last executing test programs:

18.327744405s ago: executing program 1 (id=10737):
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x0, 0x8, 0x9b, 0x0, 0x0, 0x8, 0x4}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0xc8, 0x0, 0x0, 0xdb6c, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x4, 0x3000000, {0x0, 0x6000000, 0x4}}]}}, 0xffffffffffffffff, 0x32, 0x0, 0x2}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce2200fc00"], 0xfdef)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r5, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0xb, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xc846, 0x61, 0x10, 0xa4}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x401}}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

17.550100029s ago: executing program 4 (id=10742):
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x6, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc)

17.401760795s ago: executing program 1 (id=10744):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000ff0700000000000000000000850000002a00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8920, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000380)=r4)
write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)

17.316048067s ago: executing program 0 (id=10745):
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="54000000000000000000000400000000000000600000000100010001000000010000000700000007442cc05000000000000000010000ee06000000080000000100000e4a000000200065000300000005000000080000000030000000000000000100000001"], 0x88}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000"], 0x18}, 0x0)
close(r5)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071115e00000000008510000002000000850000000000000095000007000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x10, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, 0x0}, 0x94)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x0, <r7=>0x0}, 0x8)
r8 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r7, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000200)={r8, r6, 0x4, r6}, 0x10)

17.184364972s ago: executing program 4 (id=10748):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x702, 0x0, 0x0, &(0x7f0000000540), 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00', 0x2})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080))

16.88898819s ago: executing program 4 (id=10751):
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0xc0126080, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffff2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)

16.88814675s ago: executing program 0 (id=10761):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050001000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x8880)

16.664873588s ago: executing program 0 (id=10752):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4, 0x400000, 0x10, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x1, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r3 = bpf$ITER_CREATE(0xb, &(0x7f00000002c0)={r2}, 0x8)
write$cgroup_int(r3, &(0x7f00000001c0), 0xfffffdef)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x61, 0xbb, &(0x7f0000000300)=""/187, 0x41000, 0x40, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x2, 0xe, 0x3, 0x202}, 0x10, 0x1d51, 0xffffffffffffffff, 0x3, &(0x7f0000000400), &(0x7f0000000500)=[{0x4, 0x1, 0xe, 0x8}, {0x5, 0x1, 0x2, 0x7}, {0x4, 0x1, 0xb, 0xc}], 0x10, 0x44c5be84}, 0x94)
ioctl$TUNSETIFF(r3, 0x5421, &(0x7f0000000000)={'syzkaller0\x00', 0x2})
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x12)
socketpair(0x2b, 0xa, 0x80000000, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x8a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x1e}, 0xc9, 0x100020, 0x0, 0x3, 0x100, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f0000001340)={0x2, 0x80, 0xef, 0x0, 0x0, 0x0, 0x0, 0x1f9, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffc, 0x3, 0x4, 0x7, 0x1, 0x4, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r5 = getpid()
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r5, r4, 0x0, 0x1, &(0x7f0000000180)='\x00'}, 0x30)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6)

16.347621967s ago: executing program 0 (id=10753):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000180))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000000001000b00000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)

16.26019285s ago: executing program 0 (id=10754):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000740), 0x5}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b2c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f5533d3c58104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7866f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7abc231f8cde79b7a6c5aafe954b8ba37818e40c14b36f2d7c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1df7ffffff735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b82ceaeaae9b1713b5f2ee68e2b53d44bd84bf6960157e96bbb96b5e10d66c87e7a9a7d53c281d88ebb175a4dbb82130e6870980e47913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf355e5b91114052f8a398d8e10c96b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c58965c514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e24d192d67a1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb2200040000fc1e3865d17d128306d1b81884a934cb0000000000d367000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f47"], 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x8}}, 0x0, 0x2}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
openat$ppp(0xffffffffffffff9c, 0x0, 0x210400, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113380000000000bf1000000000000025000200091b00003d200000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001f00000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_msg}, 0x48)

15.924077211s ago: executing program 0 (id=10755):
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x0, 0x8, 0x9b, 0x0, 0x0, 0x8, 0x4}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0xc8, 0x0, 0x0, 0xdb6c, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x4, 0x3000000, {0x0, 0x6000000, 0x4}}]}}, 0xffffffffffffffff, 0x32, 0x0, 0x2}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce2200fc00"], 0xfdef)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r5, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0xb, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xc846, 0x61, 0x10, 0xa4}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x401}}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

12.793069079s ago: executing program 1 (id=10756):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1c, 0x4, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x12000, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x0, &(0x7f0000002f40)="d0151144f5c155cf6b9e", 0xa, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x6, 0x80000000, 0x0, 0x87, 0x3, 0xfffc}, r1, 0xffffffffffffffff, r0, 0x0)

12.674553903s ago: executing program 2 (id=10757):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113380000000000bf1000000000000025000200091b00003d200000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001f00000015030000ffffffffbf050000000000000f6500001b0900006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_msg}, 0x48)

12.581346916s ago: executing program 4 (id=10758):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r2=>0x0, <r3=>0x0})
close(r2)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r4=>0x0, <r5=>0x0})
close(r4)
setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x127)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xc, 0x3ff, 0x3, 0x4, 0x4200, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x4}, 0x50)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
close(r1)

12.380112412s ago: executing program 2 (id=10759):
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x5d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0xea, 0x7, 0x40, 0xe5, 0x0, 0x0, 0xd000, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_bp={0x0, 0x2}, 0x9c7, 0xfc, 0x4, 0x0, 0x81, 0x9, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000540)={0x2, 0x80, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22160, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1, 0x7, 0x0, 0x3}, 0x0, 0x1, r0, 0xb)

12.379756782s ago: executing program 1 (id=10760):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050001000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000300)=r3)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[], 0xffdd)

12.339798124s ago: executing program 4 (id=10762):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080))
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20000000}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r4, 0x800454e0, &(0x7f0000000300)=r5)
openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030611bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r6}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x19, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r7, r0}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x31}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)

12.039244253s ago: executing program 2 (id=10763):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x2000)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200), 0x4a)

8.789726675s ago: executing program 2 (id=10765):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x7, 0x4, 0x18, 0xa042, 0x0, 0xffffffffffffffff, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x50)

8.714669597s ago: executing program 2 (id=10766):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000000f000000bf09000000000000550901000074f6967d00000000000000180100002020709000000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xc1c34af2e521e80b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8.552272592s ago: executing program 2 (id=10767):
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000380)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000000000008500000059"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x28}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
syz_clone(0xc2002000, 0x0, 0x0, 0x0, 0x0, 0x0)

6.38069884s ago: executing program 4 (id=10768):
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
syz_clone(0xc0126080, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)

6.261614894s ago: executing program 1 (id=10769):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
close(0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/10], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000070000000800000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001200)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f07df33c9f7b986", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.374348902s ago: executing program 1 (id=10770):
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0xc0126080, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffff2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)

4.948862005s ago: executing program 3 (id=10773):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002d80)={r0, 0x0, 0x7, 0x0, &(0x7f0000000d00)="e0bf47e7ba062f", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28)

4.756317851s ago: executing program 3 (id=10774):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080))
perf_event_open(&(0x7f0000000740)={0x1, 0x80, 0x2, 0xfd, 0x0, 0x0, 0x0, 0x4, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x5}, 0xc634, 0x2, 0x0, 0x0, 0x8000000000000000, 0x0, 0xffff}, 0x0, 0x2, 0xffffffffffffffff, 0x2)
write$cgroup_devices(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="1e030a004d8c71ef268563"], 0xffdd)

1.751098336s ago: executing program 3 (id=10775):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101})
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETDEBUG(r3, 0x400454c9, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080))
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5c"], 0xffdd)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x105301, 0x0)
write$cgroup_devices(r6, 0x0, 0xffdd)
close(r4)
close(r3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0x1, 0x58, &(0x7f0000000400)}, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740))
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)

431.972287ms ago: executing program 32 (id=10755):
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x0, 0x8, 0x9b, 0x0, 0x0, 0x8, 0x4}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0xc8, 0x0, 0x0, 0xdb6c, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x4, 0x3000000, {0x0, 0x6000000, 0x4}}]}}, 0xffffffffffffffff, 0x32, 0x0, 0x2}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce2200fc00"], 0xfdef)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r5, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0xb, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xc846, 0x61, 0x10, 0xa4}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x401}}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

426.645967ms ago: executing program 3 (id=10777):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0xb, 0x43, 0x40, 0xc0}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000080), 0x0}, 0x20)

138.043586ms ago: executing program 3 (id=10778):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, 0x0, &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'macsec0\x00', 0xca58c30f81b6079f})
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000080))

