last executing test programs:

13.205291373s ago: executing program 0 (id=3892):
r0 = socket$kcm(0x29, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
close(r1)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10, 0x0}, 0x3000c085)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xff0f000020000080)

13.045927553s ago: executing program 0 (id=3893):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000002940)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310000041000000950074000000000031fb0d3a42319fa204399d17d34eefad1057a43d891cfb00"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) (async)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = socket$kcm(0x2, 0x5, 0x84) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3) (async)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$inet(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10, 0x0, 0xffffffffffffff23}, 0x60000c6) (async)
socket$kcm(0x2, 0x5, 0x84)
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0xfff7, 0x3f, 0x81, 0x1}, {0x2, 0xe0, 0x2, 0x2}]}) (async)
setsockopt$sock_attach_bpf(r1, 0x84, 0x64, &(0x7f0000000000)=r4, 0x10) (async)
setsockopt$sock_attach_bpf(r1, 0x84, 0x1e, &(0x7f0000000000), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async)
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) (async)
recvmsg$unix(r5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}, @rights={{0x10}}], 0xa0}, 0x0) (async)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r10, 0x0, 0xb, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x4010, r0}, 0x18)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r11, 0x0, &(0x7f0000000140)=""/222, 0x4}, 0x20) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x1, 0x6, 0xc900, 0x2a008, r9, 0x9, '\x00', 0x0, r7, 0x1, 0x1, 0x2, 0x0, @value=r8}, 0x50) (async)
socket$kcm(0x29, 0x2, 0x0)

12.854257724s ago: executing program 0 (id=3895):
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x104007, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
close(0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="1c000000190081054e81f782db4cb9040220080000000000000000070a000a", 0x1f}], 0x1}, 0x14)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000611d6800000000009500fb8589330000a558b161b33e4047865a160cddffb15c06105105e459b05b82da4ffeb855e4fb0b6e70a9dc09a59d6d3338"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x80)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x4008b100, 0x0)

12.458867927s ago: executing program 0 (id=3897):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xc}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="5c00000012006b9c9e3fe3d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c2151fef08d8cdbf9367b4fad1f60a64c9f408000300060100000400000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_clone(0x4001000, 0x0, 0x408, &(0x7f0000000140), 0x0, 0x0)

11.632915315s ago: executing program 0 (id=3902):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3d, 0x0, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x40)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f50"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8927, &(0x7f0000000080))

10.938805795s ago: executing program 0 (id=3909):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x2, 0x0, 0x8, 0x0, 0xb47, 0xc952, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0x1}, 0x102040, 0x7, 0x80000, 0x1, 0xa, 0x8000, 0x3, 0x0, 0x80000000}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x6)
recvmsg$unix(r0, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x88)
setsockopt$sock_attach_bpf(r3, 0x1, 0x41, &(0x7f0000000040)=r2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000580)={&(0x7f00000001c0)=@in6={0xa, 0x4e21, 0x4, @mcast2, 0xd}, 0x80, 0x0, 0x0, 0x0, 0x3f}, 0x4000080)

3.79556034s ago: executing program 2 (id=3945):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
sendmsg(r1, &(0x7f00000002c0)={&(0x7f0000000180)=@hci={0x1f, 0x3, 0x4}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="27c78bf8de77", 0x6}], 0x1, &(0x7f0000000580)=[{0x80, 0x10b, 0x81, "270f30879a6b99efb7b8936968060aeed76905b63553a3e23b741c4a90df9c1ee6008bad93f51e927ec5d1023972a96041c931468f22e393b80337936f7c7c4735984a95453f8fe45d99e4411d828c1161661997ae8e0792c84140cc8de579339693ffe1a262dde55d5fda9fc00db3"}, {0x78, 0x6, 0x8, "58442239b290bbef37c4606f490e14151fe2710be5ea0cddd656b684d3b2e11d0f2be6ab1f5b95264bd4eda7f2c75ef320222c671a6430fe1574f1a2b5b8042a0c4ff4eb2bcb67ee3370536cc00b5200447994e68acc42fe051984f49f2284e8d614cb"}, {0x88, 0x29, 0x84ab, "a63ce4759efa3d9500ecc208de0de315ba611e91495138d1a30aa9dbe8fa838319fc67acee9622eba22d8996c0b032c122d55618fc9482a0180bb62326fbecc8d5d99b2739eb9ee4e775afe1651a42a67a7eb4749472e5cc7af3a6bc5c44fef602d5c7ce50ce0430b05556165c6c760d1d21037ba1"}, {0xf0, 0x109, 0x5, "bbeadb73a1cac2790c7ccfbadd11e94476c1aaa8dc2a6ee8507579aba307ead62a0ad8ebe68041a4d1c3a98550e9354f8847ee1c2fc55bbce3c3d896c763dc18d3f6962162fd73b6798585ab0402bac0d2a902f3a9a22ddb2bc0316d257952b33ee85ebaed2dc4c79d5464cdfb55974c8740c746ec3c868c871989777e2e98c6beb8d9fe76de2b01486239dabadc464b52512a22bef79eb156d0e083772a9df8906193dcf577401b0324c71d0a74704c195bb0bb552ae5da97413d0fb94b1b020eb0fac361f6d3d9936f8832590a739d843aa7c212c651d32e88"}, {0xd8, 0x18c, 0x2, "f61471986210e2113e78de35b74bc1f00614250a7785270d6a79c94fe7a7a30979ced6f6067bbb10bfb1c205ba10c5d96f8fae1579fa1c513c6b381996059c8e36bff20dbd7954672eb5daee6608e8143447ce34ca6571a84127c1d67b72669e592c1d589f837c9a969406b55b28e889e9601a9b72690fa66ac731606751b6488bddabf86122104aa81cfb8cfdc4aedc106ab62ff84cad30f8195ce33e9e5c295f4ba7f1a563f95a0c0476d536092ba118cf676e7fb84586eff6b4254772953b7b55a948844cbe"}, {0xc8, 0x101, 0x100, "c5ad423a879828eaf31c36dc313d34f217d91fb068fff6c0822b4b16713a73e944c01e1c600d04e7d41a4b872dcd7d4a7aabece053fd8bdde7f9600d52c27a988b94c9bdd0a76063806240e181a139d548dfcd9e24a2ec19e15a9dcbc9056596accfa1a2f4fb5e96aa7a69f12af3b23629942d6eb1c42237b20d3dc2f8d235b6f4e38448a43533e58a44bc1f4581ab54ec55cee013088b583325e109f90033e808331324475c10a083851605f9732ed6db451b4539"}, {0x78, 0x0, 0x1000, "07b5d04c09908c4dedbf358215981160f3fe1e157b728cb5fd20bbd465c005781e9e88c6c5f7cdc27efb5ae20e2e5cd9a210707262e7b3ca217457b5980e8e2f9492a63e3aeb6d2402c8f1258cddc0a9fcf58cf42f760e24af047d94b50aca04f3"}, {0x98, 0x102, 0xc6, "c63a6fe2dd14ffbe5ab7b49dc3b2cbc60dac0d88e15793198e01ae176a81c30e93f43b501fe7b582f8a5bd72fa2d9da3478642a32e94f87b80886a8df6d53da2e9d05492b46845cf8c1e29ca2a8b5fb4fb03789ddac0be0711eee47705b80d44cd1905c696871d13699dd606ad2659a7b6cb717ddb4b8cd1da3fdac8eb82c8d729ef83ee23e4"}, {0x60, 0x6, 0x6, "d5626d82a54d6cafac76a02b7d246fc42f24b33846663b53c81e9749dfe094be638fbebd994d8b78922272bfed23d0be2104605b8bd478da24426bf78e767514798019ccafe52b88c50efd24eb3928f5"}], 0x580}, 0x4000)

3.742271813s ago: executing program 4 (id=3946):
bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[], 0x48)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0xc, &(0x7f00000002c0)=r1, 0x4)

3.409775372s ago: executing program 4 (id=3949):
write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140)='THAWED\x00', 0x7)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000005c0)=r0, 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1, 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000280)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x1, 0x12)
r7 = socket$kcm(0x21, 0x2, 0xa)
setsockopt$sock_attach_bpf(r7, 0x110, 0x2, &(0x7f0000000140), 0x16)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x1}, 0x0, 0x0, 0x6, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup/syz1\x00', 0x1ff)
r8 = socket$kcm(0x10, 0x3, 0x10)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r9, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '})
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x703, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000010000b0fd25a806c8c6f94f90a24fc60", 0x33fe0}], 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$TUNGETVNETHDRSZ(r6, 0x800454d7, &(0x7f0000000400))
r10 = socket$kcm(0xa, 0x5, 0x0)
write$cgroup_subtree(r10, 0x0, 0x4a)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067070000200000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfadfe6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400ef0bd697d135324ce480c2960344de346bd511dea4ff7a07400b2d12dd1a8c4c300aee5f948777085ca142b79dfc3aca5fadaa0532ab0572169f68584ff2ee063bc7e75ecd5cc8973464629ba236e3ff97f6033d0800000000000000cef54a60aff12590a50ef147e3e640193d00263003a4ef412420a070dd0327e47c8c7abb77b4b53874788d7e2e5d554de4713db957afb56d4673f1b904c5a317d3670003000000183fb7d36e173044f4ab34"], &(0x7f0000000100)='GPL\x00'}, 0x48)

3.085596941s ago: executing program 3 (id=3951):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2020, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000004b70400000000000085000016030000009500000000e300001c3ab6117962dca36dfdb6230512a301b759f5182d8eb4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = gettid()
r2 = socket$kcm(0x10, 0x2, 0x4)
r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x59, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0xe, r3, 0x0)
close(r2)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800250007000200060019000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000200)=""/166}, 0x20)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x81, 0x6a10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001bc0), 0xc}, 0x40, 0x8, 0x0, 0x0, 0x0, 0xffff0000, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f1, 0x0)
syz_clone(0x8004000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1)

2.636604397s ago: executing program 2 (id=3952):
perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
socket$kcm(0x2, 0x1000000000000002, 0x0)
socket$kcm(0x21, 0x2, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b04, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="85000006c8"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x8}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000af300000400000002000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))

2.496687585s ago: executing program 2 (id=3953):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2020, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
close(0xffffffffffffffff)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000004b70400000000000085000016030000009500000000e300001c3ab6117962dca36dfdb6230512a301b759f5182d8eb4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRES32=r2], 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = gettid()
r4 = socket$kcm(0x10, 0x2, 0x4)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000002c0)='u%\xb9)[\x00')
r5 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r7, 0x1, 0x48, &(0x7f00000000c0)=r6, 0x18)
perf_event_open(&(0x7f0000000180)={0x1, 0x59, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r3, 0xe, r5, 0x0)
close(r4)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800250007000200060019000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000200)=""/166}, 0x20)
socketpair(0x11, 0x2, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
gettid()
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)

1.73448538s ago: executing program 4 (id=3954):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803003a000b12d25a80648c2594f90424fc60100c034002bc0100feff000037153e370248078000f01700d1bd", 0x2e}], 0x1}, 0x2404c000)

1.712177941s ago: executing program 3 (id=3955):
r0 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0xfd, 0x0, 0xffffffffffffffff, 0x8000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf50a43945a8ef38c}, 0x408, 0x800000000000ca, 0x0, 0x9, 0xfffffffffffffffc}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r0, 0x0)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="85000006c8"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, r3}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2}, 0x48)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000200)=ANY=[@ANYRES8=r2, @ANYRES8=r4], 0x12)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000080)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000000)=[{&(0x7f0000000180)="053989f4494fb1e4f92eb95911d3405de9057b7ee71e8016610ff45048c20ed9e916b5fe2800a118717f950aa7e0e6a404fb70189b6d49cf8b35cb61dc30b93375dbf15db201c2caac89d415b7804231628d79c4050d0184b1848297a1ea57eaca9017e933", 0x65}], 0x1, 0x0, 0x0, 0x4411}, 0x4040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x14, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r6)

1.665965974s ago: executing program 1 (id=3956):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xe, 0x4, 0x8, 0x4f63}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x803e}, 0x0)

1.37775393s ago: executing program 4 (id=3957):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x48, 0x7fe2, 0x2}, 0x48)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r1, 0x0, 0x25, 0x0, 0x0)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={0xffffffffffffffff, r0}, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r3, &(0x7f0000000480)={&(0x7f00000002c0)=@in6={0xa, 0x4e23, 0xfffffffc, @loopback={0x2001001000000000}, 0x4}, 0x80, 0x0}, 0x20008810)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r2, 0x0, 0x0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r2, 0x0, 0x59, 0x0, &(0x7f0000000100)="948e551110fb8f04004d9f165b59b12ed7657071bdf610df96cf6a0386a50f3c55a2f5e7532161c094c54fcbe4c0af9dd92fa1881e94a9d57991abb97e8ae253b2fc9cb50887c7c5a9bc81a21b67258b771616f0aaa24925c0", &(0x7f0000000180), 0x2, 0x0, 0x5c, 0x8d, &(0x7f00000001c0)="08783cea1229da1fa966c3129238d1cd7a7f542c78a54b714ee4d03aba5e21ec561696e420d15f6bccd96a708e584e4f0be5f31b55591ce8025c47483d1ef61419d94773a281fcf62d4239f995e563ef8846cb7b6bab72a31001c286", &(0x7f0000000240)="d647821a27e60d2f81db4cddc7e72ba97e8c90801b54a85568487ac1ad921693873c934700d84fd68d85339c39fd7f0d8a1c05ee21eb553a0988f2d1e07e6ee4a7c95a91fed004b3530e061ba2ac64a6d59e742a2a007fbc81105bda7e5bb8c17d49ac1f1bb753eccf5b97a01dd2724af79256726c0d19a73b98b3504d532a22f19bc2d094aaa2e3abb87e5c1f", 0x5, 0x0, 0x101}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000006c0)={r0, &(0x7f0000000500), &(0x7f0000000600)=""/155}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001580)={r0, &(0x7f00000014c0), &(0x7f00000010c0)=""/159}, 0x20)

1.37502797s ago: executing program 3 (id=3958):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xa, [@typedef={0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x30]}}, 0x0, 0x2e}, 0x28) (fail_nth: 7)

1.312879164s ago: executing program 2 (id=3959):
socket$kcm(0x21, 0x2, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x7400}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0xe, 0x0, &(0x7f0000000380)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

1.309217694s ago: executing program 1 (id=3960):
socket$kcm(0x21, 0x2, 0x2)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000b800"/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030041dc0000008500000005000000bf0900000000000056090100000000002700000000000000180100002020782500000000002020207b1af8ff00000000bda100000000000037010000f8ffffffb702000008000000b70300000000000025000000200000009c2300d3b6000000b503000000001f6a8500000076000000b70000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001800)=ANY=[@ANYBLOB="0800000004001fe65fb9e18115d4e3d90b069c520000040000eb090000000000000099f81304a246dd01302aaed8ff2003d7c1d89d7e497df8dafd601cb5288d2f3aa9de8e387676421bae24afa2bab1a26b4c582bb8e4c9de27098636fd7883bbbd393d5c643230db8103a67eaf50a8baaf55eceba23ad029a08b96ac902f8dbd3971c9059aeb0e9ab133e240cedb689db6a4a9dd3512179b6d2e8b4c17d4c9682bd6", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r1 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r1, 0x110, 0x4, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000400000003000000000000000b010000"], 0xffffffffffffffff, 0x3e, 0x0, 0x2}, 0x28)

1.122330295s ago: executing program 3 (id=3961):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000005000000030000000000001103000000000000000000000000000004000300000000000001000004001e0000000000000200"], 0x0, 0x51}, 0x28)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x25, &(0x7f00000002c0)=r1, 0x8)

1.093883157s ago: executing program 4 (id=3962):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000792cbd43c9564b51d463a70b1430df0000000000000000000000000061"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24}, 0x94) (async, rerun: 64)
r0 = socket$kcm(0x10, 0x2, 0x0) (rerun: 64)
sendmsg$kcm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000001c0)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a19c9d8714060014000000001208000a0043000040a80012001200014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d765dd11683296b7947968c7c0b7a196e6f661", 0x6e}, {&(0x7f0000000140)="aa581ff83dac4a519b67538bfa897e210c31e1446808358248cf2d795634b12c4ce81c3876aff89235b78ea0e5c5badfa122797d62c09ada7441b4f31cd5e6fc4b2a325fb5e811fead55530751e6f4bc4b40d94743ed5bd8ec1fff7b0abcc6eaabeb7a2f5f985467a8db", 0x6a}], 0x2}, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)='%+9llu \x00'}, 0x20)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={&(0x7f0000000080), &(0x7f0000000200)=""/146, &(0x7f00000000c0)="c6c8ccb3e7a39515408111b8616dc297a459096a002ee89fcf74557c4f1f0488858464f66e0f8316bcea0728087477a327072b7acdefe1d35e2af72fed190e2efb4ebdaddec33d2ba7ab57a89fa7", &(0x7f00000002c0)="bb3aa3861214784d66635e26e7f06b8b681e1acd7c192788f04cddad7be167ea39c0a05bcf0a43dc31dbfe50583d8f1dcd1c166bc39d672d8c8ae7c49917b3cde792b8db17ade340477ff11f98062723456fbf1fa92e3e5fee96bbcf4632dfb147bba4bc82a93673e69963ec873c3aa68217ec705aa7d5c1191da1786cd29de12c18a8f0d5b7244c6261a8d4c367d85a683ba505bf3e9c34b0ae3f72122c88963510bc6f5c9a9793230bb36a4ca0b99005ccb0b0185677f061f5aa8956da43859a76b9074c3b432892b4b40d1866cd9260626fb9629ebe8085cc6854fa076f5a23c479bd", 0x7, r1}, 0x38)

994.297042ms ago: executing program 1 (id=3963):
perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
socket$kcm(0x2, 0x1000000000000002, 0x0)
socket$kcm(0x21, 0x2, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b04, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="85000006c8"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x8}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000af300000400000002000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))

