last executing test programs:

11m56.91713135s ago: executing program 2 (id=7308):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x7ff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000a80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x7e7a7b69c7c8ffd8}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

11m56.673450947s ago: executing program 2 (id=7311):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x300)

11m56.53999702s ago: executing program 2 (id=7314):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x8}, 0xc02, 0x1, 0x0, 0x8, 0x43fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0xbc}]}, &(0x7f0000000100)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x9, 0x830d}, 0x100600, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

11m55.944430936s ago: executing program 2 (id=7318):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a0006", 0x1b}], 0x1, 0x0, 0x0, 0x8100000}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="bb00000031000b63ddd2006c8c6f59bab50100d0c96ffc6010", 0x19}], 0x1}, 0x4000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080010000000e8fe55a1180015000600142603600e120500211dff000401a8001600a400014020", 0x39}], 0x1}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

11m55.649264904s ago: executing program 2 (id=7321):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x300)

11m55.280928064s ago: executing program 2 (id=7324):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38)
syz_clone(0x200c8000, 0x0, 0x0, 0x0, 0x0, 0x0)

11m40.170555278s ago: executing program 32 (id=7324):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38)
syz_clone(0x200c8000, 0x0, 0x0, 0x0, 0x0, 0x0)

10.206844586s ago: executing program 0 (id=10139):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x2}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000380), 0x6c0ec0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0))
socket$kcm(0x10, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xb8}, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x100, 0x0, 0x0, 0x8, 0x1, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0xa, 0x5, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000000, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

9.143814415s ago: executing program 0 (id=10142):
socket$kcm(0x10, 0x2, 0x4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000480)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00400020208000200050001", 0x2f}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000010006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) (fail_nth: 1)

8.979375219s ago: executing program 4 (id=10144):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x60)
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af58", 0x800}, {&(0x7f00000011c0)="9d7fcf3efc6316a6a555ba8b4726d7ccaf8a060000009cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71ad21b965f615b31105d60a4b16fa2fa1371850a1be85ffcad45b49422b2121d709014f49cf6bd1d18acc4c19e4356669a2ac3e05d5cdc6f0f485c1eb52ea8faf7e83a1468b6a491e71ae3d03cd9677e72413954feae71b5775a6e3e9fa9db9e1ed56e56bff66a7a86214d8145d878e26fa35bd55db98ecdef374d26a5d9cd0e89f3ae45be2d8e1d98ee0865fb64d6dd1e8c89608733370f12be1495d81b36dd72cc28e9c9b2c45f925b38b21818d93ce604772c21824e45793c4073eb44773f8e42c9ebb297dd5e76e856a22253c0e8a80f33b4d015c3f9c0c26bcdd6b440322a23b10d507eecead59faa166bdac1bd840211336dc0c", 0x129}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0xff00)

8.908243641s ago: executing program 4 (id=10145):
r0 = socket$kcm(0x10, 0x2, 0x4)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000005c0)=r1, 0x12)
r4 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1, 0x12)
r5 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x7, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x8}, 0x10c002, 0xac5d, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000480)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00400020208000200050001", 0x2f}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg$inet(r0, &(0x7f0000000a80)={&(0x7f0000000200)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000240)="dd66f3e412236fb5d79a84f9c15bc03be2e397d26135f7c9509f090398001fb34aa31b2a5269e0a10f7b47ae1c190c423709c6bf8761134f5c836e16cd1281b3c6f96fedf34e0c73975a6ce778ebee50", 0x60}, {&(0x7f00000002c0)="b0a70e6b8b7db85d41069249b07cb80e9ceb7867dcc1a9a0fa13d3a5bbc27209eb742450233be8a1040e8c1b3731a702e385f58b27f83274a65b072a8ac116f4561658e1a411d7187f9ea16673c97fcdf706e909de129e38cffc5e793c8a879143dcd8a1d7649bcb5951770e4392fc0daaa0bddf43cc6cd7909c84b8473037bad09f5efed0313e63fdc196000000", 0x8e}, {&(0x7f0000000400)="8535a16344a28e446b2f2bd8f886cb147918018512b261796b622f1097c9d1fbd5c0491f99897f57c452b50ad37b3af274fdcc57b22bfd897c98a5d40424129acebc78750441", 0x46}, {&(0x7f0000000600)="947bfac20823d38a7d8289a385ea1c600192a052e67f82b40e99d10c9e8e10194fff627b703933cedd545fd4024002cfcb2c939d42d0c6c246a9c00db84898f09ea88990bdef521a1670bcb8f0670d0d9d0c2593067531a6abaf05ee07b81d0a7c0987910a21ff35e9cc10ece6265d994499c84ba4836780460553b2f6e8ca84b214990b8180274b55a2f135548d6b50502a4e83077766a3c155840b49ac731c74de3cc2349edffea5cb96b0adf140a840f7b67cf0f72e94b56ea58021ff9662c812ead2ac206bc3b44d50f333119bfd81dff6de3c448de08efe5605edaabff03b8551c885a8e734710d23c6a36a3b1d3d75", 0xf2}, {&(0x7f0000000700)="3a6b6fe6cd2ad2febffbbb2ef594770c4801049a67c32051d74255662ca6798ee2055fc6189719bbd040552c779af389f33fdcd7aa45b345f2491fc6a0ddc86e554b563d", 0x44}, {&(0x7f0000000780)="58fb015d8f070f77341431fcba10fa6016bce0981051f32dace742bbfab87f37009e84271adf432f59c6fd92b9fb0c885d1d862f8b30d08001f8154e415d646a59ce9f48879495a9d9552b75ebd1830b1037ee06cd6290521a1e6ca0b232649ad54fa03ff50becc18cf2ec8af4e5916dac4dbbff37ab0fe4c41724d589ccc4c825534d48d2cab9cc70470d8675597f7c98a19e37c83bdc6a9fa4d5c464ba3659d145b0d3cc7d3d6f1ac7cb1f236ad6f7dc51458a4a8cfc5f0c18a4f4df11ca020a70d713add9fab64b75712540862c29a22ffd5eb9ef8cda9753cd36a5fdac66ae954272803f242d44a25b1d614c2b497b353ba2853c0f63c4", 0xf9}, {&(0x7f0000000880)="26f744ce339db69bd4d074580261c94923954556f6e2779a03640b3489cfe3ed742f143b8ab6af74140a13fb507f72bf3e835b05221cff85babb322aaedc7b0b2c8b08aa176d36d62fedab40ba34c6f2a2a03166ab5b9d6a751a32d779a018711facde3b53a8288c0556f34e416d3882106eea5502e35c3d4b1b9ef236be98983afad49826c9583708bf3c1a05c34c0da19ab9aaef82ec91e29a165d50d8c7548cc80b76646325504b62475deac7ef2a6755ef8be73c9501fd1b0044e7816b8d75a87620a4506eba69864e30feec1649c075c278f44b19170b6455ebae79092793e5064d293991c571a3c238fb03168184f5f0df774992c451771e6171d282", 0xff}, {&(0x7f0000000380)="60720616226e5f4fa66679"}], 0x7, &(0x7f0000000a00)=ANY=[@ANYBLOB="14008fa6eb480000000000000000000000070000000144923c800000000500000004000000030000000600000004890b67ac1e00010a0101018706770cb61a070bdeac14140700000001000000110000000000000000000000010000000200"/117], 0x78}, 0x4000)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000100)={0x1ff}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000010006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

8.633718989s ago: executing program 0 (id=10146):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x40200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2420, 0x0, 0x0, 0x3, 0x3, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8=r4], 0x9a)

7.871456049s ago: executing program 0 (id=10149):
perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0xf, 0x0, 0x0, 0x400, 0x1e37cf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x200, 0x0, 0x7, 0x0, 0x100}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00'}, 0x94)
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8919, &(0x7f0000000040)={'ip6_vti0\x00', @random="02000400"})
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x200048cc)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000700)="d80000001000810468f70082db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94000534cf6ee08000a0e408e8dd095618e1f4dff3a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000004)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000140)={'wlan1\x00', @random="0100000000eb"})
r5 = socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x401e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xd, 0xd1c}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d0800fe007c05e8fe55a115000100ff00142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0)

7.81684609s ago: executing program 4 (id=10150):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x2}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000380), 0x6c0ec0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0))
socket$kcm(0x10, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xb8}, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x100, 0x0, 0x0, 0x8, 0x1, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0xa, 0x5, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000000, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.49423617s ago: executing program 1 (id=10152):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="050000ffff000000711161d776710000000000ee41b6b841fdcd794a4cac15014f08b81dfe4eb13baa068e23224f90918369b60002000800850000000500130095000300000000009540a505000000004f4e9f1abe79f4191bd82cc22fee427b4aa16e2c556afe263f8a9231bca47d2f87ad2519a244eaf1f329637e4fa6bd0f7a934f2f6c87ca81fc6fe1cb3c08e7042e5831c6df342c98e7edacb29308c804f2cc8095be2f9a83d7c020db17fb7459a36a5b7c3d35875e64dcffff3b9b6cd4b8a2f824193fcbba473a451e"], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x10, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x6}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x40047440, &(0x7f0000001200))
recvmsg$unix(r0, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x45, &(0x7f0000000040), 0x4)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000440)=[0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000580)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0xea, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0x13, &(0x7f0000000200)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x1}, @jmp={0x5, 0x1, 0x5, 0x2, 0xa, 0xffffffffffffffe0, 0xfffffffffffffff0}], &(0x7f0000000340)='GPL\x00', 0x4, 0x71, &(0x7f0000000380)=""/113, 0x41000, 0x0, '\x00', r4, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000800)={0x4, 0x0, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000840)=[{0x0, 0x2, 0x10, 0x5}], 0x10, 0x2}, 0x94)
r5 = socket$kcm(0xa, 0x5, 0x0)
r6 = socket$kcm(0xa, 0x5, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events.local\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00', @ANYRES32=r7], 0x48)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x8002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000002c0)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000500eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20004080)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8916, &(0x7f0000000000)={r6})
r9 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x8916, &(0x7f0000000000)={r9})
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x8936, &(0x7f0000000000)={r6})

4.493987619s ago: executing program 3 (id=10153):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x60)
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0", 0xc00}, {&(0x7f00000011c0)="9d7fcf3efc6316a6a555ba8b4726d7ccaf8a060000009cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71ad21b965f615b31105d60a4b16fa2fa1371850a1be85ffcad45b49422b2121d709014f49cf6bd1d18acc4c19e4356669a2ac3e05d5cdc6f0f485c1eb52ea8faf7e83a1468b6a491e71ae3d03cd9677e72413954feae71b5775a6e3e9fa9db9e1ed56e56bff66a7a86214d8145d878e26fa35bd55db98ecdef374d26a5d9cd0e89f3ae45be2d8e1d98ee0865fb64d6dd1e8c89608733370f12be1495d81b36dd72cc28e9c9b2c45f925b38b21818d93ce604772c21824e45793c4073eb44773f8e42c9ebb297dd5e76e856a22253c0e8a80f33b4d015c3f9c0c26bcdd6b440322a23b10d507eecead59faa166bdac1bd840211336dc0c", 0x129}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0xff00)