0s ago: executing program 3 (id=10779):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000200000000000000000850000002a0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0xe}, 0x0, 0x1, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000100000000000000000000850000007500000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r2)
syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1557.451186][T29763] RSP: 002b:00007f8cb62fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1557.459632][T29763] RAX: ffffffffffffffda RBX: 00007f8cb5615fa0 RCX: 00007f8cb539ce59
[ 1557.467635][T29763] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1557.475637][T29763] RBP: 00007f8cb5432d6f R08: 0000000000000000 R09: 0000000000000000
[ 1557.483640][T29763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1557.491642][T29763] R13: 00007f8cb5616038 R14: 00007f8cb5615fa0 R15: 00007fff79cf8548
[ 1557.499662][T29763]  </TASK>
[ 1558.241037][T29771] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1558.248734][T29771] IPv6: NLM_F_CREATE should be set when creating new route
[ 1558.256515][T29771] IPv6: NLM_F_CREATE should be set when creating new route
[ 1558.264198][T29771] IPv6: NLM_F_CREATE should be set when creating new route
[ 1558.931039][T29794] delete_channel: no stack
[ 1562.268817][T29862] netlink: 'syz.1.8498': attribute type 25 has an invalid length.
[ 1562.334123][T29862] netlink: 'syz.1.8498': attribute type 1 has an invalid length.
[ 1562.342126][T29862] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1565.322765][T29873] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8502'.
[ 1565.340479][T29871] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8502'.
[ 1567.456251][T29936] netlink: 'syz.2.8522': attribute type 10 has an invalid length.
[ 1568.708913][T29959] delete_channel: no stack
[ 1568.903339][T29978] netlink: 'syz.2.8536': attribute type 13 has an invalid length.
[ 1568.934062][T29978] netlink: 152 bytes leftover after parsing attributes in process `syz.2.8536'.
[ 1568.965690][T29978] syz_tun: refused to change device tx_queue_len
[ 1568.972302][T29978] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 1569.164102][T29982] netlink: 62779 bytes leftover after parsing attributes in process `syz.2.8536'.
[ 1571.335425][T30047] FAULT_INJECTION: forcing a failure.
[ 1571.335425][T30047] name failslab, interval 1, probability 0, space 0, times 0
[ 1571.357869][T30047] CPU: 0 PID: 30047 Comm: syz.2.8563 Not tainted syzkaller #0
[ 1571.365427][T30047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1571.375715][T30047] Call Trace:
[ 1571.379050][T30047]  <TASK>
[ 1571.382031][T30047]  dump_stack_lvl+0x188/0x24e
[ 1571.386780][T30047]  ? show_regs_print_info+0x12/0x12
[ 1571.392070][T30047]  ? load_image+0x400/0x400
[ 1571.396640][T30047]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1571.402687][T30047]  should_fail_ex+0x399/0x4d0
[ 1571.407527][T30047]  should_failslab+0x5/0x20
[ 1571.412081][T30047]  slab_pre_alloc_hook+0x59/0x310
[ 1571.417174][T30047]  kmem_cache_alloc+0x56/0x2f0
[ 1571.421989][T30047]  ? __build_skb+0x2a/0x3c0
[ 1571.426565][T30047]  __build_skb+0x2a/0x3c0
[ 1571.430963][T30047]  build_skb+0x1e/0x230
[ 1571.435182][T30047]  bpf_prog_test_run_skb+0x37e/0x12a0
[ 1571.440610][T30047]  ? __fget_files+0x28/0x4b0
[ 1571.445282][T30047]  ? __fget_files+0x43d/0x4b0
[ 1571.450054][T30047]  ? cpu_online+0xa0/0xa0
[ 1571.454461][T30047]  bpf_prog_test_run+0x31e/0x390
[ 1571.459516][T30047]  __sys_bpf+0x62b/0x780
[ 1571.463815][T30047]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1571.469269][T30047]  ? lock_chain_count+0x20/0x20
[ 1571.474192][T30047]  __x64_sys_bpf+0x78/0x90
[ 1571.478673][T30047]  do_syscall_64+0x4c/0xa0
[ 1571.483151][T30047]  ? clear_bhb_loop+0x60/0xb0
[ 1571.487888][T30047]  ? clear_bhb_loop+0x60/0xb0
[ 1571.492623][T30047]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1571.498661][T30047] RIP: 0033:0x7f9a6f99ce59
[ 1571.503134][T30047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1571.522794][T30047] RSP: 002b:00007f9a7093c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1571.531268][T30047] RAX: ffffffffffffffda RBX: 00007f9a6fc15fa0 RCX: 00007f9a6f99ce59
[ 1571.539296][T30047] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 000000000000000a
[ 1571.547324][T30047] RBP: 00007f9a7093c090 R08: 0000000000000000 R09: 0000000000000000
[ 1571.555349][T30047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1571.563364][T30047] R13: 00007f9a6fc16038 R14: 00007f9a6fc15fa0 R15: 00007ffd5473e428
[ 1571.571401][T30047]  </TASK>
[ 1572.505937][T30058] netlink: 'syz.0.8567': attribute type 2 has an invalid length.
[ 1572.521447][T30058] netlink: 'syz.0.8567': attribute type 3 has an invalid length.
[ 1572.544115][T30058] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8567'.
[ 1573.036244][T22025] Bluetooth: hci0: ISO packet for unknown connection handle 35
[ 1574.410076][T30108] FAULT_INJECTION: forcing a failure.
[ 1574.410076][T30108] name failslab, interval 1, probability 0, space 0, times 0
[ 1574.459588][T30108] CPU: 1 PID: 30108 Comm: syz.1.8586 Not tainted syzkaller #0
[ 1574.467158][T30108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1574.477281][T30108] Call Trace:
[ 1574.480609][T30108]  <TASK>
[ 1574.483590][T30108]  dump_stack_lvl+0x188/0x24e
[ 1574.488347][T30108]  ? show_regs_print_info+0x12/0x12
[ 1574.493617][T30108]  ? load_image+0x400/0x400
[ 1574.498188][T30108]  ? __might_sleep+0xd0/0xd0
[ 1574.502838][T30108]  ? __lock_acquire+0x7d10/0x7d10
[ 1574.507934][T30108]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1574.513985][T30108]  should_fail_ex+0x399/0x4d0
[ 1574.518726][T30108]  should_failslab+0x5/0x20
[ 1574.523284][T30108]  slab_pre_alloc_hook+0x59/0x310
[ 1574.528365][T30108]  ? lockdep_hardirqs_on+0x94/0x140
[ 1574.533618][T30108]  ? page_pool_create+0x6d/0x5c0
[ 1574.538623][T30108]  __kmem_cache_alloc_node+0x4f/0x260
[ 1574.544064][T30108]  ? page_pool_create+0x6d/0x5c0
[ 1574.549071][T30108]  kmalloc_node_trace+0x22/0xe0
[ 1574.554011][T30108]  page_pool_create+0x6d/0x5c0
[ 1574.558847][T30108]  bpf_test_run_xdp_live+0x223/0x1a90
[ 1574.564291][T30108]  ? 0xffffffffa0004440
[ 1574.568492][T30108]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 1574.574196][T30108]  ? 0xffffffffa0004440
[ 1574.578411][T30108]  ? bpf_dispatcher_change_prog+0xcbb/0xf10
[ 1574.584377][T30108]  ? 0xffffffffa0004440
[ 1574.588593][T30108]  ? xdp_convert_md_to_buff+0x330/0x330
[ 1574.594245][T30108]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 1574.600570][T30108]  ? bpf_test_init+0x119/0x140
[ 1574.605419][T30108]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1574.610957][T30108]  bpf_prog_test_run_xdp+0x736/0xf10
[ 1574.616335][T30108]  ? dev_put+0x80/0x80
[ 1574.620473][T30108]  ? dev_put+0x80/0x80
[ 1574.624634][T30108]  bpf_prog_test_run+0x31e/0x390
[ 1574.629640][T30108]  __sys_bpf+0x62b/0x780
[ 1574.633950][T30108]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1574.639403][T30108]  ? lock_chain_count+0x20/0x20
[ 1574.644352][T30108]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1574.650492][T30108]  __x64_sys_bpf+0x78/0x90
[ 1574.654971][T30108]  do_syscall_64+0x4c/0xa0
[ 1574.659445][T30108]  ? clear_bhb_loop+0x60/0xb0
[ 1574.664182][T30108]  ? clear_bhb_loop+0x60/0xb0
[ 1574.668926][T30108]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1574.674884][T30108] RIP: 0033:0x7ff270d9ce59
[ 1574.679351][T30108] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1574.699114][T30108] RSP: 002b:00007ff271d21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1574.707585][T30108] RAX: ffffffffffffffda RBX: 00007ff271015fa0 RCX: 00007ff270d9ce59
[ 1574.715613][T30108] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1574.723645][T30108] RBP: 00007ff271d21090 R08: 0000000000000000 R09: 0000000000000000
[ 1574.731676][T30108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1574.739718][T30108] R13: 00007ff271016038 R14: 00007ff271015fa0 R15: 00007ffeab02f7d8
[ 1574.747779][T30108]  </TASK>
[ 1574.878352][T30116] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.8589'.
[ 1575.338002][T30124] device syzkaller0 entered promiscuous mode
[ 1575.516034][T30128] delete_channel: no stack
[ 1577.531872][T30168] netlink: 'syz.2.8604': attribute type 2 has an invalid length.
[ 1577.553812][T30168] netlink: 'syz.2.8604': attribute type 3 has an invalid length.
[ 1577.568077][T30168] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8604'.
[ 1579.311166][T30140] netlink: 'syz.0.8599': attribute type 11 has an invalid length.
[ 1579.880506][T30184] netlink: 'syz.3.8607': attribute type 2 has an invalid length.
[ 1579.980927][T30186] netlink: 'syz.1.8613': attribute type 3 has an invalid length.
[ 1580.063529][T30186] netlink: 114680 bytes leftover after parsing attributes in process `syz.1.8613'.
[ 1580.401633][T30201] netlink: 'syz.1.8618': attribute type 2 has an invalid length.
[ 1580.450811][T30201] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.8618'.
[ 1580.468905][T30200] netlink: 'syz.2.8619': attribute type 10 has an invalid length.
[ 1580.830968][T30206] netlink: 'syz.4.8620': attribute type 2 has an invalid length.
[ 1580.954212][T30206] netlink: 'syz.4.8620': attribute type 3 has an invalid length.
[ 1580.971842][T30206] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8620'.
[ 1581.783742][T24037] tipc: Subscription rejected, illegal request
[ 1582.807703][T30257] tipc: Started in network mode
[ 1582.871452][T30257] tipc: Node identity 9215a268, cluster identity 4711
[ 1582.959716][T30257] tipc: Node number set to 2450891368
[ 1583.337233][T30260] netlink: 'syz.3.8639': attribute type 2 has an invalid length.
[ 1583.394420][T30260] netlink: 'syz.3.8639': attribute type 3 has an invalid length.
[ 1583.420736][T30260] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8639'.
[ 1586.421819][T30290] netlink: 'syz.0.8646': attribute type 10 has an invalid length.
[ 1588.544357][T30339] delete_channel: no stack
[ 1588.948817][T30358] FAULT_INJECTION: forcing a failure.
[ 1588.948817][T30358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1588.983493][T30358] CPU: 1 PID: 30358 Comm: syz.0.8673 Not tainted syzkaller #0
[ 1588.991065][T30358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1589.001178][T30358] Call Trace:
[ 1589.004501][T30358]  <TASK>
[ 1589.007497][T30358]  dump_stack_lvl+0x188/0x24e
[ 1589.012246][T30358]  ? show_regs_print_info+0x12/0x12
[ 1589.017515][T30358]  ? load_image+0x400/0x400
[ 1589.022088][T30358]  ? __lock_acquire+0x7d10/0x7d10
[ 1589.027194][T30358]  ? __rcu_read_unlock+0x78/0xd0
[ 1589.032292][T30358]  should_fail_ex+0x399/0x4d0
[ 1589.037033][T30358]  _copy_to_user+0x2c/0x130
[ 1589.041601][T30358]  bpf_test_finish+0x198/0x600
[ 1589.046440][T30358]  ? convert___skb_to_skb+0x580/0x580
[ 1589.051869][T30358]  ? convert_skb_to___skb+0x420/0x420
[ 1589.057303][T30358]  ? __build_skb+0x257/0x3c0
[ 1589.061965][T30358]  bpf_prog_test_run_skb+0xc99/0x12a0
[ 1589.067414][T30358]  ? cpu_online+0xa0/0xa0
[ 1589.071796][T30358]  bpf_prog_test_run+0x31e/0x390
[ 1589.076817][T30358]  __sys_bpf+0x62b/0x780
[ 1589.081116][T30358]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1589.086569][T30358]  ? lock_chain_count+0x20/0x20
[ 1589.091490][T30358]  __x64_sys_bpf+0x78/0x90
[ 1589.095963][T30358]  do_syscall_64+0x4c/0xa0
[ 1589.100443][T30358]  ? clear_bhb_loop+0x60/0xb0
[ 1589.105188][T30358]  ? clear_bhb_loop+0x60/0xb0
[ 1589.109936][T30358]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1589.115901][T30358] RIP: 0033:0x7f9363f9ce59
[ 1589.120350][T30358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1589.139992][T30358] RSP: 002b:00007f9364f25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1589.148485][T30358] RAX: ffffffffffffffda RBX: 00007f9364215fa0 RCX: 00007f9363f9ce59
[ 1589.156520][T30358] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 000000000000000a
[ 1589.164539][T30358] RBP: 00007f9364f25090 R08: 0000000000000000 R09: 0000000000000000
[ 1589.172542][T30358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1589.180575][T30358] R13: 00007f9364216038 R14: 00007f9364215fa0 R15: 00007ffe44dc0758
[ 1589.188594][T30358]  </TASK>
[ 1589.562694][T30370] netlink: 143932 bytes leftover after parsing attributes in process `syz.2.8675'.
[ 1589.594063][T30370] netlink: zone id is out of range
[ 1589.601222][T30370] netlink: zone id is out of range
[ 1589.615666][T30370] netlink: zone id is out of range
[ 1589.621455][T30370] netlink: zone id is out of range
[ 1589.639829][T30370] netlink: zone id is out of range
[ 1589.648783][T30370] netlink: zone id is out of range
[ 1589.661584][T30370] netlink: zone id is out of range
[ 1589.704313][T30370] netlink: zone id is out of range
[ 1589.710182][T30370] netlink: zone id is out of range
[ 1589.734373][T30370] netlink: zone id is out of range
[ 1590.539715][T30398] netlink: 10 bytes leftover after parsing attributes in process `syz.4.8686'.
[ 1592.729358][T30440] FAULT_INJECTION: forcing a failure.
[ 1592.729358][T30440] name failslab, interval 1, probability 0, space 0, times 0
[ 1592.749839][T30440] CPU: 0 PID: 30440 Comm: syz.3.8700 Not tainted syzkaller #0
[ 1592.757394][T30440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1592.767501][T30440] Call Trace:
[ 1592.770915][T30440]  <TASK>
[ 1592.773894][T30440]  dump_stack_lvl+0x188/0x24e
[ 1592.778645][T30440]  ? show_regs_print_info+0x12/0x12
[ 1592.783910][T30440]  ? load_image+0x400/0x400
[ 1592.788482][T30440]  ? __might_sleep+0xd0/0xd0
[ 1592.793126][T30440]  ? __lock_acquire+0x7d10/0x7d10
[ 1592.798223][T30440]  should_fail_ex+0x399/0x4d0
[ 1592.802962][T30440]  should_failslab+0x5/0x20
[ 1592.807524][T30440]  slab_pre_alloc_hook+0x59/0x310
[ 1592.812615][T30440]  ? __xdp_reg_mem_model+0x1e0/0x5c0
[ 1592.817963][T30440]  __kmem_cache_alloc_node+0x4f/0x260
[ 1592.823394][T30440]  ? memset+0x1e/0x40
[ 1592.827433][T30440]  ? __xdp_reg_mem_model+0x1e0/0x5c0
[ 1592.832778][T30440]  kmalloc_trace+0x26/0xe0
[ 1592.837299][T30440]  __xdp_reg_mem_model+0x1e0/0x5c0
[ 1592.842477][T30440]  ? kvmalloc_node+0x6c/0x180
[ 1592.847222][T30440]  ? kvmalloc_node+0x6c/0x180
[ 1592.851979][T30440]  ? xdp_reg_mem_model+0x30/0x30
[ 1592.856986][T30440]  xdp_reg_mem_model+0x1e/0x30
[ 1592.861812][T30440]  bpf_test_run_xdp_live+0x299/0x1a90
[ 1592.867249][T30440]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 1592.872588][T30440]  ? text_poke_copy+0x79/0x90
[ 1592.877431][T30440]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 1592.882782][T30440]  ? bpf_dispatcher_change_prog+0xcbb/0xf10
[ 1592.888745][T30440]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 1592.894084][T30440]  ? xdp_convert_md_to_buff+0x330/0x330
[ 1592.899725][T30440]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 1592.906124][T30440]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1592.911647][T30440]  bpf_prog_test_run_xdp+0x736/0xf10
[ 1592.917007][T30440]  ? dev_put+0x80/0x80
[ 1592.921145][T30440]  ? dev_put+0x80/0x80
[ 1592.925268][T30440]  bpf_prog_test_run+0x31e/0x390
[ 1592.930270][T30440]  __sys_bpf+0x62b/0x780
[ 1592.934574][T30440]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1592.940043][T30440]  ? __sys_bpf+0x1/0x780
[ 1592.944383][T30440]  __x64_sys_bpf+0x78/0x90
[ 1592.949207][T30440]  do_syscall_64+0x4c/0xa0
[ 1592.953686][T30440]  ? clear_bhb_loop+0x60/0xb0
[ 1592.958412][T30440]  ? clear_bhb_loop+0x60/0xb0
[ 1592.963142][T30440]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1592.969136][T30440] RIP: 0033:0x7f8cb539ce59
[ 1592.973604][T30440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1592.993280][T30440] RSP: 002b:00007f8cb62fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1593.001755][T30440] RAX: ffffffffffffffda RBX: 00007f8cb5615fa0 RCX: 00007f8cb539ce59
[ 1593.009784][T30440] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1593.017807][T30440] RBP: 00007f8cb62fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1593.025830][T30440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1593.033855][T30440] R13: 00007f8cb5616038 R14: 00007f8cb5615fa0 R15: 00007fff79cf8548
[ 1593.041899][T30440]  </TASK>
[ 1593.684460][T30455] netlink: 'syz.4.8703': attribute type 2 has an invalid length.
[ 1598.838740][T30580] netlink: 'syz.1.8750': attribute type 3 has an invalid length.
[ 1598.885542][T30580] netlink: 114680 bytes leftover after parsing attributes in process `syz.1.8750'.
[ 1599.028789][T30591] netlink: 'syz.0.8753': attribute type 2 has an invalid length.
[ 1599.048374][T30591] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.8753'.
[ 1599.502269][T22025] Bluetooth: hci4: ISO packet for unknown connection handle 3843
[ 1605.670498][T30673] netlink: 'syz.3.8782': attribute type 13 has an invalid length.
[ 1605.724043][T30673] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8782'.
[ 1605.753117][T30673] syz_tun: refused to change device tx_queue_len
[ 1605.871121][T30673] net_ratelimit: 3543 callbacks suppressed
[ 1605.871144][T30673] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 1605.966331][T30672] netlink: 'syz.3.8782': attribute type 10 has an invalid length.
[ 1607.416446][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.423668][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.837847][T30719] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8799'.
[ 1608.821731][T30744] netlink: 14 bytes leftover after parsing attributes in process `syz.0.8807'.
[ 1610.159981][T30771] netlink: 14 bytes leftover after parsing attributes in process `syz.0.8817'.
[ 1610.751546][T30794] netlink: 'syz.2.8826': attribute type 3 has an invalid length.
[ 1610.791531][T30794] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8826'.
[ 1613.785600][T30876] netlink: 'syz.2.8853': attribute type 29 has an invalid length.
[ 1613.843828][T30876] netlink: 'syz.2.8853': attribute type 29 has an invalid length.
[ 1613.891694][T30873] netlink: 'syz.2.8853': attribute type 29 has an invalid length.
[ 1613.914436][T30878] netlink: 'syz.2.8853': attribute type 29 has an invalid length.
[ 1614.385841][T30891] delete_channel: no stack
[ 1614.538306][T30902] netlink: 'syz.1.8866': attribute type 3 has an invalid length.
[ 1614.566898][T30902] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8866'.
[ 1615.242325][T30919] netlink: 81056 bytes leftover after parsing attributes in process `syz.2.8870'.
[ 1615.283814][T30919] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1615.293419][T30919] CPU: 0 PID: 30919 Comm: syz.2.8870 Not tainted syzkaller #0
[ 1615.300937][T30919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1615.311097][T30919] Call Trace:
[ 1615.314420][T30919]  <TASK>
[ 1615.317432][T30919]  dump_stack_lvl+0x188/0x24e
[ 1615.322181][T30919]  ? show_regs_print_info+0x12/0x12
[ 1615.327461][T30919]  ? load_image+0x400/0x400
[ 1615.332045][T30919]  sysfs_warn_dup+0x8a/0xa0
[ 1615.336623][T30919]  sysfs_do_create_link_sd+0xc0/0x110
[ 1615.342074][T30919]  device_add+0x7ed/0xfb0
[ 1615.346476][T30919]  wiphy_register+0x1d9f/0x2ac0
[ 1615.351418][T30919]  ? cfg80211_event_work+0x40/0x40
[ 1615.356597][T30919]  ? minstrel_ht_alloc+0x894/0xa20
[ 1615.361809][T30919]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 1615.367945][T30919]  ieee80211_register_hw+0x2d00/0x39f0
[ 1615.373494][T30919]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1615.379113][T30919]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1615.384784][T30919]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1615.390509][T30919]  ? memset+0x1e/0x40
[ 1615.394549][T30919]  ? __hrtimer_init+0x186/0x270
[ 1615.399463][T30919]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1615.405281][T30919]  hwsim_new_radio_nl+0xafa/0xce0
[ 1615.410393][T30919]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1615.416091][T30919]  ? end_current_label_crit_section+0x170/0x170
[ 1615.422395][T30919]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1615.428360][T30919]  ? bpf_lsm_capable+0x5/0x10
[ 1615.433100][T30919]  ? security_capable+0x85/0xb0
[ 1615.438022][T30919]  genl_rcv_msg+0x604/0x790
[ 1615.442665][T30919]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1615.448898][T30919]  ? genl_bind+0x360/0x360
[ 1615.453365][T30919]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1615.459784][T30919]  ? kasan_check_range+0x80/0x290
[ 1615.464906][T30919]  netlink_rcv_skb+0x1fb/0x450
[ 1615.469750][T30919]  ? genl_bind+0x360/0x360
[ 1615.474234][T30919]  ? netlink_ack+0x1170/0x1170
[ 1615.479088][T30919]  ? down_read+0x1a8/0x2d0
[ 1615.483676][T30919]  genl_rcv+0x24/0x40
[ 1615.487721][T30919]  netlink_unicast+0x74d/0x8d0
[ 1615.492568][T30919]  netlink_sendmsg+0x8ad/0xbd0
[ 1615.497425][T30919]  ? netlink_getsockopt+0x550/0x550
[ 1615.502705][T30919]  ? aa_sock_msg_perm+0x94/0x150
[ 1615.507712][T30919]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1615.513060][T30919]  ? security_socket_sendmsg+0x7c/0xa0
[ 1615.518596][T30919]  ? netlink_getsockopt+0x550/0x550
[ 1615.523870][T30919]  ____sys_sendmsg+0x5be/0x970
[ 1615.528723][T30919]  ? __sys_sendmsg_sock+0x30/0x30
[ 1615.533832][T30919]  ? __import_iovec+0x315/0x500
[ 1615.538765][T30919]  ? import_iovec+0x6f/0xa0
[ 1615.543463][T30919]  ___sys_sendmsg+0x2a2/0x360
[ 1615.548213][T30919]  ? try_to_wake_up+0x6ae/0x1080
[ 1615.553240][T30919]  ? __sys_sendmsg+0x290/0x290
[ 1615.558117][T30919]  ? ktime_get_real_ts64+0x440/0x440
[ 1615.563613][T30919]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1615.568550][T30919]  ? __x64_sys_sendmsg+0x80/0x80
[ 1615.573715][T30919]  ? lockdep_hardirqs_on+0x94/0x140
[ 1615.579272][T30919]  do_syscall_64+0x4c/0xa0
[ 1615.583772][T30919]  ? clear_bhb_loop+0x60/0xb0
[ 1615.588512][T30919]  ? clear_bhb_loop+0x60/0xb0
[ 1615.593251][T30919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1615.599377][T30919] RIP: 0033:0x7f9a6f99ce59
[ 1615.603845][T30919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1615.623529][T30919] RSP: 002b:00007f9a7091b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1615.632015][T30919] RAX: ffffffffffffffda RBX: 00007f9a6fc16090 RCX: 00007f9a6f99ce59
[ 1615.640053][T30919] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1615.648080][T30919] RBP: 00007f9a6fa32d6f R08: 0000000000000000 R09: 0000000000000000
[ 1615.656200][T30919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1615.664227][T30919] R13: 00007f9a6fc16128 R14: 00007f9a6fc16090 R15: 00007ffd5473e428
[ 1615.672280][T30919]  </TASK>
[ 1617.077893][T30965] FAULT_INJECTION: forcing a failure.
[ 1617.077893][T30965] name failslab, interval 1, probability 0, space 0, times 0
[ 1617.104225][T30965] CPU: 0 PID: 30965 Comm: syz.0.8886 Not tainted syzkaller #0
[ 1617.111784][T30965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1617.121901][T30965] Call Trace:
[ 1617.125232][T30965]  <TASK>
[ 1617.128205][T30965]  dump_stack_lvl+0x188/0x24e
[ 1617.132951][T30965]  ? show_regs_print_info+0x12/0x12
[ 1617.138221][T30965]  ? load_image+0x400/0x400
[ 1617.142795][T30965]  ? __might_sleep+0xd0/0xd0
[ 1617.147449][T30965]  ? __lock_acquire+0x7d10/0x7d10
[ 1617.152544][T30965]  should_fail_ex+0x399/0x4d0
[ 1617.157288][T30965]  should_failslab+0x5/0x20
[ 1617.161896][T30965]  slab_pre_alloc_hook+0x59/0x310
[ 1617.166995][T30965]  ? kvmalloc_node+0x6c/0x180
[ 1617.171738][T30965]  __kmem_cache_alloc_node+0x4f/0x260
[ 1617.177170][T30965]  ? kvmalloc_node+0x6c/0x180
[ 1617.181908][T30965]  __kmalloc_node+0xa0/0x240
[ 1617.186690][T30965]  kvmalloc_node+0x6c/0x180
[ 1617.191270][T30965]  bpf_test_run_xdp_live+0x209/0x1a90
[ 1617.196723][T30965]  ? 0xffffffffa0004440
[ 1617.200933][T30965]  ? text_poke_copy+0x79/0x90
[ 1617.205674][T30965]  ? 0xffffffffa0004440
[ 1617.209870][T30965]  ? bpf_dispatcher_change_prog+0xcbb/0xf10
[ 1617.215817][T30965]  ? 0xffffffffa0004440
[ 1617.220013][T30965]  ? xdp_convert_md_to_buff+0x330/0x330
[ 1617.225627][T30965]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 1617.231912][T30965]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1617.237430][T30965]  bpf_prog_test_run_xdp+0x736/0xf10
[ 1617.242764][T30965]  ? lock_chain_count+0x20/0x20
[ 1617.247843][T30965]  ? dev_put+0x80/0x80
[ 1617.251958][T30965]  ? dev_put+0x80/0x80
[ 1617.256061][T30965]  bpf_prog_test_run+0x31e/0x390
[ 1617.261061][T30965]  __sys_bpf+0x62b/0x780
[ 1617.265493][T30965]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1617.270923][T30965]  __x64_sys_bpf+0x78/0x90
[ 1617.275376][T30965]  do_syscall_64+0x4c/0xa0
[ 1617.279841][T30965]  ? clear_bhb_loop+0x60/0xb0
[ 1617.284555][T30965]  ? clear_bhb_loop+0x60/0xb0
[ 1617.289278][T30965]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1617.295215][T30965] RIP: 0033:0x7f9363f9ce59
[ 1617.299686][T30965] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1617.319351][T30965] RSP: 002b:00007f9364f25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1617.327820][T30965] RAX: ffffffffffffffda RBX: 00007f9364215fa0 RCX: 00007f9363f9ce59
[ 1617.335853][T30965] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[ 1617.343869][T30965] RBP: 00007f9364f25090 R08: 0000000000000000 R09: 0000000000000000
[ 1617.351877][T30965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1617.359969][T30965] R13: 00007f9364216038 R14: 00007f9364215fa0 R15: 00007ffe44dc0758
[ 1617.367990][T30965]  </TASK>
[ 1617.800606][T30975] netlink: 'syz.0.8891': attribute type 3 has an invalid length.