930.297436ms ago: executing program 2 (id=3964):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}, 0x0)
sendmsg(r1, &(0x7f00000002c0)={&(0x7f0000000180)=@hci={0x1f, 0x3, 0x4}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="27c78bf8de77", 0x6}], 0x1, &(0x7f0000000580)=[{0x80, 0x10b, 0x81, "270f30879a6b99efb7b8936968060aeed76905b63553a3e23b741c4a90df9c1ee6008bad93f51e927ec5d1023972a96041c931468f22e393b80337936f7c7c4735984a95453f8fe45d99e4411d828c1161661997ae8e0792c84140cc8de579339693ffe1a262dde55d5fda9fc00db3"}, {0x78, 0x6, 0x8, "58442239b290bbef37c4606f490e14151fe2710be5ea0cddd656b684d3b2e11d0f2be6ab1f5b95264bd4eda7f2c75ef320222c671a6430fe1574f1a2b5b8042a0c4ff4eb2bcb67ee3370536cc00b5200447994e68acc42fe051984f49f2284e8d614cb"}, {0x88, 0x29, 0x84ab, "a63ce4759efa3d9500ecc208de0de315ba611e91495138d1a30aa9dbe8fa838319fc67acee9622eba22d8996c0b032c122d55618fc9482a0180bb62326fbecc8d5d99b2739eb9ee4e775afe1651a42a67a7eb4749472e5cc7af3a6bc5c44fef602d5c7ce50ce0430b05556165c6c760d1d21037ba1"}, {0xf0, 0x109, 0x5, "bbeadb73a1cac2790c7ccfbadd11e94476c1aaa8dc2a6ee8507579aba307ead62a0ad8ebe68041a4d1c3a98550e9354f8847ee1c2fc55bbce3c3d896c763dc18d3f6962162fd73b6798585ab0402bac0d2a902f3a9a22ddb2bc0316d257952b33ee85ebaed2dc4c79d5464cdfb55974c8740c746ec3c868c871989777e2e98c6beb8d9fe76de2b01486239dabadc464b52512a22bef79eb156d0e083772a9df8906193dcf577401b0324c71d0a74704c195bb0bb552ae5da97413d0fb94b1b020eb0fac361f6d3d9936f8832590a739d843aa7c212c651d32e88"}, {0xd8, 0x18c, 0x2, "f61471986210e2113e78de35b74bc1f00614250a7785270d6a79c94fe7a7a30979ced6f6067bbb10bfb1c205ba10c5d96f8fae1579fa1c513c6b381996059c8e36bff20dbd7954672eb5daee6608e8143447ce34ca6571a84127c1d67b72669e592c1d589f837c9a969406b55b28e889e9601a9b72690fa66ac731606751b6488bddabf86122104aa81cfb8cfdc4aedc106ab62ff84cad30f8195ce33e9e5c295f4ba7f1a563f95a0c0476d536092ba118cf676e7fb84586eff6b4254772953b7b55a948844cbe"}, {0xc8, 0x101, 0x100, "c5ad423a879828eaf31c36dc313d34f217d91fb068fff6c0822b4b16713a73e944c01e1c600d04e7d41a4b872dcd7d4a7aabece053fd8bdde7f9600d52c27a988b94c9bdd0a76063806240e181a139d548dfcd9e24a2ec19e15a9dcbc9056596accfa1a2f4fb5e96aa7a69f12af3b23629942d6eb1c42237b20d3dc2f8d235b6f4e38448a43533e58a44bc1f4581ab54ec55cee013088b583325e109f90033e808331324475c10a083851605f9732ed6db451b4539"}, {0x78, 0x0, 0x1000, "07b5d04c09908c4dedbf358215981160f3fe1e157b728cb5fd20bbd465c005781e9e88c6c5f7cdc27efb5ae20e2e5cd9a210707262e7b3ca217457b5980e8e2f9492a63e3aeb6d2402c8f1258cddc0a9fcf58cf42f760e24af047d94b50aca04f3"}, {0x98, 0x102, 0xc6, "c63a6fe2dd14ffbe5ab7b49dc3b2cbc60dac0d88e15793198e01ae176a81c30e93f43b501fe7b582f8a5bd72fa2d9da3478642a32e94f87b80886a8df6d53da2e9d05492b46845cf8c1e29ca2a8b5fb4fb03789ddac0be0711eee47705b80d44cd1905c696871d13699dd606ad2659a7b6cb717ddb4b8cd1da3fdac8eb82c8d729ef83ee23e4"}, {0x60, 0x6, 0x6, "d5626d82a54d6cafac76a02b7d246fc42f24b33846663b53c81e9749dfe094be638fbebd994d8b78922272bfed23d0be2104605b8bd478da24426bf78e767514798019ccafe52b88c50efd24eb3928f5"}], 0x580}, 0x4000)

850.666971ms ago: executing program 3 (id=3965):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/254, 0xfe}, {&(0x7f0000000d00)=""/214, 0xd6}, {&(0x7f0000003100)=""/4059, 0xfdb}, {&(0x7f0000000380)=""/206, 0xce}, {&(0x7f0000000f00)=""/188, 0xbc}, {&(0x7f0000000240)=""/238, 0xee}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f0000000480)=""/222, 0xde}, {&(0x7f0000000940)=""/167, 0xa7}, {&(0x7f0000000700)=""/108, 0x6c}], 0xa}, 0x40012100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffc3}, 0x120)

762.143066ms ago: executing program 1 (id=3966):
socket$kcm(0x21, 0x2, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x7400}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0xe, 0x0, &(0x7f0000000380)="e460334470b8d480eb00c1520800", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (fail_nth: 9)

693.8879ms ago: executing program 4 (id=3967):
r0 = perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0x6, 0xa, 0x40, 0x7, 0x0, 0x2, 0xd000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x4986, 0xfc, 0x4, 0x9, 0x81, 0x7, 0x5, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x80260, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, r0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xa, 0x0, 0x0, 0xa, 0x0, 0x5, 0x44, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x80, 0xa7, 0x2, 0x5, 0xa5, 0x9b9b, 0x7000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {}, {0x0, 0x4, 0x10006}]}, 0x90)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002f000b12d25a80648c2594f90124fc60100c034002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000300eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0xec, 0x7, 0x40, 0x8, 0x0, 0x0, 0xd000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x2, @perf_config_ext={0x8d24, 0x1}, 0x986, 0xfc, 0x4, 0x0, 0x81, 0x9, 0x81, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00f500"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair(0xa, 0x80000, 0x0, &(0x7f0000000740))
r5 = openat$cgroup_int(r4, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000380)=ANY=[@ANYBLOB='N-'], 0x31)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x1c, &(0x7f0000000e80)=ANY=[@ANYBLOB="180800002d000000000000008100008018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf9700000000000007080000fffdffffbfa400000000000007040000f0ffffff740200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000007f00000000b7050000080000004608f0ff760000007d98000000000000560800000056329fff8bace30d874f86bd7d86840000008500000005000000b7000200000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000080))
sendmsg$unix(r6, &(0x7f0000000c00)={&(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000dc0)=[{&(0x7f0000000600)="4cbae868b75df337c4808d4fb9ff9c5bfc3b20a929a7549eae763f73d88fa60a0ae616446e01d8ed1b6af6628ede24c4c78ead18239b6572380eb624e530aba41211979cd1b7f00becdfb1eb58477c3c17c92b5978298a41806faa3adb947626ff5ba1dd9cad6be453cee2cdd5b2139adc7fb4bd875101b5b0c5e5fc934afa460d1a92c83181bf0bff6cda6de76d271b0c9edd2a2a9b7728224b16f9ceef94e01f85975902ad9cb73986633e4c0b4404c2b803ec13ee40339ae71edeaaf6d511b92f304d38a38d13a25d030a365728", 0xcf}, {&(0x7f0000000700)="3cced3cc967d4e8c402e319abf535278979a78db9e3041e2c7955ea6ab3d205b715f58088db471bcb8921f9b15e1a052d9d381d81ce5539cfb1c046202611e080880cce878cc2c2a5ad95d68adaf53c8e1aebf42e9cd8191266f8ecbc2c63bf01cd7181ae5aa303af5fb3230f224b2af4a9861024e89c2660f3ab93f6548e31b273f7b173388d57a12db0ce7d67c8ebc0c710a6f0848ae4768b7a34ae8803733f94424153510dc6ebd4114e5e37b769477ddf8ae7912c751326c274af6b58f37eca940d5d8ac0d939257", 0xca}, {&(0x7f0000000800)="02058e00521104f5dc659919c1cd39010f99ed34424f001d1e949a4c41cf9baab88c4a6a9ef58c62e9864c1e6d8e5d774c957317bbfb43691d552c97a5753c6ecaa899744fbd93aa2568f52f959dbd7f1eb054fa2a185a070219828c3894514894dd929eb5b04403a8f01002e74518bf8904c3472add204899564cb64697fde8f43c0436fbc6afe194ca597550310489976bf3409848e8c0d812ed0db8ae3804da54606aa38194cd12f23aedd153cc415d21a276d6005736a1286a2bd965160eb203cb84df9d6f4ff70863caccdba842d3b7af6535185f0eb7bfedbb41474a54f3674d776845fc02507ad3d14b2039a9aa", 0xf1}, {&(0x7f0000000400)="9a795e21b1207d76179cd3ee08c627d4bd6031e1c48cbf7eeb9e40ec09cb31e7797b9b46754c0fd4f555435f016b3bcbd0efbbe470ec766822f3e23587374008f2f0f74112af6c48b1b889a38466273c493dbb4f688a30997e129d577b6886c49eeb35bccd707feffe85329e9fa448aefdd8b51241887cc1d943d8550a4ce17fb1a4f0789d900eefadde1b2979b8341080ce6b34eaf75957ec9dc0ab93bf78d20ac75c2c2f200a88a7eaf157db", 0xad}, {&(0x7f0000000b40)="b974e61802bad9826b5f59752536c5bfc3ac0e483fcfaacd0c6c69ade1affb76f8ae1d3c8a3d24872f3b68782dba0b4b51c8153b7b22623c28348957969b995d2478022c8f48e65d490c091190e3832590832aa6338a70cf037b125d5c5953bc0f9dc8e8e41830b83057021bd124ee6650d594b9b63f9e9a8bd274bd7ac5d7a2f2e984e4f5bdb4c7773f3ec497", 0x8d}, {&(0x7f00000009c0)="efe525cbc1dfaab87d07d65eac1bae1e01a169090964e2d870fcae3f33bb53d07d1e15685cfc1d885d2e049fffff69d8d5a3e01221678a40bc37861f378c3b160addd88bfefdf6d4a6dcd5bd9174ee90e155b780743e06daffeaaf7c7efa5567bfedcff00bc337898a168efecd280c8a542d33c7909e728195254fa025656a1008300ac568b71992b606db9c5b94d34332e3ccd856df1413f9b3bfd5c42ebc12f2478fa084a4fe87d25791763f5e4bda7589", 0xb2}, {&(0x7f0000000540)="7baeed2ee008dfd82030c517", 0xc}, {&(0x7f0000000a80)="12242cf3b2a4f6265319f6b793d7f36a1e2d235cb432f1061100aaaa05d498b36e2cbd20c38adc31a50c39da3e7c569e0b8211e465f04d27a624513d996d774123cfbc707ffed02abc66d369104f44091d4666b41f9ca9ce04bf248bc21a0a6b7633154874292a0dbb51f73ba4e378f60fc294312be5accdc5ece8754595b0f5d8b6b18168d0c849975fc31b2a87dbfa7543", 0x92}, {&(0x7f00000000c0)="5a901131ae00", 0x6}, {&(0x7f0000000940)="7b08279e1a0e6b8ff1e35471ea565e313b7f96ff9788ad7258a97b", 0x1b}], 0xa, 0x0, 0x0, 0x4000844}, 0x804)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={0xffffffffffffffff, 0xfd, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, &(0x7f0000000300), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0xffff, 0x7, 0xf9, 0x0, 0x2, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f0000000680)="7fcba253ccb33a", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3bf}, 0x50)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000580)=ANY=[@ANYBLOB="8fedcb791f6f9875f37538e486dd6317ce81ea032c00fe08000e40000200875a65969ff57b00ff020000000000000000000000000001"], 0xfdef)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

270.706804ms ago: executing program 1 (id=3968):
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="8f03000000001060007538e486dd630ace2211057300fe80000000000000875a65059ff57b00ff"], 0xcfa4)

49.979258ms ago: executing program 3 (id=3969):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x3d171, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000540), 0xf}, 0x4100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000280)=0x5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
socket$kcm(0xa, 0x5, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x6, 0x24, &(0x7f0000000200), 0x4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000017c0)={0x4, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5d35, 0x12581, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000340), 0x1}, 0x0, 0x0, 0xfffffffe, 0x7, 0xc6, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'macsec0\x00', @local})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f00000001c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000000)=""/30, 0x1e}, {&(0x7f0000000380)=""/67, 0x43}, {&(0x7f0000002240)=""/4096, 0x1000}, {&(0x7f0000000400)=""/126, 0x7e}, {0x0}], 0x6, &(0x7f00000005c0)=""/57, 0x39}, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1200000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="feffffff000000000000000000000000000000000000000000000000c570a3f3d01bdddda77e7ff058758fb1b79f8e2eb3f948c40f56a9ec6509aabac966d019528be12b4c132d904b494faa"], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x1, 0x99, &(0x7f0000000240)=""/153}, 0x94)
r3 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r3, 0x84, 0x49, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000008000000e27f00000100000041000000", @ANYRES32, @ANYBLOB], 0x48)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

534.1µs ago: executing program 1 (id=3970):
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xc}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
close(r2)
close(r1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
syz_clone(0x2864000, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=3971):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, &(0x7f0000000000)=[{0x0, 0x34000}], 0x1}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff})
r4 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x40200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x3, 0x4, 0x4, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x2}, {0x0, 0x1}]}]}, {0x0, [0x61, 0x2e, 0xe]}}, &(0x7f0000000340)=""/149, 0x39, 0x95, 0x1}, 0x28)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x5, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18080000000000000000000000000000180400002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000009000000850000000600000095"], &(0x7f0000000c80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
close(0x3)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
close(r6)
recvmsg(r3, &(0x7f0000000580)={&(0x7f00000002c0)=@nfc_llcp, 0x80, &(0x7f0000000540)=[{&(0x7f0000000440)=""/70, 0x46}, {&(0x7f00000004c0)=""/94, 0x5e}], 0x2}, 0x0)
socketpair(0x1, 0x801, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x5452, 0x0)
write$cgroup_type(r6, &(0x7f0000000080), 0x11ffffce1)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x8, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
close(r0)
r7 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$inet(r7, &(0x7f0000001600)={&(0x7f0000001340)={0x2, 0x2, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x20}, 0x8000)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={0x1, &(0x7f0000000040)="1f6535c446debe478cc6ea545c4ff465a3db159d5464900e8bb3f7812e5c2975a7ec764b6f22b87fd5535c84d04d91a4bd6e21fc77fa8fcf137f8d2847e365e0a874f202654f531ec57097aeddfd3b1f4d7559c7d1876d2b01c365ac37a024dc440804b13d6f1143c1c274ab7f867b143dc34b8ed134f5589de0cc8c0cd2b6d721ea0b7cb16d084977377af4825e862a7bf4cd2f3963"}, 0x20)
close(r7)

kernel console output (not intermixed with test programs):