4.401581772s ago: executing program 0 (id=10154):
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x2, 0x7ff}, 0x104101, 0x4, 0xffffffff, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5db}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x6, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x200}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8264, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x2018, 0xf0, 0x80000000, 0x4, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
close(0x3)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{0x0}], 0x1}, 0x4000080)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2d, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1)
socket$kcm(0x11, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, 0x0, 0x20008000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r5)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4840)
r7 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x6, 0xb61}, 0x828, 0x0, 0x0, 0x3, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x25, 0x5, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b06d25a806c8c6f94f90424fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r3, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x3, &(0x7f00000005c0)=@raw=[@map_idx={0x18, 0xa}, @call={0x85, 0x0, 0x0, 0x3e}], &(0x7f00000006c0)='syzkaller\x00', 0x3, 0xbd, &(0x7f0000000700)=""/189, 0x40f00, 0x34, '\x00', r8, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000800)={0x4, 0x0, 0x4, 0xd9}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000840)=[{0x4, 0x3, 0x3, 0x1}, {0x0, 0x2, 0xe}], 0x10, 0x28000}, 0x94)

4.386628613s ago: executing program 4 (id=10155):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0xd, &(0x7f0000000180)=[{&(0x7f0000000000)="8200000010008188040f80ec59acbc0413a1f848120000005e0c0000000000000e000a001400000002800000121f", 0x82}], 0x1}, 0x0)

4.343405414s ago: executing program 3 (id=10156):
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffa}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x9)
socket$kcm(0x10, 0x400000002, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x410, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x21, 0x2, 0x2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, r0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000c40)="02", 0x1}], 0x1}, 0x408c4)

4.10872567s ago: executing program 4 (id=10157):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="050000ffff000000711161d776710000000000ee41b6b841fdcd794a4cac15014f08b81dfe4eb13baa068e23224f90918369b60002000800850000000500130095000300000000009540a505000000004f4e9f1abe79f4191bd82cc22fee427b4aa16e2c556afe263f8a9231bca47d2f87ad2519a244eaf1f329637e4fa6bd0f7a934f2f6c87ca81fc6fe1cb3c08e7042e5831c6df342c98e7edacb29308c804f2cc8095be2f9a83d7c020db17fb7459a36a5b7c3d35875e64dcffff3b9b6cd4b8a2f824193fcbba473a451e"], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x10, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x6}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x40047440, &(0x7f0000001200))
recvmsg$unix(r0, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x45, &(0x7f0000000040), 0x4)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000440)=[0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000580)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0xea, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0x13, &(0x7f0000000200)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x1}, @jmp={0x5, 0x1, 0x5, 0x2, 0xa, 0xffffffffffffffe0, 0xfffffffffffffff0}], &(0x7f0000000340)='GPL\x00', 0x4, 0x71, &(0x7f0000000380)=""/113, 0x41000, 0x0, '\x00', r4, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000800)={0x4, 0x0, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000840)=[{0x0, 0x2, 0x10, 0x5}], 0x10, 0x2}, 0x94)
r5 = socket$kcm(0xa, 0x5, 0x0)
r6 = socket$kcm(0xa, 0x5, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events.local\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00', @ANYRES32=r7], 0x48)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x8002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00')
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, 0x0, 0x20004080)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8916, &(0x7f0000000000)={r6})
r9 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x8916, &(0x7f0000000000)={r9})
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x8936, &(0x7f0000000000)={r6})

3.975030243s ago: executing program 3 (id=10158):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x40200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2420, 0x0, 0x0, 0x3, 0x3, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8=r4], 0x9a)

3.501693186s ago: executing program 1 (id=10159):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x10001, 0x0, 0xe, 0xc}, {0x2}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b9040a00", 0x12}], 0x1}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0x2c}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xbfc}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x20)

3.501087366s ago: executing program 3 (id=10160):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x40200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2420, 0x0, 0x0, 0x3, 0x3, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8], 0x9a)

3.258253182s ago: executing program 3 (id=10161):
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x2, 0x7ff}, 0x104101, 0x4, 0xffffffff, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5db}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x6, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x200}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8264, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x2018, 0xf0, 0x80000000, 0x4, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
close(0x3)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{0x0}], 0x1}, 0x4000080)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2d, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1)
socket$kcm(0x11, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, 0x0, 0x20008000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r5)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4840)
r7 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x6, 0xb61}, 0x828, 0x0, 0x0, 0x3, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x25, 0x5, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b06d25a806c8c6f94f90424fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r3, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x3, &(0x7f00000005c0)=@raw=[@map_idx={0x18, 0xa}, @call={0x85, 0x0, 0x0, 0x3e}], &(0x7f00000006c0)='syzkaller\x00', 0x3, 0xbd, &(0x7f0000000700)=""/189, 0x40f00, 0x34, '\x00', r8, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000800)={0x4, 0x0, 0x4, 0xd9}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000840)=[{0x4, 0x3, 0x3, 0x1}, {0x0, 0x2, 0xe}], 0x10, 0x28000}, 0x94)

3.256635662s ago: executing program 0 (id=10169):
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x2, 0x7ff}, 0x104101, 0x4, 0xffffffff, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5db}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x6, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x200}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8264, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x2018, 0xf0, 0x80000000, 0x4, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
close(0x3)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{0x0}], 0x1}, 0x4000080)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2d, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1)
socket$kcm(0x11, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, 0x0, 0x20008000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r5)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4840)
r7 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x6, 0xb61}, 0x828, 0x0, 0x0, 0x3, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x25, 0x5, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b06d25a806c8c6f94f90424fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r3, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x3, &(0x7f00000005c0)=@raw=[@map_idx={0x18, 0xa}, @call={0x85, 0x0, 0x0, 0x3e}], &(0x7f00000006c0)='syzkaller\x00', 0x3, 0xbd, &(0x7f0000000700)=""/189, 0x40f00, 0x34, '\x00', r8, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000800)={0x4, 0x0, 0x4, 0xd9}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000840)=[{0x4, 0x3, 0x3, 0x1}, {0x0, 0x2, 0xe}], 0x10, 0x28000}, 0x94)

3.164197725s ago: executing program 1 (id=10162):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d58c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb6220030100dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000066d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c9727ec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f0dafc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa1c22015e53fd8a46be933ab460d8629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8f12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0x0, 0x0, 0x400000, 0x0, 0x3}, 0x0, 0xc, 0xffffffffffffffff, 0x3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x2102)
write$cgroup_subtree(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="8f03120000000060007538e486dd630ace2211057300fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4)

3.163276245s ago: executing program 4 (id=10163):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x2}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000380), 0x6c0ec0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac59}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0))
socket$kcm(0x10, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xb8}, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x100, 0x0, 0x0, 0x8, 0x1, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0xa, 0x5, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000000, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.053729608s ago: executing program 1 (id=10164):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x60)
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0", 0xc00}, {&(0x7f00000011c0)="9d7fcf3efc6316a6a555ba8b4726d7ccaf8a060000009cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71ad21b965f615b31105d60a4b16fa2fa1371850a1be85ffcad45b49422b2121d709014f49cf6bd1d18acc4c19e4356669a2ac3e05d5cdc6f0f485c1eb52ea8faf7e83a1468b6a491e71ae3d03cd9677e72413954feae71b5775a6e3e9fa9db9e1ed56e56bff66a7a86214d8145d878e26fa35bd55db98ecdef374d26a5d9cd0e89f3ae45be2d8e1d98ee0865fb64d6dd1e8c89608733370f12be1495d81b36dd72cc28e9c9b2c45f925b38b21818d93ce604772c21824e45793c4073eb44773f8e42c9ebb297dd5e76e856a22253c0e8a80f33b4d015c3f9c0c26bcdd6b440322a23b10d507eecead59faa166bdac1bd840211336dc0c", 0x129}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0xff00)

2.891424072s ago: executing program 1 (id=10165):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4315}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="130300007800911fdabcf8b3077fa54a07"], 0xfe33)
r2 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xf}, 0x8008, 0xca, 0x0, 0x1, 0x0, 0x40000010, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xf, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
perf_event_open$cgroup(&(0x7f0000000540)={0x4, 0x80, 0x3, 0x9, 0x1, 0x5, 0x0, 0xf403, 0x0, 0xf, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0xb, 0x1, @perf_config_ext={0x9, 0xffffffffffffff86}, 0x9083, 0x6, 0x9, 0x0, 0x80, 0x4, 0x5, 0x0, 0x6, 0x0, 0xfffffffffffffff8}, r3, 0x9, r2, 0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff000f0000711060000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0xfffffdfc, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b70000000000000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ec0)={r4, 0xe0, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000bc0)=[0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f0000000c40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000c80)=[0x0], 0x0, 0x83, &(0x7f0000000cc0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000d00), &(0x7f0000000d40), 0x8, 0xa6, 0x8, 0x8, &(0x7f0000000d80)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x0, 0x10, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x101}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}]}, &(0x7f0000000740)='syzkaller\x00', 0x4, 0x74, &(0x7f0000000b40)=""/116, 0x41100, 0x4e, '\x00', r10, 0x0, r7, 0x8, &(0x7f0000000f00)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000f40)={0x5, 0x4, 0xc, 0x5c9a}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000f80)=[r8, r8, r7, r8], &(0x7f0000000fc0)=[{0x4, 0x4, 0xd, 0x8}, {0x0, 0x5, 0xb}, {0x5, 0x2, 0x5}, {0x3, 0x1, 0xf}, {0x1, 0x3, 0x7, 0x6}, {0x4, 0x3, 0x1, 0xc}, {0x1, 0x4, 0x1, 0xc}, {0x0, 0x3, 0x8, 0x5}], 0x10, 0xfffffffe}, 0x94)
syz_clone(0x200, &(0x7f0000000840)="e3300269c3fe71cc9cca19e99d6ffbc2f52b991a0a662e23e9afca30a96319be48e7d50701ec55db0e52c28dccacb0866f1cac212e26b9a0964e47a94f8f9a63fd42b845925639ecfc8635be9a4be33b24049f12166f0187e4842c808f074e7499de2698bf6c4684996df64a3a3d71a4ed786e9d95cdcc418f0ec9c9a2f288e182e696d986acc8a0dc11f15b84e2e8488f96713f575373abd8d23db329b07a3038091ddc10688ca48eb87df5b24477624aa96ee694865405f6e938a55656b92b3f19f87a05627417e14dcb581264da79", 0xd0, &(0x7f0000000940), &(0x7f0000000980), &(0x7f0000000a40)="e73b81c80e2fca2d24d3082f98cbbcc23401bcfc172b696a116898a55ba6e8717542b084b2e7c0d53a4f78a1769d674a972c0a83098a2b4092871b3c6c22bfb11913a80c275abb2fac8b9ce529f3993c6efb78a6bcb9f50e0bbe9ab6aa71b49ddf2c6b614bea289af1becd16d6d24dd6b64e9b738893466afbdfd7e6aa1de5a57f793248c704eef8ba21de84a885b43d1e62ddfe401574524a33674d836f8fd90e80ffb9dfa5236bf48731a29031d9b212ab926d55536c3f45da507d1f188aa3cbfcfd1de65b9f062ea6560bf660e410a94d6805223d470efd64af822d2e56365fe0478feefbc13c3e67040deea3b975")
close(0x3)
r11 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r11, &(0x7f0000000080)=ANY=[@ANYBLOB="13030000760091"], 0xfe33)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r9, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r8, 0x72}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, 0x0, 0x0}, 0x94)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f0000000040)={'geneve0\x00', 0x7102})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(r7, &(0x7f00000000c0)=ANY=[@ANYRES8=r6, @ANYRESDEC], 0x12)

