr_slave_1: entered promiscuous mode
[   65.832094][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   65.835045][ T5859] Cannot create hsr debugfs directory
[   65.837992][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.858327][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.977730][ T5855] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.007285][ T5855] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.016943][ T5855] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.056061][ T5855] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.135088][   T54] Bluetooth: hci0: command tx timeout
[   66.175677][ T5859] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.187953][ T5859] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.198359][ T5859] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.206562][ T5859] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.214990][   T54] Bluetooth: hci1: command tx timeout
[   66.296757][   T54] Bluetooth: hci2: command tx timeout
[   66.300617][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.353613][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   66.389058][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.392116][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.409612][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.425273][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.428982][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.470642][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   66.484688][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.503377][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.505763][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.530758][  T179] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.533539][  T179] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.541766][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   66.585447][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.587741][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.618066][  T179] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.620377][  T179] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.763106][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.844124][ T5850] veth0_vlan: entered promiscuous mode
[   66.862099][ T5850] veth1_vlan: entered promiscuous mode
[   66.912657][ T5850] veth0_macvtap: entered promiscuous mode
[   66.919714][ T5850] veth1_macvtap: entered promiscuous mode
[   66.943572][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.958584][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.963145][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.985107][ T5880] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.991997][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.006613][ T5880] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.010222][ T5880] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.029770][ T5880] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.119645][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.130198][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.136999][ T5855] veth0_vlan: entered promiscuous mode
[   67.152980][ T5859] veth0_vlan: entered promiscuous mode
[   67.169818][ T5855] veth1_vlan: entered promiscuous mode
[   67.192310][ T5859] veth1_vlan: entered promiscuous mode
[   67.195500][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.200804][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.240218][ T5855] veth0_macvtap: entered promiscuous mode
[   67.258172][ T5859] veth0_macvtap: entered promiscuous mode
[   67.263183][ T5855] veth1_macvtap: entered promiscuous mode
[   67.279039][ T5859] veth1_macvtap: entered promiscuous mode
[   67.281537][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.310663][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.319321][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.356674][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.366108][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.403030][ T5862] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.409286][ T5862] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.412905][ T5862] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.429942][ T5862] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.433695][ T5862] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.450037][ T5862] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.453738][ T5862] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.488412][ T5862] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.534173][    C1] hrtimer: interrupt took 36394 ns
[   68.030703][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.036952][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.051384][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.053853][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.087674][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.091650][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.125964][ T5916] syz.1.2 (5916) used greatest stack depth: 19832 bytes left
[   68.139131][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.148184][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.188390][ T5920] netlink: 'syz.1.4': attribute type 2 has an invalid length.
[   68.215405][   T54] Bluetooth: hci0: command tx timeout
[   68.317154][   T54] Bluetooth: hci1: command tx timeout
[   68.376028][   T54] Bluetooth: hci2: command tx timeout
[   69.233981][ T5950] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15'.
[   69.444413][ T5962] Zero length message leads to an empty skb
[   69.446720][ T5963] openvswitch: netlink: EtherType 50a is less than min 600
[   69.463984][ T5962] lo speed is unknown, defaulting to 1000
[   69.470823][ T5962] lo speed is unknown, defaulting to 1000
[   69.510095][ T5962] lo speed is unknown, defaulting to 1000
[   69.610626][ T5962] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   69.836972][ T5962] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   69.852468][ T5980] syz.1.29 uses obsolete (PF_INET,SOCK_PACKET)
[   70.211986][ T5962] lo speed is unknown, defaulting to 1000
[   70.278147][ T5962] lo speed is unknown, defaulting to 1000
[   70.285193][ T5962] lo speed is unknown, defaulting to 1000
[   70.305378][   T54] Bluetooth: hci0: command tx timeout
[   70.375214][   T54] Bluetooth: hci1: command tx timeout
[   70.465810][   T54] Bluetooth: hci2: command tx timeout
[   71.028895][ T6018] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.44'.
[   71.099795][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.102457][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.185766][ T6020] netlink: 168 bytes leftover after parsing attributes in process `syz.1.45'.
[   71.459113][ T6035] netlink: 'syz.0.51': attribute type 6 has an invalid length.
[   71.663607][ T6041] netlink: 830 bytes leftover after parsing attributes in process `syz.0.53'.
[   72.350011][ T6057] warning: `syz.2.60' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   72.376318][   T54] Bluetooth: hci0: command tx timeout
[   72.465995][   T54] Bluetooth: hci1: command tx timeout
[   72.535639][   T54] Bluetooth: hci2: command tx timeout
[   72.690975][ T6064] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[   72.760750][ T6072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66'.
[   76.868474][ T6110] netlink: 112 bytes leftover after parsing attributes in process `syz.1.82'.
[   77.104617][ T6123] IPv6: NLM_F_CREATE should be specified when creating new route
[   77.283720][ T6135] netlink: 'syz.2.94': attribute type 27 has an invalid length.
[   77.286425][ T6135] netlink: 'syz.2.94': attribute type 4 has an invalid length.
[   77.289260][ T6135] netlink: 152 bytes leftover after parsing attributes in process `syz.2.94'.
[   77.372825][ T6139] netlink: 'syz.0.95': attribute type 2 has an invalid length.
[   77.609367][ T6151] netlink: 64 bytes leftover after parsing attributes in process `syz.0.101'.
[   77.649691][ T6151] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.658068][ T6151] sock: sock_timestamping_bind_phc: sock not bind to device
[   77.718047][ T6148] delete_channel: no stack
[   78.139109][ T6179] Illegal XDP return value 288604645 on prog  (id 50) dev N/A, expect packet loss!
[   79.223244][ T6212] : entered promiscuous mode
[   79.460456][ T6232] netlink: 146936 bytes leftover after parsing attributes in process `syz.0.135'.
[   79.463760][ T6232] openvswitch: netlink: Message has 6 unknown bytes.
[   80.122498][ T6253] veth0_vlan: entered allmulticast mode
[   80.328487][ T6259] netlink: 'syz.2.146': attribute type 4 has an invalid length.
[   80.336724][ T6259] netlink: 152 bytes leftover after parsing attributes in process `syz.2.146'.
[   80.620117][ T6259] netlink: 6 bytes leftover after parsing attributes in process `syz.2.146'.
[   80.624079][ T6259] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   80.715287][ T6259] syz.2.146 (6259) used greatest stack depth: 19512 bytes left
[   80.899202][ T6287] netlink: 196 bytes leftover after parsing attributes in process `syz.0.161'.
[   80.931484][ T6289] netlink: 60 bytes leftover after parsing attributes in process `syz.0.162'.
[   80.935755][ T6289] netlink: 60 bytes leftover after parsing attributes in process `syz.0.162'.
[   81.085264][ T6295] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[   81.572036][ T6315] netlink: 160 bytes leftover after parsing attributes in process `syz.1.175'.
[   81.669199][ T6315] netlink: 'syz.1.175': attribute type 10 has an invalid length.
[   81.869046][ T6315] batman_adv: batadv0: Adding interface: netdevsim0
[   81.875410][ T6315] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.185190][ T6315] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[   83.003251][ T6352] __nla_validate_parse: 1 callbacks suppressed
[   83.003272][ T6352] netlink: 12 bytes leftover after parsing attributes in process `syz.2.190'.
[   83.945214][ T1272] cfg80211: failed to load regulatory.db
[   84.073316][ T6388] netlink: 65027 bytes leftover after parsing attributes in process `syz.2.206'.
[   84.324070][ T6398] netlink: 'syz.0.207': attribute type 11 has an invalid length.
[   84.330814][ T6398] netlink: 149476 bytes leftover after parsing attributes in process `syz.0.207'.
[   84.365020][ T6390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   84.811034][ T6410] netlink: 'syz.0.215': attribute type 21 has an invalid length.
[   84.849911][ T6410] netlink: 'syz.0.215': attribute type 6 has an invalid length.
[   84.853243][ T6410] netlink: 132 bytes leftover after parsing attributes in process `syz.0.215'.
[   87.359394][ T6421] syzkaller0: entered promiscuous mode
[   87.361615][ T6421] syzkaller0: entered allmulticast mode
[   87.623916][   T54] Bluetooth: hci1: unexpected event 0x3b length: 15 > 10
[   87.949160][ T6438] netlink: 'syz.0.227': attribute type 10 has an invalid length.
[   89.395835][ T6438] bridge0: port 3(netdevsim0) entered blocking state
[   89.398243][ T6438] bridge0: port 3(netdevsim0) entered disabled state
[   89.400603][ T6438] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   89.406306][ T6438] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   89.713977][   T54] Bluetooth: hci0: unexpected event 0x3c length: 15 > 7
[   90.632809][ T6471] netlink: 'syz.1.242': attribute type 4 has an invalid length.
[   92.013881][ T6500] netlink: 64 bytes leftover after parsing attributes in process `syz.0.255'.
[   92.043375][ T6501] netlink: 48 bytes leftover after parsing attributes in process `syz.2.252'.
[   92.218384][ T6507] netlink: 64 bytes leftover after parsing attributes in process `syz.2.258'.
[   92.332441][   T54] Bluetooth: hci2: unexpected event 0x1c length: 15 > 5
[   93.974801][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1450279981 wd_nsec: 1450280038
[   95.520399][ T6515] netlink: 'syz.0.261': attribute type 4 has an invalid length.
[   95.523419][ T6515] netlink: 209028 bytes leftover after parsing attributes in process `syz.0.261'.
[   95.864305][ T6536] netlink: 'syz.0.271': attribute type 3 has an invalid length.
[   95.867305][ T6536] netlink: 'syz.0.271': attribute type 2 has an invalid length.
[   95.870358][ T6536] netlink: 198112 bytes leftover after parsing attributes in process `syz.0.271'.
[   96.447775][ T6564] netlink: ct family unspecified
[   96.449817][ T6564] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.646251][ T6575] =======================================================
[   96.646251][ T6575] WARNING: The mand mount option has been deprecated and
[   96.646251][ T6575]          and is ignored by this kernel. Remove the mand
[   96.646251][ T6575]          option from the mount to silence this warning.
[   96.646251][ T6575] =======================================================
[   96.662623][ T6575] tmpfs: Bad value for 'mode'
[   96.679005][ T6577] netlink: 8 bytes leftover after parsing attributes in process `syz.0.289'.
[   96.700120][ T6577] netlink: 8 bytes leftover after parsing attributes in process `syz.0.289'.
[   96.909391][ T6590] netlink: 20 bytes leftover after parsing attributes in process `syz.1.296'.
[   96.912325][ T6590] netlink: 16 bytes leftover after parsing attributes in process `syz.1.296'.
[   97.131105][ T6600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.299'.
[   97.140691][ T6603] netlink: 68 bytes leftover after parsing attributes in process `syz.2.301'.
[   97.215202][ T6603] netlink: 'syz.2.301': attribute type 21 has an invalid length.
[   97.277647][ T6603] netlink: 'syz.2.301': attribute type 10 has an invalid length.
[   97.792116][ T6626] netlink: 132 bytes leftover after parsing attributes in process `syz.0.312'.
[   98.058413][   T54] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[   98.058680][   T54] Bluetooth: hci1: connection err: -111
[   98.203239][ T6645] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.320'.
[   98.367558][ T6652] sit0: entered allmulticast mode
[   98.512920][ T6663] netlink: 'syz.1.328': attribute type 21 has an invalid length.
[   98.525001][ T6663] netlink: 128 bytes leftover after parsing attributes in process `syz.1.328'.
[   98.531253][ T6663] netlink: 'syz.1.328': attribute type 5 has an invalid length.
[   98.536285][ T6663] netlink: 'syz.1.328': attribute type 6 has an invalid length.
[   98.539386][ T6663] netlink: 3 bytes leftover after parsing attributes in process `syz.1.328'.
[   98.658029][ T6665] syzkaller1: tun_chr_ioctl cmd 1074025677
[   98.665956][ T6665] syzkaller1: linktype set to 776
[  103.772032][ T6672] netlink: 'syz.1.331': attribute type 41 has an invalid length.
[  103.873628][ T6681] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.335'.
