last executing test programs:

19.47162607s ago: executing program 0 (id=3637):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8210, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001b80)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000340)}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000040000020000000002"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000d40)={<r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000b00)={0x0, 0xf22fff7f, &(0x7f0000000180)=[{&(0x7f0000000080)="31de76fb398bc62d058b8a96924594f5476a0824be53f7a5949f80614c42391e4b80412938c955d34d37eb96ba7849c3eb823bb36724bd6f6d0219cfe5c884afcd2bdea5acf9c877c03dcdbbb3e47417b6707c27d4c5c1db1924071f6b6f23c7d199c799c9b0c41101e625fcdb7bbfd12a3eeeef4540a5698f058aaf6a141e5d333929b92a7f64e925bf0ef424c3ef29fcd5fd4721c547fde6abe4d47048b64511693624b0d786711abe4a66e250fcbfe95ac9037e58f331b26b6ed0d08e5c73ba4c49", 0xc00e}], 0x9, &(0x7f00000001c0)=[@ip_tos_int={{0x7ff4d4260000}}, @ip_ttl={{0x14}}, @ip_ttl={{0x14}}, @ip_tos_u8={{0x11}}, @ip_tos_u8={{0x11, 0x2}}, @ip_retopts={{0x0, 0x0, 0x7, {[@lsrr, @generic={0x0, 0x0, "96"}, @generic={0x0, 0x0, "206a77bdd1a004129054e7704a"}]}}}], 0xf}, 0x0)

19.312602969s ago: executing program 0 (id=3639):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8916, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r4, 0x6, 0x6, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000001c0), 0x2, 0xffffffffffffffff, 0x4}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="130000000700000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed1059"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000280)={&(0x7f00000001c0)="a980ff2ae7d3dff1a88286c878eaa1ad0b20cf881001afb86c5ac11beb0f4ecea4de2a9a32b31006afe9eca42f00c74a5a1f5215c60aea719c15bf4104c3cc0fcae3c62ee162c552af7e43f6877100b46dcb", &(0x7f0000000500)=""/95, &(0x7f0000000740)="3b4bccd1cbaf38c93f66fd4822d63ea467c8ffeecfcb7e5dde26af2d959a8b22a12a4257d924addeb6227606d74c82dd9c128ac92acd01dc6342631ba81c4be1929cc69e0c1368332bb23d557af3bd808aa681cc01ae95b76b744d34154023c5386b0b058682d9b989800a508eb9d4f8f90f166f6033b24ceab363a5f7b9e5cc54694683af6df1d0f25f009e3a36a5366f72669f13c0bc90623739011099db520d5848393633bf17b9663e4b9c17593ca12ed5ed9140dd8219b2aa801560a49bc87fda", &(0x7f0000000600)="75c830fec1441b9740d4e99154bd27031b745ae74519eeb54f559a1106c99436f293e375dfcf5ecffe87281d5908646c7388459156dc687871e03384d23b3b04ce9f7ea0f6e198422f74e537eddfcaa866d793a708a7bdff3b8bc7306cb01603d798bd1b715927ef5113bb8f6723af07d2c8d143ba691617b781aea5acdd80a5cc8907344fbba83c60f514932ce61553ea4e8b93c2360eaaa6dc069ab38483", 0x9, r1}, 0x38)
recvmsg$kcm(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, 0x0}, 0x42)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f1, &(0x7f0000000080))
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f0000000840)=@l2tp={0x2, 0x0, @private=0x4a010100, 0x1}, 0x80, &(0x7f0000000300)}, 0x0)
r6 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r6, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="bb", 0x1}], 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="20000000000000008400000002000000fe80410000000000920000000000000010"], 0x30}, 0x0)
r7 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4000004)
ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f0000000180))
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r8}, 0xc)

18.311241328s ago: executing program 0 (id=3645):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000200)='sb#', 0x3}], 0x2}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8}, 0x2, 0x0, 0x0, 0x8, 0x43fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
socket$kcm(0x10, 0x3, 0x10)
socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@cgroup, 0xe, 0x1, 0xd, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], 0x0}, 0x40)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x180, 0xc8, 0x400000, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x20b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, 0x0)
syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x20046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffc, 0x1}, 0x102c9, 0x3, 0x9, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0xfffffffffffffffc)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_pid(r4, &(0x7f0000000000), 0x2a979d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$kcm(0x11, 0x20000000000000a, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)={<r6=>0xffffffffffffffff})
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0x12, &(0x7f0000000340)=r7, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbf, &(0x7f00000002c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000300), &(0x7f0000000340), 0x8, 0xc2, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
recvmsg(r5, &(0x7f0000000c00)={&(0x7f0000000540)=@can, 0x80, &(0x7f0000001d40)=[{&(0x7f0000000700)=""/133, 0x85}, {&(0x7f00000007c0)=""/241, 0xf1}, {&(0x7f0000000600)=""/114, 0x72}, {&(0x7f00000008c0)=""/226, 0xe2}, {&(0x7f0000000c80)=""/4096, 0x1000}, {&(0x7f0000002a00)=""/4096, 0x1000}, {&(0x7f00000009c0)=""/145, 0x91}, {&(0x7f0000000a80)=""/104, 0x68}, {&(0x7f0000000b00)=""/206, 0xce}, {&(0x7f0000001c80)=""/171, 0xab}], 0xa}, 0x2021)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="020000000400"/20, @ANYRES32=r7, @ANYBLOB="ff0f00"/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="02000000fdffffff0500"/28], 0x50)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

16.847912304s ago: executing program 0 (id=3657):
perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2af4481eed78f307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x922000000001, 0x106)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="1400000015000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)

16.289874386s ago: executing program 0 (id=3659):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r1, &(0x7f0000001800)={0x0, 0x0, 0x0}, 0x40000)
setsockopt$sock_attach_bpf(r1, 0x110, 0x4, 0x0, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000019c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYBLOB="d1f72aaf", @ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001ac0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169b740ac03d7c64cee49ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d54f45a24effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c7724e9e7e7babf61fe358ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261ed1d4515f46290d5c6579b63358fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63e774e940bfeb0de83f42fd565a299f741f9b00be4e8fcaf4ec85daceb16d9e8a438e3eb2556570e381b03d9e3c245728648ed9ff22dc963ed105c851c3481125b4c0c8a08a0c9930190902af109fc56b64cc952f298ebe73d7b18052e0147356228ca171b06274a871e2cf9609e0b4cdad36c3250bc8f56f95a6ed"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffd, 0x7ff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x7ffffc, 0x0, 0x0, 0x8, 0x0, 0x7}, 0x0, 0xf, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
socketpair(0x22, 0x2, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96')
ioctl$TUNGETFEATURES(r5, 0x5452, &(0x7f00000013c0))
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)
socketpair(0x1d, 0x3, 0x1, &(0x7f00000014c0))
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x55097aa4, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002d000b02d25a806f8c6394f9111a04000a740100053582c137153e3702df0c6400f01700d1bd00000000", 0x33fe0}], 0x1}, 0x0)

15.817604134s ago: executing program 0 (id=3665):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0xa482, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x10, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000100), 0x12)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f00000000c0)=0xd, 0x12)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r4=>0x0, 0x0})
close(r4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000190080009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r7 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r6}, 0x8)
close(r7)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_clone(0x400c0000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000005c0)={r7, r6, 0x4, r6}, 0x10)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe}, 0x100e60, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001400000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="0753010018000000000000000000000000160000020000000000ee51bc6393f4f33a2e5ea5e50648196085b7ccbe4cd49b620b8112368292cd3415ea9079e6e6d39a797c1456eceddcf983530fc368fd4e5dbeb1211b6de40ed2395fbf206f117e1b1741c884d5bb1b9a754211945ecab3a1b86de84819f5a6664d3b60b9c37755b38d3a550a4ea74e591cb54f904fa75949786dd1211674feb2eec85151d45a1f6de95533b4e552885b07b04d0edc98519afd48ae6f620ecbdb2f02b2656ee49ad6d4577f8e45bdb90329a963e9fa8d4b5e8ee3e495b08bd76d60029dc783e41583d747fc279db3cea7746a"], 0xffffffffffffffff, 0x1a, 0xff40, 0x2}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r5, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0x82, &(0x7f00000002c0), 0x0, 0x10, &(0x7f0000000380), &(0x7f0000000780), 0x8, 0x62, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000007111ae0000000095000000669e4e4588aad4a66a9d758200"/48], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r11, 0xd8, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xfffffffffffffe9d, 0x10, &(0x7f0000002e00), &(0x7f0000000200), 0x8, 0xa0, 0x8, 0x0, 0x0}}, 0x10)

3.925978328s ago: executing program 3 (id=3729):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001280)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f00000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b839994fb484510bef2e488fbac2fe6faaf75e5cc4815bd2051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dcab772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f015d885b4b8ffc0fa3f880287c862137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7fc6edc76600000000826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3bf97ff8836d000000000000000000000000000000000000000000250d623b48a29e330900b8c552202407804f1ba1817256caf1090b71f2928ed030f3c8194cc3cbf48e2f4c9248c4c00a32d4873da3b7d66b1ce6f72aab16c923b16c4bfdbb24fb17bd198139c21c46065c6922fd705e670d0b5d6d495a773b872e8f88"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x300, 0x0, 0xffffffff}, 0x23)

3.70753402s ago: executing program 2 (id=3730):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000070000000200000004"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0bfbfb", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socket$kcm(0x2c, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext, 0x101000, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$kcm(0xa, 0x5, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(r4, 0x29, 0x37, &(0x7f0000000100)=r5, 0x120)
socket$kcm(0x29, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0)
sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000300eab556a705251e618294ff0051f60a84c9f4d4938037111b1884cc87f3c90f1e9eb0b473e786a6d0", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

3.020451791s ago: executing program 3 (id=3731):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000001d71185e000000000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x80008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x7, 0x0, 0x9, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x21, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x9, 0x3, 0x2, 0x0, 0x9, 0x21000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000000), 0x9}, 0x800, 0x5, 0x2, 0x4, 0x4, 0x0, 0x10, 0x0, 0x6, 0x0, 0x2}, 0x0, 0x10, r0, 0x1)

2.934470446s ago: executing program 2 (id=3733):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_bp={0x0}, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'geneve1\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) (fail_nth: 5)

2.145912293s ago: executing program 3 (id=3745):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="160a0000000000006311350000000000180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)

2.02920833s ago: executing program 3 (id=3736):
bpf$MAP_CREATE(0xd00000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000007000000fc7f0000cc00000000000000", @ANYRES32=0x0, @ANYBLOB], 0x50)

1.793558953s ago: executing program 2 (id=3737):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x8, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, 0x0, &(0x7f0000000400)=""/198}, 0x20)

1.468449073s ago: executing program 1 (id=3740):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r0, 0xffffffffffffffff, 0x5}, 0x10)

1.398821287s ago: executing program 2 (id=3741):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xf, 0x4, &(0x7f00000013c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.273437714s ago: executing program 1 (id=3742):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000000)=r1)
write$cgroup_devices(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360", @ANYRESDEC], 0xffdd)

1.256942676s ago: executing program 3 (id=3743):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000440)={0x2a, &(0x7f0000000000)=[{0x45, 0x0, 0x1}, {0x35}]})

1.110473884s ago: executing program 2 (id=3746):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)=0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})

848.31785ms ago: executing program 4 (id=3748):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180200000100008000000000fdffffff8500000023000000850000009e0000009500"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e02742d123e8680d85ff0082762f", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

699.128259ms ago: executing program 32 (id=3665):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0xa482, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x10, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000100), 0x12)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f00000000c0)=0xd, 0x12)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r4=>0x0, 0x0})
close(r4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000190080009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r7 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r6}, 0x8)
close(r7)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_clone(0x400c0000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000005c0)={r7, r6, 0x4, r6}, 0x10)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe}, 0x100e60, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001400000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="0753010018000000000000000000000000160000020000000000ee51bc6393f4f33a2e5ea5e50648196085b7ccbe4cd49b620b8112368292cd3415ea9079e6e6d39a797c1456eceddcf983530fc368fd4e5dbeb1211b6de40ed2395fbf206f117e1b1741c884d5bb1b9a754211945ecab3a1b86de84819f5a6664d3b60b9c37755b38d3a550a4ea74e591cb54f904fa75949786dd1211674feb2eec85151d45a1f6de95533b4e552885b07b04d0edc98519afd48ae6f620ecbdb2f02b2656ee49ad6d4577f8e45bdb90329a963e9fa8d4b5e8ee3e495b08bd76d60029dc783e41583d747fc279db3cea7746a"], 0xffffffffffffffff, 0x1a, 0xff40, 0x2}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r5, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0x82, &(0x7f00000002c0), 0x0, 0x10, &(0x7f0000000380), &(0x7f0000000780), 0x8, 0x62, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000007111ae0000000095000000669e4e4588aad4a66a9d758200"/48], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r11, 0xd8, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xfffffffffffffe9d, 0x10, &(0x7f0000002e00), &(0x7f0000000200), 0x8, 0xa0, 0x8, 0x0, 0x0}}, 0x10)

651.725521ms ago: executing program 4 (id=3750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000100000027"], 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r0}, 0x20)

566.812476ms ago: executing program 1 (id=3751):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000001ac0)=ANY=[@ANYBLOB="850000002e00000095"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0xe5, &(0x7f0000000000)=""/229, 0x0, 0x11}, 0x94)

536.017099ms ago: executing program 4 (id=3752):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0xc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x3, &(0x7f00000000c0)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1, r0, 0xd80}, 0xc)

404.121196ms ago: executing program 1 (id=3753):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='8-'], 0x6a)

403.843636ms ago: executing program 4 (id=3754):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18020000000008000000000000000000850000004100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

347.620999ms ago: executing program 1 (id=3755):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x89}}, &(0x7f0000000480)='GPL\x00'}, 0x80)

295.841572ms ago: executing program 4 (id=3756):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x6b}}, &(0x7f0000000480)='GPL\x00'}, 0x80)

160.13769ms ago: executing program 3 (id=3757):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x5, 0x41}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1}, 0xc)

159.90172ms ago: executing program 1 (id=3758):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="00000000ffffff1fb70500000800000085000000c900000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098}, 0x94)

120.877983ms ago: executing program 4 (id=3759):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18020000000008000000000000000000850000004100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

0s ago: executing program 2 (id=3760):
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x10, 0x4, 0x4, 0x8, 0x0, 0x1}, 0x48)

kernel console output (not intermixed with test programs):

