last executing test programs:

27.770884896s ago: executing program 0 (id=1533):
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x3b, 0x0, 0x0)

27.770442082s ago: executing program 0 (id=1535):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x3, 0x2, 0x2}}, 0x80, 0x0, 0xfffffffffffffcb5}, 0x0)
r0 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x20, 0x2004, 0x0, 0x0, 0x0, 0x101, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0)

27.681095723s ago: executing program 0 (id=1536):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

27.482399203s ago: executing program 0 (id=1543):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x163001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454da, &(0x7f0000000080)={'batadv0\x00'})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x207)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000e40)="2e0000003e000511d25a80698c6394090124fc602f6e354016000180000000000000000000002cd65c65c3d7d756", 0x2e}], 0x1, 0x0, 0x0, 0x39c}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101})
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10000}}, &(0x7f0000000500)='GPL\x00', 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

27.261143127s ago: executing program 2 (id=1538):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4000000000000006111140000000000040000000000000095000000000000001abe5201462857a3db65e291772afa2114f5963ed660b870d974d2252829f8290f8d02e3b0096b3df3e6585851cb7efb50a982b66e14716ffe33a164c3d1ff5798fc4bd6d3e5ab096e9ad743eb00"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d43, 0x10, &(0x7f0000000000), 0x76}, 0x48)

26.593723611s ago: executing program 2 (id=1540):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa, 0x0, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffd}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)

26.480639214s ago: executing program 2 (id=1541):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000180)={r1}, 0x5)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xa8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

26.430765386s ago: executing program 2 (id=1544):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x13}]}}, 0x0, 0x26}, 0x20)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r0, 0x1, 0x1}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xd, 0x4, 0x4, 0xa8, 0x0, r1, 0x0, '\x00', 0x0, r0, 0x0, 0x5}, 0x48)

26.380551915s ago: executing program 0 (id=1545):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20008810)
socket$kcm(0x22, 0x3, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x4, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff00}, 0x48)

26.085078022s ago: executing program 0 (id=1546):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fea0000000711092000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x790f}, 0x94)

26.084911024s ago: executing program 2 (id=1547):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000017c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000200)={&(0x7f0000000000)=@generic={0x1, "cb8db8704d5c5ca55a8edf10e8ed3f5a5090e9f7c449b0075f3de7447578995c7f350d558674acba80ac38a8ce3643a9c18503eebd7d7edc5cd2aac271c800d24f54710369e0a24d07b7e433ff41125387e30099d9000b7c669be8bb99c0c4f5adb51a382804f5252bea2d4f7d5ff1745d88639edfcd8078ac2b7f7fd599"}, 0x80, 0x0}, 0x0)

25.957594113s ago: executing program 32 (id=1546):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fea0000000711092000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x790f}, 0x94)

25.725702485s ago: executing program 2 (id=1549):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48)

25.725602865s ago: executing program 33 (id=1549):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48)

1.431231357s ago: executing program 1 (id=2046):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0xb}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80ff}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x5000000}}, [@jmp={0x5, 0x1, 0xb, 0xa, 0x0, 0x6}, @jmp={0x5, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffff4, 0xfffffffffffffffc}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x1000, &(0x7f0000000cc0)=""/4096, 0x41100, 0x2f}, 0x94)

380.653209ms ago: executing program 1 (id=2070):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
perf_event_open(0x0, 0x0, 0x1, r0, 0x9)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
socket$kcm(0x10, 0x53861deb26522d89, 0x0)
socket$kcm(0xa, 0x1, 0x106)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x10, 0x400000002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r3, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1, 0x0, 0x0, 0x900}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008103e00f80ecdb4cb9f207c804a00f00000088080ffb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

285.612487ms ago: executing program 3 (id=2074):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8982, &(0x7f0000000080))

285.450127ms ago: executing program 4 (id=2075):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x2}, [@alu={0x4, 0x1, 0x4, 0x760cda05bcf95fa0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

285.313517ms ago: executing program 4 (id=2076):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0xba}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

285.270389ms ago: executing program 3 (id=2077):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x22, &(0x7f00000018c0), 0x4)

230.764042ms ago: executing program 4 (id=2078):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2105, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4, @perf_config_ext={0x3}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48)
r1 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)=r1}, 0x20)
recvmsg$kcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/249, 0xf9}], 0x1}, 0x40000140)

230.578485ms ago: executing program 3 (id=2079):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x7e}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)

230.348425ms ago: executing program 3 (id=2080):
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000014006b05c84e21000ab16d6e23", 0x11}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)

179.32868ms ago: executing program 3 (id=2081):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x5, 0xf, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x40503c2b, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000005c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100ff}, 0x94)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xc}, 0x24, 0x0, 0x10000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

179.136214ms ago: executing program 1 (id=2082):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="0e00008d00"})

178.629228ms ago: executing program 1 (id=2083):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond_slave_1\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8922, &(0x7f0000000080))

130.034193ms ago: executing program 4 (id=2084):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000180)=ANY=[@ANYRES64, @ANYBLOB="b1e3658894e4f9db46a9c1fee64fd46dfc15e724daa697bf286826e618a9664dbd279891bb4e5b01ccdd14a1d3f0041b40279647ed9db756e4d63657281500534a9dcf8f7b095d98ec90d36d2396caf9222311e30a60dbb440fb14fc50248ce946aafd08e7d269338cf95d320d069663224d6f576fd34c3d3790ef59d679"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[], 0xffdd)

79.726669ms ago: executing program 4 (id=2085):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000002000000000000000008500000061000000850000007d00000095"], &(0x7f0000000200)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x27, 0xe, 0x0, &(0x7f0000000140)="f80204000000000000007f5388a8", 0x0, 0x405, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)

79.534605ms ago: executing program 4 (id=2086):
r0 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="d8000000180081064e80f782db44b9040a1d080000000000000055a10a0015400100142603600e1208009e0000000401040016004000054003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408a8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409fd2ee0125b91643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d28a4683f5aeb4edbb57a5025360db70100000040fad95667e006dcdf63951f215ce3060000000000000081ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b4337812398626e7636", 0xd8}], 0x1}, 0x4000084)

598.237µs ago: executing program 1 (id=2087):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x6}, 0x66)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0xffffffff, r1, 0x900}, 0x38)

196.044µs ago: executing program 1 (id=2088):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x4, &(0x7f00000005c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000001380)}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x103fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup/syz0\x00', 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x19}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r4, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r4, &(0x7f0000000240)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @local, 0x0, 0x3}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000340)="f4001100052b3325fe80070000000000000000000009ffffffe000"/40, 0xfd1b}], 0x1}, 0x20040000)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3, 0x5, &(0x7f0000000540)=ANY=[], 0x0, 0x7, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x1, 0xc, 0x2, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7fffffff}, 0x94)
socket$kcm(0x2c, 0x3, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xb, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000eaea7110be000000000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = socket$kcm(0xa, 0x922000000003, 0x11)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0xffffffff}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x10, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b00)=@bpf_lsm={0x1d, 0x21, &(0x7f00000009c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@map_idx={0x18, 0x8, 0x5, 0x0, 0xb}, @map_val={0x18, 0xa, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x9}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @generic={0x4, 0x8, 0x7, 0x2, 0x7}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xb}, @ldst={0x3, 0x2, 0x1, 0x8, 0xa, 0x80, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000580)='GPL\x00', 0x10000000, 0xad, &(0x7f0000000840)=""/173, 0x40f00, 0x4a, '\x00', r1, 0x1b, r2, 0x8, &(0x7f0000000600)={0x6, 0x1}, 0x8}, 0x94)