[ 1617.874117][T30975] netlink: 114680 bytes leftover after parsing attributes in process `syz.0.8891'.
[ 1621.937220][T31120] netlink: 'syz.2.8937': attribute type 10 has an invalid length.
[ 1624.357184][T31146] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1624.368229][T31146] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1624.377198][T31146] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1624.402588][T31146] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1624.410751][T31146] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1624.418522][T31146] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1624.577615][T31149] netlink: 14 bytes leftover after parsing attributes in process `syz.1.8948'.
[ 1624.637072][T31145] FAULT_INJECTION: forcing a failure.
[ 1624.637072][T31145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1624.733947][T31145] CPU: 0 PID: 31145 Comm: syz.2.8947 Not tainted syzkaller #0
[ 1624.741530][T31145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1624.751640][T31145] Call Trace:
[ 1624.754965][T31145]  <TASK>
[ 1624.757941][T31145]  dump_stack_lvl+0x188/0x24e
[ 1624.762698][T31145]  ? show_regs_print_info+0x12/0x12
[ 1624.767958][T31145]  ? load_image+0x400/0x400
[ 1624.772517][T31145]  ? __lock_acquire+0x7d10/0x7d10
[ 1624.777613][T31145]  ? __rcu_read_unlock+0x78/0xd0
[ 1624.782642][T31145]  should_fail_ex+0x399/0x4d0
[ 1624.787379][T31145]  _copy_to_user+0x2c/0x130
[ 1624.791970][T31145]  bpf_test_finish+0x4a2/0x600
[ 1624.796802][T31145]  ? convert___skb_to_skb+0x580/0x580
[ 1624.802276][T31145]  ? convert_skb_to___skb+0x420/0x420
[ 1624.807722][T31145]  ? __build_skb+0x257/0x3c0
[ 1624.812390][T31145]  bpf_prog_test_run_skb+0xc99/0x12a0
[ 1624.817840][T31145]  ? cpu_online+0xa0/0xa0
[ 1624.822241][T31145]  bpf_prog_test_run+0x31e/0x390
[ 1624.827251][T31145]  __sys_bpf+0x62b/0x780
[ 1624.831543][T31145]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1624.836977][T31145]  ? lock_chain_count+0x20/0x20
[ 1624.841874][T31145]  __x64_sys_bpf+0x78/0x90
[ 1624.846417][T31145]  do_syscall_64+0x4c/0xa0
[ 1624.850879][T31145]  ? clear_bhb_loop+0x60/0xb0
[ 1624.856033][T31145]  ? clear_bhb_loop+0x60/0xb0
[ 1624.860746][T31145]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1624.866679][T31145] RIP: 0033:0x7f9a6f99ce59
[ 1624.871126][T31145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1624.890782][T31145] RSP: 002b:00007f9a7093c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1624.899241][T31145] RAX: ffffffffffffffda RBX: 00007f9a6fc15fa0 RCX: 00007f9a6f99ce59
[ 1624.907253][T31145] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 000000000000000a
[ 1624.915264][T31145] RBP: 00007f9a7093c090 R08: 0000000000000000 R09: 0000000000000000
[ 1624.923264][T31145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1624.931286][T31145] R13: 00007f9a6fc16038 R14: 00007f9a6fc15fa0 R15: 00007ffd5473e428
[ 1624.939514][T31145]  </TASK>
[ 1625.479535][T31144] chnl_net:caif_netlink_parms(): no params data found
[ 1625.696533][T31144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1625.703848][T31144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1625.712710][T31144] device bridge_slave_0 entered promiscuous mode
[ 1625.722373][T31144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1625.730419][T31144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1625.739574][T31144] device bridge_slave_1 entered promiscuous mode
[ 1625.848739][T31144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1625.923740][T31144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1626.056580][T31144] team0: Port device team_slave_0 added
[ 1626.078693][T31144] team0: Port device team_slave_1 added
[ 1626.135575][T31144] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1626.152888][T31144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1626.204180][T31144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1626.229975][T31144] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1626.267873][T31144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1626.335366][T31144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1626.444276][T31146] Bluetooth: hci3: command 0x0409 tx timeout
[ 1626.848328][T31144] device hsr_slave_0 entered promiscuous mode
[ 1626.924665][T31144] device hsr_slave_1 entered promiscuous mode
[ 1626.955962][T31144] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1626.990379][T31144] Cannot create hsr debugfs directory
[ 1627.319614][T31197] netlink: 763 bytes leftover after parsing attributes in process `syz.1.8975'.
[ 1627.991922][T31144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1628.192321][T31144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1628.353440][T31144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1628.544772][T31146] Bluetooth: hci3: command 0x041b tx timeout
[ 1628.746364][T31144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1629.922488][T31144] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1629.962421][T31144] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1629.997762][T31144] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1630.056191][T31144] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1630.669972][T31146] Bluetooth: hci3: command 0x040f tx timeout
[ 1630.679817][T31144] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1630.743495][T24033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1630.795154][T24033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1630.840004][T31144] 8021q: adding VLAN 0 to HW filter on device team0
[ 1630.928605][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1630.967665][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1631.014409][T15001] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1631.021660][T15001] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1631.074974][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1631.182442][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1631.224643][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1631.254617][T15001] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1631.261904][T15001] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1631.284764][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1631.329391][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1631.426335][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1631.465287][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1631.525451][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1631.572224][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1631.639476][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1631.688607][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1631.746766][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1631.822403][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1631.876192][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1631.910477][T31144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1632.246755][T31286] netlink: 'syz.1.8997': attribute type 6 has an invalid length.
[ 1632.694023][T31146] Bluetooth: hci3: command 0x0419 tx timeout
[ 1633.071698][T31307] netlink: 'syz.4.9003': attribute type 10 has an invalid length.
[ 1633.105933][T31306] netlink: 'syz.4.9003': attribute type 10 has an invalid length.
[ 1633.151002][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1633.212150][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1633.242708][T31144] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1633.399985][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1633.427541][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1633.490215][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1633.501347][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1633.523230][T31144] device veth0_vlan entered promiscuous mode
[ 1633.562261][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1633.582668][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1633.643185][T31144] device veth1_vlan entered promiscuous mode
[ 1633.775482][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1633.789050][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1633.817769][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1633.845424][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1633.888146][T31144] device veth0_macvtap entered promiscuous mode
[ 1633.923490][T31144] device veth1_macvtap entered promiscuous mode
[ 1633.962416][T31320] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9008'.
[ 1634.077313][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1634.097516][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.127555][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1634.144187][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.162156][T31330] netlink: 'syz.3.9010': attribute type 2 has an invalid length.
[ 1634.162737][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1634.192730][T31330] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.9010'.
[ 1634.201420][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.223295][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1634.253914][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.273921][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1634.303999][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.327236][T31144] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1634.344355][T31329] netlink: 'syz.2.9012': attribute type 3 has an invalid length.
[ 1634.353404][T31329] netlink: 114680 bytes leftover after parsing attributes in process `syz.2.9012'.
[ 1634.381859][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1634.425484][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1634.443549][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1634.462648][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1634.487894][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1634.528638][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.573950][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1634.594026][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.620642][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1634.641541][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.656659][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1634.691244][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.716768][T31144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1634.739932][T31144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1634.776343][T31144] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1634.814345][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1634.823710][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1634.874359][T31144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.900226][T31144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.939082][T31144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.973390][T31144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1635.203676][T24033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1635.222168][T24033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1635.234782][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1635.280543][T14981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1635.292645][T14981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1635.343323][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1635.847541][T22025] Bluetooth: hci5: unexpected subevent 0x0a length: 150 > 30
[ 1635.855145][T22025] Bluetooth: hci5: Invalid handle: 0x8000 > 0x0eff
[ 1638.929861][T31391] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9029'.
[ 1647.762869][T22025] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1647.785695][T22025] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1647.806807][T22025] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1647.837054][T22025] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1647.856281][T22025] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1647.864357][T22025] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1649.965943][T31146] Bluetooth: hci0: command 0x0409 tx timeout
[ 1650.196594][T31530] netlink: 'syz.3.9078': attribute type 10 has an invalid length.
[ 1651.587082][T31523] chnl_net:caif_netlink_parms(): no params data found
[ 1651.779785][T31561] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9086'.
[ 1651.828577][T31523] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1651.835884][T31523] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1651.851236][T31523] device bridge_slave_0 entered promiscuous mode
[ 1651.886808][T31523] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1651.934070][T31523] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1651.958942][T31523] device bridge_slave_1 entered promiscuous mode
[ 1651.975501][T31576] netlink: 'syz.1.9088': attribute type 1 has an invalid length.
[ 1652.004179][T31573] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.9088'.
[ 1652.030378][T31576] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.9088'.
[ 1652.041974][T31569] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.9088'.
[ 1652.044588][T31146] Bluetooth: hci0: command 0x041b tx timeout
[ 1652.062372][T31572] netlink: 'syz.3.9089': attribute type 16 has an invalid length.
[ 1652.077736][T31572] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9089'.
[ 1652.094069][T31575] netlink: 'syz.0.9090': attribute type 25 has an invalid length.
[ 1652.104219][T31575] netlink: 'syz.0.9090': attribute type 1 has an invalid length.
[ 1652.120678][T31575] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1652.243810][T31523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1652.400257][T24033] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1652.699145][T31523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1652.843078][T24033] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1652.880769][T31604] netlink: 'syz.1.9099': attribute type 3 has an invalid length.
[ 1652.888765][T31604] netlink: 'syz.1.9099': attribute type 1 has an invalid length.
[ 1652.897075][T31604] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.9099'.
[ 1653.151240][T31602] FAULT_INJECTION: forcing a failure.
[ 1653.151240][T31602] name failslab, interval 1, probability 0, space 0, times 0
[ 1653.194011][T31602] CPU: 1 PID: 31602 Comm: syz.0.9098 Not tainted syzkaller #0
[ 1653.201577][T31602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1653.203639][T31611] netlink: 'syz.1.9101': attribute type 2 has an invalid length.
[ 1653.211662][T31602] Call Trace:
[ 1653.211677][T31602]  <TASK>
[ 1653.211687][T31602]  dump_stack_lvl+0x188/0x24e
[ 1653.211732][T31602]  ? show_regs_print_info+0x12/0x12
[ 1653.211768][T31602]  ? load_image+0x400/0x400
[ 1653.211799][T31602]  ? __might_sleep+0xd0/0xd0
[ 1653.244916][T31602]  ? __lock_acquire+0x7d10/0x7d10
[ 1653.250018][T31602]  should_fail_ex+0x399/0x4d0
[ 1653.252642][T31611] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.9101'.
[ 1653.254754][T31602]  should_failslab+0x5/0x20
[ 1653.254782][T31602]  slab_pre_alloc_hook+0x59/0x310
[ 1653.254812][T31602]  ? page_pool_create+0x6d/0x5c0
[ 1653.254838][T31602]  __kmem_cache_alloc_node+0x4f/0x260
[ 1653.254868][T31602]  ? page_pool_create+0x6d/0x5c0
[ 1653.254892][T31602]  kmalloc_node_trace+0x22/0xe0
[ 1653.254931][T31602]  page_pool_create+0x6d/0x5c0
[ 1653.254957][T31602]  bpf_test_run_xdp_live+0x223/0x1a90
[ 1653.254989][T31602]  ? 0xffffffffa0004440
[ 1653.255012][T31602]  ? text_poke_copy+0x79/0x90
[ 1653.255047][T31602]  ? 0xffffffffa0004440
[ 1653.255074][T31602]  ? bpf_dispatcher_change_prog+0xcbb/0xf10
[ 1653.255113][T31602]  ? 0xffffffffa0004440
[ 1653.255140][T31602]  ? xdp_convert_md_to_buff+0x330/0x330
[ 1653.255204][T31602]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 1653.339544][T31602]  ? bpf_prog_change_xdp+0xe/0x30
[ 1653.340950][T31523] team0: Port device team_slave_0 added
[ 1653.344632][T31602]  bpf_prog_test_run_xdp+0x736/0xf10
[ 1653.344679][T31602]  ? lock_chain_count+0x20/0x20
[ 1653.344715][T31602]  ? dev_put+0x80/0x80
[ 1653.344755][T31602]  ? dev_put+0x80/0x80
[ 1653.368930][T31602]  bpf_prog_test_run+0x31e/0x390
[ 1653.373926][T31602]  __sys_bpf+0x62b/0x780
[ 1653.378219][T31602]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1653.383646][T31602]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1653.389858][T31602]  __x64_sys_bpf+0x78/0x90
[ 1653.394320][T31602]  do_syscall_64+0x4c/0xa0
[ 1653.398773][T31602]  ? clear_bhb_loop+0x60/0xb0
[ 1653.403488][T31602]  ? clear_bhb_loop+0x60/0xb0
[ 1653.408207][T31602]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1653.414137][T31602] RIP: 0033:0x7fa9f919ce59
[ 1653.418584][T31602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1653.438250][T31602] RSP: 002b:00007fa9f9fdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1653.446712][T31602] RAX: ffffffffffffffda RBX: 00007fa9f9415fa0 RCX: 00007fa9f919ce59
[ 1653.454737][T31602] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[ 1653.462745][T31602] RBP: 00007fa9f9fdd090 R08: 0000000000000000 R09: 0000000000000000
[ 1653.470753][T31602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1653.478756][T31602] R13: 00007fa9f9416038 R14: 00007fa9f9415fa0 R15: 00007ffc294f85a8
[ 1653.486779][T31602]  </TASK>
[ 1653.515743][T31523] team0: Port device team_slave_1 added
[ 1653.658777][T24033] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1653.730810][T31523] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1653.772956][T31614] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.9102'.
[ 1653.785458][T31523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1653.841870][T31523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1654.147766][T31146] Bluetooth: hci0: command 0x040f tx timeout
[ 1654.786491][T24033] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1654.816493][T31523] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1654.844615][T31523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1654.880943][T31523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1655.075824][T31523] device hsr_slave_0 entered promiscuous mode
[ 1655.082945][T31523] device hsr_slave_1 entered promiscuous mode
[ 1655.093275][T31523] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1655.101489][T31523] Cannot create hsr debugfs directory
[ 1656.140200][T31655] netlink: 'syz.0.9117': attribute type 39 has an invalid length.
[ 1656.185925][T31655] device veth0_macvtap left promiscuous mode
[ 1656.204748][T31146] Bluetooth: hci0: command 0x0419 tx timeout
[ 1657.409268][T31523] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1657.428139][T31689] netlink: 'syz.1.9122': attribute type 3 has an invalid length.
[ 1657.470949][T31689] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9122'.
[ 1657.495476][T31523] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1657.608749][T31523] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1657.688005][T31523] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1658.068641][T24033] device wlan1 left promiscuous mode
[ 1658.099442][T24033] team0: Port device wlan1 removed
[ 1658.668059][T24033] device hsr_slave_0 left promiscuous mode
[ 1658.704911][T24033] device hsr_slave_1 left promiscuous mode
[ 1658.719854][T24033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1658.752928][T24033] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1658.799989][T24033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1658.854320][T24033] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1658.933762][T24033] device veth1_macvtap left promiscuous mode
[ 1658.951272][T24033] device veth0_macvtap left promiscuous mode
[ 1660.421248][T24033] device team_slave_1 left promiscuous mode
[ 1660.428732][T24033] team0 (unregistering): Port device team_slave_1 removed
[ 1660.506561][T24033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1660.585886][T24033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1661.084651][T24033] device dummy0 left promiscuous mode
[ 1661.091153][T24033] team0 (unregistering): Port device dummy0 removed
[ 1661.156628][T24033] bond0 (unregistering): Released all slaves
[ 1661.212667][T31749] netlink: 'syz.0.9140': attribute type 10 has an invalid length.
[ 1661.257718][T31749] team0: Port device wlan1 added
[ 1661.429440][T31523] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1661.522798][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1661.544879][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1661.581056][T31523] 8021q: adding VLAN 0 to HW filter on device team0
[ 1661.620095][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1661.640082][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1661.656368][T14998] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1661.663644][T14998] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1661.691356][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1661.713230][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1661.725737][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1661.737470][T14998] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1661.744770][T14998] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1661.754759][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1661.774818][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1661.788171][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1661.800508][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1661.849357][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1661.885036][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1661.930235][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1661.949511][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1661.969296][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1662.028268][T31523] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1662.050834][T31523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1662.079934][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1662.092465][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1664.753208][T31813] netlink: 'syz.4.9160': attribute type 3 has an invalid length.
[ 1664.761613][T31813] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.9160'.
[ 1666.033933][T31807] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9159'.
[ 1666.053577][T31809] netlink: 'syz.1.9159': attribute type 12 has an invalid length.
[ 1666.062681][T31809] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9159'.
[ 1667.295361][T31829] delete_channel: no stack
[ 1668.860674][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.867292][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.319317][T31849] netlink: 'syz.1.9170': attribute type 25 has an invalid length.
[ 1669.371734][T31849] netlink: 'syz.1.9170': attribute type 1 has an invalid length.
[ 1669.412104][T31849] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1669.442207][T31856] netlink: 'syz.3.9173': attribute type 16 has an invalid length.
[ 1669.474136][T31856] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9173'.
[ 1669.477930][T31857] netlink: 81056 bytes leftover after parsing attributes in process `syz.4.9172'.
[ 1669.548797][T31857] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1669.588388][T31857] CPU: 0 PID: 31857 Comm: syz.4.9172 Not tainted syzkaller #0
[ 1669.595990][T31857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1669.606107][T31857] Call Trace:
[ 1669.609436][T31857]  <TASK>
[ 1669.612417][T31857]  dump_stack_lvl+0x188/0x24e
[ 1669.617176][T31857]  ? show_regs_print_info+0x12/0x12
[ 1669.622450][T31857]  ? load_image+0x400/0x400
[ 1669.627046][T31857]  sysfs_warn_dup+0x8a/0xa0
[ 1669.631732][T31857]  sysfs_do_create_link_sd+0xc0/0x110
[ 1669.637183][T31857]  device_add+0x7ed/0xfb0
[ 1669.641591][T31857]  wiphy_register+0x1d9f/0x2ac0
[ 1669.646536][T31857]  ? cfg80211_event_work+0x40/0x40
[ 1669.651725][T31857]  ? minstrel_ht_alloc+0x894/0xa20
[ 1669.656920][T31857]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 1669.663039][T31857]  ieee80211_register_hw+0x2d00/0x39f0
[ 1669.668560][T31857]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1669.674162][T31857]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1669.679765][T31857]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1669.685460][T31857]  ? memset+0x1e/0x40
[ 1669.689499][T31857]  ? __hrtimer_init+0x186/0x270
[ 1669.694402][T31857]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1669.700201][T31857]  hwsim_new_radio_nl+0xafa/0xce0
[ 1669.705288][T31857]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1669.710890][T31857]  ? end_current_label_crit_section+0x170/0x170
[ 1669.717172][T31857]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1669.723114][T31857]  ? bpf_lsm_capable+0x5/0x10
[ 1669.727833][T31857]  ? security_capable+0x85/0xb0
[ 1669.732735][T31857]  genl_rcv_msg+0x604/0x790
[ 1669.737285][T31857]  ? genl_bind+0x360/0x360
[ 1669.741737][T31857]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1669.748126][T31857]  netlink_rcv_skb+0x1fb/0x450
[ 1669.752940][T31857]  ? genl_bind+0x360/0x360
[ 1669.757392][T31857]  ? netlink_ack+0x1170/0x1170
[ 1669.762204][T31857]  ? down_read+0x1a8/0x2d0
[ 1669.766670][T31857]  genl_rcv+0x24/0x40
[ 1669.770712][T31857]  netlink_unicast+0x74d/0x8d0
[ 1669.775568][T31857]  netlink_sendmsg+0x8ad/0xbd0