8b2/0xd60
[  383.998294][T12131]  __se_sys_sendmsg+0x1af/0x290
[  384.003200][T12131]  ? __x64_sys_sendmsg+0x80/0x80
[  384.008281][T12131]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  384.014318][T12131]  ? lockdep_hardirqs_on+0x94/0x140
[  384.019569][T12131]  do_syscall_64+0x4c/0xa0
[  384.024038][T12131]  ? clear_bhb_loop+0x30/0x80
[  384.028745][T12131]  ? clear_bhb_loop+0x30/0x80
[  384.033467][T12131]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  384.039406][T12131] RIP: 0033:0x7f0d348e9eb9
[  384.043856][T12131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  384.063937][T12131] RSP: 002b:00007f0d32b45028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  384.072843][T12131] RAX: ffffffffffffffda RBX: 00007f0d34b64fa0 RCX: 00007f0d348e9eb9
[  384.081113][T12131] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  384.089125][T12131] RBP: 00007f0d32b45090 R08: 0000000000000000 R09: 0000000000000000
[  384.097134][T12131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  384.105143][T12131] R13: 00007f0d34b65038 R14: 00007f0d34b64fa0 R15: 00007ffc62ffe0b8
[  384.113249][T12131]  </TASK>
[  384.413850][T12149] netlink: 'syz.4.2844': attribute type 10 has an invalid length.
[  384.455905][T12149] bridge0: port 2(ipvlan1) entered blocking state
[  384.503842][T12149] bridge0: port 2(ipvlan1) entered disabled state
[  384.539180][T12149] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  384.918226][T12172] netlink: 'syz.0.2850': attribute type 25 has an invalid length.
[  385.200943][T12182] FAULT_INJECTION: forcing a failure.
[  385.200943][T12182] name failslab, interval 1, probability 0, space 0, times 0
[  385.272990][T12182] CPU: 0 PID: 12182 Comm: syz.0.2855 Not tainted syzkaller #0
[  385.280529][T12182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  385.291050][T12182] Call Trace:
[  385.294379][T12182]  <TASK>
[  385.297349][T12182]  dump_stack_lvl+0x188/0x250
[  385.302078][T12182]  ? show_regs_print_info+0x20/0x20
[  385.307338][T12182]  ? load_image+0x400/0x400
[  385.311930][T12182]  should_fail+0x38c/0x4c0
[  385.316390][T12182]  should_failslab+0x5/0x20
[  385.320927][T12182]  slab_pre_alloc_hook+0x51/0xc0
[  385.325910][T12182]  ? skb_clone+0x1bd/0x350
[  385.330370][T12182]  kmem_cache_alloc+0x3d/0x290
[  385.335306][T12182]  skb_clone+0x1bd/0x350
[  385.339597][T12182]  __netlink_deliver_tap+0x3cd/0x7c0
[  385.344945][T12182]  netlink_deliver_tap+0x16c/0x180
[  385.350094][T12182]  netlink_unicast+0x74f/0x920
[  385.354916][T12182]  netlink_sendmsg+0x8ba/0xbe0
[  385.359730][T12182]  ? netlink_getsockopt+0x570/0x570
[  385.364971][T12182]  ? aa_sock_msg_perm+0x94/0x150
[  385.369954][T12182]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  385.375279][T12182]  ? security_socket_sendmsg+0x7c/0xa0
[  385.380778][T12182]  ? netlink_getsockopt+0x570/0x570
[  385.386036][T12182]  ____sys_sendmsg+0x5b7/0x8f0
[  385.390886][T12182]  ? __sys_sendmsg_sock+0x30/0x30
[  385.395994][T12182]  ? import_iovec+0x6f/0xa0
[  385.400550][T12182]  ___sys_sendmsg+0x236/0x2e0
[  385.405296][T12182]  ? __sys_sendmsg+0x2a0/0x2a0
[  385.410118][T12182]  ? vfs_write+0x8b2/0xd60
[  385.414632][T12182]  __se_sys_sendmsg+0x1af/0x290
[  385.419532][T12182]  ? __x64_sys_sendmsg+0x80/0x80
[  385.424507][T12182]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  385.430539][T12182]  ? lockdep_hardirqs_on+0x94/0x140
[  385.435784][T12182]  do_syscall_64+0x4c/0xa0
[  385.440236][T12182]  ? clear_bhb_loop+0x30/0x80
[  385.444967][T12182]  ? clear_bhb_loop+0x30/0x80
[  385.449695][T12182]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  385.455627][T12182] RIP: 0033:0x7fec7bb86eb9
[  385.460107][T12182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  385.479757][T12182] RSP: 002b:00007fec79de2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  385.488220][T12182] RAX: ffffffffffffffda RBX: 00007fec7be01fa0 RCX: 00007fec7bb86eb9
[  385.496238][T12182] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  385.504250][T12182] RBP: 00007fec79de2090 R08: 0000000000000000 R09: 0000000000000000
[  385.512432][T12182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.520839][T12182] R13: 00007fec7be02038 R14: 00007fec7be01fa0 R15: 00007ffc99d1fb08
[  385.528869][T12182]  </TASK>
[  385.938280][T12197] netlink: 'syz.4.2858': attribute type 4 has an invalid length.
[  386.235286][T12210] FAULT_INJECTION: forcing a failure.
[  386.235286][T12210] name failslab, interval 1, probability 0, space 0, times 0
[  386.333797][T12210] CPU: 0 PID: 12210 Comm: syz.2.2863 Not tainted syzkaller #0
[  386.341341][T12210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  386.351525][T12210] Call Trace:
[  386.354861][T12210]  <TASK>
[  386.357821][T12210]  dump_stack_lvl+0x188/0x250
[  386.362540][T12210]  ? show_regs_print_info+0x20/0x20
[  386.367815][T12210]  ? load_image+0x400/0x400
[  386.372355][T12210]  ? __might_sleep+0xf0/0xf0
[  386.376982][T12210]  ? __lock_acquire+0x7d10/0x7d10
[  386.382050][T12210]  should_fail+0x38c/0x4c0
[  386.386518][T12210]  should_failslab+0x5/0x20
[  386.391149][T12210]  slab_pre_alloc_hook+0x51/0xc0
[  386.396115][T12210]  ? getname_flags+0xb5/0x500
[  386.400830][T12210]  kmem_cache_alloc+0x3d/0x290
[  386.405636][T12210]  getname_flags+0xb5/0x500
[  386.410180][T12210]  do_sys_openat2+0xdd/0x4b0
[  386.414829][T12210]  ? __lock_acquire+0x7d10/0x7d10
[  386.419905][T12210]  ? do_sys_open+0xe0/0xe0
[  386.424359][T12210]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  386.430383][T12210]  ? lock_chain_count+0x20/0x20
[  386.435270][T12210]  ? vtime_user_exit+0x2c8/0x3e0
[  386.440245][T12210]  __x64_sys_openat+0x135/0x160
[  386.445139][T12210]  do_syscall_64+0x4c/0xa0
[  386.449589][T12210]  ? clear_bhb_loop+0x30/0x80
[  386.454381][T12210]  ? clear_bhb_loop+0x30/0x80
[  386.459092][T12210]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  386.462469][T12215] netlink: 'syz.3.2865': attribute type 25 has an invalid length.
[  386.465012][T12210] RIP: 0033:0x7f0d348aa78e
[  386.465034][T12210] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  386.465059][T12210] RSP: 002b:00007f0d32b44ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  386.465083][T12210] RAX: ffffffffffffffda RBX: 00007f0d32b456c0 RCX: 00007f0d348aa78e
[  386.465100][T12210] RDX: 0000000000000002 RSI: 00007f0d32b44f90 RDI: ffffffffffffff9c
[  386.465115][T12210] RBP: 00007f0d32b45090 R08: 0000000000000000 R09: 0000000000000000
[  386.465129][T12210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.465143][T12210] R13: 00007f0d34b65038 R14: 00007f0d34b64fa0 R15: 00007ffc62ffe0b8
[  386.465177][T12210]  </TASK>
[  386.757984][T12215] __nla_validate_parse: 3 callbacks suppressed
[  386.758025][T12215] netlink: 2418 bytes leftover after parsing attributes in process `syz.3.2865'.
[  386.987691][T12225] netlink: 'syz.1.2868': attribute type 39 has an invalid length.
[  387.025989][T12226] device syzkaller0 entered promiscuous mode
[  387.167343][T12225] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.2868'.
[  387.465593][T12232] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2870'.
[  387.721978][T12242] netlink: 'syz.0.2875': attribute type 21 has an invalid length.
[  387.750944][T12242] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2875'.
[  387.930068][T12243] netlink: set zone limit has 8 unknown bytes
[  388.342593][T12242] netlink: 'syz.0.2875': attribute type 10 has an invalid length.
[  388.395873][T12242] device hsr0 entered promiscuous mode
[  388.524408][T12253] netlink: 'syz.2.2877': attribute type 4 has an invalid length.
[  388.538487][T12253] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2877'.
[  388.694095][T12255] netlink: 'syz.3.2879': attribute type 25 has an invalid length.
[  388.713607][T12255] netlink: 2418 bytes leftover after parsing attributes in process `syz.3.2879'.
[  389.099570][T12271] netlink: 'syz.1.2893': attribute type 25 has an invalid length.
[  389.149837][T12266] netlink: 'syz.2.2884': attribute type 39 has an invalid length.
[  389.167049][T12271] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.2893'.
[  389.189096][T12266] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.2884'.
[  389.349316][T12276] netlink: 17279 bytes leftover after parsing attributes in process `syz.0.2887'.
[  390.078197][T12301] netlink: 'syz.2.2895': attribute type 4 has an invalid length.
[  390.088467][T12301] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2895'.
[  390.174615][ T5533] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.321644][ T5533] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.459203][ T5533] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.500374][T12284] chnl_net:caif_netlink_parms(): no params data found
[  390.561411][ T5533] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.614785][T12329] netlink: 'syz.4.2901': attribute type 39 has an invalid length.
[  390.654491][T12284] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.661607][T12284] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.695436][T12284] device bridge_slave_0 entered promiscuous mode
[  390.703808][T12284] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.757895][T12284] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.769433][T12284] device bridge_slave_1 entered promiscuous mode
[  390.961151][T12333] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check.
[  391.024562][T12284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.094227][T12284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.275587][T12284] team0: Port device team_slave_0 added
[  391.327588][T12284] team0: Port device team_slave_1 added
[  391.473848][T12284] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.504177][T12284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.549911][T12284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.563631][T12354] validate_nla: 1 callbacks suppressed
[  391.563647][T12354] netlink: 'syz.4.2909': attribute type 4 has an invalid length.
[  391.582404][T12353] netlink: 'syz.1.2911': attribute type 39 has an invalid length.
[  391.600978][T12284] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.610378][T12284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.641623][T12284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.664575][ T4299] Bluetooth: hci5: command 0x0409 tx timeout
[  392.365730][T12353] __nla_validate_parse: 5 callbacks suppressed
[  392.365750][T12353] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.2911'.
[  392.511594][T12372] FAULT_INJECTION: forcing a failure.
[  392.511594][T12372] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.549544][T12372] CPU: 1 PID: 12372 Comm: syz.4.2914 Not tainted syzkaller #0
[  392.557078][T12372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  392.567314][T12372] Call Trace:
[  392.570717][T12372]  <TASK>
[  392.573944][T12372]  dump_stack_lvl+0x188/0x250
[  392.578755][T12372]  ? show_regs_print_info+0x20/0x20
[  392.583998][T12372]  ? load_image+0x400/0x400
[  392.588626][T12372]  ? __lock_acquire+0x7d10/0x7d10
[  392.593695][T12372]  should_fail+0x38c/0x4c0
[  392.598150][T12372]  _copy_from_user+0x2e/0x170
[  392.602876][T12372]  __copy_msghdr_from_user+0xc9/0x630
[  392.608300][T12372]  ? verify_lock_unused+0x140/0x140
[  392.613541][T12372]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  392.618888][T12372]  ___sys_sendmsg+0x19a/0x2e0
[  392.623622][T12372]  ? __sys_sendmsg+0x2a0/0x2a0
[  392.628456][T12372]  ? vfs_write+0x8b2/0xd60
[  392.632931][T12372]  __se_sys_sendmsg+0x1af/0x290
[  392.637820][T12372]  ? __x64_sys_sendmsg+0x80/0x80
[  392.642782][T12372]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  392.648800][T12372]  ? lockdep_hardirqs_on+0x94/0x140
[  392.654029][T12372]  do_syscall_64+0x4c/0xa0
[  392.658464][T12372]  ? clear_bhb_loop+0x30/0x80
[  392.663164][T12372]  ? clear_bhb_loop+0x30/0x80
[  392.667964][T12372]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  392.673877][T12372] RIP: 0033:0x7f83f9dffeb9
[  392.678330][T12372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  392.698089][T12372] RSP: 002b:00007f83f805b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.706538][T12372] RAX: ffffffffffffffda RBX: 00007f83fa07afa0 RCX: 00007f83f9dffeb9
[  392.714537][T12372] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  392.722804][T12372] RBP: 00007f83f805b090 R08: 0000000000000000 R09: 0000000000000000
[  392.730799][T12372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.738792][T12372] R13: 00007f83fa07b038 R14: 00007f83fa07afa0 R15: 00007ffdf9461e18
[  392.746918][T12372]  </TASK>
[  392.768204][T12284] device hsr_slave_0 entered promiscuous mode
[  392.785987][T12284] device hsr_slave_1 entered promiscuous mode
[  392.792768][T12284] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  392.803974][T12284] Cannot create hsr debugfs directory
[  392.881227][T12379] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.2916'.
[  392.982706][T12379] netlink: 212168 bytes leftover after parsing attributes in process `syz.1.2916'.
[  393.021631][T12384] netlink: 'syz.0.2926': attribute type 39 has an invalid length.
[  393.212137][T12384] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.2926'.
[  393.745131][ T2014] Bluetooth: hci5: command 0x041b tx timeout
[  393.889722][T12400] netlink: set zone limit has 8 unknown bytes
[  394.461825][T12427] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2929'.
[  394.732405][T12435] netlink: 'syz.0.2931': attribute type 39 has an invalid length.
[  394.881191][T12435] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.2931'.
[  395.086594][ T5533] device hsr_slave_0 left promiscuous mode
[  395.124237][ T5533] device hsr_slave_1 left promiscuous mode
[  395.163135][ T5533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  395.201608][ T5533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.234153][ T5533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.259909][ T5533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.297023][ T5533] device bridge_slave_1 left promiscuous mode
[  395.313023][ T5533] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.379353][ T5533] device bridge_slave_0 left promiscuous mode
[  395.398149][ T5533] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.420456][ T5533] device veth1_macvtap left promiscuous mode
[  395.427159][ T5533] device veth0_macvtap left promiscuous mode
[  395.433246][ T5533] device veth1_vlan left promiscuous mode
[  395.581750][ T5533] team0 (unregistering): Port device macvlan1 removed
[  395.653985][ T5533] team0 (unregistering): Port device team_slave_1 removed
[  395.673772][ T5533] team0 (unregistering): Port device team_slave_0 removed
[  395.791375][T12284] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  395.815037][ T2014] Bluetooth: hci5: command 0x040f tx timeout
[  395.842853][T12284] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  395.891374][T12284] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  395.928441][T12284] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  396.188616][T12481] netlink: 'syz.4.2941': attribute type 25 has an invalid length.
[  396.210560][T12481] netlink: 2418 bytes leftover after parsing attributes in process `syz.4.2941'.
[  396.413409][T12284] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.479421][T12497] netlink: 'syz.4.2946': attribute type 39 has an invalid length.
[  396.531499][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  396.543369][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  396.566904][T12284] 8021q: adding VLAN 0 to HW filter on device team0
[  396.581253][T12506] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.2946'.
[  396.626718][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  396.647918][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  396.671788][ T1188] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.679326][ T1188] bridge0: port 1(bridge_slave_0) entered forwarding state
[  396.729002][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  396.770315][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  396.811746][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  396.849709][ T1188] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.857901][ T1188] bridge0: port 2(bridge_slave_1) entered forwarding state
[  396.912595][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  396.940940][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  396.965503][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  396.986405][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  397.025900][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  397.038458][T12519] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2951'.
[  397.063496][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  397.087149][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  397.124960][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  397.157616][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  397.178439][T12522] FAULT_INJECTION: forcing a failure.