0s ago: executing program 3 (id=2089):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0xfffffffe, 0xbf23, 0x800, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:8102' (ED25519) to the list of known hosts.
syzkaller login: [   40.866832][ T5753] cgroup: Unknown subsys name 'net'
[   40.958270][ T5753] cgroup: Unknown subsys name 'cpuset'
[   40.965990][ T5753] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.299519][ T5753] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.056696][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   46.059697][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   46.062567][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   46.066970][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   46.069680][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   46.167069][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   46.174753][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   46.177469][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   46.180318][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   46.183010][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   46.202469][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   46.206039][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   46.208521][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   46.211189][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   46.213664][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   46.261927][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   46.360553][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.363091][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.366026][ T5825] bridge_slave_0: entered allmulticast mode
[   46.368786][ T5825] bridge_slave_0: entered promiscuous mode
[   46.379219][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.381493][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.383817][ T5825] bridge_slave_1: entered allmulticast mode
[   46.387496][ T5825] bridge_slave_1: entered promiscuous mode
[   46.426490][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.434410][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.509485][ T5825] team0: Port device team_slave_0 added
[   46.516015][ T5825] team0: Port device team_slave_1 added
[   46.538490][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.541153][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.550303][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.555395][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   46.560402][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.562680][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.571114][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.589439][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   46.694083][ T5825] hsr_slave_0: entered promiscuous mode
[   46.698459][ T5825] hsr_slave_1: entered promiscuous mode
[   46.750134][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.753246][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.757073][ T5833] bridge_slave_0: entered allmulticast mode
[   46.760882][ T5833] bridge_slave_0: entered promiscuous mode
[   46.803986][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.807275][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.810168][ T5833] bridge_slave_1: entered allmulticast mode
[   46.813909][ T5833] bridge_slave_1: entered promiscuous mode
[   46.819143][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.821711][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.824828][ T5831] bridge_slave_0: entered allmulticast mode
[   46.827656][ T5831] bridge_slave_0: entered promiscuous mode
[   46.831128][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.834127][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.837053][ T5831] bridge_slave_1: entered allmulticast mode
[   46.840088][ T5831] bridge_slave_1: entered promiscuous mode
[   46.878061][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.897762][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.902128][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.928089][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.932031][ T5833] team0: Port device team_slave_0 added
[   46.946768][ T5833] team0: Port device team_slave_1 added
[   46.980600][ T5831] team0: Port device team_slave_0 added
[   46.999992][ T5831] team0: Port device team_slave_1 added
[   47.002290][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.006931][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.016113][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.044360][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.047104][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.056525][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.077354][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.080049][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.088747][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.102040][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.104822][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.113954][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.149165][ T5833] hsr_slave_0: entered promiscuous mode
[   47.151553][ T5833] hsr_slave_1: entered promiscuous mode
[   47.154250][ T5833] debugfs: 'hsr0' already exists in 'hsr'
[   47.158032][ T5833] Cannot create hsr debugfs directory
[   47.199859][ T5831] hsr_slave_0: entered promiscuous mode
[   47.202880][ T5831] hsr_slave_1: entered promiscuous mode
[   47.206035][ T5831] debugfs: 'hsr0' already exists in 'hsr'
[   47.208026][ T5831] Cannot create hsr debugfs directory
[   47.224284][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   47.243681][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   47.271124][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   47.289178][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   47.455675][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   47.465548][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   47.480985][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   47.494911][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   47.522836][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.529034][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.533185][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.537761][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.560087][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.598204][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   47.611223][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.614074][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.626234][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.628539][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.670407][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.692075][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.699096][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   47.712086][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   47.717239][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.719604][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.730060][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.732343][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.736188][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.738419][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.742138][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.744400][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.819110][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.851916][ T5825] veth0_vlan: entered promiscuous mode
[   47.858958][ T5825] veth1_vlan: entered promiscuous mode
[   47.875797][ T5825] veth0_macvtap: entered promiscuous mode
[   47.880026][ T5825] veth1_macvtap: entered promiscuous mode
[   47.901577][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.913957][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.920873][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.931415][ T5855] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.937690][ T5855] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.942673][ T5855] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.952909][ T5855] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.984111][ T5831] veth0_vlan: entered promiscuous mode
[   48.002314][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.015413][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.016236][ T5831] veth1_vlan: entered promiscuous mode
[   48.021264][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.063762][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.066694][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.071927][ T5831] veth0_macvtap: entered promiscuous mode
[   48.080414][ T5833] veth0_vlan: entered promiscuous mode
[   48.083477][ T5831] veth1_macvtap: entered promiscuous mode
[   48.099120][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.102573][ T5833] veth1_vlan: entered promiscuous mode
[   48.116076][   T55] Bluetooth: hci0: command tx timeout
[   48.122894][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   48.131120][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.158258][ T5855] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.181361][ T5855] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.192432][ T5855] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.196597][   T55] Bluetooth: hci1: command tx timeout
[   48.201556][ T5833] veth0_macvtap: entered promiscuous mode
[   48.210531][ T5855] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.214416][ T5833] veth1_macvtap: entered promiscuous mode
[   48.253831][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.271186][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.274981][   T55] Bluetooth: hci2: command tx timeout
[   48.284282][ T5854] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.288229][ T5854] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.292628][ T5854] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.297939][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.297958][ T5854] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.300483][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.346445][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.350646][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.365294][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.371070][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.388300][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.391089][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.175076][ T5946] sctp: [Deprecated]: syz.1.26 (pid 5946) Use of struct sctp_assoc_value in delayed_ack socket option.
[   49.175076][ T5946] Use struct sctp_sack_info instead
[   49.560286][ T5990] netlink: 'syz.0.47': attribute type 11 has an invalid length.
[   49.562994][ T5990] netlink: 132 bytes leftover after parsing attributes in process `syz.0.47'.
[   49.642462][ T5996] netlink: 12 bytes leftover after parsing attributes in process `syz.2.49'.
[   50.198282][   T55] Bluetooth: hci0: command tx timeout
[   50.276233][   T55] Bluetooth: hci1: command tx timeout
[   50.356778][   T55] Bluetooth: hci2: command tx timeout
[   50.518412][   T55] Bluetooth: hci0: unexpected subevent 0x05 length: 150 > 12
[   50.809053][ T6031] Driver unsupported XDP return value 0 on prog  (id 25) dev N/A, expect packet loss!
[   51.334788][ T6037] syz.2.69 uses obsolete (PF_INET,SOCK_PACKET)
[   52.274676][   T55] Bluetooth: hci0: command tx timeout
[   52.355002][   T55] Bluetooth: hci1: command tx timeout
[   52.434636][   T55] Bluetooth: hci2: command tx timeout
[   53.200388][ T6103] syzkaller0: entered promiscuous mode
[   53.202448][ T6103] syzkaller0: entered allmulticast mode
[   53.209789][ T6107] netlink: 'syz.0.102': attribute type 10 has an invalid length.
[   53.843020][ T6111] netlink: 17279 bytes leftover after parsing attributes in process `syz.2.104'.
[   53.976995][ T6117] netlink: 'syz.1.108': attribute type 2 has an invalid length.