[ 1669.780414][T31857]  ? netlink_getsockopt+0x550/0x550
[ 1669.785681][T31857]  ? aa_sock_msg_perm+0x94/0x150
[ 1669.790669][T31857]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1669.795997][T31857]  ? security_socket_sendmsg+0x7c/0xa0
[ 1669.801522][T31857]  ? netlink_getsockopt+0x550/0x550
[ 1669.806775][T31857]  ____sys_sendmsg+0x5be/0x970
[ 1669.811604][T31857]  ? __sys_sendmsg_sock+0x30/0x30
[ 1669.816685][T31857]  ? __import_iovec+0x315/0x500
[ 1669.821592][T31857]  ? import_iovec+0x6f/0xa0
[ 1669.826144][T31857]  ___sys_sendmsg+0x2a2/0x360
[ 1669.830878][T31857]  ? try_to_wake_up+0x6ae/0x1080
[ 1669.835870][T31857]  ? __sys_sendmsg+0x290/0x290
[ 1669.840734][T31857]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1669.845643][T31857]  ? ct_nmi_exit+0x145/0x1c0
[ 1669.850287][T31857]  ? __x64_sys_sendmsg+0x80/0x80
[ 1669.855296][T31857]  ? lockdep_hardirqs_on+0x94/0x140
[ 1669.861005][T31857]  do_syscall_64+0x4c/0xa0
[ 1669.865513][T31857]  ? clear_bhb_loop+0x60/0xb0
[ 1669.870242][T31857]  ? clear_bhb_loop+0x60/0xb0
[ 1669.875008][T31857]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1669.880958][T31857] RIP: 0033:0x7f46e3d9ce59
[ 1669.885613][T31857] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1669.905359][T31857] RSP: 002b:00007f46e1ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1669.913812][T31857] RAX: ffffffffffffffda RBX: 00007f46e4016090 RCX: 00007f46e3d9ce59
[ 1669.921905][T31857] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1669.929913][T31857] RBP: 00007f46e3e32d6f R08: 0000000000000000 R09: 0000000000000000
[ 1669.937914][T31857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1669.946093][T31857] R13: 00007f46e4016128 R14: 00007f46e4016090 R15: 00007fff8d2edf78
[ 1669.954200][T31857]  </TASK>
[ 1670.031581][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1670.054364][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1670.082729][T31523] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1670.152375][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1670.173214][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1670.306705][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1670.348656][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1670.369826][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1670.388362][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1670.401797][T31523] device veth0_vlan entered promiscuous mode
[ 1670.487085][T31523] device veth1_vlan entered promiscuous mode
[ 1670.627878][T31523] device veth0_macvtap entered promiscuous mode
[ 1670.665024][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1670.687259][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1670.716372][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1670.777404][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1670.811641][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1670.834608][T31523] device veth1_macvtap entered promiscuous mode
[ 1670.844840][T31876] netlink: 'syz.1.9182': attribute type 3 has an invalid length.
[ 1670.877577][T31876] netlink: 114680 bytes leftover after parsing attributes in process `syz.1.9182'.
[ 1671.081893][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1671.105051][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.124113][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1671.154050][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.195118][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1671.218505][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.235630][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1671.262808][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.279908][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1671.290874][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.315684][T31523] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1671.343690][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1671.379916][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1671.398858][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1671.416567][T31890] netlink: 180 bytes leftover after parsing attributes in process `syz.1.9186'.
[ 1671.444984][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1671.473889][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.493927][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1671.513916][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.533912][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1671.553380][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.563451][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1671.582784][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.593066][T31523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1671.606747][T31523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1671.631787][T31523] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1671.639988][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1671.654990][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1671.687471][T31523] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1671.696775][T31523] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1671.712543][T31523] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1671.721819][T31523] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1671.914443][T24033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1671.922342][T24033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1671.978919][T24033] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1672.013133][T24037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1672.029534][T24037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1672.042688][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1672.211829][T31913] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1673.756929][T31146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1673.767848][T31146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1673.777010][T31146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1673.787188][T31146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1673.796228][T31146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1673.807762][T12672] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1674.340480][T31943] chnl_net:caif_netlink_parms(): no params data found
[ 1674.553592][T31943] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1674.571344][T31943] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1674.581227][T31943] device bridge_slave_0 entered promiscuous mode
[ 1674.599467][T31943] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1674.620991][T31943] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1674.631249][T31943] device bridge_slave_1 entered promiscuous mode
[ 1674.698053][T31943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1674.720132][T31943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1674.792009][T31943] team0: Port device team_slave_0 added
[ 1674.811164][T31943] team0: Port device team_slave_1 added
[ 1674.869536][T31943] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1674.882468][T31943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1674.919619][T31943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1674.943543][T31943] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1674.952639][T31943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1674.990658][T31943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1675.233269][T31943] device hsr_slave_0 entered promiscuous mode
[ 1675.260456][T31943] device hsr_slave_1 entered promiscuous mode
[ 1675.280901][T31943] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1675.294143][T31943] Cannot create hsr debugfs directory
[ 1675.657123][T31963] netlink: 'syz.2.9211': attribute type 21 has an invalid length.
[ 1675.714451][T31957] netlink: 'syz.2.9211': attribute type 21 has an invalid length.
[ 1675.884336][T22025] Bluetooth: hci4: command 0x0409 tx timeout
[ 1676.107889][T31943] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1676.189319][T31971] netlink: 'syz.0.9222': attribute type 10 has an invalid length.
[ 1676.360201][T31943] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1676.628129][T31943] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1676.796450][T31943] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1677.145310][T31943] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1677.161117][T32004] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.9224'.
[ 1677.233353][T32004] debugfs: Directory '!!!' with parent 'ieee80211' already present!
[ 1677.289892][T31943] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1677.316995][T31943] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1677.974177][T22025] Bluetooth: hci4: command 0x041b tx timeout
[ 1679.191336][T31943] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1679.915752][T32014] sctp: [Deprecated]: syz.3.9227 (pid 32014) Use of int in maxseg socket option.
[ 1679.915752][T32014] Use struct sctp_assoc_value instead
[ 1679.950390][T31943] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1680.006721][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1680.018874][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1680.038978][T31943] 8021q: adding VLAN 0 to HW filter on device team0
[ 1680.046205][T22025] Bluetooth: hci4: command 0x040f tx timeout
[ 1680.068733][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1680.085590][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1680.098081][T24037] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1680.105324][T24037] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1680.171728][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1680.198956][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1680.248867][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1680.275340][T24037] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1680.282541][T24037] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1680.344692][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1680.385327][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1680.414771][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1680.451234][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1680.482265][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1680.506350][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1680.526424][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1680.544873][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1680.563292][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1680.590586][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1680.603609][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1680.628380][T31943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1681.103580][T32053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9239'.
[ 1681.124048][T32053] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9239'.
[ 1681.533062][T32066] device syzkaller0 entered promiscuous mode
[ 1681.595813][T24033] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1681.603495][T24033] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1681.674329][T31943] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1681.844804][T32075] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.9248'.
[ 1682.124166][T12672] Bluetooth: hci4: command 0x0419 tx timeout
[ 1682.323526][T32087] netlink: 'syz.2.9253': attribute type 3 has an invalid length.
[ 1682.343989][T32087] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.9253'.
[ 1684.895293][T32075] device wg2 entered promiscuous mode
[ 1684.910280][T32090] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9254'.
[ 1684.925176][T32091] netlink: 'syz.0.9254': attribute type 2 has an invalid length.
[ 1684.941956][T32091] netlink: 'syz.0.9254': attribute type 8 has an invalid length.
[ 1684.950983][T32091] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9254'.
[ 1684.968992][T32092] netlink: 'syz.0.9254': attribute type 2 has an invalid length.
[ 1684.980892][T32092] netlink: 'syz.0.9254': attribute type 8 has an invalid length.
[ 1684.998285][T32092] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9254'.
[ 1685.099187][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1685.110132][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1685.149941][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1685.178791][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1685.202192][T31943] device veth0_vlan entered promiscuous mode
[ 1685.226248][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1685.248174][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1685.281966][T31943] device veth1_vlan entered promiscuous mode
[ 1687.999297][T32155] netlink: 81056 bytes leftover after parsing attributes in process `syz.3.9274'.
[ 1689.424656][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1689.433238][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1689.443241][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1689.465790][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1689.488320][T32129] tap0: tun_chr_ioctl cmd 99999999
[ 1689.495776][T32155] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1689.503781][T32155] CPU: 1 PID: 32155 Comm: syz.3.9274 Not tainted syzkaller #0
[ 1689.511314][T32155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1689.521421][T32155] Call Trace:
[ 1689.524749][T32155]  <TASK>
[ 1689.527722][T32155]  dump_stack_lvl+0x188/0x24e
[ 1689.532467][T32155]  ? show_regs_print_info+0x12/0x12
[ 1689.537734][T32155]  ? load_image+0x400/0x400
[ 1689.542302][T32155]  sysfs_warn_dup+0x8a/0xa0
[ 1689.546871][T32155]  sysfs_do_create_link_sd+0xc0/0x110
[ 1689.552301][T32155]  device_add+0x7ed/0xfb0
[ 1689.556701][T32155]  wiphy_register+0x1d9f/0x2ac0
[ 1689.561654][T32155]  ? cfg80211_event_work+0x40/0x40
[ 1689.566849][T32155]  ? minstrel_ht_alloc+0x894/0xa20
[ 1689.572047][T32155]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 1689.578190][T32155]  ieee80211_register_hw+0x2d00/0x39f0
[ 1689.583740][T32155]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1689.589364][T32155]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1689.595005][T32155]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1689.600775][T32155]  ? memset+0x1e/0x40
[ 1689.604821][T32155]  ? __hrtimer_init+0x186/0x270
[ 1689.609740][T32155]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1689.615545][T32155]  hwsim_new_radio_nl+0xafa/0xce0
[ 1689.620650][T32155]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1689.626311][T32155]  ? end_current_label_crit_section+0x170/0x170
[ 1689.632606][T32155]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1689.638561][T32155]  ? bpf_lsm_capable+0x5/0x10
[ 1689.643290][T32155]  ? security_capable+0x85/0xb0
[ 1689.648206][T32155]  genl_rcv_msg+0x604/0x790
[ 1689.652777][T32155]  ? genl_bind+0x360/0x360
[ 1689.657384][T32155]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1689.663810][T32155]  netlink_rcv_skb+0x1fb/0x450
[ 1689.668644][T32155]  ? genl_bind+0x360/0x360
[ 1689.673163][T32155]  ? netlink_ack+0x1170/0x1170
[ 1689.678008][T32155]  ? down_read+0x1a8/0x2d0
[ 1689.682495][T32155]  genl_rcv+0x24/0x40
[ 1689.686534][T32155]  netlink_unicast+0x74d/0x8d0
[ 1689.691384][T32155]  netlink_sendmsg+0x8ad/0xbd0
[ 1689.696241][T32155]  ? netlink_getsockopt+0x550/0x550
[ 1689.701519][T32155]  ? aa_sock_msg_perm+0x94/0x150
[ 1689.706517][T32155]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1689.711861][T32155]  ? security_socket_sendmsg+0x7c/0xa0
[ 1689.717391][T32155]  ? netlink_getsockopt+0x550/0x550
[ 1689.722655][T32155]  ____sys_sendmsg+0x5be/0x970
[ 1689.727588][T32155]  ? __sys_sendmsg_sock+0x30/0x30
[ 1689.732676][T32155]  ? __import_iovec+0x315/0x500
[ 1689.737677][T32155]  ? import_iovec+0x6f/0xa0
[ 1689.742236][T32155]  ___sys_sendmsg+0x2a2/0x360
[ 1689.746977][T32155]  ? try_to_wake_up+0x6ae/0x1080
[ 1689.752060][T32155]  ? __sys_sendmsg+0x290/0x290
[ 1689.756955][T32155]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1689.761869][T32155]  ? ct_nmi_exit+0x145/0x1c0
[ 1689.766533][T32155]  ? __x64_sys_sendmsg+0x80/0x80
[ 1689.771544][T32155]  ? lockdep_hardirqs_on+0x94/0x140
[ 1689.776796][T32155]  do_syscall_64+0x4c/0xa0
[ 1689.781273][T32155]  ? clear_bhb_loop+0x60/0xb0
[ 1689.786002][T32155]  ? clear_bhb_loop+0x60/0xb0
[ 1689.790738][T32155]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1689.796685][T32155] RIP: 0033:0x7f8cb539ce59
[ 1689.801139][T32155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1689.820805][T32155] RSP: 002b:00007f8cb62dd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1689.829377][T32155] RAX: ffffffffffffffda RBX: 00007f8cb5616090 RCX: 00007f8cb539ce59
[ 1689.837404][T32155] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1689.845428][T32155] RBP: 00007f8cb5432d6f R08: 0000000000000000 R09: 0000000000000000
[ 1689.853466][T32155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1689.861506][T32155] R13: 00007f8cb5616128 R14: 00007f8cb5616090 R15: 00007fff79cf8548
[ 1689.869730][T32155]  </TASK>
[ 1689.886140][T31943] device veth0_macvtap entered promiscuous mode
[ 1689.899970][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1689.926125][T31943] device veth1_macvtap entered promiscuous mode
[ 1690.013236][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1690.064408][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.114877][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1690.154109][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.193929][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1690.234118][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.274253][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1690.332941][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.394520][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1690.474188][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.547114][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1690.635428][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.734256][T31943] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1690.785342][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1690.821970][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1690.897813][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1690.924477][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1690.954098][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1691.034243][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1691.063901][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1691.093968][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1691.135352][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1691.173132][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1691.220029][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1691.255333][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1691.273954][T31943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1691.303970][T31943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1691.356361][T31943] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1691.368973][T32173] netlink: 'syz.3.9281': attribute type 3 has an invalid length.
[ 1691.388615][T32173] netlink: 114680 bytes leftover after parsing attributes in process `syz.3.9281'.
[ 1691.413466][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1691.444777][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1691.523518][T31943] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.543924][T31943] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.583823][T31943] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.592888][T31943] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.660614][T32184] netlink: 'syz.3.9285': attribute type 2 has an invalid length.
[ 1691.676259][T32184] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.9285'.
[ 1691.883076][T14981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1691.900303][T14981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1691.919938][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1692.046281][T14981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1692.068529][T14981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1692.099231][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1692.277123][T32198] netlink: 'syz.2.9289': attribute type 10 has an invalid length.
[ 1692.557054][T32198] team0 (unregistering): Port device team_slave_0 removed
[ 1692.608852][T32198] team0 (unregistering): Port device team_slave_1 removed
[ 1695.210344][T32259] netlink: 'syz.1.9306': attribute type 10 has an invalid length.
[ 1695.591350][T32259] team0 (unregistering): Port device team_slave_0 removed
[ 1695.651734][T32259] team0 (unregistering): Port device team_slave_1 removed
[ 1695.705997][T32266] netlink: 'syz.0.9315': attribute type 15 has an invalid length.
[ 1695.736151][T32266] netlink: 'syz.0.9315': attribute type 7 has an invalid length.
[ 1695.775263][T32268] netlink: 'syz.0.9315': attribute type 39 has an invalid length.
[ 1695.819114][T12672] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1695.838131][T12672] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1695.852601][T12672] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1695.862911][T12672] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1695.870796][T12672] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1695.880061][T12672] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1696.307480][T32287] netlink: 'syz.4.9318': attribute type 10 has an invalid length.
[ 1696.644761][T14998] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1696.891257][T14998] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1697.538859][T32304] netlink: 'syz.4.9325': attribute type 3 has an invalid length.
[ 1697.550314][T32304] netlink: 114680 bytes leftover after parsing attributes in process `syz.4.9325'.
[ 1697.694730][T14998] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1697.845639][T14998] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1697.964384][T22025] Bluetooth: hci1: command 0x0409 tx timeout
[ 1698.034379][T32278] chnl_net:caif_netlink_parms(): no params data found
[ 1698.492403][T32278] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1698.512435][T32278] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1698.534181][T32278] device bridge_slave_0 entered promiscuous mode
[ 1698.566909][T32278] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1698.592270][T32278] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1698.612347][T32278] device bridge_slave_1 entered promiscuous mode
[ 1698.709917][T32278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1698.743105][T32278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1698.872894][T32341] netlink: 143932 bytes leftover after parsing attributes in process `syz.2.9336'.
[ 1698.941291][T32341] netlink: zone id is out of range
[ 1698.965503][T32341] netlink: zone id is out of range
[ 1698.972472][T32341] netlink: zone id is out of range
[ 1699.038402][T32341] netlink: zone id is out of range
[ 1699.043771][T32341] netlink: zone id is out of range
[ 1699.082996][T32341] netlink: zone id is out of range
[ 1699.110352][T32341] netlink: zone id is out of range
[ 1699.135985][T32341] netlink: zone id is out of range
[ 1699.141541][T32278] team0: Port device team_slave_0 added
[ 1699.199525][T32341] netlink: zone id is out of range
[ 1699.219647][T32341] netlink: zone id is out of range
[ 1699.295273][T32278] team0: Port device team_slave_1 added
[ 1699.309411][T32358] netlink: 'syz.1.9340': attribute type 19 has an invalid length.
[ 1699.434647][T32358] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.9340'.
[ 1699.726167][T32278] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1699.740039][T32278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1699.824647][T32278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1699.972004][T32278] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1699.979268][T32278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1700.033035][T32278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1700.046500][T22025] Bluetooth: hci1: command 0x041b tx timeout
[ 1700.345718][T32278] device hsr_slave_0 entered promiscuous mode
[ 1700.459836][T32278] device hsr_slave_1 entered promiscuous mode
[ 1700.476054][T32278] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1700.483714][T32278] Cannot create hsr debugfs directory
[ 1701.747475][T32412] FAULT_INJECTION: forcing a failure.
[ 1701.747475][T32412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1701.797372][T32412] CPU: 1 PID: 32412 Comm: syz.1.9355 Not tainted syzkaller #0
[ 1701.804932][T32412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1701.815048][T32412] Call Trace:
[ 1701.818377][T32412]  <TASK>
[ 1701.821350][T32412]  dump_stack_lvl+0x188/0x24e
[ 1701.826103][T32412]  ? show_regs_print_info+0x12/0x12
[ 1701.831375][T32412]  ? load_image+0x400/0x400
[ 1701.835954][T32412]  ? __lock_acquire+0x7d10/0x7d10
[ 1701.841240][T32412]  should_fail_ex+0x399/0x4d0
[ 1701.846076][T32412]  _copy_to_user+0x2c/0x130
[ 1701.850653][T32412]  bpf_verifier_vlog+0x172/0x390
[ 1701.855665][T32412]  __btf_verifier_log+0xdf/0x130
[ 1701.860669][T32412]  ? btf_check_sec_info+0x350/0x350
[ 1701.865936][T32412]  ? __virt_addr_valid+0x188/0x540
[ 1701.871112][T32412]  ? btf_parse_hdr+0x1e0/0x7e0
