last executing test programs:

3.119924955s ago: executing program 1 (id=9439):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x3a0, 0x5}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000080), &(0x7f0000000240), 0x1800, r1}, 0x38)
r2 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff, 0x4}, 0x0, 0x0, 0x0, 0x8, 0xd, 0xfffffffc}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r5, 0x84, 0x4, &(0x7f00000003c0), 0x4)
syz_open_procfs$namespace(r4, &(0x7f0000000380)='ns/cgroup\x00')
perf_event_open(&(0x7f0000000a80)={0x1, 0x80, 0x0, 0x22, 0xc8, 0x7a, 0x0, 0x5, 0x20, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0xd4a7, 0x4, @perf_config_ext={0x7, 0x3}, 0x3, 0xfffffffffffffe01, 0x80000, 0x8d66fa1a1d566ba1, 0x29, 0xd000, 0x2, 0x0, 0x6, 0x0, 0x8f1}, r4, 0x9, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r1, &(0x7f0000000080), 0x0}, 0x20)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x10, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000c000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000007b000000bf09000000000000550901000074f6967d00000000000000180100002020702500000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b400000000000000691079000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)

1.685674989s ago: executing program 4 (id=9451):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff, 0x4}, 0x10412, 0x0, 0x0, 0x8, 0x2, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040221080207000000040000a118000200e020000100000e1208000f0100810401a80016ea1f000840032e5f54c92011148ed08734843c8802033d0803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13}, 0x94) (rerun: 32)
close(r1) (async)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) (async, rerun: 32)
r2 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x80368, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4044}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) (async, rerun: 32)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x5}, 0x94) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000040000000000000000000000850000000800000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100c2cf18000000000000001d00000000000000010000000000e655b053d1c533daa3a384a4740af49806fc0d151a9e67fd913213732af8c6453b79ecc90777f734ffc08d2db91c987346aa3645f93b75da85b9d22c814a68d02364bdf29039c8c9360463f8fea1e631b54659dca9fc6b22fc2ec0dc12e43549a6b46b54667281acc89c"], &(0x7f00000005c0)=""/258, 0x1a, 0x102, 0x1}, 0x28)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b00)={&(0x7f0000000e00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1a2, 0x1a2, 0x2, [@type_tag={0xc, 0x0, 0x0, 0x12, 0x3}, @ptr={0x7}, @enum64={0xc, 0x4, 0x0, 0x13, 0x1, 0x8, [{0x0, 0x2dc7e85e, 0x2}, {0x4, 0x9, 0xffff3db0}, {0x8, 0x1, 0x7}, {0x4, 0xfff, 0x1f60}]}, @enum64={0x8, 0x8, 0x0, 0x13, 0x0, 0x5, [{0x2, 0x6, 0xf4ca}, {0xe, 0x5, 0x6}, {0x3, 0x8be, 0x7}, {0x5, 0x9, 0x2}, {0x3, 0xf}, {0x5, 0x5, 0x6}, {0x10, 0x81}, {0x2, 0x1c, 0x7}]}, @struct={0x0, 0x4, 0x0, 0x4, 0x0, 0x2, [{0xf, 0x3, 0xd8c}, {0x7, 0x2, 0x9}, {0x5, 0xc, 0x2}, {0xf, 0x0, 0xfffffffd}]}, @int={0xe, 0x0, 0x0, 0x1, 0x0, 0x54, 0x0, 0x4d}, @datasec={0x6, 0x9, 0x0, 0xf, 0x2, [{0x1, 0x10, 0x7}, {0x4, 0x8001, 0x2}, {0x5, 0x80000000, 0x606}, {0x1}, {0x3, 0x5, 0x1}, {0x5, 0x7, 0xa000}, {0x4, 0x38, 0x3}, {0x5, 0x2, 0x7}, {0x4, 0x3ff, 0x6}], "a4f5"}, @int={0xc, 0x0, 0x0, 0x1, 0x0, 0x7c, 0x0, 0x27, 0x2}, @float={0x7}]}}, &(0x7f0000000940)=""/192, 0x1be, 0xc0, 0x1, 0x3}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r6, 0x18000000000002a0, 0xcc0, 0x0, &(0x7f0000000600)="d220dd96c717ab96f0ded75d86ddce", 0x0, 0x287, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') (async)
r7 = socket$kcm(0x2, 0x3, 0x84)
ioctl$sock_kcm_SIOCKCMUNATTACH(r7, 0x89e1, &(0x7f0000000000))

1.680051129s ago: executing program 2 (id=9452):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000007000000b704000000010000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.62492359s ago: executing program 1 (id=9453):
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff)
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0x4)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000080)={r0, r1})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000005000000000000000100000408000000000000000300000010000000000000000000000200000000030000000000000f040000000000002e"], 0x0, 0x4d, 0x0, 0x0, 0x0, 0x300}, 0x20)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x113, 0x3, 0x0, 0x0)

1.592215552s ago: executing program 3 (id=9454):
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r0, &(0x7f0000001280)={&(0x7f00000010c0)=@in6={0xa, 0x4e1b, 0x3, @empty, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000100)="f52e1d23", 0x4}], 0x1}, 0x2000c810)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0500000005000000fd0900008500000041000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/23], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000900)="70cf4c9baf6007dd25e0206dc06a6b027574914e055ed82ed0cf8fe8", 0x802, r1}, 0x38)
r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000140)='./file0\x00'}, 0x18)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={r2, 0x58, &(0x7f0000000400)}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r1, @ANYBLOB='\a\x00'/20, @ANYRES32=r3, @ANYRES32, @ANYBLOB="000000000200000033cee8e000000000000000000000000000000000ca999813115e090ede22e3f961a2746260bf4227b81e17e6005dbddfc8adf335b9919aa9352d24ab476bfae319560ef2a258aab8204dcbee1761ecf251d9713c53da68f04c8817112babe5db47e51179e6679ce2d46326a0d429fe72b6cf585a483c45552c1ef8b0e7"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
socket$kcm(0x29, 0x5, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r4, 0x40047459, &(0x7f0000000180))
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r6, &(0x7f0000000280), 0x9)
close(0x3)
close(0x4)
r7 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz0\x00', 0x200002, 0x0)
perf_event_open$cgroup(&(0x7f00000001c0)={0x2, 0x80, 0x99, 0xfe, 0x2, 0x5, 0x0, 0x80000001, 0x40100, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_bp={&(0x7f00000004c0), 0x7}, 0x4, 0xffffffffffffffff, 0x99, 0x7, 0x8004, 0x9, 0xce77, 0x0, 0xffffffff, 0x0, 0x3}, r7, 0xe, 0xffffffffffffffff, 0xf)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r1}, 0x38)

1.497653235s ago: executing program 4 (id=9455):
r0 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8919, &(0x7f0000000000)={'wlan1\x00'})
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe, 0x0, 0x0, 0x30, 0x0, 0x2, 0x24350, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x8, 0x6, 0x4000007, 0xe, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0xd8, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x10d28b, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f325, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, 0x0, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x29, 0x48, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg(r4, 0x0, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r5, 0x6, 0x6, &(0x7f0000000040), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f375ffff86dd6317ce62070000000000000000431ccaf57b00000000000000000104"], 0xfe1b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="850020000000000018100000", @ANYRES32, @ANYBLOB="1700000000000000950000000000000045"], 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r7, &(0x7f0000000440)={&(0x7f0000000800)=@xdp={0x2c, 0x11, 0x0, 0x17}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000780)}], 0x1, 0x0, 0x0, 0x900}, 0x20004050)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000080))

1.483459824s ago: executing program 2 (id=9456):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) (async)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x12, 0x0, &(0x7f0000000680)="7993ff011900000000a63b00008f20e94d07", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) (async)
recvmsg$unix(r0, &(0x7f00000003c0)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/36, 0x24}, {&(0x7f0000000180)=""/10, 0xa}, {&(0x7f00000001c0)=""/210, 0xd2}], 0x3, &(0x7f0000000300)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}, 0x40000121)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000006a00810400afef3a0b04a2377caf604bf96b1324dc851b5ef40502c6dfffff0e00f8000e0000000224ec", 0x2e}], 0x1}, 0x0)

1.341650839s ago: executing program 4 (id=9458):
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x1ff}, 0x100c, 0x7, 0x0, 0x2, 0x0, 0x7, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x31, 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000050000000000000001000004080000000000000003000000100000000000000000000002000000000300000000000004040000000000002e"], 0x0, 0x4d}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x1}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000071121a000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x300}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8a}, 0x50)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000c80)}, 0x40012100)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x24008080)
r3 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)

1.32240335s ago: executing program 2 (id=9459):
socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20004, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="183f0000000000000000000000000000b7080000000100007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000005e00000095", @ANYRES16], &(0x7f0000000300)='GPL\x00', 0x2, 0x1002, &(0x7f0000002500)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffdf8, 0x10, 0x0, 0x34, 0x0, 0x0, 0xfffffffffffffe65}, 0x23)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x5}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20000000}, {0x85, 0x0, 0x0, 0xa0}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llx, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x2000000}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x6000000}, 0x94)

1.30113729s ago: executing program 0 (id=9460):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x0, 0x20000}, 0x0, 0x0, 0x0, 0x6, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x6eab22e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
close(0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x4e, &(0x7f00000000c0)}, 0x8)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="180000003d000b08d25a80648c7494f90324fc600b000240", 0x18}], 0x1}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f93924fc60040011000a7403004800000037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r4}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000000000007111423f000000008510000002000000850000000500000095000000000000009500a505000000001058cb65"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

1.181788724s ago: executing program 1 (id=9461):
r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x1, @perf_bp={0x0, 0x4}, 0x18, 0x0, 0x0, 0x4, 0x5, 0x400, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfff0000000000001, 0xffffffffffffffff, 0x7)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x11)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xe, 0x24, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1ff}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_val={0x18, 0x9, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x0, 0x3, 0x3, 0x4, 0x20, 0x20}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @jmp={0x5, 0x1, 0x0, 0x7, 0x6, 0x100, 0xfffffffffffffff0}, @map_val={0x18, 0x4, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff9}, @jmp={0x5, 0x0, 0xd, 0x4, 0xd, 0x20}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x0, 0xe, 0x3, 0x5}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000002c0)=[{0x4, 0x3}, {0x0, 0x4, 0xf, 0x1}], 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={r2, 0x0, 0xc9, 0xcf, &(0x7f00000003c0)="5849ee4eb50116ddafd55c1d387469f46205e192093dd26374ef253f77723ff0b6572a0b0ff5433e2d54cf8e117727183969a0718c35cc807dd7c16d159f8755c585b7ac54003a2640c87b70f07316a7459da5d4567f97e885a977394a396ef92145b039d54b9a7d674830e0d3891c74c93f8e7c33baf288bf7b3eeed866169399c5e24586f89cbb8406acffbe2ac5f161421cdbcd171e6e329a2f566dbc0a6480b110f5f3273d7804083683fec59a7cc614cf325dbf8f151826d603c3a3f862a767b45c6d787a908a", &(0x7f0000000600)=""/207, 0xe9, 0x0, 0x1c, 0xdf, &(0x7f0000000700)="abbaa1dd6ed69d3108684336745288bacc037496dd97e2dc120f88d0", &(0x7f0000000740)="8f7dbb5fc46ecdca46162cca93158e5ac3974f489452c97d54ec787bec3895ea444e2284675f292c8fc3018958d024b7bde6effd54f1b7d589526f11eb9849ca11c233b2fbe86fddc06c3d9ba4bd278ccc24f9a07c4e695e1fea539000468a37158709704a60f53e95cccea50574850536fb8c377df8d235f39597205f3cce87e9665e6d719fd143cf1494e09c2710d114af962a27beedd8d43f2377c8231cba4abe075f98f51e988c34f0af813d8469382907774eecce5e871240370b51d33a06dbaf2455e579a9df1ef017ad79a83355c0d8e51571b4622ce43bd6a8a499", 0x0, 0x0, 0x800}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', r1, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2, '\x00', r1, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x50)

1.178780394s ago: executing program 4 (id=9462):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000002940)="2000000020008107090f9becdb4cb96b0a000000000000020000000000200000", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x0)

1.161425135s ago: executing program 3 (id=9463):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0xb, &(0x7f00000001c0)=@framed={{0x25, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x20}, [@printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfff8}, 0x94)

1.144693695s ago: executing program 2 (id=9464):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
socket$kcm(0x21, 0x2, 0x2)
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) (rerun: 64)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x13, 0x0, 0x0) (async)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, 0x0, 0x0}, 0x94) (async)
close(r2) (async)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r3) (async)
sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$inet(r4, &(0x7f0000002740)={0x0, 0x0, 0x0}, 0xc03e)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5d35, 0x4000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x100308, 0x0, 0x0, 0x8, 0x67534e7a, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) (async, rerun: 64)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000380)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000180)=0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc92b18236457ee3c8", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socketpair(0x1e, 0x800, 0x7a, &(0x7f00000001c0)) (async)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a0091"], 0xfe33)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r5}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r8 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, r7) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

989.78907ms ago: executing program 4 (id=9465):
socket$kcm(0x1e, 0x1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)
syz_clone(0x6800000, &(0x7f0000000240), 0x0, 0x0, &(0x7f0000000300), 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x180, 0x0, 0x0, 0x6, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./cgroup.cpu/cpuset.cpus\x00'}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r2, 0x0, 0x9a)
perf_event_open$cgroup(&(0x7f0000000400)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x2f6}, r2, 0x0, 0xffffffffffffffff, 0xf)

989.45966ms ago: executing program 3 (id=9466):
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="09000000060000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x2000000, 0x7, 0x0, &(0x7f0000000600)="c9f7b986000000", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0xffffffffffffffff)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00e}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x14000, 0x0, 0x0, 0x0, 0xcd, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, r3, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xe, 0x4, 0x8, 0x7}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404b00001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x28}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000040)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="d80000001c0081044e81f782db44b904021d080201000000000018a118000c000600142603600e1208000f0100810401a8001600200001400300600803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c13223e3f52a98516277ce06bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20)
sendmsg$kcm(r2, &(0x7f0000001d80)={&(0x7f0000000540)=@nfc_llcp={0x27, 0x0, 0x1, 0x3, 0xe, 0x6, "422cb72541d3b2649686f28f8122c1eeff0a9cd63b909d285f6ff0f8a047093777e5b9fef1ba85d65740b004a64caafb87aee06737fb8cd4726e7345928b57", 0x6}, 0x80, &(0x7f0000001d00)=[{&(0x7f0000001c40)="a5fd511c7169f9b76d5f6b5ee9b4f199c0ecdf1d0bf201bb039eae2fde315cc67468e2372ed356711ed0458f3cb7e8d133a2cec20f15959f8449e86b3e0fe92f8903612a676349da49b588f0300b1f284d0e0431f1814dc9e289d2975255dbe86d4e81dfb5d20027aa3c0e67308f80c2ed2d26a430ba9a81c84c0bf6861ba02c68260b3438bb24b7e23d9f742326ced0005d05787ef40c8cfd939a9c0b1e8d8cfff119a0", 0xa4}, {&(0x7f00000005c0)="84c93a0b418d8d0e041f61099f60d7b302f38242716816e0b62573c2f40654a9d0", 0x21}, {&(0x7f0000000640)="377a6f7ee1b9472bb26753d555772ab361de5cc850da6b75c9102d9778fea0afad95b4e19398045ba67ba01d9c6d746c3618c55097d0d2369cde86ef3784e8926e39602c53b851b18b4b9120062e030e9243e0a5c90d4b4853e1", 0x5a}], 0x3, &(0x7f0000001d40)}, 0xc845)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000200)}, 0x8000)