[   53.980492][ T6117] netlink: 'syz.1.108': attribute type 1 has an invalid length.
[   53.982327][ T6121] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.109'.
[   53.995370][ T6117] netlink: 191376 bytes leftover after parsing attributes in process `syz.1.108'.
[   54.018407][ T6117] nbd: couldn't find a device at index 149
[   54.355369][   T55] Bluetooth: hci0: command tx timeout
[   54.365675][ T6145] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.121'.
[   54.370079][ T6145] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[   54.438443][   T55] Bluetooth: hci1: command tx timeout
[   54.504506][    C0] hrtimer: interrupt took 56121 ns
[   54.606346][ T6153] netlink: 60 bytes leftover after parsing attributes in process `syz.1.124'.
[   54.724710][   T55] Bluetooth: hci2: command tx timeout
[   54.735133][ T6152] netlink: 60 bytes leftover after parsing attributes in process `syz.1.124'.
[   55.411228][   T55] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3
[   55.509987][   T55] Bluetooth: hci0: Malformed LE Event: 0x0b
[   55.964176][ T6211] netlink: 172 bytes leftover after parsing attributes in process `syz.1.151'.
[   56.102030][ T6219] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.155'.
[   56.333858][ T6231] netlink: 208192 bytes leftover after parsing attributes in process `syz.1.160'.
[   56.339813][ T6231] netlink: 'syz.1.160': attribute type 1 has an invalid length.
[   56.435249][   T55] Bluetooth: hci0: command tx timeout
[   56.473022][ T6243] tap0: tun_chr_ioctl cmd 1074025678
[   56.494743][ T6243] tap0: group set to 0
[   56.637627][ T6252] netlink: 'syz.0.170': attribute type 5 has an invalid length.
[   56.640557][ T6252] netlink: 176 bytes leftover after parsing attributes in process `syz.0.170'.
[   56.656078][   T55] Bluetooth: hci0: Received unexpected HCI Event 0x00
[   57.216614][ T6264] netlink: 'syz.2.176': attribute type 11 has an invalid length.
[   57.660139][ T6297] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.719426][  T792] cfg80211: failed to load regulatory.db
[   58.859675][ T6331] cgroup: fork rejected by pids controller in /syz0
[   59.635155][   T55] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   59.638729][   T55] Bluetooth: hci2: Injecting HCI hardware error event
[   59.642456][ T5828] Bluetooth: hci2: hardware error 0x00
[   59.712222][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.800592][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.896348][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.027038][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.057856][ T6372] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.226'.
[   60.061609][ T6372] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[   60.251848][   T13] bridge_slave_1: left allmulticast mode
[   60.254284][   T13] bridge_slave_1: left promiscuous mode
[   60.258813][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.264261][ T6383] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.271526][ T6383] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.280131][ T6383] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.287002][ T6383] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.291897][ T6383] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.299161][   T13] bridge_slave_0: left allmulticast mode
[   60.301476][   T13] bridge_slave_0: left promiscuous mode
[   60.303856][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.727184][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   60.732009][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   60.738497][   T13] bond0 (unregistering): Released all slaves
[   61.162417][ T6381] chnl_net:caif_netlink_parms(): no params data found
[   61.189380][   T13] hsr_slave_0: left promiscuous mode
[   61.191589][   T13] hsr_slave_1: left promiscuous mode
[   61.193858][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   61.196747][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   61.200077][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   61.202511][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   61.218034][   T13] veth1_macvtap: left promiscuous mode
[   61.220759][   T13] veth0_macvtap: left promiscuous mode
[   61.223612][   T13] veth1_vlan: left promiscuous mode
[   61.226257][   T13] veth0_vlan: left promiscuous mode
[   61.492613][   T13] team0 (unregistering): Port device team_slave_1 removed
[   61.510418][   T13] team0 (unregistering): Port device team_slave_0 removed
[   61.714749][ T5828] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   61.873175][ T6381] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.877222][ T6381] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.879683][ T6381] bridge_slave_0: entered allmulticast mode
[   61.883126][ T6381] bridge_slave_0: entered promiscuous mode
[   61.886771][ T6381] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.889402][ T6381] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.891723][ T6381] bridge_slave_1: entered allmulticast mode
[   61.894374][ T6381] bridge_slave_1: entered promiscuous mode
[   61.946363][ T6381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.951385][ T6381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.006085][ T6381] team0: Port device team_slave_0 added
[   62.018268][ T6381] team0: Port device team_slave_1 added
[   62.065435][ T6381] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.071530][ T6381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.088115][ T6381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.100168][ T6381] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.102370][ T6381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.112415][ T6381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.167670][ T6381] hsr_slave_0: entered promiscuous mode
[   62.170272][ T6381] hsr_slave_1: entered promiscuous mode
[   62.172861][ T6381] debugfs: 'hsr0' already exists in 'hsr'
[   62.175888][ T6381] Cannot create hsr debugfs directory
[   62.176755][ T6453] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.252'.
[   62.356355][ T5828] Bluetooth: hci1: command tx timeout
[   62.612637][ T6484] delete_channel: no stack
[   62.616877][ T6484] delete_channel: no stack
[   62.681448][ T6489] netlink: 'syz.2.261': attribute type 2 has an invalid length.
[   62.690291][ T6489] netlink: 164 bytes leftover after parsing attributes in process `syz.2.261'.
[   62.708836][ T6381] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.723977][ T6381] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.737713][ T6381] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.743654][ T6381] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.830790][ T6381] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.841663][ T6504] netlink: 'syz.2.264': attribute type 21 has an invalid length.
[   62.842083][ T6381] 8021q: adding VLAN 0 to HW filter on device team0
[   62.847102][ T6504] netlink: 128 bytes leftover after parsing attributes in process `syz.2.264'.
[   62.854384][ T6504] netlink: 'syz.2.264': attribute type 4 has an invalid length.
[   62.864629][ T6504] netlink: 'syz.2.264': attribute type 5 has an invalid length.
[   62.867997][ T6504] netlink: 3 bytes leftover after parsing attributes in process `syz.2.264'.
[   62.873594][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.876581][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.892871][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.895255][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.066304][ T6381] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.121858][ T6381] veth0_vlan: entered promiscuous mode
[   63.133612][ T6381] veth1_vlan: entered promiscuous mode
[   63.150787][ T6527] netlink: 10 bytes leftover after parsing attributes in process `syz.2.269'.
[   63.178975][ T6381] veth0_macvtap: entered promiscuous mode
[   63.182718][ T6381] veth1_macvtap: entered promiscuous mode
[   63.201736][ T6381] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.208218][ T6381] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.216224][ T5721] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.220468][ T5721] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.234423][ T5721] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.255990][ T5721] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.335940][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.338376][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.382863][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.388178][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.819644][ T6580] netlink: 132 bytes leftover after parsing attributes in process `syz.0.290'.
[   63.923365][ T6590] netlink: 'syz.0.295': attribute type 21 has an invalid length.
[   63.931912][ T6590] netlink: 156 bytes leftover after parsing attributes in process `syz.0.295'.
[   64.012874][ T6599] warning: `syz.1.299' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   64.089200][ T6606] netlink: 2451 bytes leftover after parsing attributes in process `syz.1.302'.
[   64.370834][ T6616] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   64.383787][ T6616] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   64.411133][ T6623] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   64.434640][ T5828] Bluetooth: hci1: command tx timeout
[   65.066834][ T6616] syz.0.306 (6616) used greatest stack depth: 20304 bytes left
[   65.401344][ T6671] netlink: 'syz.0.329': attribute type 22 has an invalid length.
[   66.514710][ T5828] Bluetooth: hci1: command tx timeout
[   66.836872][ T6700] netlink: 'syz.2.342': attribute type 29 has an invalid length.
[   66.985591][ T6700] netlink: 'syz.2.342': attribute type 29 has an invalid length.
[   66.995969][ T6700] netlink: 'syz.2.342': attribute type 29 has an invalid length.
[   67.000328][ T6700] netlink: 'syz.2.342': attribute type 29 has an invalid length.
[   67.085740][ T6714] netlink: 11318 bytes leftover after parsing attributes in process `syz.1.344'.
[   67.280804][ T6729] netlink: 176 bytes leftover after parsing attributes in process `syz.2.352'.
[   67.317160][ T3604] wlan1: Trigger new scan to find an IBSS to join
[   67.466727][ T6743] netlink: 40 bytes leftover after parsing attributes in process `syz.2.359'.
[   67.477122][ T6743] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[   67.487249][ T6743] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   67.849155][ T6754] Zero length message leads to an empty skb
[   67.948644][ T6756] lo: entered promiscuous mode
[   68.208652][ T6766] bridge_slave_1: left allmulticast mode
[   68.211003][ T6766] bridge_slave_1: left promiscuous mode
[   68.221325][ T6766] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.376638][ T6766] bridge_slave_0: left allmulticast mode
[   68.380029][ T6766] bridge_slave_0: left promiscuous mode
[   68.385814][ T6766] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.604832][ T5828] Bluetooth: hci1: command tx timeout
[   69.039679][ T6776] validate_nla: 2 callbacks suppressed
[   69.039693][ T6776] netlink: 'syz.2.372': attribute type 4 has an invalid length.
[   69.134014][ T6777] delete_channel: no stack
[   69.291107][ T6785] netlink: 146936 bytes leftover after parsing attributes in process `syz.0.375'.
[   69.297600][ T6785] openvswitch: netlink: Message has 6 unknown bytes.
[   69.406233][ T6785] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   69.420299][ T6785] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   70.483339][ T6813] netlink: 'syz.1.388': attribute type 21 has an invalid length.
[   70.487428][ T6813] netlink: 128 bytes leftover after parsing attributes in process `syz.1.388'.
[   70.490429][ T6813] netlink: 'syz.1.388': attribute type 5 has an invalid length.
[   70.492916][ T6813] netlink: 'syz.1.388': attribute type 6 has an invalid length.
[   70.495761][ T6813] netlink: 3 bytes leftover after parsing attributes in process `syz.1.388'.
[   70.553196][ T6821] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.392'.
[   70.597336][ T6827] netlink: 'syz.2.395': attribute type 21 has an invalid length.