[  104.062242][   T54] Bluetooth: hci0: unexpected event 0x30 length: 15 > 3
[  104.089329][ T6695] netlink: 'syz.0.342': attribute type 4 has an invalid length.
[  105.052246][ T6711] -1: renamed from syzkaller0
[  105.999283][ T6766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.371'.
[  106.404801][ T6784] netlink: 12 bytes leftover after parsing attributes in process `syz.2.379'.
[  106.436835][ T6787] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.381'.
[  106.481056][ T6788] netlink: 'syz.1.380': attribute type 13 has an invalid length.
[  106.486760][ T6788] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.380'.
[  106.701983][ T6805] netlink: 232 bytes leftover after parsing attributes in process `syz.2.388'.
[  107.682361][ T6817] sctp: [Deprecated]: syz.2.393 (pid 6817) Use of struct sctp_assoc_value in delayed_ack socket option.
[  107.682361][ T6817] Use struct sctp_sack_info instead
[  107.695045][ T6820] netlink: 60 bytes leftover after parsing attributes in process `syz.0.392'.
[  107.699554][ T6815] netlink: 60 bytes leftover after parsing attributes in process `syz.0.392'.
[  107.704132][ T6820] netlink: 60 bytes leftover after parsing attributes in process `syz.0.392'.
[  107.821232][ T6824] debugfs: '!' already exists in 'ieee80211'
[  107.872875][ T6827] netlink: 'syz.1.397': attribute type 2 has an invalid length.
[  107.879724][ T6827] netlink: 'syz.1.397': attribute type 8 has an invalid length.
[  107.887610][ T6827] netlink: 132 bytes leftover after parsing attributes in process `syz.1.397'.
[  108.730734][ T6845] netlink: 'syz.1.407': attribute type 2 has an invalid length.
[  108.814010][   T54] Bluetooth: hci2: unexpected event 0x1d length: 15 > 5
[  109.293063][ T6879] __nla_validate_parse: 2 callbacks suppressed
[  109.293118][ T6879] netlink: 28 bytes leftover after parsing attributes in process `syz.0.419'.
[  109.372449][ T6883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.424'.
[  109.509420][ T6889] netlink: 16 bytes leftover after parsing attributes in process `syz.2.427'.
[  109.801022][ T6905] netlink: 'syz.1.435': attribute type 2 has an invalid length.
[  109.862935][ T6908] netlink: 'syz.1.436': attribute type 10 has an invalid length.
[  109.883767][ T6908] 8021q: adding VLAN 0 to HW filter on device team0
[  109.893216][ T6908] bond0: (slave team0): Enslaving as an active interface with an up link
[  110.217038][ T6915] netlink: 188 bytes leftover after parsing attributes in process `syz.0.439'.
[  111.258621][ T6962] netlink: 'syz.0.459': attribute type 1 has an invalid length.
[  111.848942][ T6985] netlink: 28 bytes leftover after parsing attributes in process `syz.0.470'.
[  111.852587][ T6985] netlink: 28 bytes leftover after parsing attributes in process `syz.0.470'.
[  113.570625][ T7027] : renamed from pim6reg1
[  114.509341][ T7056] netlink: 60 bytes leftover after parsing attributes in process `syz.2.503'.
[  114.522663][ T7056] unsupported nlmsg_type 40
[  115.209820][ T7068] lo speed is unknown, defaulting to 1000
[  115.979414][ T7087] netlink: 'syz.1.515': attribute type 2 has an invalid length.
[  115.982823][ T7087] netlink: 12374 bytes leftover after parsing attributes in process `syz.1.515'.
[  116.591828][ T7101] : renamed from gre0 (while UP)
[  117.426798][ T7124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.531'.
[  117.778063][ T7134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.536'.
[  117.781882][ T7134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.536'.
[  118.251283][ T7147] syzkaller0: entered promiscuous mode
[  118.256834][ T7147] syzkaller0: entered allmulticast mode
[  118.529840][ T7166] netlink: 56 bytes leftover after parsing attributes in process `syz.2.550'.
[  118.532801][ T7166] netlink: 56 bytes leftover after parsing attributes in process `syz.2.550'.
[  118.588816][ T7169] netlink: 163260 bytes leftover after parsing attributes in process `syz.1.552'.
[  118.629753][ T7173] netlink: 'syz.1.554': attribute type 317 has an invalid length.
[  118.668784][ T7176] netlink: 'syz.2.555': attribute type 11 has an invalid length.
[  118.879651][ T7189] netlink: 28 bytes leftover after parsing attributes in process `syz.2.561'.
[  119.757486][ T7205] netlink: 'syz.2.568': attribute type 10 has an invalid length.
[  119.766622][    C0] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  120.833086][ T7223] netlink: 'syz.1.576': attribute type 12 has an invalid length.
[  120.841516][ T7223] netlink: 132 bytes leftover after parsing attributes in process `syz.1.576'.
[  120.947696][ T7229] netlink: 'syz.1.579': attribute type 3 has an invalid length.
[  120.952243][ T7229] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.579'.
[  121.140268][ T7239] netlink: 16126 bytes leftover after parsing attributes in process `syz.2.583'.
[  121.280716][ T7245] netlink: 'syz.1.588': attribute type 10 has an invalid length.
[  121.505804][ T7251] netlink: 830 bytes leftover after parsing attributes in process `syz.1.590'.
[  121.855859][ T7268] netlink: 'syz.1.598': attribute type 10 has an invalid length.
[  122.178840][ T7276] netlink: 17279 bytes leftover after parsing attributes in process `syz.1.602'.
[  124.323868][ T7304] netlink: 28 bytes leftover after parsing attributes in process `syz.2.616'.
[  124.330616][ T7304] netlink: 28 bytes leftover after parsing attributes in process `syz.2.616'.
[  124.587690][ T7314] netlink: 60 bytes leftover after parsing attributes in process `syz.1.620'.
[  124.959388][ T7335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.629'.
[  125.021097][ T7338] netlink: 152 bytes leftover after parsing attributes in process `syz.1.631'.
[  127.038110][ T7404] netlink: 72 bytes leftover after parsing attributes in process `syz.1.661'.
[  129.182237][ T5237] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  129.200016][ T5237] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  129.203460][ T5237] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  129.207085][ T5237] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  129.209601][ T5237] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  129.340803][ T7406] lo speed is unknown, defaulting to 1000
[  129.596662][ T7406] chnl_net:caif_netlink_parms(): no params data found
[  129.749122][ T7406] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.755699][ T7406] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.758301][ T7406] bridge_slave_0: entered allmulticast mode
[  129.771623][ T7406] bridge_slave_0: entered promiscuous mode
[  129.801805][ T7406] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.804364][ T7406] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.806842][ T7406] bridge_slave_1: entered allmulticast mode
[  129.810136][ T7406] bridge_slave_1: entered promiscuous mode
[  129.834666][ T7406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.839818][ T7406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.867599][ T7406] team0: Port device team_slave_0 added
[  129.871670][ T7406] team0: Port device team_slave_1 added
[  129.908162][ T7406] batman_adv: batadv0: Adding interface: batadv_slave_0
[  129.911050][ T7406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.924706][ T7406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  129.931060][ T7406] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.933823][ T7406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.946473][ T7406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.007755][ T7406] hsr_slave_0: entered promiscuous mode
[  130.010277][ T7406] hsr_slave_1: entered promiscuous mode
[  130.012518][ T7406] debugfs: 'hsr0' already exists in 'hsr'
[  130.015012][ T7406] Cannot create hsr debugfs directory
[  130.167409][ T7434] netlink: 84 bytes leftover after parsing attributes in process `syz.2.672'.
[  130.199243][ T7406] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  130.206163][ T7406] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  130.213015][ T7406] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  130.225794][ T7406] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  130.251890][ T7406] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.254710][ T7406] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.258059][ T7406] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.260773][ T7406] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.315479][ T7406] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.338780][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.360650][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.407971][ T7406] 8021q: adding VLAN 0 to HW filter on device team0
[  131.191188][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.193963][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.206541][ T3818] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.209190][ T3818] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.255145][ T5237] Bluetooth: hci3: command tx timeout
[  131.436015][ T7471] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.682'.
[  131.441381][ T7406] 8021q: adding VLAN 0 to HW filter on device batadv0
[  131.523096][ T7406] veth0_vlan: entered promiscuous mode
[  131.532765][ T7406] veth1_vlan: entered promiscuous mode
[  131.558379][ T7406] veth0_macvtap: entered promiscuous mode
[  131.563835][ T7406] veth1_macvtap: entered promiscuous mode
[  131.615427][ T7406] batman_adv: batadv0: Interface activated: batadv_slave_0
[  131.643777][ T7406] batman_adv: batadv0: Interface activated: batadv_slave_1
[  131.660535][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  131.665898][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  131.676290][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  131.689637][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  131.806879][ T7481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.687'.
[  131.873156][  T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.876633][  T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.924657][ T7484] delete_channel: no stack
[  131.930094][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.932601][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.858472][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.862028][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  133.344501][ T5237] Bluetooth: hci3: command tx timeout
[  133.942350][ T7530] netlink: 132 bytes leftover after parsing attributes in process `syz.1.706'.
[  134.188063][ T7537] netlink: 'syz.3.709': attribute type 2 has an invalid length.
[  134.191960][ T7537] netlink: 132 bytes leftover after parsing attributes in process `syz.3.709'.
[  135.535588][ T5237] Bluetooth: hci3: command tx timeout
[  135.619613][ T7559] sock: sock_set_timeout: `syz.1.720' (pid 7559) tries to set negative timeout
[  135.833075][ T7572] netlink: 52 bytes leftover after parsing attributes in process `syz.1.724'.
[  135.841953][ T7571] netlink: 68 bytes leftover after parsing attributes in process `syz.3.725'.
[  135.852360][ T7571] netlink: 20 bytes leftover after parsing attributes in process `syz.3.725'.
[  135.861810][ T7571] netlink: 20 bytes leftover after parsing attributes in process `syz.3.725'.
[  136.102400][ T7586] netlink: 'syz.3.729': attribute type 4 has an invalid length.
[  136.108226][ T7586] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.729'.
[  137.057960][ T7618] netlink: 16 bytes leftover after parsing attributes in process `syz.3.742'.
[  137.202583][ T7629] netlink: 124 bytes leftover after parsing attributes in process `syz.1.748'.
[  137.284014][ T7633] netlink: 'syz.1.750': attribute type 1 has an invalid length.
[  137.289566][ T7633] netlink: 'syz.1.750': attribute type 2 has an invalid length.
[  137.592157][ T5237] Bluetooth: hci3: command tx timeout
[  137.789972][ T7648] netlink: 'syz.2.757': attribute type 3 has an invalid length.
[  137.793761][ T7648] netlink: 'syz.2.757': attribute type 1 has an invalid length.
[  137.800780][ T7648] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.757'.
[  138.045746][ T7653] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  138.048850][ T7653] batman_adv: batadv0: Removing interface: batadv_slave_0
[  138.053752][ T7653] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  138.059273][ T7653] batman_adv: batadv0: Removing interface: batadv_slave_1
[  139.780413][ T7720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.792'.
[  139.788559][ T7720] netlink: 'syz.3.792': attribute type 2 has an invalid length.
[  139.792741][ T7720] netlink: 'syz.3.792': attribute type 1 has an invalid length.
[  139.800597][ T7720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.792'.
[  140.247026][ T7737] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  140.320571][ T7750] netlink: 152 bytes leftover after parsing attributes in process `syz.1.805'.
[  140.323616][ T7750] tc_dump_action: action bad kind
[  140.379866][ T7753] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  140.448173][ T7761] netlink: 'syz.1.810': attribute type 10 has an invalid length.
[  140.450925][ T7761] netlink: 40 bytes leftover after parsing attributes in process `syz.1.810'.
[  140.456018][ T7761] dummy0: entered promiscuous mode
[  140.458335][ T7761] dummy0: entered allmulticast mode
[  140.463140][ T7761] bridge0: port 3(dummy0) entered blocking state
[  140.479000][ T7761] bridge0: port 3(dummy0) entered disabled state
[  140.486009][ T7761] bridge0: port 3(dummy0) entered blocking state
[  140.488328][ T7761] bridge0: port 3(dummy0) entered forwarding state
[  140.978258][ T7800] netlink: 76 bytes leftover after parsing attributes in process `syz.1.828'.