[  397.178439][T12522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.199422][T12284] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  397.231606][T12284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  397.265191][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  397.276270][T12522] CPU: 1 PID: 12522 Comm: syz.4.2952 Not tainted syzkaller #0
[  397.283804][T12522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  397.293904][T12522] Call Trace:
[  397.297218][T12522]  <TASK>
[  397.300174][T12522]  dump_stack_lvl+0x188/0x250
[  397.304887][T12522]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  397.307231][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  397.311078][T12522]  ? show_regs_print_info+0x20/0x20
[  397.324022][T12522]  ? load_image+0x400/0x400
[  397.328578][T12522]  should_fail+0x38c/0x4c0
[  397.333036][T12522]  _copy_from_user+0x2e/0x170
[  397.337754][T12522]  __sys_bpf+0x26d/0x6f0
[  397.342038][T12522]  ? bpf_link_show_fdinfo+0x380/0x380
[  397.347465][T12522]  __x64_sys_bpf+0x78/0x90
[  397.351917][T12522]  do_syscall_64+0x4c/0xa0
[  397.356360][T12522]  ? clear_bhb_loop+0x30/0x80
[  397.361066][T12522]  ? clear_bhb_loop+0x30/0x80
[  397.365776][T12522]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  397.371714][T12522] RIP: 0033:0x7f83f9dffeb9
[  397.376162][T12522] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  397.395829][T12522] RSP: 002b:00007f83f805b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  397.404292][T12522] RAX: ffffffffffffffda RBX: 00007f83fa07afa0 RCX: 00007f83f9dffeb9
[  397.412300][T12522] RDX: 0000000000000094 RSI: 0000200000000380 RDI: 0000000000000005
[  397.420312][T12522] RBP: 00007f83f805b090 R08: 0000000000000000 R09: 0000000000000000
[  397.428336][T12522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.436434][T12522] R13: 00007f83fa07b038 R14: 00007f83fa07afa0 R15: 00007ffdf9461e18
[  397.444604][T12522]  </TASK>
[  397.894703][ T4299] Bluetooth: hci5: command 0x0419 tx timeout
[  398.124747][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  398.137991][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  398.162655][T12284] 8021q: adding VLAN 0 to HW filter on device batadv0
[  398.293413][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  398.311052][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  398.363258][T12562] netlink: 'syz.0.2960': attribute type 39 has an invalid length.
[  398.381093][T12566] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.2960'.
[  398.402372][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  398.417776][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  398.430319][T12284] device veth0_vlan entered promiscuous mode
[  398.439075][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  398.483666][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  398.532069][T12284] device veth1_vlan entered promiscuous mode
[  398.650746][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  398.669437][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  398.691978][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  398.723239][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  398.743428][T12573] net veth1_virt_wifi 
€Â: renamed from virt_wifi0
[  398.801715][T12284] device veth0_macvtap entered promiscuous mode
[  398.857060][T12284] device veth1_macvtap entered promiscuous mode
[  398.972416][T12284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  398.999806][T12284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.067608][T12284] batman_adv: batadv0: Interface activated: batadv_slave_0
[  399.106113][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  399.176314][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  399.218485][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  399.278368][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  399.370101][T12284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.412880][T12284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.479092][T12284] batman_adv: batadv0: Interface activated: batadv_slave_1
[  399.555491][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  399.578751][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  399.631316][T12284] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  399.686545][T12284] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  399.711440][T12284] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  399.720442][T12284] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  399.783196][T12616] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.2972'.
[  399.841799][T12610] netlink: 'syz.4.2972': attribute type 39 has an invalid length.
[  400.081464][T12624] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2973'.
[  400.132216][ T1188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  400.188812][ T1188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  400.340360][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  400.366764][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  400.383812][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  400.418614][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  401.136260][T12663] netlink: 'syz.1.2983': attribute type 10 has an invalid length.
[  401.164430][T12663] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2983'.
[  401.204145][T12663] bridge0: port 2(ipvlan1) entered blocking state
[  401.239731][T12663] bridge0: port 2(ipvlan1) entered disabled state
[  401.276194][T12663] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  401.415621][T12664] netlink: 'syz.0.2981': attribute type 25 has an invalid length.
[  401.424139][T12664] netlink: 2418 bytes leftover after parsing attributes in process `syz.0.2981'.
[  401.817709][T12672] netlink: 'syz.1.2985': attribute type 39 has an invalid length.
[  401.849952][T12678] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.2985'.
[  401.884769][T12675] netlink: 'syz.0.2986': attribute type 39 has an invalid length.
[  402.049977][T12675] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.2986'.
[  402.156270][  T144] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.246228][T12681] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.273449][T12681] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.433156][T12681] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.442636][T12681] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.772606][  T144] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.863648][  T144] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.899276][T12668] chnl_net:caif_netlink_parms(): no params data found
[  402.967694][  T144] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.127246][T12703] netlink: 'syz.1.2995': attribute type 10 has an invalid length.
[  403.150048][T12703] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2995'.
[  403.236600][T12703] bridge0: port 2(ipvlan1) entered blocking state
[  403.289180][T12703] bridge0: port 2(ipvlan1) entered disabled state
[  403.317937][T12703] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  403.427807][T12707] netlink: 'syz.0.2993': attribute type 23 has an invalid length.
[  403.443420][T12698] net veth1_virt_wifi 
€Â: renamed from virt_wifi0
[  403.528852][T12668] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.539083][T12668] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.558456][T12668] device bridge_slave_0 entered promiscuous mode
[  403.584624][T12668] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.593136][T12668] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.604751][T12668] device bridge_slave_1 entered promiscuous mode
[  403.654585][ T4261] Bluetooth: hci1: command 0x0409 tx timeout
[  403.683314][T12714] netlink: 'syz.1.2996': attribute type 25 has an invalid length.
[  403.693791][T12668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  403.737530][T12714] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.2996'.
[  403.746221][T12668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  403.798718][T12720] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2998'.
[  403.900305][T12668] team0: Port device team_slave_0 added
[  403.938993][T12668] team0: Port device team_slave_1 added
[  404.132089][T12668] batman_adv: batadv0: Adding interface: batadv_slave_0
[  404.194475][T12668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.266723][T12668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  404.295358][T12744] netlink: 'syz.0.3003': attribute type 41 has an invalid length.
[  404.314459][T12744] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3003'.
[  404.325546][T12668] batman_adv: batadv0: Adding interface: batadv_slave_1
[  404.332873][T12668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.383421][T12668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  404.635297][T12757] netlink: 'syz.0.3006': attribute type 10 has an invalid length.
[  404.673692][T12757] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3006'.
[  404.696126][T12757] bridge0: port 3(ipvlan1) entered blocking state
[  404.702955][T12757] bridge0: port 3(ipvlan1) entered disabled state
[  404.782350][T12757] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  404.878233][T12762] netlink: 'syz.3.3008': attribute type 39 has an invalid length.
[  405.377687][T12668] device hsr_slave_0 entered promiscuous mode
[  405.388295][T12668] device hsr_slave_1 entered promiscuous mode
[  405.398118][T12668] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  405.410018][T12668] Cannot create hsr debugfs directory
[  405.734512][ T4261] Bluetooth: hci1: command 0x041b tx timeout
[  405.836780][T12786] netlink: 'syz.0.3016': attribute type 10 has an invalid length.
[  406.869553][  T154] wlan1: Trigger new scan to find an IBSS to join
[  407.229549][T12819] FAULT_INJECTION: forcing a failure.
[  407.229549][T12819] name failslab, interval 1, probability 0, space 0, times 0
[  407.250468][T12819] CPU: 1 PID: 12819 Comm: syz.0.3021 Not tainted syzkaller #0
[  407.258124][T12819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  407.268226][T12819] Call Trace:
[  407.271547][T12819]  <TASK>
[  407.274514][T12819]  dump_stack_lvl+0x188/0x250
[  407.279247][T12819]  ? show_regs_print_info+0x20/0x20
[  407.284493][T12819]  ? load_image+0x400/0x400
[  407.289051][T12819]  ? __might_sleep+0xf0/0xf0
[  407.293779][T12819]  ? __lock_acquire+0x7d10/0x7d10
[  407.298871][T12819]  ? __local_bh_enable_ip+0x136/0x1c0
[  407.304310][T12819]  should_fail+0x38c/0x4c0
[  407.308945][T12819]  should_failslab+0x5/0x20
[  407.313498][T12819]  slab_pre_alloc_hook+0x51/0xc0
[  407.318495][T12819]  kmem_cache_alloc_node_trace+0x4a/0x300
[  407.324263][T12819]  ? __get_vm_area_node+0x119/0x2d0
[  407.329528][T12819]  __get_vm_area_node+0x119/0x2d0
[  407.334636][T12819]  __vmalloc_node_range+0xef/0x8b0
[  407.339797][T12819]  ? netlink_sendmsg+0x5ec/0xbe0
[  407.344786][T12819]  ? netlink_data_ready+0x10/0x10
[  407.349890][T12819]  ? netlink_sendmsg+0x5ec/0xbe0
[  407.354882][T12819]  vmalloc+0x75/0x80
[  407.358887][T12819]  ? netlink_sendmsg+0x5ec/0xbe0
[  407.363947][T12819]  netlink_sendmsg+0x5ec/0xbe0
[  407.368788][T12819]  ? netlink_getsockopt+0x570/0x570
[  407.374039][T12819]  ? aa_sock_msg_perm+0x94/0x150
[  407.379115][T12819]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  407.384447][T12819]  ? security_socket_sendmsg+0x7c/0xa0
[  407.389954][T12819]  ? netlink_getsockopt+0x570/0x570
[  407.395198][T12819]  ____sys_sendmsg+0x5b7/0x8f0
[  407.399257][T12817] netlink: 'syz.1.3020': attribute type 10 has an invalid length.
[  407.400034][T12819]  ? __sys_sendmsg_sock+0x30/0x30
[  407.412955][T12819]  ? import_iovec+0x6f/0xa0
[  407.417606][T12819]  ___sys_sendmsg+0x236/0x2e0
[  407.422356][T12819]  ? __sys_sendmsg+0x2a0/0x2a0
[  407.427199][T12819]  ? vfs_write+0x8b2/0xd60
[  407.431713][T12819]  __se_sys_sendmsg+0x1af/0x290
[  407.436630][T12819]  ? __x64_sys_sendmsg+0x80/0x80
[  407.439612][T12817] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3020'.
[  407.441623][T12819]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  407.441736][T12819]  ? lockdep_hardirqs_on+0x94/0x140
[  407.461926][T12819]  do_syscall_64+0x4c/0xa0
[  407.466443][T12819]  ? clear_bhb_loop+0x30/0x80
[  407.471175][T12819]  ? clear_bhb_loop+0x30/0x80
[  407.476112][T12819]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  407.482350][T12819] RIP: 0033:0x7fec7bb86eb9
[  407.484978][T12817] bridge0: port 2(ipvlan1) entered blocking state
[  407.486802][T12819] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  407.486825][T12819] RSP: 002b:00007fec79de2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.486853][T12819] RAX: ffffffffffffffda RBX: 00007fec7be01fa0 RCX: 00007fec7bb86eb9
[  407.520384][T12817] bridge0: port 2(ipvlan1) entered disabled state
[  407.521439][T12819] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  407.521459][T12819] RBP: 00007fec79de2090 R08: 0000000000000000 R09: 0000000000000000
[  407.521476][T12819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.560114][T12819] R13: 00007fec7be02038 R14: 00007fec7be01fa0 R15: 00007ffc99d1fb08
[  407.568171][T12819]  </TASK>
[  407.577233][T12817] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  407.598952][T12819] syz.0.3021: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[  407.614305][T12819] CPU: 1 PID: 12819 Comm: syz.0.3021 Not tainted syzkaller #0
[  407.621824][T12819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  407.631930][T12819] Call Trace:
[  407.635262][T12819]  <TASK>
[  407.638244][T12819]  dump_stack_lvl+0x188/0x250
[  407.642973][T12819]  ? rcu_lock_release+0x5/0x20
[  407.647786][T12819]  ? show_regs_print_info+0x20/0x20
[  407.653041][T12819]  ? load_image+0x400/0x400
[  407.657620][T12819]  warn_alloc+0x243/0x320
[  407.662026][T12819]  ? zone_watermark_ok_safe+0x240/0x240
[  407.667733][T12819]  ? kmem_cache_alloc_node_trace+0x16c/0x300
[  407.673764][T12819]  ? __get_vm_area_node+0x119/0x2d0
[  407.679156][T12819]  __vmalloc_node_range+0x2b1/0x8b0
[  407.684407][T12819]  ? netlink_data_ready+0x10/0x10
[  407.689532][T12819]  ? netlink_sendmsg+0x5ec/0xbe0
[  407.694515][T12819]  vmalloc+0x75/0x80
[  407.698461][T12819]  ? netlink_sendmsg+0x5ec/0xbe0
[  407.703480][T12819]  netlink_sendmsg+0x5ec/0xbe0
[  407.708318][T12819]  ? netlink_getsockopt+0x570/0x570
[  407.713750][T12819]  ? aa_sock_msg_perm+0x94/0x150
[  407.718739][T12819]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  407.724083][T12819]  ? security_socket_sendmsg+0x7c/0xa0
[  407.729587][T12819]  ? netlink_getsockopt+0x570/0x570
[  407.734820][T12819]  ____sys_sendmsg+0x5b7/0x8f0
[  407.739629][T12819]  ? __sys_sendmsg_sock+0x30/0x30
[  407.744697][T12819]  ? import_iovec+0x6f/0xa0
[  407.749240][T12819]  ___sys_sendmsg+0x236/0x2e0
[  407.753962][T12819]  ? __sys_sendmsg+0x2a0/0x2a0
[  407.758776][T12819]  ? vfs_write+0x8b2/0xd60
[  407.763271][T12819]  __se_sys_sendmsg+0x1af/0x290
[  407.768153][T12819]  ? __x64_sys_sendmsg+0x80/0x80
[  407.773113][T12819]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  407.779152][T12819]  ? lockdep_hardirqs_on+0x94/0x140
[  407.784391][T12819]  do_syscall_64+0x4c/0xa0
[  407.788829][T12819]  ? clear_bhb_loop+0x30/0x80
[  407.793530][T12819]  ? clear_bhb_loop+0x30/0x80
[  407.798239][T12819]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  407.804155][T12819] RIP: 0033:0x7fec7bb86eb9
[  407.808602][T12819] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  407.828354][T12819] RSP: 002b:00007fec79de2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.836856][T12819] RAX: ffffffffffffffda RBX: 00007fec7be01fa0 RCX: 00007fec7bb86eb9
[  407.844859][T12819] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  407.853028][T12819] RBP: 00007fec79de2090 R08: 0000000000000000 R09: 0000000000000000
[  407.861114][T12819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.869137][T12819] R13: 00007fec7be02038 R14: 00007fec7be01fa0 R15: 00007ffc99d1fb08
[  407.877265][T12819]  </TASK>
[  407.888684][ T1108] Bluetooth: hci1: command 0x040f tx timeout
[  407.942571][T12819] Mem-Info:
[  407.946265][T12819] active_anon:271 inactive_anon:5703 isolated_anon:0
[  407.946265][T12819]  active_file:24038 inactive_file:39362 isolated_file:0
[  407.946265][T12819]  unevictable:768 dirty:170 writeback:0
[  407.946265][T12819]  slab_reclaimable:20715 slab_unreclaimable:96286
[  407.946265][T12819]  mapped:30481 shmem:1632 pagetables:576 bounce:0
[  407.946265][T12819]  kernel_misc_reclaimable:0
[  407.946265][T12819]  free:1367667 free_pcp:11010 free_cma:0
[  407.991032][T12819] Node 0 active_anon:1052kB inactive_anon:22304kB active_file:95952kB inactive_file:157448kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121924kB dirty:676kB writeback:0kB shmem:4452kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11020kB pagetables:2304kB all_unreclaimable? no