NGE): hsr_slave_1: link becomes ready
[  722.498788][T13872] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  722.520881][T14083] netlink: 'syz.3.3034': attribute type 2 has an invalid length.
[  722.536727][T14083] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3034'.
[  722.895933][T14103] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3039'.
[  723.094368][T14103] batadv_slave_1: mtu less than device minimum
[  723.800945][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  723.819156][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  723.915452][T13872] 8021q: adding VLAN 0 to HW filter on device batadv0
[  724.287782][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  724.319326][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  724.615721][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  724.667783][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  724.765427][T13872] device veth0_vlan entered promiscuous mode
[  724.773550][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  724.783673][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  724.860541][T13872] device veth1_vlan entered promiscuous mode
[  724.896678][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  724.905925][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  724.988535][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  725.013965][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  725.092535][T13872] device veth0_macvtap entered promiscuous mode
[  725.107969][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  725.224724][T13872] device veth1_macvtap entered promiscuous mode
[  725.259071][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  725.327541][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.397645][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  725.409877][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.431656][T13872] batman_adv: batadv0: Interface activated: batadv_slave_0
[  725.460761][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  725.484600][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  725.517405][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  725.552703][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.574215][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  725.627333][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.658635][T13872] batman_adv: batadv0: Interface activated: batadv_slave_1
[  725.678972][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  725.695234][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  725.734663][T13872] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  725.748773][T13872] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  725.775645][T13872] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  725.795519][T13872] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  726.334910][ T4678] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.355612][ T4678] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  726.385708][ T4651] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  726.426265][T14134] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3052'.
[  726.469340][ T4678] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.549297][ T4678] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  726.595521][T14134] batadv_slave_1: mtu less than device minimum
[  726.656946][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  727.080694][T14149] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3055'.
[  727.187380][T14149] batadv_slave_1: mtu less than device minimum
[  727.713855][T14157] netlink: 'syz.3.3058': attribute type 10 has an invalid length.
[  729.561789][ T4274] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  729.571842][ T4274] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  729.580384][ T4274] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  729.591632][ T4274] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  729.618823][ T4274] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  729.626330][ T4274] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  731.367251][T14182] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3067'.
[  731.408422][T14167] chnl_net:caif_netlink_parms(): no params data found
[  731.474577][T14183] batadv_slave_1: mtu less than device minimum
[  731.537610][T14167] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.550479][T14167] bridge0: port 1(bridge_slave_0) entered disabled state
[  731.559785][T14167] device bridge_slave_0 entered promiscuous mode
[  731.570180][T14167] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.577764][T14167] bridge0: port 2(bridge_slave_1) entered disabled state
[  731.586598][T14167] device bridge_slave_1 entered promiscuous mode
[  731.627916][T14167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  731.641012][T14167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  731.676931][T14167] team0: Port device team_slave_0 added
[  731.684285][ T4282] Bluetooth: hci4: command 0x0409 tx timeout
[  731.695419][T14167] team0: Port device team_slave_1 added
[  731.723259][T14167] batman_adv: batadv0: Adding interface: batadv_slave_0
[  731.730732][T14167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  731.757447][T14167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  731.780952][T14167] batman_adv: batadv0: Adding interface: batadv_slave_1
[  731.788234][T14167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  731.823047][T14167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  732.104729][T14167] device hsr_slave_0 entered promiscuous mode
[  732.126835][T14167] device hsr_slave_1 entered promiscuous mode
[  732.318890][T14193] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3068'.
[  732.524145][T14192] batadv_slave_1: mtu less than device minimum
[  732.777945][T14167] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  733.761379][ T4282] Bluetooth: hci4: command 0x041b tx timeout
[  734.411656][T14167] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.488237][T14202] netlink: 'syz.1.3073': attribute type 10 has an invalid length.
[  734.536544][T14202] team0: Port device macvlan1 added
[  734.668087][T14167] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.874265][T14167] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.909240][T14223] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3078'.
[  735.105565][T14225] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3080'.
[  735.168193][T14225] batadv_slave_1: mtu less than device minimum
[  735.186530][T14167] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  735.198826][T14167] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  735.209805][T14167] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  735.256553][T14167] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  735.376442][T14234] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3082'.
[  735.689061][T14234] batadv_slave_1: mtu less than device minimum
[  735.745838][T14167] 8021q: adding VLAN 0 to HW filter on device bond0
[  735.763213][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  735.840751][ T4282] Bluetooth: hci4: command 0x040f tx timeout
[  735.846410][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  735.920173][T14167] 8021q: adding VLAN 0 to HW filter on device team0
[  735.961840][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  735.978591][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  735.999789][ T4698] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.007176][ T4698] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.069942][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  736.123039][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  736.166644][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  736.200074][ T4698] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.207317][ T4698] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.272679][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  736.398187][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  736.422281][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  736.466666][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  736.545669][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  736.580412][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  736.618773][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  736.638660][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  736.650836][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  736.716916][T14167] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  736.781974][T14167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  736.826658][T14260] netlink: 'syz.4.3089': attribute type 10 has an invalid length.
[  737.921052][ T4282] Bluetooth: hci4: command 0x0419 tx timeout
[  739.577147][T14260] team0: Port device macvlan1 added
[  739.593515][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  739.628532][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  740.099458][T14276] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3094'.
[  740.134173][T14276] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3094'.
[  740.164474][T14281] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3094'.
[  740.473386][T14285] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3097'.
[  740.504703][T14287] netlink: 'syz.1.3099': attribute type 7 has an invalid length.
[  740.568883][T14285] batadv_slave_1: mtu less than device minimum
[  740.655426][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  740.681014][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  740.740030][T14167] 8021q: adding VLAN 0 to HW filter on device batadv0
[  740.820340][T14287] netlink: 'syz.1.3099': attribute type 10 has an invalid length.
[  740.838415][T14287] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3099'.
[  740.853362][T14287] device bond0 entered promiscuous mode
[  740.863278][T14287] device bond_slave_0 entered promiscuous mode
[  740.874650][T14287] device bond_slave_1 entered promiscuous mode
[  740.909066][T14287] bridge0: port 3(bond0) entered blocking state
[  740.926705][T14287] bridge0: port 3(bond0) entered disabled state
[  741.115733][T14287] bridge0: port 3(bond0) entered blocking state
[  741.123531][T14287] bridge0: port 3(bond0) entered forwarding state
[  741.170023][T14298] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3102'.
[  741.187453][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  741.202781][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  741.274159][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  741.291608][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  741.327687][T14167] device veth0_vlan entered promiscuous mode
[  741.342433][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  741.361998][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  741.384675][T14167] device veth1_vlan entered promiscuous mode
[  741.473602][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  741.487635][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  741.498303][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  741.532528][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  741.585111][T14167] device veth0_macvtap entered promiscuous mode
[  741.631993][T14167] device veth1_macvtap entered promiscuous mode
[  741.662347][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  741.680467][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  741.707760][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  741.720634][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.737256][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  741.749759][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.766649][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  741.778748][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.800695][T14167] batman_adv: batadv0: Interface activated: batadv_slave_0
[  741.808833][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  741.826573][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  741.857492][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.875194][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.886111][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.902881][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.918794][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.936239][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.950741][T14167] batman_adv: batadv0: Interface activated: batadv_slave_1
[  741.967492][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  741.979116][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  741.999268][T14167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  742.014801][T14167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  742.028701][T14167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  742.042352][T14167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  742.402546][ T4690] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  742.446164][ T4690] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  742.526604][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  742.539368][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  742.561403][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  742.598492][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  742.726780][T14315] netlink: 'syz.4.3109': attribute type 16 has an invalid length.
[  742.790277][T14315] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3109'.
[  743.311932][T14325] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3113'.
[  744.201038][ T4274] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  744.209963][ T4274] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  744.218740][ T4274] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  744.243661][ T4274] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  744.252343][ T4274] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  744.264219][ T4274] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  744.735158][T14338] chnl_net:caif_netlink_parms(): no params data found
[  744.919775][T14338] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.927541][T14338] bridge0: port 1(bridge_slave_0) entered disabled state
[  744.993902][T14338] device bridge_slave_0 entered promiscuous mode
[  745.031418][T14338] bridge0: port 2(bridge_slave_1) entered blocking state
[  745.038662][T14338] bridge0: port 2(bridge_slave_1) entered disabled state
[  745.081191][T14338] device bridge_slave_1 entered promiscuous mode
[  745.195222][T14338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  745.205074][T14363] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3124'.
[  745.220352][T14338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  745.277185][T14364] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3125'.
[  745.343446][T14338] team0: Port device team_slave_0 added
[  745.393511][T14338] team0: Port device team_slave_1 added
[  745.533238][T14338] batman_adv: batadv0: Adding interface: batadv_slave_0
[  745.548852][T14338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.668881][T14338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  746.322745][ T4282] Bluetooth: hci1: command 0x0409 tx timeout
[  746.389126][T14338] batman_adv: batadv0: Adding interface: batadv_slave_1
[  746.403567][T14338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  746.488998][T14338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  746.695340][T14338] device hsr_slave_0 entered promiscuous mode
[  747.067654][T14393] FAULT_INJECTION: forcing a failure.
[  747.067654][T14393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.107919][T14393] CPU: 1 PID: 14393 Comm: syz.3.3134 Not tainted syzkaller #0
[  747.115461][T14393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  747.125558][T14393] Call Trace:
[  747.128874][T14393]  <TASK>
[  747.131836][T14393]  dump_stack_lvl+0x188/0x24e
[  747.136571][T14393]  ? show_regs_print_info+0x12/0x12
[  747.141820][T14393]  ? load_image+0x400/0x400
[  747.146381][T14393]  ? __lock_acquire+0x7d10/0x7d10
[  747.151475][T14393]  should_fail_ex+0x399/0x4d0
[  747.156234][T14393]  _copy_from_user+0x2c/0x170
[  747.160978][T14393]  bpf_prog_test_run_skb+0x262/0x12a0
[  747.166405][T14393]  ? lockdep_hardirqs_on+0x94/0x140
[  747.171688][T14393]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  747.177897][T14393]  ? cpu_online+0xa0/0xa0
[  747.182265][T14393]  bpf_prog_test_run+0x31e/0x390
[  747.187261][T14393]  __sys_bpf+0x62b/0x780
[  747.191600][T14393]  ? bpf_link_show_fdinfo+0x380/0x380
[  747.197070][T14393]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  747.203282][T14393]  __x64_sys_bpf+0x78/0x90
[  747.207755][T14393]  do_syscall_64+0x4c/0xa0
[  747.212219][T14393]  ? clear_bhb_loop+0x60/0xb0
[  747.216949][T14393]  ? clear_bhb_loop+0x60/0xb0
[  747.221668][T14393]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  747.227606][T14393] RIP: 0033:0x7f3e28f9aeb9
[  747.232062][T14393] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  747.251716][T14393] RSP: 002b:00007f3e29e7c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  747.260178][T14393] RAX: ffffffffffffffda RBX: 00007f3e29215fa0 RCX: 00007f3e28f9aeb9
[  747.268196][T14393] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a
[  747.276207][T14393] RBP: 00007f3e29e7c090 R08: 0000000000000000 R09: 0000000000000000
[  747.284228][T14393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.292237][T14393] R13: 00007f3e29216038 R14: 00007f3e29215fa0 R15: 00007ffc27c07c38
[  747.300291][T14393]  </TASK>
[  747.317350][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  747.323783][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  747.571994][T14338] device hsr_slave_1 entered promiscuous mode
[  747.587070][T14338] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  747.624562][T14338] Cannot create hsr debugfs directory
[  748.280921][T14338] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.323188][T14413] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3141'.
[  748.400937][T13501] Bluetooth: hci1: command 0x041b tx timeout
[  748.467471][T14338] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.485179][T14418] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3143'.
[  748.662510][T14338] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.807522][T14338] team0: Port device netdevsim0 removed
[  748.843313][T14338] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.895350][T14440] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.3152'.
[  749.905032][T14444] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3153'.
[  749.981503][T14445] netlink: 'syz.4.3154': attribute type 7 has an invalid length.
[  750.288620][T14445] netlink: 'syz.4.3154': attribute type 10 has an invalid length.
[  750.321992][T14445] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3154'.
[  750.334094][T14445] device bond0 entered promiscuous mode
[  750.345398][T14445] device bond_slave_0 entered promiscuous mode
[  750.360677][T14445] device bond_slave_1 entered promiscuous mode
[  750.405103][T14445] bridge0: port 3(bond0) entered blocking state
[  750.426442][T14445] bridge0: port 3(bond0) entered disabled state
[  750.481563][T13501] Bluetooth: hci1: command 0x040f tx timeout
[  750.595922][T14445] bridge0: port 3(bond0) entered blocking state
[  750.604152][T14445] bridge0: port 3(bond0) entered forwarding state
[  750.674987][T14457] netlink: 'syz.1.3158': attribute type 19 has an invalid length.
[  750.705474][T14457] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3158'.
[  751.378718][T14338] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  751.430332][T14338] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  751.479634][T14338] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  751.555842][T14338] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  751.598215][T14465] sctp: [Deprecated]: syz.1.3162 (pid 14465) Use of struct sctp_assoc_value in delayed_ack socket option.