8.760259ms ago: executing program 1 (id=10166):
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffa}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x9)
socket$kcm(0x10, 0x400000002, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r0 = perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x410, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x21, 0x2, 0x2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, r0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000c40)="02", 0x1}], 0x1}, 0x408c4)

0s ago: executing program 3 (id=10167):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000480)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001a", 0x23}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000010006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

kernel console output (not intermixed with test programs):

ngth.
[ 1586.450922][T28073]  ? load_image+0x420/0x420
[ 1586.450976][T28073]  sysfs_create_dir_ns+0x26e/0x2a0
[ 1586.451005][T28073]  ? sysfs_warn_dup+0xa0/0xa0
[ 1586.451031][T28073]  ? do_raw_spin_unlock+0x121/0x230
[ 1586.451065][T28073]  kobject_add_internal+0x61c/0xcc0
[ 1586.451104][T28073]  kobject_add+0x164/0x240
[ 1586.451130][T28073]  ? __rwlock_init+0x150/0x150
[ 1586.451162][T28073]  ? kobject_init+0x1e0/0x1e0
[ 1586.451187][T28073]  ? _raw_spin_unlock+0x28/0x40
[ 1586.505628][T28073]  ? get_device_parent+0x366/0x390
[ 1586.510825][T28073]  device_add+0x408/0xc20
[ 1586.515435][T28073]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1586.520436][T28073]  le_conn_complete_evt+0xf5d/0x1540
[ 1586.526084][T28073]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[ 1586.533108][T28073]  ? bt_info+0x180/0x180
[ 1586.537427][T28073]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1586.543351][T28073]  ? skb_pull_data+0xfb/0x200
[ 1586.548170][T28073]  hci_le_enh_conn_complete_evt+0x189/0x460
[ 1586.554208][T28073]  ? hci_le_remote_conn_param_req_evt+0xce0/0xce0
[ 1586.560786][T28073]  ? hci_remote_host_features_evt+0x150/0x150
[ 1586.567117][T28073]  hci_event_packet+0x7ba/0x1270
[ 1586.572396][T28073]  ? bis_list+0x290/0x290
[ 1586.576781][T28073]  ? lockdep_hardirqs_on+0x98/0x150
[ 1586.582143][T28073]  ? hci_send_to_monitor+0xd7/0x4f0
[ 1586.587579][T28073]  hci_rx_work+0x43a/0xd60
[ 1586.592303][T28073]  ? process_scheduled_works+0x96f/0x15d0
[ 1586.598357][T28073]  process_scheduled_works+0xa5d/0x15d0
[ 1586.604114][T28073]  ? worker_attach_to_pool+0x380/0x380
[ 1586.609731][T28073]  ? assign_work+0x3d2/0x5d0
[ 1586.614387][T28073]  worker_thread+0xa55/0xfc0
[ 1586.619096][T28073]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1586.625146][T28073]  ? _raw_spin_unlock+0x40/0x40
[ 1586.630222][T28073]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1586.636468][T28073]  kthread+0x2fa/0x390
[ 1586.640684][T28073]  ? pr_cont_work+0x560/0x560
[ 1586.645674][T28073]  ? kthread_blkcg+0xd0/0xd0
[ 1586.650400][T28073]  ret_from_fork+0x48/0x80
[ 1586.654887][T28073]  ? kthread_blkcg+0xd0/0xd0
[ 1586.659803][T28073]  ret_from_fork_asm+0x11/0x20
[ 1586.665011][T28073]  </TASK>
[ 1586.670359][T28073] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1586.684791][T28073] Bluetooth: hci3: failed to register connection device
[ 1588.736234][T28073] Bluetooth: hci3: command 0x0406 tx timeout
[ 1590.252454][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1590.547294][T30270] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8657'.
[ 1590.748370][T30276] netlink: 'syz.0.8658': attribute type 29 has an invalid length.
[ 1590.774746][T30276] netlink: 'syz.0.8658': attribute type 29 has an invalid length.
[ 1590.800612][T30273] netlink: 'syz.0.8658': attribute type 29 has an invalid length.
[ 1590.821189][T28073] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30
[ 1590.829808][T28073] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[ 1590.840623][T28073] CPU: 0 PID: 28073 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 1590.848349][T28073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1590.858897][T28073] Workqueue: hci3 hci_rx_work
[ 1590.863623][T28073] Call Trace:
[ 1590.866947][T28073]  <TASK>
[ 1590.870233][T28073]  dump_stack_lvl+0x18c/0x250
[ 1590.875134][T28073]  ? show_regs_print_info+0x20/0x20
[ 1590.880369][T28073]  ? load_image+0x420/0x420
[ 1590.884938][T28073]  sysfs_create_dir_ns+0x26e/0x2a0
[ 1590.890250][T28073]  ? sysfs_warn_dup+0xa0/0xa0
[ 1590.895038][T28073]  ? do_raw_spin_unlock+0x121/0x230
[ 1590.900456][T28073]  kobject_add_internal+0x61c/0xcc0
[ 1590.905702][T28073]  kobject_add+0x164/0x240
[ 1590.910240][T28073]  ? __rwlock_init+0x150/0x150
[ 1590.915219][T28073]  ? kobject_init+0x1e0/0x1e0
[ 1590.919922][T28073]  ? _raw_spin_unlock+0x28/0x40
[ 1590.925076][T28073]  ? get_device_parent+0x366/0x390
[ 1590.930350][T28073]  device_add+0x408/0xc20
[ 1590.934830][T28073]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1590.939985][T28073]  le_conn_complete_evt+0xf5d/0x1540
[ 1590.945930][T28073]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[ 1590.953900][T28073]  ? bt_info+0x180/0x180
[ 1590.958292][T28073]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1590.964045][T28073]  ? skb_pull_data+0xfb/0x200
[ 1590.969101][T28073]  hci_le_enh_conn_complete_evt+0x189/0x460
[ 1590.975508][T28073]  ? hci_le_remote_conn_param_req_evt+0xce0/0xce0
[ 1590.982257][T28073]  ? hci_remote_host_features_evt+0x150/0x150
[ 1590.988726][T28073]  hci_event_packet+0x7ba/0x1270
[ 1590.993791][T28073]  ? bis_list+0x290/0x290
[ 1590.998355][T28073]  ? lockdep_hardirqs_on+0x98/0x150
[ 1591.004036][T28073]  ? hci_send_to_monitor+0xd7/0x4f0
[ 1591.009749][T28073]  hci_rx_work+0x43a/0xd60
[ 1591.014319][T28073]  ? process_scheduled_works+0x96f/0x15d0
[ 1591.020174][T28073]  process_scheduled_works+0xa5d/0x15d0
[ 1591.025787][T28073]  ? worker_attach_to_pool+0x380/0x380
[ 1591.031281][T28073]  ? assign_work+0x3d2/0x5d0
[ 1591.036028][T28073]  worker_thread+0xa55/0xfc0
[ 1591.040655][T28073]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1591.046788][T28073]  ? _raw_spin_unlock+0x40/0x40
[ 1591.051759][T28073]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1591.057878][T28073]  kthread+0x2fa/0x390
[ 1591.062056][T28073]  ? pr_cont_work+0x560/0x560
[ 1591.066760][T28073]  ? kthread_blkcg+0xd0/0xd0
[ 1591.071393][T28073]  ret_from_fork+0x48/0x80
[ 1591.076038][T28073]  ? kthread_blkcg+0xd0/0xd0
[ 1591.080670][T28073]  ret_from_fork_asm+0x11/0x20
[ 1591.085487][T28073]  </TASK>
[ 1591.093105][T28073] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1591.107695][T28073] Bluetooth: hci3: failed to register connection device
[ 1591.116656][T30277] netlink: 'syz.0.8658': attribute type 29 has an invalid length.
[ 1591.253167][T30279] netlink: 'syz.4.8660': attribute type 10 has an invalid length.
[ 1593.126235][T12256] Bluetooth: hci3: command 0x0406 tx timeout
[ 1594.657754][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1594.700291][T30313] netlink: 'syz.1.8669': attribute type 29 has an invalid length.
[ 1594.728597][T30313] netlink: 'syz.1.8669': attribute type 29 has an invalid length.
[ 1594.738709][T30311] netlink: 'syz.1.8669': attribute type 29 has an invalid length.
[ 1594.750295][T30313] netlink: 'syz.1.8669': attribute type 29 has an invalid length.
[ 1595.264841][T30315] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8670'.
[ 1595.909948][T30331] netlink: 'syz.1.8674': attribute type 10 has an invalid length.
[ 1598.692704][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1598.785544][T30352] netlink: 'syz.4.8681': attribute type 29 has an invalid length.
[ 1598.842178][T30352] netlink: 'syz.4.8681': attribute type 29 has an invalid length.
[ 1598.883137][T30349] netlink: 'syz.4.8681': attribute type 29 has an invalid length.
[ 1598.908198][T30353] netlink: 'syz.4.8681': attribute type 29 has an invalid length.
[ 1602.351936][T30375] netlink: 'syz.3.8688': attribute type 10 has an invalid length.
[ 1602.593118][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1602.610583][T30386] netlink: 'syz.1.8694': attribute type 29 has an invalid length.
[ 1602.630051][T30386] netlink: 'syz.1.8694': attribute type 29 has an invalid length.
[ 1602.653375][T30385] netlink: 'syz.1.8694': attribute type 29 has an invalid length.
[ 1602.664277][T30387] netlink: 'syz.1.8694': attribute type 29 has an invalid length.
[ 1602.977758][T30391] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8696'.
[ 1605.211560][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1606.298425][T30421] netlink: 'syz.1.8705': attribute type 29 has an invalid length.
[ 1606.314549][T30421] netlink: 'syz.1.8705': attribute type 29 has an invalid length.
[ 1606.324426][T30420] netlink: 'syz.1.8705': attribute type 29 has an invalid length.
[ 1606.339118][T30421] netlink: 'syz.1.8705': attribute type 29 has an invalid length.
[ 1606.594917][T30427] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8708'.
[ 1606.800859][T30436] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8710'.
[ 1608.064394][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1608.071030][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1608.132380][T30445] netlink: 128 bytes leftover after parsing attributes in process `syz.4.8714'.
[ 1608.300074][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1608.572516][T30458] netlink: 'syz.0.8718': attribute type 29 has an invalid length.
[ 1608.612921][T30458] netlink: 'syz.0.8718': attribute type 29 has an invalid length.
[ 1608.657296][T30457] netlink: 'syz.0.8718': attribute type 29 has an invalid length.
[ 1608.720557][T30463] netlink: 'syz.0.8718': attribute type 29 has an invalid length.
[ 1610.054716][T30477] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8725'.
[ 1610.348190][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1610.483510][T30494] netlink: 'syz.1.8731': attribute type 29 has an invalid length.
[ 1610.518603][T30494] netlink: 'syz.1.8731': attribute type 29 has an invalid length.
[ 1610.527792][T30491] netlink: 'syz.1.8731': attribute type 29 has an invalid length.
[ 1610.539590][T30491] netlink: 'syz.1.8731': attribute type 29 has an invalid length.
[ 1610.982781][T30504] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8734'.
[ 1611.552659][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1611.640458][T30522] netlink: 'syz.1.8744': attribute type 29 has an invalid length.
[ 1611.654361][T30522] netlink: 'syz.1.8744': attribute type 29 has an invalid length.
[ 1612.041456][T30535] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8748'.
[ 1612.230896][T30537] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8750'.
[ 1612.891181][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1615.984582][T30558] validate_nla: 6 callbacks suppressed
[ 1615.984640][T30558] netlink: 'syz.1.8758': attribute type 10 has an invalid length.
[ 1616.064627][T30565] netlink: 'syz.0.8759': attribute type 29 has an invalid length.
[ 1616.089203][T30565] netlink: 'syz.0.8759': attribute type 29 has an invalid length.
[ 1616.106846][T30560] netlink: 'syz.0.8759': attribute type 29 has an invalid length.
[ 1616.133973][T30565] netlink: 'syz.0.8759': attribute type 29 has an invalid length.
[ 1616.434991][T30575] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8763'.
[ 1617.022245][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1617.557784][T30585] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8769'.