[  408.027749][T12819] Node 1 active_anon:32kB inactive_anon:508kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no
[  408.068831][T12824] netlink: 'syz.1.3023': attribute type 39 has an invalid length.
[  408.118040][T12819] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  408.271544][T12819] lowmem_reserve[]: 0 2539 2540 2540 2540
[  408.285131][T12819] Node 0 DMA32 free:1535040kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1052kB inactive_anon:22304kB active_file:95952kB inactive_file:157448kB unevictable:1536kB writepending:676kB present:3129332kB managed:2606560kB mlocked:0kB bounce:0kB free_pcp:42732kB local_pcp:21320kB free_cma:0kB
[  408.319078][T12819] lowmem_reserve[]: 0 0 0 0 0
[  408.323901][T12819] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  408.403911][T12819] lowmem_reserve[]: 0 0 0 0 0
[  408.411504][T12819] Node 1 Normal free:3921000kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:1896kB local_pcp:1896kB free_cma:0kB
[  408.483592][T12668] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  408.496653][T12668] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  408.514354][T12819] lowmem_reserve[]: 0 0 0 0 0
[  408.519182][T12819] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  408.551834][  T144] device hsr_slave_0 left promiscuous mode
[  408.570898][  T144] device hsr_slave_1 left promiscuous mode
[  408.595056][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  408.604651][T12819] Node 0 DMA32: 1577*4kB (UM) 1642*8kB (UME) 806*16kB (UM) 860*32kB (UM) 704*64kB (UM) 299*128kB (UM) 148*256kB (UME) 67*512kB (UM) 36*1024kB (UM) 10*2048kB (M) 308*4096kB (M) = 1534292kB
[  408.613243][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  408.643089][T12819] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  408.660560][T12819] Node 1 Normal: 148*4kB (UME) 41*8kB (UE) 19*16kB (UME) 209*32kB (UME) 84*64kB (UME) 21*128kB (UE) 10*256kB (UME) 2*512kB (U) 2*1024kB (UE) 2*2048kB (UM) 951*4096kB (M) = 3921000kB
[  408.679877][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  408.691325][T12819] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  408.703917][T12819] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  408.715418][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  408.723038][T12819] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  408.735717][  T144] device bridge_slave_0 left promiscuous mode
[  408.742676][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.760228][T12819] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  408.770066][T12819] 65032 total pagecache pages
[  408.777443][T12819] 0 pages in swap cache
[  408.781796][T12819] Swap cache stats: add 0, delete 0, find 0/0
[  408.788310][T12819] Free swap  = 124996kB
[  408.792639][T12819] Total swap = 124996kB
[  408.798159][  T144] device veth1_macvtap left promiscuous mode
[  408.801791][T12819] 2097051 pages RAM
[  408.805413][  T144] device veth0_macvtap left promiscuous mode
[  408.809185][T12819] 0 pages HighMem/MovableOnly
[  408.816039][  T144] device veth1_vlan left promiscuous mode
[  408.825821][T12819] 411488 pages reserved
[  408.828275][  T144] device veth0_vlan left promiscuous mode
[  408.830272][T12819] 0 pages cma reserved
[  409.063124][  T144] team0 (unregistering): Port device team_slave_1 removed
[  409.084123][  T144] team0 (unregistering): Port device team_slave_0 removed
[  409.213108][T12668] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  409.241150][T12837] netlink: 'syz.3.3028': attribute type 10 has an invalid length.
[  409.324175][T12837] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  409.346439][T12668] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  409.474259][T12856] netlink: 'syz.4.3032': attribute type 39 has an invalid length.
[  409.825885][T12872] netlink: 'syz.1.3035': attribute type 39 has an invalid length.
[  409.986180][ T4236] Bluetooth: hci1: command 0x0419 tx timeout
[  409.994710][T12668] 8021q: adding VLAN 0 to HW filter on device bond0
[  410.005625][T12883] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3038'.
[  410.074767][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  410.082900][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  410.121127][T12668] 8021q: adding VLAN 0 to HW filter on device team0
[  410.205192][T12892] netlink: 'syz.3.3040': attribute type 21 has an invalid length.
[  410.213154][T12892] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3040'.
[  410.247546][T12890] netlink: 'syz.1.3039': attribute type 4 has an invalid length.
[  410.266339][T12890] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3039'.
[  410.278210][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  410.288404][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  410.303563][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.310993][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.330778][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  410.342711][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  410.351813][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.359121][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  410.461823][T12900] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3041'.
[  410.486822][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  410.500461][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  410.511650][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  410.530515][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  410.554983][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  410.663037][T12668] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  410.704527][T12668] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  410.763320][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  410.796590][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  410.828945][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  410.894980][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  410.914064][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  410.945406][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  410.985314][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  411.009535][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  411.029038][T12918] netlink: 209592 bytes leftover after parsing attributes in process `syz.4.3045'.
[  411.067521][T12919] netlink: 'syz.0.3044': attribute type 39 has an invalid length.
[  411.088560][T12889] delete_channel: no stack
[  411.471823][T12935] netlink: 'syz.4.3048': attribute type 39 has an invalid length.
[  411.531894][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  411.570407][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  411.608295][T12940] netlink: 'syz.1.3050': attribute type 10 has an invalid length.
[  411.643261][T12940] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3050'.
[  411.675822][T12940] bridge0: port 2(ipvlan1) entered blocking state
[  411.727689][T12940] bridge0: port 2(ipvlan1) entered disabled state
[  411.769366][T12940] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  411.856235][T12668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  411.895944][ T1188] wlan1: Trigger new scan to find an IBSS to join
[  411.989214][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  412.020881][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  412.180136][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  412.195294][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  412.211081][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  412.221575][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  412.300720][T12955] netlink: 'syz.0.3054': attribute type 2 has an invalid length.
[  412.318848][T12955] netlink: 'syz.0.3054': attribute type 8 has an invalid length.
[  412.330036][T12955] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3054'.
[  412.343708][T12668] device veth0_vlan entered promiscuous mode
[  412.459016][T12959] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3053'.
[  412.645333][T12668] device veth1_vlan entered promiscuous mode
[  412.686510][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  413.266449][T12984] netlink: 209592 bytes leftover after parsing attributes in process `syz.0.3059'.
[  413.465799][T12965] device syzkaller0 entered promiscuous mode
[  413.480233][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  413.506543][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  413.530936][T12668] device veth0_macvtap entered promiscuous mode
[  413.777184][T12668] device veth1_macvtap entered promiscuous mode
[  413.800651][T12994] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3062'.
[  413.846993][T12994] bridge0: port 3(ipvlan1) entered blocking state
[  413.904346][T12994] bridge0: port 3(ipvlan1) entered disabled state
[  413.926531][T12994] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  413.968438][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  413.983783][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  414.149465][T12668] batman_adv: batadv0: Interface activated: batadv_slave_0
[  414.195086][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  414.237082][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  414.272313][T12668] batman_adv: batadv0: Interface activated: batadv_slave_1
[  414.294108][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  414.335258][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  414.345703][T13011] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  414.393399][T13009] validate_nla: 2 callbacks suppressed
[  414.393416][T13009] netlink: 'syz.1.3064': attribute type 21 has an invalid length.
[  414.442678][T13011] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  414.485765][T12668] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  414.522748][T12668] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  414.552274][T12668] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  414.584928][T12668] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  414.628486][T13017] netlink: 'syz.0.3067': attribute type 21 has an invalid length.
[  414.740012][T13021] netlink: 'syz.3.3068': attribute type 4 has an invalid length.
[  414.865075][    T9] wlan1: Trigger new scan to find an IBSS to join
[  414.921307][T13021] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  415.052106][T13034] __nla_validate_parse: 3 callbacks suppressed
[  415.052123][T13034] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3072'.
[  415.093896][T13037] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3073'.
[  415.123089][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.149955][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.173404][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.229839][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.246753][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.280018][T13044] netlink: 'syz.1.3074': attribute type 2 has an invalid length.
[  415.297632][T13044] netlink: 'syz.1.3074': attribute type 8 has an invalid length.
[  415.326032][T13044] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3074'.
[  415.356528][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.393021][T13047] netlink: 'syz.0.3075': attribute type 10 has an invalid length.
[  415.437197][T13047] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3075'.
[  415.464669][T13047] bridge0: port 3(ipvlan1) entered blocking state
[  415.495661][T13047] bridge0: port 3(ipvlan1) entered disabled state
[  415.508490][T13047] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  415.551144][T13053] netlink: 209592 bytes leftover after parsing attributes in process `syz.3.3078'.
[  415.625232][T13052] netlink: 'syz.1.3077': attribute type 39 has an invalid length.
[  416.049551][T13065] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  416.283927][T13068] netlink: set zone limit has 8 unknown bytes
[  416.967607][T13081] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3094'.
[  417.010207][T13081] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  417.059225][T13081] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  417.114079][T13077] netlink: 'syz.4.3085': attribute type 21 has an invalid length.
[  417.146039][T13077] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3085'.
[  417.199554][T13078] netlink: 'syz.3.3094': attribute type 21 has an invalid length.
[  417.412771][  T144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.487905][T13095] netlink: 'syz.2.3091': attribute type 10 has an invalid length.
[  417.505541][T13095] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3091'.
[  417.518557][T13095] bridge0: port 3(ipvlan1) entered blocking state
[  417.534175][T13095] bridge0: port 3(ipvlan1) entered disabled state
[  417.575946][T13095] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  417.638698][T13097] netlink: 40227 bytes leftover after parsing attributes in process `syz.4.3090'.
[  417.701187][  T144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.852148][  T144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.894615][ T1188] wlan1: Trigger new scan to find an IBSS to join
[  417.945145][T13073] chnl_net:caif_netlink_parms(): no params data found
[  418.032554][  T144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.081635][T13115] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.3098'.
[  418.173052][T13118] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  418.269837][T13073] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.336125][T13073] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.365828][T13073] device bridge_slave_0 entered promiscuous mode
[  418.408229][T13073] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.422992][T13073] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.450567][T13073] device bridge_slave_1 entered promiscuous mode
[  418.576307][T13073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  418.618496][T13073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  418.628026][ T4261] Bluetooth: hci4: command 0x0409 tx timeout
[  418.815809][T13073] team0: Port device team_slave_0 added
[  418.856939][ T1188] wlan1: Creating new IBSS network, BSSID de:5c:5e:d5:0b:95
[  418.921878][T13073] team0: Port device team_slave_1 added
[  419.055788][T13145] bridge0: port 2(ipvlan1) entered blocking state
[  419.111049][T13145] bridge0: port 2(ipvlan1) entered disabled state
[  419.139649][T13145] net_ratelimit: 1 callbacks suppressed
[  419.139667][T13145] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  419.182593][T13073] batman_adv: batadv0: Adding interface: batadv_slave_0
[  419.190636][T13073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.259147][T13073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  419.323303][T13073] batman_adv: batadv0: Adding interface: batadv_slave_1
[  419.340372][T13073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.423372][T13073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  419.535505][T13159] validate_nla: 3 callbacks suppressed
[  419.535549][T13159] netlink: 'syz.2.3109': attribute type 39 has an invalid length.
[  420.127021][T13166] __nla_validate_parse: 2 callbacks suppressed
[  420.127039][T13166] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3110'.
[  420.317424][T13073] device hsr_slave_0 entered promiscuous mode
[  420.336246][T13073] device hsr_slave_1 entered promiscuous mode
[  420.343339][T13073] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  420.370028][T13073] Cannot create hsr debugfs directory
[  420.460749][T13176] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3114'.
[  420.694569][ T4299] Bluetooth: hci4: command 0x041b tx timeout
[  420.904179][T13202] netlink: 'syz.4.3123': attribute type 39 has an invalid length.
[  421.101763][T13210] netlink: 'syz.3.3124': attribute type 10 has an invalid length.
[  421.132486][T13210] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3124'.
[  421.176598][T13210] bridge0: port 3(ipvlan1) entered blocking state
[  421.195485][T13210] bridge0: port 3(ipvlan1) entered disabled state
[  421.221712][T13210] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  421.356151][T13198] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  421.511143][T13225] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3127'.
[  421.807234][T13228] netlink: 'syz.3.3128': attribute type 10 has an invalid length.
[  421.821867][T13228] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3128'.
[  421.845807][T13228] device bond0 entered promiscuous mode
[  421.853880][T13228] device bond_slave_0 entered promiscuous mode
[  421.870217][T13228] device bond_slave_1 entered promiscuous mode
[  421.888010][T13228] device netdevsim0 entered promiscuous mode
[  421.898244][T13228] bridge0: port 3(bond0) entered blocking state
[  421.908427][T13228] bridge0: port 3(bond0) entered disabled state