[  751.598215][T14465] Use struct sctp_sack_info instead
[  752.111062][T14338] 8021q: adding VLAN 0 to HW filter on device bond0
[  752.152811][T14338] 8021q: adding VLAN 0 to HW filter on device team0
[  752.195003][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  752.205052][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  752.213773][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  752.223116][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  752.233763][ T4698] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.240945][ T4698] bridge0: port 1(bridge_slave_0) entered forwarding state
[  752.252614][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  752.262059][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  752.271490][ T4698] bridge0: port 2(bridge_slave_1) entered blocking state
[  752.278699][ T4698] bridge0: port 2(bridge_slave_1) entered forwarding state
[  752.293489][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  752.308058][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  752.320496][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  752.342627][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  752.366066][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  752.397830][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  752.412486][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  752.436744][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  752.447808][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  752.463962][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  752.489174][T14338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  752.538298][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  752.561363][T13501] Bluetooth: hci1: command 0x0419 tx timeout
[  752.569063][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  752.703139][T14488] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3167'.
[  753.489714][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  753.505836][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  753.548073][T14338] 8021q: adding VLAN 0 to HW filter on device batadv0
[  753.661057][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  753.677458][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  753.745923][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  753.766725][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  753.795633][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  753.810166][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  753.829894][T14338] device veth0_vlan entered promiscuous mode
[  753.874620][T14338] device veth1_vlan entered promiscuous mode
[  753.945832][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  753.958683][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  753.975620][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  753.988612][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  754.009512][T14338] device veth0_macvtap entered promiscuous mode
[  754.048793][T14338] device veth1_macvtap entered promiscuous mode
[  754.106570][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  754.128251][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.143873][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  754.156262][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.166874][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  754.178241][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.188583][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  754.199584][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.213652][T14338] batman_adv: batadv0: Interface activated: batadv_slave_0
[  754.228130][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  754.237130][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  754.262853][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  754.277666][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  754.292262][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  754.337591][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.348187][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  754.363245][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.374257][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  754.392169][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.402469][T14338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  754.413161][T14338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  754.425148][T14338] batman_adv: batadv0: Interface activated: batadv_slave_1
[  754.435942][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  754.453306][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  754.471552][T14338] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  754.483035][T14338] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  754.494214][T14338] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  754.503410][T14338] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  757.117430][ T4698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  757.127141][T14531] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3179'.
[  757.146396][ T4698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  757.159947][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  757.208879][ T4690] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  757.220445][ T4690] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  757.241818][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  757.269677][T14546] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3182'.
[  757.995064][T14560] netlink: 'syz.0.3188': attribute type 2 has an invalid length.
[  758.181819][T14560] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3188'.
[  759.025223][T14572] netlink: 180 bytes leftover after parsing attributes in process `syz.1.3191'.
[  759.227929][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  759.299192][T14584] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3192'.
[  759.396501][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  759.405925][ T4282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  759.414222][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  759.423112][ T4282] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  759.431024][ T4274] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  759.441911][ T4282] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  759.531508][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  759.574286][T14592] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3194'.
[  759.649898][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  759.753261][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  760.428660][T14609] netlink: 'syz.4.3200': attribute type 2 has an invalid length.
[  760.471158][T14609] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3200'.
[  760.791295][T14585] chnl_net:caif_netlink_parms(): no params data found
[  761.056945][T14628] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3206'.
[  761.585484][ T4282] Bluetooth: hci2: command 0x0409 tx timeout
[  763.047731][T14585] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.065738][T14585] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.137875][T14585] device bridge_slave_0 entered promiscuous mode
[  763.247281][T14585] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.260361][T14585] bridge0: port 2(bridge_slave_1) entered disabled state
[  763.279522][T14585] device bridge_slave_1 entered promiscuous mode
[  763.478360][T14667] netlink: 180 bytes leftover after parsing attributes in process `syz.0.3212'.
[  763.600787][ T4282] Bluetooth: hci2: command 0x041b tx timeout
[  763.653426][T14585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  763.801693][T14585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  763.939440][T14585] team0: Port device team_slave_0 added
[  763.970383][T14585] team0: Port device team_slave_1 added
[  763.985676][T14681] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3218'.
[  764.185222][   T11] device wlan1 left promiscuous mode
[  764.216796][   T11] team0: Port device wlan1 removed
[  764.246652][T14684] netlink: 'syz.2.3217': attribute type 2 has an invalid length.
[  764.260789][T14684] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3217'.
[  764.279344][T14585] batman_adv: batadv0: Adding interface: batadv_slave_0
[  764.290751][T14585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  764.365322][T14585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  764.422171][T14585] batman_adv: batadv0: Adding interface: batadv_slave_1
[  764.429181][T14585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  764.520661][T14585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  764.767316][T14585] device hsr_slave_0 entered promiscuous mode
[  764.851174][T14585] device hsr_slave_1 entered promiscuous mode
[  764.867793][T14585] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  764.910681][T14585] Cannot create hsr debugfs directory
[  765.026612][T14701] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3222'.
[  765.680797][ T4282] Bluetooth: hci2: command 0x040f tx timeout
[  765.901743][T14723] FAULT_INJECTION: forcing a failure.
[  765.901743][T14723] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  765.940657][T14723] CPU: 0 PID: 14723 Comm: syz.0.3229 Not tainted syzkaller #0
[  765.948305][T14723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  765.958408][T14723] Call Trace:
[  765.961731][T14723]  <TASK>
[  765.964699][T14723]  dump_stack_lvl+0x188/0x24e
[  765.969478][T14723]  ? show_regs_print_info+0x12/0x12
[  765.974753][T14723]  ? load_image+0x400/0x400
[  765.979293][T14723]  ? __lock_acquire+0x7d10/0x7d10
[  765.984355][T14723]  should_fail_ex+0x399/0x4d0
[  765.989096][T14723]  _copy_to_user+0x2c/0x130
[  765.993634][T14723]  bpf_prog_test_run_syscall+0x332/0x4a0
[  765.999301][T14723]  ? sock_gen_cookie+0x60/0x60
[  766.004100][T14723]  ? sock_gen_cookie+0x60/0x60
[  766.008903][T14723]  bpf_prog_test_run+0x31e/0x390
[  766.013879][T14723]  __sys_bpf+0x62b/0x780
[  766.018160][T14723]  ? bpf_link_show_fdinfo+0x380/0x380
[  766.023590][T14723]  ? lock_chain_count+0x20/0x20
[  766.028476][T14723]  __x64_sys_bpf+0x78/0x90
[  766.032926][T14723]  do_syscall_64+0x4c/0xa0
[  766.037366][T14723]  ? clear_bhb_loop+0x60/0xb0
[  766.042069][T14723]  ? clear_bhb_loop+0x60/0xb0
[  766.046769][T14723]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  766.052700][T14723] RIP: 0033:0x7ff11df9aeb9
[  766.057138][T14723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  766.076772][T14723] RSP: 002b:00007ff11ee6c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  766.085224][T14723] RAX: ffffffffffffffda RBX: 00007ff11e215fa0 RCX: 00007ff11df9aeb9
[  766.093230][T14723] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a
[  766.101229][T14723] RBP: 00007ff11ee6c090 R08: 0000000000000000 R09: 0000000000000000
[  766.109240][T14723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  766.117236][T14723] R13: 00007ff11e216038 R14: 00007ff11e215fa0 R15: 00007ffc6b84adf8
[  766.125257][T14723]  </TASK>
[  766.207305][T14721] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3228'.
[  766.559337][   T11] device team0 left promiscuous mode
[  766.597206][   T11] device team_slave_0 left promiscuous mode
[  766.610891][   T11] device team_slave_1 left promiscuous mode
[  766.616960][   T11] device macvlan1 left promiscuous mode
[  766.658429][   T11] device veth0_to_hsr left promiscuous mode
[  766.681389][   T11] device hsr_slave_0 left promiscuous mode
[  766.716728][   T11] bridge0: port 1(team0) entered disabled state
[  766.801282][   T11] device veth1_macvtap left promiscuous mode
[  766.817720][   T11] device veth0_macvtap left promiscuous mode
[  766.827892][   T11] device veth1_vlan left promiscuous mode
[  766.867456][   T11] device veth0_vlan left promiscuous mode
[  767.594860][T14742] delete_channel: no stack
[  767.761082][ T4282] Bluetooth: hci2: command 0x0419 tx timeout
[  767.823418][   T11] team0 (unregistering): Port device macvlan1 removed
[  768.060455][   T11] team0 (unregistering): Port device hsr_slave_0 removed
[  768.092937][   T11] team0 (unregistering): Port device veth0_to_hsr removed
[  768.212524][   T11] team0 (unregistering): Port device team_slave_1 removed
[  769.042410][   T11] team0 (unregistering): Port device team_slave_0 removed
[  769.517724][T14744] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.3234'.
[  769.527518][T14745] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3242'.
[  769.547675][T14753] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3233'.
[  769.948413][T14585] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  770.053479][T14585] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  770.092900][T14585] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  770.163483][T14585] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  770.315787][T14790] À: port 1(vlan0) entered blocking state
[  770.365743][T14790] À: port 1(vlan0) entered disabled state
[  770.417760][T14790] device vlan0 entered promiscuous mode
[  770.487693][T14779] À: port 1(vlan0) entered blocking state
[  770.493714][T14779] À: port 1(vlan0) entered forwarding state
[  770.547521][T14790] netlink: 126288 bytes leftover after parsing attributes in process `syz.4.3244'.
[  770.693773][T14796] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  771.047372][T14585] 8021q: adding VLAN 0 to HW filter on device bond0
[  771.136581][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  771.153306][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  771.226038][T14585] 8021q: adding VLAN 0 to HW filter on device team0
[  771.281727][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  771.311371][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  771.347267][ T4698] bridge0: port 1(bridge_slave_0) entered blocking state
[  771.354529][ T4698] bridge0: port 1(bridge_slave_0) entered forwarding state
[  771.400831][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  771.467819][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  771.486759][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  771.517345][ T4698] bridge0: port 2(bridge_slave_1) entered blocking state
[  771.524553][ T4698] bridge0: port 2(bridge_slave_1) entered forwarding state
[  771.583621][T14818] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3252'.
[  771.628953][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  771.649160][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  771.663829][T14824] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3254'.
[  771.696262][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  771.713124][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  771.740370][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  771.788751][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  771.813555][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  771.883787][T14824] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  771.912722][T14824] batman_adv: batadv0: Removing interface: batadv_slave_0
[  771.929978][T14824] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  771.951312][T14824] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.229988][T14585] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  772.327055][T14585] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  772.391113][T14834] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3264'.
[  772.424917][T14837] netlink: 180 bytes leftover after parsing attributes in process `syz.4.3255'.
[  772.444531][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  772.481682][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  772.507067][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  772.527856][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  772.546434][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  773.167999][T14860] netlink: 'syz.2.3263': attribute type 10 has an invalid length.
[  773.210912][T14860] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3263'.
[  773.227717][T14866] netlink: 'syz.0.3265': attribute type 3 has an invalid length.
[  773.270626][T14866] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3265'.
[  773.838303][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  773.889512][ T4698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  773.952903][T14585] 8021q: adding VLAN 0 to HW filter on device batadv0
[  774.101132][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  774.116983][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  774.188739][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  774.198485][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  774.233442][T14585] device veth0_vlan entered promiscuous mode
[  774.248063][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  774.268031][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  774.295227][T14585] device veth1_vlan entered promiscuous mode
[  774.311661][T14889] FAULT_INJECTION: forcing a failure.
[  774.311661][T14889] name failslab, interval 1, probability 0, space 0, times 0
[  774.355236][T14889] CPU: 0 PID: 14889 Comm: syz.1.3269 Not tainted syzkaller #0
[  774.362790][T14889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  774.372913][T14889] Call Trace:
[  774.376238][T14889]  <TASK>
[  774.379242][T14889]  dump_stack_lvl+0x188/0x24e
[  774.384005][T14889]  ? show_regs_print_info+0x12/0x12
[  774.389281][T14889]  ? load_image+0x400/0x400
[  774.393856][T14889]  ? __might_sleep+0xd0/0xd0
[  774.398513][T14889]  ? __lock_acquire+0x7d10/0x7d10
[  774.403641][T14889]  should_fail_ex+0x399/0x4d0
[  774.408398][T14889]  should_failslab+0x5/0x20
[  774.412969][T14889]  slab_pre_alloc_hook+0x59/0x310
[  774.418056][T14889]  ? trace_event_raw_event_lock+0x250/0x250
[  774.424026][T14889]  ? sock_kmalloc+0x92/0xf0
[  774.428598][T14889]  __kmem_cache_alloc_node+0x4f/0x260
[  774.434037][T14889]  ? sock_kmalloc+0x92/0xf0
[  774.438608][T14889]  __kmalloc+0xa0/0x240
[  774.442843][T14889]  sock_kmalloc+0x92/0xf0
[  774.447237][T14889]  ____sys_sendmsg+0x1bb/0x970
[  774.452069][T14889]  ? __lock_acquire+0x7d10/0x7d10
[  774.457188][T14889]  ? __sys_sendmsg_sock+0x30/0x30
[  774.462302][T14889]  ? __import_iovec+0x315/0x500
[  774.467231][T14889]  ? import_iovec+0x6f/0xa0
[  774.471812][T14889]  ___sys_sendmsg+0x2a2/0x360
[  774.476572][T14889]  ? __sys_sendmsg+0x290/0x290
[  774.481441][T14889]  ? __lock_acquire+0x7d10/0x7d10
[  774.486602][T14889]  __se_sys_sendmsg+0x1bb/0x2a0
[  774.491534][T14889]  ? __x64_sys_sendmsg+0x80/0x80
[  774.496603][T14889]  ? lockdep_hardirqs_on+0x94/0x140
[  774.501879][T14889]  do_syscall_64+0x4c/0xa0
[  774.506361][T14889]  ? clear_bhb_loop+0x60/0xb0
[  774.511099][T14889]  ? clear_bhb_loop+0x60/0xb0
[  774.515842][T14889]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  774.521805][T14889] RIP: 0033:0x7f7288d9aeb9
[  774.526272][T14889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  774.545940][T14889] RSP: 002b:00007f7289cba028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  774.554428][T14889] RAX: ffffffffffffffda RBX: 00007f7289015fa0 RCX: 00007f7288d9aeb9
[  774.562484][T14889] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 000000000000000f
[  774.570507][T14889] RBP: 00007f7289cba090 R08: 0000000000000000 R09: 0000000000000000
[  774.578530][T14889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  774.586548][T14889] R13: 00007f7289016038 R14: 00007f7289015fa0 R15: 00007fff6f54cbf8
[  774.594607][T14889]  </TASK>
[  774.640329][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  774.655252][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  774.677336][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  774.701852][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  774.741970][T14585] device veth0_macvtap entered promiscuous mode