[  141.056864][ T7808] netlink: 24 bytes leftover after parsing attributes in process `syz.3.833'.
[  141.403542][ T7824] cgroup: Unknown subsys name 'uid'
[  141.696314][   T33] audit: type=1107 audit(1758208844.349:2): pid=7834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  141.871816][ T7850] netlink: 'syz.2.850': attribute type 29 has an invalid length.
[  141.882576][ T7850] netlink: 'syz.2.850': attribute type 10 has an invalid length.
[  141.985414][ T7850] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.020554][ T7850] team0: Port device bond0 added
[  142.121469][ T7406] cgroup: fork rejected by pids controller in /syz3
[  142.267263][ T7874] netlink: 'syz.1.861': attribute type 1 has an invalid length.
[  142.527448][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.608855][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.705626][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.852836][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.878777][ T7894] sit0: entered allmulticast mode
[  142.894861][ T7897] sit0: entered promiscuous mode
[  143.053152][ T7899] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.874'.
[  143.112750][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  143.121649][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  143.127030][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  143.132456][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  143.138342][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  143.233348][ T7901] lo speed is unknown, defaulting to 1000
[  143.691364][   T13] bridge_slave_1: left allmulticast mode
[  143.693756][   T13] bridge_slave_1: left promiscuous mode
[  143.703598][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.711998][   T13] bridge_slave_0: left allmulticast mode
[  143.714062][   T13] bridge_slave_0: left promiscuous mode
[  143.720362][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.206538][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  144.213520][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  144.219014][   T13] bond0 (unregistering): Released all slaves
[  144.233675][ T7901] chnl_net:caif_netlink_parms(): no params data found
[  144.262890][ T7922] netlink: 'syz.1.881': attribute type 3 has an invalid length.
[  144.276595][ T7922] netlink: 152 bytes leftover after parsing attributes in process `syz.1.881'.
[  144.350178][ T7924] netlink: 'syz.1.882': attribute type 10 has an invalid length.
[  144.689035][ T7901] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.706772][ T7901] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.720185][ T7901] bridge_slave_0: entered allmulticast mode
[  144.725341][ T7901] bridge_slave_0: entered promiscuous mode
[  145.174636][   T54] Bluetooth: hci1: command tx timeout
[  145.239888][   T13] hsr_slave_0: left promiscuous mode
[  145.243569][   T13] hsr_slave_1: left promiscuous mode
[  145.273455][   T13] veth1_macvtap: left promiscuous mode
[  145.279132][   T13] veth0_macvtap: left promiscuous mode
[  145.282440][   T13] veth1_vlan: left promiscuous mode
[  145.287469][   T13] veth0_vlan: left promiscuous mode
[  146.315835][ T7945] syz.2.888 (7945) used greatest stack depth: 19448 bytes left
[  146.445838][   T13] team0 (unregistering): Port device team_slave_1 removed
[  146.499171][   T13] team0 (unregistering): Port device team_slave_0 removed
[  146.930584][ T7901] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.933121][ T7901] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.936116][ T7901] bridge_slave_1: entered allmulticast mode
[  146.939553][ T7901] bridge_slave_1: entered promiscuous mode
[  146.990811][ T7901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  147.007959][ T7901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  147.080321][ T7901] team0: Port device team_slave_0 added
[  147.088621][ T7901] team0: Port device team_slave_1 added
[  147.151006][ T7901] batman_adv: batadv0: Adding interface: batadv_slave_0
[  147.153917][ T7901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.166868][ T7901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  147.171831][ T7901] batman_adv: batadv0: Adding interface: batadv_slave_1
[  147.174089][ T7901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.193034][ T7901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  147.258215][   T54] Bluetooth: hci1: command tx timeout
[  147.350226][ T7901] hsr_slave_0: entered promiscuous mode
[  147.355521][ T7979] netlink: 'syz.1.902': attribute type 2 has an invalid length.
[  147.359454][ T7901] hsr_slave_1: entered promiscuous mode
[  147.372430][ T7979] netlink: 28 bytes leftover after parsing attributes in process `syz.1.902'.
[  147.373510][ T7901] debugfs: 'hsr0' already exists in 'hsr'
[  147.381608][ T7901] Cannot create hsr debugfs directory
[  147.741884][ T7996] netlink: 'syz.2.908': attribute type 27 has an invalid length.
[  147.748969][ T7996] netlink: 152 bytes leftover after parsing attributes in process `syz.2.908'.
[  147.753729][ T7996] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  147.908512][ T8004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.910'.
[  148.234637][ T7901] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  148.252417][ T7901] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  148.266772][ T7901] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  148.282661][ T7901] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  148.459642][ T7901] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.488557][ T7901] 8021q: adding VLAN 0 to HW filter on device team0
[  148.500028][  T188] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.503034][  T188] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.516516][  T188] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.519639][  T188] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.853121][ T8010] delete_channel: no stack
[  148.893565][ T7901] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.902140][ T8053] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.920'.
[  148.969650][ T7901] veth0_vlan: entered promiscuous mode
[  148.991839][ T7901] veth1_vlan: entered promiscuous mode
[  149.000176][ T8056] netlink: 132 bytes leftover after parsing attributes in process `syz.1.921'.
[  149.053689][ T7901] veth0_macvtap: entered promiscuous mode
[  149.060222][ T7901] veth1_macvtap: entered promiscuous mode
[  149.105471][ T7901] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.126410][ T7901] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.135173][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.138836][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.146106][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.151716][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.271676][  T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.299579][  T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.343075][   T54] Bluetooth: hci1: command tx timeout
[  149.399061][ T8062] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  149.405631][ T8062] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  149.439981][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.443348][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.892416][ T8080] netlink: 'syz.3.931': attribute type 9 has an invalid length.
[  149.897571][ T8080] netlink: 'syz.3.931': attribute type 11 has an invalid length.
[  149.901007][ T8080] netlink: 147436 bytes leftover after parsing attributes in process `syz.3.931'.
[  150.824119][ T8062] syz.2.924 (8062) used greatest stack depth: 18192 bytes left
[  150.887491][ T8099] netlink: 1057 bytes leftover after parsing attributes in process `syz.2.939'.
[  151.414599][   T54] Bluetooth: hci1: command tx timeout
[  152.072321][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'.
[  152.076747][ T8158] netlink: 6 bytes leftover after parsing attributes in process `syz.3.961'.
[  152.577451][   T54] Bluetooth: hci1: unexpected event 0x32 length: 82 > 9
[  153.899671][ T8215] netlink: 'syz.2.987': attribute type 1 has an invalid length.
[  153.918161][ T8215] netlink: 'syz.2.987': attribute type 4 has an invalid length.
[  154.092859][ T8221] IPv6: NLM_F_CREATE should be specified when creating new route
[  155.623558][ T8297] netlink: 'syz.1.1024': attribute type 3 has an invalid length.
[  155.632291][ T8297] netlink: 'syz.1.1024': attribute type 4 has an invalid length.
[  155.637763][ T8297] netlink: 9067 bytes leftover after parsing attributes in process `syz.1.1024'.
[  157.169189][ T8332] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1040'.
[  157.266008][ T8336] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[  157.586541][ T8347] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.1046'.
[  157.688031][ T8353] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1049'.
[  157.691603][ T8353] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1049'.
[  157.718337][ T8355] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1050'.
[  157.998083][ T8365] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1055'.
[  158.656924][ T8382] openvswitch: netlink: Message has 4 unknown bytes.
[  158.952759][ T8384] netlink: 'syz.1.1062': attribute type 21 has an invalid length.
[  158.961495][ T8384] IPv6: NLM_F_CREATE should be specified when creating new route
[  158.965161][ T8384] IPv6: Can't replace route, no match found
[  159.171590][ T8390] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1065'.
[  159.308341][ T8395] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1067'.
[  159.494026][ T8410] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1071'.
[  159.504082][ T8409] syzkaller0: entered promiscuous mode
[  159.507119][ T8409] syzkaller0: entered allmulticast mode
[  161.876959][ T8418] tap0: tun_chr_ioctl cmd 2148553947
[  162.422150][ T8443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1083'.
[  162.443234][ T8443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1083'.
[  164.192358][ T8467] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1095'.
[  165.036977][ T8456] C: renamed from team_slave_0
[  165.042079][ T8456] netlink: 'syz.1.1092': attribute type 3 has an invalid length.
[  165.045959][ T8456] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  166.188419][ T8500] netlink: 'syz.2.1109': attribute type 1 has an invalid length.
[  166.191111][ T8500] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1109'.
[  166.382295][   T54] Bluetooth: hci2: unexpected subevent 0x1a length: 150 > 6
[  167.323042][ T8536] lo speed is unknown, defaulting to 1000
[  167.351304][ T8539] netlink: 'syz.1.1127': attribute type 9 has an invalid length.
[  167.353924][ T8539] netlink: 204732 bytes leftover after parsing attributes in process `syz.1.1127'.
[  167.439094][ T8542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1129'.
[  167.723390][ T8554] pim6reg: tun_chr_ioctl cmd 1074025677
[  167.733603][ T8554] pim6reg: linktype set to 805
[  167.957920][ T8567] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.1140'.
[  167.981244][ T8571] netlink: 'syz.3.1142': attribute type 21 has an invalid length.
[  167.983781][ T8571] netlink: 16166 bytes leftover after parsing attributes in process `syz.3.1142'.
[  169.927530][ T8613] option changes via remount are deprecated (pid=8609 comm=syz.3.1157)
[  170.127649][ T8622] netlink: 1041 bytes leftover after parsing attributes in process `syz.3.1162'.
[  170.179740][ T8625] netlink: 'syz.3.1163': attribute type 13 has an invalid length.
[  170.428104][ T8641] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1170'.
[  170.709405][ T8657] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1177'.
[  170.783772][ T8661] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1179'.
[  170.913127][ T8669] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.1183'.
[  171.061246][ T8682] : renamed from bond0 (while UP)
[  171.267021][ T8691] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  171.269872][ T8691] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  172.077113][ T8717] bridge0: port 3(dummy0) entered disabled state
[  172.080186][ T8717] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.085655][ T8717] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.093255][ T8717] bridge0: entered allmulticast mode
[  172.117676][ T8721] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1204'.
[  172.135196][ T8721] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1204'.
[  172.525437][ T8745] __nla_validate_parse: 1 callbacks suppressed
[  172.525454][ T8745] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.1215'.
[  175.557772][ T8754] netlink: 'syz.2.1219': attribute type 2 has an invalid length.
[  175.561008][ T8754] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1219'.
[  175.571902][ T8754] netlink: 'syz.2.1219': attribute type 2 has an invalid length.
[  175.591894][ T8754] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1219'.
[  175.758715][ T8770] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1227'.
[  175.851340][ T8776] netlink: 'syz.3.1231': attribute type 10 has an invalid length.
[  175.933924][ T8783] netlink: 'syz.3.1231': attribute type 29 has an invalid length.
[  175.942699][ T8783] netlink: 'syz.3.1231': attribute type 3 has an invalid length.
[  175.952918][ T8783] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1231'.
[  176.013021][ T8776] team0: Device ipvlan1 failed to register rx_handler
[  176.202240][ T8792] wg2: entered allmulticast mode
[  176.226897][ T8776] syz.3.1231 (8776) used greatest stack depth: 17976 bytes left
[  176.232902][ T8792] wg2: entered promiscuous mode
[  176.421861][ T8805] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1243'.
[  176.430282][ T8805] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1243'.
[  176.507653][ T8811] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1246'.
[  176.963124][ T8822] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1249'.
[  177.101505][ T8831] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1254'.
[  177.143310][ T8831] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.239000][ T8831] bridge_slave_0 (unregistering): left allmulticast mode
[  177.242324][ T8831] bridge_slave_0 (unregistering): left promiscuous mode
[  177.247100][ T8831] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.957223][   T54] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4
[  178.018863][ T8856] netlink: 'syz.3.1266': attribute type 6 has an invalid length.
[  178.196740][ T8873] netlink: 'syz.1.1273': attribute type 2 has an invalid length.