[  421.932106][T13228] bridge0: port 3(bond0) entered blocking state
[  421.938833][T13228] bridge0: port 3(bond0) entered forwarding state
[  422.024225][T13233] netlink: 16098 bytes leftover after parsing attributes in process `syz.0.3129'.
[  422.063154][T13073] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  422.197185][T13073] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  422.253671][T13073] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  422.300350][T13073] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  422.796724][ T4299] Bluetooth: hci4: command 0x040f tx timeout
[  422.845364][  T144] device hsr_slave_0 left promiscuous mode
[  422.887011][  T144] device hsr_slave_1 left promiscuous mode
[  422.905941][  T144] device bridge_slave_0 left promiscuous mode
[  422.912554][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.964198][  T144] device veth1_macvtap left promiscuous mode
[  422.977968][  T144] device veth0_macvtap left promiscuous mode
[  422.997832][  T144] device veth1_vlan left promiscuous mode
[  423.432788][  T144] team0 (unregistering): Port device team_slave_1 removed
[  423.451425][  T144] team0 (unregistering): Port device team_slave_0 removed
[  423.616317][T13249] netlink: 'syz.0.3135': attribute type 39 has an invalid length.
[  423.702222][T13286] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[  423.820845][T13295] FAULT_INJECTION: forcing a failure.
[  423.820845][T13295] name failslab, interval 1, probability 0, space 0, times 0
[  423.841832][T13295] CPU: 0 PID: 13295 Comm: syz.0.3141 Not tainted syzkaller #0
[  423.849373][T13295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  423.859659][T13295] Call Trace:
[  423.862984][T13295]  <TASK>
[  423.865953][T13295]  dump_stack_lvl+0x188/0x250
[  423.870681][T13295]  ? show_regs_print_info+0x20/0x20
[  423.875935][T13295]  ? load_image+0x400/0x400
[  423.880499][T13295]  should_fail+0x38c/0x4c0
[  423.884978][T13295]  should_failslab+0x5/0x20
[  423.889528][T13295]  slab_pre_alloc_hook+0x51/0xc0
[  423.894686][T13295]  ? nf_ct_ext_add+0x42e/0x660
[  423.899506][T13295]  __kmalloc_track_caller+0x69/0x330
[  423.904825][T13295]  ? nf_ct_ext_add+0x42e/0x660
[  423.909637][T13295]  krealloc+0x5a/0xf0
[  423.913658][T13295]  nf_ct_ext_add+0x42e/0x660
[  423.918433][T13295]  init_conntrack+0x768/0x14d0
[  423.923281][T13295]  ? __nf_conntrack_find_get+0x581/0x650
[  423.928955][T13295]  ? early_drop+0x810/0x810
[  423.933512][T13295]  ? nf_conntrack_find_get+0x670/0x670
[  423.939014][T13295]  ? __siphash_unaligned+0x258/0x3a0
[  423.944341][T13295]  nf_conntrack_in+0xd38/0x1730
[  423.949251][T13295]  ? nf_ct_pernet+0x240/0x240
[  423.954067][T13295]  ? ip6t_alloc_initial_table+0x640/0x640
[  423.959829][T13295]  ? flow_hash_from_keys+0x45c/0x7a0
[  423.965158][T13295]  ? ipv6_defrag+0x2d2/0x3a0
[  423.969793][T13295]  ? ipv6_conntrack_in+0x20/0x20
[  423.974958][T13295]  nf_hook_slow+0xb9/0x200
[  423.979482][T13295]  __ip6_local_out+0x738/0x850
[  423.984392][T13295]  ? ip6_dst_hoplimit+0x310/0x310
[  423.989723][T13295]  ? __ip6_local_out+0x850/0x850
[  423.994866][T13295]  ? read_lock_is_recursive+0x10/0x10
[  424.000279][T13295]  ? csum_block_add_ext+0x2a/0x50
[  424.005340][T13295]  ip6_local_out+0x26/0x120
[  424.009947][T13295]  ip6_send_skb+0x1b9/0x360
[  424.014487][T13295]  udp_v6_send_skb+0xa28/0x1680
[  424.019392][T13295]  udp_v6_push_pending_frames+0x1cc/0x320
[  424.025152][T13295]  ? udp_v6_send_skb+0x1680/0x1680
[  424.030305][T13295]  ? udpv6_sendmsg+0x2650/0x2650
[  424.035281][T13295]  udpv6_sendmsg+0xee3/0x2650
[  424.039994][T13295]  ? udpv6_sendmsg+0x2650/0x2650
[  424.044956][T13295]  ? verify_lock_unused+0x140/0x140
[  424.050187][T13295]  ? udp_v6_early_demux+0xec0/0xec0
[  424.055419][T13295]  ? __lock_acquire+0x12e8/0x7d10
[  424.060498][T13295]  ? aa_sk_perm+0x7dc/0x910
[  424.065038][T13295]  ? aa_af_perm+0x340/0x340
[  424.069573][T13295]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  424.076025][T13295]  ? sock_rps_record_flow+0x17/0x3b0
[  424.081364][T13295]  ? inet_send_prepare+0x58/0x260
[  424.086425][T13295]  ? inet6_sendmsg+0x5b/0xd0
[  424.091078][T13295]  ? inet6_compat_ioctl+0x3c0/0x3c0
[  424.096308][T13295]  ____sys_sendmsg+0x5b7/0x8f0
[  424.101148][T13295]  ? __sys_sendmsg_sock+0x30/0x30
[  424.106232][T13295]  ? import_iovec+0x6f/0xa0
[  424.110769][T13295]  ___sys_sendmsg+0x236/0x2e0
[  424.115513][T13295]  ? __sys_sendmsg+0x2a0/0x2a0
[  424.120325][T13295]  ? vfs_write+0x8b2/0xd60
[  424.124801][T13295]  __se_sys_sendmsg+0x1af/0x290
[  424.129685][T13295]  ? __x64_sys_sendmsg+0x80/0x80
[  424.134648][T13295]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  424.140673][T13295]  ? lockdep_hardirqs_on+0x94/0x140
[  424.145908][T13295]  do_syscall_64+0x4c/0xa0
[  424.150351][T13295]  ? clear_bhb_loop+0x30/0x80
[  424.155048][T13295]  ? clear_bhb_loop+0x30/0x80
[  424.159750][T13295]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  424.165668][T13295] RIP: 0033:0x7fec7bb86eb9
[  424.170110][T13295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  424.189914][T13295] RSP: 002b:00007fec79de2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.198361][T13295] RAX: ffffffffffffffda RBX: 00007fec7be01fa0 RCX: 00007fec7bb86eb9
[  424.206456][T13295] RDX: 0000000020040080 RSI: 0000200000000000 RDI: 0000000000000003
[  424.214454][T13295] RBP: 00007fec79de2090 R08: 0000000000000000 R09: 0000000000000000
[  424.222450][T13295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.230443][T13295] R13: 00007fec7be02038 R14: 00007fec7be01fa0 R15: 00007ffc99d1fb08
[  424.238458][T13295]  </TASK>
[  424.384789][T13293] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  424.618843][T13073] 8021q: adding VLAN 0 to HW filter on device bond0
[  424.734296][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  424.743445][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  424.756116][T13073] 8021q: adding VLAN 0 to HW filter on device team0
[  424.806597][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  424.825902][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  424.854346][ T4299] Bluetooth: hci4: command 0x0419 tx timeout
[  424.861045][ T5533] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.868323][ T5533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  424.910749][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  424.922012][T13320] netlink: 'syz.2.3147': attribute type 29 has an invalid length.
[  424.927434][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  424.946490][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  424.965110][ T5533] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.972297][ T5533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  424.993901][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  425.039234][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  425.076119][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  425.123780][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  425.147563][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  425.170667][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  425.201872][T13320] netlink: 'syz.2.3147': attribute type 29 has an invalid length.
[  425.215821][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  425.227474][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  425.247648][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  425.285406][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  425.320232][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  425.343661][T13073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  425.485093][T13331] netlink: 'syz.3.3151': attribute type 39 has an invalid length.
[  425.904601][T13336] netlink: 'syz.2.3152': attribute type 9 has an invalid length.
[  425.928633][T13336] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3152'.
[  427.178618][T13073] 8021q: adding VLAN 0 to HW filter on device batadv0
[  427.208798][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  427.227834][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  427.347595][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  427.404088][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  427.781150][T13073] device veth0_vlan entered promiscuous mode
[  427.828524][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  427.858524][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  427.917795][T13367] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  427.953316][T13073] device veth1_vlan entered promiscuous mode
[  427.973280][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  428.016565][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  428.076152][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  428.203180][T13373] netlink: 'syz.4.3161': attribute type 10 has an invalid length.
[  428.243246][T13373] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3161'.
[  428.377963][T13373] bridge0: port 2(ipvlan1) entered blocking state
[  428.414517][T13373] bridge0: port 2(ipvlan1) entered disabled state
[  428.464966][T13373] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  428.654584][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  428.688626][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  428.717430][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  428.913519][T13383] netlink: 'syz.0.3163': attribute type 10 has an invalid length.
[  428.955314][T13383] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3163'.
[  428.991086][T13073] device veth0_macvtap entered promiscuous mode
[  429.024684][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  429.073834][T13073] device veth1_macvtap entered promiscuous mode
[  429.152999][T13387] netlink: 'syz.2.3164': attribute type 4 has an invalid length.
[  429.210593][T13387] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3164'.
[  429.528751][T13387] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  429.593193][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  429.619705][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.652164][T13073] batman_adv: batadv0: Interface activated: batadv_slave_0
[  429.682163][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  429.717474][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  429.778770][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.822818][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.867532][T13073] batman_adv: batadv0: Interface activated: batadv_slave_1
[  429.900256][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  429.913916][ T5533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  429.932965][T13073] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.949690][T13073] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.961318][T13073] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  429.973001][T13073] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.016722][T13405] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3171'.
[  430.475981][T13402] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3170'.
[  430.523750][T13413] netlink: 'syz.2.3172': attribute type 2 has an invalid length.
[  430.690513][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.716244][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.897983][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  430.930758][T13413] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3172'.
[  430.992118][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.020730][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.067221][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  431.226224][T13422] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3083'.
[  432.454543][T13437] netlink: 'syz.4.3179': attribute type 4 has an invalid length.
[  432.479205][T13437] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3179'.
[  433.042215][T13450] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3182'.
[  433.121584][T13445] chnl_net:caif_netlink_parms(): no params data found
[  433.292421][T13458] netlink: 'syz.4.3184': attribute type 39 has an invalid length.
[  433.417637][T13445] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.494963][T13445] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.574755][T13445] device bridge_slave_0 entered promiscuous mode
[  433.626358][T13445] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.667317][T13445] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.697306][T13445] device bridge_slave_1 entered promiscuous mode
[  433.870220][T13445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  433.932043][T13445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  434.051030][T13445] team0: Port device team_slave_0 added
[  434.081998][T13445] team0: Port device team_slave_1 added
[  434.295532][T13445] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.307989][T13474] netlink: 'syz.2.3187': attribute type 29 has an invalid length.
[  434.330420][T13445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.367441][T13445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  434.388054][T13445] batman_adv: batadv0: Adding interface: batadv_slave_1
[  434.399724][T13445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.492447][T13445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.515917][T13472] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3188'.
[  434.530075][T13474] netlink: 'syz.2.3187': attribute type 29 has an invalid length.
[  434.571776][T13476] netlink: 'syz.2.3187': attribute type 29 has an invalid length.
[  434.786945][T13445] device hsr_slave_0 entered promiscuous mode
[  434.834353][T13445] device hsr_slave_1 entered promiscuous mode
[  434.854813][T12601] Bluetooth: hci0: command 0x0409 tx timeout
[  434.865836][T13480] netlink: 'syz.4.3190': attribute type 10 has an invalid length.
[  434.895433][T13480] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3190'.
[  434.936529][T13480] bridge0: port 2(ipvlan1) entered blocking state
[  434.994410][T13480] bridge0: port 2(ipvlan1) entered disabled state
[  435.003127][T13480] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  435.518949][T13445] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.674056][T13445] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.803790][T13445] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.819476][T13496] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.3196'.
[  436.000191][T13445] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  436.081298][T13506] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3200'.
[  436.350532][T13510] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  436.420513][T13510] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  436.541516][T13445] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  436.592229][T13445] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  436.691859][T13445] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  436.797685][T13445] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  436.950191][T12601] Bluetooth: hci0: command 0x041b tx timeout
[  437.371049][T13445] 8021q: adding VLAN 0 to HW filter on device bond0
[  437.426879][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  437.445330][T13538] netlink: 209592 bytes leftover after parsing attributes in process `syz.2.3209'.
[  437.462205][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  437.533280][T13445] 8021q: adding VLAN 0 to HW filter on device team0
[  437.547077][T13541] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3211'.
[  437.610342][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  437.644516][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  437.692512][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.699695][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  437.717899][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  437.727681][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  437.741146][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  437.751887][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.759057][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  437.841181][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  437.936175][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  437.985611][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  438.046817][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  438.086978][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  438.135720][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  438.163165][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  438.172252][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  438.225210][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  438.289650][T13445] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  438.410578][T13445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  438.421846][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  438.468491][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  438.494564][T13557] netlink: 'syz.1.3215': attribute type 39 has an invalid length.