[  774.751571][T14897] __nla_validate_parse: 1 callbacks suppressed
[  774.751587][T14897] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3271'.
[  774.811633][T14585] device veth1_macvtap entered promiscuous mode
[  774.820942][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  774.892037][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  774.985192][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  775.029101][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.052248][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  775.101079][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.161185][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  775.173910][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.191681][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  775.202712][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.239337][T14585] batman_adv: batadv0: Interface activated: batadv_slave_0
[  775.301583][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  775.331785][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  775.386116][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  775.416563][T14914] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.3277'.
[  775.433168][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.480947][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  775.540764][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.591852][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  775.641799][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.670598][T14585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  775.710588][T14585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  775.778107][T14585] batman_adv: batadv0: Interface activated: batadv_slave_1
[  775.827856][ T4651] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  775.847994][ T4651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  775.896120][T14585] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  775.930866][T14585] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  775.990724][T14585] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  775.999637][T14585] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  776.185210][T14932] FAULT_INJECTION: forcing a failure.
[  776.185210][T14932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  776.255257][T14932] CPU: 0 PID: 14932 Comm: syz.1.3281 Not tainted syzkaller #0
[  776.262812][T14932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  776.272910][T14932] Call Trace:
[  776.276229][T14932]  <TASK>
[  776.279208][T14932]  dump_stack_lvl+0x188/0x24e
[  776.283946][T14932]  ? show_regs_print_info+0x12/0x12
[  776.289192][T14932]  ? load_image+0x400/0x400
[  776.293742][T14932]  ? __lock_acquire+0x7d10/0x7d10
[  776.298855][T14932]  ? __rcu_read_unlock+0x78/0xd0
[  776.303851][T14932]  should_fail_ex+0x399/0x4d0
[  776.308591][T14932]  _copy_to_user+0x2c/0x130
[  776.313148][T14932]  bpf_test_finish+0x4a2/0x600
[  776.317963][T14932]  ? convert___skb_to_skb+0x580/0x580
[  776.323392][T14932]  ? convert_skb_to___skb+0x420/0x420
[  776.328816][T14932]  ? bpf_test_init+0x119/0x140
[  776.333624][T14932]  bpf_prog_test_run_xdp+0x80a/0xf10
[  776.338984][T14932]  ? dev_put+0x80/0x80
[  776.343108][T14932]  ? dev_put+0x80/0x80
[  776.347230][T14932]  bpf_prog_test_run+0x31e/0x390
[  776.352248][T14932]  __sys_bpf+0x62b/0x780
[  776.356557][T14932]  ? bpf_link_show_fdinfo+0x380/0x380
[  776.361995][T14932]  ? lock_chain_count+0x20/0x20
[  776.366910][T14932]  __x64_sys_bpf+0x78/0x90
[  776.371393][T14932]  do_syscall_64+0x4c/0xa0
[  776.375866][T14932]  ? clear_bhb_loop+0x60/0xb0
[  776.380591][T14932]  ? clear_bhb_loop+0x60/0xb0
[  776.385324][T14932]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  776.391267][T14932] RIP: 0033:0x7f7288d9aeb9
[  776.395727][T14932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  776.415374][T14932] RSP: 002b:00007f7289cba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  776.423839][T14932] RAX: ffffffffffffffda RBX: 00007f7289015fa0 RCX: 00007f7288d9aeb9
[  776.431853][T14932] RDX: 0000000000000050 RSI: 0000200000000200 RDI: 000000000000000a
[  776.439864][T14932] RBP: 00007f7289cba090 R08: 0000000000000000 R09: 0000000000000000
[  776.447881][T14932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  776.455894][T14932] R13: 00007f7289016038 R14: 00007f7289015fa0 R15: 00007fff6f54cbf8
[  776.463928][T14932]  </TASK>
[  776.505948][ T4678] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.528040][ T4678] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  776.585438][ T4690] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  776.625664][ T4651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.664039][ T4651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  776.721143][ T4651] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  777.541381][T14964] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3288'.
[  779.276490][T14995] netlink: 'syz.2.3298': attribute type 29 has an invalid length.
[  779.365540][T14995] netlink: 'syz.2.3298': attribute type 29 has an invalid length.
[  779.383500][T14997] FAULT_INJECTION: forcing a failure.
[  779.383500][T14997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  779.483023][T14997] CPU: 1 PID: 14997 Comm: syz.2.3298 Not tainted syzkaller #0
[  779.490558][T14997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  779.500660][T14997] Call Trace:
[  779.504014][T14997]  <TASK>
[  779.506986][T14997]  dump_stack_lvl+0x188/0x24e
[  779.511703][T14997]  ? show_regs_print_info+0x12/0x12
[  779.516935][T14997]  ? load_image+0x400/0x400
[  779.521462][T14997]  ? __might_fault+0xa6/0x120
[  779.526173][T14997]  should_fail_ex+0x399/0x4d0
[  779.530891][T14997]  copyout+0x1b/0x120
[  779.534905][T14997]  _copy_to_iter+0x48b/0x1040
[  779.539634][T14997]  ? iov_iter_init+0x1f0/0x1f0
[  779.544447][T14997]  ? __virt_addr_valid+0x188/0x540
[  779.549591][T14997]  ? __virt_addr_valid+0x465/0x540
[  779.554736][T14997]  ? __phys_addr_symbol+0x2b/0x70
[  779.559791][T14997]  ? __check_object_size+0x500/0xa40
[  779.565110][T14997]  __skb_datagram_iter+0xde/0x740
[  779.570168][T14997]  ? skb_copy_datagram_iter+0x290/0x290
[  779.575753][T14997]  skb_copy_datagram_iter+0xd7/0x290
[  779.581076][T14997]  netlink_recvmsg+0x2d0/0xe00
[  779.585880][T14997]  ? netlink_sendmsg+0xbd0/0xbd0
[  779.590860][T14997]  ? aa_af_perm+0x340/0x340
[  779.595397][T14997]  ? __might_fault+0xa6/0x120
[  779.600101][T14997]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[  779.605411][T14997]  ? security_socket_recvmsg+0x85/0xb0
[  779.610903][T14997]  ? netlink_sendmsg+0xbd0/0xbd0
[  779.615868][T14997]  ____sys_recvmsg+0x2cb/0x5e0
[  779.620688][T14997]  ? __sys_recvmsg_sock+0x40/0x40
[  779.625755][T14997]  ? import_iovec+0x6f/0xa0
[  779.630284][T14997]  ___sys_recvmsg+0x212/0x590
[  779.634998][T14997]  ? __sys_recvmsg+0x290/0x290
[  779.639801][T14997]  ? common_file_perm+0x171/0x1c0
[  779.644859][T14997]  ? __fget_files+0x43d/0x4b0
[  779.649591][T14997]  __x64_sys_recvmsg+0x205/0x2e0
[  779.654573][T14997]  ? ___sys_recvmsg+0x590/0x590
[  779.659468][T14997]  ? lockdep_hardirqs_on+0x94/0x140
[  779.664706][T14997]  do_syscall_64+0x4c/0xa0
[  779.669157][T14997]  ? clear_bhb_loop+0x60/0xb0
[  779.673876][T14997]  ? clear_bhb_loop+0x60/0xb0
[  779.678583][T14997]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  779.684523][T14997] RIP: 0033:0x7f8b3bb9aeb9
[  779.688971][T14997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  779.708614][T14997] RSP: 002b:00007f8b3cab6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  779.717062][T14997] RAX: ffffffffffffffda RBX: 00007f8b3be16090 RCX: 00007f8b3bb9aeb9
[  779.725062][T14997] RDX: 0000000000000000 RSI: 0000200000000cc0 RDI: 0000000000000003
[  779.733082][T14997] RBP: 00007f8b3cab6090 R08: 0000000000000000 R09: 0000000000000000
[  779.741081][T14997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  779.749072][T14997] R13: 00007f8b3be16128 R14: 00007f8b3be16090 R15: 00007ffe45139cb8
[  779.757089][T14997]  </TASK>
[  779.885401][T14997] netlink: 'syz.2.3298': attribute type 29 has an invalid length.
[  780.147523][T15012] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3303'.
[  780.296987][T15023] netlink: 'syz.0.3305': attribute type 11 has an invalid length.
[  780.363350][T15023] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3305'.
[  780.517195][T15027] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3307'.
[  780.906408][T15040] FAULT_INJECTION: forcing a failure.
[  780.906408][T15040] name failslab, interval 1, probability 0, space 0, times 0
[  780.994674][T15040] CPU: 1 PID: 15040 Comm: syz.2.3312 Not tainted syzkaller #0
[  781.002242][T15040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  781.012347][T15040] Call Trace:
[  781.015673][T15040]  <TASK>
[  781.018651][T15040]  dump_stack_lvl+0x188/0x24e
[  781.023405][T15040]  ? show_regs_print_info+0x12/0x12
[  781.028674][T15040]  ? load_image+0x400/0x400
[  781.033236][T15040]  ? __might_sleep+0xd0/0xd0
[  781.037877][T15040]  ? __lock_acquire+0x7d10/0x7d10
[  781.042983][T15040]  should_fail_ex+0x399/0x4d0
[  781.047745][T15040]  should_failslab+0x5/0x20
[  781.052320][T15040]  slab_pre_alloc_hook+0x59/0x310
[  781.057412][T15040]  ? bpf_ctx_init+0xbd/0x1a0
[  781.062062][T15040]  __kmem_cache_alloc_node+0x4f/0x260
[  781.067503][T15040]  ? bpf_ctx_init+0xbd/0x1a0
[  781.072160][T15040]  __kmalloc+0xa0/0x240
[  781.076378][T15040]  ? __might_fault+0xc2/0x120
[  781.081111][T15040]  bpf_ctx_init+0xbd/0x1a0
[  781.085598][T15040]  bpf_prog_test_run_flow_dissector+0x2e7/0x640
[  781.091928][T15040]  ? xdp_convert_buff_to_md+0x200/0x200
[  781.097540][T15040]  ? __fget_files+0x28/0x4b0
[  781.102189][T15040]  ? __fget_files+0x28/0x4b0
[  781.106872][T15040]  ? __fget_files+0x43d/0x4b0
[  781.111646][T15040]  ? xdp_convert_buff_to_md+0x200/0x200
[  781.117299][T15040]  bpf_prog_test_run+0x31e/0x390
[  781.122314][T15040]  __sys_bpf+0x62b/0x780
[  781.126642][T15040]  ? bpf_link_show_fdinfo+0x380/0x380
[  781.132134][T15040]  ? lock_chain_count+0x20/0x20
[  781.137073][T15040]  __x64_sys_bpf+0x78/0x90
[  781.141565][T15040]  do_syscall_64+0x4c/0xa0
[  781.146047][T15040]  ? clear_bhb_loop+0x60/0xb0
[  781.150803][T15040]  ? clear_bhb_loop+0x60/0xb0
[  781.155544][T15040]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  781.161494][T15040] RIP: 0033:0x7f8b3bb9aeb9
[  781.165962][T15040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  781.185633][T15040] RSP: 002b:00007f8b3cad7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  781.194125][T15040] RAX: ffffffffffffffda RBX: 00007f8b3be15fa0 RCX: 00007f8b3bb9aeb9
[  781.202150][T15040] RDX: 0000000000000050 RSI: 0000200000000440 RDI: 000000000000000a
[  781.210174][T15040] RBP: 00007f8b3cad7090 R08: 0000000000000000 R09: 0000000000000000
[  781.218199][T15040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  781.226218][T15040] R13: 00007f8b3be16038 R14: 00007f8b3be15fa0 R15: 00007ffe45139cb8
[  781.234270][T15040]  </TASK>
[  782.419815][T15056] netlink: 'syz.3.3317': attribute type 3 has an invalid length.
[  782.430953][T15056] netlink: 13435 bytes leftover after parsing attributes in process `syz.3.3317'.
[  782.898554][T15069] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3321'.
[  783.297276][T15077] netlink: 'syz.3.3324': attribute type 8 has an invalid length.
[  783.336265][T15077] netlink: 399 bytes leftover after parsing attributes in process `syz.3.3324'.
[  783.358257][T15090] netlink: 97108 bytes leftover after parsing attributes in process `syz.4.3328'.
[  783.617862][T15101] FAULT_INJECTION: forcing a failure.
[  783.617862][T15101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  783.651018][T15101] CPU: 0 PID: 15101 Comm: syz.4.3330 Not tainted syzkaller #0
[  783.658578][T15101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  783.668679][T15101] Call Trace:
[  783.672001][T15101]  <TASK>
[  783.674975][T15101]  dump_stack_lvl+0x188/0x24e
[  783.679710][T15101]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  783.685948][T15101]  ? show_regs_print_info+0x12/0x12
[  783.691206][T15101]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  783.697397][T15101]  ? dump_stack+0x5/0x12
[  783.701670][T15101]  should_fail_ex+0x399/0x4d0
[  783.706390][T15101]  _copy_from_user+0x2c/0x170
[  783.711095][T15101]  __sys_bpf+0x2ea/0x780
[  783.715394][T15101]  ? bpf_link_show_fdinfo+0x380/0x380
[  783.720836][T15101]  ? lock_chain_count+0x20/0x20
[  783.725719][T15101]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  783.731746][T15101]  __x64_sys_bpf+0x78/0x90
[  783.736194][T15101]  do_syscall_64+0x4c/0xa0
[  783.740648][T15101]  ? clear_bhb_loop+0x60/0xb0
[  783.745365][T15101]  ? clear_bhb_loop+0x60/0xb0
[  783.750068][T15101]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  783.756014][T15101] RIP: 0033:0x7fbf01f9aeb9
[  783.760446][T15101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  783.780079][T15101] RSP: 002b:00007fbf02dac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  783.788519][T15101] RAX: ffffffffffffffda RBX: 00007fbf02215fa0 RCX: 00007fbf01f9aeb9
[  783.796520][T15101] RDX: 0000000000000020 RSI: 0000200000000200 RDI: 0000000000000012
[  783.804529][T15101] RBP: 00007fbf02dac090 R08: 0000000000000000 R09: 0000000000000000
[  783.812524][T15101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  783.820514][T15101] R13: 00007fbf02216038 R14: 00007fbf02215fa0 R15: 00007ffe08fded58
[  783.828530][T15101]  </TASK>
[  784.907621][T15128] netlink: 'syz.4.3341': attribute type 2 has an invalid length.
[  784.933424][T15129] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3338'.
[  784.940943][T15128] netlink: 'syz.4.3341': attribute type 1 has an invalid length.
[  784.977824][T15128] netlink: 170140 bytes leftover after parsing attributes in process `syz.4.3341'.
[  785.045483][T15132] netlink: 56537 bytes leftover after parsing attributes in process `syz.3.3339'.
[  786.769753][T15164] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3353'.
[  787.070929][T15169] netlink: 'syz.0.3354': attribute type 10 has an invalid length.
[  787.196946][T15169] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  788.075999][T15180] mac80211_hwsim hwsim29 »»»»»»: renamed from wlan0
[  788.129162][T15190] mac80211_hwsim hwsim39 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  788.571427][T15208] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3366'.
[  789.757513][T15228] netlink: 'syz.0.3371': attribute type 29 has an invalid length.
[  790.107592][T15228] netlink: 'syz.0.3371': attribute type 29 has an invalid length.
[  790.158805][T15230] netlink: 'syz.0.3371': attribute type 29 has an invalid length.
[  790.890803][ T4355] wlan1: Trigger new scan to find an IBSS to join
[  794.661174][T15263] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3381'.
[  795.845574][   T11] wlan1: Trigger new scan to find an IBSS to join
[  797.158127][ T4698] wlan1: Creating new IBSS network, BSSID c2:c3:c0:d0:e1:1f
[  797.580058][T15283] FAULT_INJECTION: forcing a failure.
[  797.580058][T15283] name failslab, interval 1, probability 0, space 0, times 0
[  797.595791][T15283] CPU: 1 PID: 15283 Comm: syz.4.3388 Not tainted syzkaller #0
[  797.603309][T15283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  797.613400][T15283] Call Trace:
[  797.616719][T15283]  <TASK>
[  797.619680][T15283]  dump_stack_lvl+0x188/0x24e
[  797.624417][T15283]  ? show_regs_print_info+0x12/0x12
[  797.629665][T15283]  ? load_image+0x400/0x400
[  797.634226][T15283]  ? __might_sleep+0xd0/0xd0
[  797.638863][T15283]  ? __lock_acquire+0x7d10/0x7d10
[  797.643951][T15283]  should_fail_ex+0x399/0x4d0
[  797.648693][T15283]  should_failslab+0x5/0x20
[  797.653253][T15283]  slab_pre_alloc_hook+0x59/0x310
[  797.658309][T15283]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  797.664324][T15283]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  797.669909][T15283]  __kmem_cache_alloc_node+0x4f/0x260
[  797.675313][T15283]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  797.680880][T15283]  __kmalloc+0xa0/0x240
[  797.685067][T15283]  ? lockdep_hardirqs_on+0x94/0x140
[  797.690308][T15283]  bpf_prog_test_run_skb+0x234/0x12a0
[  797.695716][T15283]  ? cpu_online+0xa0/0xa0
[  797.700072][T15283]  bpf_prog_test_run+0x31e/0x390
[  797.705053][T15283]  __sys_bpf+0x62b/0x780
[  797.709331][T15283]  ? bpf_link_show_fdinfo+0x380/0x380
[  797.714745][T15283]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  797.720941][T15283]  __x64_sys_bpf+0x78/0x90
[  797.725390][T15283]  do_syscall_64+0x4c/0xa0
[  797.729853][T15283]  ? clear_bhb_loop+0x60/0xb0
[  797.734581][T15283]  ? clear_bhb_loop+0x60/0xb0
[  797.739286][T15283]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  797.745219][T15283] RIP: 0033:0x7fbf01f9aeb9
[  797.749674][T15283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  797.769320][T15283] RSP: 002b:00007fbf02dac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  797.777766][T15283] RAX: ffffffffffffffda RBX: 00007fbf02215fa0 RCX: 00007fbf01f9aeb9
[  797.785765][T15283] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[  797.793761][T15283] RBP: 00007fbf02dac090 R08: 0000000000000000 R09: 0000000000000000
[  797.801760][T15283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  797.809765][T15283] R13: 00007fbf02216038 R14: 00007fbf02215fa0 R15: 00007ffe08fded58
[  797.817786][T15283]  </TASK>
[  798.378119][T15296] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3393'.
[  798.961167][T15302] netlink: 'syz.2.3394': attribute type 10 has an invalid length.
[  799.036386][T15302] bond0: (slave bond_slave_0): Releasing backup interface
[  800.372165][T15335] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3407'.
[  800.969144][T15348] netlink: 'syz.3.3413': attribute type 11 has an invalid length.
[  801.027005][T15348] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3413'.
[  801.044510][T15348] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  801.934228][T15366] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3420'.
[  802.193307][T15374] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3422'.
[  802.298551][ T4680] device hsr_slave_0 left promiscuous mode
[  802.318893][ T4680] device hsr_slave_1 left promiscuous mode
[  802.334307][ T4680] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  802.362742][ T4680] batman_adv: batadv0: Removing interface: batadv_slave_0
[  802.394320][ T4680] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  802.413335][ T4680] batman_adv: batadv0: Removing interface: batadv_slave_1
[  802.482329][ T4680] device veth1_vlan left promiscuous mode
[  802.488375][ T4680] device veth0_vlan left promiscuous mode
[  802.962933][ T4680] device geneve1 left promiscuous mode
[  802.976341][ T4680] team0 (unregistering): Port device geneve1 removed
[  804.210968][ T4680] device team_slave_1 left promiscuous mode
[  804.225358][ T4680] team0 (unregistering): Port device team_slave_1 removed
[  804.294014][ T4680] device team_slave_0 left promiscuous mode
[  804.308056][ T4680] team0 (unregistering): Port device team_slave_0 removed
[  805.020648][T15393] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3431'.
[  805.029845][T15393] team0: default FDB implementation only supports local addresses
[  805.057304][T15408] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3437'.
[  805.306165][T15425] netlink: 'syz.3.3442': attribute type 1 has an invalid length.
[  805.337399][T15425] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3442'.
[  806.265007][T15451] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3452'.
[  806.769049][T15461] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3455'.
[  807.156475][T15471] netlink: 'syz.2.3457': attribute type 3 has an invalid length.