[ 1701.875958][T32412]  btf_parse_hdr+0x358/0x7e0
[ 1701.880618][T32412]  btf_new_fd+0x3c6/0x780
[ 1701.885006][T32412]  __sys_bpf+0x612/0x780
[ 1701.889484][T32412]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1701.894938][T32412]  ? lock_chain_count+0x20/0x20
[ 1701.899865][T32412]  __x64_sys_bpf+0x78/0x90
[ 1701.904341][T32412]  do_syscall_64+0x4c/0xa0
[ 1701.908825][T32412]  ? clear_bhb_loop+0x60/0xb0
[ 1701.913613][T32412]  ? clear_bhb_loop+0x60/0xb0
[ 1701.918351][T32412]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1701.924309][T32412] RIP: 0033:0x7f48bad9ce59
[ 1701.928771][T32412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1701.948437][T32412] RSP: 002b:00007f48bbc18028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1701.956908][T32412] RAX: ffffffffffffffda RBX: 00007f48bb015fa0 RCX: 00007f48bad9ce59
[ 1701.964934][T32412] RDX: 0000000000000028 RSI: 00002000000006c0 RDI: 0000000000000012
[ 1701.972959][T32412] RBP: 00007f48bbc18090 R08: 0000000000000000 R09: 0000000000000000
[ 1701.980988][T32412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1701.989058][T32412] R13: 00007f48bb016038 R14: 00007f48bb015fa0 R15: 00007ffd58b6cc08
[ 1701.997104][T32412]  </TASK>
[ 1702.124276][T22025] Bluetooth: hci1: command 0x040f tx timeout
[ 1702.777367][T32423] device syzkaller0 entered promiscuous mode
[ 1704.213928][T12672] Bluetooth: hci1: command 0x0419 tx timeout
[ 1707.518844][T32457] netlink: 'syz.1.9368': attribute type 25 has an invalid length.
[ 1707.535725][T32457] netlink: 'syz.1.9368': attribute type 1 has an invalid length.
[ 1707.543703][T32457] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1708.029854][T14998] device hsr_slave_0 left promiscuous mode
[ 1708.086338][T14998] device hsr_slave_1 left promiscuous mode
[ 1708.101577][T14998] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1708.170498][T14998] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1708.174097][T32487] netlink: 'syz.2.9376': attribute type 2 has an invalid length.
[ 1708.201796][T14998] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1708.205308][T32487] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.9376'.
[ 1708.226889][T14998] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1708.260099][T14998] batman_adv: batadv0: Interface deactivated: macvlan1
[ 1708.276323][T14998] batman_adv: batadv0: Removing interface: macvlan1
[ 1708.294691][T14998] device batadv0 left promiscuous mode
[ 1708.300490][T14998] bridge0: port 3(batadv0) entered disabled state
[ 1708.335618][T14998] device bridge_slave_1 left promiscuous mode
[ 1708.342247][T14998] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1708.379464][T14998] device bridge_slave_0 left promiscuous mode
[ 1708.399732][T14998] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1708.453171][T32494] netlink: 'syz.2.9379': attribute type 27 has an invalid length.
[ 1708.478958][T32494] netlink: 164 bytes leftover after parsing attributes in process `syz.2.9379'.
[ 1708.517335][T14998] device veth1_macvtap left promiscuous mode
[ 1708.523739][T14998] device veth0_macvtap left promiscuous mode
[ 1708.532754][T14998] device veth1_vlan left promiscuous mode
[ 1708.539244][T14998] device veth0_vlan left promiscuous mode
[ 1708.910341][T32499] delete_channel: no stack
[ 1709.630036][T14998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1709.687305][T14998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1710.066575][T14998] bond0 (unregistering): Released all slaves
[ 1710.191451][T32497] netlink: 'syz.2.9379': attribute type 10 has an invalid length.
[ 1710.230681][T32497] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1710.250287][T32278] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1710.279021][T32278] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1710.314645][T32278] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1710.354375][T32278] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1711.356388][T32278] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1711.603363][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1711.628049][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1711.657230][T32278] 8021q: adding VLAN 0 to HW filter on device team0
[ 1711.727288][T32534] netlink: 'syz.4.9387': attribute type 28 has an invalid length.
[ 1711.736517][T32534] netlink: 'syz.4.9387': attribute type 3 has an invalid length.
[ 1711.745231][T32534] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9387'.
[ 1711.814404][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1711.855508][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1711.897905][T24037] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1711.905182][T24037] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1711.965696][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1711.990752][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1712.019515][T32543] netlink: 134056 bytes leftover after parsing attributes in process `syz.0.9389'.
[ 1712.031404][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1712.064348][T24037] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1712.071622][T24037] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1712.106655][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1712.139644][T32543] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1712.159631][T32543] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1712.172579][T32548] netlink: 'syz.4.9391': attribute type 3 has an invalid length.
[ 1712.181964][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1712.202375][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1712.202487][T32543] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1712.225813][T32548] netlink: 199824 bytes leftover after parsing attributes in process `syz.4.9391'.
[ 1712.239477][T32553] netlink: 'syz.1.9393': attribute type 27 has an invalid length.
[ 1712.252192][T32553] netlink: 164 bytes leftover after parsing attributes in process `syz.1.9393'.
[ 1712.254402][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1712.315644][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1712.354782][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1712.385014][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1712.425575][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1712.453537][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1712.484334][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1712.493395][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1712.522168][T32278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1712.629912][T32555] netlink: 'syz.1.9393': attribute type 10 has an invalid length.
[ 1713.205727][T32555] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1713.232121][T32571] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1713.252888][T32571] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1713.292917][T32571] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1713.353567][T32571] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1714.641605][T32573] netlink: 'syz.4.9398': attribute type 21 has an invalid length.
[ 1714.654297][T32573] netlink: 'syz.4.9398': attribute type 6 has an invalid length.
[ 1714.662153][T32573] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9398'.
[ 1714.701663][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1714.710180][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1714.758082][T32278] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1714.894412][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1714.904933][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1714.988029][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1715.043186][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1715.102327][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1715.207606][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1715.240388][T32278] device veth0_vlan entered promiscuous mode
[ 1715.286191][T32278] device veth1_vlan entered promiscuous mode
[ 1715.771018][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1715.803043][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1715.863123][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1715.931774][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1716.025813][T32278] device veth0_macvtap entered promiscuous mode
[ 1716.162671][T32278] device veth1_macvtap entered promiscuous mode
[ 1716.292008][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1716.344709][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1716.389945][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1716.464291][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1716.509284][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1716.558581][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1716.604286][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1716.650306][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1716.704643][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1716.743084][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1716.829324][T32278] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1717.170299][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1717.220389][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1717.289907][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1717.365027][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1717.423948][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1717.448633][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1717.470117][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1717.503985][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1717.544858][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1717.588879][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1717.621951][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1717.673957][T32278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1717.694187][T32278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1717.716294][T32278] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1717.726071][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1717.745673][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1717.765871][T32278] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1717.803192][T32278] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1717.822061][T32278] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1717.831215][T32278] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1717.982843][T14998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1718.022958][T14998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1718.052286][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1718.094432][T15001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1718.121987][T15001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1718.153124][T14998] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1720.545104][T32732] netlink: 180 bytes leftover after parsing attributes in process `syz.3.9438'.
[ 1720.886587][T32739] netlink: 'syz.4.9439': attribute type 3 has an invalid length.
[ 1720.914734][T32739] netlink: 114680 bytes leftover after parsing attributes in process `syz.4.9439'.
[ 1721.272352][T32745] netlink: 'syz.1.9442': attribute type 3 has an invalid length.
[ 1721.357541][T32745] netlink: 'syz.1.9442': attribute type 1 has an invalid length.
[ 1721.464999][T32745] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.9442'.
[ 1725.457421][  T348] netlink: 'syz.2.9465': attribute type 2 has an invalid length.
[ 1725.552031][  T348] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.9465'.
[ 1726.098280][  T367] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.9471'.
[ 1727.239736][  T404] FAULT_INJECTION: forcing a failure.
[ 1727.239736][  T404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1727.294012][  T404] CPU: 0 PID: 404 Comm: syz.4.9486 Not tainted syzkaller #0
[ 1727.301400][  T404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1727.311517][  T404] Call Trace:
[ 1727.314847][  T404]  <TASK>
[ 1727.317832][  T404]  dump_stack_lvl+0x188/0x24e
[ 1727.322614][  T404]  ? show_regs_print_info+0x12/0x12
[ 1727.327884][  T404]  ? load_image+0x400/0x400
[ 1727.332445][  T404]  ? __lock_acquire+0x7d10/0x7d10
[ 1727.337520][  T404]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1727.343549][  T404]  should_fail_ex+0x399/0x4d0
[ 1727.348308][  T404]  strncpy_from_user+0x32/0x350
[ 1727.353213][  T404]  bpf_prog_load+0x1f3/0x1560
[ 1727.357929][  T404]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1727.364044][  T404]  ? lock_chain_count+0x20/0x20
[ 1727.368934][  T404]  ? map_freeze+0x390/0x390
[ 1727.373475][  T404]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1727.379665][  T404]  ? lockdep_hardirqs_on+0x94/0x140
[ 1727.384908][  T404]  ? __sanitizer_cov_trace_pc+0xc/0x60
[ 1727.390400][  T404]  ? bpf_lsm_bpf+0x5/0x10
[ 1727.394760][  T404]  ? security_bpf+0x7a/0xa0
[ 1727.399299][  T404]  __sys_bpf+0x5b8/0x780
[ 1727.403602][  T404]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1727.409020][  T404]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1727.415235][  T404]  __x64_sys_bpf+0x78/0x90
[ 1727.419722][  T404]  do_syscall_64+0x4c/0xa0
[ 1727.424187][  T404]  ? clear_bhb_loop+0x60/0xb0
[ 1727.428915][  T404]  ? clear_bhb_loop+0x60/0xb0
[ 1727.433635][  T404]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1727.439598][  T404] RIP: 0033:0x7f46e3d9ce59
[ 1727.444045][  T404] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1727.463681][  T404] RSP: 002b:00007f46e4b6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1727.472125][  T404] RAX: ffffffffffffffda RBX: 00007f46e4015fa0 RCX: 00007f46e3d9ce59
[ 1727.480131][  T404] RDX: 0000000000000070 RSI: 00002000000000c0 RDI: 0000000000000005
[ 1727.488128][  T404] RBP: 00007f46e4b6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1727.496132][  T404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1727.504130][  T404] R13: 00007f46e4016038 R14: 00007f46e4015fa0 R15: 00007fff8d2edf78
[ 1727.512144][  T404]  </TASK>
[ 1728.893425][  T459] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.9505'.
[ 1728.933181][  T459] netlink: 194236 bytes leftover after parsing attributes in process `syz.3.9505'.
[ 1728.943163][  T459] net_ratelimit: 3544 callbacks suppressed
[ 1728.943180][  T459] netlink: zone id is out of range
[ 1728.974274][  T459] netlink: zone id is out of range
[ 1728.979547][  T459] netlink: zone id is out of range
[ 1728.994938][  T459] netlink: zone id is out of range
[ 1729.000158][  T459] netlink: zone id is out of range
[ 1729.029285][  T464] netlink: 'syz.3.9505': attribute type 21 has an invalid length.
[ 1729.064034][  T464] netlink: 'syz.3.9505': attribute type 5 has an invalid length.
[ 1729.078140][  T459] netlink: zone id is out of range
[ 1729.089431][  T459] netlink: zone id is out of range
[ 1729.104391][  T459] netlink: zone id is out of range
[ 1729.114215][  T459] netlink: zone id is out of range
[ 1729.119414][  T459] netlink: zone id is out of range
[ 1729.172960][  T469] netlink: 'syz.2.9509': attribute type 2 has an invalid length.
[ 1729.188744][  T469] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.9509'.
[ 1729.842454][  T489] netlink: 'syz.3.9518': attribute type 6 has an invalid length.
[ 1729.864978][  T489] netlink: 168 bytes leftover after parsing attributes in process `syz.3.9518'.
[ 1729.885324][  T489] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.9518'.
[ 1730.287272][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.293720][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1730.622308][  T520] netlink: 'syz.2.9530': attribute type 10 has an invalid length.
[ 1731.135460][  T527] netlink: 'syz.1.9534': attribute type 13 has an invalid length.
[ 1733.495764][  T585] netlink: 'syz.1.9558': attribute type 3 has an invalid length.
[ 1733.515508][  T585] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9558'.
[ 1733.933569][  T590] netlink: 'syz.3.9560': attribute type 2 has an invalid length.
[ 1733.954352][  T590] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.9560'.
[ 1734.955284][  T624] netlink: 'syz.2.9572': attribute type 2 has an invalid length.
[ 1734.963108][  T624] netlink: 'syz.2.9572': attribute type 1 has an invalid length.
[ 1735.020228][  T624] netlink: 21959 bytes leftover after parsing attributes in process `syz.2.9572'.
[ 1735.032907][  T633] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9576'.
[ 1735.061304][  T627] netlink: 'syz.3.9573': attribute type 3 has an invalid length.
[ 1735.087168][  T632] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9576'.
[ 1735.104284][  T627] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.9573'.
[ 1736.971669][  T665] Ÿë
: port 1(veth0_to_team) entered blocking state
[ 1736.995965][  T665] Ÿë
: port 1(veth0_to_team) entered disabled state
[ 1737.036182][  T665] device veth0_to_team entered promiscuous mode
[ 1737.721436][  T686] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9594'.
[ 1737.778753][  T686] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9594'.
[ 1737.916300][  T691] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9594'.
[ 1738.344824][  T703] netlink: 'syz.0.9601': attribute type 25 has an invalid length.
[ 1738.352735][  T703] netlink: 'syz.0.9601': attribute type 1 has an invalid length.
[ 1738.401380][  T703] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1739.783435][  T723] netlink: 'syz.3.9609': attribute type 3 has an invalid length.
[ 1739.822787][  T723] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.9609'.
[ 1739.994476][  T717] delete_channel: no stack
[ 1740.720685][  T741] FAULT_INJECTION: forcing a failure.
[ 1740.720685][  T741] name failslab, interval 1, probability 0, space 0, times 0
[ 1740.758445][  T741] CPU: 0 PID: 741 Comm: syz.2.9616 Not tainted syzkaller #0
[ 1740.765830][  T741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1740.775934][  T741] Call Trace:
[ 1740.779256][  T741]  <TASK>
[ 1740.782227][  T741]  dump_stack_lvl+0x188/0x24e
[ 1740.786979][  T741]  ? show_regs_print_info+0x12/0x12
[ 1740.792253][  T741]  ? load_image+0x400/0x400
[ 1740.796817][  T741]  ? __might_sleep+0xd0/0xd0
[ 1740.801454][  T741]  ? __lock_acquire+0x7d10/0x7d10
[ 1740.806545][  T741]  should_fail_ex+0x399/0x4d0
[ 1740.811271][  T741]  should_failslab+0x5/0x20
[ 1740.815903][  T741]  slab_pre_alloc_hook+0x59/0x310
[ 1740.821012][  T741]  ? __get_vm_area_node+0x122/0x330
[ 1740.826247][  T741]  __kmem_cache_alloc_node+0x4f/0x260
[ 1740.831652][  T741]  ? lockdep_hardirqs_on+0x94/0x140
[ 1740.836879][  T741]  ? __get_vm_area_node+0x122/0x330
[ 1740.842120][  T741]  kmalloc_node_trace+0x22/0xe0
[ 1740.847014][  T741]  __get_vm_area_node+0x122/0x330
[ 1740.852073][  T741]  ? kasan_check_range+0x84/0x290
[ 1740.857145][  T741]  __vmalloc_node_range+0x357/0x13b0
[ 1740.862471][  T741]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1740.868169][  T741]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1740.874455][  T741]  ? lock_chain_count+0x20/0x20
[ 1740.879357][  T741]  ? free_vm_area+0x50/0x50
[ 1740.883903][  T741]  ? end_current_label_crit_section+0x170/0x170
[ 1740.890275][  T741]  ? apparmor_capable+0x10b/0x190
[ 1740.895343][  T741]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1740.900929][  T741]  __vmalloc+0x76/0x80
[ 1740.905034][  T741]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1740.910629][  T741]  bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1740.916042][  T741]  ? bpf_lsm_capable+0x5/0x10
[ 1740.920846][  T741]  bpf_prog_alloc+0x1c/0x1b0
[ 1740.925472][  T741]  bpf_prog_load+0x7c9/0x1560
[ 1740.930180][  T741]  ? ct_nmi_exit+0x145/0x1c0
[ 1740.934813][  T741]  ? map_freeze+0x390/0x390
[ 1740.939367][  T741]  ? __sys_bpf+0x5a4/0x780
[ 1740.943826][  T741]  __sys_bpf+0x5b8/0x780
[ 1740.948126][  T741]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1740.953557][  T741]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1740.959784][  T741]  __x64_sys_bpf+0x78/0x90
[ 1740.964269][  T741]  do_syscall_64+0x4c/0xa0
[ 1740.968731][  T741]  ? clear_bhb_loop+0x60/0xb0
[ 1740.973489][  T741]  ? clear_bhb_loop+0x60/0xb0
[ 1740.978210][  T741]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1740.984142][  T741] RIP: 0033:0x7f4b9239ce59
[ 1740.988594][  T741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1741.008242][  T741] RSP: 002b:00007f4b9329b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1741.016690][  T741] RAX: ffffffffffffffda RBX: 00007f4b92615fa0 RCX: 00007f4b9239ce59
[ 1741.024693][  T741] RDX: 0000000000000070 RSI: 00002000000000c0 RDI: 0000000000000005
[ 1741.032695][  T741] RBP: 00007f4b9329b090 R08: 0000000000000000 R09: 0000000000000000
[ 1741.040704][  T741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1741.048709][  T741] R13: 00007f4b92616038 R14: 00007f4b92615fa0 R15: 00007fffced84638
[ 1741.056729][  T741]  </TASK>
[ 1741.134171][  T741] syz.2.9616: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[ 1741.179409][  T741] CPU: 1 PID: 741 Comm: syz.2.9616 Not tainted syzkaller #0
[ 1741.186821][  T741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1741.196945][  T741] Call Trace:
[ 1741.200572][  T741]  <TASK>
[ 1741.203542][  T741]  dump_stack_lvl+0x188/0x24e
[ 1741.208284][  T741]  ? cpuset_print_current_mems_allowed+0x1b/0x360
[ 1741.214765][  T741]  ? show_regs_print_info+0x12/0x12
[ 1741.220035][  T741]  ? load_image+0x400/0x400
[ 1741.224604][  T741]  ? cpuset_print_current_mems_allowed+0x1b/0x360
[ 1741.231089][  T741]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[ 1741.237656][  T741]  warn_alloc+0x242/0x330
[ 1741.242057][  T741]  ? __get_vm_area_node+0x122/0x330
[ 1741.247324][  T741]  ? zone_watermark_ok_safe+0x270/0x270
[ 1741.252938][  T741]  ? rcu_is_watching+0x11/0xa0
[ 1741.257777][  T741]  ? __get_vm_area_node+0x318/0x330
[ 1741.263041][  T741]  ? kasan_check_range+0x84/0x290
[ 1741.268139][  T741]  __vmalloc_node_range+0x37c/0x13b0
[ 1741.273493][  T741]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1741.279529][  T741]  ? lock_chain_count+0x20/0x20
[ 1741.284448][  T741]  ? free_vm_area+0x50/0x50
[ 1741.289016][  T741]  ? end_current_label_crit_section+0x170/0x170
[ 1741.295322][  T741]  ? apparmor_capable+0x10b/0x190
[ 1741.300425][  T741]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1741.306056][  T741]  __vmalloc+0x76/0x80
[ 1741.310184][  T741]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1741.315791][  T741]  bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 1741.321324][  T741]  ? bpf_lsm_capable+0x5/0x10
[ 1741.326064][  T741]  bpf_prog_alloc+0x1c/0x1b0
[ 1741.330727][  T741]  bpf_prog_load+0x7c9/0x1560
[ 1741.335479][  T741]  ? ct_nmi_exit+0x145/0x1c0
[ 1741.340141][  T741]  ? map_freeze+0x390/0x390
[ 1741.344723][  T741]  ? __sys_bpf+0x5a4/0x780
[ 1741.349201][  T741]  __sys_bpf+0x5b8/0x780
[ 1741.353532][  T741]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1741.358989][  T741]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1741.365224][  T741]  __x64_sys_bpf+0x78/0x90
[ 1741.369695][  T741]  do_syscall_64+0x4c/0xa0
[ 1741.374165][  T741]  ? clear_bhb_loop+0x60/0xb0
[ 1741.378898][  T741]  ? clear_bhb_loop+0x60/0xb0
[ 1741.383635][  T741]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1741.389586][  T741] RIP: 0033:0x7f4b9239ce59
[ 1741.394050][  T741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1741.413711][  T741] RSP: 002b:00007f4b9329b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1741.422191][  T741] RAX: ffffffffffffffda RBX: 00007f4b92615fa0 RCX: 00007f4b9239ce59
[ 1741.430219][  T741] RDX: 0000000000000070 RSI: 00002000000000c0 RDI: 0000000000000005
[ 1741.438240][  T741] RBP: 00007f4b9329b090 R08: 0000000000000000 R09: 0000000000000000
[ 1741.446266][  T741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1741.454286][  T741] R13: 00007f4b92616038 R14: 00007f4b92615fa0 R15: 00007fffced84638
[ 1741.462332][  T741]  </TASK>
[ 1742.315630][  T745] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9617'.
[ 1742.352684][  T741] Mem-Info:
[ 1742.364521][  T759] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1742.372735][  T759] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1742.380286][  T741] active_anon:24824 inactive_anon:0 isolated_anon:0
[ 1742.380286][  T741]  active_file:21761 inactive_file:40613 isolated_file:0
[ 1742.380286][  T741]  unevictable:768 dirty:199 writeback:0
[ 1742.380286][  T741]  slab_reclaimable:21683 slab_unreclaimable:100095
[ 1742.380286][  T741]  mapped:39867 shmem:19721 pagetables:686
[ 1742.380286][  T741]  sec_pagetables:0 bounce:0
[ 1742.380286][  T741]  kernel_misc_reclaimable:0
[ 1742.380286][  T741]  free:1289042 free_pcp:13165 free_cma:0
[ 1742.437572][  T759] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1742.454223][  T759] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1742.532782][  T741] Node 0 active_anon:103396kB inactive_anon:0kB active_file:87044kB inactive_file:162248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:159468kB dirty:796kB writeback:0kB shmem:81348kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:10460kB pagetables:2744kB sec_pagetables:0kB all_unreclaimable? no
[ 1742.581690][T14998] tipc: Left network mode