[  178.200875][   T54] Bluetooth: hci1: unexpected subevent 0x0e length: 150 > 15
[  178.206035][   T54] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  178.208065][ T8873] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1273'.
[  178.383731][ T8885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1280'.
[  178.671983][ T8902] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1287'.
[  179.103395][ T8924] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1296'.
[  179.250683][ T8935] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1301'.
[  179.413563][ T8940] netlink: 'syz.2.1304': attribute type 16 has an invalid length.
[  179.419469][ T8940] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1304'.
[  179.427665][ T5917] lo speed is unknown, defaulting to 1000
[  181.692399][ T9040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1347'.
[  183.213993][ T9078] syzkaller0: entered promiscuous mode
[  183.228700][ T9078] syzkaller0: entered allmulticast mode
[  183.695256][ T9091] netlink: 'syz.3.1367': attribute type 1 has an invalid length.
[  183.698862][ T9091] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1367'.
[  189.339194][ T9154] syz.2.1392: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  189.383257][ T9154] CPU: 0 UID: 0 PID: 9154 Comm: syz.2.1392 Not tainted syzkaller #0 PREEMPT(full) 
[  189.383280][ T9154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  189.383291][ T9154] Call Trace:
[  189.383299][ T9154]  <TASK>
[  189.383309][ T9154]  dump_stack_lvl+0x189/0x250
[  189.383352][ T9154]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  189.383378][ T9154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.383396][ T9154]  ? __pfx__printk+0x10/0x10
[  189.383419][ T9154]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  189.383437][ T9154]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  189.383456][ T9154]  warn_alloc+0x214/0x310
[  189.383474][ T9154]  ? stack_depot_save_flags+0x41b/0x860
[  189.383516][ T9154]  ? __pfx_warn_alloc+0x10/0x10
[  189.383532][ T9154]  ? kasan_save_track+0x4f/0x80
[  189.383552][ T9154]  ? xskq_create+0x56/0x170
[  189.383568][ T9154]  ? xsk_init_queue+0xb0/0x110
[  189.383580][ T9154]  ? xsk_setsockopt+0x57b/0x8d0
[  189.383590][ T9154]  ? do_sock_setsockopt+0x17c/0x1b0
[  189.383608][ T9154]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  189.383624][ T9154]  ? do_syscall_64+0xfa/0x3b0
[  189.383640][ T9154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.383663][ T9154]  __vmalloc_node_range_noprof+0x125/0x12f0
[  189.383708][ T9154]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  189.383737][ T9154]  ? __kasan_kmalloc+0x93/0xb0
[  189.383760][ T9154]  vmalloc_user_noprof+0xad/0xf0
[  189.383804][ T9154]  ? xskq_create+0xbf/0x170
[  189.383825][ T9154]  xskq_create+0xbf/0x170
[  189.383844][ T9154]  xsk_init_queue+0xb0/0x110
[  189.383873][ T9154]  xsk_setsockopt+0x57b/0x8d0
[  189.383891][ T9154]  ? __pfx_xsk_setsockopt+0x10/0x10
[  189.383907][ T9154]  ? __pfx_aa_sk_perm+0x10/0x10
[  189.383927][ T9154]  ? __fget_files+0x2a/0x420
[  189.383940][ T9154]  ? aa_sock_opt_perm+0xff/0x1b0
[  189.383962][ T9154]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  189.383982][ T9154]  ? __pfx_xsk_setsockopt+0x10/0x10
[  189.383997][ T9154]  do_sock_setsockopt+0x17c/0x1b0
[  189.384021][ T9154]  __x64_sys_setsockopt+0x13f/0x1b0
[  189.384045][ T9154]  do_syscall_64+0xfa/0x3b0
[  189.384064][ T9154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.384077][ T9154]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  189.384096][ T9154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.384110][ T9154] RIP: 0033:0x7f665d78eba9
[  189.384127][ T9154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.384140][ T9154] RSP: 002b:00007f665e6d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  189.384156][ T9154] RAX: ffffffffffffffda RBX: 00007f665d9d5fa0 RCX: 00007f665d78eba9
[  189.384168][ T9154] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  189.384178][ T9154] RBP: 00007f665d811e19 R08: 0000000000000004 R09: 0000000000000000
[  189.384188][ T9154] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  189.384197][ T9154] R13: 00007f665d9d6038 R14: 00007f665d9d5fa0 R15: 00007ffd7a1fbbe8
[  189.384223][ T9154]  </TASK>
[  189.562955][ T9154] Mem-Info:
[  189.566071][ T9154] active_anon:5567 inactive_anon:0 isolated_anon:0
[  189.566071][ T9154]  active_file:12833 inactive_file:38290 isolated_file:0
[  189.566071][ T9154]  unevictable:1768 dirty:92 writeback:0
[  189.566071][ T9154]  slab_reclaimable:10009 slab_unreclaimable:56870
[  189.566071][ T9154]  mapped:18018 shmem:2446 pagetables:908
[  189.566071][ T9154]  sec_pagetables:0 bounce:0
[  189.566071][ T9154]  kernel_misc_reclaimable:0
[  189.566071][ T9154]  free:286201 free_pcp:17705 free_cma:0
[  189.608282][ T9154] Node 0 active_anon:13024kB inactive_anon:0kB active_file:21012kB inactive_file:20284kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:33908kB dirty:204kB writeback:0kB shmem:4788kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7932kB pagetables:2028kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  189.624724][ T9154] Node 1 active_anon:9236kB inactive_anon:0kB active_file:30320kB inactive_file:132876kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38212kB dirty:164kB writeback:0kB shmem:4996kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3824kB pagetables:1704kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  189.639450][ T9154] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  189.731829][ T9154] lowmem_reserve[]: 0 811 811 811 811
[  189.736186][ T9154] Node 0 DMA32 free:388988kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13024kB inactive_anon:0kB active_file:21012kB inactive_file:20284kB unevictable:3536kB writepending:204kB present:1556484kB managed:830876kB mlocked:0kB bounce:0kB free_pcp:33308kB local_pcp:19104kB free_cma:0kB
[  189.748543][ T9154] lowmem_reserve[]: 0 0 0 0 0
[  189.751724][ T9154] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  189.770018][ T9154] lowmem_reserve[]: 0 0 854 854 854
[  189.773702][ T9154] Node 1 Normal free:281812kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9236kB inactive_anon:0kB active_file:30320kB inactive_file:132876kB unevictable:3536kB writepending:164kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:37124kB local_pcp:17384kB free_cma:0kB
[  189.787629][ T9154] lowmem_reserve[]: 0 0 0 0 0
[  189.791216][ T9154] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  189.799311][ T9154] Node 0 DMA32: 683*4kB (UM) 666*8kB (UM) 397*16kB (UM) 197*32kB (UM) 77*64kB (UM) 97*128kB (UME) 51*256kB (UM) 20*512kB (UM) 16*1024kB (UM) 6*2048kB (UM) 73*4096kB (UM) = 389036kB
[  189.808166][ T9154] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  189.815984][ T9154] Node 1 Normal: 127*4kB (U) 187*8kB (UME) 207*16kB (UME) 375*32kB (UM) 182*64kB (UM) 109*128kB (UME) 17*256kB (UM) 8*512kB (UME) 3*1024kB (M) 9*2048kB (UME) 51*4096kB (UM) = 281764kB
[  189.829078][ T9154] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  189.833081][ T9154] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  189.837783][ T9154] 53569 total pagecache pages
[  189.840487][ T9154] 0 pages in swap cache
[  189.842067][ T9154] Free swap  = 124996kB
[  189.843603][ T9154] Total swap = 124996kB
[  189.846204][ T9154] 786301 pages RAM
[  189.848062][ T9154] 0 pages HighMem/MovableOnly
[  189.850183][ T9154] 241350 pages reserved
[  189.851791][ T9154] 0 pages cma reserved
[  189.943051][ T9148] delete_channel: no stack
[  190.642786][ T9176] syzkaller0: entered promiscuous mode
[  190.653282][ T9176] syzkaller0: entered allmulticast mode
[  190.935407][ T5853] Bluetooth: hci0: command 0x0406 tx timeout
[  190.939216][ T5853] Bluetooth: hci2: command 0x0406 tx timeout
[  191.841302][ T9205] netlink: 'syz.2.1413': attribute type 1 has an invalid length.
[  191.850110][ T9205] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1413'.
[  191.861391][ T9209] netlink: 'syz.1.1415': attribute type 3 has an invalid length.
[  193.693818][ T9247] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1432'.
[  194.580856][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  194.589982][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  195.820884][ T9291] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1450'.
[  196.103034][ T9308] netlink: 340 bytes leftover after parsing attributes in process `syz.2.1458'.
[  196.108831][ T9308] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1458'.
[  196.274398][ T9318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1464'.
[  196.277282][ T9318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1464'.
[  197.751698][ T9360] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  197.760112][ T9360] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  198.032709][ T9379] netlink: 'syz.1.1490': attribute type 21 has an invalid length.
[  198.087431][ T9382] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1491'.
[  198.366293][ T9391] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1496'.
[  198.542747][ T9399] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1500'.
[  198.741073][ T9411] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1506'.
[  199.122561][ T9432] netlink: 146936 bytes leftover after parsing attributes in process `syz.1.1514'.
[  199.140948][ T9432] openvswitch: netlink: Message has 6 unknown bytes.
[  199.229704][ T9436] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  199.233645][ T9436] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  199.870199][ T9446] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.1519'.
[  199.874781][ T9446] veth0_to_bond: default FDB implementation only supports local addresses
[  200.896512][ T9467] netlink: 'syz.1.1527': attribute type 16 has an invalid length.
[  200.900218][ T9467] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1527'.
[  201.262361][ T9485] netlink: 'syz.3.1536': attribute type 13 has an invalid length.
[  201.265809][ T9485] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1536'.
[  201.269471][ T9485] : renamed from syz_tun (while UP)
[  201.303843][ T9485] : refused to change device tx_queue_len
[  201.307364][ T9485] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  201.361053][ T9488] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.1538'.
[  201.487964][ T9484] : renamed from vlan0
[  201.888034][ T9515] netlink: 'syz.1.1550': attribute type 29 has an invalid length.
[  201.913423][ T9515] netlink: 'syz.1.1550': attribute type 10 has an invalid length.
[  202.002991][ T9515] team0: Device bond0 is already an upper device of the team interface
[  203.167164][ T9552] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.1566'.
[  203.185247][ T9552] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.1566'.
[  203.300811][ T9560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1569'.
[  203.307113][ T9560] option changes via remount are deprecated (pid=9559 comm=syz.1.1569)
[  203.378779][ T9569] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1572'.
[  203.522683][ T9574] netlink: 'syz.3.1575': attribute type 29 has an invalid length.
[  203.600742][ T9585] netlink: 'syz.1.1580': attribute type 29 has an invalid length.
[  203.612723][ T9585] netlink: 'syz.1.1580': attribute type 10 has an invalid length.
[  203.723486][ T9585] team0: Device bond0 is already an upper device of the team interface
[  203.789242][ T9590] netlink: 26 bytes leftover after parsing attributes in process `syz.3.1582'.
[  204.337488][ T9606] netlink: 'syz.2.1589': attribute type 11 has an invalid length.
[  204.380347][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.544855][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.619953][ T9613] netlink: 'syz.2.1592': attribute type 2 has an invalid length.
[  204.625922][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.633820][ T9613] netlink: 'syz.2.1592': attribute type 8 has an invalid length.
[  204.638104][ T9613] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1592'.
[  204.726202][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode
[  204.729962][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode
[  204.735259][   T12] bridge0: port 3(netdevsim0) entered disabled state
[  204.746644][ T9623] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  204.781405][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.007690][ T9639] lo speed is unknown, defaulting to 1000
[  205.574347][   T40] wlan1: Trigger new scan to find an IBSS to join
[  205.815239][   T12] bridge_slave_1: left allmulticast mode
[  205.818294][   T12] bridge_slave_1: left promiscuous mode
[  205.820272][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.832220][   T12] bridge_slave_0: left allmulticast mode
[  205.834825][   T12] bridge_slave_0: left promiscuous mode
[  205.836771][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.891197][ T9657] openvswitch: netlink: Port 808482864 exceeds max allowable 65535
[  206.274682][ T9674] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1614'.