989.27344ms ago: executing program 0 (id=9467):
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180))
r0 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, &(0x7f0000000000)={r0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x104943, 0x400ac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000000100000bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff00000f00ae04020000000000be400300000000006504030001ed00007b130000000000004d44000000000000630a04fe0000000071330000000000009f030000000000009500000000000000023bc065b7a379d17cf9333379fc05000000912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554d1b583c587e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9a0200000000000000e3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb1d2cd871c5548930be3835f2554b4a28610643a98d9ec21ead2ed51b104d4d91af25b84550a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7076c15b463bebc72f526d8e4a9e231d512381e7a78afcb913466aae7f6df70252e79166d858fc152b659da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33d39000d06a59ff61622cfd9aa58fe8d485ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bde4cc3ed54d27f777e92b87496e6649cf728d236619074d6ebdf098bc908c423d228a40f9411fe7226a40409d6e37c4f46756d31cb46761bade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18de0ae564162a27afea62d84f3a10746443d64364f56e24e6d21053d901204a1deeed41556175cbd4041b7d301bcb72652d950ad31928b0b093778b68e2e9853c02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595bcf50ab32d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063b59261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfdce669e51731b2875353193f82ade69d0540059fe6c7fe7c00fb7502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abd47b64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022af46667cf25c5d3038816106dec28eaeb88343261a48a18f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfeff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c55318294270a1ad10d30fef7c24b78b29d83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead8eaf68b0c5dda0467d35a3807000000b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ea1e717d29135753208165b9cdbae037f315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d7012c1b45f6ada1ee7baa5b6a686b50f09b7f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac4d73a008364e0602a594817031fc2ff2c32a1989e00f52f8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e016820f78b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1b8f916b9671b7000000000040f4bee5ad2dea2d14e195265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879d4e7dc00624708042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b85343f9f36bcda9f64b7a5c5b2f5452f5b1de02e6f15c5640bf89d4a74d51dc233dee628c1dfbb5566b98478c174b34eb234481547e484c6af101396b6977dd668b401391c1dc54f2edccf1cabe6be9868d383eb937efdfd9ade018106f544f04fc07ad525497f65fbad3cf145396acf3b0d38e6b46e28d86880fd6f62c373000000000000000000005d194c27cd4d8f6727f59c71dc84311c0f1fb6c87081c7be9355288610c32c2d8c18bf2027212182903687f48262aea54c5f8a315c9aa4a5af1aa2c4007d1baae38c270012b7eb9411ae451204dba30f8321b07a18db97c3e0cf6a15170e515b1cc463a67a5b2b23ec5662ccfa898b8d5075647bdfb390cde56efb8fd42df12c5c8f66bdc58449ec2b38bf12f5f0a49dcbcf4e6f11c47d23fa34793a0000a1cbb1e06e9a8d2449451d7a05ec0a0d3c9716f505ddeba488c60ebf44cac05c2739694359c925148137376dd3f1330ed0e9211f73ee279cc0b5c298422395ce438f48a39ff569375e609f9e904aacc3d8011326d5e4d654c74501cf16bbf72d3984f9b4ef000000003a8a3d49fc837001e4622e58e3a4ef6b55a8dd0680d951cdb6e54ed92a9a6a0e5e494b7b7b0ef4b4bafc5d964551b2a22bfd12b0761ef07a103e51e84917ee44f860b9785e264343f6a80e9318edecf73df6940856cd56c56eb3831445833c701044aaa49439a44a624267580b3c0980d7f87437bf498f6e1915450400000000000000564a02552c0a5fedbcf4da0db6ed03b9dbc224ee76d20aaf1ac74bcb7eb6f202209e64cc4d130dcf6ab3df8ae4911deb4bb5c7df97fc348d151e834be73915f854272f69d88123f666448b6a8e73322b04fffea9cc05e4129debf311c73b4d1a244b1e5b9943028745a0b6477686740ab877315e35624d791e6f71adb1acd3e22cf472ff7e048b16c11c84da9a3b16b92665912132a4dba680052919c20e191311d8092a09f3c609823fed1bd651ce1c34de105790ba2ca3afa26647f66efbf97b109e7226c74e32beb14ff3fd6918e255fc9b42f86b0188cf885afcc9bb77a7fc3ca7ec1015af494add960f8a11422ca005f24006867cd156e0350022943e301b2c07f4d37d07b05ac2fa1f1d5a0d6eb7e992b076bd77509c26034d2a740d578476410b413591884136259693effaf27e7bcfb58efa92625fb9bd68ecca42047f6e7d24b0446ea16a310073c163d1c6aa3ba1fe76b4e88d5f98cc05c6d033e2c28b4990892230d6b4e5c083a601a25145eb22f4f77313117f8147810d95c64fb78b0a000000000000000000000000e92ba8b066e4bd82bb6003d5da8791d838bcd6eefb13000000000000000000000000000000b652ff6fbad82da75114742bc6a27cba894ef490531be709a3a3c81b267dfafa55e6f855200b4e7518682c30f40808cd5bb8f00beb63b4989cc01d8e75a182337b9f9e08430ccec9bda0134d07a9f54b60033182f5d2bb61fd130d65e68bf148d26470060c707a8cf750ca954ee63c78cd975c7f565783383f02edcb7ce4a9ed0c511d18fe32352276d72eefe0d566f97ccae16b3492f60b96574aac4f1862fb6e4932c181dbf8c68ca16b765de9edba0bf5bfb9c4950d19c0bc31db02f374ce62141160436639d4b6cb0033a47ffdc54d55f1136743b1b26946f200000000000000007590ab8f29c7accd9d11786c4ca1271cd2293b572f14a3dfcaa3467f2783fc09e3eee3fa4b82b7b6ce904e05fa797a2f7ff63e4f874bd870821f6460904e05d7a3f8295a9a5fba1e3587b9d9e878c86ba9b66c4491fcff607d9cbf156f3fc0fb8c827d4e6cac493a3e2746bd5f0f8bc024352200a4250785cdca4fe3c546972d0a56e3905d1e72c33d64f6591fe25f312f47e7ec6b4640f1f6dc4efee4b8d3cfbfcbf77bfd52f0a99adc7d359233cfea0a11f5dcb87603885f08d633e842644988d2f45a1824361b5df707f726fad22d53727b4396b3d05df34933262fdb09f19837fdc2af1c721b17d54076e25ab625ae0a4c9cd900"/3002], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb}, 0x48)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x1a, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="68cabf2d", 0x4}], 0x1}, 0x40840)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0), 0x4)
sendmsg(r2, 0x0, 0x20008840)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000240))
socket$kcm(0x29, 0x7, 0x0)

936.813232ms ago: executing program 2 (id=9468):
socketpair(0x1, 0x1, 0x1, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$kcm(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000840)=ANY=[@ANYBLOB="620ac4ff00009cc8514a2b948300007110ab00000000002cc8000001", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x80)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2818, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x0, 0xbfb}, 0x0, 0x0, 0x9e8, 0x0, 0x6, 0x1, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB='-devices -memory +cpu -net_Prio '], 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xf, 0x0, 0x5d31, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340)}, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000180)="5c00000014006b03000000d86e6c1d0010ffff0af32c6e021fffffff000000000f00000017d3a705251e6182949a369f3d3b48dfd8cd3f9367c1fa51f60a64c9f4d4938037e786a6d0bdd7000000000000eaffffffb3d59256a5a2fd", 0x5c}, {&(0x7f00000006c0)="ef96ae5a35f5ad40d868ab88a57b9fd05bda6ff4ee8301094429389130a3900fd587af8d04572440c030b5c1ba9d3ac818a869d13b992f65b42923e39463593d966ed27362f8aa735d14d40fd2767ace7fe61d84706a4b0978c198b35ff2f2ee5814f1e964654e121e9a33", 0x6b}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0)
write$cgroup_subtree(r1, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000520091ef"], 0xfe33)
recvmsg$kcm(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001a40)=""/4095, 0xfff}], 0x1}, 0x0)
recvmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x50be}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="5400020029000b05d25a806f8c6394f90424fc602f0011002f2f2f00053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x5000000}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000240)={&(0x7f00000002c0)=@ax25={{}, [@bcast, @remote, @default, @rose, @default, @remote, @rose, @bcast]}, 0x80, &(0x7f0000000500), 0x0, &(0x7f00000001c0)=""/52, 0x34}, 0x2000)
recvmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001180)=[{&(0x7f00000000c0)="1400000027000bff001b05290000000000000000", 0x14}], 0x1}, 0x4080)
r6 = socket$kcm(0x10, 0x3, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000080)={r6})
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a00)}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})

672.18654ms ago: executing program 0 (id=9469):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f, 0x61]}}, 0x0, 0x35, 0x0, 0x1000000}, 0x28)

671.737ms ago: executing program 1 (id=9470):
r0 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e22, @remote}}, 0x80, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000100100000d000000aa00000069000000180000000000000010011c0001"], 0x30}, 0x0)

469.774286ms ago: executing program 3 (id=9471):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYBLOB], 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0], 0x50)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x18}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1a}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xa, 0x9}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x1800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

454.164436ms ago: executing program 0 (id=9472):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
socket$kcm(0xa, 0x5, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)="600000004e007f01049e", 0xa}], 0x1}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa21, 0x0, 0x498a, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x7, 0x22004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd204}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x3, 0x0, &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x50}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x13, 0xa, &(0x7f0000000c40)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x94)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/191, 0xb9, 0xbf, 0x1, 0x4}, 0x28)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301ffffffd70095000000000000006926000000000000bf67000000000000150600000fff07e03406000043fe0000070600000ee60000bf050000000000003d3500000000000065070000020000e3260700004c0000001f75000000000000bf5400000000000007040000f0fff8ffad350100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792138e042ce31c2b7ae994a5642cb064ecd5615f3196e3359aceb768637e60bd5d2e4b5992de991371274fdff6e79fc722e25659a7c85615c1b88bc894123cfe3614e887ffffff7f381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b197baf8ebb7c11a8df40d92706d0bbcc5bf6fec345ae9606c3c1a348f9b395592c1f9ae5de8923b27a6fdc20441018e5e4b41b13000c94df1f2db24c67d4c7ba9ec035883e2791a9e9dff3e8bfc7d1be00000082018f5f4b2c00000000000000387a601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf0418e100bdff1c8bcfc0c229874bc3d2418bab997c8bef9aa55841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7f2cd12bc34b0fc6273786b5bba17e9b8f1c2af8e23c411a4d1124cfb5279195f701000000f77c71294bbfd85878726c49eb89085967722d98cb884d1afe82f7f722e38397996271700241094d272dd8b754b2dd7817450bc7921dd372e621dd447b86e7ffd1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6e312bdb8261d0dc10cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446ef1c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e009000000000000002eb85073720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf81bcb1d262845762f6b0a284cc463b42492bab0f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250bbce4f618cad2375a34c7f15c3096f3e9004468cf1aba4a6f22ed0eb3681c6963205eefc072ab79ad8b126500419e25a94ce13a7a96deac79c90b8df10b1e364cf97eaa49fd2294320fad0d814f230f954eec844f6b658ee04eb1c6d655a3383928d6e0307a7097b0a5fa5040958d2b7ad0eb7605a7de7ce9cf0e6b472d764976fbf7edd83dac8b9273976bfd6090de0a73cf8a9b2c23500a4054703e2df18d8498356e3c1cd6418e149f8a22e95da26221d8a69b642915471f4917571357aa9df385c0532d6e70263ec616f88dc8f93c886ede7743c53d738b9c7021f0032970eabd2808c53128b3eb600f2614256184c506454980e542ce450029aa6de147a8c81e6f701a4b9b278b08e4b02710907923f0797f96413054f2d1b5f2ba0c49567b53db5d862acf2c42faa37c4a8738f64ed7fef9ffba58a3c1ca52b55aef071e4f11334e3a70918e5b18dab84decde74d616b5b05c96378acc79375a7ebdb54b01d512de48184950f5cac97f0a6dcc6d12c48c6e3b925fee7974ca8f3009188bbecc30e1adbc290ac99555ec069636a8079f8ca80343ff84e896dda2d4148f982feff6b38699fb57aab5596479f84b59daa9a406c5119761d5aabb51c5175461f8b0aa7265c380317f08775d8a8a8bda64ada2c6b3599f548d6272937e4d89ef6ebcecf84fa856024b55dd057056bbae005f0fba858f3abdd9c115064000000000000000000070b0bb28fd1eca97a90864863235d415379d1bdb3d35015f85be2ae802455d3b079f12aa837996ca1ce7280cb394b4c13ca623c30b19887d41eab495f698284a1bc17ff100000000000000000000dac089bdf7984e3300000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

354.606559ms ago: executing program 1 (id=9473):
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x1ff}, 0x100c, 0x7, 0x0, 0x2, 0x0, 0x7, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x31, 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000050000000000000001000004080000000000000003000000100000000000000000000002000000000300000000000004040000000000002e"], 0x0, 0x4d}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x1}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000071121a000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x300}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8a}, 0x50)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000c80)}, 0x40012100)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x24008080)
r3 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)

354.358769ms ago: executing program 4 (id=9474):
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x3, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000005, 0x80100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x11540}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x6, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00')
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004001000ffff21000b00000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000080)="492e472a6281414b87566ac8883f7d28d11fd4f1127230a3aa003bf4897e3b80cb1815a98ad9bd", &(0x7f0000000200), 0x2, r3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000040)={0x0, &(0x7f0000000000)=""/46, &(0x7f0000001140), &(0x7f0000000140), 0x1, r3}, 0x38)
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000180)=0x8)

261.655572ms ago: executing program 3 (id=9475):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x1, 0xffffffffffffffff, 0x8)
mkdir(0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_config_ext={0xcf, 0xd}, 0x21, 0x0, 0x0, 0x4, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f00000003c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f0f3000000006926000000000000bf67000000000000560602000f0200006706000020000000620a00ff0ee60000bf250000000000002d35f3fe000000006507000002080000070700004c0000003e75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2726f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfda047bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded527a0bfe5504eb355cb0000000000000073be27152effbed9ed6a4e8f9c55a2ff11245f2c20856d491b80d749cf8917dbe01cc6c7b747923621bb16efb2025d19a1a27b0348135e32e442da8f26e05283ece8ad92c77f8141c7a2037380f28c9c638ee0151f4620b9b64185db0321a4e809a5438cdef28f7adac1735a50006fbae20d0930b55f0081db6fa0d14024cefa1611ef384de38787324bfb9f79a1e164c8fe80a2d9e4199960"], &(0x7f0000000100)='GPL\x00'}, 0x27)

237.960723ms ago: executing program 0 (id=9476):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071113300000000008510000002000000850000000900000095000000070000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)

139.810665ms ago: executing program 0 (id=9477):
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x1f00)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000004000000280000002800000002004aaed8f900000200f30e000000040e000000000000000900000002000000050000000000000b01"], 0x0, 0x42, 0x0, 0x1}, 0x28)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f3, &(0x7f0000000080))
recvmsg$unix(r1, &(0x7f0000000840)={&(0x7f0000000300), 0x6e, &(0x7f0000000400)=[{&(0x7f0000000380)=""/118, 0x76}], 0x1, &(0x7f0000000700)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x130}, 0x2)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x1, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8ff03}, 0xff86)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8916, &(0x7f0000000000)={'wlan1\x00', @random="0200ff7fffff"})

69.756988ms ago: executing program 3 (id=9478):
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x1ff}, 0x100c, 0x7, 0x0, 0x2, 0x0, 0x7, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x31, 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000050000000000000001000004080000000000000003000000100000000000000000000002000000000300000000000004040000000000002e"], 0x0, 0x4d}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0x1}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000071121a000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x500}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8a}, 0x50)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000c80)}, 0x40012100)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x24008080)
r3 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)

49.989948ms ago: executing program 2 (id=9479):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x58c8, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100"], 0x48)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="325e2da1e8b735346df15f011a01c27d5de0bfdd04fedca0062a91c415673bb18d1c174e9e07b530eba7f88fccca532d49b142aeeb59c7fed98212f6ea6cb9a47f87b72413c987dba5668b5b6d23f1fc5fbb155c6a1873435c487dc98a51fb8f92349efd8790e11829c97d6a10b37e712ac77d0a1607593277d71d3ec596392fba422378b498275d3fc4d86bd00ea1c0db932f90d5507c95fc4f725c6070319c3c53885dc63eef310aa9a7e2ab965bfa176ff9584fbb0ba7825cc805e635079bf67748ef848f83243571f765995a6549be6ec840c0280f473e6462b529dfcfb833c2c8e1b86dac2c09e84d360959bfe5bbd8aecb47c4dc57464c458d7934aeaa8d3d27c44e654b6ad89337db73d700c8"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000b2cb0000000000000700000593ead0e59a5fc4b0ef3be90dcd7aef402aaac17dfa82d40100"/58], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071117200000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x58c8, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100"], 0x48) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="325e2da1e8b735346df15f011a01c27d5de0bfdd04fedca0062a91c415673bb18d1c174e9e07b530eba7f88fccca532d49b142aeeb59c7fed98212f6ea6cb9a47f87b72413c987dba5668b5b6d23f1fc5fbb155c6a1873435c487dc98a51fb8f92349efd8790e11829c97d6a10b37e712ac77d0a1607593277d71d3ec596392fba422378b498275d3fc4d86bd00ea1c0db932f90d5507c95fc4f725c6070319c3c53885dc63eef310aa9a7e2ab965bfa176ff9584fbb0ba7825cc805e635079bf67748ef848f83243571f765995a6549be6ec840c0280f473e6462b529dfcfb833c2c8e1b86dac2c09e84d360959bfe5bbd8aecb47c4dc57464c458d7934aeaa8d3d27c44e654b6ad89337db73d700c8"], 0x48) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000b2cb0000000000000700000593ead0e59a5fc4b0ef3be90dcd7aef402aaac17dfa82d40100"/58], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071117200000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) (async)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) (async)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

0s ago: executing program 1 (id=9480):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e068000000110000000000000000dbc790ad000000fc000000000000001400000000000000000f00003400000004000000000000001c000000000000000000000008"], 0x68}, 0x0)

kernel console output (not intermixed with test programs):