[ 1742.594224][  T741] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1742.744315][  T741] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1742.824289][  T741] lowmem_reserve[]: 0 2527 2528 2528 2528
[ 1742.841298][  T741] Node 0 DMA32 free:1237824kB boost:0kB min:34692kB low:43364kB high:52036kB reserved_highatomic:0KB active_anon:105896kB inactive_anon:0kB active_file:87044kB inactive_file:162248kB unevictable:1536kB writepending:796kB present:3129332kB managed:2592964kB mlocked:0kB bounce:0kB free_pcp:31712kB local_pcp:18120kB free_cma:0kB
[ 1742.986704][  T741] lowmem_reserve[]: 0 0 1 1 1
[ 1742.999092][  T741] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:1424kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[ 1743.132579][  T741] lowmem_reserve[]: 0 0 0 0 0
[ 1743.143978][  T741] Node 1 Normal free:3895540kB boost:0kB min:55192kB low:68988kB high:82784kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:23108kB local_pcp:9764kB free_cma:0kB
[ 1743.290138][  T741] lowmem_reserve[]: 0 0 0 0 0
[ 1743.310628][  T741] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1743.327064][  T741] Node 0 DMA32: 1106*4kB (UM) 42*8kB (U) 113*16kB (U) 57*32kB (UE) 405*64kB (UME) 303*128kB (UME) 144*256kB (UM) 50*512kB (UME) 8*1024kB (UME) 2*2048kB (UM) 266*4096kB (UM) = 1237384kB
[ 1743.345907][  T741] Node 0 Normal: 2*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1743.379676][  T776] netlink: 128 bytes leftover after parsing attributes in process `syz.3.9628'.
[ 1743.381511][  T741] Node 1 Normal: 261*4kB (UME) 64*8kB (UME) 34*16kB (UE) 26*32kB (UME) 22*64kB (UME) 6*128kB (UME) 5*256kB (UME) 2*512kB (UM) 1*1024kB (E) 2*2048kB (UE) 948*4096kB (M) = 3895540kB
[ 1743.449092][  T776] net_ratelimit: 8 callbacks suppressed
[ 1743.449109][  T776] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1743.488625][  T741] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1743.514711][  T741] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1743.536843][  T741] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1743.550136][  T741] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1743.598511][  T741] 80159 total pagecache pages
[ 1743.614677][  T741] 0 pages in swap cache
[ 1743.625844][  T741] Free swap  = 124996kB
[ 1743.645589][  T741] Total swap = 124996kB
[ 1743.652175][  T741] 2097051 pages RAM
[ 1743.665500][  T741] 0 pages HighMem/MovableOnly
[ 1743.682719][  T741] 415209 pages reserved
[ 1743.701618][  T741] 0 pages cma reserved
[ 1744.326707][  T796] can: request_module (can-proto-0) failed.
[ 1744.644977][  T792] netlink: 'syz.3.9631': attribute type 10 has an invalid length.
[ 1744.844713][  T792] team0: Port device wlan1 added
[ 1745.246588][  T815] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9637'.
[ 1745.366421][  T819] netlink: 'syz.1.9639': attribute type 5 has an invalid length.
[ 1747.514267][T14998] device hsr_slave_0 left promiscuous mode
[ 1747.594063][T14998] device hsr_slave_1 left promiscuous mode
[ 1747.631077][T14998] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1747.640880][T14998] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1747.724182][T12672] Bluetooth: hci3: command 0x0406 tx timeout
[ 1747.732215][T14998] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1747.778718][T14998] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1747.801233][T14998] device bridge_slave_1 left promiscuous mode
[ 1747.844413][T14998] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1747.883061][T14998] device bridge_slave_0 left promiscuous mode
[ 1747.901395][T14998] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1748.080204][T14998] device veth1_macvtap left promiscuous mode
[ 1748.092511][T14998] device veth1_vlan left promiscuous mode
[ 1748.107931][T14998] device veth0_vlan left promiscuous mode
[ 1749.888018][T14998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1749.949130][T14998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1750.297914][T14998] bond0 (unregistering): Released all slaves
[ 1750.403404][  T858] netlink: 148 bytes leftover after parsing attributes in process `syz.1.9654'.
[ 1750.547896][  T894] device syzkaller0 entered promiscuous mode
[ 1754.187507][  T920] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9671'.
[ 1754.197491][  T935] netlink: 'syz.4.9675': attribute type 10 has an invalid length.
[ 1754.893241][  T967] netlink: 81056 bytes leftover after parsing attributes in process `syz.0.9688'.
[ 1755.003722][  T967] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 1755.267705][  T976] netlink: 'syz.3.9690': attribute type 16 has an invalid length.
[ 1755.304144][  T976] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9690'.
[ 1755.653338][  T991] netlink: 'syz.3.9695': attribute type 3 has an invalid length.
[ 1755.674432][  T991] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.9695'.
[ 1755.761987][  T987] netlink: 'syz.2.9694': attribute type 3 has an invalid length.
[ 1755.786970][  T987] netlink: 114680 bytes leftover after parsing attributes in process `syz.2.9694'.
[ 1757.551176][ T1024] netlink: 'syz.1.9704': attribute type 2 has an invalid length.
[ 1757.606094][ T1024] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.9704'.
[ 1758.151106][ T1052] netlink: 'syz.2.9711': attribute type 25 has an invalid length.
[ 1758.217669][ T1052] netlink: 'syz.2.9711': attribute type 1 has an invalid length.
[ 1758.257134][ T1052] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1760.221105][ T1091] netlink: 'syz.0.9725': attribute type 3 has an invalid length.
[ 1760.249669][ T1091] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.9725'.
[ 1762.888554][ T1131] netlink: 81056 bytes leftover after parsing attributes in process `syz.3.9739'.
[ 1764.496105][ T1131] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 1766.459863][ T1177] FAULT_INJECTION: forcing a failure.
[ 1766.459863][ T1177] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1766.509329][ T1177] CPU: 0 PID: 1177 Comm: syz.2.9755 Not tainted syzkaller #0
[ 1766.516828][ T1177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1766.526959][ T1177] Call Trace:
[ 1766.530291][ T1177]  <TASK>
[ 1766.533268][ T1177]  dump_stack_lvl+0x188/0x24e
[ 1766.538035][ T1177]  ? show_regs_print_info+0x12/0x12
[ 1766.543313][ T1177]  ? load_image+0x400/0x400
[ 1766.547897][ T1177]  ? __lock_acquire+0x7d10/0x7d10
[ 1766.553014][ T1177]  should_fail_ex+0x399/0x4d0
[ 1766.557805][ T1177]  _copy_from_user+0x2c/0x170
[ 1766.562550][ T1177]  sk_setsockopt+0x2f1/0x28a0
[ 1766.567307][ T1177]  ? __fget_files+0x28/0x4b0
[ 1766.571973][ T1177]  ? sockopt_capable+0x60/0x60
[ 1766.576816][ T1177]  ? aa_sk_perm+0x81f/0x950
[ 1766.581410][ T1177]  ? aa_af_perm+0x340/0x340
[ 1766.585976][ T1177]  ? __fget_files+0x43d/0x4b0
[ 1766.590727][ T1177]  ? aa_sock_opt_perm+0x74/0x100
[ 1766.595711][ T1177]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 1766.601307][ T1177]  ? security_socket_setsockopt+0x7a/0xa0
[ 1766.607075][ T1177]  __sys_setsockopt+0x2f6/0x3d0
[ 1766.611987][ T1177]  __x64_sys_setsockopt+0xb1/0xc0
[ 1766.617072][ T1177]  do_syscall_64+0x4c/0xa0
[ 1766.621572][ T1177]  ? clear_bhb_loop+0x60/0xb0
[ 1766.626301][ T1177]  ? clear_bhb_loop+0x60/0xb0
[ 1766.631021][ T1177]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1766.636961][ T1177] RIP: 0033:0x7f4b9239ce59
[ 1766.641415][ T1177] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1766.661081][ T1177] RSP: 002b:00007f4b9329b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1766.669583][ T1177] RAX: ffffffffffffffda RBX: 00007f4b92615fa0 RCX: 00007f4b9239ce59
[ 1766.677607][ T1177] RDX: 0000000000000007 RSI: 0000000000000001 RDI: 0000000000000003
[ 1766.685618][ T1177] RBP: 00007f4b9329b090 R08: 0000000000000004 R09: 0000000000000000
[ 1766.693624][ T1177] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1766.701675][ T1177] R13: 00007f4b92616038 R14: 00007f4b92615fa0 R15: 00007fffced84638
[ 1766.709741][ T1177]  </TASK>
[ 1767.666489][T12672] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1767.677437][T12672] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1767.687311][T12672] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1767.696230][T12672] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1767.704135][T12672] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1767.714160][T12672] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1768.321872][ T1187] chnl_net:caif_netlink_parms(): no params data found
[ 1768.391537][ T1214] delete_channel: no stack
[ 1768.469454][ T1187] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1768.481649][ T1187] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1768.514387][ T1187] device bridge_slave_0 entered promiscuous mode
[ 1768.575701][ T1187] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1768.584255][ T1187] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1768.643684][ T1187] device bridge_slave_1 entered promiscuous mode
[ 1768.829572][ T1187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1768.856972][ T1228] netlink: 'syz.0.9772': attribute type 32 has an invalid length.
[ 1768.987795][ T1187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1769.195998][ T1187] team0: Port device team_slave_0 added
[ 1769.237295][ T1187] team0: Port device team_slave_1 added
[ 1769.243541][ T1226] netlink: 'syz.2.9771': attribute type 21 has an invalid length.
[ 1769.322454][ T1187] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1769.344010][ T1187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1769.421757][ T1187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1769.477218][ T1187] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1769.491262][ T1187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1769.573048][ T1187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1769.723223][ T1187] device hsr_slave_0 entered promiscuous mode
[ 1769.736303][ T1187] device hsr_slave_1 entered promiscuous mode
[ 1769.757185][ T1187] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1769.784797][ T1187] Cannot create hsr debugfs directory
[ 1769.804458][T12672] Bluetooth: hci2: command 0x0409 tx timeout
[ 1770.576676][ T1187] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1770.731542][ T1187] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1770.906827][ T1187] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1771.066168][ T1187] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1771.452442][ T1187] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1771.492065][ T1187] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1771.539048][ T1187] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1771.711069][ T1187] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1771.884445][T22025] Bluetooth: hci2: command 0x041b tx timeout
[ 1772.168381][ T1187] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1772.183558][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1772.220873][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1772.264392][ T1187] 8021q: adding VLAN 0 to HW filter on device team0
[ 1772.309729][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1772.344877][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1772.395754][T13589] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1772.402980][T13589] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1772.528126][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1772.591495][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1772.635078][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1772.666912][T14981] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1772.674166][T14981] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1772.743360][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1772.821429][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1772.835762][ T1323] netlink: 'syz.1.9804': attribute type 2 has an invalid length.
[ 1772.855871][ T1318] can: request_module (can-proto-0) failed.
[ 1772.880286][ T1323] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.9804'.
[ 1773.018436][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1773.046297][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1773.224210][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1773.237262][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1773.266643][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1773.329300][T22025] Bluetooth: hci0: command 0x0406 tx timeout
[ 1773.338831][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1773.355508][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1773.472315][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1773.484985][T13589] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1773.508805][ T1187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1773.964462][T12672] Bluetooth: hci2: command 0x040f tx timeout
[ 1774.640561][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1774.648438][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1774.714540][ T1187] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1776.066628][T12672] Bluetooth: hci2: command 0x0419 tx timeout
[ 1776.580878][T14996] tipc: Left network mode
[ 1776.786624][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1776.815723][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1777.023121][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1777.070546][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1777.129984][ T1187] device veth0_vlan entered promiscuous mode
[ 1777.460520][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1777.475033][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1778.325423][ T1187] device veth1_vlan entered promiscuous mode
[ 1778.381618][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1778.411411][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1778.526935][ T1187] device veth0_macvtap entered promiscuous mode
[ 1778.550476][ T1187] device veth1_macvtap entered promiscuous mode
[ 1778.619250][ T1438] netlink: 'syz.3.9841': attribute type 11 has an invalid length.
[ 1778.644087][ T1438] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.9841'.
[ 1778.674995][ T1441] netlink: 'syz.3.9841': attribute type 46 has an invalid length.
[ 1778.682930][ T1441] netlink: 2 bytes leftover after parsing attributes in process `syz.3.9841'.
[ 1778.738041][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1778.758316][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1778.769409][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1778.823897][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1778.853925][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1778.873466][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1778.900247][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1778.940738][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1778.994321][ T1187] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1779.269893][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1779.278744][ T1442] delete_channel: no stack
[ 1779.295766][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1779.425122][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1779.467561][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1779.544892][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1779.681584][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1779.713139][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1779.738050][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1779.759113][ T1187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1779.777926][ T1187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1779.793165][ T1187] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1779.812916][ T1187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1779.823028][ T1187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1779.832729][ T1187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1779.871903][ T1187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1779.919887][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1779.941065][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1780.310497][T14998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1780.338353][T14998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1780.384057][T14981] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1780.451786][T14981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1780.478837][T14981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1780.539151][T14991] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1781.361417][T14996] device hsr_slave_0 left promiscuous mode
[ 1781.376198][T14996] device hsr_slave_1 left promiscuous mode
[ 1781.397497][T14996] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1781.406019][T14996] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1781.428461][T14996] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1781.441031][T14996] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1781.476476][T14996] device bridge_slave_1 left promiscuous mode
[ 1781.482844][T14996] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1781.511207][T14996] device bridge_slave_0 left promiscuous mode
[ 1781.546825][T14996] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1781.634683][T14996] device veth1_macvtap left promiscuous mode
[ 1781.644289][T14996] device veth0_macvtap left promiscuous mode
[ 1783.374592][T14996] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1785.279833][T14996] bond0 (unregistering): Released all slaves
[ 1785.502938][ T1502] netlink: 'syz.4.9865': attribute type 16 has an invalid length.
[ 1785.517422][ T1502] netlink: 156 bytes leftover after parsing attributes in process `syz.4.9865'.
[ 1785.543154][ T1545] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9876'.
[ 1785.566169][ T1546] netlink: 'syz.2.9876': attribute type 10 has an invalid length.
[ 1785.585410][ T1546] device syz_tun entered promiscuous mode
[ 1785.636216][ T1546] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1785.986181][ T1563] netlink: 'syz.1.9881': attribute type 25 has an invalid length.
[ 1786.005367][ T1563] netlink: 'syz.1.9881': attribute type 1 has an invalid length.
[ 1786.026789][ T1563] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1786.501907][ T1574] netlink: 'syz.0.9886': attribute type 2 has an invalid length.
[ 1786.561794][ T1579] netlink: 'syz.2.9888': attribute type 21 has an invalid length.
[ 1786.581031][ T1579] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9888'.
[ 1786.929144][ T1590] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9892'.
[ 1786.961827][ T1590] netlink: 'syz.0.9892': attribute type 10 has an invalid length.
[ 1787.016921][ T1590] device syz_tun entered promiscuous mode
[ 1787.538176][ T1590] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1787.554192][ T1598] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.9895'.
[ 1787.604562][ T1598] netlink: 10 bytes leftover after parsing attributes in process `syz.3.9895'.
[ 1788.230612][ T1627] netlink: 'syz.3.9903': attribute type 2 has an invalid length.
[ 1788.507389][ T1637] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.9908'.
[ 1788.680580][ T1644] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9910'.
[ 1788.802834][ T1644] netlink: 'syz.1.9910': attribute type 10 has an invalid length.
[ 1788.832186][ T1644] device syz_tun entered promiscuous mode
[ 1789.531813][ T1644] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1789.579770][ T1656] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.9913'.
[ 1789.746522][ T1663] netlink: 'syz.2.9914': attribute type 10 has an invalid length.
[ 1791.146926][ T1709] netlink: 'syz.3.9932': attribute type 32 has an invalid length.
[ 1791.451589][ T1723] delete_channel: no stack
[ 1791.727604][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.734177][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1791.748234][ T1742] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.9943'.
[ 1792.725364][ T1775] netlink: 'syz.0.9954': attribute type 2 has an invalid length.
[ 1792.744187][ T1775] netlink: 'syz.0.9954': attribute type 8 has an invalid length.
[ 1792.752023][ T1775] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9954'.
[ 1794.104278][ T1811] netlink: 'syz.0.9970': attribute type 10 has an invalid length.
[ 1794.267738][ T1811] team0: Port device geneve1 added
[ 1794.353474][ T1821] netlink: 'syz.1.9975': attribute type 3 has an invalid length.
[ 1794.410665][ T1821] netlink: 114680 bytes leftover after parsing attributes in process `syz.1.9975'.
[ 1794.801217][ T1839] netlink: 81056 bytes leftover after parsing attributes in process `syz.0.9981'.
[ 1794.852128][ T1839] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1794.880940][ T1839] CPU: 1 PID: 1839 Comm: syz.0.9981 Not tainted syzkaller #0
[ 1794.888416][ T1839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1794.898717][ T1839] Call Trace:
[ 1794.902044][ T1839]  <TASK>
[ 1794.905024][ T1839]  dump_stack_lvl+0x188/0x24e
[ 1794.909782][ T1839]  ? show_regs_print_info+0x12/0x12
[ 1794.915048][ T1839]  ? load_image+0x400/0x400
[ 1794.919631][ T1839]  sysfs_warn_dup+0x8a/0xa0
[ 1794.924204][ T1839]  sysfs_do_create_link_sd+0xc0/0x110
[ 1794.929644][ T1839]  device_add+0x7ed/0xfb0
[ 1794.934130][ T1839]  wiphy_register+0x1d9f/0x2ac0
[ 1794.939075][ T1839]  ? cfg80211_event_work+0x40/0x40
[ 1794.944255][ T1839]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1794.950496][ T1839]  ieee80211_register_hw+0x2d00/0x39f0
[ 1794.956072][ T1839]  ? lockdep_hardirqs_on+0x94/0x140
[ 1794.961343][ T1839]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1794.966973][ T1839]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1794.972605][ T1839]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1794.978313][ T1839]  ? memset+0x1e/0x40
[ 1794.982350][ T1839]  ? __hrtimer_init+0x186/0x270
[ 1794.987260][ T1839]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1794.993078][ T1839]  hwsim_new_radio_nl+0xafa/0xce0
[ 1794.998189][ T1839]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1795.003798][ T1839]  ? end_current_label_crit_section+0x170/0x170
[ 1795.010102][ T1839]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1795.016062][ T1839]  ? bpf_lsm_capable+0x5/0x10
[ 1795.020891][ T1839]  ? security_capable+0x85/0xb0
[ 1795.025806][ T1839]  genl_rcv_msg+0x604/0x790
[ 1795.030364][ T1839]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1795.036602][ T1839]  ? genl_bind+0x360/0x360
[ 1795.041073][ T1839]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1795.047498][ T1839]  ? lock_acquire+0x225/0x4a0
[ 1795.052246][ T1839]  netlink_rcv_skb+0x1fb/0x450
[ 1795.057088][ T1839]  ? genl_bind+0x360/0x360
[ 1795.061575][ T1839]  ? netlink_ack+0x1170/0x1170
[ 1795.066420][ T1839]  ? down_read+0x1a8/0x2d0
[ 1795.070923][ T1839]  genl_rcv+0x24/0x40
[ 1795.074966][ T1839]  netlink_unicast+0x74d/0x8d0
[ 1795.079809][ T1839]  netlink_sendmsg+0x8ad/0xbd0
[ 1795.084840][ T1839]  ? netlink_getsockopt+0x550/0x550
[ 1795.090164][ T1839]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1795.095601][ T1839]  ? security_socket_sendmsg+0x7c/0xa0
[ 1795.101150][ T1839]  ? netlink_getsockopt+0x550/0x550
[ 1795.106426][ T1839]  ____sys_sendmsg+0x5be/0x970
[ 1795.111360][ T1839]  ? __sys_sendmsg_sock+0x30/0x30
[ 1795.116453][ T1839]  ? __import_iovec+0x315/0x500
[ 1795.121386][ T1839]  ? import_iovec+0x6f/0xa0
[ 1795.125959][ T1839]  ___sys_sendmsg+0x2a2/0x360
[ 1795.130713][ T1839]  ? try_to_wake_up+0x67c/0x1080
[ 1795.135729][ T1839]  ? __sys_sendmsg+0x290/0x290
[ 1795.140809][ T1839]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1795.145746][ T1839]  ? __x64_sys_sendmsg+0x80/0x80
[ 1795.150786][ T1839]  ? syscall_enter_from_user_mode+0x2a/0x80
[ 1795.156762][ T1839]  do_syscall_64+0x4c/0xa0
[ 1795.161255][ T1839]  ? clear_bhb_loop+0x60/0xb0
[ 1795.166007][ T1839]  ? clear_bhb_loop+0x60/0xb0
[ 1795.170754][ T1839]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1795.176713][ T1839] RIP: 0033:0x7fa9f919ce59
[ 1795.181180][ T1839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1795.200855][ T1839] RSP: 002b:00007fa9f9fdd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1795.209520][ T1839] RAX: ffffffffffffffda RBX: 00007fa9f9415fa0 RCX: 00007fa9f919ce59
[ 1795.217553][ T1839] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1795.225583][ T1839] RBP: 00007fa9f9232d6f R08: 0000000000000000 R09: 0000000000000000
[ 1795.233619][ T1839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1795.241649][ T1839] R13: 00007fa9f9416038 R14: 00007fa9f9415fa0 R15: 00007ffc294f85a8
[ 1795.249706][ T1839]  </TASK>
[ 1795.437759][ T1844] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9982'.
[ 1795.532130][ T1850] netlink: 'syz.3.9986': attribute type 2 has an invalid length.
[ 1795.564275][ T1850] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.9986'.
[ 1796.837205][ T1891] netlink: 'syz.2.10001': attribute type 25 has an invalid length.
[ 1796.864502][ T1891] netlink: 'syz.2.10001': attribute type 1 has an invalid length.
[ 1796.872489][ T1891] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1797.124143][ T1892] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.145549][ T1892] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.174260][ T1892] netlink: 33 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.196329][ T1892] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.223778][ T1892] netlink: 33 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.333078][ T1892] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.376402][ T1892] netlink: 33 bytes leftover after parsing attributes in process `syz.0.10002'.