[  207.480638][ T9699] netlink: 'syz.3.1626': attribute type 30 has an invalid length.
[  207.538798][ T9697] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1624'.
[  207.544018][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  207.565125][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  207.571102][   T12] bond0 (unregistering): Released all slaves
[  207.603179][ T9699] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1626'.
[  207.757348][ T9710] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  208.066553][   T12] hsr_slave_0: left promiscuous mode
[  208.087493][   T12] hsr_slave_1: left promiscuous mode
[  208.090813][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.093849][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.108778][ T9724] netlink: 'syz.2.1634': attribute type 10 has an invalid length.
[  208.115641][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.118784][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.124617][ T9724] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1634'.
[  208.212094][   T12] veth1_macvtap: left promiscuous mode
[  208.220339][   T12] veth0_macvtap: left promiscuous mode
[  208.223279][   T12] veth1_vlan: left promiscuous mode
[  208.232796][   T12] veth0_vlan: left promiscuous mode
[  208.330874][ T9739] netlink: 'syz.3.1640': attribute type 10 has an invalid length.
[  208.624618][  T188] wlan1: Trigger new scan to find an IBSS to join
[  208.743481][   T12] team0 (unregistering): Port device team_slave_1 removed
[  208.779693][   T12] team0 (unregistering): Port device team_slave_0 removed
[  209.158263][ T9724] ipvlan1: entered promiscuous mode
[  209.160005][ T9724] ipvlan1: entered allmulticast mode
[  209.161780][ T9724] veth0_vlan: entered allmulticast mode
[  209.166804][ T9724] bridge0: port 3(ipvlan1) entered blocking state
[  209.169519][ T9724] bridge0: port 3(ipvlan1) entered disabled state
[  209.177657][ T9724] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  209.198943][ T9739] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  209.203036][ T9739] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  209.221061][ T9739] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  209.260463][ T9742] netlink: 'syz.2.1642': attribute type 28 has an invalid length.
[  209.263626][ T9742] netlink: 'syz.2.1642': attribute type 3 has an invalid length.
[  209.269267][ T9742] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1642'.
[  209.387885][ T9745] netlink: 'syz.3.1643': attribute type 10 has an invalid length.
[  209.391642][ T9745] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1643'.
[  209.627203][  T179] wlan1: Creating new IBSS network, BSSID a2:a0:ae:c9:45:e4
[  210.072389][ T9768] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1649'.
[  210.522552][ T9774] netlink: 'syz.1.1651': attribute type 39 has an invalid length.
[  211.207927][ T9812] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1665'.
[  212.967064][ T9867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1686'.
[  213.302227][ T9880] netlink: 'syz.3.1688': attribute type 4 has an invalid length.
[  213.318696][ T9880] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1688'.
[  213.347900][ T9880] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  213.694867][ T9893] wg0 speed is unknown, defaulting to 1000
[  213.704063][ T9893] wg0 speed is unknown, defaulting to 1000
[  213.711545][ T9893] wg0 speed is unknown, defaulting to 1000
[  213.725268][ T9893] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  213.749023][ T9893] wg0 speed is unknown, defaulting to 1000
[  213.756199][ T9893] wg0 speed is unknown, defaulting to 1000
[  213.774029][ T9893] wg0 speed is unknown, defaulting to 1000
[  213.870179][ T9903] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1699'.
[  214.109409][ T9903] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1699'.
[  214.198860][ T9903] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1699'.
[  215.964129][ T9924] netlink: 'syz.2.1706': attribute type 1 has an invalid length.
[  216.036605][ T9924] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1706'.
[  217.007258][ T9950] netlink: 348 bytes leftover after parsing attributes in process `syz.3.1715'.
[  217.157017][ T9947] siw: device registration error -23
[  217.243031][ T9947] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.1715'.
[  218.074028][ T9983] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1727'.
[  218.948955][ T9991] netlink: 'syz.1.1732': attribute type 2 has an invalid length.
[  219.344792][T10023] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1747'.
[  219.384069][T10023] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1747'.
[  219.551962][T10018] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1743'.
[  220.022226][T10047] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  220.026603][T10047] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  220.921400][T10068] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1763'.
[  221.102799][T10079] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.1768'.
[  221.153264][T10080] raw_sendmsg: syz.1.1767 forgot to set AF_INET. Fix it!
[  222.243697][T10118] netlink: 'syz.1.1781': attribute type 21 has an invalid length.
[  222.256884][T10118] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1781'.
[  222.698939][T10102] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  223.257608][T10145] netlink: 'syz.1.1788': attribute type 10 has an invalid length.
[  223.260915][T10145] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1788'.
[  224.194818][T10192] macvtap0: refused to change device tx_queue_len
[  224.508461][T10202] hsr0: entered promiscuous mode
[  224.977925][T10226] netlink: 348 bytes leftover after parsing attributes in process `syz.1.1822'.
[  225.000807][T10223] lo speed is unknown, defaulting to 1000
[  225.003196][T10223] lo speed is unknown, defaulting to 1000
[  225.006364][T10223] lo speed is unknown, defaulting to 1000
[  225.029922][T10223] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  225.060715][T10223] lo speed is unknown, defaulting to 1000
[  225.063933][T10223] lo speed is unknown, defaulting to 1000
[  225.069025][T10223] lo speed is unknown, defaulting to 1000
[  225.072025][T10232] netlink: 763 bytes leftover after parsing attributes in process `syz.3.1825'.
[  225.383770][T10248] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1832'.
[  225.427218][T10248] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1832'.
[  225.515183][T10248] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1832'.
[  226.287586][T10279] netlink: 182 bytes leftover after parsing attributes in process `syz.1.1843'.
[  226.428898][T10281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1844'.
[  227.306326][T10305] netlink: 'syz.2.1854': attribute type 10 has an invalid length.
[  227.582889][T10305] : (slave netdevsim0): Enslaving as an active interface with an up link
[  227.827956][T10320] tap0: tun_chr_ioctl cmd 1074025677
[  227.830335][T10320] tap0: linktype set to 825
[  228.042349][T10328] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  228.097585][T10336] netlink: 'syz.3.1868': attribute type 8 has an invalid length.
[  229.008898][T10389] xt_time: invalid argument - start or stop time greater than 23:59:59
[  229.414774][T10411] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1902'.
[  229.535734][T10416] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1903'.
[  229.538886][T10416] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1903'.
[  229.869061][T10423] C: renamed from team_slave_0 (while UP)
[  229.886507][T10423] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1906'.
[  229.992495][T10435] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1912'.
[  230.022346][T10437] netlink: 'syz.1.1913': attribute type 1 has an invalid length.
[  230.026161][T10437] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1913'.
[  230.249979][T10449] netlink: 763 bytes leftover after parsing attributes in process `syz.2.1918'.
[  230.362036][T10456] netlink: 'syz.3.1921': attribute type 29 has an invalid length.
[  230.886206][T10481] netlink: 'syz.2.1928': attribute type 4 has an invalid length.
[  230.889555][T10481] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1928'.
[  230.926934][T10481] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  231.073430][T10493] netlink: 'syz.3.1937': attribute type 1 has an invalid length.
[  231.433540][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1950'.
[  231.510125][T10526] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  233.407796][T10591] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1975'.
[  235.147227][T10622] netlink: 'syz.2.1989': attribute type 5 has an invalid length.
[  236.735007][T10641] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1998'.
[  238.212267][T10653] netlink: 1000 bytes leftover after parsing attributes in process `syz.3.2004'.
[  238.328387][T10663] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.2009'.
[  238.439940][ T5237] Bluetooth: hci0: unknown advertising packet type: 0x80
[  238.440001][ T5237] Bluetooth: hci0: Malformed LE Event: 0x02
[  238.452821][T10667] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  238.456822][T10667] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  239.725812][ T1089] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  241.081383][T10752] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  241.129566][T10754] netlink: 'syz.2.2045': attribute type 2 has an invalid length.
[  241.136894][T10754] netlink: 'syz.2.2045': attribute type 8 has an invalid length.
[  241.141948][T10754] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2045'.
[  241.388767][T10773] netlink: 'syz.2.2053': attribute type 10 has an invalid length.
[  241.402542][T10773] 8021q: adding VLAN 0 to HW filter on device team0
[  241.681832][T10776] can: request_module (can-proto-0) failed.
[  242.216785][T10775] netdevsim netdevsim2 : renamed from netdevsim0 (while UP)
[  242.559985][T10793] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2059'.
[  242.572197][T10793] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2059'.
[  243.796127][T10845] sit0: entered allmulticast mode
[  243.844106][T10845] sit0: entered promiscuous mode
[  243.851950][T10847] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.988616][T10852] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2084'.
[  243.992541][T10852] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2084'.
[  244.028074][T10853] netlink: 'syz.2.2081': attribute type 3 has an invalid length.
[  244.031225][T10853] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2081'.
[  244.717978][T10867] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2089'.
[  244.956313][T10877] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  244.961203][T10877] CPU: 1 UID: 0 PID: 10877 Comm: syz.2.2095 Not tainted syzkaller #0 PREEMPT(full) 
[  244.961226][T10877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  244.961255][T10877] Call Trace:
[  244.961265][T10877]  <TASK>
[  244.961274][T10877]  dump_stack_lvl+0x189/0x250
[  244.961312][T10877]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.961334][T10877]  ? __pfx__printk+0x10/0x10
[  244.961372][T10877]  ? kernfs_path_from_node+0x2f/0x290
[  244.961392][T10877]  ? kernfs_path_from_node+0x250/0x290
[  244.961409][T10877]  ? kernfs_path_from_node+0x2f/0x290
[  244.961440][T10877]  sysfs_warn_dup+0x8e/0xa0
[  244.961462][T10877]  sysfs_do_create_link_sd+0xc0/0x110
[  244.961488][T10877]  device_add_class_symlinks+0x1cf/0x240
[  244.961520][T10877]  device_add+0x475/0xb50
[  244.961576][T10877]  wiphy_register+0x1ba6/0x28d0
[  244.961642][T10877]  ? __pfx_wiphy_register+0x10/0x10
[  244.961661][T10877]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  244.961704][T10877]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  244.961739][T10877]  ieee80211_register_hw+0x3484/0x4100
[  244.961796][T10877]  ? ieee80211_register_hw+0x1481/0x4100
[  244.961841][T10877]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  244.961874][T10877]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  244.961912][T10877]  ? __hrtimer_setup+0x187/0x210
[  244.961930][T10877]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  244.961959][T10877]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  244.962054][T10877]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  244.962110][T10877]  ? trace_kmalloc+0x1f/0xd0
[  244.962133][T10877]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  244.962157][T10877]  ? kstrndup+0xbf/0x160
[  244.962208][T10877]  hwsim_new_radio_nl+0xea4/0x1b10
[  244.962240][T10877]  ? __pfx___nla_validate_parse+0x10/0x10
[  244.962288][T10877]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  244.962338][T10877]  ? __nla_parse+0x40/0x60
[  244.962362][T10877]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  244.962394][T10877]  genl_family_rcv_msg_doit+0x215/0x300
[  244.962429][T10877]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  244.962479][T10877]  ? bpf_lsm_capable+0x9/0x20
[  244.962499][T10877]  ? security_capable+0x7e/0x2e0
[  244.962531][T10877]  genl_rcv_msg+0x60e/0x790
[  244.962570][T10877]  ? __pfx_genl_rcv_msg+0x10/0x10
[  244.962591][T10877]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  244.962617][T10877]  ? perf_trace_lock_acquire+0x335/0x410
[  244.962664][T10877]  netlink_rcv_skb+0x208/0x470
[  244.962681][T10877]  ? __lock_acquire+0xab9/0xd20
[  244.962706][T10877]  ? __pfx_genl_rcv_msg+0x10/0x10
[  244.962734][T10877]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  244.962793][T10877]  ? down_read+0x1ad/0x2e0
[  244.962822][T10877]  genl_rcv+0x28/0x40
[  244.962844][T10877]  netlink_unicast+0x82f/0x9e0
[  244.962884][T10877]  ? __pfx_netlink_unicast+0x10/0x10
[  244.962908][T10877]  ? netlink_sendmsg+0x642/0xb30
[  244.962923][T10877]  ? skb_put+0x11b/0x210
[  244.962955][T10877]  netlink_sendmsg+0x805/0xb30
[  244.962998][T10877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.963027][T10877]  ? aa_sock_msg_perm+0xf1/0x1d0
[  244.963051][T10877]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  244.963102][T10877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.963127][T10877]  __sock_sendmsg+0x21c/0x270
[  244.963155][T10877]  ____sys_sendmsg+0x505/0x830
[  244.963198][T10877]  ? __pfx_____sys_sendmsg+0x10/0x10
[  244.963246][T10877]  ? import_iovec+0x74/0xa0
[  244.963282][T10877]  ___sys_sendmsg+0x21f/0x2a0
[  244.963312][T10877]  ? __pfx____sys_sendmsg+0x10/0x10
[  244.963417][T10877]  ? __fget_files+0x2a/0x420
[  244.963432][T10877]  ? __fget_files+0x3a0/0x420
[  244.963474][T10877]  __x64_sys_sendmsg+0x19b/0x260
[  244.963504][T10877]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  244.963552][T10877]  ? rcu_is_watching+0x15/0xb0
[  244.963583][T10877]  ? do_syscall_64+0xbe/0x3b0
[  244.963613][T10877]  do_syscall_64+0xfa/0x3b0
[  244.963630][T10877]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.963649][T10877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.963664][T10877]  ? exc_page_fault+0x9f/0xf0
[  244.963689][T10877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.963703][T10877] RIP: 0033:0x7f665d78eba9
[  244.963722][T10877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.963734][T10877] RSP: 002b:00007f665e6d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.963752][T10877] RAX: ffffffffffffffda RBX: 00007f665d9d5fa0 RCX: 00007f665d78eba9
[  244.963765][T10877] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 000000000000000b
[  244.963775][T10877] RBP: 00007f665d811e19 R08: 0000000000000000 R09: 0000000000000000
[  244.963785][T10877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  244.963794][T10877] R13: 00007f665d9d6038 R14: 00007f665d9d5fa0 R15: 00007ffd7a1fbbe8
[  244.963847][T10877]  </TASK>
[  245.321904][T10894] C: renamed from team_slave_0 (while UP)
[  245.557777][T10906] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2107'.