[ 1618.446425][T30595] netlink: 'syz.1.8772': attribute type 10 has an invalid length.
[ 1620.338989][T30601] netlink: 'syz.0.8773': attribute type 29 has an invalid length.
[ 1620.348109][T30601] netlink: 'syz.0.8773': attribute type 29 has an invalid length.
[ 1620.357273][T30597] netlink: 'syz.0.8773': attribute type 29 has an invalid length.
[ 1620.376944][T30601] netlink: 'syz.0.8773': attribute type 29 has an invalid length.
[ 1620.821096][T30610] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8777'.
[ 1621.922956][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1622.143531][T30623] validate_nla: 1 callbacks suppressed
[ 1622.143632][T30623] netlink: 'syz.3.8783': attribute type 10 has an invalid length.
[ 1622.302282][T30631] netlink: 'syz.4.8785': attribute type 29 has an invalid length.
[ 1622.326705][T30631] netlink: 'syz.4.8785': attribute type 29 has an invalid length.
[ 1622.367191][T30630] netlink: 'syz.4.8785': attribute type 29 has an invalid length.
[ 1622.392911][T30632] netlink: 'syz.4.8785': attribute type 29 has an invalid length.
[ 1622.471294][T30625] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8784'.
[ 1622.829104][T30643] netlink: 'syz.4.8788': attribute type 10 has an invalid length.
[ 1622.923655][T30642] netlink: 'syz.0.8789': attribute type 10 has an invalid length.
[ 1623.267948][T30651] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8790'.
[ 1623.697436][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1624.097888][T30659] netlink: 'syz.1.8796': attribute type 10 has an invalid length.
[ 1624.139443][T30664] netlink: 'syz.0.8797': attribute type 29 has an invalid length.
[ 1624.147976][T30664] netlink: 'syz.0.8797': attribute type 29 has an invalid length.
[ 1625.009063][T30677] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8803'.
[ 1625.396115][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1627.095272][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1629.265696][T30709] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8817'.
[ 1629.615624][T30725] validate_nla: 10 callbacks suppressed
[ 1629.615646][T30725] netlink: 'syz.0.8821': attribute type 29 has an invalid length.
[ 1629.646969][T30725] netlink: 'syz.0.8821': attribute type 29 has an invalid length.
[ 1629.710722][T30722] netlink: 'syz.0.8821': attribute type 29 has an invalid length.
[ 1629.750561][T30725] netlink: 'syz.0.8821': attribute type 29 has an invalid length.
[ 1629.990808][T30732] netlink: 'syz.1.8826': attribute type 10 has an invalid length.
[ 1630.308788][T30741] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8828'.
[ 1630.496096][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1630.704085][T30754] netlink: 'syz.3.8832': attribute type 29 has an invalid length.
[ 1630.753540][T30754] netlink: 'syz.3.8832': attribute type 29 has an invalid length.
[ 1630.814120][T30753] netlink: 'syz.3.8832': attribute type 29 has an invalid length.
[ 1630.835402][T30756] netlink: 'syz.3.8832': attribute type 29 has an invalid length.
[ 1633.782198][T30771] netlink: 'syz.4.8837': attribute type 10 has an invalid length.
[ 1634.161693][T30783] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8839'.
[ 1634.486993][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1637.730453][T30805] validate_nla: 4 callbacks suppressed
[ 1637.730607][T30805] netlink: 'syz.4.8848': attribute type 10 has an invalid length.
[ 1638.019095][T30820] netlink: 'syz.1.8852': attribute type 29 has an invalid length.
[ 1638.027714][T30820] netlink: 'syz.1.8852': attribute type 29 has an invalid length.
[ 1638.037117][T30815] netlink: 'syz.1.8852': attribute type 29 has an invalid length.
[ 1638.053077][T30821] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8853'.
[ 1638.062808][T30820] netlink: 'syz.1.8852': attribute type 29 has an invalid length.
[ 1638.466446][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1639.124144][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1639.579495][T30841] netlink: 'syz.4.8861': attribute type 10 has an invalid length.
[ 1639.629790][T30848] netlink: 'syz.3.8865': attribute type 29 has an invalid length.
[ 1639.659825][T30848] netlink: 'syz.3.8865': attribute type 29 has an invalid length.
[ 1639.759642][T30850] netlink: 'syz.3.8865': attribute type 29 has an invalid length.
[ 1639.784129][T30847] netlink: 'syz.3.8865': attribute type 29 has an invalid length.
[ 1640.057327][T30854] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8866'.
[ 1640.328299][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1640.624176][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1641.777729][T30886] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8880'.
[ 1641.963072][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1642.052808][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1642.937124][T30915] validate_nla: 4 callbacks suppressed
[ 1642.937145][T30915] netlink: 'syz.4.8890': attribute type 29 has an invalid length.
[ 1643.056734][T30915] netlink: 'syz.4.8890': attribute type 29 has an invalid length.
[ 1643.091938][T30912] netlink: 'syz.4.8890': attribute type 29 has an invalid length.
[ 1643.104707][T30920] netlink: 'syz.4.8890': attribute type 29 has an invalid length.
[ 1643.250164][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1643.498339][T12256] Bluetooth: hci2: unexpected event for opcode 0x0000
[ 1644.119029][T30929] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8895'.
[ 1644.176721][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1645.053687][T30950] netlink: 'syz.4.8903': attribute type 29 has an invalid length.
[ 1645.067920][T30950] netlink: 'syz.4.8903': attribute type 29 has an invalid length.
[ 1645.076372][T30947] netlink: 'syz.4.8903': attribute type 29 has an invalid length.
[ 1645.092305][T30950] netlink: 'syz.4.8903': attribute type 29 has an invalid length.
[ 1645.167056][T12256] Bluetooth: hci3: unexpected event for opcode 0x0000
[ 1645.468466][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1645.788804][T30963] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8910'.
[ 1646.319683][T30976] netlink: 'syz.0.8915': attribute type 29 has an invalid length.
[ 1646.375251][T12256] Bluetooth: hci2: unexpected event for opcode 0x0000
[ 1646.845224][T30976] netlink: 'syz.0.8915': attribute type 29 has an invalid length.
[ 1647.278382][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1647.537774][T12256] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1647.547674][T12256] Bluetooth: hci2: Injecting HCI hardware error event
[ 1647.556451][T28073] Bluetooth: hci2: hardware error 0x00
[ 1647.817959][T30999] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8923'.
[ 1648.133196][T31005] validate_nla: 2 callbacks suppressed
[ 1648.133218][T31005] netlink: 'syz.0.8925': attribute type 29 has an invalid length.
[ 1648.147381][T31005] netlink: 'syz.0.8925': attribute type 29 has an invalid length.
[ 1648.156177][T31004] netlink: 'syz.0.8925': attribute type 29 has an invalid length.
[ 1648.210660][T31004] netlink: 'syz.0.8925': attribute type 29 has an invalid length.
[ 1648.242407][T12256] Bluetooth: hci2: unexpected event for opcode 0x0000
[ 1648.974641][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1649.206965][T12256] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 1649.215742][T12256] Bluetooth: hci3: Injecting HCI hardware error event
[ 1649.225268][T12256] Bluetooth: hci3: hardware error 0x00
[ 1649.323652][T31031] netlink: 'syz.1.8936': attribute type 29 has an invalid length.
[ 1649.332607][T31031] netlink: 'syz.1.8936': attribute type 29 has an invalid length.
[ 1649.341348][T31029] netlink: 'syz.1.8936': attribute type 29 has an invalid length.
[ 1649.351796][T31031] netlink: 'syz.1.8936': attribute type 29 has an invalid length.
[ 1649.687473][T28073] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1649.728376][T31037] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8937'.
[ 1650.296649][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1650.780577][T31060] netlink: 'syz.1.8947': attribute type 29 has an invalid length.
[ 1650.796954][T31060] netlink: 'syz.1.8947': attribute type 29 has an invalid length.
[ 1651.297449][T12256] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1651.327718][T31066] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8951'.
[ 1651.776371][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1653.047140][T31101] netlink: 152 bytes leftover after parsing attributes in process `syz.4.8964'.
[ 1653.435179][T31113] validate_nla: 6 callbacks suppressed
[ 1653.435199][T31113] netlink: 'syz.4.8970': attribute type 29 has an invalid length.
[ 1653.449919][T31113] netlink: 'syz.4.8970': attribute type 29 has an invalid length.
[ 1653.458204][T31112] netlink: 'syz.4.8970': attribute type 29 has an invalid length.
[ 1653.513680][T31112] netlink: 'syz.4.8970': attribute type 29 has an invalid length.
[ 1653.748297][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1654.624572][T31136] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8978'.
[ 1657.611233][T31154] netlink: 'syz.0.8981': attribute type 29 has an invalid length.
[ 1657.691660][T31154] netlink: 'syz.0.8981': attribute type 29 has an invalid length.
[ 1657.719544][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1657.731674][T31148] netlink: 'syz.0.8981': attribute type 29 has an invalid length.
[ 1657.764813][T31156] netlink: 'syz.0.8981': attribute type 29 has an invalid length.
[ 1658.746716][T31177] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8990'.
[ 1658.788412][T31181] netlink: 'syz.3.8992': attribute type 29 has an invalid length.
[ 1658.837734][T31181] netlink: 'syz.3.8992': attribute type 29 has an invalid length.
[ 1658.861086][T31180] netlink: 'syz.3.8992': attribute type 29 has an invalid length.
[ 1658.872442][T31183] netlink: 'syz.3.8992': attribute type 29 has an invalid length.
[ 1659.105023][T31191] netlink: 'syz.1.8995': attribute type 29 has an invalid length.
[ 1659.124067][T31191] netlink: 'syz.1.8995': attribute type 29 has an invalid length.
[ 1659.135089][T31188] netlink: 'syz.1.8995': attribute type 29 has an invalid length.
[ 1659.147738][T31191] netlink: 'syz.1.8995': attribute type 29 has an invalid length.
[ 1659.217432][T12256] Bluetooth: hci4: unexpected subevent 0x0a length: 150 > 30
[ 1659.225342][T12256] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[ 1659.235340][T12256] CPU: 0 PID: 12256 Comm: kworker/u5:0 Not tainted syzkaller #0
[ 1659.243130][T12256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1659.253337][T12256] Workqueue: hci4 hci_rx_work
[ 1659.258064][T12256] Call Trace:
[ 1659.261479][T12256]  <TASK>
[ 1659.264442][T12256]  dump_stack_lvl+0x18c/0x250
[ 1659.269266][T12256]  ? show_regs_print_info+0x20/0x20
[ 1659.274579][T12256]  ? load_image+0x420/0x420
[ 1659.279215][T12256]  sysfs_create_dir_ns+0x26e/0x2a0
[ 1659.284399][T12256]  ? sysfs_warn_dup+0xa0/0xa0
[ 1659.289139][T12256]  ? do_raw_spin_unlock+0x121/0x230
[ 1659.294719][T12256]  kobject_add_internal+0x61c/0xcc0
[ 1659.299960][T12256]  kobject_add+0x164/0x240
[ 1659.304671][T12256]  ? __rwlock_init+0x150/0x150
[ 1659.309602][T12256]  ? kobject_init+0x1e0/0x1e0
[ 1659.314908][T12256]  ? _raw_spin_unlock+0x28/0x40
[ 1659.320865][T12256]  ? get_device_parent+0x366/0x390
[ 1659.326215][T12256]  device_add+0x408/0xc20
[ 1659.330793][T12256]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1659.335788][T12256]  le_conn_complete_evt+0xf5d/0x1540