ing back to sysfs fallback for: regulatory.db
[ 1091.782530][T27006] netlink: 'syz.0.7557': attribute type 12 has an invalid length.
[ 1091.836145][T27006] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7557'.
[ 1091.887346][T27014] netlink: 'syz.3.7561': attribute type 10 has an invalid length.
[ 1091.916232][T27014] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7561'.
[ 1091.925651][T27014] device dummy0 entered promiscuous mode
[ 1091.935172][T27014] bridge0: port 3(dummy0) entered blocking state
[ 1091.943017][T27014] bridge0: port 3(dummy0) entered disabled state
[ 1091.960285][T27014] bridge0: port 3(dummy0) entered blocking state
[ 1091.967084][T27014] bridge0: port 3(dummy0) entered forwarding state
[ 1092.109445][T27028] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7566'.
[ 1092.901001][T27045] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.7572'.
[ 1096.111386][T27095] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7591'.
[ 1096.121317][T27096] netlink: 'syz.4.7591': attribute type 12 has an invalid length.
[ 1096.130355][T27096] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7591'.
[ 1096.155737][T27097] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1096.357629][T27103] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7593'.
[ 1096.486823][T27103] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7593'.
[ 1096.577620][T27105] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7593'.
[ 1097.383987][T27135] netlink: 'syz.4.7604': attribute type 27 has an invalid length.
[ 1097.401096][T27135] netlink: 164 bytes leftover after parsing attributes in process `syz.4.7604'.
[ 1099.218944][T27108] netlink: 128 bytes leftover after parsing attributes in process `syz.1.7595'.
[ 1099.228329][T27108] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1099.244270][T27127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7601'.
[ 1099.255729][T27141] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7606'.
[ 1099.276037][T27145] netlink: 'syz.2.7606': attribute type 12 has an invalid length.
[ 1099.283909][T27145] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7606'.
[ 1099.548990][T27169] netlink: 'syz.1.7616': attribute type 29 has an invalid length.
[ 1099.566580][T27169] netlink: 'syz.1.7616': attribute type 3 has an invalid length.
[ 1100.349569][T27198] netlink: 'syz.1.7625': attribute type 12 has an invalid length.
[ 1100.696676][T27196] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1100.726000][T27196] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1101.503862][T27214] netlink: 'syz.4.7631': attribute type 46 has an invalid length.
[ 1101.593242][T27214] __nla_validate_parse: 3 callbacks suppressed
[ 1101.593260][T27214] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7631'.
[ 1101.627472][T27216] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 1101.657152][T27216] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1102.428332][T27250] netlink: 'syz.2.7642': attribute type 29 has an invalid length.
[ 1102.446177][T27250] netlink: 'syz.2.7642': attribute type 29 has an invalid length.
[ 1102.494253][T27250] netlink: 'syz.2.7642': attribute type 29 has an invalid length.
[ 1102.591750][T27255] netlink: 'syz.2.7642': attribute type 29 has an invalid length.
[ 1102.831114][T27270] netlink: 'syz.4.7648': attribute type 29 has an invalid length.
[ 1102.848051][T27270] netlink: 'syz.4.7648': attribute type 3 has an invalid length.
[ 1102.872452][T27270] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7648'.
[ 1104.321773][T27271] netlink: 144 bytes leftover after parsing attributes in process `syz.0.7647'.
[ 1104.418971][T27288] FAULT_INJECTION: forcing a failure.
[ 1104.418971][T27288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1104.445846][T27288] CPU: 0 PID: 27288 Comm: syz.4.7654 Not tainted syzkaller #0
[ 1104.453366][T27288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1104.463437][T27288] Call Trace:
[ 1104.466730][T27288]  <TASK>
[ 1104.469678][T27288]  dump_stack_lvl+0x188/0x24e
[ 1104.474377][T27288]  ? show_regs_print_info+0x12/0x12
[ 1104.479597][T27288]  ? load_image+0x410/0x410
[ 1104.484126][T27288]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1104.489180][T27288]  should_fail_ex+0x390/0x4c0
[ 1104.493885][T27288]  _copy_from_user+0x2c/0x170
[ 1104.498585][T27288]  btf_new_fd+0x326/0x760
[ 1104.503023][T27288]  __sys_bpf+0x612/0x780
[ 1104.507289][T27288]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1104.512691][T27288]  ? lock_chain_count+0x20/0x20
[ 1104.517568][T27288]  __x64_sys_bpf+0x78/0x90
[ 1104.522005][T27288]  do_syscall_64+0x4c/0xa0
[ 1104.526438][T27288]  ? clear_bhb_loop+0x60/0xb0
[ 1104.531128][T27288]  ? clear_bhb_loop+0x60/0xb0
[ 1104.535815][T27288]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1104.541735][T27288] RIP: 0033:0x7f0ee1f9ce59
[ 1104.546165][T27288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1104.565789][T27288] RSP: 002b:00007f0ee2e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1104.574217][T27288] RAX: ffffffffffffffda RBX: 00007f0ee2215fa0 RCX: 00007f0ee1f9ce59
[ 1104.582194][T27288] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1104.590167][T27288] RBP: 00007f0ee2e2a090 R08: 0000000000000000 R09: 0000000000000000
[ 1104.598150][T27288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1104.606132][T27288] R13: 00007f0ee2216038 R14: 00007f0ee2215fa0 R15: 00007ffe76276a48
[ 1104.614129][T27288]  </TASK>
[ 1107.795342][T27346] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.7672'.
[ 1108.092276][T27361] netlink: 176 bytes leftover after parsing attributes in process `syz.1.7675'.
[ 1108.482378][T27367] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.7679'.
[ 1108.508251][T27367] netlink: zone id is out of range
[ 1108.522616][T27367] netlink: zone id is out of range
[ 1108.524353][T27382] device bridge_slave_0 left promiscuous mode
[ 1108.538199][T27382] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1108.540895][T27367] netlink: zone id is out of range
[ 1108.556326][T27367] netlink: zone id is out of range
[ 1108.563862][T27367] netlink: zone id is out of range
[ 1108.570754][T27367] netlink: zone id is out of range
[ 1108.587863][T27367] netlink: zone id is out of range
[ 1108.594749][T27367] netlink: zone id is out of range
[ 1108.615855][T27367] netlink: zone id is out of range
[ 1108.621374][T27367] netlink: zone id is out of range
[ 1108.692338][T27384] netlink: 'syz.3.7678': attribute type 2 has an invalid length.
[ 1108.706066][T27384] netlink: 'syz.3.7678': attribute type 8 has an invalid length.
[ 1108.717810][T27384] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7678'.
[ 1108.862670][T27391] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7686'.
[ 1109.846215][T27427] netlink: 'syz.0.7697': attribute type 29 has an invalid length.
[ 1109.876302][T27427] netlink: 'syz.0.7697': attribute type 29 has an invalid length.
[ 1109.886518][T27424] netlink: 'syz.0.7697': attribute type 29 has an invalid length.
[ 1109.897697][T27424] netlink: 'syz.0.7697': attribute type 29 has an invalid length.
[ 1109.952403][T27424] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.7697'.
[ 1110.079937][T27427] netlink: 10 bytes leftover after parsing attributes in process `syz.0.7697'.
[ 1110.725643][T27476] netlink: 'syz.4.7716': attribute type 29 has an invalid length.
[ 1110.756217][T27476] netlink: 'syz.4.7716': attribute type 3 has an invalid length.
[ 1110.771533][T27476] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7716'.
[ 1110.969300][T27486] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.7721'.
[ 1111.709174][T27513] device syzkaller0 entered promiscuous mode
[ 1111.727463][T27515] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 1114.417876][T27547] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7741'.
[ 1114.437199][T27555] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.7744'.
[ 1114.906996][T27582] netlink: 'syz.3.7753': attribute type 29 has an invalid length.
[ 1114.934086][T27582] netlink: 'syz.3.7753': attribute type 3 has an invalid length.
[ 1114.955426][T27582] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7753'.
[ 1115.780571][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.796898][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.157703][T27587] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.7754'.
[ 1117.581282][T27614] netlink: 'syz.0.7764': attribute type 3 has an invalid length.
[ 1117.640650][T27614] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7764'.
[ 1117.861390][T14211] Bluetooth: hci2: command 0x0406 tx timeout
[ 1120.169306][T27695] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.7792'.
[ 1120.263673][T27698] netlink: 'syz.0.7791': attribute type 2 has an invalid length.
[ 1120.334720][T27698] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.7791'.
[ 1120.426066][T27698] netlink: 'syz.0.7791': attribute type 2 has an invalid length.
[ 1120.616987][T27698] device 0 entered promiscuous mode
[ 1121.796242][T27736] netlink: 'syz.1.7804': attribute type 11 has an invalid length.
[ 1121.814369][T27736] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.7804'.
[ 1122.610971][T27734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1124.022118][T27736] netlink: 763 bytes leftover after parsing attributes in process `syz.1.7804'.
[ 1124.119005][T27740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7805'.
[ 1124.192684][T27744] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7806'.
[ 1125.303754][T27801] netlink: 134056 bytes leftover after parsing attributes in process `syz.2.7828'.
[ 1125.811371][T27811] netlink: 'syz.2.7833': attribute type 6 has an invalid length.
[ 1125.836034][T27811] netlink: 168 bytes leftover after parsing attributes in process `syz.2.7833'.
[ 1125.907962][T27820] netlink: 'syz.0.7835': attribute type 29 has an invalid length.
[ 1125.938367][T27820] netlink: 'syz.0.7835': attribute type 3 has an invalid length.
[ 1125.959760][T27820] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7835'.
[ 1126.827718][T27850] netlink: 'syz.2.7847': attribute type 3 has an invalid length.
[ 1126.835707][T27850] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.7847'.
[ 1127.280285][T27862] netlink: 'syz.1.7849': attribute type 12 has an invalid length.
[ 1127.335455][T27862] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7849'.
[ 1127.656235][T27883] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.7857'.
[ 1127.790566][T27891] netlink: 'syz.1.7861': attribute type 3 has an invalid length.
[ 1127.825911][T27891] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.7861'.
[ 1127.900859][T27898] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.7863'.
[ 1127.925736][T27898] debugfs: Directory '!!!' with parent 'ieee80211' already present!
[ 1128.233863][T27895] sctp: [Deprecated]: syz.0.7863 (pid 27895) Use of int in maxseg socket option.
[ 1128.233863][T27895] Use struct sctp_assoc_value instead
[ 1128.536148][T27925] netlink: 134056 bytes leftover after parsing attributes in process `syz.1.7869'.
[ 1128.861409][T27934] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7874'.
[ 1129.131583][T27946] netlink: 'syz.1.7876': attribute type 29 has an invalid length.
[ 1129.181058][T27946] netlink: 'syz.1.7876': attribute type 3 has an invalid length.
[ 1130.315294][T27984] FAULT_INJECTION: forcing a failure.
[ 1130.315294][T27984] name failslab, interval 1, probability 0, space 0, times 0
[ 1130.328459][T27984] CPU: 0 PID: 27984 Comm: syz.0.7891 Not tainted syzkaller #0
[ 1130.335960][T27984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1130.346054][T27984] Call Trace:
[ 1130.349368][T27984]  <TASK>
[ 1130.352336][T27984]  dump_stack_lvl+0x188/0x24e
[ 1130.357071][T27984]  ? show_regs_print_info+0x12/0x12
[ 1130.362313][T27984]  ? load_image+0x410/0x410
[ 1130.366866][T27984]  ? mark_lock+0x94/0x320
[ 1130.371255][T27984]  ? __lock_acquire+0x13e3/0x7bd0
[ 1130.376340][T27984]  should_fail_ex+0x390/0x4c0
[ 1130.381073][T27984]  should_failslab+0x5/0x20
[ 1130.385613][T27984]  slab_pre_alloc_hook+0x59/0x300
[ 1130.390700][T27984]  kmem_cache_alloc+0x56/0x2f0
[ 1130.395494][T27984]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 1130.400883][T27984]  radix_tree_node_alloc+0x7e/0x3a0
[ 1130.406102][T27984]  idr_get_free+0x28b/0xa10
[ 1130.410627][T27984]  idr_alloc_cyclic+0x286/0x610
[ 1130.415510][T27984]  ? idr_alloc+0x2e0/0x2e0
[ 1130.419928][T27984]  ? do_raw_spin_lock+0x128/0x2f0
[ 1130.424962][T27984]  ? __radix_tree_preload+0x82/0x880
[ 1130.430247][T27984]  ? btf_alloc_id+0x30/0x2d0
[ 1130.434839][T27984]  btf_alloc_id+0x4f/0x2d0
[ 1130.439254][T27984]  btf_new_fd+0x597/0x760
[ 1130.443593][T27984]  __sys_bpf+0x612/0x780
[ 1130.447840][T27984]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1130.453254][T27984]  ? lock_chain_count+0x20/0x20
[ 1130.458116][T27984]  __x64_sys_bpf+0x78/0x90
[ 1130.462531][T27984]  do_syscall_64+0x4c/0xa0
[ 1130.466940][T27984]  ? clear_bhb_loop+0x60/0xb0
[ 1130.471607][T27984]  ? clear_bhb_loop+0x60/0xb0
[ 1130.476285][T27984]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1130.482186][T27984] RIP: 0033:0x7fe8dd19ce59
[ 1130.486601][T27984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1130.506202][T27984] RSP: 002b:00007fe8ddfa9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1130.514620][T27984] RAX: ffffffffffffffda RBX: 00007fe8dd415fa0 RCX: 00007fe8dd19ce59
[ 1130.522583][T27984] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1130.530724][T27984] RBP: 00007fe8ddfa9090 R08: 0000000000000000 R09: 0000000000000000
[ 1130.538707][T27984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1130.546676][T27984] R13: 00007fe8dd416038 R14: 00007fe8dd415fa0 R15: 00007ffc29aa3ab8
[ 1130.554686][T27984]  </TASK>
[ 1131.097967][T27989] netlink: 'syz.0.7892': attribute type 29 has an invalid length.
[ 1132.345225][T27974] device veth1_macvtap left promiscuous mode
[ 1132.562051][T28002] netlink: 'syz.4.7894': attribute type 3 has an invalid length.
[ 1132.583058][T28002] __nla_validate_parse: 1 callbacks suppressed
[ 1132.583079][T28002] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7894'.
[ 1134.072240][T27989] netlink: 'syz.0.7892': attribute type 29 has an invalid length.
[ 1134.086060][T28013] netlink: 'syz.2.7898': attribute type 12 has an invalid length.
[ 1134.093909][T28013] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7898'.
[ 1134.297693][T28023] netlink: 'syz.4.7900': attribute type 6 has an invalid length.
[ 1134.306034][T28023] netlink: 168 bytes leftover after parsing attributes in process `syz.4.7900'.
[ 1134.641612][T28044] netlink: 'syz.2.7909': attribute type 3 has an invalid length.
[ 1134.656240][T28044] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.7909'.
[ 1134.758931][T28053] FAULT_INJECTION: forcing a failure.
[ 1134.758931][T28053] name failslab, interval 1, probability 0, space 0, times 0
[ 1134.771619][T28053] CPU: 1 PID: 28053 Comm: syz.4.7913 Not tainted syzkaller #0
[ 1134.779102][T28053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1134.789176][T28053] Call Trace:
[ 1134.792465][T28053]  <TASK>
[ 1134.795403][T28053]  dump_stack_lvl+0x188/0x24e
[ 1134.800103][T28053]  ? show_regs_print_info+0x12/0x12
[ 1134.805309][T28053]  ? load_image+0x410/0x410
[ 1134.809824][T28053]  should_fail_ex+0x390/0x4c0
[ 1134.814502][T28053]  should_failslab+0x5/0x20
[ 1134.819011][T28053]  slab_pre_alloc_hook+0x59/0x300
[ 1134.824044][T28053]  kmem_cache_alloc+0x56/0x2f0
[ 1134.828808][T28053]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 1134.834190][T28053]  radix_tree_node_alloc+0x7e/0x3a0
[ 1134.839388][T28053]  idr_get_free+0x28b/0xa10
[ 1134.843897][T28053]  idr_alloc_cyclic+0x286/0x610
[ 1134.848750][T28053]  ? idr_alloc+0x2e0/0x2e0
[ 1134.853162][T28053]  ? do_raw_spin_lock+0x128/0x2f0
[ 1134.858187][T28053]  ? __radix_tree_preload+0x82/0x880
[ 1134.863469][T28053]  ? btf_alloc_id+0x30/0x2d0
[ 1134.868062][T28053]  btf_alloc_id+0x4f/0x2d0
[ 1134.872476][T28053]  btf_new_fd+0x597/0x760
[ 1134.876812][T28053]  __sys_bpf+0x612/0x780
[ 1134.881058][T28053]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1134.886441][T28053]  ? lock_chain_count+0x20/0x20
[ 1134.891298][T28053]  __x64_sys_bpf+0x78/0x90
[ 1134.895717][T28053]  do_syscall_64+0x4c/0xa0
[ 1134.900132][T28053]  ? clear_bhb_loop+0x60/0xb0
[ 1134.904803][T28053]  ? clear_bhb_loop+0x60/0xb0
[ 1134.909481][T28053]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1134.915385][T28053] RIP: 0033:0x7f0ee1f9ce59
[ 1134.919800][T28053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1134.939406][T28053] RSP: 002b:00007f0ee2e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1134.947832][T28053] RAX: ffffffffffffffda RBX: 00007f0ee2215fa0 RCX: 00007f0ee1f9ce59
[ 1134.955812][T28053] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1134.963789][T28053] RBP: 00007f0ee2e2a090 R08: 0000000000000000 R09: 0000000000000000
[ 1134.971758][T28053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1134.979725][T28053] R13: 00007f0ee2216038 R14: 00007f0ee2215fa0 R15: 00007ffe76276a48
[ 1134.987748][T28053]  </TASK>
[ 1136.385503][T28103] netlink: 134056 bytes leftover after parsing attributes in process `syz.0.7926'.
[ 1136.777608][T28122] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.7934'.
[ 1138.165998][T28164] netlink: 'syz.3.7950': attribute type 3 has an invalid length.
[ 1138.196182][T28164] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.7950'.
[ 1140.157180][T28138] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.7941'.
[ 1140.166705][T28138] bridge_slave_1: default FDB implementation only supports local addresses
[ 1141.383849][T28234] netlink: 'syz.2.7972': attribute type 29 has an invalid length.
[ 1141.391917][T28234] netlink: 'syz.2.7972': attribute type 3 has an invalid length.
[ 1141.399869][T28234] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7972'.
[ 1141.424950][T28232] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.7971'.
[ 1142.172083][T28270] netlink: 'syz.1.7986': attribute type 3 has an invalid length.
[ 1142.184398][T28270] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.7986'.
[ 1142.285367][T28279] netlink: 'syz.4.7990': attribute type 1 has an invalid length.
[ 1142.304161][T28279] netlink: 127868 bytes leftover after parsing attributes in process `syz.4.7990'.
[ 1142.442145][T28279] : port 1(ip6gretap0) entered blocking state
[ 1142.475376][T28279] : port 1(ip6gretap0) entered disabled state
[ 1142.519022][T28279] device ip6gretap0 entered promiscuous mode
[ 1142.614392][T28285] netlink: 'syz.2.7992': attribute type 12 has an invalid length.
[ 1142.646375][T28285] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7992'.
[ 1142.697831][T28283] device ip6gretap0 left promiscuous mode
[ 1142.703971][T28283] : port 1(ip6gretap0) entered disabled state
[ 1142.866183][T28295] netlink: 134056 bytes leftover after parsing attributes in process `syz.0.7997'.
[ 1143.483024][T28319] netlink: 'syz.1.8006': attribute type 21 has an invalid length.
[ 1143.500980][T28319] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1143.515997][T28319] IPv6: Can't replace route, no match found
[ 1143.693657][T28323] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.8008'.
[ 1143.813447][T28331] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.8012'.
[ 1144.540109][T28354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8020'.
[ 1146.137580][T28383] syz.2.8029[28383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1146.137710][T28383] syz.2.8029[28383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1146.460280][T28388] netlink: 188 bytes leftover after parsing attributes in process `syz.0.8032'.
[ 1146.635356][T28393] netlink: 'syz.1.8031': attribute type 3 has an invalid length.
[ 1146.682039][T28393] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8031'.
[ 1147.059752][T28402] netlink: 'syz.0.8036': attribute type 1 has an invalid length.
[ 1147.106005][T28402] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.8036'.
[ 1147.414710][T28402] : port 1(ip6gretap0) entered blocking state
[ 1147.437421][T28402] : port 1(ip6gretap0) entered disabled state
[ 1147.485924][T28402] device ip6gretap0 entered promiscuous mode
[ 1147.565955][T28404] device ip6gretap0 left promiscuous mode
[ 1147.577258][T28404] : port 1(ip6gretap0) entered disabled state
[ 1148.364037][T28432] FAULT_INJECTION: forcing a failure.