[   70.601087][ T6827] netlink: 'syz.2.395': attribute type 1 has an invalid length.
[   70.653379][ T6837] netlink: 176 bytes leftover after parsing attributes in process `syz.2.400'.
[   70.770290][ T6847] netlink: 156 bytes leftover after parsing attributes in process `syz.1.404'.
[   71.299890][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.302205][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.385508][   T27] wlan1: Trigger new scan to find an IBSS to join
[   71.720763][ T6871] syzkaller0: entered promiscuous mode
[   71.722629][ T6871] syzkaller0: entered allmulticast mode
[   71.781215][ T6883] netlink: 164 bytes leftover after parsing attributes in process `syz.1.421'.
[   71.883421][ T6891] netlink: 'syz.0.420': attribute type 21 has an invalid length.
[   71.941430][ T6892] netlink: 'syz.0.420': attribute type 10 has an invalid length.
[   72.587127][ T6903] __nla_validate_parse: 1 callbacks suppressed
[   72.587136][ T6903] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.429'.
[   72.630706][ T6905] netlink: 'syz.1.430': attribute type 21 has an invalid length.
[   72.727249][ T6909] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.432'.
[   72.742043][ T6909] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   72.746629][ T6909] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   72.778053][ T6921] netlink: 132 bytes leftover after parsing attributes in process `syz.2.435'.
[   72.812836][ T6917] netlink: 'syz.1.432': attribute type 22 has an invalid length.
[   72.816769][ T6917] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.432'.
[   73.316030][   T28] wlan1: Creating new IBSS network, BSSID 1e:fd:a5:79:a9:71
[   73.643616][ T6968] netlink: 24859 bytes leftover after parsing attributes in process `syz.2.457'.
[   73.819343][ T6988] netlink: 80 bytes leftover after parsing attributes in process `syz.1.465'.
[   74.159302][ T7018] netlink: 60 bytes leftover after parsing attributes in process `syz.1.480'.
[   74.163866][ T7018] netlink: 60 bytes leftover after parsing attributes in process `syz.1.480'.
[   74.168395][ T7018] netlink: 60 bytes leftover after parsing attributes in process `syz.1.480'.
[   74.548540][ T7046] netlink: 20 bytes leftover after parsing attributes in process `syz.0.495'.
[   74.834103][ T7062] validate_nla: 3 callbacks suppressed
[   74.834113][ T7062] netlink: 'syz.0.500': attribute type 21 has an invalid length.
[   74.952267][ T7060] tun0: tun_chr_ioctl cmd 1074025675
[   74.959419][ T7060] tun0: persist enabled
[   74.961235][ T7061] tun0: tun_chr_ioctl cmd 1074025675
[   74.964170][ T7061] tun0: persist disabled
[   75.138794][ T7072] netlink: 'syz.0.505': attribute type 4 has an invalid length.
[   75.209605][ T5828] Bluetooth: hci1: unexpected event 0x16 length: 151 > 6
[   75.383209][ T7092] syzkaller0: entered promiscuous mode
[   75.387395][ T7092] syzkaller0: entered allmulticast mode
[   76.096267][ T7096] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.098837][ T7096] batman_adv: batadv0: Removing interface: batadv_slave_0
[   76.101838][ T7096] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   76.104438][ T7096] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.232471][ T7102] syzkaller0: entered promiscuous mode
[   76.234383][ T7102] syzkaller0: entered allmulticast mode
[   76.340400][ T7114] netlink: 'syz.2.526': attribute type 1 has an invalid length.
[   76.343056][ T7114] netlink: 'syz.2.526': attribute type 4 has an invalid length.
[   76.577742][ T7122] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[   77.687837][ T7158] netlink: 'syz.0.546': attribute type 10 has an invalid length.
[   77.828865][ T7158] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   77.986638][ T7158] syz.0.546 (7158) used greatest stack depth: 19512 bytes left
[   77.990958][ T7164] netlink: 'syz.2.549': attribute type 10 has an invalid length.
[   78.011889][ T7164] team0: Device ipvlan1 failed to register rx_handler
[   78.307621][ T7184] __nla_validate_parse: 5 callbacks suppressed
[   78.307632][ T7184] netlink: 60 bytes leftover after parsing attributes in process `syz.0.560'.
[   78.313837][ T7184] netlink: 60 bytes leftover after parsing attributes in process `syz.0.560'.
[   78.320863][ T7184] netlink: 60 bytes leftover after parsing attributes in process `syz.0.560'.
[   78.532561][ T7210] delete_channel: no stack
[   78.701596][ T7219] netlink: 212424 bytes leftover after parsing attributes in process `syz.1.576'.
[   78.910875][ T7249] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.588'.
[   78.925622][ T7249] netlink: zone id is out of range
[   78.928142][ T7249] netlink: zone id is out of range
[   78.930148][ T7249] netlink: zone id is out of range
[   78.931936][ T7249] netlink: get zone limit has 8 unknown bytes
[   78.983887][ T7259] netlink: 2 bytes leftover after parsing attributes in process `syz.2.595'.
[   79.062193][ T7267] netlink: 'syz.2.600': attribute type 10 has an invalid length.
[   79.073740][ T7267] netlink: 3819 bytes leftover after parsing attributes in process `syz.2.600'.
[   80.179796][ T7326] netlink: 'syz.2.626': attribute type 21 has an invalid length.
[   80.498381][ T7344] netlink: 152 bytes leftover after parsing attributes in process `syz.2.633'.
[   80.501365][ T7344] netlink: 6 bytes leftover after parsing attributes in process `syz.2.633'.
[   80.639696][ T7358] netlink: 'syz.0.640': attribute type 3 has an invalid length.
[   80.644893][ T7358] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.640'.
[   80.888548][ T7376] netlink: 'syz.0.649': attribute type 27 has an invalid length.
[   80.997243][ T7389] netlink: 'syz.2.655': attribute type 49 has an invalid length.
[   81.098026][ T7397] syz.0.659: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   81.102815][ T7397] CPU: 1 UID: 0 PID: 7397 Comm: syz.0.659 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957-dirty #0 PREEMPT(full) 
[   81.102825][ T7397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   81.102830][ T7397] Call Trace:
[   81.102833][ T7397]  <TASK>
[   81.102836][ T7397]  dump_stack_lvl+0x189/0x250
[   81.102849][ T7397]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.102856][ T7397]  ? __pfx__printk+0x10/0x10
[   81.102865][ T7397]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   81.102873][ T7397]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   81.102881][ T7397]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   81.102889][ T7397]  warn_alloc+0x214/0x310
[   81.102897][ T7397]  ? stack_depot_save_flags+0x429/0x900
[   81.102909][ T7397]  ? __pfx_warn_alloc+0x10/0x10
[   81.102917][ T7397]  ? kasan_save_track+0x4f/0x80
[   81.102926][ T7397]  ? xskq_create+0x56/0x170
[   81.102934][ T7397]  ? xsk_init_queue+0xb0/0x110
[   81.102942][ T7397]  ? xsk_setsockopt+0x57b/0x8d0
[   81.102949][ T7397]  ? do_sock_setsockopt+0x17c/0x1b0
[   81.102955][ T7397]  ? __x64_sys_setsockopt+0x13f/0x1b0
[   81.102961][ T7397]  ? do_syscall_64+0xfa/0x3b0
[   81.102969][ T7397]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.102978][ T7397]  __vmalloc_node_range_noprof+0x125/0x12f0
[   81.103002][ T7397]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   81.103011][ T7397]  ? __kasan_kmalloc+0x93/0xb0
[   81.103021][ T7397]  vmalloc_user_noprof+0xad/0xf0
[   81.103027][ T7397]  ? xskq_create+0xbf/0x170
[   81.103036][ T7397]  xskq_create+0xbf/0x170
[   81.103046][ T7397]  xsk_init_queue+0xb0/0x110
[   81.103055][ T7397]  xsk_setsockopt+0x57b/0x8d0
[   81.103064][ T7397]  ? __pfx_xsk_setsockopt+0x10/0x10
[   81.103072][ T7397]  ? __pfx_aa_sk_perm+0x10/0x10
[   81.103082][ T7397]  ? __fget_files+0x2a/0x420
[   81.103089][ T7397]  ? aa_sock_opt_perm+0x74/0x110
[   81.103098][ T7397]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   81.103107][ T7397]  ? __pfx_xsk_setsockopt+0x10/0x10
[   81.103117][ T7397]  do_sock_setsockopt+0x17c/0x1b0
[   81.103125][ T7397]  __x64_sys_setsockopt+0x13f/0x1b0
[   81.103134][ T7397]  do_syscall_64+0xfa/0x3b0
[   81.103143][ T7397]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.103152][ T7397]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.103158][ T7397]  ? exc_page_fault+0x9f/0xf0
[   81.103167][ T7397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.103174][ T7397] RIP: 0033:0x7fe574d8ebe9
[   81.103181][ T7397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.103186][ T7397] RSP: 002b:00007fe575b93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   81.103193][ T7397] RAX: ffffffffffffffda RBX: 00007fe574fb5fa0 RCX: 00007fe574d8ebe9
[   81.103198][ T7397] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000008
[   81.103203][ T7397] RBP: 00007fe574e11e19 R08: 0000000000000004 R09: 0000000000000000
[   81.103207][ T7397] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[   81.103211][ T7397] R13: 00007fe574fb6038 R14: 00007fe574fb5fa0 R15: 00007fffed25ddd8
[   81.103222][ T7397]  </TASK>
[   81.103226][ T7397] Mem-Info:
[   81.208862][ T7397] active_anon:17569 inactive_anon:0 isolated_anon:0
[   81.208862][ T7397]  active_file:11091 inactive_file:38219 isolated_file:0
[   81.208862][ T7397]  unevictable:1768 dirty:111 writeback:0
[   81.208862][ T7397]  slab_reclaimable:9565 slab_unreclaimable:51998
[   81.208862][ T7397]  mapped:18014 shmem:14886 pagetables:1036
[   81.208862][ T7397]  sec_pagetables:0 bounce:0
[   81.208862][ T7397]  kernel_misc_reclaimable:0
[   81.208862][ T7397]  free:287149 free_pcp:13699 free_cma:0
[   81.223754][ T7397] Node 0 active_anon:39792kB inactive_anon:0kB active_file:14564kB inactive_file:9332kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:26612kB dirty:368kB writeback:0kB shmem:33724kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5656kB pagetables:1912kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   81.246981][ T7397] Node 1 active_anon:25452kB inactive_anon:0kB active_file:29800kB inactive_file:143544kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:45444kB dirty:76kB writeback:0kB shmem:20652kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5756kB pagetables:2232kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   81.269335][ T7397] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   81.283627][ T7397] lowmem_reserve[]: 0 814 814 814 814
[   81.286690][ T7397] Node 0 DMA32 free:410984kB boost:0kB min:33720kB low:42148kB high:50576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34556kB inactive_anon:0kB active_file:14564kB inactive_file:9332kB unevictable:3536kB writepending:368kB present:1556484kB managed:834024kB mlocked:0kB bounce:0kB free_pcp:29728kB local_pcp:17160kB free_cma:0kB
[   81.297211][ T7397] lowmem_reserve[]: 0 0 0 0 0
[   81.299507][ T7397] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   81.304398][ T7404] C: renamed from team_slave_0 (while UP)
[   81.309294][ T7397] lowmem_reserve[]: 0 0 854 854 854
[   81.313694][ T7397] Node 1 Normal free:276152kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19604kB inactive_anon:0kB active_file:29800kB inactive_file:143544kB unevictable:3536kB writepending:76kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:28804kB local_pcp:10664kB free_cma:0kB
[   81.324736][ T7397] lowmem_reserve[]: 0 0 0 0 0
[   81.326562][ T7397] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   81.332575][ T7404] netlink: 'syz.2.661': attribute type 3 has an invalid length.
[   81.337188][ T7397] Node 0 DMA32: 3*4kB (UME) 2*8kB (UM) 2*16kB (UM) 291*32kB (UME) 74*64kB (UE) 22*128kB (UME) 7*256kB (UM) 6*512kB (UM) 2*1024kB (UE) 3*2048kB (UME) 93*4096kB (M) = 410908kB
[   81.341436][ T7404] netlink: 'syz.2.661': attribute type 1 has an invalid length.
[   81.344336][ T7397] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   81.351303][ T7397] Node 1 Normal: 572*4kB (UM) 860*8kB (UM) 550*16kB (UM) 381*32kB (UME) 142*64kB (UM) 23*128kB (UM) 15*256kB (UE) 12*512kB (UM) 8*1024kB (UM) 7*2048kB (UE) 50*4096kB (UM) = 279504kB
[   81.360043][ T7397] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   81.365865][ T7406] netlink: 'syz.1.662': attribute type 10 has an invalid length.