[ 1659.341125][T12256]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[ 1659.347697][T12256]  ? bt_info+0x180/0x180
[ 1659.352091][T12256]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1659.358042][T12256]  ? skb_pull_data+0xfb/0x200
[ 1659.362874][T12256]  hci_le_enh_conn_complete_evt+0x189/0x460
[ 1659.368997][T12256]  ? hci_le_remote_conn_param_req_evt+0xce0/0xce0
[ 1659.375656][T12256]  ? hci_remote_host_features_evt+0x150/0x150
[ 1659.381959][T12256]  hci_event_packet+0x7ba/0x1270
[ 1659.387030][T12256]  ? bis_list+0x290/0x290
[ 1659.391396][T12256]  ? lockdep_hardirqs_on+0x98/0x150
[ 1659.396626][T12256]  ? hci_send_to_monitor+0xd7/0x4f0
[ 1659.401949][T12256]  hci_rx_work+0x43a/0xd60
[ 1659.406495][T12256]  ? process_scheduled_works+0x96f/0x15d0
[ 1659.412274][T12256]  process_scheduled_works+0xa5d/0x15d0
[ 1659.417976][T12256]  ? worker_attach_to_pool+0x380/0x380
[ 1659.423578][T12256]  ? assign_work+0x3d2/0x5d0
[ 1659.428624][T12256]  worker_thread+0xa55/0xfc0
[ 1659.433375][T12256]  kthread+0x2fa/0x390
[ 1659.437642][T12256]  ? pr_cont_work+0x560/0x560
[ 1659.442381][T12256]  ? kthread_blkcg+0xd0/0xd0
[ 1659.446992][T12256]  ret_from_fork+0x48/0x80
[ 1659.451439][T12256]  ? kthread_blkcg+0xd0/0xd0
[ 1659.456069][T12256]  ret_from_fork_asm+0x11/0x20
[ 1659.460883][T12256]  </TASK>
[ 1659.465501][T12256] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1659.479492][T12256] Bluetooth: hci4: failed to register connection device
[ 1660.438580][T31209] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9004'.
[ 1661.142352][T31227] netlink: 'syz.3.9008': attribute type 29 has an invalid length.
[ 1661.150824][T31227] netlink: 'syz.3.9008': attribute type 29 has an invalid length.
[ 1661.526755][T28073] Bluetooth: hci4: command 0x0406 tx timeout
[ 1662.273727][T28073] Bluetooth: hci1: unexpected subevent 0x0a length: 150 > 30
[ 1662.281907][T28073] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[ 1662.293274][T28073] CPU: 0 PID: 28073 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 1662.301085][T28073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1662.311376][T28073] Workqueue: hci1 hci_rx_work
[ 1662.316140][T28073] Call Trace:
[ 1662.319562][T28073]  <TASK>
[ 1662.322704][T28073]  dump_stack_lvl+0x18c/0x250
[ 1662.327629][T28073]  ? show_regs_print_info+0x20/0x20
[ 1662.333030][T28073]  ? load_image+0x420/0x420
[ 1662.337734][T28073]  sysfs_create_dir_ns+0x26e/0x2a0
[ 1662.342931][T28073]  ? sysfs_warn_dup+0xa0/0xa0
[ 1662.347766][T28073]  ? do_raw_spin_unlock+0x121/0x230
[ 1662.353392][T28073]  kobject_add_internal+0x61c/0xcc0
[ 1662.358683][T28073]  kobject_add+0x164/0x240
[ 1662.363172][T28073]  ? __rwlock_init+0x150/0x150
[ 1662.368124][T28073]  ? kobject_init+0x1e0/0x1e0
[ 1662.372886][T28073]  ? _raw_spin_unlock+0x28/0x40
[ 1662.377936][T28073]  ? get_device_parent+0x366/0x390
[ 1662.383128][T28073]  device_add+0x408/0xc20
[ 1662.388079][T28073]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1662.393266][T28073]  le_conn_complete_evt+0xf5d/0x1540
[ 1662.398913][T28073]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[ 1662.405235][T28073]  ? bt_info+0x180/0x180
[ 1662.409556][T28073]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1662.415522][T28073]  ? skb_pull_data+0xfb/0x200
[ 1662.420289][T28073]  hci_le_enh_conn_complete_evt+0x189/0x460
[ 1662.426258][T28073]  ? hci_le_remote_conn_param_req_evt+0xce0/0xce0
[ 1662.432737][T28073]  ? hci_remote_host_features_evt+0x150/0x150
[ 1662.439045][T28073]  hci_event_packet+0x7ba/0x1270
[ 1662.444074][T28073]  ? bis_list+0x290/0x290
[ 1662.448468][T28073]  ? lockdep_hardirqs_on+0x98/0x150
[ 1662.453712][T28073]  ? hci_send_to_monitor+0xd7/0x4f0
[ 1662.459053][T28073]  hci_rx_work+0x43a/0xd60
[ 1662.463698][T28073]  ? process_scheduled_works+0x96f/0x15d0
[ 1662.469621][T28073]  process_scheduled_works+0xa5d/0x15d0
[ 1662.475207][T28073]  ? worker_attach_to_pool+0x380/0x380
[ 1662.480949][T28073]  ? assign_work+0x3d2/0x5d0
[ 1662.485752][T28073]  worker_thread+0xa55/0xfc0
[ 1662.490457][T28073]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1662.496432][T28073]  ? _raw_spin_unlock+0x40/0x40
[ 1662.501357][T28073]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1662.507325][T28073]  kthread+0x2fa/0x390
[ 1662.511428][T28073]  ? pr_cont_work+0x560/0x560
[ 1662.516268][T28073]  ? kthread_blkcg+0xd0/0xd0
[ 1662.520938][T28073]  ret_from_fork+0x48/0x80
[ 1662.525420][T28073]  ? kthread_blkcg+0xd0/0xd0
[ 1662.530059][T28073]  ret_from_fork_asm+0x11/0x20
[ 1662.535008][T28073]  </TASK>
[ 1662.542404][T28073] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1662.556679][T28073] Bluetooth: hci1: failed to register connection device
[ 1662.965434][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1664.067122][T31294] validate_nla: 13 callbacks suppressed
[ 1664.067145][T31294] netlink: 'syz.0.9034': attribute type 29 has an invalid length.
[ 1664.567211][T28073] Bluetooth: hci1: command 0x0406 tx timeout
[ 1665.004321][T31324] netlink: 'syz.3.9045': attribute type 29 has an invalid length.
[ 1665.072374][T31324] netlink: 'syz.3.9045': attribute type 29 has an invalid length.
[ 1665.136439][T31321] netlink: 'syz.3.9045': attribute type 29 has an invalid length.
[ 1665.176392][T31327] netlink: 'syz.3.9045': attribute type 29 has an invalid length.
[ 1668.752314][T31354] netlink: 'syz.4.9056': attribute type 29 has an invalid length.
[ 1668.775142][T31354] netlink: 'syz.4.9056': attribute type 29 has an invalid length.
[ 1668.783924][T31352] netlink: 'syz.4.9056': attribute type 29 has an invalid length.
[ 1668.794030][T31352] netlink: 'syz.4.9056': attribute type 29 has an invalid length.
[ 1669.060471][T31360] netlink: 'syz.4.9065': attribute type 29 has an invalid length.
[ 1669.100728][T31360] netlink: 'syz.4.9065': attribute type 29 has an invalid length.
[ 1669.148153][T31357] netlink: 'syz.4.9065': attribute type 29 has an invalid length.
[ 1669.179909][T31363] netlink: 'syz.4.9065': attribute type 29 has an invalid length.
[ 1669.292105][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.299110][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1672.778381][T31388] netlink: 'syz.3.9069': attribute type 29 has an invalid length.
[ 1672.802353][T31388] netlink: 'syz.3.9069': attribute type 29 has an invalid length.
[ 1672.833043][T31387] netlink: 'syz.3.9069': attribute type 29 has an invalid length.
[ 1672.875023][T31388] netlink: 'syz.3.9069': attribute type 29 has an invalid length.
[ 1673.060242][T31391] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9070'.
[ 1679.084710][T28073] Bluetooth: hci4: unexpected event for opcode 0x0000
[ 1679.140837][T31423] netlink: 'syz.0.9080': attribute type 29 has an invalid length.
[ 1679.172721][T31423] netlink: 'syz.0.9080': attribute type 29 has an invalid length.
[ 1679.185879][T31419] netlink: 'syz.0.9080': attribute type 29 has an invalid length.
[ 1679.194551][T31424] netlink: 'syz.0.9080': attribute type 29 has an invalid length.
[ 1679.469988][T31430] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9083'.
[ 1683.006748][T31457] netlink: 'syz.0.9091': attribute type 29 has an invalid length.
[ 1683.032995][T31457] netlink: 'syz.0.9091': attribute type 29 has an invalid length.
[ 1683.045604][T31455] netlink: 'syz.0.9091': attribute type 29 has an invalid length.
[ 1683.059267][T31457] netlink: 'syz.0.9091': attribute type 29 has an invalid length.
[ 1683.127308][T28073] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[ 1683.136965][T28073] Bluetooth: hci4: Injecting HCI hardware error event
[ 1683.149135][T28073] Bluetooth: hci4: hardware error 0x00
[ 1683.480831][T12256] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1687.926209][T28073] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1689.190287][T31477] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9098'.
[ 1689.455271][T31488] netlink: 'syz.4.9101': attribute type 29 has an invalid length.
[ 1689.476588][T31488] netlink: 'syz.4.9101': attribute type 29 has an invalid length.
[ 1689.531274][T31485] netlink: 'syz.4.9101': attribute type 29 has an invalid length.
[ 1689.542107][T31488] netlink: 'syz.4.9101': attribute type 29 has an invalid length.
[ 1690.452143][T31500] netlink: 'syz.1.9107': attribute type 10 has an invalid length.
[ 1690.478720][T31500] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9107'.
[ 1690.510347][T31500] batman_adv: batadv0: Adding interface: virt_wifi0
[ 1690.539414][T31500] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1690.642245][T31500] batman_adv: batadv0: Interface activated: virt_wifi0
[ 1693.144280][T31517] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9109'.
[ 1696.258104][T31530] netlink: 'syz.1.9113': attribute type 29 has an invalid length.
[ 1696.266519][T31530] netlink: 'syz.1.9113': attribute type 29 has an invalid length.
[ 1696.274659][T31529] netlink: 'syz.1.9113': attribute type 29 has an invalid length.
[ 1696.292075][T31529] netlink: 'syz.1.9113': attribute type 29 has an invalid length.
[ 1697.594009][T31557] netlink: 'syz.1.9123': attribute type 29 has an invalid length.
[ 1697.635442][T31557] netlink: 'syz.1.9123': attribute type 29 has an invalid length.
[ 1697.737832][T31554] netlink: 'syz.1.9123': attribute type 29 has an invalid length.
[ 1697.819150][T31560] netlink: 'syz.1.9123': attribute type 29 has an invalid length.
[ 1697.934730][T31556] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9124'.
[ 1700.808343][T31584] netlink: 'syz.4.9133': attribute type 29 has an invalid length.
[ 1700.823472][T31584] netlink: 'syz.4.9133': attribute type 29 has an invalid length.
[ 1704.770228][T31615] validate_nla: 2 callbacks suppressed
[ 1704.770247][T31615] netlink: 'syz.3.9144': attribute type 29 has an invalid length.
[ 1704.799544][T31615] netlink: 'syz.3.9144': attribute type 29 has an invalid length.
[ 1704.813010][T31611] netlink: 'syz.3.9144': attribute type 29 has an invalid length.
[ 1704.830048][T31615] netlink: 'syz.3.9144': attribute type 29 has an invalid length.
[ 1705.508892][T31640] netlink: 'syz.0.9156': attribute type 29 has an invalid length.
[ 1705.526834][T31640] netlink: 'syz.0.9156': attribute type 29 has an invalid length.
[ 1705.546766][T31636] netlink: 'syz.0.9156': attribute type 29 has an invalid length.
[ 1705.565865][T31636] netlink: 'syz.0.9156': attribute type 29 has an invalid length.
[ 1708.608524][T31652] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9159'.
[ 1709.324523][T31669] netlink: 'syz.0.9165': attribute type 29 has an invalid length.
[ 1709.333377][T31669] netlink: 'syz.0.9165': attribute type 29 has an invalid length.
[ 1710.017593][T31691] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9173'.
[ 1712.697792][T31702] validate_nla: 2 callbacks suppressed
[ 1712.697812][T31702] netlink: 'syz.1.9176': attribute type 29 has an invalid length.
[ 1712.735510][T31702] netlink: 'syz.1.9176': attribute type 29 has an invalid length.
[ 1712.754784][T31700] netlink: 'syz.1.9176': attribute type 29 has an invalid length.
[ 1712.772485][T31702] netlink: 'syz.1.9176': attribute type 29 has an invalid length.
[ 1713.082249][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1713.610029][T31731] netlink: 'syz.0.9187': attribute type 29 has an invalid length.
[ 1713.647517][T31731] netlink: 'syz.0.9187': attribute type 29 has an invalid length.