[ 1148.364037][T28432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1148.498383][T28432] CPU: 1 PID: 28432 Comm: syz.1.8044 Not tainted syzkaller #0
[ 1148.505927][T28432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1148.516025][T28432] Call Trace:
[ 1148.519340][T28432]  <TASK>
[ 1148.522309][T28432]  dump_stack_lvl+0x188/0x24e
[ 1148.527046][T28432]  ? show_regs_print_info+0x12/0x12
[ 1148.532298][T28432]  ? load_image+0x410/0x410
[ 1148.536865][T28432]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1148.541941][T28432]  ? __bpf_trace_bpf_trace_printk+0x20/0x20
[ 1148.547899][T28432]  should_fail_ex+0x390/0x4c0
[ 1148.552646][T28432]  _copy_from_user+0x2c/0x170
[ 1148.557381][T28432]  kstrtouint_from_user+0xda/0x170
[ 1148.562554][T28432]  ? kstrtol_from_user+0x190/0x190
[ 1148.567769][T28432]  proc_fail_nth_write+0x8b/0x200
[ 1148.572836][T28432]  ? proc_fail_nth_read+0x220/0x220
[ 1148.578080][T28432]  ? common_file_perm+0x171/0x1c0
[ 1148.583169][T28432]  ? proc_fail_nth_read+0x220/0x220
[ 1148.588420][T28432]  vfs_write+0x2dc/0x9a0
[ 1148.592732][T28432]  ? file_end_write+0x250/0x250
[ 1148.597647][T28432]  ? __fget_files+0x28/0x460
[ 1148.602291][T28432]  ? __fget_files+0x3fc/0x460
[ 1148.607043][T28432]  ? __fdget_pos+0x2ae/0x360
[ 1148.611671][T28432]  ? ksys_write+0x70/0x260
[ 1148.616142][T28432]  ksys_write+0x14d/0x260
[ 1148.620538][T28432]  ? __ia32_sys_read+0x80/0x80
[ 1148.625363][T28432]  ? lockdep_hardirqs_on+0x94/0x140
[ 1148.630618][T28432]  do_syscall_64+0x4c/0xa0
[ 1148.635074][T28432]  ? clear_bhb_loop+0x60/0xb0
[ 1148.639785][T28432]  ? clear_bhb_loop+0x60/0xb0
[ 1148.644507][T28432]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1148.650444][T28432] RIP: 0033:0x7ff64015d68e
[ 1148.654898][T28432] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1148.674550][T28432] RSP: 002b:00007ff63e3f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1148.683015][T28432] RAX: ffffffffffffffda RBX: 00007ff63e3f66c0 RCX: 00007ff64015d68e
[ 1148.691031][T28432] RDX: 0000000000000001 RSI: 00007ff63e3f60a0 RDI: 0000000000000003
[ 1148.699051][T28432] RBP: 00007ff63e3f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1148.707066][T28432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1148.715074][T28432] R13: 00007ff640416038 R14: 00007ff640415fa0 R15: 00007ffc455967b8
[ 1148.723136][T28432]  </TASK>
[ 1151.290195][T28481] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.8070'.
[ 1151.311729][T28481] net_ratelimit: 37 callbacks suppressed
[ 1151.311750][T28481] netlink: zone id is out of range
[ 1151.348400][T28481] netlink: zone id is out of range
[ 1151.379191][T28481] netlink: zone id is out of range
[ 1151.398721][T28481] netlink: zone id is out of range
[ 1151.424681][T28481] netlink: zone id is out of range
[ 1151.449742][T28481] netlink: zone id is out of range
[ 1151.470070][T28481] netlink: zone id is out of range
[ 1151.506003][T28481] netlink: zone id is out of range
[ 1151.511213][T28481] netlink: zone id is out of range
[ 1151.526258][T28481] netlink: zone id is out of range
[ 1151.605031][T28484] netlink: 'syz.3.8060': attribute type 1 has an invalid length.
[ 1151.661311][T28484] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.8060'.
[ 1152.064423][T28496] netlink: 'syz.0.8064': attribute type 3 has an invalid length.
[ 1152.085098][T28487] : port 1(ip6gretap0) entered blocking state
[ 1152.096429][T28496] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8064'.
[ 1152.103095][T28487] : port 1(ip6gretap0) entered disabled state
[ 1152.143268][T28487] device ip6gretap0 entered promiscuous mode
[ 1153.860468][T28495] device ip6gretap0 left promiscuous mode
[ 1153.872463][T28495] : port 1(ip6gretap0) entered disabled state
[ 1153.901561][T28505] netlink: 'syz.4.8067': attribute type 12 has an invalid length.
[ 1153.921157][T28505] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8067'.
[ 1154.269041][T28521] netlink: 134056 bytes leftover after parsing attributes in process `syz.0.8074'.
[ 1154.861739][T28537] netlink: 'syz.4.8077': attribute type 10 has an invalid length.
[ 1154.983712][T28537] team0: Port device geneve1 added
[ 1155.550361][T28557] netlink: 'syz.2.8083': attribute type 12 has an invalid length.
[ 1155.642868][T28557] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8083'.
[ 1158.438291][T28583] netlink: 'syz.3.8091': attribute type 4 has an invalid length.
[ 1158.449865][T28583] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.8091'.
[ 1158.475581][T28588] delete_channel: no stack
[ 1158.702948][T28602] netlink: 'syz.0.8099': attribute type 3 has an invalid length.
[ 1158.715965][T28602] netlink: 118424 bytes leftover after parsing attributes in process `syz.0.8099'.
[ 1158.754557][T28601] delete_channel: no stack
[ 1158.991855][T28609] netlink: 'syz.1.8101': attribute type 12 has an invalid length.
[ 1159.025964][T28609] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8101'.
[ 1159.096659][T28616] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8103'.
[ 1159.186067][T28618] netlink: 'syz.4.8106': attribute type 3 has an invalid length.
[ 1159.194206][T28618] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8106'.
[ 1159.548693][T28644] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8114'.
[ 1160.042115][T28658] netlink: 134056 bytes leftover after parsing attributes in process `syz.2.8119'.
[ 1160.071321][T28654] -1: renamed from syzkaller0
[ 1161.396786][T28658] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1161.419370][T28658] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1161.493841][T28658] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1161.861107][T28688] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.8128'.
[ 1161.900169][T28690] netlink: 'syz.2.8131': attribute type 21 has an invalid length.
[ 1161.929069][T28690] netlink: 128 bytes leftover after parsing attributes in process `syz.2.8131'.
[ 1162.046990][T28701] net_ratelimit: 498 callbacks suppressed
[ 1162.047009][T28701] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1162.062257][T28690] netlink: 3 bytes leftover after parsing attributes in process `syz.2.8131'.
[ 1162.189922][T28702] netlink: 'syz.3.8132': attribute type 12 has an invalid length.
[ 1162.905142][T28738] FAULT_INJECTION: forcing a failure.
[ 1162.905142][T28738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1162.977272][T28738] CPU: 1 PID: 28738 Comm: syz.0.8154 Not tainted syzkaller #0
[ 1162.984822][T28738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1162.994902][T28738] Call Trace:
[ 1162.998195][T28738]  <TASK>
[ 1163.001137][T28738]  dump_stack_lvl+0x188/0x24e
[ 1163.005844][T28738]  ? show_regs_print_info+0x12/0x12
[ 1163.011064][T28738]  ? load_image+0x410/0x410
[ 1163.015596][T28738]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1163.020657][T28738]  should_fail_ex+0x390/0x4c0
[ 1163.025361][T28738]  _copy_from_user+0x2c/0x170
[ 1163.030062][T28738]  btf_new_fd+0x326/0x760
[ 1163.034428][T28738]  __sys_bpf+0x612/0x780
[ 1163.038697][T28738]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1163.044107][T28738]  ? lock_chain_count+0x20/0x20
[ 1163.048995][T28738]  __x64_sys_bpf+0x78/0x90
[ 1163.053436][T28738]  do_syscall_64+0x4c/0xa0
[ 1163.057871][T28738]  ? clear_bhb_loop+0x60/0xb0
[ 1163.062564][T28738]  ? clear_bhb_loop+0x60/0xb0
[ 1163.067260][T28738]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1163.068938][T28736] delete_channel: no stack
[ 1163.073172][T28738] RIP: 0033:0x7fe8dd19ce59
[ 1163.082008][T28738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1163.101634][T28738] RSP: 002b:00007fe8ddfa9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1163.110064][T28738] RAX: ffffffffffffffda RBX: 00007fe8dd415fa0 RCX: 00007fe8dd19ce59
[ 1163.118040][T28738] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1163.126009][T28738] RBP: 00007fe8ddfa9090 R08: 0000000000000000 R09: 0000000000000000
[ 1163.133974][T28738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1163.141941][T28738] R13: 00007fe8dd416038 R14: 00007fe8dd415fa0 R15: 00007ffc29aa3ab8
[ 1163.149921][T28738]  </TASK>
[ 1163.348477][T28749] netlink: 'syz.3.8148': attribute type 3 has an invalid length.
[ 1167.128644][T28813] netlink: 'syz.1.8168': attribute type 2 has an invalid length.
[ 1167.136569][T28813] __nla_validate_parse: 4 callbacks suppressed
[ 1167.136581][T28813] netlink: 119 bytes leftover after parsing attributes in process `syz.1.8168'.
[ 1167.159539][T28819] netlink: 'syz.3.8174': attribute type 12 has an invalid length.
[ 1167.167891][T28819] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8174'.
[ 1167.509557][T28834] netlink: 'syz.0.8177': attribute type 21 has an invalid length.
[ 1167.524822][T28834] netlink: 128 bytes leftover after parsing attributes in process `syz.0.8177'.
[ 1167.546062][T28834] netlink: 3 bytes leftover after parsing attributes in process `syz.0.8177'.
[ 1167.572283][T28843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8182'.
[ 1169.117507][T28872] netlink: 'syz.1.8195': attribute type 2 has an invalid length.
[ 1169.125447][T28872] netlink: 'syz.1.8195': attribute type 8 has an invalid length.
[ 1169.220377][T28872] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8195'.
[ 1169.302782][T28891] netlink: 'syz.3.8197': attribute type 21 has an invalid length.
[ 1169.314992][T28891] netlink: 128 bytes leftover after parsing attributes in process `syz.3.8197'.
[ 1169.364235][T28891] netlink: 3 bytes leftover after parsing attributes in process `syz.3.8197'.
[ 1169.814646][T28896] netlink: 'syz.4.8200': attribute type 10 has an invalid length.
[ 1170.517442][T28896] team0 (unregistering): Port device team_slave_0 removed
[ 1170.567887][T28896] team0 (unregistering): Port device team_slave_1 removed
[ 1170.595505][T28896] team0 (unregistering): Port device geneve1 removed
[ 1170.676063][T28912] netlink: 'syz.1.8205': attribute type 12 has an invalid length.
[ 1170.683958][T28912] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8205'.
[ 1171.257890][T28937] netlink: 202920 bytes leftover after parsing attributes in process `syz.3.8214'.
[ 1171.896585][T28952] netlink: 'syz.1.8218': attribute type 10 has an invalid length.
[ 1172.148001][T28959] netlink: 'syz.4.8223': attribute type 3 has an invalid length.
[ 1172.166706][T28959] __nla_validate_parse: 2 callbacks suppressed
[ 1172.166726][T28959] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8223'.
[ 1172.167477][T28952] team0 (unregistering): Port device team_slave_0 removed
[ 1172.191825][ T4286] Bluetooth: hci1: unexpected event 0x0b length: 15 > 11
[ 1172.344792][T28952] team0 (unregistering): Port device team_slave_1 removed
[ 1172.853285][T28967] netlink: 'syz.0.8226': attribute type 29 has an invalid length.
[ 1172.885881][T28967] netlink: 'syz.0.8226': attribute type 3 has an invalid length.
[ 1172.915941][T28967] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8226'.
[ 1173.907760][T28991] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8235'.
[ 1175.100180][T29014] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8245'.
[ 1175.127284][T29014] device caif0 entered promiscuous mode
[ 1175.134012][T29014] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1175.142611][T29019] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.8247'.
[ 1175.213692][T29023] netlink: 'syz.1.8248': attribute type 28 has an invalid length.
[ 1175.251721][T29014] device veth1_macvtap left promiscuous mode
[ 1176.694778][T29067] netlink: 'syz.1.8264': attribute type 3 has an invalid length.
[ 1176.725259][T29067] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8264'.
[ 1176.749250][T29070] netlink: 'syz.2.8266': attribute type 29 has an invalid length.
[ 1176.806710][T29070] netlink: 'syz.2.8266': attribute type 3 has an invalid length.
[ 1176.814517][T29070] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8266'.
[ 1177.199720][T29081] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8270'.
[ 1177.220027][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.226409][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.285077][T29089] netlink: 'syz.2.8274': attribute type 3 has an invalid length.
[ 1177.304405][T29089] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8274'.
[ 1177.549288][T29098] netlink: 763 bytes leftover after parsing attributes in process `syz.2.8278'.
[ 1178.064465][T29113] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.8284'.
[ 1178.272835][T29123] netlink: 'syz.1.8281': attribute type 2 has an invalid length.
[ 1178.301097][T29123] netlink: 'syz.1.8281': attribute type 3 has an invalid length.
[ 1178.322697][T29128] netlink: 14 bytes leftover after parsing attributes in process `syz.4.8287'.
[ 1178.356489][T29128] device hsr_slave_0 left promiscuous mode
[ 1178.374579][T29123] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8281'.
[ 1178.393282][T29128] device hsr_slave_1 left promiscuous mode
[ 1178.634956][T29132] netlink: 'syz.2.8288': attribute type 12 has an invalid length.
[ 1178.655861][T29132] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8288'.
[ 1180.210018][T29167] netlink: 'syz.1.8299': attribute type 3 has an invalid length.
[ 1180.219334][T29167] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8299'.
[ 1183.058720][T29186] netlink: 'syz.1.8306': attribute type 29 has an invalid length.
[ 1183.095884][T29186] netlink: 'syz.1.8306': attribute type 3 has an invalid length.
[ 1183.133725][T29186] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8306'.
[ 1183.674393][T29196] netlink: 134056 bytes leftover after parsing attributes in process `syz.1.8310'.
[ 1185.926341][T29229] netlink: 'syz.1.8320': attribute type 3 has an invalid length.
[ 1185.954700][T29229] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8320'.
[ 1186.018198][T29233] netlink: 'syz.2.8322': attribute type 10 has an invalid length.
[ 1186.228715][T29243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8326'.
[ 1186.726474][T29270] netlink: 126288 bytes leftover after parsing attributes in process `syz.0.8336'.
[ 1186.771573][T29272] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8337'.
[ 1186.852150][T29270] netlink: 144 bytes leftover after parsing attributes in process `syz.0.8336'.
[ 1186.924668][T29275] netlink: 'syz.1.8339': attribute type 10 has an invalid length.
[ 1186.933327][T29275] netlink: 2 bytes leftover after parsing attributes in process `syz.1.8339'.
[ 1186.943570][T29275] device bond0 entered promiscuous mode
[ 1186.949741][T29275] device bond_slave_1 entered promiscuous mode
[ 1186.958501][T29275] bridge0: port 3(bond0) entered blocking state
[ 1186.965394][T29275] bridge0: port 3(bond0) entered disabled state
[ 1187.079291][T29278] FAULT_INJECTION: forcing a failure.
[ 1187.079291][T29278] name failslab, interval 1, probability 0, space 0, times 0
[ 1187.092017][T29278] CPU: 1 PID: 29278 Comm: syz.0.8340 Not tainted syzkaller #0
[ 1187.099496][T29278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1187.109546][T29278] Call Trace:
[ 1187.112819][T29278]  <TASK>
[ 1187.115748][T29278]  dump_stack_lvl+0x188/0x24e
[ 1187.120430][T29278]  ? show_regs_print_info+0x12/0x12
[ 1187.125626][T29278]  ? load_image+0x410/0x410
[ 1187.130133][T29278]  ? mark_lock+0x94/0x320
[ 1187.134462][T29278]  ? __lock_acquire+0x13e3/0x7bd0
[ 1187.139485][T29278]  should_fail_ex+0x390/0x4c0
[ 1187.144161][T29278]  should_failslab+0x5/0x20
[ 1187.148659][T29278]  slab_pre_alloc_hook+0x59/0x300
[ 1187.153681][T29278]  kmem_cache_alloc+0x56/0x2f0
[ 1187.158437][T29278]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 1187.163811][T29278]  radix_tree_node_alloc+0x7e/0x3a0
[ 1187.169007][T29278]  idr_get_free+0x28b/0xa10
[ 1187.173527][T29278]  idr_alloc_cyclic+0x286/0x610
[ 1187.178378][T29278]  ? idr_alloc+0x2e0/0x2e0
[ 1187.182786][T29278]  ? do_raw_spin_lock+0x128/0x2f0
[ 1187.187807][T29278]  ? __radix_tree_preload+0x82/0x880
[ 1187.193087][T29278]  ? btf_alloc_id+0x30/0x2d0
[ 1187.197678][T29278]  btf_alloc_id+0x4f/0x2d0
[ 1187.202089][T29278]  btf_new_fd+0x597/0x760
[ 1187.206417][T29278]  __sys_bpf+0x612/0x780
[ 1187.210657][T29278]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1187.216041][T29278]  ? lock_chain_count+0x20/0x20
[ 1187.220893][T29278]  __x64_sys_bpf+0x78/0x90
[ 1187.225308][T29278]  do_syscall_64+0x4c/0xa0
[ 1187.229720][T29278]  ? clear_bhb_loop+0x60/0xb0
[ 1187.234390][T29278]  ? clear_bhb_loop+0x60/0xb0
[ 1187.239077][T29278]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1187.244967][T29278] RIP: 0033:0x7fe8dd19ce59
[ 1187.249379][T29278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1187.268979][T29278] RSP: 002b:00007fe8ddfa9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1187.277398][T29278] RAX: ffffffffffffffda RBX: 00007fe8dd415fa0 RCX: 00007fe8dd19ce59
[ 1187.285369][T29278] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1187.293336][T29278] RBP: 00007fe8ddfa9090 R08: 0000000000000000 R09: 0000000000000000
[ 1187.301299][T29278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1187.309258][T29278] R13: 00007fe8dd416038 R14: 00007fe8dd415fa0 R15: 00007ffc29aa3ab8
[ 1187.317238][T29278]  </TASK>
[ 1188.299233][T29318] netlink: 'syz.3.8350': attribute type 12 has an invalid length.
[ 1188.400774][T29318] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8350'.
[ 1188.835101][T29336] netlink: 134056 bytes leftover after parsing attributes in process `syz.2.8359'.
[ 1189.206099][T29354] wlan1: mtu greater than device maximum
[ 1189.249245][T29356] netlink: 134056 bytes leftover after parsing attributes in process `syz.2.8365'.
[ 1189.552892][T29366] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8369'.
[ 1190.087775][T29386] netlink: 'syz.3.8376': attribute type 10 has an invalid length.
[ 1190.131891][T29386] netlink: 2 bytes leftover after parsing attributes in process `syz.3.8376'.
[ 1190.172400][T29386] device bond0 entered promiscuous mode
[ 1190.195253][T29386] device bond_slave_0 entered promiscuous mode
[ 1190.221506][T29386] device bond_slave_1 entered promiscuous mode
[ 1190.238500][T29386] bridge0: port 4(bond0) entered blocking state
[ 1190.256346][T29386] bridge0: port 4(bond0) entered disabled state
[ 1190.282710][T29386] bridge0: port 4(bond0) entered blocking state
[ 1190.289601][T29386] bridge0: port 4(bond0) entered forwarding state
[ 1190.353595][T29392] netlink: 'syz.2.8379': attribute type 6 has an invalid length.
[ 1191.012699][T29418] netlink: 126288 bytes leftover after parsing attributes in process `syz.4.8385'.
[ 1192.588319][T29401] netlink: 'syz.3.8381': attribute type 21 has an invalid length.
[ 1192.596470][T29401] netlink: 156 bytes leftover after parsing attributes in process `syz.3.8381'.
[ 1192.617031][T29418] netlink: 144 bytes leftover after parsing attributes in process `syz.4.8385'.
[ 1192.797338][T29438] FAULT_INJECTION: forcing a failure.
[ 1192.797338][T29438] name failslab, interval 1, probability 0, space 0, times 0
[ 1192.810028][T29438] CPU: 0 PID: 29438 Comm: syz.0.8391 Not tainted syzkaller #0
[ 1192.817498][T29438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1192.827579][T29438] Call Trace:
[ 1192.830863][T29438]  <TASK>
[ 1192.833797][T29438]  dump_stack_lvl+0x188/0x24e
[ 1192.838500][T29438]  ? show_regs_print_info+0x12/0x12
[ 1192.843730][T29438]  ? load_image+0x410/0x410
[ 1192.848271][T29438]  should_fail_ex+0x390/0x4c0
[ 1192.852973][T29438]  should_failslab+0x5/0x20
[ 1192.857501][T29438]  slab_pre_alloc_hook+0x59/0x300
[ 1192.862562][T29438]  kmem_cache_alloc+0x56/0x2f0
[ 1192.867347][T29438]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 1192.872746][T29438]  radix_tree_node_alloc+0x7e/0x3a0
[ 1192.877972][T29438]  idr_get_free+0x28b/0xa10
[ 1192.882510][T29438]  idr_alloc_cyclic+0x286/0x610
[ 1192.885913][T29434] netlink: 'syz.2.8390': attribute type 10 has an invalid length.
[ 1192.887381][T29438]  ? idr_alloc+0x2e0/0x2e0
[ 1192.899643][T29438]  ? do_raw_spin_lock+0x128/0x2f0
[ 1192.904700][T29438]  ? __radix_tree_preload+0x82/0x880
[ 1192.910016][T29438]  ? btf_alloc_id+0x30/0x2d0
[ 1192.914615][T29438]  btf_alloc_id+0x4f/0x2d0
[ 1192.919035][T29438]  btf_new_fd+0x597/0x760
[ 1192.923369][T29438]  __sys_bpf+0x612/0x780
[ 1192.927615][T29438]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1192.932994][T29438]  ? lock_chain_count+0x20/0x20
[ 1192.937855][T29438]  __x64_sys_bpf+0x78/0x90
[ 1192.942276][T29438]  do_syscall_64+0x4c/0xa0
[ 1192.946688][T29438]  ? clear_bhb_loop+0x60/0xb0
[ 1192.951359][T29438]  ? clear_bhb_loop+0x60/0xb0