[   81.369095][ T7406] team0: Device ip6_vti0 is of different type
[   81.371862][ T7397] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   81.376068][ T7397] 58946 total pagecache pages
[   81.377733][ T7397] 0 pages in swap cache
[   81.379214][ T7397] Free swap  = 124996kB
[   81.380694][ T7397] Total swap = 124996kB
[   81.382209][ T7397] 786301 pages RAM
[   81.383560][ T7397] 0 pages HighMem/MovableOnly
[   81.406410][ T7397] 240547 pages reserved
[   81.409286][ T7397] 0 pages cma reserved
[   81.592100][ T7424] C: renamed from team_slave_0 (while UP)
[   81.597971][ T7424] netlink: 'syz.0.670': attribute type 3 has an invalid length.
[   81.600604][ T7424] netlink: 'syz.0.670': attribute type 1 has an invalid length.
[   81.603184][ T7424] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   84.892738][ T7461] netlink: 'syz.1.688': attribute type 12 has an invalid length.
[   84.902435][ T7461] __nla_validate_parse: 2 callbacks suppressed
[   84.902443][ T7461] netlink: 132 bytes leftover after parsing attributes in process `syz.1.688'.
[   85.220851][ T7503] netlink: 'syz.0.707': attribute type 21 has an invalid length.
[   85.223343][ T7503] netlink: 156 bytes leftover after parsing attributes in process `syz.0.707'.
[   85.357277][ T7514] netlink: 60 bytes leftover after parsing attributes in process `syz.0.710'.
[   85.368595][ T7509] netlink: 60 bytes leftover after parsing attributes in process `syz.0.710'.
[   85.373769][ T7514] netlink: 60 bytes leftover after parsing attributes in process `syz.0.710'.
[   85.829513][ T7545] netlink: 17 bytes leftover after parsing attributes in process `syz.0.726'.
[   85.832412][ T7545] netlink: zone id is out of range
[   85.834054][ T7545] netlink: zone id is out of range
[   85.846528][ T7545] netlink: zone id is out of range
[   85.848154][ T7545] netlink: zone id is out of range
[   85.849820][ T7545] netlink: zone id is out of range
[   85.851487][ T7545] netlink: zone id is out of range
[   85.853124][ T7545] netlink: zone id is out of range
[   85.879702][ T7545] netlink: zone id is out of range
[   85.882558][ T7545] netlink: zone id is out of range
[   85.895000][ T7545] netlink: zone id is out of range
[   86.259056][ T7580] netlink: 40 bytes leftover after parsing attributes in process `syz.1.742'.
[   86.884638][ T7615] netlink: 'syz.0.756': attribute type 21 has an invalid length.
[   86.887678][ T7615] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   86.890668][ T7615] IPv6: NLM_F_CREATE should be set when creating new route
[   86.893660][ T7615] IPv6: NLM_F_CREATE should be set when creating new route
[   86.896735][ T7615] IPv6: NLM_F_CREATE should be set when creating new route
[   87.148874][ T7627] syzkaller0: entered promiscuous mode
[   87.151626][ T7627] syzkaller0: entered allmulticast mode
[   87.321422][ T7629] netlink: 'syz.0.763': attribute type 6 has an invalid length.
[   87.324343][ T7629] netlink: 168 bytes leftover after parsing attributes in process `syz.0.763'.
[   87.576896][ T7647] tap0: tun_chr_ioctl cmd 1074025681
[   87.754090][ T7659] netlink: 'syz.1.777': attribute type 21 has an invalid length.
[   87.758087][ T7659] netlink: 'syz.1.777': attribute type 10 has an invalid length.
[   87.760672][ T7659] netlink: 55 bytes leftover after parsing attributes in process `syz.1.777'.
[   88.367801][ T7698] netlink: 'syz.2.794': attribute type 1 has an invalid length.
[   88.372986][ T7698] netlink: 'syz.2.794': attribute type 3 has an invalid length.
[   88.378657][ T7698] netlink: 132 bytes leftover after parsing attributes in process `syz.2.794'.
[   89.262312][ T7738] hsr_slave_0: left promiscuous mode
[   89.965922][ T7738] hsr_slave_1: left promiscuous mode
[   90.438117][ T7768] netlink: 'syz.2.824': attribute type 21 has an invalid length.
[   90.489186][ T7775] __nla_validate_parse: 1 callbacks suppressed
[   90.489196][ T7775] netlink: 152 bytes leftover after parsing attributes in process `syz.0.828'.
[   90.496391][ T7775] netlink: 6 bytes leftover after parsing attributes in process `syz.0.828'.
[   90.846833][ T7797] netlink: 'syz.0.837': attribute type 10 has an invalid length.
[   90.960609][ T7797] bond0: (slave bond_slave_0): Releasing backup interface
[   90.981991][ T7807] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   91.967163][ T7834] netlink: 'syz.0.851': attribute type 10 has an invalid length.
[   91.977644][ T7834] netlink: 55 bytes leftover after parsing attributes in process `syz.0.851'.
[   91.997969][ T7834] delete_channel: no stack
[   92.958497][ T7866] netlink: 'syz.2.866': attribute type 7 has an invalid length.
[   93.508122][ T7910] netlink: 64 bytes leftover after parsing attributes in process `syz.2.886'.
[   94.010858][ T7938] syzkaller0: entered promiscuous mode
[   94.012753][ T7938] syzkaller0: entered allmulticast mode
[   94.015670][ T5854] syzkaller0: tun_net_xmit 48
[   94.037979][ T7938] syzkaller0: tun_chr_ioctl cmd 2147767520
[   94.041580][ T7938] syzkaller0: tun_net_xmit 1280
[   94.989719][ T7974] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[   94.992512][ T7974] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[   95.982967][ T7992] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.923'.
[   97.444053][ T8057] netlink: 'syz.0.952': attribute type 21 has an invalid length.
[   97.447797][ T8057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.952'.
[   97.891694][ T8074] netlink: 'syz.1.960': attribute type 7 has an invalid length.
[   99.892096][ T5828] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[   99.946153][ T8100] veth1_to_bond: entered allmulticast mode
[  100.142201][ T8123] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.982'.
[  100.320778][ T8136] IPv6: NLM_F_CREATE should be specified when creating new route
[  101.556221][ T8162] netlink: 763 bytes leftover after parsing attributes in process `syz.1.999'.
[  102.020954][ T8189] net_ratelimit: 73 callbacks suppressed
[  102.020964][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.026033][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.028994][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.032078][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.035190][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.038125][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.041050][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.044122][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.047220][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.050068][ T8189] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  102.240236][ T8205] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1015'.
[  102.285480][ T8215] netlink: 'syz.2.1019': attribute type 11 has an invalid length.
[  102.288112][ T8215] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1019'.
[  102.342371][ T8219] netlink: 'syz.2.1022': attribute type 21 has an invalid length.
[  102.352002][ T8219] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1022'.
[  102.355268][ T8219] netlink: 'syz.2.1022': attribute type 4 has an invalid length.
[  102.357837][ T8219] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1022'.
[  102.450501][ T8233] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1028'.
[  102.454225][ T8233] netlink: 'syz.0.1028': attribute type 3 has an invalid length.
[  102.458197][ T8233] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1028'.
[  102.481277][ T8235] netlink: 137592 bytes leftover after parsing attributes in process `syz.1.1030'.
[  102.485916][ T8235] nbd: must specify a size in bytes for the device
[  102.751702][ T8272] netlink: 'syz.2.1047': attribute type 3 has an invalid length.
[  102.754241][ T8272] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1047'.
[  102.923468][ T8280] syzkaller0: tun_chr_ioctl cmd 1074812117
[  102.966336][ T8293] syzkaller0: entered promiscuous mode
[  102.968619][ T8293] syzkaller0: entered allmulticast mode
[  104.440482][ T8344] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[  105.049543][ T8370] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1090'.
[  105.099668][ T8370] netlink: 'syz.1.1090': attribute type 2 has an invalid length.
[  105.102300][ T8370] netlink: 'syz.1.1090': attribute type 8 has an invalid length.
[  105.683743][ T8403] syzkaller0: entered promiscuous mode
[  105.686172][ T8403] syzkaller0: entered allmulticast mode
[  107.021926][ T8484] __nla_validate_parse: 3 callbacks suppressed
[  107.021936][ T8484] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1139'.
[  107.027182][ T8476] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1139'.
[  107.125775][ T8500] netlink: 'syz.0.1149': attribute type 40 has an invalid length.
[  107.128578][ T8500] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1149'.
[  107.193283][ T8505] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.1152'.
[  107.461281][ T8521] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  107.558247][ T8533] netlink: 'syz.1.1166': attribute type 29 has an invalid length.
[  108.063870][ T8555] netlink: 703 bytes leftover after parsing attributes in process `syz.2.1175'.
[  108.260038][ T8561] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.1178'.
[  108.339783][ T8567] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.1181'.
[  109.662657][ T8619] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1206'.
[  109.710137][ T8625] netlink: 'syz.2.1209': attribute type 10 has an invalid length.
[  109.715915][ T8625] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.1209'.
[  109.847448][ T8632] netlink: 'syz.0.1213': attribute type 1 has an invalid length.
[  109.850251][ T8632] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1213'.
[  110.145232][ T8643] sit0: entered allmulticast mode
[  110.327155][ T8665] sit0: entered promiscuous mode
[  110.432132][ T8673] netlink: 'syz.0.1231': attribute type 21 has an invalid length.
[  110.584990][ T8689] IPv6: Can't replace route, no match found
[  110.659156][ T5828] Bluetooth: hci1: unexpected subevent 0x0a length: 150 > 30
[  110.704811][ T8698] net_ratelimit: 3319 callbacks suppressed
[  110.704821][ T8698] Dead loop on virtual device ip6_vti0, fix it urgently!
[  111.314885][   T66] wlan1: Trigger new scan to find an IBSS to join
[  111.644869][ T8755] netlink: 'syz.2.1270': attribute type 29 has an invalid length.
[  111.648759][ T8755] netlink: 'syz.2.1270': attribute type 29 has an invalid length.
[  111.652464][ T8755] netlink: 'syz.2.1270': attribute type 29 has an invalid length.
[  111.789135][ T8772] netlink: 'syz.0.1277': attribute type 1 has an invalid length.
[  111.899929][ T8792] netlink: 'syz.0.1287': attribute type 41 has an invalid length.
[  112.273541][ T8824] netlink: 'syz.0.1298': attribute type 10 has an invalid length.
[  112.772824][ T8836] __nla_validate_parse: 3 callbacks suppressed
[  112.772835][ T8836] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1306'.
[  112.781109][ T8836] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1306'.
[  112.785203][ T8836] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1306'.
[  112.852313][ T8846] netlink: 67 bytes leftover after parsing attributes in process `syz.2.1310'.
[  115.241746][ T8897] netlink: 'syz.2.1331': attribute type 2 has an invalid length.
[  115.244266][ T8897] netlink: 'syz.2.1331': attribute type 9 has an invalid length.
[  115.249709][ T8897] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1331'.
[  115.269442][ T8901] netlink: 'syz.0.1332': attribute type 21 has an invalid length.
[  115.298694][ T8904] netlink: 'syz.2.1334': attribute type 37 has an invalid length.
[  115.414061][ T8921] netlink: 209840 bytes leftover after parsing attributes in process `syz.0.1343'.
[  115.658487][ T8951] netlink: 'syz.2.1358': attribute type 2 has an invalid length.
[  115.661740][ T8951] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.1358'.
[  115.960211][ T8981] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.1372'.
[  116.527386][ T8998] netlink: 'syz.0.1380': attribute type 10 has an invalid length.
[  117.403570][ T9031] netlink: 'syz.0.1395': attribute type 1 has an invalid length.