[  245.697736][T10906] mac80211_hwsim hwsim12 wlan0: entered allmulticast mode
[  245.746842][T10912] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode
[  245.897855][T10922] netlink: 'syz.3.2113': attribute type 3 has an invalid length.
[  245.925281][T10926] netlink: 'syz.3.2115': attribute type 4 has an invalid length.
[  245.963661][T10929] netlink: 'syz.3.2116': attribute type 10 has an invalid length.
[  246.100524][T10939] netlink: 'syz.1.2121': attribute type 19 has an invalid length.
[  246.269226][T10952] netlink: 'syz.2.2127': attribute type 39 has an invalid length.
[  246.671370][T10967] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.2133'.
[  247.199732][T10986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2144'.
[  248.028720][T11011] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2154'.
[  249.271040][T11054] netlink: 'syz.3.2174': attribute type 10 has an invalid length.
[  249.279983][T11054] bridge0: port 1(macsec0) entered blocking state
[  249.295781][T11054] bridge0: port 1(macsec0) entered disabled state
[  249.299026][T11054] macsec0: entered allmulticast mode
[  249.301064][T11054] veth1_macvtap: entered allmulticast mode
[  249.377795][T11054] macsec0: entered promiscuous mode
[  249.389127][T11054] bridge0: port 1(macsec0) entered blocking state
[  249.392746][T11054] bridge0: port 1(macsec0) entered forwarding state
[  252.664422][ T5237] Bluetooth: hci1: unexpected subevent 0x0e length: 150 > 15
[  252.666867][ T5237] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  253.588245][T11094] netlink: zone id is out of range
[  253.590260][T11094] netlink: set zone limit has 8 unknown bytes
[  253.732681][T11102] netlink: 'syz.3.2195': attribute type 21 has an invalid length.
[  253.749865][T11102] IPv6: NLM_F_CREATE should be specified when creating new route
[  254.528154][T11105] netlink: 124 bytes leftover after parsing attributes in process `syz.1.2196'.
[  254.531949][T11105] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2196'.
[  254.745102][T11117] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2202'.
[  254.967252][T11133] netlink: 'syz.1.2211': attribute type 11 has an invalid length.
[  254.970199][T11133] netlink: 'syz.1.2211': attribute type 11 has an invalid length.
[  255.030573][T11137] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2212'.
[  255.038678][T11136] syzkaller0: entered promiscuous mode
[  255.040903][T11136] syzkaller0: entered allmulticast mode
[  255.433123][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  255.435949][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  257.420497][T11170] netlink: 763 bytes leftover after parsing attributes in process `syz.1.2227'.
[  260.243906][T11226] openvswitch: netlink: Flow actions attr not present in new flow.
[  260.518831][T11232] netlink: 11562 bytes leftover after parsing attributes in process `syz.1.2253'.
[  260.613357][T11236] netlink: 'syz.3.2255': attribute type 10 has an invalid length.
[  260.734769][T11236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  260.762256][T11236] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  261.023574][T11247] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.2259'.
[  261.085182][T11247] netlink: zone id is out of range
[  261.088189][T11247] netlink: zone id is out of range
[  261.091431][T11247] netlink: zone id is out of range
[  261.099589][T11247] netlink: get zone limit has 8 unknown bytes
[  261.797701][T11252] netlink: set zone limit has 4 unknown bytes
[  261.955081][T11254] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2263'.
[  262.312096][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  262.320875][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  262.325857][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  262.331825][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  262.336687][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  262.375569][T11265] wg0 speed is unknown, defaulting to 1000
[  262.380345][T11265] lo speed is unknown, defaulting to 1000
[  262.542293][T11265] chnl_net:caif_netlink_parms(): no params data found
[  262.618964][T11265] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.621591][T11265] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.627594][T11265] bridge_slave_0: entered allmulticast mode
[  262.631064][T11265] bridge_slave_0: entered promiscuous mode
[  262.636696][T11265] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.639671][T11265] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.642366][T11265] bridge_slave_1: entered allmulticast mode
[  262.649077][T11265] bridge_slave_1: entered promiscuous mode
[  262.676698][T11265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.682575][T11265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.712526][T11265] team0: Port device team_slave_0 added
[  262.717532][T11265] team0: Port device team_slave_1 added
[  262.743935][T11265] batman_adv: batadv0: Adding interface: batadv_slave_0
[  262.747279][T11265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.757652][T11265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.764847][T11265] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.767349][T11265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.776430][T11265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.925684][T11265] hsr_slave_0: entered promiscuous mode
[  262.929112][T11265] hsr_slave_1: entered promiscuous mode
[  262.932349][T11265] debugfs: 'hsr0' already exists in 'hsr'
[  262.936630][T11265] Cannot create hsr debugfs directory
[  263.378653][T11265] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  263.398933][T11265] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  263.446529][T11265] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  263.470397][T11265] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  263.566996][T11308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2278'.
[  263.633861][T11312] netlink: 'syz.3.2280': attribute type 21 has an invalid length.
[  263.638201][T11312] netlink: 'syz.3.2280': attribute type 11 has an invalid length.
[  263.667612][T11265] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.720480][T11265] 8021q: adding VLAN 0 to HW filter on device team0
[  263.755103][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.758097][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.772910][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.775808][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.040027][T11265] 8021q: adding VLAN 0 to HW filter on device batadv0
[  264.299289][T11265] veth0_vlan: entered promiscuous mode
[  264.309240][T11265] veth1_vlan: entered promiscuous mode
[  264.343715][T11265] veth0_macvtap: entered promiscuous mode
[  264.351315][T11265] veth1_macvtap: entered promiscuous mode
[  264.367554][T11265] batman_adv: batadv0: Interface activated: batadv_slave_0
[  264.374861][ T5237] Bluetooth: hci3: command tx timeout
[  264.388789][T11265] batman_adv: batadv0: Interface activated: batadv_slave_1
[  264.400740][ T5862] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  264.411317][ T5862] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  264.422793][ T5862] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.429874][ T5862] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.541862][T11354] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2295'.
[  264.551277][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.558212][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.591727][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.596185][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.969316][T11371] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2300'.
[  265.086127][T11382] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2305'.
[  265.188077][T11387] netlink: 11562 bytes leftover after parsing attributes in process `syz.3.2307'.
[  265.243913][T11385] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2308'.
[  265.924621][T11422] netlink: 'syz.1.2323': attribute type 6 has an invalid length.
[  266.458979][ T5237] Bluetooth: hci3: command tx timeout
[  266.769750][T11439] netlink: 'syz.1.2332': attribute type 9 has an invalid length.
[  266.773069][T11439] netlink: 195776 bytes leftover after parsing attributes in process `syz.1.2332'.
[  266.840371][T11441] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.2333'.
[  266.980401][T11443] wg0 speed is unknown, defaulting to 1000
[  266.987865][T11443] lo speed is unknown, defaulting to 1000
[  267.467834][T11464] netlink: 'syz.3.2340': attribute type 11 has an invalid length.
[  267.734699][ T5237] Bluetooth: hci1: command 0x0406 tx timeout
[  268.534436][   T54] Bluetooth: hci3: command tx timeout
[  269.452468][T11501] wg0 speed is unknown, defaulting to 1000
[  269.457934][T11501] lo speed is unknown, defaulting to 1000
[  270.539367][T11527] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.2366'.
[  270.636346][   T54] Bluetooth: hci3: command tx timeout
[  271.347915][T11551] netlink: 'syz.3.2375': attribute type 1 has an invalid length.
[  271.398482][T11552] xt_nfacct: accounting object `\$9ZM#mU|^c\F9YⳈ' does not exist
[  272.089861][T11567] netlink: 'syz.4.2380': attribute type 9 has an invalid length.
[  272.092805][T11567] netlink: 211924 bytes leftover after parsing attributes in process `syz.4.2380'.
[  272.342403][T11571] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2381'.
[  272.556784][T11576] wg0 speed is unknown, defaulting to 1000
[  272.565554][T11576] lo speed is unknown, defaulting to 1000
[  272.828767][T11593] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2389'.
[  274.390203][T11636] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2405'.
[  274.393999][T11636] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  275.439858][T11652] netlink: 'syz.4.2412': attribute type 1 has an invalid length.
[  275.454577][T11652] netlink: 'syz.4.2412': attribute type 3 has an invalid length.
[  275.458133][T11652] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2412'.
[  275.716547][T11657] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2415'.
[  275.733686][T11657] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2415'.
[  275.926823][  T188] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  276.460608][T11687] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  276.811438][T11700] netlink: 'syz.4.2434': attribute type 1 has an invalid length.
[  276.814999][T11700] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.2434'.
[  277.533166][T11722] bridge0: port 3(dummy0) entered disabled state
[  277.598429][T11722] bridge_slave_1: left allmulticast mode
[  277.600573][T11722] bridge_slave_1: left promiscuous mode
[  277.602900][T11722] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.671207][T11722] bridge_slave_0: left promiscuous mode
[  277.689257][T11722] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.692368][   T33] audit: type=1107 audit(1758208980.339:3): pid=11723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  278.933299][T11735] openvswitch: netlink: EtherType 50a is less than min 600
[  279.519317][T11747] netlink: 'syz.4.2456': attribute type 10 has an invalid length.
[  279.523089][T11747] netlink: 55 bytes leftover after parsing attributes in process `syz.4.2456'.
[  279.594545][T11752] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2459'.
[  280.101400][T11744] delete_channel: no stack
[  281.657878][T11789] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2476'.
[  281.700941][T11792] netlink: 'syz.4.2477': attribute type 13 has an invalid length.
[  281.707706][T11792] netlink: 61967 bytes leftover after parsing attributes in process `syz.4.2477'.
[  283.128504][T11814] netlink: 'syz.4.2487': attribute type 10 has an invalid length.