[  807.239417][T15471] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3457'.
[  807.958466][T15490] pimreg1: tun_chr_ioctl cmd 21731
[  807.968143][T15493] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3467'.
[  808.282610][T15499] netlink: 'syz.4.3469': attribute type 19 has an invalid length.
[  808.307448][T15499] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3469'.
[  808.685242][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  808.693640][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  808.971603][T15517] netlink: 'syz.0.3475': attribute type 10 has an invalid length.
[  809.186609][T15517] 8021q: adding VLAN 0 to HW filter on device team0
[  809.277577][T15517] bond0: (slave team0): Enslaving as an active interface with an up link
[  809.791733][T15529] netlink: 180 bytes leftover after parsing attributes in process `syz.3.3481'.
[  809.888496][T15537] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3480'.
[  810.310469][T15549] syz.2.3487[15549] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  810.335882][T15549] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.3487'.
[  810.720859][T13501] Bluetooth: hci5: command 0x0406 tx timeout
[  811.157469][T15565] netlink: 'syz.0.3493': attribute type 21 has an invalid length.
[  811.218089][T15565] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3493'.
[  811.237700][T15567] netlink: 'syz.1.3494': attribute type 10 has an invalid length.
[  811.296972][T15567] team0: Device ipvlan1 failed to register rx_handler
[  811.653734][T15581] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3497'.
[  812.133698][T15595] netlink: 'syz.2.3503': attribute type 10 has an invalid length.
[  812.192062][T15595] team0: Device ipvlan1 failed to register rx_handler
[  812.628708][T15610] netlink: 'syz.0.3510': attribute type 29 has an invalid length.
[  812.657840][T15610] netlink: 'syz.0.3510': attribute type 29 has an invalid length.
[  812.792724][T15613] netlink: 'syz.0.3510': attribute type 29 has an invalid length.
[  812.833327][T15610] netlink: 'syz.0.3510': attribute type 29 has an invalid length.
[  813.371274][T15619] netlink: 'syz.0.3511': attribute type 2 has an invalid length.
[  813.404872][T15619] netlink: 'syz.0.3511': attribute type 8 has an invalid length.
[  813.427611][T15619] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3511'.
[  813.505659][T15623] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3512'.
[  813.542921][T15611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3508'.
[  813.657131][T15627] netlink: 'syz.0.3511': attribute type 19 has an invalid length.
[  813.665686][T15627] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3511'.
[  813.765883][T15634] FAULT_INJECTION: forcing a failure.
[  813.765883][T15634] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  813.802198][T15634] CPU: 1 PID: 15634 Comm: syz.2.3514 Not tainted syzkaller #0
[  813.809742][T15634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  813.819842][T15634] Call Trace:
[  813.823160][T15634]  <TASK>
[  813.826139][T15634]  dump_stack_lvl+0x188/0x24e
[  813.830883][T15634]  ? show_regs_print_info+0x12/0x12
[  813.836136][T15634]  ? load_image+0x400/0x400
[  813.840698][T15634]  ? __lock_acquire+0x7d10/0x7d10
[  813.845785][T15634]  ? __mod_lruvec_page_state+0xa1/0x410
[  813.851399][T15634]  should_fail_ex+0x399/0x4d0
[  813.856135][T15634]  prepare_alloc_pages+0x1e2/0x5f0
[  813.861314][T15634]  __alloc_pages+0x130/0x4f0
[  813.865964][T15634]  ? zone_statistics+0x170/0x170
[  813.870954][T15634]  ? alloc_pages+0x4d8/0x740
[  813.875591][T15634]  alloc_skb_with_frags+0x20c/0x710
[  813.880845][T15634]  sock_alloc_send_pskb+0x87f/0x9a0
[  813.886104][T15634]  ? sock_kzfree_s+0x50/0x50
[  813.890759][T15634]  ? dev_get_by_index+0x1e/0x2d0
[  813.895764][T15634]  ? dev_get_by_index+0x1e/0x2d0
[  813.900766][T15634]  packet_sendmsg+0x32b0/0x4e60
[  813.905692][T15634]  ? __might_sleep+0xd0/0xd0
[  813.910321][T15634]  ? verify_lock_unused+0x140/0x140
[  813.915588][T15634]  ? aa_sk_perm+0x81f/0x950
[  813.920135][T15634]  ? packet_getsockopt+0x9a0/0x9a0
[  813.925291][T15634]  ? aa_sock_msg_perm+0x94/0x150
[  813.930255][T15634]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  813.935572][T15634]  ? security_socket_sendmsg+0x7c/0xa0
[  813.941079][T15634]  ? packet_getsockopt+0x9a0/0x9a0
[  813.946227][T15634]  ____sys_sendmsg+0x5be/0x970
[  813.951027][T15634]  ? __sys_sendmsg_sock+0x30/0x30
[  813.956101][T15634]  ? __import_iovec+0x315/0x500
[  813.960982][T15634]  ? import_iovec+0x6f/0xa0
[  813.965514][T15634]  ___sys_sendmsg+0x2a2/0x360
[  813.970226][T15634]  ? __sys_sendmsg+0x290/0x290
[  813.975040][T15634]  ? __lock_acquire+0x7d10/0x7d10
[  813.980119][T15634]  __se_sys_sendmsg+0x1bb/0x2a0
[  813.985010][T15634]  ? __x64_sys_sendmsg+0x80/0x80
[  813.989991][T15634]  ? lockdep_hardirqs_on+0x94/0x140
[  813.995226][T15634]  do_syscall_64+0x4c/0xa0
[  813.999675][T15634]  ? clear_bhb_loop+0x60/0xb0
[  814.004379][T15634]  ? clear_bhb_loop+0x60/0xb0
[  814.009085][T15634]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  814.015001][T15634] RIP: 0033:0x7f8b3bb9aeb9
[  814.019430][T15634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  814.039068][T15634] RSP: 002b:00007f8b3ca95028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  814.047511][T15634] RAX: ffffffffffffffda RBX: 00007f8b3be16180 RCX: 00007f8b3bb9aeb9
[  814.055534][T15634] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000008
[  814.063524][T15634] RBP: 00007f8b3ca95090 R08: 0000000000000000 R09: 0000000000000000
[  814.071514][T15634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  814.079505][T15634] R13: 00007f8b3be16218 R14: 00007f8b3be16180 R15: 00007ffe45139cb8
[  814.087513][T15634]  </TASK>
[  814.106670][ T4680] device 0 left promiscuous mode
[  814.161319][ T4680] device 1 left promiscuous mode
[  814.529696][T15637] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3517'.
[  815.579095][T15673] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.3528'.
[  816.137647][ T4680] team0: Port device wlan1 removed
[  820.615609][T15724] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3544'.
[  820.625009][T15744] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3551'.
[  820.943850][T15773] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  820.972706][T15773] syzkaller0: mtu greater than device maximum
[  821.465406][ T4680] device hsr_slave_0 left promiscuous mode
[  821.519289][ T4680] device hsr_slave_1 left promiscuous mode
[  821.657477][ T4680] device veth0_macvtap left promiscuous mode
[  821.685562][ T4680] device veth1_vlan left promiscuous mode
[  821.728207][ T4680] device veth0_vlan left promiscuous mode
[  822.321028][ T4680] team0 (unregistering): Port device geneve1 removed
[  822.579807][T15814] validate_nla: 1 callbacks suppressed
[  822.579827][T15814] netlink: 'syz.1.3576': attribute type 16 has an invalid length.
[  822.610716][T15814] netlink: 'syz.1.3576': attribute type 4 has an invalid length.
[  822.628902][T15814] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3576'.
[  822.987220][T15823] netlink: 'syz.4.3579': attribute type 29 has an invalid length.
[  823.102792][ T4680] team0 (unregistering): Port device team_slave_1 removed
[  823.533993][T15819] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  823.574429][T15823] netlink: 'syz.4.3579': attribute type 29 has an invalid length.
[  823.610419][T15824] netlink: 'syz.4.3579': attribute type 29 has an invalid length.
[  823.627952][T15825] netlink: 'syz.4.3579': attribute type 29 has an invalid length.
[  823.640231][T15826] netlink: 'syz.4.3579': attribute type 29 has an invalid length.
[  824.079224][T15839] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3583'.
[  825.685243][T15863] FAULT_INJECTION: forcing a failure.
[  825.685243][T15863] name failslab, interval 1, probability 0, space 0, times 0
[  825.756718][T15863] CPU: 1 PID: 15863 Comm: syz.2.3592 Not tainted syzkaller #0
[  825.764299][T15863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  825.774415][T15863] Call Trace:
[  825.777742][T15863]  <TASK>
[  825.780733][T15863]  dump_stack_lvl+0x188/0x24e
[  825.785485][T15863]  ? sctp_sendmsg+0x15b0/0x2940
[  825.790398][T15863]  ? ___sys_sendmsg+0x2a2/0x360
[  825.795322][T15863]  ? show_regs_print_info+0x12/0x12
[  825.800624][T15863]  ? load_image+0x400/0x400
[  825.805219][T15863]  should_fail_ex+0x399/0x4d0
[  825.809979][T15863]  should_failslab+0x5/0x20
[  825.814553][T15863]  slab_pre_alloc_hook+0x59/0x310
[  825.819632][T15863]  ? sctp_add_bind_addr+0x89/0x350
[  825.824790][T15863]  __kmem_cache_alloc_node+0x4f/0x260
[  825.830214][T15863]  ? sctp_add_bind_addr+0x89/0x350
[  825.835397][T15863]  kmalloc_trace+0x26/0xe0
[  825.839894][T15863]  sctp_add_bind_addr+0x89/0x350
[  825.844903][T15863]  sctp_copy_local_addr_list+0x311/0x4e0
[  825.850596][T15863]  ? sctp_copy_local_addr_list+0xa1/0x4e0
[  825.856362][T15863]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  825.862496][T15863]  ? sctp_v4_is_any+0x31/0x50
[  825.867218][T15863]  ? sctp_copy_one_addr+0x93/0x660
[  825.872375][T15863]  sctp_bind_addr_copy+0xaf/0x3c0
[  825.877454][T15863]  ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190
[  825.883831][T15863]  sctp_connect_new_asoc+0x2f5/0x6a0
[  825.889171][T15863]  ? __sctp_connect+0xd80/0xd80
[  825.894066][T15863]  ? __local_bh_enable_ip+0x136/0x1c0
[  825.899511][T15863]  ? _local_bh_enable+0xa0/0xa0
[  825.904436][T15863]  ? sctp_endpoint_lookup_assoc+0x77/0x260
[  825.910324][T15863]  ? sctp_endpoint_lookup_assoc+0x77/0x260
[  825.916216][T15863]  ? bpf_lsm_sctp_bind_connect+0x5/0x10
[  825.921797][T15863]  ? security_sctp_bind_connect+0x85/0xb0
[  825.927551][T15863]  sctp_sendmsg+0x15b0/0x2940
[  825.932274][T15863]  ? trace_event_raw_event_lock+0x250/0x250
[  825.938244][T15863]  ? aa_sk_perm+0x7e1/0x950
[  825.942789][T15863]  ? sctp_getsockopt+0x8a0/0x8a0
[  825.947768][T15863]  ? __might_fault+0xa6/0x120
[  825.952480][T15863]  ? aa_af_perm+0x340/0x340
[  825.957019][T15863]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  825.963493][T15863]  ? inet_sendmsg+0x78/0x2f0
[  825.968116][T15863]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  825.973440][T15863]  ? security_socket_sendmsg+0x7c/0xa0
[  825.978947][T15863]  ? inet_send_prepare+0x260/0x260
[  825.984102][T15863]  ____sys_sendmsg+0x5be/0x970
[  825.988918][T15863]  ? __sys_sendmsg_sock+0x30/0x30
[  825.993985][T15863]  ? __import_iovec+0x315/0x500
[  825.998878][T15863]  ? import_iovec+0x6f/0xa0
[  826.003416][T15863]  ___sys_sendmsg+0x2a2/0x360
[  826.008148][T15863]  ? __sys_sendmsg+0x290/0x290
[  826.012978][T15863]  ? __lock_acquire+0x7d10/0x7d10
[  826.018080][T15863]  __se_sys_sendmsg+0x1bb/0x2a0
[  826.022972][T15863]  ? __x64_sys_sendmsg+0x80/0x80
[  826.027971][T15863]  ? lockdep_hardirqs_on+0x94/0x140
[  826.033222][T15863]  do_syscall_64+0x4c/0xa0
[  826.037679][T15863]  ? clear_bhb_loop+0x60/0xb0
[  826.042390][T15863]  ? clear_bhb_loop+0x60/0xb0
[  826.047105][T15863]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  826.053045][T15863] RIP: 0033:0x7f8b3bb9aeb9
[  826.057506][T15863] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  826.077172][T15863] RSP: 002b:00007f8b3cad7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  826.085636][T15863] RAX: ffffffffffffffda RBX: 00007f8b3be15fa0 RCX: 00007f8b3bb9aeb9
[  826.093641][T15863] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  826.101645][T15863] RBP: 00007f8b3cad7090 R08: 0000000000000000 R09: 0000000000000000
[  826.109654][T15863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  826.117672][T15863] R13: 00007f8b3be16038 R14: 00007f8b3be15fa0 R15: 00007ffe45139cb8
[  826.125709][T15863]  </TASK>
[  826.751166][T15883] netlink: 'syz.3.3600': attribute type 10 has an invalid length.
[  827.405714][T15883] team0: Port device geneve1 added
[  828.372271][T15910] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.3609'.
[  828.922727][T15912] netlink: 'syz.2.3611': attribute type 10 has an invalid length.
[  829.092680][T15912] team0: Port device geneve1 added
[  829.105254][T15917] netlink: 'syz.4.3609': attribute type 17 has an invalid length.
[  829.113861][T15917] netlink: 'syz.4.3609': attribute type 16 has an invalid length.
[  829.127501][T15917] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3609'.
[  829.485642][T15937] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3617'.
[  829.511649][T15937] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  829.519799][T15937] batman_adv: batadv0: Removing interface: batadv_slave_0
[  829.542714][T15937] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  829.551258][T15937] batman_adv: batadv0: Removing interface: batadv_slave_1
[  829.559661][T15941] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.3617'.
[  829.768858][T15949] FAULT_INJECTION: forcing a failure.
[  829.768858][T15949] name failslab, interval 1, probability 0, space 0, times 0
[  829.782421][T15949] CPU: 0 PID: 15949 Comm: syz.0.3622 Not tainted syzkaller #0
[  829.789933][T15949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  829.800066][T15949] Call Trace:
[  829.803389][T15949]  <TASK>
[  829.806362][T15949]  dump_stack_lvl+0x188/0x24e
[  829.811094][T15949]  ? show_regs_print_info+0x12/0x12
[  829.816343][T15949]  ? load_image+0x400/0x400
[  829.820904][T15949]  ? __might_sleep+0xd0/0xd0
[  829.825540][T15949]  ? __lock_acquire+0x7d10/0x7d10
[  829.830612][T15949]  should_fail_ex+0x399/0x4d0
[  829.835383][T15949]  should_failslab+0x5/0x20
[  829.839952][T15949]  slab_pre_alloc_hook+0x59/0x310
[  829.845007][T15949]  kmem_cache_alloc_node+0x5a/0x320
[  829.850238][T15949]  ? __alloc_skb+0xfc/0x7e0
[  829.854773][T15949]  __alloc_skb+0xfc/0x7e0
[  829.859149][T15949]  ? netlink_autobind+0xda/0x300
[  829.864152][T15949]  netlink_sendmsg+0x654/0xbd0
[  829.868988][T15949]  ? netlink_getsockopt+0x550/0x550
[  829.874237][T15949]  ? aa_sock_msg_perm+0x94/0x150
[  829.879211][T15949]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  829.884520][T15949]  ? security_socket_sendmsg+0x7c/0xa0
[  829.890015][T15949]  ? netlink_getsockopt+0x550/0x550
[  829.895248][T15949]  ____sys_sendmsg+0x5be/0x970
[  829.900058][T15949]  ? __sys_sendmsg_sock+0x30/0x30
[  829.905125][T15949]  ? __import_iovec+0x315/0x500
[  829.910018][T15949]  ? import_iovec+0x6f/0xa0
[  829.914562][T15949]  ___sys_sendmsg+0x2a2/0x360
[  829.919287][T15949]  ? __sys_sendmsg+0x290/0x290
[  829.924105][T15949]  ? __lock_acquire+0x7d10/0x7d10
[  829.929195][T15949]  __se_sys_sendmsg+0x1bb/0x2a0
[  829.934098][T15949]  ? __x64_sys_sendmsg+0x80/0x80
[  829.939085][T15949]  ? lockdep_hardirqs_on+0x94/0x140
[  829.944354][T15949]  do_syscall_64+0x4c/0xa0
[  829.948843][T15949]  ? clear_bhb_loop+0x60/0xb0
[  829.953552][T15949]  ? clear_bhb_loop+0x60/0xb0
[  829.958275][T15949]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  829.964234][T15949] RIP: 0033:0x7ff11df9aeb9
[  829.968687][T15949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  829.988327][T15949] RSP: 002b:00007ff11ee6c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  829.996774][T15949] RAX: ffffffffffffffda RBX: 00007ff11e215fa0 RCX: 00007ff11df9aeb9
[  830.004772][T15949] RDX: 0000000020004800 RSI: 0000200000000080 RDI: 0000000000000003
[  830.012772][T15949] RBP: 00007ff11ee6c090 R08: 0000000000000000 R09: 0000000000000000
[  830.020779][T15949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  830.028774][T15949] R13: 00007ff11e216038 R14: 00007ff11e215fa0 R15: 00007ffc6b84adf8
[  830.036816][T15949]  </TASK>
[  830.253511][T15951] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3624'.
[  830.277981][T15951] device caif0 entered promiscuous mode
[  831.176392][T15974] syz.0.3629[15974] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  831.176568][T15974] syz.0.3629[15974] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  831.232624][ T4282] Bluetooth: hci0: command 0x0406 tx timeout
[  831.759198][T15984] syzkaller1: tun_chr_ioctl cmd 21731
[  832.284570][T16003] FAULT_INJECTION: forcing a failure.
[  832.284570][T16003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  832.324293][T16003] CPU: 1 PID: 16003 Comm: syz.2.3636 Not tainted syzkaller #0
[  832.331859][T16003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  832.341978][T16003] Call Trace:
[  832.345310][T16003]  <TASK>
[  832.348298][T16003]  dump_stack_lvl+0x188/0x24e
[  832.353052][T16003]  ? show_regs_print_info+0x12/0x12
[  832.358338][T16003]  ? load_image+0x400/0x400
[  832.362910][T16003]  ? __lock_acquire+0x7d10/0x7d10
[  832.368034][T16003]  should_fail_ex+0x399/0x4d0
[  832.372801][T16003]  _copy_from_user+0x2c/0x170
[  832.377559][T16003]  __copy_msghdr+0x3b7/0x580
[  832.382236][T16003]  ___sys_sendmsg+0x210/0x360
[  832.386990][T16003]  ? __sys_sendmsg+0x290/0x290
[  832.391875][T16003]  ? __lock_acquire+0x7d10/0x7d10
[  832.397022][T16003]  __se_sys_sendmsg+0x1bb/0x2a0
[  832.401947][T16003]  ? __x64_sys_sendmsg+0x80/0x80
[  832.406984][T16003]  ? lockdep_hardirqs_on+0x94/0x140
[  832.412262][T16003]  do_syscall_64+0x4c/0xa0
[  832.416740][T16003]  ? clear_bhb_loop+0x60/0xb0
[  832.421489][T16003]  ? clear_bhb_loop+0x60/0xb0
[  832.426233][T16003]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  832.432194][T16003] RIP: 0033:0x7f8b3bb9aeb9
[  832.436680][T16003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  832.456352][T16003] RSP: 002b:00007f8b3cad7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  832.464851][T16003] RAX: ffffffffffffffda RBX: 00007f8b3be15fa0 RCX: 00007f8b3bb9aeb9
[  832.472891][T16003] RDX: 00000000200440e4 RSI: 00002000000004c0 RDI: 0000000000000004
[  832.480927][T16003] RBP: 00007f8b3cad7090 R08: 0000000000000000 R09: 0000000000000000
[  832.488970][T16003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  832.497007][T16003] R13: 00007f8b3be16038 R14: 00007f8b3be15fa0 R15: 00007ffe45139cb8
[  832.505081][T16003]  </TASK>
[  833.223317][T16018] FAULT_INJECTION: forcing a failure.
[  833.223317][T16018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  833.300284][T16018] CPU: 0 PID: 16018 Comm: syz.1.3641 Not tainted syzkaller #0
[  833.307836][T16018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  833.317947][T16018] Call Trace:
[  833.321271][T16018]  <TASK>
[  833.324239][T16018]  dump_stack_lvl+0x188/0x24e
[  833.328992][T16018]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  833.335200][T16018]  ? show_regs_print_info+0x12/0x12
[  833.340465][T16018]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  833.346697][T16018]  should_fail_ex+0x399/0x4d0
[  833.351462][T16018]  _copy_to_user+0x2c/0x130
[  833.356032][T16018]  bpf_test_finish+0x4a2/0x600
[  833.360863][T16018]  ? convert___skb_to_skb+0x580/0x580
[  833.366295][T16018]  ? convert_skb_to___skb+0x420/0x420
[  833.371726][T16018]  ? __build_skb+0x257/0x3c0
[  833.376385][T16018]  ? bpf_prog_test_run_skb+0x773/0x12a0
[  833.382043][T16018]  bpf_prog_test_run_skb+0xc99/0x12a0
[  833.387480][T16018]  ? cpu_online+0xa0/0xa0
[  833.391860][T16018]  bpf_prog_test_run+0x31e/0x390
[  833.396854][T16018]  __sys_bpf+0x62b/0x780
[  833.401152][T16018]  ? bpf_link_show_fdinfo+0x380/0x380
[  833.406658][T16018]  ? lock_chain_count+0x20/0x20
[  833.411568][T16018]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  833.417600][T16018]  __x64_sys_bpf+0x78/0x90
[  833.422067][T16018]  do_syscall_64+0x4c/0xa0
[  833.426534][T16018]  ? clear_bhb_loop+0x60/0xb0
[  833.431253][T16018]  ? clear_bhb_loop+0x60/0xb0
[  833.435961][T16018]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  833.441880][T16018] RIP: 0033:0x7f7288d9aeb9
[  833.446323][T16018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  833.465957][T16018] RSP: 002b:00007f7289cba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  833.474408][T16018] RAX: ffffffffffffffda RBX: 00007f7289015fa0 RCX: 00007f7288d9aeb9