[ 1192.956031][T29438]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1192.961925][T29438] RIP: 0033:0x7fe8dd19ce59
[ 1192.966334][T29438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1192.985942][T29438] RSP: 002b:00007fe8ddfa9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1192.994353][T29438] RAX: ffffffffffffffda RBX: 00007fe8dd415fa0 RCX: 00007fe8dd19ce59
[ 1193.002319][T29438] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1193.010285][T29438] RBP: 00007fe8ddfa9090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.018249][T29438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1193.026210][T29438] R13: 00007fe8dd416038 R14: 00007fe8dd415fa0 R15: 00007ffc29aa3ab8
[ 1193.034187][T29438]  </TASK>
[ 1193.069976][T29434] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1193.251519][T29448] netlink: 'syz.0.8394': attribute type 3 has an invalid length.
[ 1193.276061][T29448] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8394'.
[ 1193.505040][T29461] netlink: 'syz.4.8398': attribute type 10 has an invalid length.
[ 1193.542567][T29461] netlink: 2 bytes leftover after parsing attributes in process `syz.4.8398'.
[ 1193.571675][T29461] device bond0 entered promiscuous mode
[ 1193.590222][T29461] device bond_slave_1 entered promiscuous mode
[ 1193.605209][T29461] device bridge_slave_1 entered promiscuous mode
[ 1193.624527][T29467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8400'.
[ 1193.644070][T29465] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8399'.
[ 1193.737371][T29461] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8398'.
[ 1194.037246][T29477] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.8403'.
[ 1194.527387][T29486] netlink: 'syz.2.8407': attribute type 3 has an invalid length.
[ 1194.546760][T29486] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8407'.
[ 1195.061385][T29516] netlink: 'syz.3.8416': attribute type 29 has an invalid length.
[ 1195.096043][T29516] netlink: 'syz.3.8416': attribute type 3 has an invalid length.
[ 1195.121760][T29516] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8416'.
[ 1198.321498][T29597] netlink: 'syz.0.8442': attribute type 3 has an invalid length.
[ 1198.344046][T29597] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8442'.
[ 1199.020753][T29555] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8430'.
[ 1199.232587][T29608] netlink: 63579 bytes leftover after parsing attributes in process `syz.0.8445'.
[ 1199.357938][T29614] netlink: 'syz.2.8448': attribute type 29 has an invalid length.
[ 1199.390707][T29614] netlink: 'syz.2.8448': attribute type 3 has an invalid length.
[ 1199.414887][T29614] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8448'.
[ 1199.692218][T29628] FAULT_INJECTION: forcing a failure.
[ 1199.692218][T29628] name failslab, interval 1, probability 0, space 0, times 0
[ 1199.787921][T29628] CPU: 1 PID: 29628 Comm: syz.4.8454 Not tainted syzkaller #0
[ 1199.795439][T29628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1199.805513][T29628] Call Trace:
[ 1199.808813][T29628]  <TASK>
[ 1199.811755][T29628]  dump_stack_lvl+0x188/0x24e
[ 1199.816451][T29628]  ? show_regs_print_info+0x12/0x12
[ 1199.821665][T29628]  ? load_image+0x410/0x410
[ 1199.826189][T29628]  ? __might_sleep+0xd0/0xd0
[ 1199.830792][T29628]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1199.835845][T29628]  should_fail_ex+0x390/0x4c0
[ 1199.840552][T29628]  should_failslab+0x5/0x20
[ 1199.845071][T29628]  slab_pre_alloc_hook+0x59/0x300
[ 1199.850112][T29628]  kmem_cache_alloc+0x56/0x2f0
[ 1199.854876][T29628]  ? __alloc_file+0x25/0x230
[ 1199.859469][T29628]  __alloc_file+0x25/0x230
[ 1199.863894][T29628]  alloc_empty_file+0x90/0x180
[ 1199.868653][T29628]  alloc_file+0x5b/0x5f0
[ 1199.872896][T29628]  alloc_file_pseudo+0x180/0x200
[ 1199.877834][T29628]  ? alloc_empty_file_noaccount+0x80/0x80
[ 1199.883553][T29628]  ? alloc_fd+0x590/0x640
[ 1199.887896][T29628]  anon_inode_getfd+0xc6/0x1b0
[ 1199.892739][T29628]  btf_new_fd+0x5d3/0x760
[ 1199.897072][T29628]  __sys_bpf+0x612/0x780
[ 1199.901317][T29628]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1199.906696][T29628]  ? lock_chain_count+0x20/0x20
[ 1199.911549][T29628]  __x64_sys_bpf+0x78/0x90
[ 1199.915962][T29628]  do_syscall_64+0x4c/0xa0
[ 1199.920373][T29628]  ? clear_bhb_loop+0x60/0xb0
[ 1199.925046][T29628]  ? clear_bhb_loop+0x60/0xb0
[ 1199.929720][T29628]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1199.935613][T29628] RIP: 0033:0x7f0ee1f9ce59
[ 1199.940023][T29628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1199.959626][T29628] RSP: 002b:00007f0ee2e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1199.968036][T29628] RAX: ffffffffffffffda RBX: 00007f0ee2215fa0 RCX: 00007f0ee1f9ce59
[ 1199.976000][T29628] RDX: 0000000000000028 RSI: 0000200000000300 RDI: 0000000000000012
[ 1199.983962][T29628] RBP: 00007f0ee2e2a090 R08: 0000000000000000 R09: 0000000000000000
[ 1199.991925][T29628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1199.999892][T29628] R13: 00007f0ee2216038 R14: 00007f0ee2215fa0 R15: 00007ffe76276a48
[ 1200.007878][T29628]  </TASK>
[ 1200.648395][T29637] netlink: 'syz.0.8457': attribute type 41 has an invalid length.
[ 1201.824280][T29640] netlink: 54695 bytes leftover after parsing attributes in process `syz.0.8457'.
[ 1202.532946][T29677] netlink: 'syz.1.8468': attribute type 2 has an invalid length.
[ 1202.582842][T29677] netlink: 199848 bytes leftover after parsing attributes in process `syz.1.8468'.
[ 1202.631925][T29684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8473'.
[ 1202.800085][T29689] netlink: 'syz.3.8476': attribute type 3 has an invalid length.
[ 1202.826180][T29689] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.8476'.
[ 1203.103411][T29691] netlink: 'syz.0.8474': attribute type 10 has an invalid length.
[ 1203.240662][T29701] netlink: 'syz.1.8478': attribute type 29 has an invalid length.
[ 1203.274525][T29701] netlink: 'syz.1.8478': attribute type 3 has an invalid length.
[ 1203.303799][T29701] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8478'.
[ 1206.410654][T29762] netlink: 'syz.1.8494': attribute type 12 has an invalid length.
[ 1206.449842][T29762] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8494'.
[ 1207.285526][T29785] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.8504'.
[ 1207.686006][T29797] netlink: 'syz.3.8508': attribute type 10 has an invalid length.
[ 1207.696299][T29797] netlink: 2 bytes leftover after parsing attributes in process `syz.3.8508'.
[ 1208.327908][T29830] netlink: 180900 bytes leftover after parsing attributes in process `syz.2.8520'.
[ 1208.353987][T29830] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1208.621141][T29841] netlink: 'syz.1.8525': attribute type 16 has an invalid length.
[ 1208.673803][T29841] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8525'.
[ 1208.711321][T29843] netlink: 'syz.1.8525': attribute type 10 has an invalid length.
[ 1209.361164][T14211] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1209.374842][T14211] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1209.383087][T14211] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1209.392699][T14211] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1209.401494][T14211] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1209.408953][T14211] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1209.762472][T26379] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1209.833250][T29860] chnl_net:caif_netlink_parms(): no params data found
[ 1209.910847][T26379] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.069929][T26379] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.318492][T26379] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.380497][T29860] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1210.397242][T29860] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1210.420113][T29860] device bridge_slave_0 entered promiscuous mode
[ 1210.465308][T29860] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1210.492571][T29860] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1210.507022][T29860] device bridge_slave_1 entered promiscuous mode
[ 1210.579250][T29906] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8545'.
[ 1210.626388][T29860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1210.693484][T29860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1210.811570][T29860] team0: Port device team_slave_0 added
[ 1211.073478][T29860] team0: Port device team_slave_1 added
[ 1211.176464][T29860] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1211.183492][T29860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1211.291320][T29860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1211.302674][ T4286] Bluetooth: hci3: ISO packet for unknown connection handle 2622
[ 1211.339592][T29860] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1211.372351][T29860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1211.473008][ T4286] Bluetooth: hci1: command 0x0409 tx timeout
[ 1211.482937][T29860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1212.420538][T29860] device hsr_slave_0 entered promiscuous mode
[ 1212.474023][T29860] device hsr_slave_1 entered promiscuous mode
[ 1212.488637][T29860] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1212.515826][T29860] Cannot create hsr debugfs directory
[ 1212.596882][T29958] netlink: 'syz.3.8556': attribute type 29 has an invalid length.
[ 1212.629383][T29958] netlink: 'syz.3.8556': attribute type 29 has an invalid length.
[ 1212.659118][T29951] netlink: 'syz.3.8556': attribute type 29 has an invalid length.
[ 1213.050463][T29977] netlink: 'syz.3.8563': attribute type 29 has an invalid length.
[ 1213.076019][T29977] netlink: 'syz.3.8563': attribute type 3 has an invalid length.
[ 1213.108512][T29977] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8563'.
[ 1213.535936][ T4286] Bluetooth: hci1: command 0x041b tx timeout
[ 1213.640570][T29999] netlink: 'syz.3.8570': attribute type 2 has an invalid length.
[ 1213.664920][T29999] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.8570'.
[ 1213.735293][T29994] netlink: 'syz.1.8568': attribute type 10 has an invalid length.
[ 1213.816097][T29994] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8568'.
[ 1213.872748][T29994] device dummy0 entered promiscuous mode
[ 1213.903780][T29994] bridge0: port 4(dummy0) entered blocking state
[ 1213.947642][T29994] bridge0: port 4(dummy0) entered disabled state
[ 1214.538515][T26379] device hsr_slave_0 left promiscuous mode
[ 1214.572475][T26379] device hsr_slave_1 left promiscuous mode
[ 1214.590131][T26379] device bridge_slave_1 left promiscuous mode
[ 1214.597819][T26379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1214.613023][T26379] device bridge_slave_0 left promiscuous mode
[ 1214.625973][T26379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1214.669349][T26379] device veth1_vlan left promiscuous mode
[ 1214.677569][T26379] device veth0_vlan left promiscuous mode
[ 1215.273311][T26379] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 1215.338643][T26379] team0 (unregistering): Port device team_slave_1 removed
[ 1215.390197][T26379] team0 (unregistering): Port device team_slave_0 removed
[ 1215.469430][T26379] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1215.616553][ T4286] Bluetooth: hci1: command 0x040f tx timeout
[ 1216.151974][T26379] bond0 (unregistering): Released all slaves
[ 1216.268237][T30044] netlink: 'syz.3.8583': attribute type 12 has an invalid length.
[ 1216.277489][T30044] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8583'.
[ 1216.314216][T29860] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1216.400601][T29860] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1216.441332][T29860] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1216.493528][T29860] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1216.760241][T29860] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1216.889056][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1216.904077][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1216.941664][T29860] 8021q: adding VLAN 0 to HW filter on device team0
[ 1217.016471][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1217.032320][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1217.059018][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1217.066239][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1217.109540][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1217.137976][T30077] netlink: 'syz.1.8593': attribute type 29 has an invalid length.
[ 1217.138438][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1217.159737][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1217.166937][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1217.192499][T30077] netlink: 'syz.1.8593': attribute type 3 has an invalid length.
[ 1217.208012][T30073] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8592'.
[ 1217.222970][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1217.239512][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1217.275772][T30077] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8593'.
[ 1217.278707][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1217.334657][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1217.364401][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1217.389372][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1217.419683][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1217.447113][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1217.487096][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1217.495596][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1217.539375][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1217.567831][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1217.600606][T29860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1217.612051][T30085] netlink: 144 bytes leftover after parsing attributes in process `syz.1.8596'.
[ 1217.698202][ T4286] Bluetooth: hci1: command 0x0419 tx timeout
[ 1218.368461][T30120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8603'.
[ 1218.480133][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1218.496739][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1218.560172][T29860] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1218.616722][T30127] validate_nla: 2 callbacks suppressed
[ 1218.616755][T30127] netlink: 'syz.0.8606': attribute type 153 has an invalid length.
[ 1218.617026][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1218.635832][T30127] netlink: 69544 bytes leftover after parsing attributes in process `syz.0.8606'.
[ 1218.666973][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1218.706936][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1218.725601][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1218.746197][T29860] device veth0_vlan entered promiscuous mode
[ 1218.757822][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1218.776994][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1218.788969][T29860] device veth1_vlan entered promiscuous mode
[ 1218.860880][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1218.879463][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1218.927809][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1218.945449][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1218.976906][T29860] device veth0_macvtap entered promiscuous mode
[ 1218.997627][T29860] device veth1_macvtap entered promiscuous mode
[ 1219.103411][T29860] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1219.118299][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1219.131827][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1219.150440][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1219.185083][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1219.211855][T29860] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1219.246490][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1219.266240][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1219.323921][T29860] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.347165][T29860] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.375044][T29860] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.396933][T29860] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.423708][T30156] netlink: 144 bytes leftover after parsing attributes in process `syz.4.8613'.
[ 1219.687005][T30161] netlink: 'syz.1.8615': attribute type 12 has an invalid length.
[ 1219.713121][T30161] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8615'.
[ 1219.769607][T30164] netlink: 'syz.0.8616': attribute type 1 has an invalid length.
[ 1219.793916][T30164] netlink: 16134 bytes leftover after parsing attributes in process `syz.0.8616'.
[ 1219.836306][T26380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1219.852422][T26380] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1219.920334][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1220.001196][T26379] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1220.015072][T26379] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1220.044025][T26379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1220.396691][T30182] â1
: renamed from virt_wifi0
[ 1220.451207][T30187] netlink: 'syz.1.8619': attribute type 153 has an invalid length.
[ 1220.484312][T30187] netlink: 69544 bytes leftover after parsing attributes in process `syz.1.8619'.
[ 1221.442970][T30217] netlink: 'syz.1.8628': attribute type 29 has an invalid length.
[ 1221.475812][T30217] netlink: 'syz.1.8628': attribute type 3 has an invalid length.
[ 1221.483658][T30217] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8628'.
[ 1221.666401][T30228] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1221.695569][T30228] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1221.745548][T30228] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1221.779441][T30228] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1221.947732][T30233] netlink: 144 bytes leftover after parsing attributes in process `syz.0.8633'.
[ 1223.861138][T30290] â1
: renamed from virt_wifi0
[ 1223.949941][T30290] netlink: 'syz.2.8649': attribute type 153 has an invalid length.
[ 1223.965829][T30290] netlink: 69544 bytes leftover after parsing attributes in process `syz.2.8649'.
[ 1224.672394][T30326] netlink: 'syz.3.8664': attribute type 3 has an invalid length.
[ 1224.720986][T30326] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.8664'.
[ 1225.251752][T30336] -1: renamed from syzkaller0
[ 1225.513046][T30340] netlink: 212168 bytes leftover after parsing attributes in process `syz.4.8669'.
[ 1225.604234][T30341] netlink: 192432 bytes leftover after parsing attributes in process `syz.4.8669'.
[ 1225.630388][T30341] netlink: get zone limit has 4 unknown bytes
[ 1226.172124][T30348] netlink: 'syz.1.8673': attribute type 3 has an invalid length.
[ 1226.191092][T30348] netlink: 'syz.1.8673': attribute type 1 has an invalid length.
[ 1226.201213][T30348] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.8673'.
[ 1226.291968][T30349] tipc: Started in network mode
[ 1226.297505][T30349] tipc: Node identity 9215a268, cluster identity 4711
[ 1226.326315][T30349] tipc: Node number set to 2450891368
[ 1226.608709][T30364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8681'.
[ 1226.757236][T30373] netlink: 'syz.0.8684': attribute type 29 has an invalid length.
[ 1226.779103][T30373] netlink: 'syz.0.8684': attribute type 3 has an invalid length.
[ 1226.802077][T30373] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8684'.
[ 1227.447212][T30388] netlink: 212168 bytes leftover after parsing attributes in process `syz.0.8688'.
[ 1227.585231][T30389] netlink: 192432 bytes leftover after parsing attributes in process `syz.0.8688'.
[ 1227.630779][T30389] netlink: get zone limit has 4 unknown bytes
[ 1227.676276][T30394] netlink: 'syz.4.8691': attribute type 1 has an invalid length.
[ 1227.684086][T30394] netlink: 116376 bytes leftover after parsing attributes in process `syz.4.8691'.
[ 1227.874848][T30402] tipc: Started in network mode
[ 1227.901617][T30402] tipc: Node identity 9215a268, cluster identity 4711
[ 1227.921212][T30402] tipc: Node number set to 2450891368
[ 1229.340357][T30440] netlink: 212168 bytes leftover after parsing attributes in process `syz.3.8705'.
[ 1229.462276][T30442] netlink: 192432 bytes leftover after parsing attributes in process `syz.3.8705'.