[  439.014580][ T4173] Bluetooth: hci0: command 0x040f tx timeout
[  439.198316][T13582] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3221'.
[  439.472468][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  439.510393][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  439.567267][T13445] 8021q: adding VLAN 0 to HW filter on device batadv0
[  439.640828][T13590] netlink: set zone limit has 8 unknown bytes
[  439.681016][T13593] netlink: 'syz.4.3226': attribute type 4 has an invalid length.
[  439.700827][T13593] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3226'.
[  439.751821][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  439.791261][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  439.911223][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  439.935427][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  439.955760][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  439.982982][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  440.007962][T13445] device veth0_vlan entered promiscuous mode
[  440.057222][T13445] device veth1_vlan entered promiscuous mode
[  440.067436][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  440.073836][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  440.156153][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  440.169567][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  440.179533][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  440.193053][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  440.214964][T13445] device veth0_macvtap entered promiscuous mode
[  440.257212][T13445] device veth1_macvtap entered promiscuous mode
[  440.371241][T13445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  440.417518][T13611] netlink: 'syz.2.3231': attribute type 9 has an invalid length.
[  440.438112][T13445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  440.448288][T13445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  440.473152][T13445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  440.478891][T13611] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3231'.
[  440.496727][T13445] batman_adv: batadv0: Interface activated: batadv_slave_0
[  440.510293][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  440.521388][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  440.540308][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  440.567655][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  440.596108][T13445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  440.674467][T13445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  440.749480][T13445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  440.808839][T13445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  440.852361][T13445] batman_adv: batadv0: Interface activated: batadv_slave_1
[  441.094513][T13419] Bluetooth: hci0: command 0x0419 tx timeout
[  441.145606][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  441.161870][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  441.204712][T13622] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3235'.
[  441.249116][T13445] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  441.277992][T13445] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  441.303446][T13445] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  441.333746][T13445] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  441.733086][T13608] netlink: 'syz.2.3231': attribute type 9 has an invalid length.
[  441.773346][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.794310][T13608] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3231'.
[  441.806512][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  441.931769][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  441.945366][T13639] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3248'.
[  442.209547][T13534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.228738][T13647] netlink: 'syz.1.3242': attribute type 10 has an invalid length.
[  442.244146][T13534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.312840][T13647] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3242'.
[  442.402698][T13647] bridge0: port 3(ipvlan1) entered blocking state
[  442.410275][T13647] bridge0: port 3(ipvlan1) entered disabled state
[  442.425597][T13647] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  442.480705][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  442.505566][T13649] netlink: 'syz.4.3241': attribute type 10 has an invalid length.
[  442.958335][  T144] device hsr_slave_0 left promiscuous mode
[  442.978873][  T144] device hsr_slave_1 left promiscuous mode
[  443.000850][  T144] device bridge_slave_1 left promiscuous mode
[  443.014506][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.081105][  T144] device bridge_slave_0 left promiscuous mode
[  443.088028][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.110649][  T144] device veth1_macvtap left promiscuous mode
[  443.141825][  T144] device veth0_macvtap left promiscuous mode
[  443.152452][  T144] device veth1_vlan left promiscuous mode
[  443.718908][  T144] team0 (unregistering): Port device team_slave_1 removed
[  443.742185][  T144] team0 (unregistering): Port device team_slave_0 removed
[  444.145039][T13684] netlink: 'syz.1.3252': attribute type 21 has an invalid length.
[  444.153637][T13684] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3252'.
[  444.191236][T13699] netlink: 'syz.2.3256': attribute type 10 has an invalid length.
[  444.248378][T13699] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3256'.
[  444.422218][T13699] bridge0: port 3(ipvlan1) entered blocking state
[  444.455545][T13699] bridge0: port 3(ipvlan1) entered disabled state
[  444.490185][T13699] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  444.854963][  T154] wlan1: Trigger new scan to find an IBSS to join
[  445.067515][T13706] chnl_net:caif_netlink_parms(): no params data found
[  445.189346][T13706] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.240578][T13706] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.317950][T13706] device bridge_slave_0 entered promiscuous mode
[  445.668580][T13706] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.679549][T13706] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.709387][T13706] device bridge_slave_1 entered promiscuous mode
[  445.794862][T13706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.820616][T13735] netlink: 209592 bytes leftover after parsing attributes in process `syz.3.3267'.
[  445.833245][T13706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  445.903656][T13706] team0: Port device team_slave_0 added
[  445.950087][T13706] team0: Port device team_slave_1 added
[  446.032385][T13706] batman_adv: batadv0: Adding interface: batadv_slave_0
[  446.064454][T13706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.102743][T13706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  446.149926][T13706] batman_adv: batadv0: Adding interface: batadv_slave_1
[  446.167328][T13706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.334002][T13706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  446.943753][T13419] Bluetooth: hci2: command 0x0409 tx timeout
[  446.962655][T13748] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3271'.
[  447.009733][T13748] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  447.042675][T13748] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  447.071471][T13748] bond0 (unregistering): Released all slaves
[  447.146556][T13706] device hsr_slave_0 entered promiscuous mode
[  447.153888][T13706] device hsr_slave_1 entered promiscuous mode
[  447.168749][T13706] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  447.182605][T13706] Cannot create hsr debugfs directory
[  447.800429][T13706] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.902186][T13774] netlink: 'syz.3.3278': attribute type 39 has an invalid length.
[  447.917121][T13534] wlan1: Trigger new scan to find an IBSS to join
[  448.016953][T13706] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.148130][T13706] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.209078][T13792] netlink: 'syz.3.3282': attribute type 4 has an invalid length.
[  448.227048][T13792] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3282'.
[  448.296873][T13792] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  448.509881][T13706] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.016176][ T4290] Bluetooth: hci2: command 0x041b tx timeout
[  449.177210][T13706] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  449.192600][T13808] netlink: 'syz.2.3290': attribute type 3 has an invalid length.
[  449.224701][T13808] netlink: 'syz.2.3290': attribute type 1 has an invalid length.
[  449.251309][T13808] netlink: 195700 bytes leftover after parsing attributes in process `syz.2.3290'.
[  449.270679][T13706] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  449.299928][T13706] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  449.313453][T13808] netlink: 'syz.2.3290': attribute type 10 has an invalid length.
[  449.361774][T13808] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  449.410975][T13818] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.3292'.
[  449.450991][T13808] batman_adv: batadv0: Removing interface: batadv_slave_0
[  449.594826][T13808] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  449.613640][T13706] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  449.646093][T13812] netlink: 'syz.1.3289': attribute type 2 has an invalid length.
[  449.664157][T13817] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3291'.
[  450.033377][T13706] 8021q: adding VLAN 0 to HW filter on device bond0
[  450.223691][T13706] 8021q: adding VLAN 0 to HW filter on device team0
[  450.275188][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  450.311374][T13849] netlink: set zone limit has 8 unknown bytes
[  450.318755][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  450.459713][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  450.479723][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  450.491620][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  450.498855][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  450.655345][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  450.692327][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  450.721974][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  450.741165][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  450.748385][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  450.775278][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  450.820300][T13862] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3304'.
[  450.904179][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  450.945612][  T155] wlan1: Trigger new scan to find an IBSS to join
[  451.042140][T13866] device syzkaller0 entered promiscuous mode
[  451.071919][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  451.106284][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  451.114597][ T4290] Bluetooth: hci2: command 0x040f tx timeout
[  451.135715][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  451.163493][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  451.203420][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  451.439578][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  451.454803][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  451.569055][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  451.608419][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  451.787826][T13706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  452.000894][  T144] device hsr_slave_0 left promiscuous mode
[  452.018214][  T144] device hsr_slave_1 left promiscuous mode
[  452.078348][  T144] device bridge_slave_0 left promiscuous mode
[  452.123389][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.225625][  T144] device veth1_macvtap left promiscuous mode
[  452.231745][  T144] device veth0_macvtap left promiscuous mode
[  452.273563][  T144] device veth1_vlan left promiscuous mode
[  452.412023][T13917] netlink: set zone limit has 8 unknown bytes
[  452.661148][  T144] team0 (unregistering): Port device team_slave_1 removed
[  452.679107][  T144] team0 (unregistering): Port device team_slave_0 removed
[  452.856557][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  452.938722][T13915] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3316'.
[  453.184392][T13133] Bluetooth: hci2: command 0x0419 tx timeout
[  453.193637][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  453.229919][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  453.275299][T13706] 8021q: adding VLAN 0 to HW filter on device batadv0
[  453.441475][  T154] tipc: Subscription rejected, illegal request
[  453.481451][T13952] sock: sock_timestamping_bind_phc: sock not bind to device
[  453.664803][T13957] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3328'.
[  453.883248][T13966] netlink: 209592 bytes leftover after parsing attributes in process `syz.2.3331'.
[  454.194231][T13962] netlink: set zone limit has 8 unknown bytes
[  454.252407][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  454.270023][T13534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  454.601847][T13706] device veth0_vlan entered promiscuous mode
[  454.646233][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  454.672708][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  454.697605][T13981] netlink: 'syz.1.3334': attribute type 39 has an invalid length.
[  454.743664][T13706] device veth1_vlan entered promiscuous mode
[  454.768648][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  454.792439][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  454.813988][ T1188] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  454.943818][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  454.988993][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  455.022311][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  455.050191][T13706] device veth0_macvtap entered promiscuous mode
[  455.070950][T13998] netlink: 'syz.0.3338': attribute type 4 has an invalid length.
[  455.085783][T13998] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3338'.
[  455.112939][T13706] device veth1_macvtap entered promiscuous mode
[  455.173816][T13706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  455.223052][T13706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.274916][T14006] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.3342'.
[  455.284829][T13706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  455.296348][T13706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.312957][T13706] batman_adv: batadv0: Interface activated: batadv_slave_0
[  455.332402][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  455.358347][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  455.381348][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  455.406510][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  455.475808][T14008] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3341'.
[  455.517961][T13706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  455.530130][T13706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.540933][T13706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  455.554395][T13706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.565526][T13706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  455.577121][T13706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.589312][T13706] batman_adv: batadv0: Interface activated: batadv_slave_1
[  455.615082][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  455.645865][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  455.689104][T13706] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  455.712878][T13706] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  455.765077][T13706] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.773866][T13706] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.907906][ T1188] wlan1: Trigger new scan to find an IBSS to join
[  456.267065][T14021] netlink: 'syz.0.3347': attribute type 39 has an invalid length.
[  456.789642][ T1188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.835074][ T1188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  456.876690][ T1188] wlan1: Trigger new scan to find an IBSS to join
[  456.908016][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  456.932559][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.948865][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  457.038585][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  457.114730][T13874] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  457.692273][ T4347] wlan1: Creating new IBSS network, BSSID 6a:85:c6:de:3f:34