[  118.469815][ T9054] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1405'.
[  119.004388][ T9076] netlink: 'syz.2.1412': attribute type 6 has an invalid length.
[  119.008934][ T9076] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1412'.
[  119.317087][ T9080] netlink: 'syz.0.1414': attribute type 4 has an invalid length.
[  119.319972][ T9080] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1414'.
[  119.326367][ T9080] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  119.808202][ T9113] netlink: 'syz.2.1430': attribute type 3 has an invalid length.
[  119.810829][ T9113] netlink: 201336 bytes leftover after parsing attributes in process `syz.2.1430'.
[  119.904299][   T55] Bluetooth: hci1: ISO packet too small
[  120.657040][ T9136] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.1441'.
[  121.577838][ T9150] sit0: left promiscuous mode
[  121.593254][ T9151] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1448'.
[  121.620314][ T9150] sit0: entered promiscuous mode
[  121.938897][ T9168] netlink: 'syz.2.1456': attribute type 21 has an invalid length.
[  122.892470][ T9197] netlink: 'syz.2.1469': attribute type 10 has an invalid length.
[  122.895815][ T9197] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1469'.
[  122.967720][ T9204] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1468'.
[  124.079517][ T9224] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1481'.
[  124.496434][ T9251] delete_channel: no stack
[  124.498168][ T9251] delete_channel: no stack
[  124.564427][ T9254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1494'.
[  124.620542][ T9258] netlink: 'syz.1.1495': attribute type 9 has an invalid length.
[  124.689034][   T55] Bluetooth: hci0: unexpected subevent 0x0a length: 150 > 30
[  124.914998][ T9290] netlink: 'syz.1.1510': attribute type 2 has an invalid length.
[  124.918288][ T9290] netlink: 51 bytes leftover after parsing attributes in process `syz.1.1510'.
[  125.161829][ T9310] netlink: 'syz.0.1519': attribute type 11 has an invalid length.
[  125.164443][ T9310] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1519'.
[  125.994814][ T9347] openvswitch: netlink: Flow actions attr not present in new flow.
[  126.004380][ T9347] syzkaller0: entered promiscuous mode
[  126.754678][ T5828] Bluetooth: hci0: command tx timeout
[  126.765704][ T9349] syz.1.1537 (9349) used greatest stack depth: 17744 bytes left
[  127.303621][ T5721] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.349461][ T5721] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.392705][ T5721] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.471650][ T5721] bond0: (slave netdevsim0): Releasing backup interface
[  127.476634][ T5721] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.635711][ T5721] bridge_slave_1: left allmulticast mode
[  127.644009][ T5721] bridge_slave_1: left promiscuous mode
[  127.649249][ T5721] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.654426][ T5721] bridge_slave_0: left allmulticast mode
[  127.657664][ T5721] bridge_slave_0: left promiscuous mode
[  127.659972][ T5721] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.873009][ T5721] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  127.877047][ T5721] bond0 (unregistering): Released all slaves
[  128.156071][ T5721] hsr_slave_0: left promiscuous mode
[  128.158666][ T5721] hsr_slave_1: left promiscuous mode
[  128.172249][ T5721] veth1_macvtap: left promiscuous mode
[  128.174343][ T5721] veth0_macvtap: left promiscuous mode
[  128.344041][ T5721] team0 (unregistering): Port device team_slave_1 removed
[  128.365561][ T5721] team0 (unregistering): Port device C removed
[  128.780665][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  128.783438][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  128.787843][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  128.793770][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  128.797778][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  128.922932][ T9415] chnl_net:caif_netlink_parms(): no params data found
[  128.988244][ T9415] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.991042][ T9415] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.993840][ T9415] bridge_slave_0: entered allmulticast mode
[  128.997655][ T9415] bridge_slave_0: entered promiscuous mode
[  129.001572][ T9415] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.004238][ T9415] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.007460][ T9415] bridge_slave_1: entered allmulticast mode
[  129.010892][ T9415] bridge_slave_1: entered promiscuous mode
[  129.039564][ T9415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.046076][ T9415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.070448][ T9415] team0: Port device team_slave_0 added
[  129.073575][ T9415] team0: Port device team_slave_1 added
[  129.091677][ T9415] batman_adv: batadv0: Adding interface: batadv_slave_0
[  129.093981][ T9415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.103574][ T9415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  129.108139][ T9415] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.110438][ T9415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.118904][ T9415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.145240][ T9415] hsr_slave_0: entered promiscuous mode
[  129.147530][ T9415] hsr_slave_1: entered promiscuous mode
[  129.260153][ T9415] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  129.266068][ T9415] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  129.270518][ T9415] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  129.276077][ T9415] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  129.298994][ T9415] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.301283][ T9415] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.303783][ T9415] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.306056][ T9415] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.350729][ T9415] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.360018][ T3604] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.362856][ T3604] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.378478][ T9415] 8021q: adding VLAN 0 to HW filter on device team0
[  129.389065][ T3604] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.392048][ T3604] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.406783][ T3604] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.409884][ T3604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.553060][ T9415] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.667689][ T9415] veth0_vlan: entered promiscuous mode
[  129.673555][ T9415] veth1_vlan: entered promiscuous mode
[  129.691800][ T9415] veth0_macvtap: entered promiscuous mode
[  129.697157][ T9415] veth1_macvtap: entered promiscuous mode
[  129.708817][ T9415] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.715858][ T9415] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.722651][ T5854] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.734657][ T5854] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.766991][ T5854] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.777759][ T5854] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.832164][ T3604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.835869][ T3604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.853059][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.857861][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.934173][ T5828] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  129.941747][ T5828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  129.947363][ T5828] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  129.951696][ T5828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  129.961039][ T5828] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  130.061192][ T9486] syzkaller0: entered promiscuous mode
[  130.063106][ T9486] syzkaller0: entered allmulticast mode
[  130.105182][ T9477] chnl_net:caif_netlink_parms(): no params data found
[  130.181996][ T9493] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1560'.
[  130.186182][ T9477] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.188668][ T9477] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.190976][ T9477] bridge_slave_0: entered allmulticast mode
[  130.193607][ T9477] bridge_slave_0: entered promiscuous mode
[  130.205615][ T9477] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.208103][ T9477] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.210652][ T9477] bridge_slave_1: entered allmulticast mode
[  130.213369][ T9477] bridge_slave_1: entered promiscuous mode
[  130.225137][ T9493] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1560'.
[  130.259208][ T9493] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1560'.
[  130.265085][ T9477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.270661][ T9477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.296325][ T9499] netlink: 4479 bytes leftover after parsing attributes in process `syz.4.1557'.
[  130.321956][ T9477] team0: Port device team_slave_0 added
[  130.329181][ T9477] team0: Port device team_slave_1 added
[  130.339989][ T9503] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.1559'.
[  130.353049][ T9477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.356535][ T9477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.369736][ T9505] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1561'.
[  130.374403][ T9477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.384799][ T9477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  130.387041][ T9477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.400769][ T9477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.447737][ T9477] hsr_slave_0: entered promiscuous mode
[  130.451047][ T9477] hsr_slave_1: entered promiscuous mode
[  130.459101][ T9477] debugfs: 'hsr0' already exists in 'hsr'
[  130.460899][ T9477] Cannot create hsr debugfs directory
[  130.539942][ T9518] netlink: 'syz.1.1571': attribute type 21 has an invalid length.
[  130.544876][ T9518] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1571'.
[  130.657961][ T9477] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  130.675827][ T9477] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  130.689076][ T9477] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  130.702554][ T9477] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  130.759668][ T9544] netlink: 'syz.4.1575': attribute type 21 has an invalid length.
[  130.762562][ T9532] netlink: 4479 bytes leftover after parsing attributes in process `syz.1.1570'.
[  130.771129][ T9477] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.773689][ T9477] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.776210][ T9477] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.778798][ T9477] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.818332][ T9477] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.831223][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.834162][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.839466][   T55] Bluetooth: hci1: command tx timeout
[  130.849572][ T9477] 8021q: adding VLAN 0 to HW filter on device team0
[  130.857979][ T1233] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.860428][ T1233] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.867247][ T1233] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.869645][ T1233] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.882224][ T9553] netlink: 'syz.1.1580': attribute type 41 has an invalid length.
[  130.885462][ T9553] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1580'.
[  131.010975][ T9477] 8021q: adding VLAN 0 to HW filter on device batadv0
[  131.031405][ T9477] veth0_vlan: entered promiscuous mode
[  131.042614][ T9477] veth1_vlan: entered promiscuous mode
[  131.058872][ T9477] veth0_macvtap: entered promiscuous mode
[  131.062521][ T9477] veth1_macvtap: entered promiscuous mode
[  131.070875][ T9477] batman_adv: batadv0: Interface activated: batadv_slave_0