[ 1229.473483][T30442] netlink: get zone limit has 4 unknown bytes
[ 1229.881768][T30464] netlink: 'syz.4.8715': attribute type 3 has an invalid length.
[ 1229.946094][T30464] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8715'.
[ 1230.296004][T30482] netlink: 'syz.1.8719': attribute type 10 has an invalid length.
[ 1231.014592][T30512] netlink: 105084 bytes leftover after parsing attributes in process `syz.4.8731'.
[ 1231.034969][T30512] netlink: 31 bytes leftover after parsing attributes in process `syz.4.8731'.
[ 1231.440206][T30521] device syzkaller0 entered promiscuous mode
[ 1231.466349][T30530] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8738'.
[ 1233.859340][T30569] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.8754'.
[ 1235.077232][T30532] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.8738'.
[ 1235.099550][T30577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8757'.
[ 1235.288069][T30582] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8761'.
[ 1235.334580][T30582] netlink: 128 bytes leftover after parsing attributes in process `syz.4.8761'.
[ 1235.374922][T30582] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 1235.408869][T30582] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1235.438654][T30592] netlink: 'syz.2.8763': attribute type 29 has an invalid length.
[ 1235.450411][T30592] netlink: 'syz.2.8763': attribute type 3 has an invalid length.
[ 1235.463432][T30592] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8763'.
[ 1235.477793][T30591] netlink: 3850 bytes leftover after parsing attributes in process `syz.1.8764'.
[ 1235.945507][T30616] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.8775'.
[ 1236.560433][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.568433][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.577813][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.587502][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.595292][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.604282][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.615834][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1236.623560][T14211] Bluetooth: hci2: ISO packet for unknown connection handle 34
[ 1237.023573][T30651] netlink: 'syz.0.8783': attribute type 3 has an invalid length.
[ 1237.111580][T30651] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8783'.
[ 1237.124269][T30657] netlink: 'syz.2.8784': attribute type 12 has an invalid length.
[ 1237.151780][T30657] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8784'.
[ 1237.597086][T30670] netlink: 'syz.2.8792': attribute type 29 has an invalid length.
[ 1237.630524][T30670] netlink: 'syz.2.8792': attribute type 3 has an invalid length.
[ 1237.643723][T30670] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8792'.
[ 1238.233227][T30711] openvswitch: netlink: Flow key attr not present in new flow.
[ 1238.659953][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.666346][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1240.321181][T30798] netlink: 'syz.1.8844': attribute type 21 has an invalid length.
[ 1240.355818][T30798] netlink: 'syz.1.8844': attribute type 11 has an invalid length.
[ 1240.949258][ T4286] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1240.958745][ T4286] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1240.966968][ T4286] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1240.974779][ T4286] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1240.982662][ T4286] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1240.990248][ T4286] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1241.183529][T30816] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1241.191020][T30816] IPv6: NLM_F_CREATE should be set when creating new route
[ 1241.198650][T30816] IPv6: NLM_F_CREATE should be set when creating new route
[ 1241.206161][T30816] IPv6: NLM_F_CREATE should be set when creating new route
[ 1241.256206][T30818] __nla_validate_parse: 4 callbacks suppressed
[ 1241.256253][T30818] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8853'.
[ 1241.586041][T30830] netlink: 'syz.2.8856': attribute type 13 has an invalid length.
[ 1241.613669][T30830] netlink: 'syz.2.8856': attribute type 14 has an invalid length.
[ 1241.630697][T30830] netlink: 156 bytes leftover after parsing attributes in process `syz.2.8856'.
[ 1241.830632][T30813] chnl_net:caif_netlink_parms(): no params data found
[ 1241.916953][T30842] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.8860'.
[ 1241.960654][T30847] netlink: 'syz.2.8860': attribute type 29 has an invalid length.
[ 1242.021103][T30847] netlink: 'syz.2.8860': attribute type 29 has an invalid length.
[ 1242.029651][T30842] netlink: 'syz.2.8860': attribute type 29 has an invalid length.
[ 1242.145112][T30852] netlink: 'syz.1.8863': attribute type 21 has an invalid length.
[ 1242.191671][T30852] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1242.235883][T30852] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1242.243134][T30852] IPv6: NLM_F_CREATE should be set when creating new route
[ 1242.250569][T30852] IPv6: NLM_F_CREATE should be set when creating new route
[ 1242.257832][T30852] IPv6: NLM_F_CREATE should be set when creating new route
[ 1242.318596][T30842] netlink: 'syz.2.8860': attribute type 29 has an invalid length.
[ 1242.349532][T30813] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1242.369199][T30813] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1242.391701][T30813] device bridge_slave_0 entered promiscuous mode
[ 1242.413576][T30847] netlink: 'syz.2.8860': attribute type 29 has an invalid length.
[ 1242.451971][T30813] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1242.460716][T30813] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1242.481457][T30813] device bridge_slave_1 entered promiscuous mode
[ 1242.540764][T30813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1242.572013][T30865] netlink: 14 bytes leftover after parsing attributes in process `syz.1.8868'.
[ 1242.630999][T30867] netlink: 14 bytes leftover after parsing attributes in process `syz.2.8870'.
[ 1242.665972][T30867] openvswitch: netlink: Flow key attr not present in new flow.
[ 1242.758518][T30865] bridge0: port 3(bond0) entered disabled state
[ 1242.795532][T30865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1242.815411][T30865] device bond_slave_1 left promiscuous mode
[ 1242.848461][T30865] bond0 (unregistering): Released all slaves
[ 1242.879191][T30813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1242.913627][T30869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8869'.
[ 1243.038670][T30813] team0: Port device team_slave_0 added
[ 1243.050294][T30813] team0: Port device team_slave_1 added
[ 1243.065978][ T4286] Bluetooth: hci4: command 0x0409 tx timeout
[ 1243.174459][T30813] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1243.210593][T30813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1243.345542][T30813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1243.638662][T30890] netlink: 'syz.1.8874': attribute type 3 has an invalid length.
[ 1243.677830][T30890] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8874'.
[ 1244.125867][T30886] netlink: 'syz.0.8875': attribute type 12 has an invalid length.
[ 1244.179692][T30886] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8875'.
[ 1244.191795][T30813] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1244.210020][T30813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1244.253005][T30813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1244.359983][T26380] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1244.460437][T26380] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1244.627285][T30813] device hsr_slave_0 entered promiscuous mode
[ 1244.640375][T30813] device hsr_slave_1 entered promiscuous mode
[ 1244.666151][T30813] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1244.684011][T30813] Cannot create hsr debugfs directory
[ 1244.733469][T26380] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1244.899142][T26380] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.135780][ T4286] Bluetooth: hci4: command 0x041b tx timeout
[ 1245.268592][T30923] netlink: 4068 bytes leftover after parsing attributes in process `syz.2.8887'.
[ 1245.325592][T26380] tipc: Left network mode
[ 1246.344888][T30956] netlink: 14 bytes leftover after parsing attributes in process `syz.4.8901'.
[ 1246.774297][T30956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1246.793578][T30956] device bond_slave_1 left promiscuous mode
[ 1246.903786][T30956] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[ 1246.916800][T30956] device bridge_slave_1 left promiscuous mode
[ 1246.943496][T30956] bond0 (unregistering): Released all slaves
[ 1247.002626][T30976] validate_nla: 2 callbacks suppressed
[ 1247.002646][T30976] netlink: 'syz.1.8904': attribute type 3 has an invalid length.
[ 1247.044361][T30976] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8904'.
[ 1247.067674][T30974] netlink: 'syz.2.8903': attribute type 12 has an invalid length.
[ 1247.117260][T30974] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8903'.
[ 1247.217594][ T4286] Bluetooth: hci4: command 0x040f tx timeout
[ 1247.330105][T30813] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1247.430595][T30813] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1247.541836][T30813] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1247.559057][T30813] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1248.212285][T30813] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1248.273527][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1248.299883][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1248.337643][T30813] 8021q: adding VLAN 0 to HW filter on device team0
[ 1248.592077][T31023] netlink: 14 bytes leftover after parsing attributes in process `syz.0.8916'.
[ 1248.729361][T31023] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1248.787746][T31023] bond0 (unregistering): Released all slaves
[ 1248.830495][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1248.842471][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1248.886779][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1248.893921][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1248.946190][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1248.987114][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1249.035940][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1249.043079][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1249.076846][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1249.096332][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1249.110351][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1249.261060][T26380] device hsr_slave_0 left promiscuous mode
[ 1249.278036][T26380] device hsr_slave_1 left promiscuous mode
[ 1249.305984][ T4286] Bluetooth: hci4: command 0x0419 tx timeout
[ 1249.312702][T26380] bridge0: port 4(bond0) entered disabled state
[ 1249.323940][T26380] bridge0: port 3(dummy0) entered disabled state
[ 1249.344787][T26380] device bridge_slave_1 left promiscuous mode
[ 1249.355613][T26380] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1249.407379][T26380] device bridge_slave_0 left promiscuous mode
[ 1249.429395][T26380] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1249.542493][T26380] device veth0_macvtap left promiscuous mode
[ 1249.549959][T26380] device veth1_vlan left promiscuous mode
[ 1249.568210][T26380] device veth0_vlan left promiscuous mode
[ 1251.135300][T26380] team0 (unregistering): Port device team_slave_1 removed
[ 1251.187298][T26380] team0 (unregistering): Port device team_slave_0 removed
[ 1251.266188][T26380] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1251.275171][T26380] device bond_slave_1 left promiscuous mode
[ 1251.337494][T26380] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1251.359980][T26380] device bond_slave_0 left promiscuous mode
[ 1251.644056][T26380] bond0 (unregistering): Released all slaves
[ 1251.734179][T30813] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1251.759582][T30813] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1251.782220][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1251.802122][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1251.811615][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1251.820562][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1251.829174][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1251.837823][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1251.846362][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1251.854616][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1251.863538][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1251.872205][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1251.886292][T31061] netlink: 'syz.0.8928': attribute type 12 has an invalid length.
[ 1251.901141][T31061] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8928'.
[ 1252.146825][T31075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8931'.
[ 1252.328056][T31085] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1252.602404][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1252.615980][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1252.661689][T30813] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1252.742638][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1252.772076][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1252.827182][T30813] device veth0_vlan entered promiscuous mode
[ 1252.837457][T26379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1252.870193][T26379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1252.886841][T26379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1252.903751][T26379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1252.944432][T31106] netlink: 'syz.1.8944': attribute type 29 has an invalid length.
[ 1252.978084][T30813] device veth1_vlan entered promiscuous mode
[ 1252.997543][T31106] netlink: 'syz.1.8944': attribute type 29 has an invalid length.
[ 1253.009554][T31109] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.8944'.
[ 1254.535541][T31109] netlink: 'syz.1.8944': attribute type 29 has an invalid length.
[ 1254.549333][T31116] netlink: 'syz.2.8947': attribute type 10 has an invalid length.
[ 1254.558584][T31116] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8947'.
[ 1254.568903][T31116] device dummy0 entered promiscuous mode
[ 1254.586599][T31116] bridge0: port 3(dummy0) entered blocking state
[ 1254.597387][T31116] bridge0: port 3(dummy0) entered disabled state
[ 1254.618602][T31116] bridge0: port 3(dummy0) entered blocking state
[ 1254.625045][T31116] bridge0: port 3(dummy0) entered forwarding state
[ 1254.667060][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1254.687120][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1254.701406][T30813] device veth0_macvtap entered promiscuous mode
[ 1254.721226][T30813] device veth1_macvtap entered promiscuous mode
[ 1254.759481][T30813] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1254.785665][T30813] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1254.795905][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1254.814400][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1254.824687][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1254.845180][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1254.863307][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1254.892799][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1254.930050][T30813] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1254.957027][T30813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1254.966340][T30813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1254.975341][T31134] netlink: 'syz.1.8954': attribute type 11 has an invalid length.
[ 1254.980088][T30813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1254.992802][T31134] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.8954'.
[ 1255.480116][T31136] netlink: 16410 bytes leftover after parsing attributes in process `syz.4.8955'.
[ 1255.549550][T31133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1255.556935][T31138] netlink: 'syz.2.8956': attribute type 12 has an invalid length.
[ 1255.579268][T31138] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8956'.
[ 1255.815953][T14438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1255.837814][T14438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1255.858473][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1255.911568][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1255.924511][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1255.961290][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1259.231018][T31241] netlink: 'syz.0.8992': attribute type 3 has an invalid length.
[ 1259.238997][T31241] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8992'.
[ 1260.470464][T31196] netlink: 'syz.1.8977': attribute type 25 has an invalid length.
[ 1260.478573][T31196] netlink: 'syz.1.8977': attribute type 25 has an invalid length.
[ 1260.490712][T31228] dvmrp1: tun_chr_ioctl cmd 1074025672
[ 1260.497608][T31228] dvmrp1: ignored: set checksum disabled
[ 1260.503357][T31236] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1260.513898][T31236] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1260.522271][T31236] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1260.529826][T31236] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1260.756632][T31257] netlink: 'syz.1.8995': attribute type 12 has an invalid length.
[ 1260.764663][T31257] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8995'.
[ 1261.218269][T31276] netlink: 'syz.3.9004': attribute type 29 has an invalid length.
[ 1261.226369][T31276] netlink: 'syz.3.9004': attribute type 3 has an invalid length.
[ 1261.234328][T31276] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9004'.
[ 1262.676647][T31266] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1262.764679][T31272] netlink: 14 bytes leftover after parsing attributes in process `syz.2.9003'.
[ 1262.774479][T31272] device hsr_slave_0 left promiscuous mode
[ 1262.794868][T31272] device hsr_slave_1 left promiscuous mode
[ 1262.852119][T31268] netlink: 'syz.4.8999': attribute type 10 has an invalid length.
[ 1263.236769][T31306] netlink: 'syz.3.9010': attribute type 8 has an invalid length.
[ 1263.303842][T31306] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9010'.
[ 1263.851967][T31325] netlink: 'syz.1.9020': attribute type 3 has an invalid length.
[ 1263.886545][T31325] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9020'.
[ 1263.903804][T31335] netlink: 'syz.3.9031': attribute type 29 has an invalid length.
[ 1263.916414][T31335] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9031'.
[ 1268.192691][T31350] netlink: 14 bytes leftover after parsing attributes in process `syz.3.9026'.
[ 1268.202431][T31350] device hsr_slave_0 left promiscuous mode
[ 1268.209202][T31350] device hsr_slave_1 left promiscuous mode
[ 1268.259340][T31387] validate_nla: 1 callbacks suppressed
[ 1268.259355][T31387] netlink: 'syz.0.9038': attribute type 46 has an invalid length.
[ 1268.285753][T31387] netlink: 55 bytes leftover after parsing attributes in process `syz.0.9038'.
[ 1268.613327][T31405] netlink: 'syz.3.9046': attribute type 29 has an invalid length.
[ 1268.642390][T31405] netlink: 'syz.3.9046': attribute type 3 has an invalid length.
[ 1268.675884][T31405] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9046'.
[ 1270.365657][T31391] netlink: 'syz.1.9039': attribute type 10 has an invalid length.
[ 1271.005458][T31440] netlink: 'syz.1.9056': attribute type 3 has an invalid length.
[ 1271.039234][T31440] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9056'.
[ 1271.044856][T31442] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1271.056183][T31442] IPv6: NLM_F_CREATE should be set when creating new route
[ 1271.063673][T31442] IPv6: NLM_F_CREATE should be set when creating new route
[ 1271.071123][T31442] IPv6: NLM_F_CREATE should be set when creating new route
[ 1271.201813][T14211] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1271.211034][T14211] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1271.292618][T14211] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1271.304720][T14211] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1271.313881][T14211] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1271.322893][T14211] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1271.782675][T31448] chnl_net:caif_netlink_parms(): no params data found