[  458.016597][T14056] netlink: 209592 bytes leftover after parsing attributes in process `syz.2.3352'.
[  458.127338][T14059] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3353'.
[  458.388687][T14065] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3355'.
[  458.918779][T14084] netlink: 'syz.3.3362': attribute type 39 has an invalid length.
[  459.264079][T14094] netlink: 209592 bytes leftover after parsing attributes in process `syz.4.3365'.
[  459.389122][T14098] netlink: set zone limit has 8 unknown bytes
[  459.607558][T14105] netlink: 'syz.1.3366': attribute type 4 has an invalid length.
[  459.654437][T14105] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3366'.
[  459.709461][T14105] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  459.759630][T14106] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3367'.
[  460.854490][  T155] wlan1: Trigger new scan to find an IBSS to join
[  460.861538][  T155] wlan1: Trigger new scan to find an IBSS to join
[  460.868502][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  460.993077][T14140] netlink: 'syz.1.3376': attribute type 3 has an invalid length.
[  461.054541][T14140] netlink: 'syz.1.3376': attribute type 1 has an invalid length.
[  461.062939][T14140] netlink: 195700 bytes leftover after parsing attributes in process `syz.1.3376'.
[  461.109562][T14141] netlink: set zone limit has 8 unknown bytes
[  461.262205][T14148] netlink: 'syz.2.3378': attribute type 10 has an invalid length.
[  461.556622][T14143] netlink: 'syz.1.3376': attribute type 10 has an invalid length.
[  461.591741][T14143] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  461.769569][T14143] batman_adv: batadv0: Removing interface: batadv_slave_0
[  461.854615][ T5533] wlan1: Creating new IBSS network, BSSID 9a:74:5e:5b:61:f1
[  461.866615][T14143] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  461.941855][ T5533] wlan1: Creating new IBSS network, BSSID 72:27:ba:cc:ab:ed
[  462.220156][T14156] netlink: 'syz.0.3382': attribute type 39 has an invalid length.
[  462.531677][T14169] netlink: 'syz.4.3384': attribute type 4 has an invalid length.
[  462.602988][T14169] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3384'.
[  462.690865][T14169] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  463.906778][ T4347] wlan1: Trigger new scan to find an IBSS to join
[  464.251065][T14203] netlink: 'syz.0.3397': attribute type 39 has an invalid length.
[  465.407459][T14229] netlink: 'syz.4.3405': attribute type 4 has an invalid length.
[  465.444418][T14229] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3405'.
[  465.453519][T14229] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  465.660515][T14234] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3408'.
[  465.753342][T14234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  465.823017][T14234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  465.850972][T14234] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[  465.879470][T14234] bond0 (unregistering): Released all slaves
[  466.341096][T14241] netlink: 'syz.4.3411': attribute type 39 has an invalid length.
[  466.558749][T14250] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3413'.
[  466.854611][  T155] wlan1: Creating new IBSS network, BSSID be:41:ce:0a:6e:d6
[  467.362777][T14269] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3420'.
[  467.372750][T14271] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.3430'.
[  467.819799][T14279] netlink: 'syz.2.3423': attribute type 2 has an invalid length.
[  467.861075][T14279] netlink: 119 bytes leftover after parsing attributes in process `syz.2.3423'.
[  467.959532][T14275] netlink: 'syz.1.3421': attribute type 4 has an invalid length.
[  467.977889][T14275] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3421'.
[  469.157621][T14314] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.3435'.
[  469.674526][T14332] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  470.121785][T14340] netlink: 'syz.1.3443': attribute type 4 has an invalid length.
[  470.142366][T14340] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3443'.
[  470.311069][T14347] netlink: 'syz.2.3446': attribute type 3 has an invalid length.
[  470.337341][T14347] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.3446'.
[  470.382193][T14355] netlink: 'syz.3.3449': attribute type 39 has an invalid length.
[  470.510664][T14359] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3450'.
[  470.532951][T14357] netlink: 'syz.0.3451': attribute type 39 has an invalid length.
[  470.550954][T14359] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3450'.
[  471.163268][T14377] netlink: 'syz.1.3458': attribute type 2 has an invalid length.
[  471.182651][T14380] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x31
[  472.237930][T14394] netlink: 'syz.1.3465': attribute type 10 has an invalid length.
[  472.258007][T14394] __nla_validate_parse: 6 callbacks suppressed
[  472.258026][T14394] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3465'.
[  472.343710][T14394] bridge0: port 3(ipvlan1) entered blocking state
[  472.383531][T14394] bridge0: port 3(ipvlan1) entered disabled state
[  472.461627][T14394] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  472.799780][T14403] netlink: 'syz.0.3468': attribute type 4 has an invalid length.
[  472.854595][T14403] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3468'.
[  472.950246][T14413] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3470'.
[  474.209371][T14438] netlink: 'syz.4.3477': attribute type 2 has an invalid length.
[  474.290002][T14438] netlink: 119 bytes leftover after parsing attributes in process `syz.4.3477'.
[  474.484831][T14452] netlink: 'syz.2.3481': attribute type 10 has an invalid length.
[  474.493252][T14452] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3481'.
[  474.508662][T14452] bridge0: port 3(ipvlan1) entered blocking state
[  474.517018][T14452] bridge0: port 3(ipvlan1) entered disabled state
[  474.529914][T14452] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  475.226147][T14455] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3484'.
[  476.663270][T14485] netlink: 'syz.1.3493': attribute type 39 has an invalid length.
[  476.855256][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  476.856134][T14492] netlink: 'syz.3.3496': attribute type 10 has an invalid length.
[  476.886956][T14497] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x31
[  476.937081][T14492] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3496'.
[  476.978568][T14492] bridge0: port 4(ipvlan1) entered blocking state
[  476.992009][T14492] bridge0: port 4(ipvlan1) entered disabled state
[  477.037999][T14492] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  477.158741][T14503] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3500'.
[  477.854071][T14516] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  478.020321][T14521] netlink: 'syz.1.3505': attribute type 4 has an invalid length.
[  478.028714][T14521] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3505'.
[  478.413585][T14524] netlink: 'syz.4.3507': attribute type 39 has an invalid length.
[  478.619117][T14537] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3512'.
[  478.905701][T14550] netlink: 'syz.1.3515': attribute type 2 has an invalid length.
[  478.941879][T14550] netlink: 'syz.1.3515': attribute type 3 has an invalid length.
[  478.967372][T14553] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3517'.
[  479.015522][T14550] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3515'.
[  479.065523][T14560] netlink: 'syz.2.3518': attribute type 10 has an invalid length.
[  479.085344][T14560] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3518'.
[  479.104530][T14560] bridge0: port 3(ipvlan1) entered blocking state
[  479.117359][T14560] bridge0: port 3(ipvlan1) entered disabled state
[  479.144152][T14560] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  479.173057][T14561] netlink: 'syz.4.3519': attribute type 39 has an invalid length.
[  479.373728][T14572] netlink: 'syz.2.3524': attribute type 39 has an invalid length.
[  480.400396][T14592] netlink: 'syz.4.3526': attribute type 4 has an invalid length.
[  480.425562][T14592] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3526'.
[  480.468327][T14592] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  480.611198][T14597] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3530'.
[  480.857944][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  480.945357][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  483.266866][ T5533] wlan1: Creating new IBSS network, BSSID 9e:ef:d2:e3:ee:eb
[  483.541866][T14621] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.3537'.
[  483.733498][T14625] netlink: 'syz.0.3538': attribute type 39 has an invalid length.
[  484.193941][T14638] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3544'.
[  484.346621][T14640] netlink: 'syz.0.3543': attribute type 4 has an invalid length.
[  484.364369][T14640] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3543'.
[  484.612264][T14653] netlink: 'syz.0.3546': attribute type 4 has an invalid length.
[  484.635150][T14653] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3546'.
[  484.656286][T14657] netlink: 'syz.2.3550': attribute type 4 has an invalid length.
[  484.668768][T14657] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3550'.
[  484.684888][T14657] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  484.790767][T14661] netlink: 209592 bytes leftover after parsing attributes in process `syz.3.3552'.
[  484.893733][T14663] netlink: 'syz.2.3554': attribute type 39 has an invalid length.
[  485.186222][T14676] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3558'.
[  485.229006][T14680] netlink: 'syz.1.3557': attribute type 4 has an invalid length.
[  485.261664][T14680] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3557'.
[  485.904845][  T144] wlan1: Trigger new scan to find an IBSS to join
[  485.914450][T13534] wlan1: Trigger new scan to find an IBSS to join
[  486.070249][T14700] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.3566'.
[  486.298229][T14711] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3572'.
[  486.556012][T14716] netlink: 'syz.1.3570': attribute type 39 has an invalid length.
[  487.252113][  T155] wlan1: Creating new IBSS network, BSSID 8e:bc:9a:60:59:94
[  487.625828][T14737] netlink: 'syz.2.3577': attribute type 4 has an invalid length.
[  487.640925][T14737] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  487.965596][T14741] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  488.899296][T14759] netlink: 'syz.2.3588': attribute type 39 has an invalid length.
[  489.133782][T14776] __nla_validate_parse: 3 callbacks suppressed
[  489.133801][T14776] netlink: 209592 bytes leftover after parsing attributes in process `syz.0.3593'.
[  489.368035][T14784] netlink: 'syz.3.3594': attribute type 29 has an invalid length.
[  489.373189][T14786] netlink: 209592 bytes leftover after parsing attributes in process `syz.0.3606'.
[  489.397923][T14784] netlink: 'syz.3.3594': attribute type 29 has an invalid length.
[  489.408992][T14784] netlink: 'syz.3.3594': attribute type 29 has an invalid length.
[  489.572356][T14794] netlink: 'syz.4.3596': attribute type 4 has an invalid length.
[  489.621736][T14794] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3596'.
[  489.632358][T14794] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  489.648652][T14793] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3597'.
[  489.796651][T14803] netlink: 'syz.3.3599': attribute type 2 has an invalid length.
[  489.883698][T14803] netlink: 'syz.3.3599': attribute type 3 has an invalid length.
[  489.894557][ T1188] wlan1: Trigger new scan to find an IBSS to join
[  490.004438][T14803] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3599'.
[  490.469044][T14826] netlink: 'syz.3.3602': attribute type 39 has an invalid length.
[  490.743639][T14835] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3608'.
[  491.191175][  T144] wlan1: Creating new IBSS network, BSSID 3a:fd:cb:f6:25:75
[  491.383212][T14847] netlink: 209592 bytes leftover after parsing attributes in process `syz.3.3611'.
[  491.417530][T14849] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3612'.
[  491.780189][T14855] netlink: 'syz.0.3615': attribute type 2 has an invalid length.
[  491.902803][  T144] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  491.941939][T14855] netlink: 'syz.0.3615': attribute type 3 has an invalid length.
[  492.082168][T14855] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3615'.
[  492.348015][T14868] netlink: 'syz.2.3620': attribute type 11 has an invalid length.
[  492.365475][T14868] netlink: 184116 bytes leftover after parsing attributes in process `syz.2.3620'.
[  493.555934][T14898] FAULT_INJECTION: forcing a failure.
[  493.555934][T14898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.614486][T14898] CPU: 1 PID: 14898 Comm: syz.2.3629 Not tainted syzkaller #0
[  493.622022][T14898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  493.632120][T14898] Call Trace:
[  493.635440][T14898]  <TASK>
[  493.638503][T14898]  dump_stack_lvl+0x188/0x250
[  493.643212][T14898]  ? lockdep_hardirqs_on+0x94/0x140
[  493.648441][T14898]  ? show_regs_print_info+0x20/0x20
[  493.653689][T14898]  ? _printk+0x121/0x130
[  493.657959][T14898]  should_fail+0x38c/0x4c0
[  493.662448][T14898]  _copy_from_user+0x2e/0x170
[  493.667147][T14898]  __copy_msghdr_from_user+0xc9/0x630
[  493.672584][T14898]  ? verify_lock_unused+0x140/0x140
[  493.677815][T14898]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  493.683136][T14898]  ___sys_sendmsg+0x19a/0x2e0
[  493.687842][T14898]  ? __sys_sendmsg+0x2a0/0x2a0
[  493.692651][T14898]  ? trace_event_raw_event_lock+0x270/0x270
[  493.698692][T14898]  ? vfs_write+0x8b2/0xd60
[  493.703147][T14898]  __se_sys_sendmsg+0x1af/0x290
[  493.708023][T14898]  ? __x64_sys_sendmsg+0x80/0x80
[  493.712988][T14898]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  493.719011][T14898]  ? lockdep_hardirqs_on+0x94/0x140
[  493.724250][T14898]  do_syscall_64+0x4c/0xa0
[  493.728706][T14898]  ? clear_bhb_loop+0x30/0x80
[  493.733415][T14898]  ? clear_bhb_loop+0x30/0x80
[  493.738128][T14898]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  493.744052][T14898] RIP: 0033:0x7f6d34469eb9
[  493.748527][T14898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  493.768242][T14898] RSP: 002b:00007f6d326c5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  493.776800][T14898] RAX: ffffffffffffffda RBX: 00007f6d346e4fa0 RCX: 00007f6d34469eb9
[  493.785140][T14898] RDX: 0000000004000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  493.793230][T14898] RBP: 00007f6d326c5090 R08: 0000000000000000 R09: 0000000000000000
[  493.801224][T14898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.809333][T14898] R13: 00007f6d346e5038 R14: 00007f6d346e4fa0 R15: 00007ffd7bcd2098
[  493.817349][T14898]  </TASK>
[  494.203969][T14916] validate_nla: 1 callbacks suppressed
[  494.204008][T14916] netlink: 'syz.2.3633': attribute type 2 has an invalid length.
[  494.281975][T14919] netlink: 'syz.3.3636': attribute type 10 has an invalid length.
[  494.296260][T14916] netlink: 'syz.2.3633': attribute type 3 has an invalid length.
[  494.315229][T14919] __nla_validate_parse: 2 callbacks suppressed
[  494.315248][T14919] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3636'.
[  494.329306][T14916] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3633'.
[  494.345834][T14919] bridge0: port 4(ipvlan1) entered blocking state
[  494.352748][T14919] bridge0: port 4(ipvlan1) entered disabled state
[  494.433362][T14919] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  494.841215][T14936] netlink: 'syz.4.3641': attribute type 39 has an invalid length.
[  494.955706][ T1188] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  495.907316][T13534] wlan1: Trigger new scan to find an IBSS to join
[  496.058525][T14969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3652'.
[  496.114670][T14968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3652'.
[  496.163926][T14971] netlink: 'syz.1.3654': attribute type 10 has an invalid length.
[  496.285206][T14971] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3654'.
[  496.568694][T14971] bridge0: port 3(ipvlan1) entered blocking state
[  496.703975][T14971] bridge0: port 3(ipvlan1) entered disabled state
[  496.796873][T14971] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  496.855553][ T5533] wlan1: Trigger new scan to find an IBSS to join
[  497.502369][T14993] netlink: 'syz.3.3658': attribute type 3 has an invalid length.
[  497.521047][T14993] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3658'.
[  497.605871][T14995] netlink: 'syz.0.3659': attribute type 39 has an invalid length.
[  499.782723][T15041] FAULT_INJECTION: forcing a failure.