[  833.482405][T16018] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a
[  833.490403][T16018] RBP: 00007f7289cba090 R08: 0000000000000000 R09: 0000000000000000
[  833.498404][T16018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  833.506406][T16018] R13: 00007f7289016038 R14: 00007f7289015fa0 R15: 00007fff6f54cbf8
[  833.514415][T16018]  </TASK>
[  834.791432][T16056] netlink: 65173 bytes leftover after parsing attributes in process `syz.3.3653'.
[  835.145941][T16058] netlink: 'syz.4.3655': attribute type 12 has an invalid length.
[  835.169506][T16058] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3655'.
[  835.373914][T16072] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3660'.
[  835.780368][T16088] netlink: 'syz.1.3665': attribute type 3 has an invalid length.
[  835.837419][T16087] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.3667'.
[  835.855850][T16088] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.3665'.
[  835.906715][T16083] netlink: 'syz.2.3666': attribute type 29 has an invalid length.
[  835.951642][T16083] netlink: 'syz.2.3666': attribute type 29 has an invalid length.
[  837.482063][T16131] netlink: 'syz.0.3684': attribute type 6 has an invalid length.
[  838.519304][T16147] netlink: 'syz.4.3690': attribute type 10 has an invalid length.
[  838.599696][T16147] team0: Device hsr_slave_0 failed to register rx_handler
[  838.687159][T16157] netlink: 'syz.2.3691': attribute type 3 has an invalid length.
[  838.715916][T16157] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.3691'.
[  838.802462][T16153] netlink: 'syz.2.3691': attribute type 11 has an invalid length.
[  839.294810][T16169] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3697'.
[  839.348708][T16172] FAULT_INJECTION: forcing a failure.
[  839.348708][T16172] name failslab, interval 1, probability 0, space 0, times 0
[  839.397440][T16172] CPU: 1 PID: 16172 Comm: syz.4.3698 Not tainted syzkaller #0
[  839.405010][T16172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  839.415135][T16172] Call Trace:
[  839.418472][T16172]  <TASK>
[  839.421464][T16172]  dump_stack_lvl+0x188/0x24e
[  839.426235][T16172]  ? show_regs_print_info+0x12/0x12
[  839.431521][T16172]  ? load_image+0x400/0x400
[  839.436150][T16172]  should_fail_ex+0x399/0x4d0
[  839.440940][T16172]  should_failslab+0x5/0x20
[  839.445522][T16172]  slab_pre_alloc_hook+0x59/0x310
[  839.450617][T16172]  ? br_netlink_fini+0x30/0x30
[  839.455469][T16172]  kmem_cache_alloc_node+0x5a/0x320
[  839.460750][T16172]  ? if_nlmsg_size+0x5b0/0x880
[  839.465583][T16172]  ? __alloc_skb+0xfc/0x7e0
[  839.470186][T16172]  __alloc_skb+0xfc/0x7e0
[  839.474619][T16172]  rtmsg_ifinfo_build_skb+0x80/0x180
[  839.480005][T16172]  rtmsg_ifinfo+0x71/0x120
[  839.484516][T16172]  __dev_notify_flags+0xdc/0x300
[  839.489538][T16172]  ? __dev_change_flags+0x6a0/0x6a0
[  839.494835][T16172]  ? __dev_change_flags+0x4d0/0x6a0
[  839.500135][T16172]  ? dev_get_flags+0x1c0/0x1c0
[  839.504997][T16172]  ? is_bpf_text_address+0x28b/0x2a0
[  839.510394][T16172]  dev_change_flags+0xe3/0x1a0
[  839.515252][T16172]  do_setlink+0xba1/0x3e60
[  839.519790][T16172]  ? nlmsg_parse_deprecated_strict+0x110/0x110
[  839.526026][T16172]  ? stack_trace_save+0xa6/0xf0
[  839.530964][T16172]  ? __stack_depot_save+0x35/0x460
[  839.536196][T16172]  ? __nla_validate_parse+0x1fe5/0x2a40
[  839.541813][T16172]  ? netlink_rcv_skb+0x1fb/0x450
[  839.546843][T16172]  ? netlink_unicast+0x74d/0x8d0
[  839.551855][T16172]  ? netlink_sendmsg+0x8ad/0xbd0
[  839.556948][T16172]  ? __nla_validate+0x50/0x50
[  839.561770][T16172]  ? validate_linkmsg+0x406/0x4c0
[  839.566911][T16172]  rtnl_newlink+0x177c/0x2080
[  839.571726][T16172]  ? rtnl_newlink+0x501/0x2080
[  839.576613][T16172]  ? rtnl_setlink+0x510/0x510
[  839.581373][T16172]  ? __rwlock_init+0x140/0x140
[  839.586218][T16172]  ? do_raw_spin_unlock+0x11d/0x230
[  839.591499][T16172]  ? __mutex_lock+0x810/0xaf0
[  839.596263][T16172]  ? __mutex_lock+0x3b2/0xaf0
[  839.601080][T16172]  ? rtnetlink_rcv_msg+0x226/0xfc0
[  839.606295][T16172]  ? rtnetlink_rcv_msg+0x226/0xfc0
[  839.611487][T16172]  ? rtnl_setlink+0x510/0x510
[  839.616237][T16172]  rtnetlink_rcv_msg+0x87c/0xfc0
[  839.621289][T16172]  ? rtnetlink_bind+0x80/0x80
[  839.626051][T16172]  ? __local_bh_enable_ip+0x136/0x1c0
[  839.631502][T16172]  ? migrate_enable+0x148/0x220
[  839.636432][T16172]  ? trace_call_bpf+0xbf/0x6b0
[  839.641278][T16172]  ? trace_call_bpf+0xbf/0x6b0
[  839.646136][T16172]  ? trace_call_bpf+0x5d6/0x6b0
[  839.651064][T16172]  ? trace_call_bpf+0xbf/0x6b0
[  839.655938][T16172]  ? __dev_queue_xmit+0x26b/0x37f0
[  839.661118][T16172]  ? __dev_queue_xmit+0x26b/0x37f0
[  839.666310][T16172]  ? __bpf_trace_bpf_trace_printk+0x20/0x20
[  839.672332][T16172]  ? perf_trace_run_bpf_submit+0x124/0x1c0
[  839.678240][T16172]  ? perf_trace_lock+0x301/0x390
[  839.683260][T16172]  ? __copy_skb_header+0x3ba/0x4f0
[  839.688463][T16172]  ? trace_event_raw_event_lock+0x250/0x250
[  839.694442][T16172]  ? __skb_clone+0x480/0x790
[  839.699145][T16172]  netlink_rcv_skb+0x1fb/0x450
[  839.703987][T16172]  ? rtnetlink_bind+0x80/0x80
[  839.708752][T16172]  ? netlink_ack+0x1170/0x1170
[  839.713638][T16172]  ? netlink_deliver_tap+0x2e/0x1b0
[  839.718934][T16172]  netlink_unicast+0x74d/0x8d0
[  839.723811][T16172]  netlink_sendmsg+0x8ad/0xbd0
[  839.728692][T16172]  ? netlink_getsockopt+0x550/0x550
[  839.733977][T16172]  ? aa_sock_msg_perm+0x94/0x150
[  839.739044][T16172]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  839.744403][T16172]  ? security_socket_sendmsg+0x7c/0xa0
[  839.749971][T16172]  ? netlink_getsockopt+0x550/0x550
[  839.755245][T16172]  ____sys_sendmsg+0x5be/0x970
[  839.760124][T16172]  ? __sys_sendmsg_sock+0x30/0x30
[  839.765222][T16172]  ? __import_iovec+0x315/0x500
[  839.770175][T16172]  ? import_iovec+0x6f/0xa0
[  839.774771][T16172]  ___sys_sendmsg+0x2a2/0x360
[  839.779550][T16172]  ? __sys_sendmsg+0x290/0x290
[  839.784508][T16172]  ? __lock_acquire+0x7d10/0x7d10
[  839.789714][T16172]  __se_sys_sendmsg+0x1bb/0x2a0
[  839.794681][T16172]  ? __x64_sys_sendmsg+0x80/0x80
[  839.799758][T16172]  ? lockdep_hardirqs_on+0x94/0x140
[  839.805071][T16172]  do_syscall_64+0x4c/0xa0
[  839.809561][T16172]  ? clear_bhb_loop+0x60/0xb0
[  839.814330][T16172]  ? clear_bhb_loop+0x60/0xb0
[  839.819111][T16172]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  839.825085][T16172] RIP: 0033:0x7fbf01f9aeb9
[  839.829582][T16172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  839.849258][T16172] RSP: 002b:00007fbf02dac028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  839.857745][T16172] RAX: ffffffffffffffda RBX: 00007fbf02215fa0 RCX: 00007fbf01f9aeb9
[  839.865784][T16172] RDX: 0000000000008000 RSI: 0000200000000600 RDI: 0000000000000003
[  839.873818][T16172] RBP: 00007fbf02dac090 R08: 0000000000000000 R09: 0000000000000000
[  839.881847][T16172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  839.889892][T16172] R13: 00007fbf02216038 R14: 00007fbf02215fa0 R15: 00007ffe08fded58
[  839.898001][T16172]  </TASK>
[  840.266639][T16177] netlink: 'syz.4.3700': attribute type 10 has an invalid length.
[  840.679149][T16177] bridge0: port 3(bond0) entered disabled state
[  840.685887][T16177] bridge0: port 2(bridge_slave_1) entered disabled state
[  840.693456][T16177] bridge0: port 1(bridge_slave_0) entered disabled state
[  840.732729][T16177] bridge0: port 3(bond0) entered blocking state
[  840.739902][T16177] bridge0: port 3(bond0) entered forwarding state
[  840.747881][T16177] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.755098][T16177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  840.762593][T16177] bridge0: port 1(bridge_slave_0) entered blocking state
[  840.769807][T16177] bridge0: port 1(bridge_slave_0) entered forwarding state
[  840.836252][T16177] team0: Port device bridge0 added
[  840.911680][T16178] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3699'.
[  841.104423][T16192] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3704'.
[  841.209214][T16197] FAULT_INJECTION: forcing a failure.
[  841.209214][T16197] name failslab, interval 1, probability 0, space 0, times 0
[  841.238219][T16197] CPU: 1 PID: 16197 Comm: syz.2.3707 Not tainted syzkaller #0
[  841.245774][T16197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  841.255883][T16197] Call Trace:
[  841.259197][T16197]  <TASK>
[  841.262172][T16197]  dump_stack_lvl+0x188/0x24e
[  841.266897][T16197]  ? show_regs_print_info+0x12/0x12
[  841.272149][T16197]  ? load_image+0x400/0x400
[  841.276704][T16197]  ? __might_sleep+0xd0/0xd0
[  841.281340][T16197]  ? __lock_acquire+0x7d10/0x7d10
[  841.286416][T16197]  should_fail_ex+0x399/0x4d0
[  841.291147][T16197]  should_failslab+0x5/0x20
[  841.295698][T16197]  slab_pre_alloc_hook+0x59/0x310
[  841.300954][T16197]  kmem_cache_alloc_node+0x5a/0x320
[  841.306205][T16197]  ? __alloc_skb+0xfc/0x7e0
[  841.310767][T16197]  __alloc_skb+0xfc/0x7e0
[  841.315143][T16197]  ? netlink_autobind+0xda/0x300
[  841.320140][T16197]  netlink_sendmsg+0x654/0xbd0
[  841.324967][T16197]  ? netlink_getsockopt+0x550/0x550
[  841.330215][T16197]  ? aa_sock_msg_perm+0x94/0x150
[  841.335199][T16197]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  841.340538][T16197]  ? security_socket_sendmsg+0x7c/0xa0
[  841.346057][T16197]  ? netlink_getsockopt+0x550/0x550
[  841.351311][T16197]  ____sys_sendmsg+0x5be/0x970
[  841.356139][T16197]  ? __sys_sendmsg_sock+0x30/0x30
[  841.361207][T16197]  ? __import_iovec+0x315/0x500
[  841.366097][T16197]  ? import_iovec+0x6f/0xa0
[  841.370633][T16197]  ___sys_sendmsg+0x2a2/0x360
[  841.375366][T16197]  ? __sys_sendmsg+0x290/0x290
[  841.380203][T16197]  ? __lock_acquire+0x7d10/0x7d10
[  841.385311][T16197]  __se_sys_sendmsg+0x1bb/0x2a0
[  841.390223][T16197]  ? __x64_sys_sendmsg+0x80/0x80
[  841.395245][T16197]  ? lockdep_hardirqs_on+0x94/0x140
[  841.400514][T16197]  do_syscall_64+0x4c/0xa0
[  841.404985][T16197]  ? clear_bhb_loop+0x60/0xb0
[  841.409708][T16197]  ? clear_bhb_loop+0x60/0xb0
[  841.414439][T16197]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  841.420398][T16197] RIP: 0033:0x7f8b3bb9aeb9
[  841.424869][T16197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  841.444527][T16197] RSP: 002b:00007f8b3cad7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  841.452983][T16197] RAX: ffffffffffffffda RBX: 00007f8b3be15fa0 RCX: 00007f8b3bb9aeb9
[  841.461004][T16197] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  841.469014][T16197] RBP: 00007f8b3cad7090 R08: 0000000000000000 R09: 0000000000000000
[  841.477031][T16197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  841.485046][T16197] R13: 00007f8b3be16038 R14: 00007f8b3be15fa0 R15: 00007ffe45139cb8
[  841.493082][T16197]  </TASK>
[  841.891735][T16209] netlink: 'syz.0.3711': attribute type 21 has an invalid length.
[  842.889803][T16217] netlink: 143932 bytes leftover after parsing attributes in process `syz.2.3712'.
[  842.940723][T16217] netlink: zone id is out of range
[  842.945963][T16217] netlink: zone id is out of range
[  842.980654][T16217] netlink: zone id is out of range
[  842.985876][T16217] netlink: zone id is out of range
[  843.040649][T16217] netlink: zone id is out of range
[  843.063839][T16217] netlink: zone id is out of range
[  843.093174][T16217] netlink: zone id is out of range
[  843.136126][T16217] netlink: zone id is out of range
[  843.182451][T16217] netlink: zone id is out of range
[  843.187651][T16217] netlink: zone id is out of range
[  843.420782][T16234] netlink: 'syz.0.3720': attribute type 7 has an invalid length.
[  843.428587][T16234] netlink: 'syz.0.3720': attribute type 6 has an invalid length.
[  843.595878][T16234] device syzkaller0 entered promiscuous mode
[  843.896295][T16250] netlink: 'syz.4.3725': attribute type 21 has an invalid length.
[  843.968878][T16250] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3725'.
[  844.054046][T16250] netlink: 'syz.4.3725': attribute type 5 has an invalid length.
[  844.125551][T16250] netlink: 'syz.4.3725': attribute type 6 has an invalid length.
[  844.171064][T16250] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3725'.
[  844.413253][T16253] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3725'.
[  848.383804][T16307] netlink: 'syz.2.3746': attribute type 25 has an invalid length.
[  848.896378][ T4282] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  849.480594][T16344] net_ratelimit: 3585 callbacks suppressed
[  849.480616][T16344] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  849.668570][T16348] netlink: 'syz.2.3762': attribute type 10 has an invalid length.
[  849.746168][T16348] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  849.805667][T16342] netlink: 164 bytes leftover after parsing attributes in process `syz.0.3760'.
[  850.655585][T16352] netlink: 164 bytes leftover after parsing attributes in process `syz.0.3760'.
[  850.940667][T16378] netlink: 'syz.3.3772': attribute type 3 has an invalid length.
[  850.948481][T16378] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3772'.
[  850.960618][ T4282] Bluetooth: hci1: command 0x2016 tx timeout
[  851.948852][T16396] FAULT_INJECTION: forcing a failure.
[  851.948852][T16396] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  852.010026][T16396] CPU: 0 PID: 16396 Comm: syz.0.3778 Not tainted syzkaller #0
[  852.017576][T16396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  852.027679][T16396] Call Trace:
[  852.030996][T16396]  <TASK>
[  852.033969][T16396]  dump_stack_lvl+0x188/0x24e
[  852.038708][T16396]  ? show_regs_print_info+0x12/0x12
[  852.043968][T16396]  ? load_image+0x400/0x400
[  852.048528][T16396]  ? __lock_acquire+0x7d10/0x7d10
[  852.053611][T16396]  should_fail_ex+0x399/0x4d0
[  852.058348][T16396]  _copy_from_user+0x2c/0x170
[  852.063080][T16396]  iovec_from_user+0x143/0x360
[  852.067900][T16396]  __import_iovec+0x6d/0x500
[  852.072548][T16396]  import_iovec+0x6f/0xa0
[  852.076935][T16396]  ___sys_sendmsg+0x252/0x360
[  852.081670][T16396]  ? __sys_sendmsg+0x290/0x290
[  852.086529][T16396]  __se_sys_sendmsg+0x1bb/0x2a0
[  852.091449][T16396]  ? __x64_sys_sendmsg+0x80/0x80
[  852.096462][T16396]  do_syscall_64+0x4c/0xa0
[  852.100941][T16396]  ? clear_bhb_loop+0x60/0xb0
[  852.105668][T16396]  ? clear_bhb_loop+0x60/0xb0
[  852.110397][T16396]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  852.116332][T16396] RIP: 0033:0x7ff11df9aeb9
[  852.120788][T16396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  852.140449][T16396] RSP: 002b:00007ff11ee6c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  852.148912][T16396] RAX: ffffffffffffffda RBX: 00007ff11e215fa0 RCX: 00007ff11df9aeb9
[  852.156927][T16396] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  852.164945][T16396] RBP: 00007ff11ee6c090 R08: 0000000000000000 R09: 0000000000000000
[  852.172961][T16396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  852.180970][T16396] R13: 00007ff11e216038 R14: 00007ff11e215fa0 R15: 00007ffc6b84adf8
[  852.189017][T16396]  </TASK>
[  852.797834][T16408] netlink: 'syz.4.3782': attribute type 29 has an invalid length.
[  853.688730][T16405] netlink: 'syz.4.3782': attribute type 21 has an invalid length.
[  853.733436][T16405] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3782'.
[  853.775005][T16407] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3782'.
[  853.803795][T16408] netlink: 'syz.4.3782': attribute type 29 has an invalid length.
[  853.815065][T16413] netlink: 'syz.4.3782': attribute type 29 has an invalid length.
[  856.029972][T16453] netlink: 212940 bytes leftover after parsing attributes in process `syz.0.3794'.
[  856.355142][T16462] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3799'.
[  856.376381][T16464] netlink: 'syz.0.3801': attribute type 10 has an invalid length.
[  856.547614][T16471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3802'.
[  856.800993][T13501] Bluetooth: hci4: command 0x0406 tx timeout
[  857.023455][T16490] netlink: 'syz.3.3807': attribute type 2 has an invalid length.
[  857.044232][T16490] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3807'.
[  857.660411][T16507] netlink: 'syz.2.3815': attribute type 21 has an invalid length.
[  857.672259][T16507] netlink: 'syz.2.3815': attribute type 11 has an invalid length.
[  857.744008][T16519] FAULT_INJECTION: forcing a failure.
[  857.744008][T16519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  857.778064][T16519] CPU: 0 PID: 16519 Comm: syz.1.3818 Not tainted syzkaller #0
[  857.785619][T16519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  857.795720][T16519] Call Trace:
[  857.799050][T16519]  <TASK>
[  857.802025][T16519]  dump_stack_lvl+0x188/0x24e
[  857.806769][T16519]  ? show_regs_print_info+0x12/0x12
[  857.812025][T16519]  ? load_image+0x400/0x400
[  857.816591][T16519]  ? __lock_acquire+0x7d10/0x7d10
[  857.821684][T16519]  should_fail_ex+0x399/0x4d0
[  857.826432][T16519]  _copy_from_user+0x2c/0x170
[  857.831168][T16519]  iovec_from_user+0x143/0x360
[  857.835981][T16519]  __import_iovec+0x6d/0x500
[  857.840620][T16519]  import_iovec+0x6f/0xa0
[  857.845001][T16519]  ___sys_sendmsg+0x252/0x360
[  857.849745][T16519]  ? __sys_sendmsg+0x290/0x290
[  857.854596][T16519]  ? __lock_acquire+0x7d10/0x7d10
[  857.859698][T16519]  __se_sys_sendmsg+0x1bb/0x2a0
[  857.864610][T16519]  ? __x64_sys_sendmsg+0x80/0x80
[  857.869641][T16519]  ? lockdep_hardirqs_on+0x94/0x140
[  857.874900][T16519]  do_syscall_64+0x4c/0xa0
[  857.879368][T16519]  ? clear_bhb_loop+0x60/0xb0
[  857.884099][T16519]  ? clear_bhb_loop+0x60/0xb0
[  857.888827][T16519]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  857.894779][T16519] RIP: 0033:0x7f7288d9aeb9
[  857.899242][T16519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  857.918893][T16519] RSP: 002b:00007f7289c99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  857.927353][T16519] RAX: ffffffffffffffda RBX: 00007f7289016090 RCX: 00007f7288d9aeb9
[  857.935362][T16519] RDX: 0000000000000000 RSI: 0000200000003780 RDI: 0000000000000003
[  857.943381][T16519] RBP: 00007f7289c99090 R08: 0000000000000000 R09: 0000000000000000
[  857.951401][T16519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  857.959417][T16519] R13: 00007f7289016128 R14: 00007f7289016090 R15: 00007fff6f54cbf8
[  857.967447][T16519]  </TASK>
[  858.496318][T16532] syzkaller0: tun_chr_ioctl cmd 1074025677
[  858.516655][T16532] syzkaller0: linktype set to 776
[  858.578049][T16534] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  858.585437][T16534] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  859.036766][T16546] netlink: 763 bytes leftover after parsing attributes in process `syz.0.3828'.
[  859.594523][T16560] IPv6: NLM_F_CREATE should be specified when creating new route
[  859.614007][T16561] netlink: 5643 bytes leftover after parsing attributes in process `syz.4.3830'.
[  861.203023][T16578] mac80211_hwsim hwsim37 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  861.747889][T16595] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.3846'.
[  861.958775][T16607] FAULT_INJECTION: forcing a failure.
[  861.958775][T16607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  861.990675][T16607] CPU: 0 PID: 16607 Comm: syz.0.3849 Not tainted syzkaller #0
[  861.997435][T16606] netlink: 763 bytes leftover after parsing attributes in process `syz.4.3850'.
[  861.998209][T16607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  861.998228][T16607] Call Trace:
[  861.998239][T16607]  <TASK>
[  861.998251][T16607]  dump_stack_lvl+0x188/0x24e
[  861.998298][T16607]  ? show_regs_print_info+0x12/0x12
[  862.033668][T16607]  ? load_image+0x400/0x400
[  862.038261][T16607]  ? __lock_acquire+0x7d10/0x7d10
[  862.043403][T16607]  should_fail_ex+0x399/0x4d0
[  862.048153][T16607]  _copy_from_user+0x2c/0x170
[  862.052912][T16607]  iovec_from_user+0x143/0x360