[ 1271.866869][T26379] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.067763][T26379] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.149699][T31448] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1272.170603][T31448] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1272.179154][T31448] device bridge_slave_0 entered promiscuous mode
[ 1272.188180][T31448] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1272.195355][T31448] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1272.211139][T31448] device bridge_slave_1 entered promiscuous mode
[ 1272.257374][T26379] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.341324][T31496] netlink: 'syz.2.9074': attribute type 29 has an invalid length.
[ 1272.385829][T31496] netlink: 'syz.2.9074': attribute type 3 has an invalid length.
[ 1272.393606][T31496] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9074'.
[ 1272.406648][T26379] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.435056][T31448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1272.471177][T31448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1272.533398][T31448] team0: Port device team_slave_0 added
[ 1272.604453][T31448] team0: Port device team_slave_1 added
[ 1272.672771][T31448] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1272.696359][T31448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1272.755992][T31448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1272.782708][T31448] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1272.790127][T31448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1272.844145][T31448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1272.880421][T31508] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.9079'.
[ 1272.917266][T31508] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[ 1272.925167][T31511] netlink: 'syz.2.9078': attribute type 12 has an invalid length.
[ 1272.945834][T31511] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9078'.
[ 1273.191263][T31448] device hsr_slave_0 entered promiscuous mode
[ 1273.204933][T31448] device hsr_slave_1 entered promiscuous mode
[ 1273.214595][T31448] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1273.234873][T31448] Cannot create hsr debugfs directory
[ 1273.376404][T14211] Bluetooth: hci0: command 0x0409 tx timeout
[ 1273.970151][T31550] FAULT_INJECTION: forcing a failure.
[ 1273.970151][T31550] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.007166][T31550] CPU: 1 PID: 31550 Comm: syz.2.9093 Not tainted syzkaller #0
[ 1274.014694][T31550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1274.024769][T31550] Call Trace:
[ 1274.028046][T31550]  <TASK>
[ 1274.030968][T31550]  dump_stack_lvl+0x188/0x24e
[ 1274.035645][T31550]  ? show_regs_print_info+0x12/0x12
[ 1274.040871][T31550]  ? load_image+0x410/0x410
[ 1274.045375][T31550]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1274.050398][T31550]  ? snprintf+0xe5/0x140
[ 1274.054635][T31550]  should_fail_ex+0x390/0x4c0
[ 1274.059307][T31550]  _copy_to_user+0x2c/0x130
[ 1274.063813][T31550]  simple_read_from_buffer+0xe3/0x150
[ 1274.069189][T31550]  proc_fail_nth_read+0x1a6/0x220
[ 1274.074214][T31550]  ? proc_fault_inject_write+0x310/0x310
[ 1274.079844][T31550]  ? fsnotify_perm+0x248/0x550
[ 1274.084604][T31550]  ? proc_fault_inject_write+0x310/0x310
[ 1274.090226][T31550]  vfs_read+0x2db/0x960
[ 1274.094381][T31550]  ? kernel_read+0x1e0/0x1e0
[ 1274.098965][T31550]  ? __fget_files+0x28/0x460
[ 1274.103551][T31550]  ? __fget_files+0x3fc/0x460
[ 1274.108230][T31550]  ? __fdget_pos+0x2ae/0x360
[ 1274.112812][T31550]  ? ksys_read+0x70/0x260
[ 1274.117147][T31550]  ksys_read+0x14d/0x260
[ 1274.121385][T31550]  ? vfs_write+0x9a0/0x9a0
[ 1274.125798][T31550]  ? lockdep_hardirqs_on+0x94/0x140
[ 1274.130995][T31550]  do_syscall_64+0x4c/0xa0
[ 1274.135405][T31550]  ? clear_bhb_loop+0x60/0xb0
[ 1274.140075][T31550]  ? clear_bhb_loop+0x60/0xb0
[ 1274.144743][T31550]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1274.150631][T31550] RIP: 0033:0x7f2bae15d68e
[ 1274.155038][T31550] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1274.174635][T31550] RSP: 002b:00007f2baefc7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1274.183038][T31550] RAX: ffffffffffffffda RBX: 00007f2baefc86c0 RCX: 00007f2bae15d68e
[ 1274.191003][T31550] RDX: 000000000000000f RSI: 00007f2baefc80a0 RDI: 0000000000000003
[ 1274.198965][T31550] RBP: 00007f2baefc8090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.206941][T31550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1274.214905][T31550] R13: 00007f2bae416038 R14: 00007f2bae415fa0 R15: 00007fffad12ea48
[ 1274.222880][T31550]  </TASK>
[ 1274.227155][T31555] netlink: 'syz.1.9095': attribute type 21 has an invalid length.
[ 1274.235000][T31555] netlink: 156 bytes leftover after parsing attributes in process `syz.1.9095'.
[ 1274.435039][T31562] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1274.474835][T31565] netlink: 'syz.1.9097': attribute type 3 has an invalid length.
[ 1274.515403][T31565] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9097'.
[ 1275.455991][T14211] Bluetooth: hci0: command 0x041b tx timeout
[ 1275.497788][T31448] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1275.530503][T31448] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1275.624193][T31448] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1275.861162][T31448] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1275.886826][T31602] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9109'.
[ 1275.944477][T31605] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9109'.
[ 1276.258822][T26379] device veth1_macvtap left promiscuous mode
[ 1276.285342][T26379] device veth0_macvtap left promiscuous mode
[ 1276.349184][T26379] device veth1_vlan left promiscuous mode
[ 1276.355067][T26379] device veth0_vlan left promiscuous mode
[ 1277.556069][T14211] Bluetooth: hci0: command 0x040f tx timeout
[ 1278.256504][T31667] netlink: 'syz.2.9131': attribute type 3 has an invalid length.
[ 1278.275129][T31667] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.9131'.
[ 1279.208331][T31617] netlink: 'syz.1.9113': attribute type 12 has an invalid length.
[ 1279.217928][T31617] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9113'.
[ 1279.624290][T14211] Bluetooth: hci0: command 0x0419 tx timeout
[ 1279.627863][T31448] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1279.898594][T31448] 8021q: adding VLAN 0 to HW filter on device team0
[ 1279.981454][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1279.997487][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1280.047670][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1280.082661][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1280.124316][T26376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1280.131562][T26376] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1280.195488][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1280.254975][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1280.276289][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1280.316855][T18865] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1280.324020][T18865] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1280.369440][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1280.469235][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1280.480313][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1280.508528][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1280.526618][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1280.547131][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1280.608837][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1280.637488][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1280.662248][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1280.850042][T31710] netlink: 212168 bytes leftover after parsing attributes in process `syz.2.9140'.
[ 1280.869923][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1280.889245][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1280.902236][T31448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1280.971265][T31716] netlink: 'syz.2.9140': attribute type 10 has an invalid length.
[ 1281.843247][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1281.858155][T26376] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1281.921987][T31741] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1281.957748][T31448] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1282.424212][T31751] netlink: 202920 bytes leftover after parsing attributes in process `syz.2.9150'.
[ 1282.472171][T31755] netlink: 'syz.2.9150': attribute type 39 has an invalid length.
[ 1282.857716][T31767] netlink: 'syz.1.9153': attribute type 12 has an invalid length.
[ 1282.928250][T31767] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9153'.
[ 1283.069151][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1283.080727][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1283.113265][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1283.122929][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1283.144560][T31448] device veth0_vlan entered promiscuous mode
[ 1283.154709][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1283.163834][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1283.182672][T31448] device veth1_vlan entered promiscuous mode
[ 1283.238317][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1283.247536][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1283.258297][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1283.270046][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1283.310406][T31448] device veth0_macvtap entered promiscuous mode
[ 1283.333408][T31448] device veth1_macvtap entered promiscuous mode
[ 1283.338568][T31775] netlink: 'syz.2.9159': attribute type 3 has an invalid length.
[ 1283.355894][T31775] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.9159'.
[ 1283.446947][T31448] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1283.456856][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1283.465127][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1283.491838][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1283.502610][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1287.411315][T31809] FAULT_INJECTION: forcing a failure.
[ 1287.411315][T31809] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.426583][T31809] CPU: 1 PID: 31809 Comm: syz.3.9168 Not tainted syzkaller #0
[ 1287.434067][T31809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1287.444114][T31809] Call Trace:
[ 1287.447383][T31809]  <TASK>
[ 1287.450297][T31809]  dump_stack_lvl+0x188/0x24e
[ 1287.454964][T31809]  ? show_regs_print_info+0x12/0x12
[ 1287.460146][T31809]  ? load_image+0x410/0x410
[ 1287.464636][T31809]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1287.469650][T31809]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1287.475109][T31809]  should_fail_ex+0x390/0x4c0
[ 1287.479805][T31809]  strncpy_from_user+0x32/0x340
[ 1287.484652][T31809]  mptcp_setsockopt+0xbaa/0x2f90
[ 1287.489649][T31809]  ? pm_nl_exit_net+0x220/0x220
[ 1287.494491][T31809]  ? aa_af_perm+0x340/0x340
[ 1287.498984][T31809]  ? __fget_files+0x3fc/0x460
[ 1287.503757][T31809]  ? aa_sock_opt_perm+0x74/0x100
[ 1287.508699][T31809]  ? sock_common_setsockopt+0x32/0xb0
[ 1287.514068][T31809]  ? sock_common_recvmsg+0x190/0x190
[ 1287.519346][T31809]  __sys_setsockopt+0x2bf/0x3d0
[ 1287.524189][T31809]  __x64_sys_setsockopt+0xb1/0xc0
[ 1287.529207][T31809]  do_syscall_64+0x4c/0xa0
[ 1287.533621][T31809]  ? clear_bhb_loop+0x60/0xb0
[ 1287.538297][T31809]  ? clear_bhb_loop+0x60/0xb0
[ 1287.542971][T31809]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1287.548861][T31809] RIP: 0033:0x7f0f7819ce59
[ 1287.553268][T31809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1287.572865][T31809] RSP: 002b:00007f0f790a3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1287.581274][T31809] RAX: ffffffffffffffda RBX: 00007f0f78415fa0 RCX: 00007f0f7819ce59
[ 1287.589241][T31809] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000004
[ 1287.597204][T31809] RBP: 00007f0f790a3090 R08: 0000000000000004 R09: 0000000000000000
[ 1287.605166][T31809] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1287.613129][T31809] R13: 00007f0f78416038 R14: 00007f0f78415fa0 R15: 00007ffd6cfe9348
[ 1287.621105][T31809]  </TASK>
[ 1288.651770][T31448] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1288.665822][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1288.674992][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1288.724583][T31813] netlink: 'syz.3.9169': attribute type 39 has an invalid length.
[ 1288.843924][T31448] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.853257][T31448] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.865368][T31448] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.874622][T31448] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1289.103615][T12962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1289.169003][T12962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1289.270230][T31832] netlink: 'syz.1.9175': attribute type 10 has an invalid length.
[ 1289.281563][T26380] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1289.297882][T26380] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1289.417534][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1289.448721][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1289.466874][T31842] netlink: 'syz.3.9176': attribute type 12 has an invalid length.
[ 1289.500046][T31842] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9176'.
[ 1289.570592][T31844] netlink: 'syz.2.9178': attribute type 39 has an invalid length.
[ 1290.652997][ T4286] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1290.664838][ T4286] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1290.681290][ T4286] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1290.692181][ T4286] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1290.700209][ T4286] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1290.708751][ T4286] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1291.343112][T31888] FAULT_INJECTION: forcing a failure.
[ 1291.343112][T31888] name failslab, interval 1, probability 0, space 0, times 0
[ 1291.396259][T31888] CPU: 1 PID: 31888 Comm: syz.3.9192 Not tainted syzkaller #0
[ 1291.403781][T31888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1291.413834][T31888] Call Trace:
[ 1291.417112][T31888]  <TASK>
[ 1291.420037][T31888]  dump_stack_lvl+0x188/0x24e
[ 1291.424717][T31888]  ? show_regs_print_info+0x12/0x12
[ 1291.429910][T31888]  ? load_image+0x410/0x410
[ 1291.434414][T31888]  ? __might_sleep+0xd0/0xd0
[ 1291.438998][T31888]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1291.444023][T31888]  ? __lock_acquire+0x130c/0x7bd0
[ 1291.449051][T31888]  should_fail_ex+0x390/0x4c0
[ 1291.453728][T31888]  should_failslab+0x5/0x20
[ 1291.458228][T31888]  slab_pre_alloc_hook+0x59/0x300
[ 1291.463246][T31888]  ? widen_string+0x3b/0x2b0
[ 1291.467834][T31888]  ? string+0x257/0x290
[ 1291.472006][T31888]  ? __request_module+0x31c/0xa00
[ 1291.477134][T31888]  __kmem_cache_alloc_node+0x4f/0x270
[ 1291.482524][T31888]  ? __request_module+0x31c/0xa00
[ 1291.487558][T31888]  kmalloc_trace+0x26/0xe0
[ 1291.491984][T31888]  __request_module+0x31c/0xa00
[ 1291.496853][T31888]  ? copy_regset_to_user+0x1f0/0x1f0
[ 1291.502171][T31888]  ? __lock_acquire+0x7bd0/0x7bd0
[ 1291.507198][T31888]  ? apparmor_capable+0x12c/0x190
[ 1291.512222][T31888]  ? bpf_lsm_capable+0x5/0x10
[ 1291.516901][T31888]  ? tcp_ca_find_autoload+0x115/0x240
[ 1291.522313][T31888]  tcp_ca_find_autoload+0x138/0x240
[ 1291.527513][T31888]  tcp_set_congestion_control+0x11f/0xae0
[ 1291.533230][T31888]  ? tcp_set_congestion_control+0x6a/0xae0
[ 1291.539038][T31888]  mptcp_setsockopt+0x1fef/0x2f90
[ 1291.544068][T31888]  ? pm_nl_exit_net+0x220/0x220
[ 1291.548919][T31888]  ? aa_af_perm+0x340/0x340
[ 1291.553420][T31888]  ? __fget_files+0x3fc/0x460
[ 1291.558100][T31888]  ? aa_sock_opt_perm+0x74/0x100
[ 1291.563030][T31888]  ? sock_common_setsockopt+0x32/0xb0
[ 1291.568405][T31888]  ? sock_common_recvmsg+0x190/0x190
[ 1291.573696][T31888]  __sys_setsockopt+0x2bf/0x3d0
[ 1291.578544][T31888]  __x64_sys_setsockopt+0xb1/0xc0
[ 1291.583570][T31888]  do_syscall_64+0x4c/0xa0
[ 1291.587980][T31888]  ? clear_bhb_loop+0x60/0xb0
[ 1291.592651][T31888]  ? clear_bhb_loop+0x60/0xb0
[ 1291.597326][T31888]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1291.603217][T31888] RIP: 0033:0x7f0f7819ce59
[ 1291.607628][T31888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1291.627228][T31888] RSP: 002b:00007f0f790a3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1291.635635][T31888] RAX: ffffffffffffffda RBX: 00007f0f78415fa0 RCX: 00007f0f7819ce59
[ 1291.643601][T31888] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000004
[ 1291.651579][T31888] RBP: 00007f0f790a3090 R08: 0000000000000004 R09: 0000000000000000
[ 1291.659557][T31888] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1291.667525][T31888] R13: 00007f0f78416038 R14: 00007f0f78415fa0 R15: 00007ffd6cfe9348
[ 1291.675514][T31888]  </TASK>
[ 1292.751263][T14211] Bluetooth: hci3: command 0x0409 tx timeout
[ 1293.030014][T31883] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9190'.
[ 1293.046147][T31899] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1293.135056][T18865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.284443][T18865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.334091][T31910] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.9200'.
[ 1293.354068][T31910] mac80211_hwsim hwsim64 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1293.434208][T18865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.539051][T31915] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.9202'.
[ 1293.549121][T31915] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[ 1293.594121][T18865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.681553][T31923] netlink: 'syz.3.9205': attribute type 10 has an invalid length.
[ 1293.724804][T31923] team0: Port device hsr_slave_0 added
[ 1293.740365][T31878] chnl_net:caif_netlink_parms(): no params data found
[ 1293.922879][T18865] device 0 left promiscuous mode
[ 1293.953602][T31878] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1293.961613][T31878] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1293.970224][T31878] device bridge_slave_0 entered promiscuous mode
[ 1294.052300][T31878] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1294.078207][T31878] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1294.101357][T31878] device bridge_slave_1 entered promiscuous mode
[ 1294.109008][T18865] tipc: Left network mode
[ 1294.818792][T14211] Bluetooth: hci3: command 0x041b tx timeout
[ 1295.780891][   T56] wlan1: Trigger new scan to find an IBSS to join
[ 1296.441927][T31878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1296.492861][T31878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1296.670588][T31878] team0: Port device team_slave_0 added
[ 1296.690023][T31878] team0: Port device team_slave_1 added
[ 1296.763439][T31878] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1296.795833][T31878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1296.830293][T31990] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.9217'.
[ 1296.860912][T31990] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[ 1296.882451][T31878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1296.897317][T14211] Bluetooth: hci3: command 0x040f tx timeout
[ 1296.918523][T31878] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1296.929912][T31992] netlink: 'syz.4.9220': attribute type 3 has an invalid length.
[ 1296.967775][T31878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1296.999065][T31992] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.9220'.
[ 1297.076313][T31878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1297.590141][T31878] device hsr_slave_0 entered promiscuous mode
[ 1297.613691][T31878] device hsr_slave_1 entered promiscuous mode
[ 1297.631736][T31878] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1297.656434][T31878] Cannot create hsr debugfs directory
[ 1298.740494][T26376] wlan1: Trigger new scan to find an IBSS to join