[  131.083436][ T9477] batman_adv: batadv0: Interface activated: batadv_slave_1
[  131.102834][ T5854] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  131.107087][ T5854] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  131.109949][ T5854] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  131.112794][ T5854] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  131.129237][ T9570] netlink: 'syz.4.1585': attribute type 21 has an invalid length.
[  131.131777][ T9570] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1585'.
[  131.201341][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.207864][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.252613][ T9576] netlink: 'syz.1.1588': attribute type 29 has an invalid length.
[  131.267155][ T9576] netlink: 'syz.1.1588': attribute type 29 has an invalid length.
[  131.267333][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.272420][ T9576] netlink: 'syz.1.1588': attribute type 29 has an invalid length.
[  131.276141][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.320378][ T9578] netlink: 'syz.4.1590': attribute type 1 has an invalid length.
[  131.323594][ T9578] netlink: 'syz.4.1590': attribute type 4 has an invalid length.
[  131.383998][ T9582] netlink: zone id is out of range
[  131.394047][ T9582] netlink: zone id is out of range
[  131.398070][ T9582] netlink: zone id is out of range
[  131.399877][ T9582] netlink: zone id is out of range
[  131.401619][ T9582] netlink: zone id is out of range
[  131.408936][ T9582] netlink: zone id is out of range
[  131.412246][ T9582] netlink: zone id is out of range
[  131.413987][ T9582] netlink: zone id is out of range
[  131.416169][ T9582] netlink: zone id is out of range
[  131.417874][ T9582] netlink: zone id is out of range
[  131.593506][ T9601] netlink: 'syz.3.1599': attribute type 1 has an invalid length.
[  132.038493][   T55] Bluetooth: hci2: command tx timeout
[  132.317438][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.319523][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.916050][   T55] Bluetooth: hci1: command tx timeout
[  134.261216][   T55] Bluetooth: hci2: command tx timeout
[  135.004180][   T55] Bluetooth: hci1: command tx timeout
[  135.525960][ T9735] sit0: entered allmulticast mode
[  135.572878][ T9735] sit0: entered promiscuous mode
[  136.283522][   T55] Bluetooth: hci2: command tx timeout
[  136.742491][ T9785] validate_nla: 3 callbacks suppressed
[  136.742502][ T9785] netlink: 'syz.3.1683': attribute type 3 has an invalid length.
[  136.747952][ T9785] netlink: 'syz.3.1683': attribute type 1 has an invalid length.
[  136.750461][ T9785] __nla_validate_parse: 10 callbacks suppressed
[  136.750468][ T9785] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1683'.
[  137.073968][ T9803] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.1688'.
[  137.092372][   T55] Bluetooth: hci1: command tx timeout
[  137.096599][ T9800] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  137.112060][ T9800] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  137.173874][ T9810] netlink: 13435 bytes leftover after parsing attributes in process `syz.3.1689'.
[  137.187045][ T9810] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1689'.
[  137.196525][ T9812] netlink: 'syz.1.1692': attribute type 21 has an invalid length.
[  137.199613][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1692'.
[  137.643650][ T9828] netlink: 'syz.1.1700': attribute type 13 has an invalid length.
[  137.648294][ T9828] netlink: 'syz.1.1700': attribute type 58 has an invalid length.
[  137.651509][ T9828] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1700'.
[  137.713482][ T9832] netlink: 'syz.1.1701': attribute type 4 has an invalid length.
[  138.149386][ T9852] netlink: 'syz.4.1709': attribute type 10 has an invalid length.
[  138.163801][ T9852] team0: Port device wlan1 added
[  138.306502][ T9865] netlink: 'syz.4.1716': attribute type 1 has an invalid length.
[  138.309362][ T9865] netlink: 201392 bytes leftover after parsing attributes in process `syz.4.1716'.
[  138.312300][ T9867] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1717'.
[  138.317322][ T9867] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1717'.
[  138.320887][ T9867] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1717'.
[  138.365059][   T55] Bluetooth: hci2: command tx timeout
[  138.769883][ T9899] netlink: 'syz.1.1733': attribute type 10 has an invalid length.
[  140.405153][T10026] net_ratelimit: 160 callbacks suppressed
[  140.405164][T10026] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  140.409303][T10026] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  140.554846][T10035] delete_channel: no stack
[  140.807229][T10063] netlink: 'syz.3.1792': attribute type 29 has an invalid length.
[  140.912289][T10068] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.929162][T10068] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.460076][T10068] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.462821][T10068] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.842341][T10088] validate_nla: 2 callbacks suppressed
[  141.842396][T10088] netlink: 'syz.4.1802': attribute type 39 has an invalid length.
[  141.969726][T10098] netlink: 'syz.3.1805': attribute type 5 has an invalid length.
[  141.972476][T10098] __nla_validate_parse: 3 callbacks suppressed
[  141.972482][T10098] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1805'.
[  142.154437][T10125] netlink: 'syz.3.1815': attribute type 3 has an invalid length.
[  142.157976][T10125] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1815'.
[  142.184364][T10123] netlink: 'syz.1.1814': attribute type 7 has an invalid length.
[  142.389443][T10144] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.1824'.
[  142.430687][T10148] netlink: 'syz.4.1823': attribute type 10 has an invalid length.
[  142.433178][T10148] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1823'.
[  142.438874][T10148] bond0: entered promiscuous mode
[  142.440630][T10148] bond_slave_0: entered promiscuous mode
[  142.442644][T10148] bond_slave_1: entered promiscuous mode
[  142.446290][T10148] bridge0: port 3(bond0) entered blocking state
[  142.448418][T10148] bridge0: port 3(bond0) entered disabled state
[  142.450552][T10148] bond0: entered allmulticast mode
[  142.452684][T10148] bond_slave_0: entered allmulticast mode
[  142.460577][T10148] bond_slave_1: entered allmulticast mode
[  142.465881][T10148] bridge0: port 3(bond0) entered blocking state
[  142.467997][T10148] bridge0: port 3(bond0) entered forwarding state
[  142.527978][   T55] Bluetooth: hci0: ISO packet too small
[  142.588107][T10166] netlink: 'syz.1.1833': attribute type 21 has an invalid length.
[  142.590837][T10166] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1833'.
[  142.698683][T10181] netlink: 'syz.3.1840': attribute type 10 has an invalid length.
[  142.701176][T10181] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1840'.
[  142.819527][T10194] netlink: 531 bytes leftover after parsing attributes in process `syz.1.1846'.
[  142.878517][T10196] netlink: 'syz.4.1849': attribute type 6 has an invalid length.
[  142.887273][T10200] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1848'.
[  142.888911][T10196] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1849'.
[  142.913428][T10202] netlink: 495 bytes leftover after parsing attributes in process `syz.1.1850'.
[  142.978321][T10208] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  144.127671][   T55] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[  144.512676][   T55] Bluetooth: hci1: unexpected event 0x17 length: 151 > 6
[  144.826423][T10309] delete_channel: no stack
[  144.831362][T10309] delete_channel: no stack
[  145.781332][   T55] Bluetooth: hci2: unexpected subevent 0x0a length: 150 > 30
[  146.193920][T10390] netlink: 'syz.4.1937': attribute type 2 has an invalid length.
[  146.498358][T10401] openvswitch: netlink: Flow actions attr not present in new flow.
[  146.502434][T10401] syzkaller0: entered promiscuous mode
[  146.710467][T10412] syzkaller0: entered promiscuous mode
[  146.712461][T10412] syzkaller0: entered allmulticast mode
[  147.795072][ T5828] Bluetooth: hci2: command tx timeout
[  149.703898][T10415] __nla_validate_parse: 4 callbacks suppressed
[  149.703908][T10415] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1948'.
[  149.930588][T10434] netlink: 'syz.3.1957': attribute type 10 has an invalid length.
[  149.933311][T10434] netlink: 'syz.3.1957': attribute type 19 has an invalid length.
[  149.941079][T10434] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1957'.
[  150.035760][T10445] netlink: 'syz.1.1962': attribute type 25 has an invalid length.
[  150.038434][T10445] netlink: 'syz.1.1962': attribute type 27 has an invalid length.
[  150.045119][T10445] netlink: 'syz.1.1962': attribute type 28 has an invalid length.
[  150.049185][T10445] netlink: 'syz.1.1962': attribute type 29 has an invalid length.
[  150.053395][T10445] netlink: 'syz.1.1962': attribute type 30 has an invalid length.
[  150.347449][T10474] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1976'.
[  150.574379][T10498] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.1988'.
[  150.644807][T10505] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1989'.
[  150.649613][T10500] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1989'.
[  151.005735][T10540] netlink: 'syz.1.2008': attribute type 6 has an invalid length.
[  151.008660][T10540] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2008'.
[  151.143512][ T5828] Bluetooth: hci1: unexpected event 0x2c length: 82 > 17
[  151.252758][T10558] syzkaller0: tun_chr_ioctl cmd 1074025698
[  151.570901][T10591] netlink: 'syz.3.2031': attribute type 39 has an invalid length.
[  151.853098][T10619] netlink: 'syz.3.2045': attribute type 40 has an invalid length.
[  151.880631][T10619] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.974073][T10668] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.2069'.
[  152.998513][T10670] netlink: 830 bytes leftover after parsing attributes in process `syz.1.2070'.
[  152.999095][T10672] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.2071'.
[  153.001912][T10670] bond_slave_0: entered promiscuous mode
[  153.007052][T10670] bond_slave_1: entered promiscuous mode
[  153.192905][T10696] bond_slave_1: mtu less than device minimum
[  153.422868][T10707] ------------[ cut here ]------------
[  153.425121][T10707] kmem_cache of name 'xsk_generic_xmit_cache' already exists
[  153.428458][T10707] WARNING: CPU: 0 PID: 10707 at mm/slab_common.c:110 __kmem_cache_create_args+0xa3/0x320
[  153.431840][T10707] Modules linked in:
[  153.433440][T10707] CPU: 0 UID: 0 PID: 10707 Comm: syz.1.2088 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957-dirty #0 PREEMPT(full) 
[  153.438714][T10707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  153.442188][T10707] RIP: 0010:__kmem_cache_create_args+0xa3/0x320
[  153.444363][T10707] Code: 81 fc 58 a5 22 8e 74 26 49 8b 7c 24 f8 48 89 de e8 32 81 67 09 85 c0 75 e2 90 48 c7 c7 f2 e1 98 8d 48 89 de e8 5e 00 7f ff 90 <0f> 0b 90 90 48 89 df be 20 00 00 00 e8 cc 82 67 09 48 85 c0 0f 85
[  153.451305][T10707] RSP: 0018:ffffc90001dffcc8 EFLAGS: 00010246
[  153.453731][T10707] RAX: 4b082816c5693e00 RBX: ffffffff8cb69260 RCX: 0000000000080000
[  153.456581][T10707] RDX: ffffc90003c83000 RSI: 0000000000000806 RDI: 0000000000000807
[  153.459309][T10707] RBP: 0000000000000010 R08: ffff88804b024253 R09: 1ffff1100960484a
[  153.461996][T10707] R10: dffffc0000000000 R11: ffffed100960484b R12: ffff88801f92d928
[  153.465030][T10707] R13: 0000607e5bfa37d8 R14: ffffc90001dffd60 R15: 0000000000000098
[  153.467747][T10707] FS:  00007efd575356c0(0000) GS:ffff8880b867e000(0000) knlGS:0000000000000000
[  153.470883][T10707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  153.473251][T10707] CR2: 0000200000010000 CR3: 00000001076dc000 CR4: 00000000000006f0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  155.319963][ T1088] wlan1: Trigger new scan to find an IBSS to join