[  862.057747][T16607]  __import_iovec+0x6d/0x500
[  862.062420][T16607]  import_iovec+0x6f/0xa0
[  862.066813][T16607]  ___sys_sendmsg+0x252/0x360
[  862.071559][T16607]  ? __sys_sendmsg+0x290/0x290
[  862.076421][T16607]  ? __lock_acquire+0x7d10/0x7d10
[  862.081557][T16607]  __se_sys_sendmsg+0x1bb/0x2a0
[  862.086484][T16607]  ? __x64_sys_sendmsg+0x80/0x80
[  862.091518][T16607]  ? lockdep_hardirqs_on+0x94/0x140
[  862.096812][T16607]  do_syscall_64+0x4c/0xa0
[  862.101291][T16607]  ? clear_bhb_loop+0x60/0xb0
[  862.106044][T16607]  ? clear_bhb_loop+0x60/0xb0
[  862.110804][T16607]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  862.116799][T16607] RIP: 0033:0x7ff11df9aeb9
[  862.121283][T16607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  862.140950][T16607] RSP: 002b:00007ff11ee6c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  862.149445][T16607] RAX: ffffffffffffffda RBX: 00007ff11e215fa0 RCX: 00007ff11df9aeb9
[  862.157474][T16607] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  862.165495][T16607] RBP: 00007ff11ee6c090 R08: 0000000000000000 R09: 0000000000000000
[  862.173518][T16607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  862.181566][T16607] R13: 00007ff11e216038 R14: 00007ff11e215fa0 R15: 00007ffc6b84adf8
[  862.189620][T16607]  </TASK>
[  862.633905][T16620] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3856'.
[  862.665545][T16623] netlink: 'syz.0.3857': attribute type 21 has an invalid length.
[  862.674679][T16623] netlink: 'syz.0.3857': attribute type 11 has an invalid length.
[  862.806977][T16617] netlink: 'syz.3.3854': attribute type 25 has an invalid length.
[  863.629519][T16641] mac80211_hwsim hwsim39 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  864.500038][T16663] syzkaller0: tun_chr_ioctl cmd 35092
[  864.600473][T16666] netlink: 'syz.0.3871': attribute type 21 has an invalid length.
[  864.626742][T16666] netlink: 'syz.0.3871': attribute type 11 has an invalid length.
[  864.681023][T16668] netlink: 'syz.4.3872': attribute type 21 has an invalid length.
[  864.729936][T16673] netlink: 'syz.4.3872': attribute type 10 has an invalid length.
[  864.971107][T16673] bridge0: port 2(bridge_slave_1) entered disabled state
[  865.774448][T16673] device bridge_slave_1 left promiscuous mode
[  865.781688][T16673] bridge0: port 2(bridge_slave_1) entered disabled state
[  865.794615][T16673] device bridge_slave_1 entered promiscuous mode
[  865.822417][T16673] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  865.851604][T16689] netlink: 'syz.2.3879': attribute type 4 has an invalid length.
[  865.861852][T16689] netlink: 'syz.2.3879': attribute type 3 has an invalid length.
[  865.869513][T16688] netlink: 'syz.2.3879': attribute type 6 has an invalid length.
[  865.873044][T16689] netlink: 153952 bytes leftover after parsing attributes in process `syz.2.3879'.
[  865.911124][T16688] netlink: 140 bytes leftover after parsing attributes in process `syz.2.3879'.
[  866.278060][T16702] Dead loop on virtual device ip6_vti0, fix it urgently!
[  867.041259][ T4282] Bluetooth: hci1: command 0x0406 tx timeout
[  867.878903][T16732] cgroup: fork rejected by pids controller in /syz0
[  868.592414][T16843] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.3901'.
[  868.847330][T16848] netlink: 'syz.4.3903': attribute type 3 has an invalid length.
[  868.857707][T16848] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3903'.
[  869.154503][T16855] netlink: 'syz.1.3906': attribute type 29 has an invalid length.
[  869.216022][T16855] netlink: 'syz.1.3906': attribute type 29 has an invalid length.
[  869.227851][T16860] netlink: 'syz.1.3906': attribute type 29 has an invalid length.
[  869.239772][T16857] netlink: 'syz.4.3907': attribute type 10 has an invalid length.
[  869.285065][T16857] À: port 1(vlan0) entered disabled state
[  869.335301][T16857] device vlan0 left promiscuous mode
[  869.350078][T16857] À: port 1(vlan0) entered disabled state
[  869.375045][T16857] team0: Port device vlan0 added
[  869.443304][ T4690] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  869.583925][ T4690] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  869.664601][T16868] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3912'.
[  869.736488][ T4690] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  869.872904][ T4690] bond0: (slave netdevsim0): Releasing backup interface
[  869.896442][ T4690] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  869.965690][T16876] netlink: 'syz.2.3914': attribute type 10 has an invalid length.
[  870.094289][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  870.100892][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  870.201766][T13501] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  870.212609][T13501] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  870.227899][T13501] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  870.237396][T13501] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  870.245727][T13501] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  870.253511][T13501] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  871.224485][T16905] netlink: 194236 bytes leftover after parsing attributes in process `syz.1.3920'.
[  871.320881][T16905] netlink: zone id is out of range
[  871.326552][T16905] netlink: zone id is out of range
[  871.371359][T16905] netlink: zone id is out of range
[  871.398559][T16905] netlink: get zone limit has 8 unknown bytes
[  871.537642][T16899] pim6reg0: tun_chr_ioctl cmd 1074025677
[  871.543926][T16899] pim6reg0: linktype set to 5
[  871.549408][T16908] netlink: 180 bytes leftover after parsing attributes in process `syz.1.3920'.
[  871.574013][T16914] netlink: 'syz.3.3923': attribute type 4 has an invalid length.
[  871.592113][T16914] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3923'.
[  871.683619][T16914] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  872.047320][T16883] chnl_net:caif_netlink_parms(): no params data found
[  872.205400][T16933] netlink: 'syz.2.3927': attribute type 10 has an invalid length.
[  872.321177][T13501] Bluetooth: hci3: command 0x0409 tx timeout
[  872.447569][T16883] bridge0: port 1(bridge_slave_0) entered blocking state
[  872.456933][T16883] bridge0: port 1(bridge_slave_0) entered disabled state
[  872.465760][T16883] device bridge_slave_0 entered promiscuous mode
[  872.497583][T16883] bridge0: port 2(bridge_slave_1) entered blocking state
[  872.509822][T16883] bridge0: port 2(bridge_slave_1) entered disabled state
[  872.521022][T16883] device bridge_slave_1 entered promiscuous mode
[  872.652981][T16883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  872.814969][T16883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  874.400782][T13501] Bluetooth: hci3: command 0x041b tx timeout
[  876.214829][T16883] team0: Port device team_slave_0 added
[  876.223688][T16883] team0: Port device team_slave_1 added
[  876.379045][ T4690] device hsr_slave_0 left promiscuous mode
[  876.393832][ T4690] device hsr_slave_1 left promiscuous mode
[  876.413601][ T4690] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  876.432943][ T4690] batman_adv: batadv0: Removing interface: batadv_slave_0
[  876.452156][ T4690] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  876.459628][ T4690] batman_adv: batadv0: Removing interface: batadv_slave_1
[  876.483612][T13501] Bluetooth: hci3: command 0x040f tx timeout
[  876.494364][ T4690] device bridge_slave_1 left promiscuous mode
[  876.500955][ T4690] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.511424][ T4690] device bridge_slave_0 left promiscuous mode
[  876.517964][ T4690] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.589818][ T4690] device veth1_macvtap left promiscuous mode
[  876.596857][ T4690] device veth0_macvtap left promiscuous mode
[  876.613038][ T4690] device veth1_vlan left promiscuous mode
[  876.619122][ T4690] device veth0_vlan left promiscuous mode
[  877.152812][T17018] FAULT_INJECTION: forcing a failure.
[  877.152812][T17018] name failslab, interval 1, probability 0, space 0, times 0
[  877.183783][T17018] CPU: 1 PID: 17018 Comm: syz.3.3951 Not tainted syzkaller #0
[  877.191338][T17018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  877.201436][T17018] Call Trace:
[  877.204756][T17018]  <TASK>
[  877.207694][T17018]  dump_stack_lvl+0x188/0x24e
[  877.212386][T17018]  ? show_regs_print_info+0x12/0x12
[  877.217611][T17018]  ? load_image+0x400/0x400
[  877.222140][T17018]  ? __might_sleep+0xd0/0xd0
[  877.226754][T17018]  ? __lock_acquire+0x7d10/0x7d10
[  877.231794][T17018]  should_fail_ex+0x399/0x4d0
[  877.236492][T17018]  should_failslab+0x5/0x20
[  877.241017][T17018]  slab_pre_alloc_hook+0x59/0x310
[  877.246081][T17018]  kmem_cache_alloc_node+0x5a/0x320
[  877.251287][T17018]  ? lock_chain_count+0x20/0x20
[  877.256147][T17018]  ? dup_task_struct+0x57/0x6b0
[  877.261012][T17018]  dup_task_struct+0x57/0x6b0
[  877.265705][T17018]  ? lockdep_hardirqs_on+0x94/0x140
[  877.270916][T17018]  copy_process+0x5fa/0x4030
[  877.275515][T17018]  ? __lock_acquire+0x7d10/0x7d10
[  877.280588][T17018]  ? idle_dummy+0x10/0x10
[  877.284931][T17018]  kernel_clone+0x24b/0x900
[  877.289437][T17018]  ? ksys_write+0x1c0/0x250
[  877.293991][T17018]  ? create_io_thread+0x170/0x170
[  877.299061][T17018]  __x64_sys_clone+0x1a7/0x220
[  877.303839][T17018]  ? __fget_files+0x43d/0x4b0
[  877.308563][T17018]  ? __ia32_sys_vfork+0x140/0x140
[  877.313606][T17018]  ? lock_chain_count+0x20/0x20
[  877.318472][T17018]  ? lockdep_hardirqs_on+0x94/0x140
[  877.323688][T17018]  do_syscall_64+0x4c/0xa0
[  877.328119][T17018]  ? clear_bhb_loop+0x60/0xb0
[  877.332809][T17018]  ? clear_bhb_loop+0x60/0xb0
[  877.337498][T17018]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  877.343407][T17018] RIP: 0033:0x7f568e79aeb9
[  877.347830][T17018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  877.367444][T17018] RSP: 002b:00007f568c9f5fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  877.375867][T17018] RAX: ffffffffffffffda RBX: 00007f568ea16090 RCX: 00007f568e79aeb9
[  877.383859][T17018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008004000
[  877.391854][T17018] RBP: 00007f568c9f6090 R08: 0000000000000000 R09: 0000000000000000
[  877.399834][T17018] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  877.407815][T17018] R13: 00007f568ea16128 R14: 00007f568ea16090 R15: 00007ffdac87b018
[  877.415814][T17018]  </TASK>
[  877.742798][ T4690] team0 (unregistering): Port device team_slave_1 removed
[  877.788200][ T4690] team0 (unregistering): Port device team_slave_0 removed
[  877.829233][ T4690] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  877.874673][ T4690] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  878.154787][ T4690] bond0 (unregistering): (slave team0): Releasing backup interface
[  878.189020][ T4690] bond0 (unregistering): Released all slaves
[  878.286291][T17005] netlink: 'syz.1.3947': attribute type 25 has an invalid length.
[  878.294764][T17017] netlink: 'syz.3.3951': attribute type 25 has an invalid length.
[  878.311403][T17022] netlink: 'syz.2.3953': attribute type 25 has an invalid length.
[  878.441048][T17025] device syzkaller0 entered promiscuous mode
[  878.448584][T16883] batman_adv: batadv0: Adding interface: batadv_slave_0
[  878.470834][T16883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  878.522783][T13501] Bluetooth: hci2: unexpected event 0x08 length: 15 > 4
[  878.539217][T16883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  878.561067][ T4282] Bluetooth: hci3: command 0x0419 tx timeout
[  878.649040][T16883] batman_adv: batadv0: Adding interface: batadv_slave_1
[  878.717665][T16883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  878.810558][T16883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  878.996440][T16883] device hsr_slave_0 entered promiscuous mode
[  879.022490][T16883] device hsr_slave_1 entered promiscuous mode
[  879.353630][T17061] netlink: 'syz.3.3965': attribute type 29 has an invalid length.
[  879.415566][T17063] netlink: 'syz.4.3967': attribute type 3 has an invalid length.
[  879.438567][T17063] netlink: 199824 bytes leftover after parsing attributes in process `syz.4.3967'.
[  879.499775][T17067] FAULT_INJECTION: forcing a failure.
[  879.499775][T17067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  879.513534][T17067] CPU: 1 PID: 17067 Comm: syz.1.3966 Not tainted syzkaller #0
[  879.521047][T17067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  879.531146][T17067] Call Trace:
[  879.534470][T17067]  <TASK>
[  879.537441][T17067]  dump_stack_lvl+0x188/0x24e
[  879.542177][T17067]  ? show_regs_print_info+0x12/0x12
[  879.547437][T17067]  ? load_image+0x400/0x400
[  879.552006][T17067]  ? __lock_acquire+0x7d10/0x7d10
[  879.557083][T17067]  ? __rcu_read_unlock+0x78/0xd0
[  879.562065][T17067]  should_fail_ex+0x399/0x4d0
[  879.566800][T17067]  _copy_to_user+0x2c/0x130
[  879.571338][T17067]  bpf_test_finish+0x4a2/0x600
[  879.576127][T17067]  ? convert___skb_to_skb+0x580/0x580
[  879.581521][T17067]  ? convert_skb_to___skb+0x420/0x420
[  879.586915][T17067]  ? __build_skb+0x257/0x3c0
[  879.591549][T17067]  bpf_prog_test_run_skb+0xc99/0x12a0
[  879.596960][T17067]  ? cpu_online+0xa0/0xa0
[  879.601313][T17067]  bpf_prog_test_run+0x31e/0x390
[  879.606286][T17067]  __sys_bpf+0x62b/0x780
[  879.610564][T17067]  ? bpf_link_show_fdinfo+0x380/0x380
[  879.615981][T17067]  ? lock_chain_count+0x20/0x20
[  879.620874][T17067]  __x64_sys_bpf+0x78/0x90
[  879.625332][T17067]  do_syscall_64+0x4c/0xa0
[  879.629789][T17067]  ? clear_bhb_loop+0x60/0xb0
[  879.634491][T17067]  ? clear_bhb_loop+0x60/0xb0
[  879.639195][T17067]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  879.645116][T17067] RIP: 0033:0x7f7288d9aeb9
[  879.649553][T17067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  879.669244][T17067] RSP: 002b:00007f7289cba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  879.677681][T17067] RAX: ffffffffffffffda RBX: 00007f7289015fa0 RCX: 00007f7288d9aeb9
[  879.685682][T17067] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  879.693682][T17067] RBP: 00007f7289cba090 R08: 0000000000000000 R09: 0000000000000000
[  879.701679][T17067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  879.709676][T17067] R13: 00007f7289016038 R14: 00007f7289015fa0 R15: 00007fff6f54cbf8
[  879.717700][T17067]  </TASK>
[  879.755590][T17061] netlink: 'syz.3.3965': attribute type 29 has an invalid length.
[  879.812558][T17064] netlink: 'syz.3.3965': attribute type 29 has an invalid length.
[  879.830360][T17066] netlink: 'syz.3.3965': attribute type 29 has an invalid length.
[  879.892587][T17072] netlink: 'syz.3.3965': attribute type 29 has an invalid length.
[  880.348169][ T4282] ------------[ cut here ]------------
[  880.354283][ T4282] WARNING: CPU: 1 PID: 4282 at net/bluetooth/hci_conn.c:668 hci_conn_timeout+0x24f/0x450
[  880.364223][ T4282] Modules linked in:
[  880.368163][ T4282] CPU: 1 PID: 4282 Comm: kworker/u5:6 Not tainted syzkaller #0
[  880.375814][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  880.385959][ T4282] Workqueue: hci2 hci_conn_timeout
[  880.391184][ T4282] RIP: 0010:hci_conn_timeout+0x24f/0x450
[  880.396860][ T4282] Code: 1f 8e e8 04 96 9f f8 48 8b 35 f5 fb eb 04 bf 08 00 00 00 48 89 da 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b6 85 20 f8 e8 f1 aa 4e f8 <0f> 0b e9 35 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c dd fd
[  880.416571][ T4282] RSP: 0018:ffffc90003f87c08 EFLAGS: 00010293
[  880.422731][ T4282] RAX: ffffffff8933c77f RBX: ffff8880779dc330 RCX: ffff88801ea71dc0
[  880.430820][ T4282] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[  880.438869][ T4282] RBP: 00000000ffffffff R08: ffff8880779dc013 R09: 1ffff1100ef3b802
[  880.446951][ T4282] R10: dffffc0000000000 R11: ffffed100ef3b803 R12: dffffc0000000000
[  880.455009][ T4282] R13: dffffc0000000000 R14: ffff8880779dc000 R15: ffff8880779dc010
[  880.463098][ T4282] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  880.472141][ T4282] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  880.478780][ T4282] CR2: 00007f281b25aa10 CR3: 00000000279ef000 CR4: 00000000003506e0
[  880.483750][T17090] netlink: 'syz.3.3969': attribute type 10 has an invalid length.
[  880.486937][ T4282] DR0: 0000000000008d24 DR1: 0000000000000000 DR2: 0000000000000000
[  880.502694][ T4282] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  880.510772][ T4282] Call Trace:
[  880.514104][ T4282]  <TASK>
[  880.517088][ T4282]  ? process_one_work+0x7b0/0x1160
[  880.522301][ T4282]  process_one_work+0x8a2/0x1160
[  880.527316][ T4282]  ? worker_detach_from_pool+0x240/0x240
[  880.533062][ T4282]  ? _raw_spin_lock_irq+0x86/0xf0
[  880.538162][ T4282]  ? _raw_spin_lock_irq+0xb7/0xf0
[  880.543313][ T4282]  ? _raw_spin_lock_irqsave+0x100/0x100
[  880.548925][ T4282]  ? kthread_data+0x4b/0xc0
[  880.553574][ T4282]  worker_thread+0xaa2/0x1270
[  880.558334][ T4282]  kthread+0x29d/0x330
[  880.562502][ T4282]  ? worker_clr_flags+0x1a0/0x1a0
[  880.567579][ T4282]  ? kthread_blkcg+0xd0/0xd0
[  880.572286][ T4282]  ret_from_fork+0x1f/0x30
[  880.576774][ T4282]  </TASK>
[  880.579832][ T4282] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  880.587136][ T4282] CPU: 1 PID: 4282 Comm: kworker/u5:6 Not tainted syzkaller #0
[  880.594703][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  880.604793][ T4282] Workqueue: hci2 hci_conn_timeout
[  880.609944][ T4282] Call Trace:
[  880.613246][ T4282]  <TASK>
[  880.616199][ T4282]  dump_stack_lvl+0x188/0x24e
[  880.620909][ T4282]  ? memcpy+0x3c/0x60
[  880.624916][ T4282]  ? show_regs_print_info+0x12/0x12
[  880.630162][ T4282]  ? load_image+0x400/0x400
[  880.634704][ T4282]  panic+0x2e5/0x730
[  880.638639][ T4282]  ? bpf_jit_dump+0xd0/0xd0
[  880.643184][ T4282]  ? ret_from_fork+0x1f/0x30
[  880.647807][ T4282]  __warn+0x2f8/0x4f0
[  880.651826][ T4282]  ? hci_conn_timeout+0x24f/0x450
[  880.656887][ T4282]  ? hci_conn_timeout+0x24f/0x450
[  880.661939][ T4282]  report_bug+0x2ba/0x4f0
[  880.666296][ T4282]  ? hci_conn_timeout+0x24f/0x450
[  880.671360][ T4282]  handle_bug+0x3a/0x70
[  880.675541][ T4282]  exc_invalid_op+0x16/0x40
[  880.680076][ T4282]  asm_exc_invalid_op+0x16/0x20
[  880.684985][ T4282] RIP: 0010:hci_conn_timeout+0x24f/0x450
[  880.690653][ T4282] Code: 1f 8e e8 04 96 9f f8 48 8b 35 f5 fb eb 04 bf 08 00 00 00 48 89 da 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b6 85 20 f8 e8 f1 aa 4e f8 <0f> 0b e9 35 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c dd fd
[  880.710291][ T4282] RSP: 0018:ffffc90003f87c08 EFLAGS: 00010293
[  880.716388][ T4282] RAX: ffffffff8933c77f RBX: ffff8880779dc330 RCX: ffff88801ea71dc0
[  880.724389][ T4282] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[  880.732385][ T4282] RBP: 00000000ffffffff R08: ffff8880779dc013 R09: 1ffff1100ef3b802
[  880.740377][ T4282] R10: dffffc0000000000 R11: ffffed100ef3b803 R12: dffffc0000000000
[  880.748373][ T4282] R13: dffffc0000000000 R14: ffff8880779dc000 R15: ffff8880779dc010
[  880.756385][ T4282]  ? hci_conn_timeout+0x24f/0x450
[  880.761583][ T4282]  ? hci_conn_timeout+0x24f/0x450
[  880.766633][ T4282]  ? process_one_work+0x7b0/0x1160
[  880.771778][ T4282]  process_one_work+0x8a2/0x1160
[  880.776756][ T4282]  ? worker_detach_from_pool+0x240/0x240
[  880.782410][ T4282]  ? _raw_spin_lock_irq+0x86/0xf0
[  880.787477][ T4282]  ? _raw_spin_lock_irq+0xb7/0xf0
[  880.792539][ T4282]  ? _raw_spin_lock_irqsave+0x100/0x100
[  880.798122][ T4282]  ? kthread_data+0x4b/0xc0
[  880.802687][ T4282]  worker_thread+0xaa2/0x1270
[  880.807421][ T4282]  kthread+0x29d/0x330
[  880.811524][ T4282]  ? worker_clr_flags+0x1a0/0x1a0
[  880.816571][ T4282]  ? kthread_blkcg+0xd0/0xd0
[  880.821196][ T4282]  ret_from_fork+0x1f/0x30
[  880.825654][ T4282]  </TASK>
[  880.829300][ T4282] Kernel Offset: disabled
[  880.833698][ T4282] Rebooting in 86400 seconds..