[ 1797.450748][ T1907] netlink: 'syz.3.10008': attribute type 10 has an invalid length.
[ 1797.822388][ T1908] netlink: 'syz.3.10008': attribute type 10 has an invalid length.
[ 1797.942849][ T1908] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1798.006295][ T1908] team0: Port device bond0 added
[ 1798.682565][ T1942] netlink: 'syz.4.10020': attribute type 21 has an invalid length.
[ 1798.924553][T22025] Bluetooth: hci4: command 0x0406 tx timeout
[ 1799.545620][ T1975] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10030'.
[ 1799.560181][ T1978] netlink: 'syz.3.10031': attribute type 1 has an invalid length.
[ 1799.573995][ T1978] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10031'.
[ 1799.859715][ T1988] netlink: 'syz.0.10035': attribute type 10 has an invalid length.
[ 1799.874026][ T1988] netlink: 55 bytes leftover after parsing attributes in process `syz.0.10035'.
[ 1800.292839][ T2005] netlink: 'syz.0.10040': attribute type 27 has an invalid length.
[ 1800.335269][ T2005] netlink: 'syz.0.10040': attribute type 4 has an invalid length.
[ 1800.448179][ T2009] netlink: 'syz.1.10041': attribute type 10 has an invalid length.
[ 1801.870201][ T2048] netlink: 'syz.2.10055': attribute type 27 has an invalid length.
[ 1801.949130][ T2048] netlink: 'syz.2.10055': attribute type 4 has an invalid length.
[ 1802.847259][ T2070] __nla_validate_parse: 3 callbacks suppressed
[ 1802.847298][ T2070] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10062'.
[ 1804.017274][ T2109] netlink: 'syz.4.10078': attribute type 27 has an invalid length.
[ 1804.074081][ T2109] netlink: 'syz.4.10078': attribute type 4 has an invalid length.
[ 1804.154024][ T2109] netlink: 152 bytes leftover after parsing attributes in process `syz.4.10078'.
[ 1805.243100][ T2140] netlink: 'syz.0.10087': attribute type 27 has an invalid length.
[ 1805.261072][ T2143] netlink: 'syz.3.10090': attribute type 2 has an invalid length.
[ 1805.266923][ T2140] netlink: 164 bytes leftover after parsing attributes in process `syz.0.10087'.
[ 1805.293297][ T2143] netlink: 'syz.3.10090': attribute type 8 has an invalid length.
[ 1805.301747][ T2143] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10090'.
[ 1805.562652][ T2151] netlink: 'syz.3.10094': attribute type 3 has an invalid length.
[ 1805.573343][ T2151] netlink: 114680 bytes leftover after parsing attributes in process `syz.3.10094'.
[ 1806.706396][ T2187] netlink: 'syz.1.10105': attribute type 2 has an invalid length.
[ 1806.751456][ T2187] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.10105'.
[ 1806.783257][ T2186] netlink: 81056 bytes leftover after parsing attributes in process `syz.3.10104'.
[ 1806.827952][ T2186] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1806.875446][ T2186] CPU: 0 PID: 2186 Comm: syz.3.10104 Not tainted syzkaller #0
[ 1806.883009][ T2186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1806.893124][ T2186] Call Trace:
[ 1806.896457][ T2186]  <TASK>
[ 1806.899438][ T2186]  dump_stack_lvl+0x188/0x24e
[ 1806.904273][ T2186]  ? show_regs_print_info+0x12/0x12
[ 1806.909553][ T2186]  ? load_image+0x400/0x400
[ 1806.914139][ T2186]  sysfs_warn_dup+0x8a/0xa0
[ 1806.918707][ T2186]  sysfs_do_create_link_sd+0xc0/0x110
[ 1806.924145][ T2186]  device_add+0x7ed/0xfb0
[ 1806.928540][ T2186]  wiphy_register+0x1d9f/0x2ac0
[ 1806.933560][ T2186]  ? cfg80211_event_work+0x40/0x40
[ 1806.938744][ T2186]  ? minstrel_ht_alloc+0x894/0xa20
[ 1806.943928][ T2186]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 1806.950069][ T2186]  ieee80211_register_hw+0x2d00/0x39f0
[ 1806.955623][ T2186]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1806.961229][ T2186]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1806.966858][ T2186]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1806.972574][ T2186]  ? memset+0x1e/0x40
[ 1806.976605][ T2186]  ? __hrtimer_init+0x186/0x270
[ 1806.981520][ T2186]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1806.987327][ T2186]  hwsim_new_radio_nl+0xafa/0xce0
[ 1806.992435][ T2186]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1806.998046][ T2186]  ? end_current_label_crit_section+0x170/0x170
[ 1807.004347][ T2186]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1807.010317][ T2186]  ? bpf_lsm_capable+0x5/0x10
[ 1807.015062][ T2186]  ? security_capable+0x85/0xb0
[ 1807.019981][ T2186]  genl_rcv_msg+0x604/0x790
[ 1807.024550][ T2186]  ? genl_bind+0x360/0x360
[ 1807.029023][ T2186]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1807.035442][ T2186]  netlink_rcv_skb+0x1fb/0x450
[ 1807.040275][ T2186]  ? genl_bind+0x360/0x360
[ 1807.044751][ T2186]  ? netlink_ack+0x1170/0x1170
[ 1807.049590][ T2186]  ? down_read+0x1a8/0x2d0
[ 1807.054080][ T2186]  genl_rcv+0x24/0x40
[ 1807.058123][ T2186]  netlink_unicast+0x74d/0x8d0
[ 1807.062966][ T2186]  netlink_sendmsg+0x8ad/0xbd0
[ 1807.067812][ T2186]  ? netlink_getsockopt+0x550/0x550
[ 1807.073080][ T2186]  ? aa_sock_msg_perm+0x94/0x150
[ 1807.078074][ T2186]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1807.083411][ T2186]  ? security_socket_sendmsg+0x7c/0xa0
[ 1807.088946][ T2186]  ? netlink_getsockopt+0x550/0x550
[ 1807.094216][ T2186]  ____sys_sendmsg+0x5be/0x970
[ 1807.099073][ T2186]  ? __sys_sendmsg_sock+0x30/0x30
[ 1807.104166][ T2186]  ? __import_iovec+0x315/0x500
[ 1807.109172][ T2186]  ? import_iovec+0x6f/0xa0
[ 1807.113738][ T2186]  ___sys_sendmsg+0x2a2/0x360
[ 1807.118488][ T2186]  ? __sys_sendmsg+0x290/0x290
[ 1807.123374][ T2186]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1807.128287][ T2186]  ? ct_nmi_exit+0x145/0x1c0
[ 1807.132936][ T2186]  ? __x64_sys_sendmsg+0x80/0x80
[ 1807.137970][ T2186]  ? lockdep_hardirqs_on+0x94/0x140
[ 1807.143242][ T2186]  do_syscall_64+0x4c/0xa0
[ 1807.147721][ T2186]  ? clear_bhb_loop+0x60/0xb0
[ 1807.152457][ T2186]  ? clear_bhb_loop+0x60/0xb0
[ 1807.157199][ T2186]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1807.163156][ T2186] RIP: 0033:0x7f02da19ce59
[ 1807.167621][ T2186] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1807.187286][ T2186] RSP: 002b:00007f02db0e8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1807.195795][ T2186] RAX: ffffffffffffffda RBX: 00007f02da416090 RCX: 00007f02da19ce59
[ 1807.203819][ T2186] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1807.211846][ T2186] RBP: 00007f02da232d6f R08: 0000000000000000 R09: 0000000000000000
[ 1807.219870][ T2186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1807.227898][ T2186] R13: 00007f02da416128 R14: 00007f02da416090 R15: 00007ffc76cbb558
[ 1807.235966][ T2186]  </TASK>
[ 1808.286682][ T2221] netlink: 'syz.0.10127': attribute type 16 has an invalid length.
[ 1808.357567][ T2221] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10127'.
[ 1808.461896][ T2226] netlink: 'syz.4.10118': attribute type 27 has an invalid length.
[ 1808.538558][ T2226] netlink: 164 bytes leftover after parsing attributes in process `syz.4.10118'.
[ 1810.325711][ T2252] netlink: 'syz.4.10131': attribute type 3 has an invalid length.
[ 1810.392592][ T2253] netlink: 'syz.4.10131': attribute type 3 has an invalid length.
[ 1810.461203][ T2253] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.10131'.
[ 1810.515106][ T2256] netlink: 40 bytes leftover after parsing attributes in process `syz.1.10132'.
[ 1810.533977][ T2252] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.10131'.
[ 1812.696257][ T2321] netlink: 65027 bytes leftover after parsing attributes in process `syz.0.10155'.
[ 1813.047065][ T2335] netlink: 152 bytes leftover after parsing attributes in process `syz.4.10160'.
[ 1813.799485][ T2364] netlink: 'syz.1.10168': attribute type 11 has an invalid length.
[ 1813.826279][ T2364] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.10168'.
[ 1813.865017][ T2364] netlink: 'syz.1.10168': attribute type 46 has an invalid length.
[ 1813.891318][ T2364] netlink: 2 bytes leftover after parsing attributes in process `syz.1.10168'.
[ 1814.290020][ T2396] netlink: 'syz.1.10178': attribute type 46 has an invalid length.
[ 1814.402856][ T2398] FAULT_INJECTION: forcing a failure.
[ 1814.402856][ T2398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1814.433191][ T2398] CPU: 1 PID: 2398 Comm: syz.0.10177 Not tainted syzkaller #0
[ 1814.440766][ T2398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1814.450882][ T2398] Call Trace:
[ 1814.454231][ T2398]  <TASK>
[ 1814.457222][ T2398]  dump_stack_lvl+0x188/0x24e
[ 1814.461975][ T2398]  ? show_regs_print_info+0x12/0x12
[ 1814.467242][ T2398]  ? load_image+0x400/0x400
[ 1814.471804][ T2398]  ? __lock_acquire+0x7d10/0x7d10
[ 1814.476892][ T2398]  ? trace_call_bpf+0x5d6/0x6b0
[ 1814.481823][ T2398]  should_fail_ex+0x399/0x4d0
[ 1814.486562][ T2398]  _copy_from_user+0x2c/0x170
[ 1814.491297][ T2398]  __sys_bpf+0x2ea/0x780
[ 1814.495607][ T2398]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1814.501062][ T2398]  ? lock_chain_count+0x20/0x20
[ 1814.505985][ T2398]  __x64_sys_bpf+0x78/0x90
[ 1814.510462][ T2398]  do_syscall_64+0x4c/0xa0
[ 1814.514950][ T2398]  ? clear_bhb_loop+0x60/0xb0
[ 1814.519732][ T2398]  ? clear_bhb_loop+0x60/0xb0
[ 1814.524483][ T2398]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1814.530438][ T2398] RIP: 0033:0x7fa9f919ce59
[ 1814.534902][ T2398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1814.554651][ T2398] RSP: 002b:00007fa9f9fbc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1814.563220][ T2398] RAX: ffffffffffffffda RBX: 00007fa9f9416090 RCX: 00007fa9f919ce59
[ 1814.571260][ T2398] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 0000000000000005
[ 1814.579296][ T2398] RBP: 00007fa9f9fbc090 R08: 0000000000000000 R09: 0000000000000000
[ 1814.587331][ T2398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1814.595371][ T2398] R13: 00007fa9f9416128 R14: 00007fa9f9416090 R15: 00007ffc294f85a8
[ 1814.603417][ T2398]  </TASK>
[ 1817.156155][ T2396] netlink: 'syz.1.10178': attribute type 46 has an invalid length.
[ 1817.169673][ T2405] netlink: 'syz.2.10181': attribute type 21 has an invalid length.
[ 1818.153175][ T2423] netlink: 'syz.1.10187': attribute type 10 has an invalid length.
[ 1818.165246][ T2430] delete_channel: no stack
[ 1818.981679][ T2499] netlink: 'syz.3.10206': attribute type 17 has an invalid length.
[ 1819.027978][ T2499] netlink: 'syz.3.10206': attribute type 41 has an invalid length.
[ 1819.120985][ T2499] netlink: 'syz.3.10206': attribute type 46 has an invalid length.
[ 1819.404003][T12672] Bluetooth: hci1: command 0x0406 tx timeout
[ 1819.579180][ T2518] netlink: 81056 bytes leftover after parsing attributes in process `syz.4.10213'.
[ 1819.761950][ T2524] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.10212'.
[ 1820.743140][ T2545] netlink: 10 bytes leftover after parsing attributes in process `syz.4.10219'.
[ 1821.547036][ T2574] netlink: 'syz.3.10225': attribute type 16 has an invalid length.
[ 1821.565872][ T2574] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10225'.
[ 1822.024413][ T2588] netlink: 40 bytes leftover after parsing attributes in process `syz.1.10232'.
[ 1822.603209][ T2597] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.10233'.
[ 1824.074178][ T2646] netlink: 3291 bytes leftover after parsing attributes in process `syz.0.10256'.
[ 1825.908715][ T2693] netlink: 'syz.4.10260': attribute type 11 has an invalid length.
[ 1825.945001][ T2693] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.10260'.
[ 1826.920018][ T2726] netlink: 'syz.3.10268': attribute type 1 has an invalid length.
[ 1826.979298][ T2726] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.10268'.
[ 1827.161717][ T2743] netlink: 'syz.2.10272': attribute type 27 has an invalid length.
[ 1827.193277][ T2743] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.10272'.
[ 1828.084555][ T2769] netlink: 'syz.0.10282': attribute type 21 has an invalid length.
[ 1828.128638][ T2769] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10282'.
[ 1828.984480][ T2804] netlink: 'syz.1.10290': attribute type 2 has an invalid length.
[ 1829.021231][ T2804] netlink: 'syz.1.10290': attribute type 1 has an invalid length.
[ 1829.040045][ T2804] netlink: 170140 bytes leftover after parsing attributes in process `syz.1.10290'.
[ 1832.657107][ T2819] delete_channel: no stack
[ 1833.062152][ T2845] netlink: 'syz.3.10301': attribute type 2 has an invalid length.
[ 1833.072398][ T2845] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.10301'.
[ 1833.625291][ T2863] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10307'.
[ 1833.698349][ T2857] netlink: 81056 bytes leftover after parsing attributes in process `syz.0.10305'.
[ 1833.756152][ T2857] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1833.777738][ T2857] CPU: 0 PID: 2857 Comm: syz.0.10305 Not tainted syzkaller #0
[ 1833.785484][ T2857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1833.795596][ T2857] Call Trace:
[ 1833.798915][ T2857]  <TASK>
[ 1833.801880][ T2857]  dump_stack_lvl+0x188/0x24e
[ 1833.806612][ T2857]  ? show_regs_print_info+0x12/0x12
[ 1833.811858][ T2857]  ? load_image+0x400/0x400
[ 1833.816462][ T2857]  sysfs_warn_dup+0x8a/0xa0
[ 1833.821013][ T2857]  sysfs_do_create_link_sd+0xc0/0x110
[ 1833.826431][ T2857]  device_add+0x7ed/0xfb0
[ 1833.830806][ T2857]  wiphy_register+0x1d9f/0x2ac0
[ 1833.835715][ T2857]  ? cfg80211_event_work+0x40/0x40
[ 1833.840864][ T2857]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1833.847073][ T2857]  ieee80211_register_hw+0x2d00/0x39f0
[ 1833.852581][ T2857]  ? lockdep_hardirqs_on+0x94/0x140
[ 1833.857823][ T2857]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1833.863431][ T2857]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1833.869030][ T2857]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1833.874714][ T2857]  ? memset+0x1e/0x40
[ 1833.878725][ T2857]  ? __hrtimer_init+0x186/0x270
[ 1833.883614][ T2857]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1833.889399][ T2857]  hwsim_new_radio_nl+0xafa/0xce0
[ 1833.894480][ T2857]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1833.900062][ T2857]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1833.905998][ T2857]  ? bpf_lsm_capable+0x5/0x10
[ 1833.910737][ T2857]  ? security_capable+0x85/0xb0
[ 1833.915630][ T2857]  genl_rcv_msg+0x604/0x790
[ 1833.920164][ T2857]  ? perf_trace_run_bpf_submit+0xf3/0x1c0
[ 1833.926019][ T2857]  ? genl_bind+0x360/0x360
[ 1833.930469][ T2857]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1833.936846][ T2857]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1833.942876][ T2857]  netlink_rcv_skb+0x1fb/0x450
[ 1833.947689][ T2857]  ? genl_bind+0x360/0x360
[ 1833.952139][ T2857]  ? netlink_ack+0x1170/0x1170
[ 1833.956953][ T2857]  ? genl_bind+0x360/0x360
[ 1833.961408][ T2857]  genl_rcv+0x24/0x40
[ 1833.965418][ T2857]  netlink_unicast+0x74d/0x8d0
[ 1833.970230][ T2857]  netlink_sendmsg+0x8ad/0xbd0
[ 1833.975044][ T2857]  ? netlink_getsockopt+0x550/0x550
[ 1833.980300][ T2857]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1833.985617][ T2857]  ? security_socket_sendmsg+0x7c/0xa0
[ 1833.991124][ T2857]  ? netlink_getsockopt+0x550/0x550
[ 1833.996369][ T2857]  ____sys_sendmsg+0x5be/0x970
[ 1834.001201][ T2857]  ? __sys_sendmsg_sock+0x30/0x30
[ 1834.006312][ T2857]  ? __import_iovec+0x315/0x500
[ 1834.011209][ T2857]  ? import_iovec+0x6f/0xa0
[ 1834.015767][ T2857]  ___sys_sendmsg+0x2a2/0x360
[ 1834.020512][ T2857]  ? __sys_sendmsg+0x290/0x290
[ 1834.025369][ T2857]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1834.030281][ T2857]  ? __x64_sys_sendmsg+0x80/0x80
[ 1834.035271][ T2857]  ? syscall_enter_from_user_mode+0x2a/0x80
[ 1834.041200][ T2857]  do_syscall_64+0x4c/0xa0
[ 1834.045699][ T2857]  ? clear_bhb_loop+0x60/0xb0
[ 1834.050419][ T2857]  ? clear_bhb_loop+0x60/0xb0
[ 1834.055166][ T2857]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1834.061128][ T2857] RIP: 0033:0x7fa9f919ce59
[ 1834.065585][ T2857] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1834.085261][ T2857] RSP: 002b:00007fa9f9fdd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1834.093718][ T2857] RAX: ffffffffffffffda RBX: 00007fa9f9415fa0 RCX: 00007fa9f919ce59
[ 1834.101727][ T2857] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1834.109732][ T2857] RBP: 00007fa9f9232d6f R08: 0000000000000000 R09: 0000000000000000
[ 1834.117735][ T2857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1834.125739][ T2857] R13: 00007fa9f9416038 R14: 00007fa9f9415fa0 R15: 00007ffc294f85a8
[ 1834.133759][ T2857]  </TASK>
[ 1834.326918][ T2867] netlink: 'syz.3.10306': attribute type 2 has an invalid length.
[ 1834.385531][ T2867] netlink: 'syz.3.10306': attribute type 8 has an invalid length.
[ 1834.407106][ T2867] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10306'.
[ 1835.277168][ T2888] netlink: 'syz.3.10315': attribute type 16 has an invalid length.
[ 1835.362899][ T2888] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10315'.
[ 1836.528339][ T2909] netlink: 81056 bytes leftover after parsing attributes in process `syz.3.10323'.
[ 1836.642606][ T2909] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1836.708803][ T2909] CPU: 1 PID: 2909 Comm: syz.3.10323 Not tainted syzkaller #0
[ 1836.716370][ T2909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1836.726482][ T2909] Call Trace:
[ 1836.729855][ T2909]  <TASK>
[ 1836.732835][ T2909]  dump_stack_lvl+0x188/0x24e
[ 1836.737586][ T2909]  ? show_regs_print_info+0x12/0x12
[ 1836.742861][ T2909]  ? load_image+0x400/0x400
[ 1836.747435][ T2909]  sysfs_warn_dup+0x8a/0xa0
[ 1836.752045][ T2909]  sysfs_do_create_link_sd+0xc0/0x110
[ 1836.757496][ T2909]  device_add+0x7ed/0xfb0
[ 1836.761906][ T2909]  wiphy_register+0x1d9f/0x2ac0
[ 1836.766858][ T2909]  ? cfg80211_event_work+0x40/0x40
[ 1836.772050][ T2909]  ? minstrel_ht_alloc+0x894/0xa20
[ 1836.777231][ T2909]  ? strcmp+0x3c/0xb0
[ 1836.781330][ T2909]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 1836.787461][ T2909]  ieee80211_register_hw+0x2d00/0x39f0
[ 1836.792995][ T2909]  ? lockdep_hardirqs_on+0x94/0x140
[ 1836.798277][ T2909]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1836.803932][ T2909]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1836.809565][ T2909]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1836.815270][ T2909]  ? memset+0x1e/0x40
[ 1836.819301][ T2909]  ? __hrtimer_init+0x186/0x270
[ 1836.824394][ T2909]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1836.830213][ T2909]  hwsim_new_radio_nl+0xafa/0xce0
[ 1836.835327][ T2909]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1836.840950][ T2909]  ? end_current_label_crit_section+0x170/0x170
[ 1836.847268][ T2909]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1836.853239][ T2909]  ? bpf_lsm_capable+0x5/0x10
[ 1836.857990][ T2909]  ? security_capable+0x85/0xb0
[ 1836.862925][ T2909]  genl_rcv_msg+0x604/0x790
[ 1836.867523][ T2909]  ? genl_bind+0x360/0x360
[ 1836.872001][ T2909]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1836.878420][ T2909]  netlink_rcv_skb+0x1fb/0x450
[ 1836.883257][ T2909]  ? genl_bind+0x360/0x360
[ 1836.887745][ T2909]  ? netlink_ack+0x1170/0x1170
[ 1836.892591][ T2909]  ? down_read+0x1a8/0x2d0
[ 1836.897093][ T2909]  genl_rcv+0x24/0x40
[ 1836.901135][ T2909]  netlink_unicast+0x74d/0x8d0
[ 1836.905991][ T2909]  netlink_sendmsg+0x8ad/0xbd0
[ 1836.910840][ T2909]  ? netlink_getsockopt+0x550/0x550
[ 1836.916122][ T2909]  ? aa_sock_msg_perm+0x94/0x150
[ 1836.921130][ T2909]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1836.926475][ T2909]  ? security_socket_sendmsg+0x7c/0xa0
[ 1836.932005][ T2909]  ? netlink_getsockopt+0x550/0x550
[ 1836.937271][ T2909]  ____sys_sendmsg+0x5be/0x970
[ 1836.942124][ T2909]  ? __sys_sendmsg_sock+0x30/0x30
[ 1836.947220][ T2909]  ? __import_iovec+0x315/0x500
[ 1836.952149][ T2909]  ? import_iovec+0x6f/0xa0
[ 1836.956726][ T2909]  ___sys_sendmsg+0x2a2/0x360
[ 1836.961532][ T2909]  ? __sys_sendmsg+0x290/0x290
[ 1836.966458][ T2909]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1836.971374][ T2909]  ? ct_nmi_exit+0x145/0x1c0
[ 1836.976023][ T2909]  ? __x64_sys_sendmsg+0x80/0x80
[ 1836.981054][ T2909]  ? lockdep_hardirqs_on+0x94/0x140
[ 1836.986325][ T2909]  do_syscall_64+0x4c/0xa0
[ 1836.990808][ T2909]  ? clear_bhb_loop+0x60/0xb0
[ 1836.995571][ T2909]  ? clear_bhb_loop+0x60/0xb0
[ 1837.000315][ T2909]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1837.006271][ T2909] RIP: 0033:0x7f02da19ce59
[ 1837.010746][ T2909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1837.030420][ T2909] RSP: 002b:00007f02db109028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1837.038924][ T2909] RAX: ffffffffffffffda RBX: 00007f02da415fa0 RCX: 00007f02da19ce59
[ 1837.046964][ T2909] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1837.055004][ T2909] RBP: 00007f02da232d6f R08: 0000000000000000 R09: 0000000000000000
[ 1837.063036][ T2909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1837.071090][ T2909] R13: 00007f02da416038 R14: 00007f02da415fa0 R15: 00007ffc76cbb558
[ 1837.079260][ T2909]  </TASK>
[ 1837.231514][ T2919] netlink: 'syz.0.10326': attribute type 2 has an invalid length.
[ 1837.268109][ T2919] netlink: 'syz.0.10326': attribute type 8 has an invalid length.
[ 1837.290623][ T2919] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10326'.
[ 1837.932909][ T2939] netlink: 180 bytes leftover after parsing attributes in process `syz.4.10334'.
[ 1839.161266][ T2966] netlink: 81056 bytes leftover after parsing attributes in process `syz.4.10342'.
[ 1839.217264][ T2966] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1839.244262][ T2966] CPU: 1 PID: 2966 Comm: syz.4.10342 Not tainted syzkaller #0
[ 1839.251824][ T2966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1839.261941][ T2966] Call Trace:
[ 1839.265294][ T2966]  <TASK>
[ 1839.268275][ T2966]  dump_stack_lvl+0x188/0x24e
[ 1839.273023][ T2966]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1839.279247][ T2966]  ? show_regs_print_info+0x12/0x12
[ 1839.284515][ T2966]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1839.290846][ T2966]  sysfs_warn_dup+0x8a/0xa0
[ 1839.295419][ T2966]  sysfs_do_create_link_sd+0xc0/0x110
[ 1839.300871][ T2966]  device_add+0x7ed/0xfb0
[ 1839.305271][ T2966]  wiphy_register+0x1d9f/0x2ac0
[ 1839.310215][ T2966]  ? cfg80211_event_work+0x40/0x40
[ 1839.315407][ T2966]  ? minstrel_ht_alloc+0x894/0xa20
[ 1839.320575][ T2966]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 1839.326683][ T2966]  ieee80211_register_hw+0x2d00/0x39f0
[ 1839.332450][ T2966]  ? lockdep_hardirqs_on+0x94/0x140
[ 1839.337704][ T2966]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1839.343290][ T2966]  ? ieee80211_register_hw+0xe71/0x39f0
[ 1839.348883][ T2966]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1839.354573][ T2966]  ? memset+0x1e/0x40
[ 1839.358591][ T2966]  ? __hrtimer_init+0x186/0x270
[ 1839.363565][ T2966]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1839.369342][ T2966]  hwsim_new_radio_nl+0xafa/0xce0
[ 1839.374502][ T2966]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1839.380077][ T2966]  ? end_current_label_crit_section+0x170/0x170
[ 1839.386409][ T2966]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1839.392340][ T2966]  ? bpf_lsm_capable+0x5/0x10
[ 1839.397076][ T2966]  ? security_capable+0x85/0xb0
[ 1839.401972][ T2966]  genl_rcv_msg+0x604/0x790
[ 1839.406511][ T2966]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1839.412720][ T2966]  ? genl_bind+0x360/0x360
[ 1839.417178][ T2966]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1839.423560][ T2966]  ? lock_acquire+0x225/0x4a0
[ 1839.428284][ T2966]  netlink_rcv_skb+0x1fb/0x450
[ 1839.433104][ T2966]  ? genl_bind+0x360/0x360
[ 1839.437551][ T2966]  ? netlink_ack+0x1170/0x1170
[ 1839.442364][ T2966]  ? down_read+0x1a8/0x2d0
[ 1839.446825][ T2966]  genl_rcv+0x24/0x40
[ 1839.450835][ T2966]  netlink_unicast+0x74d/0x8d0
[ 1839.455676][ T2966]  netlink_sendmsg+0x8ad/0xbd0
[ 1839.460494][ T2966]  ? netlink_getsockopt+0x550/0x550
[ 1839.465737][ T2966]  ? aa_sock_msg_perm+0x94/0x150
[ 1839.470710][ T2966]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1839.476023][ T2966]  ? security_socket_sendmsg+0x7c/0xa0
[ 1839.481528][ T2966]  ? netlink_getsockopt+0x550/0x550
[ 1839.486777][ T2966]  ____sys_sendmsg+0x5be/0x970
[ 1839.491595][ T2966]  ? __sys_sendmsg_sock+0x30/0x30
[ 1839.496658][ T2966]  ? __import_iovec+0x315/0x500
[ 1839.501544][ T2966]  ? import_iovec+0x6f/0xa0
[ 1839.506119][ T2966]  ___sys_sendmsg+0x2a2/0x360
[ 1839.510845][ T2966]  ? __sys_sendmsg+0x290/0x290
[ 1839.515695][ T2966]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1839.520591][ T2966]  ? ct_nmi_exit+0x145/0x1c0
[ 1839.525229][ T2966]  ? __x64_sys_sendmsg+0x80/0x80
[ 1839.530238][ T2966]  ? lockdep_hardirqs_on+0x94/0x140
[ 1839.535470][ T2966]  do_syscall_64+0x4c/0xa0
[ 1839.539929][ T2966]  ? clear_bhb_loop+0x60/0xb0
[ 1839.544652][ T2966]  ? clear_bhb_loop+0x60/0xb0
[ 1839.549371][ T2966]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1839.555299][ T2966] RIP: 0033:0x7f2f6ad9ce59
[ 1839.559749][ T2966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1839.579388][ T2966] RSP: 002b:00007f2f68ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1839.587840][ T2966] RAX: ffffffffffffffda RBX: 00007f2f6b015fa0 RCX: 00007f2f6ad9ce59