[ 1713.682312][T31727] netlink: 'syz.0.9187': attribute type 29 has an invalid length.
[ 1713.719198][T31731] netlink: 'syz.0.9187': attribute type 29 has an invalid length.
[ 1713.755132][T31734] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9188'.
[ 1717.180583][T31759] netlink: 'syz.1.9198': attribute type 29 has an invalid length.
[ 1717.197019][T31759] netlink: 'syz.1.9198': attribute type 29 has an invalid length.
[ 1717.776244][T31769] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9200'.
[ 1720.844572][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1722.175268][T31804] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9213'.
[ 1728.442195][T31851] validate_nla: 2 callbacks suppressed
[ 1728.442216][T31851] netlink: 'syz.0.9226': attribute type 10 has an invalid length.
[ 1730.731577][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.746240][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1731.275066][T31851] team0: Port device wlan1 added
[ 1731.286352][T31850] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9228'.
[ 1734.816928][T31885] sit0: entered allmulticast mode
[ 1734.906951][T31887] sit0: entered promiscuous mode
[ 1735.271391][T31898] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9241'.
[ 1743.010920][T31976] FAULT_INJECTION: forcing a failure.
[ 1743.010920][T31976] name failslab, interval 1, probability 0, space 0, times 0
[ 1743.044137][T31976] CPU: 0 PID: 31976 Comm: syz.1.9275 Not tainted syzkaller #0
[ 1743.051826][T31976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1743.061970][T31976] Call Trace:
[ 1743.065330][T31976]  <TASK>
[ 1743.068341][T31976]  dump_stack_lvl+0x18c/0x250
[ 1743.073216][T31976]  ? show_regs_print_info+0x20/0x20
[ 1743.078492][T31976]  ? load_image+0x420/0x420
[ 1743.083036][T31976]  ? __might_sleep+0xe0/0xe0
[ 1743.087780][T31976]  ? __lock_acquire+0x7d40/0x7d40
[ 1743.092969][T31976]  should_fail_ex+0x39d/0x4d0
[ 1743.098031][T31976]  should_failslab+0x9/0x20
[ 1743.102621][T31976]  slab_pre_alloc_hook+0x59/0x310
[ 1743.107727][T31976]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1743.113494][T31976]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1743.119256][T31976]  __kmem_cache_alloc_node+0x53/0x250
[ 1743.124686][T31976]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1743.130446][T31976]  __kmalloc+0xa4/0x230
[ 1743.134657][T31976]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1743.140287][T31976]  tomoyo_path_number_perm+0x248/0x620
[ 1743.145791][T31976]  ? tomoyo_path_number_perm+0x217/0x620
[ 1743.151478][T31976]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1743.157092][T31976]  ? ksys_write+0x1c4/0x260
[ 1743.161737][T31976]  ? __fget_files+0x28/0x4b0
[ 1743.166368][T31976]  ? __fget_files+0x28/0x4b0
[ 1743.171037][T31976]  security_file_ioctl+0x70/0xa0
[ 1743.176032][T31976]  __se_sys_ioctl+0x48/0x170
[ 1743.180675][T31976]  do_syscall_64+0x55/0xa0
[ 1743.185136][T31976]  ? clear_bhb_loop+0x40/0x90
[ 1743.189855][T31976]  ? clear_bhb_loop+0x40/0x90
[ 1743.194578][T31976]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1743.200539][T31976] RIP: 0033:0x7fea4059cdd9
[ 1743.205008][T31976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1743.224946][T31976] RSP: 002b:00007fea413af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1743.233763][T31976] RAX: ffffffffffffffda RBX: 00007fea40815fa0 RCX: 00007fea4059cdd9
[ 1743.241779][T31976] RDX: 0000200000000040 RSI: 00000000000089e0 RDI: 0000000000000005
[ 1743.249793][T31976] RBP: 00007fea413af090 R08: 0000000000000000 R09: 0000000000000000
[ 1743.257850][T31976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1743.265902][T31976] R13: 00007fea40816038 R14: 00007fea40815fa0 R15: 00007ffe8c389b08
[ 1743.274085][T31976]  </TASK>
[ 1743.370551][T31976] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1743.859761][T31992] netlink: 'syz.3.9282': attribute type 13 has an invalid length.
[ 1743.886144][T31992] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9282'.
[ 1743.924369][T31992] syz_tun: refused to change device tx_queue_len
[ 1743.982308][T31992] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 1747.269109][T32004] netlink: 'syz.3.9285': attribute type 3 has an invalid length.
[ 1747.306328][T32004] netlink: 65180 bytes leftover after parsing attributes in process `syz.3.9285'.
[ 1747.522142][T32013] FAULT_INJECTION: forcing a failure.
[ 1747.522142][T32013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1747.557270][T32013] CPU: 0 PID: 32013 Comm: syz.1.9289 Not tainted syzkaller #0
[ 1747.564927][T32013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1747.575035][T32013] Call Trace:
[ 1747.578338][T32013]  <TASK>
[ 1747.581286][T32013]  dump_stack_lvl+0x18c/0x250
[ 1747.585996][T32013]  ? show_regs_print_info+0x20/0x20
[ 1747.591389][T32013]  ? load_image+0x420/0x420
[ 1747.596003][T32013]  ? __might_fault+0xaa/0x120
[ 1747.600722][T32013]  ? __lock_acquire+0x7d40/0x7d40
[ 1747.605778][T32013]  should_fail_ex+0x39d/0x4d0
[ 1747.610482][T32013]  _copy_from_user+0x2f/0xe0
[ 1747.615096][T32013]  ___sys_sendmsg+0x1c7/0x360
[ 1747.619973][T32013]  ? get_pid_task+0x20/0x1e0
[ 1747.624589][T32013]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1747.629473][T32013]  ? __lock_acquire+0x7d40/0x7d40
[ 1747.634620][T32013]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1747.639491][T32013]  ? __x64_sys_sendmsg+0x80/0x80
[ 1747.644457][T32013]  ? lockdep_hardirqs_on+0x98/0x150
[ 1747.649773][T32013]  do_syscall_64+0x55/0xa0
[ 1747.654226][T32013]  ? clear_bhb_loop+0x40/0x90
[ 1747.659018][T32013]  ? clear_bhb_loop+0x40/0x90
[ 1747.663813][T32013]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1747.669725][T32013] RIP: 0033:0x7fea4059cdd9
[ 1747.674163][T32013] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1747.694133][T32013] RSP: 002b:00007fea413af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1747.702571][T32013] RAX: ffffffffffffffda RBX: 00007fea40815fa0 RCX: 00007fea4059cdd9
[ 1747.710611][T32013] RDX: 000000000000ff00 RSI: 0000200000001180 RDI: 0000000000000003
[ 1747.718616][T32013] RBP: 00007fea413af090 R08: 0000000000000000 R09: 0000000000000000
[ 1747.726865][T32013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1747.734940][T32013] R13: 00007fea40816038 R14: 00007fea40815fa0 R15: 00007ffe8c389b08
[ 1747.743030][T32013]  </TASK>
[ 1751.482743][T32045] netlink: 'syz.1.9302': attribute type 21 has an invalid length.
[ 1751.875133][T32045] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.9302'.
[ 1752.393697][T32059] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9304'.
[ 1755.888048][T32090] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9316'.
[ 1761.502206][T32130] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9327'.
[ 1764.504437][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1766.872337][T32160] netlink: 'syz.4.9336': attribute type 21 has an invalid length.
[ 1766.908949][T32160] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.9336'.
[ 1767.179660][T32167] netlink: 128 bytes leftover after parsing attributes in process `syz.0.9346'.
[ 1777.012262][T32225] netlink: 'syz.1.9357': attribute type 10 has an invalid length.
[ 1777.059466][T32225] netlink: 55 bytes leftover after parsing attributes in process `syz.1.9357'.
[ 1777.403076][T32227] netlink: 'syz.0.9358': attribute type 9 has an invalid length.
[ 1777.466179][T32227] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9358'.
[ 1781.194679][T32250] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9362'.
[ 1788.698963][T32294] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9376'.
[ 1792.296772][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1792.303237][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1794.947410][T32328] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9389'.
[ 1801.908045][T32364] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9404'.
[ 1810.114776][T32417] netlink: 'syz.4.9429': attribute type 9 has an invalid length.
[ 1810.154514][T32417] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9429'.
[ 1810.563332][T12256] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1810.576715][T12256] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1810.585453][T12256] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1810.603647][T12256] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1810.612515][T12256] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1810.622256][T12256] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1812.650067][T28073] Bluetooth: hci0: command tx timeout
[ 1814.726502][T28073] Bluetooth: hci0: command tx timeout
[ 1816.199179][   T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1816.328313][   T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1816.503788][   T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1816.587217][T32443] netlink: 'syz.3.9427': attribute type 9 has an invalid length.
[ 1816.627071][T32443] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9427'.
[ 1816.708688][T32419] chnl_net:caif_netlink_parms(): no params data found
[ 1816.810326][T28073] Bluetooth: hci0: command tx timeout
[ 1816.945818][   T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1817.084353][T32452] netlink: 'syz.4.9430': attribute type 9 has an invalid length.
[ 1817.094004][T32452] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9430'.
[ 1817.158077][T32419] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1817.189372][T32419] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1817.197063][T32419] bridge_slave_0: entered allmulticast mode
[ 1817.204596][T32419] bridge_slave_0: entered promiscuous mode
[ 1817.222073][T32419] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1817.231056][T32419] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1817.243502][T32419] bridge_slave_1: entered allmulticast mode
[ 1817.254501][T32419] bridge_slave_1: entered promiscuous mode
[ 1817.292549][T32419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1817.305471][T32419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1817.851817][T32457] netlink: 'syz.0.9432': attribute type 9 has an invalid length.
[ 1817.860026][T32419] team0: Port device team_slave_0 added
[ 1817.881445][T32419] team0: Port device team_slave_1 added
[ 1817.896349][T32457] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9432'.
[ 1818.300637][T32419] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1818.340923][T32419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1818.471580][T32419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1818.497492][T32419] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1818.504738][T32419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1818.541704][T32419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1818.886029][T28073] Bluetooth: hci0: command tx timeout
[ 1821.181770][T32419] hsr_slave_0: entered promiscuous mode
[ 1821.201271][T32419] hsr_slave_1: entered promiscuous mode
[ 1821.213500][T32419] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1821.224035][T32419] Cannot create hsr debugfs directory
[ 1823.344108][T32511] netlink: 'syz.0.9443': attribute type 9 has an invalid length.
[ 1823.353070][T32511] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9443'.
[ 1826.202089][T32513] netlink: 'syz.3.9445': attribute type 9 has an invalid length.
[ 1826.230974][T32513] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9445'.