[  283.133431][T11814] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.142251][T11814] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.253594][T11814] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.257888][T11814] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.264529][T11814] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.268654][T11814] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.393454][T11814] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  284.810452][T11841] netlink: 6 bytes leftover after parsing attributes in process `syz.4.2497'.
[  284.916376][T11845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2498'.
[  284.927598][T11845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2498'.
[  285.058770][T11849] xt_socket: unknown flags 0x40
[  285.180604][T11854] delete_channel: no stack
[  286.203943][T11870] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2509'.
[  286.207915][T11870] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2509'.
[  287.030939][T11892] sctp: [Deprecated]: syz.1.2517 (pid 11892) Use of struct sctp_assoc_value in delayed_ack socket option.
[  287.030939][T11892] Use struct sctp_sack_info instead
[  290.650529][T11976] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2553'.
[  290.676161][T11976] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2553'.
[  290.906547][T11981] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2555'.
[  291.012446][ T5237] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  291.029935][ T5237] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  291.040562][ T5237] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  291.045729][ T5237] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  291.050087][ T5237] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  291.296500][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.313254][T11984] wg0 speed is unknown, defaulting to 1000
[  291.323908][T11984] lo speed is unknown, defaulting to 1000
[  291.458545][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.627902][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.671490][T11997] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2561'.
[  291.857774][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.941666][T11997] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[  292.066804][   T13] macsec0: left allmulticast mode
[  292.070199][   T13] veth1_macvtap: left allmulticast mode
[  292.084326][   T13] macsec0: left promiscuous mode
[  292.086529][   T13] bridge0: port 1(macsec0) entered disabled state
[  292.098023][   T13] bridge_slave_1: left allmulticast mode
[  292.107352][   T13] bridge_slave_1: left promiscuous mode
[  292.109099][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.094573][   T54] Bluetooth: hci2: command tx timeout
[  295.174333][   T54] Bluetooth: hci2: command tx timeout
[  295.776943][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.787678][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  295.796344][   T13] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  295.803720][   T13] bond0 (unregistering): Released all slaves
[  295.817149][T12031] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2569'.
[  295.825267][T11984] chnl_net:caif_netlink_parms(): no params data found
[  296.756602][T11984] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.761829][T11984] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.768253][T11984] bridge_slave_0: entered allmulticast mode
[  296.781925][T11984] bridge_slave_0: entered promiscuous mode
[  296.809116][T11984] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.812261][T11984] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.815247][T11984] bridge_slave_1: entered allmulticast mode
[  296.821569][T11984] bridge_slave_1: entered promiscuous mode
[  296.880954][T11984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  296.898799][T11984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.958334][T11984] team0: Port device team_slave_0 added
[  296.985956][T11984] team0: Port device team_slave_1 added
[  297.101272][T11984] batman_adv: batadv0: Adding interface: batadv_slave_0
[  297.103940][T11984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.113327][T11984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  297.121991][T11984] batman_adv: batadv0: Adding interface: batadv_slave_1
[  297.125081][T11984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.134962][T11984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  297.190231][T12058] syzkaller0: entered promiscuous mode
[  297.193784][T12058] syzkaller0: entered allmulticast mode
[  297.201099][T12061] netlink: 'syz.1.2578': attribute type 12 has an invalid length.
[  297.206596][T12061] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2578'.
[  297.242444][T11984] hsr_slave_0: entered promiscuous mode
[  297.246883][T11984] hsr_slave_1: entered promiscuous mode
[  297.254861][T11984] debugfs: 'hsr0' already exists in 'hsr'
[  297.256709][T11984] Cannot create hsr debugfs directory
[  297.260075][   T54] Bluetooth: hci2: command tx timeout
[  297.680831][   T13] hsr_slave_0: left promiscuous mode
[  297.689288][   T13] hsr_slave_1: left promiscuous mode
[  297.694984][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  297.697600][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  297.701850][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  297.713065][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  297.727513][   T13] veth1_macvtap: left promiscuous mode
[  297.729673][   T13] veth0_macvtap: left promiscuous mode
[  298.126023][   T13] team0 (unregistering): Port device team_slave_1 removed
[  298.158950][   T13] team0 (unregistering): Port device C removed
[  298.861064][T11984] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  298.875596][T11984] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  298.881312][T11984] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  298.914784][T11984] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  299.142871][T11984] 8021q: adding VLAN 0 to HW filter on device bond0
[  299.168192][T11984] 8021q: adding VLAN 0 to HW filter on device team0
[  299.174118][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.176701][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.210425][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.213158][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.341042][   T54] Bluetooth: hci2: command tx timeout
[  299.495198][T11984] 8021q: adding VLAN 0 to HW filter on device batadv0
[  300.251224][T11984] veth0_vlan: entered promiscuous mode
[  300.259674][T11984] veth1_vlan: entered promiscuous mode
[  300.307118][T11984] veth0_macvtap: entered promiscuous mode
[  300.311950][T11984] veth1_macvtap: entered promiscuous mode
[  300.360008][T11984] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.378809][T11984] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.398659][ T5880] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.402205][ T5880] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.406976][ T5880] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.410531][ T5880] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.490945][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.493602][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.537659][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.540783][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.709429][T12157] netlink: 'syz.1.2604': attribute type 21 has an invalid length.
[  300.712795][T12157] netlink: 'syz.1.2604': attribute type 6 has an invalid length.
[  300.717388][T12157] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2604'.
[  301.181704][T12175] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2612'.
[  301.541312][T12179] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  301.584465][T12183] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  301.865529][T12208] netlink: 180 bytes leftover after parsing attributes in process `syz.4.2625'.
[  301.956403][   T54] Bluetooth: hci2: unexpected event 0x0f length: 15 > 4
[  302.329249][T12230] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2635'.
[  302.411101][T12235] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[  303.132819][T12243] openvswitch: netlink: VXLAN extension message has 9 unknown bytes.
[  305.350452][T12266] netlink: 14560 bytes leftover after parsing attributes in process `syz.4.2648'.
[  305.467787][T12266] syz.4.2648 (12266) used obsolete PPPIOCDETACH ioctl
[  305.919243][T12292] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.2653'.
[  306.012027][   T54] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  306.015719][   T54] Bluetooth: hci2: Injecting HCI hardware error event
[  306.021422][ T5237] Bluetooth: hci2: hardware error 0x00
[  306.850209][T12301] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  306.863427][T12301] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  307.479095][T12326] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2666'.
[  307.545833][T12327] netlink: 'syz.1.2666': attribute type 21 has an invalid length.
[  307.554030][T12327] netlink: 'syz.1.2666': attribute type 10 has an invalid length.
[  307.932397][   T54] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[  307.932568][   T54] Bluetooth: hci2: connection err: -111
[  307.985749][T12339] wg0 speed is unknown, defaulting to 1000
[  307.991837][T12339] lo speed is unknown, defaulting to 1000
[  308.363115][T12355] netlink: 'syz.4.2677': attribute type 39 has an invalid length.
[  308.408910][T12357] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2678'.
[  308.454690][ T5237] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  308.729706][T12365] syzkaller0: entered promiscuous mode
[  308.732103][T12365] syzkaller0: entered allmulticast mode
[  308.967650][T12369] netlink: 'syz.5.2682': attribute type 1 has an invalid length.
[  308.971171][T12369] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.2682'.
[  310.968191][T12387] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2691'.
[  311.233630][T12392] syzkaller0: entered promiscuous mode
[  311.241727][T12392] syzkaller0: entered allmulticast mode
[  313.700466][T12420] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2702'.
[  313.794409][T12433] syzkaller1: tun_chr_ioctl cmd 1074025677
[  313.797690][T12433] syzkaller1: linktype set to 776
[  313.986003][T12444] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2707'.
[  314.521320][T12462] wg0 speed is unknown, defaulting to 1000
[  314.613348][T12466] ==================================================================
[  314.616702][T12466] BUG: KASAN: slab-use-after-free in __xfrm_state_insert+0x8af/0x1450
[  314.620040][T12466] Read of size 1 at addr ffff888024724c30 by task syz.1.2713/12466
[  314.624226][T12466] 
[  314.625539][T12466] CPU: 0 UID: 0 PID: 12466 Comm: syz.1.2713 Not tainted syzkaller #0 PREEMPT(full) 
[  314.625563][T12466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  314.625574][T12466] Call Trace:
[  314.625583][T12466]  <TASK>
[  314.625594][T12466]  dump_stack_lvl+0x189/0x250
[  314.625622][T12466]  ? __virt_addr_valid+0x1c8/0x5c0
[  314.625650][T12466]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.625667][T12466]  ? __virt_addr_valid+0x1c8/0x5c0
[  314.625688][T12466]  ? lock_release+0x4b/0x3e0
[  314.625726][T12466]  ? __virt_addr_valid+0x4a5/0x5c0
[  314.625752][T12466]  print_report+0xca/0x240
[  314.625770][T12466]  ? __xfrm_state_insert+0x8af/0x1450
[  314.625791][T12466]  kasan_report+0x118/0x150
[  314.625824][T12466]  ? __xfrm_state_insert+0x8af/0x1450
[  314.625863][T12466]  __xfrm_state_insert+0x8af/0x1450
[  314.625945][T12466]  xfrm_state_insert+0x54/0x60
[  314.625970][T12466]  ipcomp6_init_state+0x655/0x900
[  314.626010][T12466]  __xfrm_init_state+0xa76/0x13f0
[  314.626023][T12466]  ? __xfrm_init_state+0x7ef/0x13f0
[  314.626059][T12466]  xfrm_init_state+0x18/0xa0
[  314.626085][T12466]  pfkey_add+0x1d38/0x2e00
[  314.626151][T12466]  ? __pfx_pfkey_add+0x10/0x10
[  314.626168][T12466]  ? kmem_cache_free+0x18f/0x400
[  314.626221][T12466]  pfkey_sendmsg+0xbfe/0x1090
[  314.626278][T12466]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  314.626295][T12466]  ? trace_call_bpf+0x5ba/0x850
[  314.626365][T12466]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  314.626384][T12466]  ? aa_sock_msg_perm+0xf1/0x1d0
[  314.626408][T12466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  314.626427][T12466]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  314.626451][T12466]  __sock_sendmsg+0x21c/0x270