[ 1839.595937][ T2966] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1839.603942][ T2966] RBP: 00007f2f6ae32d6f R08: 0000000000000000 R09: 0000000000000000
[ 1839.612032][ T2966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1839.620035][ T2966] R13: 00007f2f6b016038 R14: 00007f2f6b015fa0 R15: 00007ffc90f3bb28
[ 1839.628052][ T2966]  </TASK>
[ 1842.100574][ T3009] netlink: 'syz.0.10357': attribute type 16 has an invalid length.
[ 1842.251492][ T3009] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10357'.
[ 1843.082879][ T3037] netlink: 'syz.3.10367': attribute type 2 has an invalid length.
[ 1843.186339][ T3042] netlink: 'syz.3.10367': attribute type 10 has an invalid length.
[ 1844.315907][ T3042] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1844.945201][ T3064] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.10378'.
[ 1844.959517][ T3064] bridge_slave_1: default FDB implementation only supports local addresses
[ 1845.201846][ T3076] netlink: 'syz.4.10385': attribute type 2 has an invalid length.
[ 1845.254798][ T3076] netlink: 'syz.4.10385': attribute type 10 has an invalid length.
[ 1845.275129][ T3076] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1845.375033][ T3076] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1845.435043][ T3076] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1845.851912][ T3098] delete_channel: no stack
[ 1846.685562][ T3123] netlink: 'syz.4.10403': attribute type 16 has an invalid length.
[ 1846.706654][ T3123] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10403'.
[ 1846.897081][ T3134] netlink: 'syz.1.10404': attribute type 2 has an invalid length.
[ 1846.937037][ T3134] netlink: 'syz.1.10404': attribute type 10 has an invalid length.
[ 1846.950248][ T3134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1847.011376][ T3134] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1847.152844][ T3134] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1847.186891][ T3141] netlink: 'syz.0.10408': attribute type 2 has an invalid length.
[ 1847.221484][ T3141] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.10408'.
[ 1847.465221][ T3147] netlink: 132 bytes leftover after parsing attributes in process `syz.1.10411'.
[ 1847.663111][ T3154] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10414'.
[ 1848.761770][ T3175] netlink: 'syz.2.10423': attribute type 2 has an invalid length.
[ 1848.806864][ T3175] netlink: 'syz.2.10423': attribute type 10 has an invalid length.
[ 1848.824893][ T3175] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1848.906128][ T3175] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1849.024155][ T3175] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1850.116383][ T3206] netlink: 156 bytes leftover after parsing attributes in process `syz.1.10434'.
[ 1853.176638][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.183172][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1853.298586][ T3276] netlink: 'syz.2.10456': attribute type 21 has an invalid length.
[ 1854.561701][ T3303] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.10463'.
[ 1855.944607][ T3329] netlink: 'syz.2.10473': attribute type 10 has an invalid length.
[ 1856.025504][ T3329] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1856.064033][ T3329] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 1856.085224][ T3329] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 1856.124176][ T3329] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[ 1856.818875][ T3352] netlink: 'syz.2.10478': attribute type 3 has an invalid length.
[ 1856.860387][ T3352] netlink: 114680 bytes leftover after parsing attributes in process `syz.2.10478'.
[ 1859.477903][ T3414] netlink: 'syz.4.10499': attribute type 29 has an invalid length.
[ 1859.515815][ T3414] netlink: 'syz.4.10499': attribute type 29 has an invalid length.
[ 1859.535381][ T3416] netlink: 'syz.4.10499': attribute type 29 has an invalid length.
[ 1859.566374][ T3418] netlink: 'syz.4.10499': attribute type 29 has an invalid length.
[ 1859.618464][ T3423] netlink: 81056 bytes leftover after parsing attributes in process `syz.2.10501'.
[ 1859.845844][ T3428] netlink: 'syz.1.10502': attribute type 21 has an invalid length.
[ 1863.131410][ T3423] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 1863.171063][ T3451] netlink: 'syz.3.10510': attribute type 16 has an invalid length.
[ 1863.193875][ T3451] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10510'.
[ 1864.094871][ T3483] netlink: 'syz.3.10523': attribute type 21 has an invalid length.
[ 1864.499257][ T3491] netlink: 'syz.1.10525': attribute type 2 has an invalid length.
[ 1865.279922][ T3513] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1865.323514][ T3513] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10531'.
[ 1865.461155][ T3516] netlink: 152 bytes leftover after parsing attributes in process `syz.3.10531'.
[ 1865.580081][ T3521] netlink: 'syz.3.10531': attribute type 10 has an invalid length.
[ 1865.978797][ T3521] team0: Device vxcan0 is of different type
[ 1866.401386][ T3533] netlink: 'syz.1.10539': attribute type 2 has an invalid length.
[ 1866.618062][ T3546] netlink: 'syz.4.10542': attribute type 21 has an invalid length.
[ 1867.463868][ T3561] netlink: 5 bytes leftover after parsing attributes in process `syz.0.10547'.
[ 1867.505645][ T3561] netlink: 'syz.0.10547': attribute type 1 has an invalid length.
[ 1868.040198][ T3581] netlink: 'syz.1.10557': attribute type 2 has an invalid length.
[ 1871.145795][ T3605] netlink: 'syz.1.10563': attribute type 3 has an invalid length.
[ 1871.174830][ T3605] netlink: 114680 bytes leftover after parsing attributes in process `syz.1.10563'.
[ 1871.386689][ T3614] netlink: 56 bytes leftover after parsing attributes in process `syz.4.10567'.
[ 1871.798203][ T3630] netlink: 'syz.2.10573': attribute type 2 has an invalid length.
[ 1872.650626][ T3655] FAULT_INJECTION: forcing a failure.
[ 1872.650626][ T3655] name failslab, interval 1, probability 0, space 0, times 0
[ 1872.693963][ T3655] CPU: 0 PID: 3655 Comm: syz.4.10582 Not tainted syzkaller #0
[ 1872.701519][ T3655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1872.711654][ T3655] Call Trace:
[ 1872.714981][ T3655]  <TASK>
[ 1872.717953][ T3655]  dump_stack_lvl+0x188/0x24e
[ 1872.722700][ T3655]  ? show_regs_print_info+0x12/0x12
[ 1872.727984][ T3655]  ? load_image+0x400/0x400
[ 1872.732548][ T3655]  ? __might_sleep+0xd0/0xd0
[ 1872.737203][ T3655]  ? __lock_acquire+0x7d10/0x7d10
[ 1872.742288][ T3655]  should_fail_ex+0x399/0x4d0
[ 1872.747024][ T3655]  should_failslab+0x5/0x20
[ 1872.751580][ T3655]  slab_pre_alloc_hook+0x59/0x310
[ 1872.756674][ T3655]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1872.762724][ T3655]  ? bpf_prog_test_run_flow_dissector+0x255/0x640
[ 1872.769204][ T3655]  __kmem_cache_alloc_node+0x4f/0x260
[ 1872.774640][ T3655]  ? bpf_prog_test_run_flow_dissector+0x255/0x640
[ 1872.781124][ T3655]  __kmalloc+0xa0/0x240
[ 1872.785350][ T3655]  bpf_prog_test_run_flow_dissector+0x255/0x640
[ 1872.791650][ T3655]  ? xdp_convert_buff_to_md+0x200/0x200
[ 1872.797237][ T3655]  ? __fget_files+0x28/0x4b0
[ 1872.801863][ T3655]  ? __fget_files+0x28/0x4b0
[ 1872.806553][ T3655]  ? __fget_files+0x43d/0x4b0
[ 1872.811274][ T3655]  ? xdp_convert_buff_to_md+0x200/0x200
[ 1872.816865][ T3655]  bpf_prog_test_run+0x31e/0x390
[ 1872.821849][ T3655]  __sys_bpf+0x62b/0x780
[ 1872.826138][ T3655]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1872.831568][ T3655]  __x64_sys_bpf+0x78/0x90
[ 1872.836027][ T3655]  do_syscall_64+0x4c/0xa0
[ 1872.840484][ T3655]  ? clear_bhb_loop+0x60/0xb0
[ 1872.845197][ T3655]  ? clear_bhb_loop+0x60/0xb0
[ 1872.849921][ T3655]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1872.855847][ T3655] RIP: 0033:0x7f2f6ad9ce59
[ 1872.860297][ T3655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1872.879939][ T3655] RSP: 002b:00007f2f68ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1872.888394][ T3655] RAX: ffffffffffffffda RBX: 00007f2f6b015fa0 RCX: 00007f2f6ad9ce59
[ 1872.896394][ T3655] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[ 1872.904398][ T3655] RBP: 00007f2f68ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1872.912399][ T3655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1872.920401][ T3655] R13: 00007f2f6b016038 R14: 00007f2f6b015fa0 R15: 00007ffc90f3bb28
[ 1872.928427][ T3655]  </TASK>
[ 1873.029217][ T3656] delete_channel: no stack
[ 1873.032649][ T3664] netlink: 'syz.0.10586': attribute type 2 has an invalid length.
[ 1874.165966][ T3703] netlink: 'syz.0.10600': attribute type 2 has an invalid length.
[ 1874.425179][ T3712] netlink: 'syz.3.10603': attribute type 10 has an invalid length.
[ 1874.504710][ T3715] netlink: 'syz.0.10604': attribute type 25 has an invalid length.
[ 1874.512776][ T3715] netlink: 'syz.0.10604': attribute type 1 has an invalid length.
[ 1874.564379][ T3715] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1875.229274][ T3737] netlink: 'syz.2.10610': attribute type 16 has an invalid length.
[ 1875.281855][ T3737] netlink: 156 bytes leftover after parsing attributes in process `syz.2.10610'.
[ 1875.724153][ T3736] netlink: 830 bytes leftover after parsing attributes in process `syz.3.10607'.
[ 1880.390598][ T3754] netlink: 'syz.2.10614': attribute type 2 has an invalid length.
[ 1880.404586][ T3761] netlink: 'syz.2.10614': attribute type 10 has an invalid length.
[ 1880.448355][ T3785] netlink: 'syz.3.10629': attribute type 21 has an invalid length.
[ 1880.466718][ T3785] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1880.490106][ T3785] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1880.497507][ T3785] IPv6: NLM_F_CREATE should be set when creating new route
[ 1880.504859][ T3785] IPv6: NLM_F_CREATE should be set when creating new route
[ 1880.512146][ T3785] IPv6: NLM_F_CREATE should be set when creating new route
[ 1880.554110][ T3828] netlink: 14 bytes leftover after parsing attributes in process `syz.1.10645'.
[ 1880.563266][ T3828] openvswitch: netlink: Flow key attr not present in new flow.
[ 1880.826532][ T3837] netlink: 'syz.4.10647': attribute type 29 has an invalid length.
[ 1884.088212][ T3837] netlink: 'syz.4.10647': attribute type 29 has an invalid length.
[ 1884.172359][ T3863] netlink: 'syz.1.10656': attribute type 2 has an invalid length.
[ 1884.198536][ T3864] netlink: 'syz.1.10656': attribute type 10 has an invalid length.
[ 1884.434993][ T3876] device lo entered promiscuous mode
[ 1884.481783][ T3878] netlink: 14 bytes leftover after parsing attributes in process `syz.3.10660'.
[ 1884.554259][ T3878] openvswitch: netlink: Flow key attr not present in new flow.
[ 1884.600738][ T3880] netlink: 'syz.1.10661': attribute type 11 has an invalid length.
[ 1884.637258][ T3880] netlink: 167332 bytes leftover after parsing attributes in process `syz.1.10661'.
[ 1885.255017][ T3875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1885.687850][ T3904] netlink: 'syz.4.10671': attribute type 2 has an invalid length.
[ 1885.722991][ T3908] FAULT_INJECTION: forcing a failure.
[ 1885.722991][ T3908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1885.764240][ T3904] netlink: 'syz.4.10671': attribute type 10 has an invalid length.
[ 1885.787687][ T3908] CPU: 0 PID: 3908 Comm: syz.0.10673 Not tainted syzkaller #0
[ 1885.795237][ T3908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1885.805350][ T3908] Call Trace:
[ 1885.808679][ T3908]  <TASK>
[ 1885.811662][ T3908]  dump_stack_lvl+0x188/0x24e
[ 1885.816423][ T3908]  ? show_regs_print_info+0x12/0x12
[ 1885.821700][ T3908]  ? load_image+0x400/0x400
[ 1885.826273][ T3908]  ? __lock_acquire+0x7d10/0x7d10
[ 1885.831376][ T3908]  should_fail_ex+0x399/0x4d0
[ 1885.836118][ T3908]  _copy_from_user+0x2c/0x170
[ 1885.840862][ T3908]  bpf_prog_test_run_flow_dissector+0x27d/0x640
[ 1885.847192][ T3908]  ? xdp_convert_buff_to_md+0x200/0x200
[ 1885.852808][ T3908]  ? __fget_files+0x28/0x4b0
[ 1885.857468][ T3908]  ? __fget_files+0x28/0x4b0
[ 1885.862133][ T3908]  ? __fget_files+0x43d/0x4b0
[ 1885.866908][ T3908]  ? xdp_convert_buff_to_md+0x200/0x200
[ 1885.872619][ T3908]  bpf_prog_test_run+0x31e/0x390
[ 1885.877631][ T3908]  __sys_bpf+0x62b/0x780
[ 1885.881951][ T3908]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1885.887406][ T3908]  ? lock_chain_count+0x20/0x20
[ 1885.892412][ T3908]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1885.898470][ T3908]  __x64_sys_bpf+0x78/0x90
[ 1885.902956][ T3908]  do_syscall_64+0x4c/0xa0
[ 1885.907435][ T3908]  ? clear_bhb_loop+0x60/0xb0
[ 1885.912176][ T3908]  ? clear_bhb_loop+0x60/0xb0
[ 1885.916919][ T3908]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1885.922867][ T3908] RIP: 0033:0x7fa9f919ce59
[ 1885.927333][ T3908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1885.947001][ T3908] RSP: 002b:00007fa9f9fdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1885.955656][ T3908] RAX: ffffffffffffffda RBX: 00007fa9f9415fa0 RCX: 00007fa9f919ce59
[ 1885.963700][ T3908] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[ 1885.971740][ T3908] RBP: 00007fa9f9fdd090 R08: 0000000000000000 R09: 0000000000000000
[ 1885.979777][ T3908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1885.987822][ T3908] R13: 00007fa9f9416038 R14: 00007fa9f9415fa0 R15: 00007ffc294f85a8
[ 1885.995892][ T3908]  </TASK>
[ 1886.289254][ T3920] netlink: 14 bytes leftover after parsing attributes in process `syz.3.10676'.
[ 1886.306191][ T3920] openvswitch: netlink: Flow key attr not present in new flow.
[ 1886.540640][ T3914] delete_channel: no stack
[ 1887.107315][ T3946] netlink: 14 bytes leftover after parsing attributes in process `syz.4.10687'.
[ 1887.145340][ T3946] openvswitch: netlink: Flow key attr not present in new flow.
[ 1888.678508][T14981] device hsr_slave_0 left promiscuous mode
[ 1888.717071][T14981] device hsr_slave_1 left promiscuous mode
[ 1888.795972][T14981] bridge0: port 3(hsr0) entered disabled state
[ 1888.848077][T14981] device bridge_slave_1 left promiscuous mode
[ 1888.889160][T14981] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1888.975957][T14981] device bridge_slave_0 left promiscuous mode
[ 1888.989349][T14981] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1889.081827][T14981] device veth1_macvtap left promiscuous mode
[ 1889.088631][T14981] device veth0_macvtap left promiscuous mode
[ 1889.095181][T14981] device veth1_vlan left promiscuous mode
[ 1889.101230][T14981] device veth0_vlan left promiscuous mode
[ 1889.393694][ T3982] netlink: 14 bytes leftover after parsing attributes in process `syz.0.10698'.
[ 1889.431290][ T3982] openvswitch: netlink: Flow key attr not present in new flow.
[ 1891.083543][T14981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1891.092716][T22025] Bluetooth: hci2: command 0x0406 tx timeout
[ 1891.168564][T14981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1891.663892][T14981] bond0 (unregistering): Released all slaves
[ 1891.792275][ T3979] netlink: 'syz.2.10695': attribute type 10 has an invalid length.
[ 1892.504298][ T4019] device syzkaller0 entered promiscuous mode
[ 1896.404199][ T4045] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1896.411740][ T4045] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1896.570146][ T4052] device syzkaller0 entered promiscuous mode
[ 1902.079604][ T4130] device syzkaller0 entered promiscuous mode
[ 1910.539007][ T4178] device syzkaller0 entered promiscuous mode
[ 1914.617642][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.624386][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.037931][ T4227] device syzkaller0 entered promiscuous mode
[ 1919.277122][ T4247] device macsec0 entered promiscuous mode
[ 1920.230753][T12672] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1920.240640][T12672] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1920.249264][T12672] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1920.271225][T31146] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1920.290523][T31146] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1920.304265][T31146] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1921.526382][ T4250] chnl_net:caif_netlink_parms(): no params data found
[ 1922.202056][ T4250] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1922.211090][ T4250] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1922.271847][ T4250] device bridge_slave_0 entered promiscuous mode
[ 1922.456161][T31146] Bluetooth: hci5: command 0x0409 tx timeout
[ 1922.509128][ T4250] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1922.535235][ T4250] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1922.589803][ T4250] device bridge_slave_1 entered promiscuous mode
[ 1923.031579][ T4250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1923.287133][ T4250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1924.021458][ T4250] team0: Port device team_slave_0 added
[ 1924.137045][ T4250] team0: Port device team_slave_1 added
[ 1924.177810][ T4250] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1924.190339][ T4250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1924.217176][ T4250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1924.231830][ T4250] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1924.239009][ T4250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1924.267294][ T4250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1924.315885][ T4250] device hsr_slave_0 entered promiscuous mode
[ 1924.322820][ T4250] device hsr_slave_1 entered promiscuous mode
[ 1924.523877][T31146] Bluetooth: hci5: command 0x041b tx timeout
[ 1924.533716][ T4250] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1924.548829][ T4250] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1924.561240][ T4250] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1924.572160][ T4250] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1924.672189][ T4250] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1924.689821][  T807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1924.705658][  T807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1924.723031][ T4250] 8021q: adding VLAN 0 to HW filter on device team0
[ 1924.745089][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1924.761233][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1924.770802][T24037] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1924.778189][T24037] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1924.812359][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1924.822668][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1924.838611][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1924.860127][T24037] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1924.867359][T24037] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1924.882376][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1924.892318][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1924.923294][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1924.943060][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1924.962788][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1924.981832][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1924.993317][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1925.008652][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1925.020003][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1925.037184][ T4250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1925.048956][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1925.061826][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1925.071180][T24037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1925.458006][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1925.471977][T24027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1925.497197][ T4250] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1926.131024][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1926.147829][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1926.183076][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1926.199465][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1926.220949][ T4250] device veth0_vlan entered promiscuous mode
[ 1926.233318][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1926.251229][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1926.274698][ T4250] device veth1_vlan entered promiscuous mode
[ 1926.318865][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1926.334629][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1926.343075][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1926.359116][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1926.376038][ T4250] device veth0_macvtap entered promiscuous mode
[ 1926.397038][ T4250] device veth1_macvtap entered promiscuous mode
[ 1926.432176][ T4250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1926.442834][ T4250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1926.461661][ T4250] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1926.472756][ T4250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1926.483940][ T4250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1926.494056][ T4250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1926.507896][ T4250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1926.518088][ T4250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1926.528898][ T4250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1926.539428][ T4250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1926.550315][ T4250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1926.568003][ T4250] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1926.579502][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1926.591179][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1926.603710][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1926.604706][T31146] Bluetooth: hci5: command 0x040f tx timeout
[ 1926.619895][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1926.645062][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1926.657040][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1926.674710][ T4250] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1926.683507][ T4250] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1926.711364][ T4250] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1926.743876][ T4250] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1926.911535][ T4163] bond0: (slave syz_tun): Releasing backup interface
[ 1926.935301][T24037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1926.943212][T24037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1926.951220][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1926.984965][T24027] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1926.992952][T24027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1927.003006][T14996] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1929.036656][T31146] Bluetooth: hci5: command 0x0419 tx timeout
[ 1976.046686][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1976.053074][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1986.341127][  T807] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1986.412597][  T807] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1986.474655][  T807] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1986.521498][  T807] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1987.695843][  T807] team0: Port device wlan1 removed
[ 1987.924323][  T807] device hsr_slave_0 left promiscuous mode
[ 1987.930844][  T807] device hsr_slave_1 left promiscuous mode
[ 1987.938414][  T807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1987.946039][  T807] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1987.953864][  T807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1987.961335][  T807] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1987.969142][  T807] device bridge_slave_1 left promiscuous mode
[ 1987.975499][  T807] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1987.984553][  T807] device bridge_slave_0 left promiscuous mode
[ 1987.990845][  T807] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1988.012035][  T807] device veth1_vlan left promiscuous mode
[ 1988.018214][  T807] device veth0_vlan left promiscuous mode
[ 1988.121463][  T807] team0 (unregistering): Port device geneve1 removed
[ 1988.636525][  T807] team0 (unregistering): Port device team_slave_1 removed
[ 1988.686249][  T807] team0 (unregistering): Port device team_slave_0 removed
[ 1988.735327][  T807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1988.786575][  T807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1989.141898][  T807] bond0 (unregistering): Released all slaves
[ 2037.488382][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.494817][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2044.683872][T22025] Bluetooth: hci5: command 0x0406 tx timeout
[ 2098.926834][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.933224][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.369054][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.375459][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2221.806358][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2221.812722][ T1277] ieee802154 phy1 wpan1: encryption failed: -22