[ 1826.984392][   T49] hsr_slave_0: left promiscuous mode
[ 1827.021524][   T49] hsr_slave_1: left promiscuous mode
[ 1827.048135][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1827.055639][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1827.081108][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1827.088950][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1827.097276][   T49] batman_adv: batadv0: Interface deactivated: virt_wifi0
[ 1827.104484][   T49] batman_adv: batadv0: Removing interface: virt_wifi0
[ 1827.113339][   T49] bridge_slave_1: left allmulticast mode
[ 1827.119415][   T49] bridge_slave_1: left promiscuous mode
[ 1827.125248][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1827.135298][   T49] bridge_slave_0: left allmulticast mode
[ 1827.141565][   T49] bridge_slave_0: left promiscuous mode
[ 1827.148434][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1827.173520][   T49] veth1_macvtap: left promiscuous mode
[ 1827.181075][   T49] veth0_macvtap: left promiscuous mode
[ 1827.755132][T32546] netlink: 'syz.4.9454': attribute type 9 has an invalid length.
[ 1827.767984][T32546] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9454'.
[ 1830.825393][   T49] team0 (unregistering): Port device team_slave_1 removed
[ 1830.882375][   T49] team0 (unregistering): Port device C removed
[ 1831.354714][   T49] team0 (unregistering): Port device bridge0 removed
[ 1831.597962][T32551] netlink: 'syz.3.9456': attribute type 9 has an invalid length.
[ 1831.605791][T32551] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9456'.
[ 1831.709104][T32419] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1831.759656][T32419] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1831.811119][T32419] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1831.828623][T32419] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1832.327721][T32419] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1832.430087][T32419] 8021q: adding VLAN 0 to HW filter on device team0
[ 1832.508394][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1832.515598][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1832.557965][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1832.565250][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1832.768759][T32575] netlink: 'syz.4.9461': attribute type 9 has an invalid length.
[ 1832.794328][T32575] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9461'.
[ 1833.661759][T32419] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1833.726622][T32419] veth0_vlan: entered promiscuous mode
[ 1833.755743][T32419] veth1_vlan: entered promiscuous mode
[ 1833.817366][T32419] veth0_macvtap: entered promiscuous mode
[ 1833.838142][T32419] veth1_macvtap: entered promiscuous mode
[ 1833.894585][T32419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1833.907691][T32419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1833.923056][T32419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1833.934588][T32419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1833.951284][T32419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1833.962425][T32419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1833.979337][T32419] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1834.025717][T32419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1834.043692][T32419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1834.064049][T32419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1834.086572][T32419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1834.116168][T32419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1834.144214][T32419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1834.177876][T32419] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1834.199830][T32419] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1834.225971][T32419] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1834.234852][T32419] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1834.276061][T32419] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1835.703583][T19322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1835.736462][T19322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1835.822758][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1835.845285][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1835.883883][T32603] netlink: 'syz.4.9464': attribute type 9 has an invalid length.
[ 1835.894952][T32603] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9464'.
[ 1836.360037][T32611] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1836.411449][T32611] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1836.441164][T32611] bond0 (unregistering): Released all slaves
[ 1836.632885][T32608] netlink: 'syz.0.9465': attribute type 9 has an invalid length.
[ 1836.656645][T32608] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9465'.
[ 1837.089386][T32621] netlink: 'syz.1.9470': attribute type 9 has an invalid length.
[ 1837.111567][T32621] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9470'.
[ 1840.620713][T32653] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9479'.
[ 1840.693342][T32649] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9476'.
[ 1840.971279][T28073] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1842.015169][T32669] netlink: 'syz.4.9485': attribute type 9 has an invalid length.
[ 1842.024107][T32669] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9485'.
[ 1842.503381][T32680] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9489'.
[ 1845.830632][T28073] Bluetooth: Frame is too long (len 149, expected len 4)
[ 1845.927872][T32706] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9498'.
[ 1846.394217][T32716] C: renamed from team_slave_0 (while UP)
[ 1846.561939][T32716] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9501'.
[ 1850.726035][T32748] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9513'.
[ 1853.618226][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.633851][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1854.656607][T28073] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1854.739151][  T311] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9525'.
[ 1855.739031][  T349] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9540'.
[ 1862.887140][  T399] netlink: 'syz.3.9561': attribute type 9 has an invalid length.
[ 1862.918517][  T399] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9561'.
[ 1866.792343][  T424] netlink: 'syz.3.9570': attribute type 9 has an invalid length.
[ 1866.819867][  T424] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9570'.
[ 1871.241049][  T458] netlink: 'syz.4.9585': attribute type 9 has an invalid length.
[ 1871.254411][  T458] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9585'.
[ 1878.634148][  T510] netlink: 'syz.0.9605': attribute type 9 has an invalid length.
[ 1878.655166][  T510] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9605'.
[ 1879.599232][  T524] netlink: 'syz.3.9611': attribute type 9 has an invalid length.
[ 1879.627840][  T524] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9611'.
[ 1884.175525][  T566] netlink: 'syz.1.9625': attribute type 9 has an invalid length.
[ 1884.186753][  T566] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9625'.
[ 1885.192892][  T586] netlink: 'syz.1.9633': attribute type 9 has an invalid length.
[ 1885.227363][  T586] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9633'.
[ 1885.748380][  T592] netlink: 'syz.4.9636': attribute type 9 has an invalid length.
[ 1885.786241][  T592] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9636'.
[ 1886.385399][  T608] netlink: 'syz.4.9641': attribute type 9 has an invalid length.
[ 1886.404766][  T608] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9641'.
[ 1887.452983][  T630] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9649'.
[ 1888.457546][  T634] netlink: 'syz.3.9650': attribute type 9 has an invalid length.
[ 1888.476082][  T634] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9650'.
[ 1890.844330][  T653] netlink: 'syz.4.9657': attribute type 9 has an invalid length.
[ 1890.865841][  T653] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9657'.
[ 1894.385249][  T670] netlink: 'syz.1.9663': attribute type 9 has an invalid length.
[ 1894.412078][  T670] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9663'.
[ 1895.452628][  T688] netlink: 'syz.0.9669': attribute type 9 has an invalid length.
[ 1895.468931][  T688] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9669'.
[ 1899.281568][  T719] netlink: 'syz.4.9683': attribute type 9 has an invalid length.
[ 1899.290387][  T719] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9683'.
[ 1900.043882][  T734] netlink: 668 bytes leftover after parsing attributes in process `syz.3.9687'.
[ 1900.061614][  T734] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[ 1900.083461][  T734] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1900.726903][  T751] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9693'.
[ 1901.892076][  T769] netlink: 'syz.4.9700': attribute type 9 has an invalid length.
[ 1901.935669][  T769] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9700'.
[ 1902.338214][T28073] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1902.669214][  T778] netlink: 'syz.3.9703': attribute type 9 has an invalid length.
[ 1902.702211][  T778] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9703'.
[ 1902.803546][  T783] netlink: 'syz.0.9704': attribute type 3 has an invalid length.
[ 1902.828712][  T783] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.9704'.
[ 1903.087320][  T788] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.9704'.
[ 1903.682772][  T781] netlink: 'syz.0.9704': attribute type 9 has an invalid length.
[ 1903.709115][  T781] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9704'.
[ 1903.911935][  T796] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9706'.
[ 1904.795333][T12256] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1904.819721][T12256] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1904.836404][T12256] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1904.875542][T12256] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1904.891048][T12256] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1904.904543][T12256] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1904.989326][  T811] netlink: 'syz.0.9714': attribute type 9 has an invalid length.
[ 1905.049616][T12256] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1905.059292][  T811] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9714'.
[ 1905.442849][  T823] FAULT_INJECTION: forcing a failure.
[ 1905.442849][  T823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1905.460877][  T823] CPU: 1 PID: 823 Comm: syz.1.9717 Not tainted syzkaller #0
[ 1905.468242][  T823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1905.478444][  T823] Call Trace:
[ 1905.481774][  T823]  <TASK>
[ 1905.484741][  T823]  dump_stack_lvl+0x18c/0x250
[ 1905.489509][  T823]  ? show_regs_print_info+0x20/0x20
[ 1905.494852][  T823]  ? load_image+0x420/0x420
[ 1905.499430][  T823]  ? __lock_acquire+0x7d40/0x7d40
[ 1905.504511][  T823]  ? snprintf+0xe9/0x140
[ 1905.508805][  T823]  should_fail_ex+0x39d/0x4d0
[ 1905.513884][  T823]  _copy_to_user+0x2f/0xa0
[ 1905.518384][  T823]  simple_read_from_buffer+0xe7/0x150
[ 1905.523818][  T823]  proc_fail_nth_read+0x1e8/0x260