[  314.626477][T12466]  ____sys_sendmsg+0x505/0x830
[  314.626514][T12466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  314.626589][T12466]  ? import_iovec+0x74/0xa0
[  314.626623][T12466]  ___sys_sendmsg+0x21f/0x2a0
[  314.626651][T12466]  ? __pfx____sys_sendmsg+0x10/0x10
[  314.626717][T12466]  ? __fget_files+0x2a/0x420
[  314.626763][T12466]  ? __fget_files+0x2a/0x420
[  314.626777][T12466]  ? __fget_files+0x3a0/0x420
[  314.626811][T12466]  __x64_sys_sendmsg+0x19b/0x260
[  314.626838][T12466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  314.626876][T12466]  ? rcu_is_watching+0x15/0xb0
[  314.626939][T12466]  ? do_syscall_64+0xbe/0x3b0
[  314.626973][T12466]  do_syscall_64+0xfa/0x3b0
[  314.626994][T12466]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.627012][T12466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.627027][T12466]  ? exc_page_fault+0x9f/0xf0
[  314.627062][T12466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.627078][T12466] RIP: 0033:0x7ff66e38eba9
[  314.627096][T12466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.627109][T12466] RSP: 002b:00007ff66f2e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  314.627125][T12466] RAX: ffffffffffffffda RBX: 00007ff66e5d5fa0 RCX: 00007ff66e38eba9
[  314.627136][T12466] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005
[  314.627145][T12466] RBP: 00007ff66e411e19 R08: 0000000000000000 R09: 0000000000000000
[  314.627154][T12466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.627163][T12466] R13: 00007ff66e5d6038 R14: 00007ff66e5d5fa0 R15: 00007fff3a9c9968
[  314.627210][T12466]  </TASK>
[  314.627217][T12466] 
[  314.758021][T12466] Allocated by task 11654:
[  314.759817][T12466]  kasan_save_track+0x3e/0x80
[  314.761719][T12466]  __kasan_slab_alloc+0x6c/0x80
[  314.763791][T12466]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  314.766037][T12466]  xfrm_state_alloc+0x24/0x2f0
[  314.767979][T12466]  xfrm_add_sa+0x17d1/0x4070
[  314.769861][T12466]  xfrm_user_rcv_msg+0x7a3/0xab0
[  314.771814][T12466]  netlink_rcv_skb+0x208/0x470
[  314.774476][T12466]  xfrm_netlink_rcv+0x79/0x90
[  314.777001][T12466]  netlink_unicast+0x82f/0x9e0
[  314.778817][T12466]  netlink_sendmsg+0x805/0xb30
[  314.780799][T12466]  __sock_sendmsg+0x21c/0x270
[  314.782667][T12466]  ____sys_sendmsg+0x505/0x830
[  314.784646][T12466]  ___sys_sendmsg+0x21f/0x2a0
[  314.786571][T12466]  __x64_sys_sendmsg+0x19b/0x260
[  314.788564][T12466]  do_syscall_64+0xfa/0x3b0
[  314.790408][T12466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.792830][T12466] 
[  314.793816][T12466] Freed by task 10:
[  314.795398][T12466]  kasan_save_track+0x3e/0x80
[  314.797313][T12466]  kasan_save_free_info+0x46/0x50
[  314.799374][T12466]  __kasan_slab_free+0x5b/0x80
[  314.801341][T12466]  kmem_cache_free+0x18f/0x400
[  314.803371][T12466]  xfrm_state_gc_task+0x52d/0x6b0
[  314.805394][T12466]  process_scheduled_works+0xae1/0x17b0
[  314.807576][T12466]  worker_thread+0x8a0/0xda0
[  314.809449][T12466]  kthread+0x711/0x8a0
[  314.811099][T12466]  ret_from_fork+0x439/0x7d0
[  314.812870][T12466]  ret_from_fork_asm+0x1a/0x30
[  314.814862][T12466] 
[  314.815862][T12466] The buggy address belongs to the object at ffff888024724900
[  314.815862][T12466]  which belongs to the cache xfrm_state of size 928
[  314.821413][T12466] The buggy address is located 816 bytes inside of
[  314.821413][T12466]  freed 928-byte region [ffff888024724900, ffff888024724ca0)
[  314.827104][T12466] 
[  314.828096][T12466] The buggy address belongs to the physical page:
[  314.830690][T12466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888024726d00 pfn:0x24724
[  314.834747][T12466] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  314.838152][T12466] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  314.841189][T12466] page_type: f5(slab)
[  314.842840][T12466] raw: 00fff00000000040 ffff888104e54640 dead000000000122 0000000000000000
[  314.846366][T12466] raw: ffff888024726d00 00000000800e000a 00000000f5000000 0000000000000000
[  314.849751][T12466] head: 00fff00000000040 ffff888104e54640 dead000000000122 0000000000000000
[  314.853265][T12466] head: ffff888024726d00 00000000800e000a 00000000f5000000 0000000000000000
[  314.856743][T12466] head: 00fff00000000002 ffffea000091c901 00000000ffffffff 00000000ffffffff
[  314.860280][T12466] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  314.863644][T12466] page dumped because: kasan: bad access detected
[  314.866252][T12466] page_owner tracks the page as allocated
[  314.868542][T12466] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6500, tgid 6499 (syz.0.255), ts 92011868113, free_ts 91960838585
[  314.875993][T12466]  post_alloc_hook+0x240/0x2a0
[  314.877914][T12466]  get_page_from_freelist+0x21e4/0x22c0
[  314.880106][T12466]  __alloc_frozen_pages_noprof+0x181/0x370
[  314.882454][T12466]  alloc_pages_mpol+0x232/0x4a0
[  314.884451][T12466]  allocate_slab+0x8a/0x370
[  314.886313][T12466]  ___slab_alloc+0xbeb/0x1420
[  314.888218][T12466]  kmem_cache_alloc_noprof+0x283/0x3c0
[  314.890449][T12466]  xfrm_state_alloc+0x24/0x2f0
[  314.892432][T12466]  xfrm_add_sa+0x17d1/0x4070
[  314.894331][T12466]  xfrm_user_rcv_msg+0x7a3/0xab0
[  314.896338][T12466]  netlink_rcv_skb+0x208/0x470
[  314.898300][T12466]  xfrm_netlink_rcv+0x79/0x90
[  314.900230][T12466]  netlink_unicast+0x82f/0x9e0
[  314.902186][T12466]  netlink_sendmsg+0x805/0xb30
[  314.904156][T12466]  __sock_sendmsg+0x21c/0x270
[  314.906109][T12466]  ____sys_sendmsg+0x505/0x830
[  314.908059][T12466] page last free pid 6494 tgid 6493 stack trace:
[  314.910561][T12466]  __free_frozen_pages+0xbc4/0xd30
[  314.912644][T12466]  stack_depot_save_flags+0x436/0x860
[  314.914841][T12466]  kasan_save_track+0x4f/0x80
[  314.916785][T12466]  __kasan_kmalloc+0x93/0xb0
[  314.918725][T12466]  __kmalloc_cache_noprof+0x230/0x3d0
[  314.920956][T12466]  instance_create+0xd0/0x360
[  314.922860][T12466]  nfqnl_recv_config+0x6cc/0xae0
[  314.924905][T12466]  nfnetlink_rcv_msg+0xb4d/0x1130
[  314.926981][T12466]  netlink_rcv_skb+0x208/0x470
[  314.928928][T12466]  nfnetlink_rcv+0x26a/0x2520
[  314.930891][T12466]  netlink_unicast+0x82f/0x9e0
[  314.932754][T12466]  netlink_sendmsg+0x805/0xb30
[  314.934678][T12466]  __sock_sendmsg+0x21c/0x270
[  314.936648][T12466]  ____sys_sendmsg+0x505/0x830
[  314.938609][T12466]  ___sys_sendmsg+0x21f/0x2a0
[  314.940534][T12466]  __x64_sys_sendmsg+0x19b/0x260
[  314.942603][T12466] 
[  314.943616][T12466] Memory state around the buggy address:
[  314.945998][T12466]  ffff888024724b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.949234][T12466]  ffff888024724b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.952471][T12466] >ffff888024724c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  314.955698][T12466]                                      ^
[  314.957892][T12466]  ffff888024724c80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  314.961108][T12466]  ffff888024724d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  314.964261][T12466] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  314.967701][T12466] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  314.970760][T12466] CPU: 0 UID: 0 PID: 12466 Comm: syz.1.2713 Not tainted syzkaller #0 PREEMPT(full) 
[  314.974399][T12466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  314.978439][T12466] Call Trace:
[  314.979768][T12466]  <TASK>
[  314.981008][T12466]  dump_stack_lvl+0x99/0x250
[  314.982911][T12466]  ? __asan_memcpy+0x40/0x70
[  314.984852][T12466]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.987029][T12466]  ? __pfx__printk+0x10/0x10
[  314.988983][T12466]  vpanic+0x281/0x750
[  314.990660][T12466]  ? __pfx_vpanic+0x10/0x10
[  314.992545][T12466]  ? irqentry_exit+0x74/0x90
[  314.994373][T12466]  panic+0xb9/0xc0
[  314.995910][T12466]  ? __pfx_panic+0x10/0x10
[  314.997685][T12466]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  315.000048][T12466]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  315.002429][T12466]  ? __xfrm_state_insert+0x8af/0x1450
[  315.004640][T12466]  check_panic_on_warn+0x89/0xb0
[  315.006688][T12466]  ? __xfrm_state_insert+0x8af/0x1450
[  315.008888][T12466]  end_report+0x78/0x160
[  315.010645][T12466]  kasan_report+0x129/0x150
[  315.012530][T12466]  ? __xfrm_state_insert+0x8af/0x1450
[  315.014732][T12466]  __xfrm_state_insert+0x8af/0x1450
[  315.016895][T12466]  xfrm_state_insert+0x54/0x60
[  315.018777][T12466]  ipcomp6_init_state+0x655/0x900
[  315.020814][T12466]  __xfrm_init_state+0xa76/0x13f0
[  315.022785][T12466]  ? __xfrm_init_state+0x7ef/0x13f0
[  315.024918][T12466]  xfrm_init_state+0x18/0xa0
[  315.026823][T12466]  pfkey_add+0x1d38/0x2e00
[  315.028794][T12466]  ? __pfx_pfkey_add+0x10/0x10
[  315.030693][T12466]  ? kmem_cache_free+0x18f/0x400
[  315.032730][T12466]  pfkey_sendmsg+0xbfe/0x1090
[  315.034664][T12466]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  315.036680][T12466]  ? trace_call_bpf+0x5ba/0x850
[  315.038682][T12466]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  315.041012][T12466]  ? aa_sock_msg_perm+0xf1/0x1d0
[  315.043056][T12466]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  315.045214][T12466]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  315.047140][T12466]  __sock_sendmsg+0x21c/0x270
[  315.049085][T12466]  ____sys_sendmsg+0x505/0x830
[  315.051439][T12466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  315.053657][T12466]  ? import_iovec+0x74/0xa0
[  315.055592][T12466]  ___sys_sendmsg+0x21f/0x2a0
[  315.057518][T12466]  ? __pfx____sys_sendmsg+0x10/0x10
[  315.059703][T12466]  ? __fget_files+0x2a/0x420
[  315.061657][T12466]  ? __fget_files+0x2a/0x420
[  315.063578][T12466]  ? __fget_files+0x3a0/0x420
[  315.065562][T12466]  __x64_sys_sendmsg+0x19b/0x260
[  315.067578][T12466]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  315.069755][T12466]  ? rcu_is_watching+0x15/0xb0
[  315.071832][T12466]  ? do_syscall_64+0xbe/0x3b0
[  315.073823][T12466]  do_syscall_64+0xfa/0x3b0
[  315.075699][T12466]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.077822][T12466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.080273][T12466]  ? exc_page_fault+0x9f/0xf0
[  315.082265][T12466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.084675][T12466] RIP: 0033:0x7ff66e38eba9
[  315.086523][T12466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.094189][T12466] RSP: 002b:00007ff66f2e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.097574][T12466] RAX: ffffffffffffffda RBX: 00007ff66e5d5fa0 RCX: 00007ff66e38eba9
[  315.100740][T12466] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005
[  315.103914][T12466] RBP: 00007ff66e411e19 R08: 0000000000000000 R09: 0000000000000000
[  315.107108][T12466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  315.110241][T12466] R13: 00007ff66e5d6038 R14: 00007ff66e5d5fa0 R15: 00007fff3a9c9968
[  315.113466][T12466]  </TASK>
[  315.115466][T12466] Kernel Offset: disabled
[  315.117268][T12466] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:23:37  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bee60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=000000000000264e RDI=000000000000264f RBP=ffffffff99df76b0 RSP=ffffc900064ded50
R8 =ffff888106e60237 R9 =1ffff11020dcc046 R10=dffffc0000000000 R11=ffffffff854fc770
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99df7420 R15=0000000000000000
RIP=ffffffff854fc7e7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff66f2e16c0 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff66f2e0fc8 CR3=000000002defa000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007ff66e5a7498 00007ff66e5a7470 XMM03=00007ff66e5a74a8 00007ff66e5a74a0
XMM04=00007ff66f10d100 00007ff66e5a7460 XMM05=00007ff66e5a7478 00007ff66e5a74c0
XMM06=00007ff66e5a74b8 00007ff66e5a74b0 XMM07=00007ff66e5a74a8 00007ff66e5a74a0
XMM08=0000000000000000 00007ff66e412ee7 XMM09=0000000000000000 00007ff66e412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=1ffff11009608341 RCX=ffff888108d51cc0 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc90002f4f700 RSP=ffffc90002f4f580
R8 =ffffffff8fa3ab37 R9 =1ffffffff1f47566 R10=dffffc0000000000 R11=fffffbfff1f47567
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b46208 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4e80f07d60 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f4e803a76c3 00007f4e803a76c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=000055556965c662 000055556965c4b0
XMM06=0000000000000000 0000000000000000 XMM07=07c00302100007b0 0302801000019003
XMM08=0a00000000000500 0500000000020040 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