VM DIAGNOSIS:
17:35:23  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000037 RBX=0000000000000037 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000003f0f RDI=0000000000003f10 RBP=00000000000003f8 RSP=ffffc90001dff470
R8 =ffff888108cc8237 R9 =1ffff11021199046 R10=dffffc0000000000 R11=ffffffff854c2f00
R12=dffffc0000000000 R13=ffffffff99a978f3 R14=ffffffff99d9c4a0 R15=0000000000000000
RIP=ffffffff854c2f7c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007efd575356c0 ffffffff 00c00000
GS =0000 ffff8880b867e000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000010000 CR3=00000001076dc000 CR4=000006f0
DR0=0000200000000300 DR1=0000200000000300 DR2=0000000000000082 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007efd56987498 00007efd56987470 XMM03=00007efd569874a8 00007efd569874a0
XMM04=00007efd574ed100 00007efd56987460 XMM05=00007efd56987478 00007efd569874c0
XMM06=00007efd569874b8 00007efd569874b0 XMM07=00007efd569874a8 00007efd569874a0
XMM08=0000000000000000 00007efd56812ee7 XMM09=0000000000000000 00007efd56812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000082 RBX=ffff888136623900 RCX=0000000000000838 RDX=0000000000000000
RSI=0000000000000082 RDI=0000000000000838 RBP=0000000000000000 RSP=ffffc900001e0428
R8 =0000000000000000 R9 =ffffffff81ae035e R10=0000000000000003 R11=ffffffff81704490
R12=0000000010000a10 R13=dffffc0000000000 R14=0000000000000082 R15=0000000000000020
RIP=ffffffff81716f29 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f1e5ad4d6c0 ffffffff 00c00000
GS =0000 ffff8881a3c7e000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000100000000 CR3=00000001099d4000 CR4=000006f0
DR0=0000200000000300 DR1=0000200000000300 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f1e5a187498 00007f1e5a187470 XMM03=00007f1e5a1874a8 00007f1e5a1874a0
XMM04=00007f1e5aced100 00007f1e5a187460 XMM05=00007f1e5a187478 00007f1e5a1874c0
XMM06=00007f1e5a1874b8 00007f1e5a1874b0 XMM07=00007f1e5a1874a8 00007f1e5a1874a0
XMM08=0000000000000000 00007f1e5a012ee7 XMM09=0000000000000000 00007f1e5a012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