[ 1298.985831][T14211] Bluetooth: hci3: command 0x0419 tx timeout
[ 1299.074964][T32049] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.9236'.
[ 1299.115848][T32049] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[ 1300.108990][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.115342][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.523240][T32060] netlink: 'syz.3.9241': attribute type 12 has an invalid length.
[ 1300.539675][T32060] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9241'.
[ 1300.729892][T32068] netlink: 'syz.1.9244': attribute type 3 has an invalid length.
[ 1300.752311][T32068] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9244'.
[ 1300.800184][T32072] netlink: 'syz.1.9244': attribute type 3 has an invalid length.
[ 1300.828940][T32072] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9244'.
[ 1300.967023][T32079] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9247'.
[ 1301.309722][T32085] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1301.376643][T32089] netlink: 'syz.4.9250': attribute type 2 has an invalid length.
[ 1301.664162][T32089] device 0 entered promiscuous mode
[ 1301.777294][T13305] wlan1: Trigger new scan to find an IBSS to join
[ 1301.999819][T32104] netlink: 'syz.1.9254': attribute type 21 has an invalid length.
[ 1302.081593][T18865] device hsr_slave_0 left promiscuous mode
[ 1302.111039][T18865] device hsr_slave_1 left promiscuous mode
[ 1302.140963][T18865] device bridge_slave_1 left promiscuous mode
[ 1302.150934][T18865] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1302.173121][T18865] device bridge_slave_0 left promiscuous mode
[ 1302.201528][T18865] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1302.283047][T18865] device veth0_macvtap left promiscuous mode
[ 1302.292650][T18865] device veth1_vlan left promiscuous mode
[ 1302.308466][T18865] device veth0_vlan left promiscuous mode
[ 1302.711502][   T56] wlan1: Creating new IBSS network, BSSID 82:be:2f:78:f6:b0
[ 1303.801487][T18865] team0 (unregistering): Port device team_slave_1 removed
[ 1303.893555][T18865] team0 (unregistering): Port device team_slave_0 removed
[ 1306.215801][T32148] netlink: 'syz.2.9267': attribute type 12 has an invalid length.
[ 1306.223670][T32148] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9267'.
[ 1306.458484][T31878] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1306.471504][T31878] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1306.526296][T31878] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1306.625050][T31878] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1306.712068][T32165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9273'.
[ 1307.032370][T32155] device syzkaller0 entered promiscuous mode
[ 1307.244487][T32178] netlink: 'syz.2.9275': attribute type 21 has an invalid length.
[ 1307.267039][T32178] netlink: 164 bytes leftover after parsing attributes in process `syz.2.9275'.
[ 1309.021901][T32202] netlink: 'syz.3.9280': attribute type 3 has an invalid length.
[ 1309.029879][T32202] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.9280'.
[ 1310.073032][T31878] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1310.093980][T32189] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1310.156585][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1310.177156][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1310.208493][T31878] 8021q: adding VLAN 0 to HW filter on device team0
[ 1310.267942][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1310.303975][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1310.317048][T13305] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1310.324213][T13305] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1310.369795][T32211] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9281'.
[ 1310.401411][T32211] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9281'.
[ 1310.458294][T32208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1310.470559][T32208] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1310.501884][T32208] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1310.520038][T32208] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1310.754557][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1310.774291][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1310.837906][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1310.863317][T13305] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1310.870572][T13305] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1310.898753][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1310.918533][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1310.966484][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1311.004987][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1311.027181][T32211] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9281'.
[ 1311.095074][T31878] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1311.135859][T31878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1311.167344][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1311.175469][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1311.206743][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1311.215382][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1311.266474][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1311.275216][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1311.300847][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1311.324545][T32211] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9281'.
[ 1311.366387][T13305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1311.696567][T32244] netlink: 'syz.1.9290': attribute type 12 has an invalid length.
[ 1311.704462][T32244] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9290'.
[ 1312.382829][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1312.402694][T12962] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1312.433201][T31878] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1312.506468][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1312.525368][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1312.595102][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1312.616311][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1312.681967][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1312.727335][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1312.775123][T31878] device veth0_vlan entered promiscuous mode
[ 1312.819758][T31878] device veth1_vlan entered promiscuous mode
[ 1312.839614][T32283] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 1312.891303][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1312.937220][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1312.973574][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1312.997078][T26380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1313.030016][T31878] device veth0_macvtap entered promiscuous mode
[ 1313.059020][T31878] device veth1_macvtap entered promiscuous mode
[ 1313.124404][T31878] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1313.142080][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1313.166307][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1313.186857][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1313.225424][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1313.324752][T31878] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1313.349816][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1313.367664][T18865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1313.400643][T31878] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1313.435750][T31878] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1313.444514][T31878] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1313.481732][T31878] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1313.504958][T32295] netlink: 'syz.4.9301': attribute type 10 has an invalid length.
[ 1313.903732][T32302] netlink: 'syz.2.9305': attribute type 10 has an invalid length.
[ 1313.965590][T32309] netlink: 'syz.3.9304': attribute type 12 has an invalid length.
[ 1313.985302][T32309] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9304'.
[ 1314.155649][T26380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1314.188774][T26380] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1314.209988][T12962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1314.232788][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1314.241267][T12962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1314.261517][T14438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1315.138212][T32358] netlink: 'syz.1.9317': attribute type 12 has an invalid length.
[ 1315.264450][T32358] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9317'.
[ 1315.418120][T32363] netlink: 192432 bytes leftover after parsing attributes in process `syz.2.9319'.
[ 1315.480330][T32363] netlink: get zone limit has 4 unknown bytes
[ 1315.552869][T32369] netlink: 'syz.4.9320': attribute type 12 has an invalid length.
[ 1315.620371][T32369] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9320'.
[ 1315.720315][T32371] netlink: 'syz.1.9322': attribute type 3 has an invalid length.
[ 1315.755827][T32371] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9322'.
[ 1316.911322][T32423] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.9346'.
[ 1317.237936][T32433] netlink: 'syz.3.9349': attribute type 39 has an invalid length.
[ 1317.291306][T32433] device veth0_macvtap left promiscuous mode
[ 1320.911093][T32470] netlink: 'syz.4.9358': attribute type 12 has an invalid length.
[ 1320.922890][T32470] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9358'.
[ 1321.194463][T32488] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9363'.
[ 1321.713888][T32501] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.9368'.
[ 1323.193483][T32498] netlink: 'syz.2.9368': attribute type 5 has an invalid length.
[ 1323.201582][T32498] netlink: 176 bytes leftover after parsing attributes in process `syz.2.9368'.
[ 1323.211180][T32500] netlink: 'syz.1.9369': attribute type 21 has an invalid length.
[ 1323.235740][T32500] netlink: 128 bytes leftover after parsing attributes in process `syz.1.9369'.
[ 1323.244873][T32500] netlink: 'syz.1.9369': attribute type 4 has an invalid length.
[ 1323.276192][T32500] netlink: 'syz.1.9369': attribute type 5 has an invalid length.
[ 1323.295865][T32500] netlink: 3 bytes leftover after parsing attributes in process `syz.1.9369'.
[ 1323.719367][T32522] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1323.726852][T32522] IPv6: NLM_F_CREATE should be set when creating new route
[ 1323.734369][T32522] IPv6: NLM_F_CREATE should be set when creating new route
[ 1323.741881][T32522] IPv6: NLM_F_CREATE should be set when creating new route
[ 1323.820105][T32526] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 1323.855351][T32526] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1324.464469][T32555] netlink: 'syz.1.9387': attribute type 3 has an invalid length.
[ 1324.528739][T32555] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.9387'.
[ 1325.694815][T32583] device bond0 entered promiscuous mode
[ 1325.715810][T32583] device bond_slave_0 entered promiscuous mode
[ 1325.727283][T32583] device bond_slave_1 entered promiscuous mode
[ 1325.901410][T32589] mac80211_hwsim hwsim50 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1326.142654][T32596] netlink: 'syz.2.9400': attribute type 21 has an invalid length.
[ 1326.877255][T32614] netlink: 'syz.3.9406': attribute type 10 has an invalid length.
[ 1329.848738][T32619] : port 1(ip6gretap0) entered blocking state
[ 1329.854962][T32619] : port 1(ip6gretap0) entered disabled state
[ 1329.862097][T32619] device ip6gretap0 entered promiscuous mode
[ 1329.871740][T32614] device ip6gretap0 left promiscuous mode
[ 1329.878374][T32614] : port 1(ip6gretap0) entered disabled state
[ 1330.131017][T32660] netlink: 202920 bytes leftover after parsing attributes in process `syz.3.9421'.
[ 1330.438223][T32686] netlink: 763 bytes leftover after parsing attributes in process `syz.3.9430'.
[ 1330.507323][T32683] netlink: 'syz.2.9431': attribute type 3 has an invalid length.
[ 1330.515266][T32683] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.9431'.
[ 1331.112449][T32705] netlink: 175 bytes leftover after parsing attributes in process `syz.4.9436'.
[ 1331.173925][T32708] netlink: 'syz.4.9436': attribute type 10 has an invalid length.
[ 1332.497560][T32732] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1332.505055][T32732] IPv6: NLM_F_CREATE should be set when creating new route
[ 1332.512687][T32732] IPv6: NLM_F_CREATE should be set when creating new route
[ 1332.520180][T32732] IPv6: NLM_F_CREATE should be set when creating new route
[ 1332.895769][ T4286] Bluetooth: hci1: command 0x0406 tx timeout
[ 1332.946189][T32764] netlink: 'syz.0.9460': attribute type 3 has an invalid length.
[ 1332.954323][T32764] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.9460'.
[ 1333.048640][T32767] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9462'.
[ 1333.483029][  T320] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.9468'.
[ 1333.494862][  T322] netlink: 'syz.3.9466': attribute type 12 has an invalid length.
[ 1333.502847][  T322] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9466'.
[ 1334.166251][    C1] 
[ 1334.166260][    C1] ================================
[ 1334.166266][    C1] WARNING: inconsistent lock state
[ 1334.166288][    C1] syzkaller #0 Not tainted
[ 1334.166298][    C1] --------------------------------
[ 1334.166303][    C1] inconsistent {INITIAL USE} -> {IN-NMI} usage.
[ 1334.166310][    C1] syz.4.9474/342 [HC1[1]:SC0[0]:HE0:SE1] takes:
[ 1334.166328][    C1] ffff8880567ea0f8 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x179/0x2f0
[ 1334.166456][    C1] {INITIAL USE} state was registered at:
[ 1334.166463][    C1]   lock_acquire+0x1bb/0x4a0
[ 1334.166484][    C1]   _raw_spin_lock+0x2a/0x40
[ 1334.166503][    C1]   htab_lock_bucket+0x179/0x2f0
[ 1334.166518][    C1]   htab_lru_map_update_elem+0x2eb/0xe60
[ 1334.166533][    C1]   bpf_map_update_value+0x59d/0x670
[ 1334.166550][    C1]   generic_map_update_batch+0x52e/0x7f0
[ 1334.166567][    C1]   bpf_map_do_batch+0x475/0x5f0
[ 1334.166585][    C1]   __sys_bpf+0x6f7/0x780
[ 1334.166602][    C1]   __x64_sys_bpf+0x78/0x90
[ 1334.166619][    C1]   do_syscall_64+0x4c/0xa0
[ 1334.166633][    C1]   entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1334.166659][    C1] irq event stamp: 2212
[ 1334.166664][    C1] hardirqs last  enabled at (2211): [<ffffffff81bac8b2>] __kmalloc_large_node+0x112/0x1f0
[ 1334.166690][    C1] hardirqs last disabled at (2212): [<ffffffff8a2aad9e>] exc_debug+0x6e/0x130
[ 1334.166709][    C1] softirqs last  enabled at (2208): [<ffffffff814f49cb>] __irq_exit_rcu+0x13b/0x230
[ 1334.166727][    C1] softirqs last disabled at (2197): [<ffffffff814f49cb>] __irq_exit_rcu+0x13b/0x230
[ 1334.166745][    C1] 
[ 1334.166745][    C1] other info that might help us debug this:
[ 1334.166750][    C1]  Possible unsafe locking scenario:
[ 1334.166750][    C1] 
[ 1334.166754][    C1]        CPU0
[ 1334.166757][    C1]        ----
[ 1334.166760][    C1]   lock(&htab->lockdep_key);
[ 1334.166770][    C1]   <Interrupt>
[ 1334.166773][    C1]     lock(&htab->lockdep_key);
[ 1334.166783][    C1] 
[ 1334.166783][    C1]  *** DEADLOCK ***
[ 1334.166783][    C1] 
[ 1334.166787][    C1] no locks held by syz.4.9474/342.
[ 1334.166794][    C1] 
[ 1334.166794][    C1] stack backtrace:
[ 1334.166799][    C1] CPU: 1 PID: 342 Comm: syz.4.9474 Not tainted syzkaller #0
[ 1334.166814][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1334.166823][    C1] Call Trace:
[ 1334.166829][    C1]  <#DB>
[ 1334.166837][    C1]  dump_stack_lvl+0x188/0x24e
[ 1334.166859][    C1]  ? show_regs_print_info+0x12/0x12
[ 1334.166885][    C1]  ? print_usage_bug+0x42a/0x690
[ 1334.166907][    C1]  ? verify_lock_unused+0x15/0x140
[ 1334.166932][    C1]  lock_acquire+0x2df/0x4a0
[ 1334.166957][    C1]  ? htab_lock_bucket+0x179/0x2f0
[ 1334.166979][    C1]  ? read_lock_is_recursive+0x10/0x10
[ 1334.167007][    C1]  ? perf_trace_lock+0x301/0x390
[ 1334.167024][    C1]  ? perf_output_begin_forward+0xa7/0xa70
[ 1334.167051][    C1]  _raw_spin_lock+0x2a/0x40
[ 1334.167069][    C1]  ? htab_lock_bucket+0x179/0x2f0
[ 1334.167086][    C1]  htab_lock_bucket+0x179/0x2f0
[ 1334.167109][    C1]  ? htab_lru_map_delete_node+0x610/0x610
[ 1334.167128][    C1]  ? look_up_lock_class+0x75/0x140
[ 1334.167150][    C1]  ? verify_lock_unused+0x15/0x140
[ 1334.167171][    C1]  ? htab_map_hash+0x329/0x6d0
[ 1334.167192][    C1]  htab_lru_map_delete_elem+0x1a1/0x760
[ 1334.167212][    C1]  ? bpf_overflow_handler+0xd9/0x790
[ 1334.167232][    C1]  ? htab_lru_map_update_elem+0xe60/0xe60
[ 1334.167263][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e
[ 1334.167284][    C1]  bpf_overflow_handler+0x50b/0x790
[ 1334.167303][    C1]  ? perf_trace_run_bpf_submit+0x1c0/0x1c0
[ 1334.167328][    C1]  ? bpf_overflow_handler+0xd9/0x790
[ 1334.167345][    C1]  ? perf_swevent_overflow+0x230/0x230
[ 1334.167372][    C1]  ? __perf_event_account_interrupt+0x187/0x280
[ 1334.167398][    C1]  __perf_event_overflow+0x457/0x630
[ 1334.167429][    C1]  perf_swevent_event+0x315/0x570
[ 1334.167454][    C1]  ? perf_tp_event+0xc10/0xc10
[ 1334.167477][    C1]  ? __bpf_trace_bpf_trace_printk+0x20/0x20
[ 1334.167512][    C1]  perf_bp_event+0x311/0x3f0
[ 1334.167541][    C1]  ? perf_event_free_bpf_prog+0x120/0x120
[ 1334.167598][    C1]  ? atomic_notifier_call_chain+0x2c/0x2b0
[ 1334.167620][    C1]  ? read_lock_is_recursive+0x10/0x10
[ 1334.167650][    C1]  hw_breakpoint_exceptions_notify+0x14d/0x470
[ 1334.167717][    C1]  atomic_notifier_call_chain+0x17a/0x2b0
[ 1334.167736][    C1]  ? atomic_notifier_call_chain+0x2c/0x2b0
[ 1334.167759][    C1]  notify_die+0x141/0x1a0
[ 1334.167780][    C1]  ? srcu_init_notifier_head+0x90/0x90
[ 1334.167817][    C1]  notify_debug+0x20/0x30
[ 1334.167845][    C1]  exc_debug+0xd9/0x130
[ 1334.167867][    C1]  asm_exc_debug+0x1a/0x40
[ 1334.167887][    C1] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40
[ 1334.167905][    C1] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 <f3> a4 31 c0 0f 01 ca c3 89 ca eb 0a 90 90 90 90 90 90 90 90 90 90
[ 1334.167918][    C1] RSP: 0018:ffffc90004c5fbc8 EFLAGS: 00050202
[ 1334.167931][    C1] RAX: ffffffff840ff001 RBX: 0000000000100004 RCX: 00000000000ffd64
[ 1334.167943][    C1] RDX: 0000000000100004 RSI: 0000200000000320 RDI: ffff8880458002a0
[ 1334.167954][    C1] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[ 1334.167963][    C1] R10: dffffc0000000000 R11: ffffed1008b20000 R12: 00007fffffefeffc
[ 1334.167975][    C1] R13: 1ffff9200098bf90 R14: ffff888045800000 R15: 0000200000000080
[ 1334.167996][    C1]  ? refcount_dec_and_lock_irqsave+0xe1/0xf0
[ 1334.168026][    C1]  </#DB>
[ 1334.168031][    C1]  <TASK>
[ 1334.168036][    C1]  _copy_from_user+0xf4/0x170
[ 1334.168058][    C1]  generic_map_update_batch+0x48d/0x7f0
[ 1334.168094][    C1]  ? rcu_read_unlock+0xa0/0xa0
[ 1334.168122][    C1]  ? __fdget+0x17c/0x200
[ 1334.168146][    C1]  ? rcu_read_unlock+0xa0/0xa0
[ 1334.168165][    C1]  bpf_map_do_batch+0x475/0x5f0
[ 1334.168185][    C1]  ? bpf_lsm_xfrm_state_pol_flow_match+0x10/0x10
[ 1334.168209][    C1]  __sys_bpf+0x6f7/0x780
[ 1334.168232][    C1]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1334.168277][    C1]  ? lock_chain_count+0x20/0x20
[ 1334.168309][    C1]  __x64_sys_bpf+0x78/0x90
[ 1334.168331][    C1]  do_syscall_64+0x4c/0xa0
[ 1334.168346][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1334.168358][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1334.168376][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1334.168396][    C1] RIP: 0033:0x7f44be59ce59
[ 1334.168410][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1334.168422][    C1] RSP: 002b:00007f44bf37f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1334.168438][    C1] RAX: ffffffffffffffda RBX: 00007f44be815fa0 RCX: 00007f44be59ce59
[ 1334.168449][    C1] RDX: 0000000000000038 RSI: 00002000000009c0 RDI: 000000000000001a
[ 1334.168459][    C1] RBP: 00007f44be632e6f R08: 0000000000000000 R09: 0000000000000000
[ 1334.168469][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1334.168478][    C1] R13: 00007f44be816038 R14: 00007f44be815fa0 R15: 00007ffc0ec68378
[ 1334.168509][    C1]  </TASK>