[  499.782723][T15041] name failslab, interval 1, probability 0, space 0, times 0
[  499.804463][T15041] CPU: 0 PID: 15041 Comm: syz.4.3675 Not tainted syzkaller #0
[  499.811989][T15041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  499.822083][T15041] Call Trace:
[  499.825398][T15041]  <TASK>
[  499.828361][T15041]  dump_stack_lvl+0x188/0x250
[  499.833085][T15041]  ? show_regs_print_info+0x20/0x20
[  499.838351][T15041]  ? load_image+0x400/0x400
[  499.842975][T15041]  ? __lock_acquire+0x7d10/0x7d10
[  499.848047][T15041]  should_fail+0x38c/0x4c0
[  499.852515][T15041]  should_failslab+0x5/0x20
[  499.857059][T15041]  slab_pre_alloc_hook+0x51/0xc0
[  499.862122][T15041]  __kmalloc+0x6b/0x330
[  499.866307][T15041]  ? sk_prot_alloc+0xe7/0x210
[  499.871082][T15041]  sk_prot_alloc+0xe7/0x210
[  499.875643][T15041]  ? sk_alloc+0x1d/0x310
[  499.880023][T15041]  sk_alloc+0x2f/0x310
[  499.884133][T15041]  bpf_prog_test_run_skb+0x240/0x1180
[  499.889666][T15041]  ? __fget_files+0x40f/0x480
[  499.894393][T15041]  ? cpu_online+0x60/0x60
[  499.898768][T15041]  bpf_prog_test_run+0x31e/0x390
[  499.903780][T15041]  __sys_bpf+0x5a5/0x6f0
[  499.908158][T15041]  ? bpf_link_show_fdinfo+0x380/0x380
[  499.913601][T15041]  ? vtime_user_exit+0x2c8/0x3e0
[  499.918658][T15041]  __x64_sys_bpf+0x78/0x90
[  499.923192][T15041]  do_syscall_64+0x4c/0xa0
[  499.927649][T15041]  ? clear_bhb_loop+0x30/0x80
[  499.932369][T15041]  ? clear_bhb_loop+0x30/0x80
[  499.937086][T15041]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  499.943013][T15041] RIP: 0033:0x7faad2854eb9
[  499.947469][T15041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  499.967305][T15041] RSP: 002b:00007faad0ab0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  499.975936][T15041] RAX: ffffffffffffffda RBX: 00007faad2acffa0 RCX: 00007faad2854eb9
[  499.984047][T15041] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a
[  499.992068][T15041] RBP: 00007faad0ab0090 R08: 0000000000000000 R09: 0000000000000000
[  500.000273][T15041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.008471][T15041] R13: 00007faad2ad0038 R14: 00007faad2acffa0 R15: 00007ffc7e8e94c8
[  500.016520][T15041]  </TASK>
[  500.025843][  T144] wlan1: Trigger new scan to find an IBSS to join
[  500.185942][T15047] netlink: 'syz.3.3676': attribute type 39 has an invalid length.
[  501.489944][ T5533] wlan1: Creating new IBSS network, BSSID 2a:91:e2:a0:8d:79
[  501.499280][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  501.506123][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  501.977817][T15085] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3689'.
[  501.994121][  T155] wlan1: Trigger new scan to find an IBSS to join
[  502.574103][T15089] netlink: 'syz.2.3690': attribute type 23 has an invalid length.
[  502.592334][T15089] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3690'.
[  503.031147][ T5533] wlan1: Creating new IBSS network, BSSID 76:d4:60:d5:07:cd
[  503.634885][T15112] netlink: set zone limit has 8 unknown bytes
[  506.305668][T15131] netlink: 'syz.4.3702': attribute type 39 has an invalid length.
[  508.049941][T15163] netlink: 'syz.4.3715': attribute type 39 has an invalid length.
[  508.377877][T15165] netlink: set zone limit has 8 unknown bytes
[  508.724310][T15180] netlink: 'syz.1.3721': attribute type 10 has an invalid length.
[  508.732436][T15180] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3721'.
[  508.748897][T15180] bridge0: port 3(ipvlan1) entered blocking state
[  508.757684][T15180] bridge0: port 3(ipvlan1) entered disabled state
[  508.770762][T15180] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  508.870571][T13534] wlan1: Trigger new scan to find an IBSS to join
[  509.105704][T15185] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3723'.
[  510.392315][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[  510.868809][T15208] netlink: 'syz.4.3732': attribute type 10 has an invalid length.
[  510.904506][T15208] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3732'.
[  510.994796][T15208] bridge0: port 3(ipvlan1) entered blocking state
[  511.062467][T15208] bridge0: port 3(ipvlan1) entered disabled state
[  511.081936][T15216] netlink: 175488 bytes leftover after parsing attributes in process `syz.1.3734'.
[  511.130581][T15208] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  511.165653][T15212] device geneve1 entered promiscuous mode
[  511.185614][T15212] FAULT_INJECTION: forcing a failure.
[  511.185614][T15212] name failslab, interval 1, probability 0, space 0, times 0
[  511.213357][T15212] CPU: 0 PID: 15212 Comm: syz.2.3733 Not tainted syzkaller #0
[  511.220895][T15212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  511.230993][T15212] Call Trace:
[  511.234307][T15212]  <TASK>
[  511.237265][T15212]  dump_stack_lvl+0x188/0x250
[  511.241991][T15212]  ? show_regs_print_info+0x20/0x20
[  511.247323][T15212]  ? load_image+0x400/0x400
[  511.251880][T15212]  should_fail+0x38c/0x4c0
[  511.256336][T15212]  should_failslab+0x5/0x20
[  511.260867][T15212]  slab_pre_alloc_hook+0x51/0xc0
[  511.265848][T15212]  __kmalloc_node_track_caller+0x68/0x3a0
[  511.271644][T15212]  ? rtmsg_ifinfo_build_skb+0x80/0x180
[  511.277143][T15212]  ? kmem_cache_alloc_node+0x162/0x2d0
[  511.282633][T15212]  ? __alloc_skb+0xf4/0x750
[  511.287176][T15212]  ? rtmsg_ifinfo_build_skb+0x80/0x180
[  511.292676][T15212]  __alloc_skb+0x22c/0x750
[  511.297139][T15212]  rtmsg_ifinfo_build_skb+0x80/0x180
[  511.302611][T15212]  rtmsg_ifinfo+0x71/0x120
[  511.307077][T15212]  __dev_notify_flags+0xdc/0x300
[  511.312062][T15212]  ? __dev_change_flags+0x6a0/0x6a0
[  511.317301][T15212]  ? __dev_change_flags+0x525/0x6a0
[  511.322545][T15212]  ? dev_get_flags+0x1c0/0x1c0
[  511.327495][T15212]  ? __mutex_lock_common+0x155c/0x2400
[  511.333010][T15212]  dev_change_flags+0xe3/0x1a0
[  511.337837][T15212]  dev_ifsioc+0x130/0xd50
[  511.342224][T15212]  ? dev_ioctl+0xe30/0xe30
[  511.346690][T15212]  ? apparmor_capable+0x12c/0x190
[  511.351788][T15212]  ? full_name_hash+0x8e/0xe0
[  511.356523][T15212]  dev_ioctl+0x545/0xe30
[  511.360812][T15212]  ? _copy_from_user+0x111/0x170
[  511.365999][T15212]  sock_do_ioctl+0x245/0x320
[  511.370642][T15212]  ? sock_show_fdinfo+0xb0/0xb0
[  511.375551][T15212]  sock_ioctl+0x4d2/0x710
[  511.379928][T15212]  ? sock_poll+0x410/0x410
[  511.384445][T15212]  ? bpf_lsm_file_ioctl+0x5/0x10
[  511.389410][T15212]  ? security_file_ioctl+0x7c/0xa0
[  511.394590][T15212]  ? sock_poll+0x410/0x410
[  511.399048][T15212]  __se_sys_ioctl+0xfa/0x170
[  511.403714][T15212]  do_syscall_64+0x4c/0xa0
[  511.408252][T15212]  ? clear_bhb_loop+0x30/0x80
[  511.412965][T15212]  ? clear_bhb_loop+0x30/0x80
[  511.417685][T15212]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  511.423703][T15212] RIP: 0033:0x7f6d34469eb9
[  511.428154][T15212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  511.447792][T15212] RSP: 002b:00007f6d326c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  511.456251][T15212] RAX: ffffffffffffffda RBX: 00007f6d346e4fa0 RCX: 00007f6d34469eb9
[  511.464263][T15212] RDX: 0000200000000080 RSI: 0000000000008914 RDI: 0000000000000007
[  511.472305][T15212] RBP: 00007f6d326c5090 R08: 0000000000000000 R09: 0000000000000000
[  511.480322][T15212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  511.488450][T15212] R13: 00007f6d346e5038 R14: 00007f6d346e4fa0 R15: 00007ffd7bcd2098
[  511.496478][T15212]  </TASK>
[  512.873519][T15243] device syzkaller0 entered promiscuous mode
[  512.934477][  T154] wlan1: Trigger new scan to find an IBSS to join
[  513.568278][T15266] ------------[ cut here ]------------
[  513.649138][T15266] trace type BPF program uses run-time allocation
[  513.703916][T15266] WARNING: CPU: 0 PID: 15266 at kernel/bpf/verifier.c:11750 check_map_prog_compatibility+0x6cf/0x870
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  513.814686][T15266] Modules linked in:
[  513.818745][T15266] CPU: 1 PID: 15266 Comm: syz.3.3757 Not tainted syzkaller #0
[  513.843066][ T4299] Bluetooth: hci5: command 0x0406 tx timeout
[  513.860645][T15266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  513.904059][T15266] RIP: 0010:check_map_prog_compatibility+0x6cf/0x870
[  513.946073][T15266] Code: ff e8 f5 b6 ef ff 48 c7 c6 20 42 31 8a e9 0d fd ff ff e8 e4 b6 ef ff c6 05 d3 c7 ec 0b 01 48 c7 c7 80 3e 31 8a e8 91 90 27 08 <0f> 0b e9 9f fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a5 f9
[  513.967926][T15266] RSP: 0018:ffffc900030df450 EFLAGS: 00010246
[  513.974754][T15266] RAX: 8216874855f08700 RBX: 0000000000000001 RCX: 0000000000080000
[  513.982914][T15266] RDX: ffffc90014aea000 RSI: 0000000000002cad RDI: 0000000000002cae
[  513.991530][T15266] RBP: ffff888075cf4000 R08: ffff8880b9033d7f R09: 1ffff110172067af
[  514.000601][T15266] R10: dffffc0000000000 R11: ffffed10172067b0 R12: ffffc9000126e038
[  514.021096][T15266] R13: 0000000000000011 R14: dffffc0000000000 R15: 1ffff9200024dc07
[  514.035672][T13534] wlan1: Creating new IBSS network, BSSID 2e:e4:9c:03:e2:b5
[  514.107317][T15266] FS:  00007f45e95bb6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  514.198466][T15266] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  514.286665][T15266] CR2: 00007fde0653be20 CR3: 000000007c2aa000 CR4: 00000000003506f0
[  514.344282][T15266] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  514.352351][T15266] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  514.414256][T15266] Call Trace:
[  514.417616][T15266]  <TASK>
[  514.420643][T15266]  resolve_pseudo_ldimm64+0x681/0x1040
[  514.455078][T15266]  ? check_attach_btf_id+0xe70/0xe70
[  514.460463][T15266]  ? __mark_reg_known+0x1a0/0x1a0
[  514.541286][T15266]  bpf_check+0x4e00/0xf270
[  514.568624][T15266]  ? mark_lock+0x94/0x320
[  514.573057][T15266]  ? __lock_acquire+0x13bc/0x7d10
[  514.608633][T15266]  ? bpf_get_btf_vmlinux+0x10/0x10
[  514.647913][ T1188] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.664968][T15266]  ? mark_lock+0x94/0x320
[  514.684681][T15266]  ? verify_lock_unused+0x140/0x140
[  514.689991][T15266]  ? __mutex_trylock_common+0x155/0x260
[  514.744331][T15266]  ? verify_lock_unused+0x140/0x140
[  514.750432][T15266]  ? rcu_lock_release+0x5/0x20
[  514.759373][T15266]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  514.769287][T15266]  ? lock_chain_count+0x20/0x20
[  514.784658][T15266]  ? seqcount_lockdep_reader_access+0x127/0x1d0
[  514.791094][T15266]  ? lockdep_hardirqs_on+0x94/0x140
[  514.814572][T15266]  ? ktime_get_with_offset+0xff/0x320
[  514.820025][T15266]  ? seqcount_lockdep_reader_access+0x18d/0x1d0
[  514.845406][T15266]  ? ktime_get_real_ts64+0x440/0x440
[  514.850967][T15266]  ? pcpu_alloc+0x1121/0x1770
[  514.866671][ T1188] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.895241][T15266]  ? __might_fault+0xb3/0x110
[  514.900005][T15266]  ? memset+0x1e/0x40
[  514.904073][T15266]  ? bpf_obj_name_cpy+0x190/0x1d0
[  514.922982][T15266]  bpf_prog_load+0xfec/0x1510
[  514.970665][T15266]  ? map_freeze+0x350/0x350
[  514.979599][T15266]  ? __might_fault+0xb7/0x110
[  515.009049][T15266]  ? __might_fault+0xb3/0x110
[  515.013846][T15266]  ? bpf_lsm_bpf+0x5/0x10
[  515.045166][T15266]  ? security_bpf+0x7a/0xa0
[  515.054164][T15266]  __sys_bpf+0x532/0x6f0
[  515.064117][T15266]  ? bpf_link_show_fdinfo+0x380/0x380
[  515.082344][T15266]  ? vtime_user_exit+0x2c8/0x3e0
[  515.103561][T15266]  __x64_sys_bpf+0x78/0x90
[  515.111929][T15266]  do_syscall_64+0x4c/0xa0
[  515.118630][T15266]  ? clear_bhb_loop+0x30/0x80
[  515.136743][ T1188] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.151733][T15266]  ? clear_bhb_loop+0x30/0x80
[  515.158124][T15266]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  515.172308][T15266] RIP: 0033:0x7f45eb35feb9
[  515.194304][T15266] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  515.221338][T15266] RSP: 002b:00007f45e95bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  515.232919][T15266] RAX: ffffffffffffffda RBX: 00007f45eb5dafa0 RCX: 00007f45eb35feb9
[  515.245973][T15266] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005
[  515.246433][ T1188] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  515.254001][T15266] RBP: 00007f45eb3cdc1f R08: 0000000000000000 R09: 0000000000000000
[  515.277765][T15266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  515.288137][T15266] R13: 00007f45eb5db038 R14: 00007f45eb5dafa0 R15: 00007ffd8d592f78
[  515.300167][T15266]  </TASK>
[  515.303266][T15266] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  515.310565][T15266] CPU: 1 PID: 15266 Comm: syz.3.3757 Not tainted syzkaller #0
[  515.318141][T15266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  515.328243][T15266] Call Trace:
[  515.331555][T15266]  <TASK>
[  515.334525][T15266]  dump_stack_lvl+0x188/0x250
[  515.339254][T15266]  ? show_regs_print_info+0x20/0x20
[  515.344488][T15266]  ? load_image+0x400/0x400
[  515.349047][T15266]  panic+0x2e5/0x810
[  515.352982][T15266]  ? bpf_jit_dump+0xd0/0xd0
[  515.357529][T15266]  ? check_map_prog_compatibility+0x6cf/0x870
[  515.363631][T15266]  __warn+0x248/0x2b0
[  515.367649][T15266]  ? check_map_prog_compatibility+0x6cf/0x870
[  515.373762][T15266]  report_bug+0x1b7/0x2e0
[  515.378134][T15266]  handle_bug+0x3a/0x70
[  515.382327][T15266]  exc_invalid_op+0x16/0x40
[  515.386855][T15266]  asm_exc_invalid_op+0x16/0x20
[  515.391737][T15266] RIP: 0010:check_map_prog_compatibility+0x6cf/0x870
[  515.398447][T15266] Code: ff e8 f5 b6 ef ff 48 c7 c6 20 42 31 8a e9 0d fd ff ff e8 e4 b6 ef ff c6 05 d3 c7 ec 0b 01 48 c7 c7 80 3e 31 8a e8 91 90 27 08 <0f> 0b e9 9f fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a5 f9
[  515.418528][T15266] RSP: 0018:ffffc900030df450 EFLAGS: 00010246
[  515.424687][T15266] RAX: 8216874855f08700 RBX: 0000000000000001 RCX: 0000000000080000
[  515.432701][T15266] RDX: ffffc90014aea000 RSI: 0000000000002cad RDI: 0000000000002cae
[  515.440799][T15266] RBP: ffff888075cf4000 R08: ffff8880b9033d7f R09: 1ffff110172067af
[  515.448920][T15266] R10: dffffc0000000000 R11: ffffed10172067b0 R12: ffffc9000126e038
[  515.456927][T15266] R13: 0000000000000011 R14: dffffc0000000000 R15: 1ffff9200024dc07
[  515.465045][T15266]  resolve_pseudo_ldimm64+0x681/0x1040
[  515.470556][T15266]  ? check_attach_btf_id+0xe70/0xe70
[  515.475884][T15266]  ? __mark_reg_known+0x1a0/0x1a0
[  515.480953][T15266]  bpf_check+0x4e00/0xf270
[  515.485419][T15266]  ? mark_lock+0x94/0x320
[  515.489781][T15266]  ? __lock_acquire+0x13bc/0x7d10
[  515.494837][T15266]  ? bpf_get_btf_vmlinux+0x10/0x10
[  515.500161][T15266]  ? mark_lock+0x94/0x320
[  515.504558][T15266]  ? verify_lock_unused+0x140/0x140
[  515.509791][T15266]  ? __mutex_trylock_common+0x155/0x260
[  515.515553][T15266]  ? verify_lock_unused+0x140/0x140
[  515.520798][T15266]  ? rcu_lock_release+0x5/0x20
[  515.525792][T15266]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  515.531821][T15266]  ? lock_chain_count+0x20/0x20
[  515.536817][T15266]  ? seqcount_lockdep_reader_access+0x127/0x1d0
[  515.543452][T15266]  ? lockdep_hardirqs_on+0x94/0x140
[  515.548911][T15266]  ? ktime_get_with_offset+0xff/0x320
[  515.554319][T15266]  ? seqcount_lockdep_reader_access+0x18d/0x1d0
[  515.561404][T15266]  ? ktime_get_real_ts64+0x440/0x440
[  515.566729][T15266]  ? pcpu_alloc+0x1121/0x1770
[  515.571450][T15266]  ? __might_fault+0xb3/0x110
[  515.576596][T15266]  ? memset+0x1e/0x40
[  515.580619][T15266]  ? bpf_obj_name_cpy+0x190/0x1d0
[  515.585676][T15266]  bpf_prog_load+0xfec/0x1510
[  515.590406][T15266]  ? map_freeze+0x350/0x350
[  515.594941][T15266]  ? __might_fault+0xb7/0x110
[  515.599662][T15266]  ? __might_fault+0xb3/0x110
[  515.604387][T15266]  ? bpf_lsm_bpf+0x5/0x10
[  515.608744][T15266]  ? security_bpf+0x7a/0xa0
[  515.613276][T15266]  __sys_bpf+0x532/0x6f0
[  515.617559][T15266]  ? bpf_link_show_fdinfo+0x380/0x380
[  515.622977][T15266]  ? vtime_user_exit+0x2c8/0x3e0
[  515.627954][T15266]  __x64_sys_bpf+0x78/0x90
[  515.632500][T15266]  do_syscall_64+0x4c/0xa0
[  515.637054][T15266]  ? clear_bhb_loop+0x30/0x80
[  515.641774][T15266]  ? clear_bhb_loop+0x30/0x80
[  515.646485][T15266]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  515.652430][T15266] RIP: 0033:0x7f45eb35feb9
[  515.656877][T15266] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  515.676509][T15266] RSP: 002b:00007f45e95bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  515.684955][T15266] RAX: ffffffffffffffda RBX: 00007f45eb5dafa0 RCX: 00007f45eb35feb9
[  515.692947][T15266] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005
[  515.701034][T15266] RBP: 00007f45eb3cdc1f R08: 0000000000000000 R09: 0000000000000000
[  515.709147][T15266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  515.717163][T15266] R13: 00007f45eb5db038 R14: 00007f45eb5dafa0 R15: 00007ffd8d592f78
[  515.725358][T15266]  </TASK>
[  515.728643][T15266] Kernel Offset: disabled
[  515.732997][T15266] Rebooting in 86400 seconds..