[ 1905.528892][  T823]  ? proc_fault_inject_write+0x360/0x360
[ 1905.534580][  T823]  ? fsnotify_perm+0x271/0x5e0
[ 1905.539416][  T823]  ? proc_fault_inject_write+0x360/0x360
[ 1905.545194][  T823]  vfs_read+0x28b/0x970
[ 1905.549419][  T823]  ? kernel_read+0x1e0/0x1e0
[ 1905.554051][  T823]  ? __fget_files+0x28/0x4b0
[ 1905.558943][  T823]  ? __fget_files+0x28/0x4b0
[ 1905.563575][  T823]  ? __fget_files+0x43d/0x4b0
[ 1905.568310][  T823]  ? __fdget_pos+0x2a3/0x330
[ 1905.572945][  T823]  ? ksys_read+0x75/0x260
[ 1905.577324][  T823]  ksys_read+0x150/0x260
[ 1905.581625][  T823]  ? vfs_write+0x990/0x990
[ 1905.586090][  T823]  ? lockdep_hardirqs_on+0x98/0x150
[ 1905.591465][  T823]  do_syscall_64+0x55/0xa0
[ 1905.595913][  T823]  ? clear_bhb_loop+0x40/0x90
[ 1905.600730][  T823]  ? clear_bhb_loop+0x40/0x90
[ 1905.605539][  T823]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1905.611574][  T823] RIP: 0033:0x7f1940f5d60e
[ 1905.616028][  T823] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1905.635677][  T823] RSP: 002b:00007f1941e3cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1905.644139][  T823] RAX: ffffffffffffffda RBX: 00007f1941e3d6c0 RCX: 00007f1940f5d60e
[ 1905.652149][  T823] RDX: 000000000000000f RSI: 00007f1941e3d0a0 RDI: 0000000000000005
[ 1905.660157][  T823] RBP: 00007f1941e3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1905.668411][  T823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1905.676464][  T823] R13: 00007f1941216038 R14: 00007f1941215fa0 R15: 00007ffd7a853078
[ 1905.684496][  T823]  </TASK>
[ 1906.089225][  T834] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9718'.
[ 1906.158509][  T810] chnl_net:caif_netlink_parms(): no params data found
[ 1906.730428][  T810] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1906.744395][  T810] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1906.752748][  T810] bridge_slave_0: entered allmulticast mode
[ 1906.792874][  T810] bridge_slave_0: entered promiscuous mode
[ 1906.827784][  T810] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1906.835411][  T810] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1906.866356][  T810] bridge_slave_1: entered allmulticast mode
[ 1906.875025][  T810] bridge_slave_1: entered promiscuous mode
[ 1906.958909][  T810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1906.968404][T12256] Bluetooth: hci2: command tx timeout
[ 1906.988505][  T810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1907.071453][  T810] team0: Port device team_slave_0 added
[ 1907.095560][  T810] team0: Port device team_slave_1 added
[ 1907.163752][  T810] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1907.171216][  T810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1907.228673][  T810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1907.311638][  T810] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1907.336482][  T810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1907.364337][  T810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1907.395719][  T852] FAULT_INJECTION: forcing a failure.
[ 1907.395719][  T852] name failslab, interval 1, probability 0, space 0, times 0
[ 1907.426123][  T852] CPU: 1 PID: 852 Comm: syz.4.9726 Not tainted syzkaller #0
[ 1907.433626][  T852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1907.443832][  T852] Call Trace:
[ 1907.447161][  T852]  <TASK>
[ 1907.450136][  T852]  dump_stack_lvl+0x18c/0x250
[ 1907.455147][  T852]  ? show_regs_print_info+0x20/0x20
[ 1907.460439][  T852]  ? load_image+0x420/0x420
[ 1907.465106][  T852]  ? __might_sleep+0xe0/0xe0
[ 1907.469850][  T852]  ? __lock_acquire+0x7d40/0x7d40
[ 1907.474945][  T852]  should_fail_ex+0x39d/0x4d0
[ 1907.479700][  T852]  should_failslab+0x9/0x20
[ 1907.484265][  T852]  slab_pre_alloc_hook+0x59/0x310
[ 1907.489425][  T852]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1907.495289][  T852]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1907.501052][  T852]  __kmem_cache_alloc_node+0x53/0x250
[ 1907.506460][  T852]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1907.512310][  T852]  __kmalloc+0xa4/0x230
[ 1907.516502][  T852]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1907.522081][  T852]  tomoyo_path_number_perm+0x248/0x620
[ 1907.527598][  T852]  ? tomoyo_path_number_perm+0x217/0x620
[ 1907.533466][  T852]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1907.538961][  T852]  ? ksys_write+0x1c4/0x260
[ 1907.543520][  T852]  ? __fget_files+0x28/0x4b0
[ 1907.548132][  T852]  ? __fget_files+0x28/0x4b0
[ 1907.552762][  T852]  security_file_ioctl+0x70/0xa0
[ 1907.557728][  T852]  __se_sys_ioctl+0x48/0x170
[ 1907.562353][  T852]  do_syscall_64+0x55/0xa0
[ 1907.566790][  T852]  ? clear_bhb_loop+0x40/0x90
[ 1907.571495][  T852]  ? clear_bhb_loop+0x40/0x90
[ 1907.576195][  T852]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1907.582110][  T852] RIP: 0033:0x7ffbd759cdd9
[ 1907.586548][  T852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1907.606267][  T852] RSP: 002b:00007ffbd8471028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1907.614807][  T852] RAX: ffffffffffffffda RBX: 00007ffbd7816090 RCX: 00007ffbd759cdd9
[ 1907.622889][  T852] RDX: 0000200000000080 RSI: 0000000000008914 RDI: 000000000000000a
[ 1907.630876][  T852] RBP: 00007ffbd8471090 R08: 0000000000000000 R09: 0000000000000000
[ 1907.638948][  T852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1907.646941][  T852] R13: 00007ffbd7816128 R14: 00007ffbd7816090 R15: 00007ffd8f5a8c18
[ 1907.654946][  T852]  </TASK>
[ 1907.686365][  T852] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1907.714356][  T852] mac80211_hwsim hwsim39 wlan1: entered allmulticast mode
[ 1907.824900][  T810] hsr_slave_0: entered promiscuous mode
[ 1907.834048][  T810] hsr_slave_1: entered promiscuous mode
[ 1907.856886][  T810] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1907.864537][  T810] Cannot create hsr debugfs directory
[ 1908.237571][  T864] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9730'.
[ 1908.467704][  T810] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1908.607610][  T810] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1908.820067][  T875] netlink: 'syz.0.9734': attribute type 9 has an invalid length.
[ 1908.829591][  T875] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9734'.
[ 1908.845423][  T810] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1908.942746][T12256] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1909.029126][  T810] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1909.047033][T12256] Bluetooth: hci2: command tx timeout
[ 1909.836113][  T810] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1909.851214][  T810] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1909.867660][  T810] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1909.888082][  T810] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1910.104425][  T810] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1910.187357][  T810] 8021q: adding VLAN 0 to HW filter on device team0
[ 1910.282755][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1910.290442][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1910.373519][T19322] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1910.380947][T19322] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1910.586827][  T899] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9741'.
[ 1911.129765][T12256] Bluetooth: hci2: command tx timeout
[ 1911.532673][T12256] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1911.738407][  T810] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1911.954977][  T810] veth0_vlan: entered promiscuous mode
[ 1911.994225][  T810] veth1_vlan: entered promiscuous mode
[ 1912.055379][  T810] veth0_macvtap: entered promiscuous mode
[ 1912.118921][  T810] veth1_macvtap: entered promiscuous mode
[ 1912.178799][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1912.199855][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.212145][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1912.226002][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.242190][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1912.253465][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.296731][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1912.341744][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.361901][  T810] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1912.394845][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1912.408674][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.420167][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1912.434107][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.444100][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1912.458696][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.469004][  T810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1912.481170][  T810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1912.494115][  T810] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1912.562593][  T810] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1912.572217][  T810] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1912.582989][  T810] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1912.592973][  T810] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1912.809937][  T745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1912.870199][  T745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1913.190749][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1913.197786][  T960] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9752'.
[ 1913.206195][T12256] Bluetooth: hci2: command tx timeout
[ 1913.213403][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1913.596657][  T965] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1913.659289][  T965] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1913.690813][  T965] bond0 (unregistering): Released all slaves
[ 1914.243020][T28073] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1914.262376][T28073] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1914.288627][T28073] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1914.304025][T28073] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1914.317055][T28073] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1914.325206][T28073] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1914.693389][  T980] chnl_net:caif_netlink_parms(): no params data found
[ 1914.899772][  T980] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1914.917154][  T980] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1914.924537][  T980] bridge_slave_0: entered allmulticast mode
[ 1914.942887][  T980] bridge_slave_0: entered promiscuous mode
[ 1914.953193][  T980] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1914.961255][  T980] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1914.970979][  T980] bridge_slave_1: entered allmulticast mode
[ 1914.978949][  T980] bridge_slave_1: entered promiscuous mode
[ 1914.986807][ T1000] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9765'.
[ 1915.195109][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1915.202666][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.247970][  T980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1915.272320][  T980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1915.331330][  T980] team0: Port device team_slave_0 added
[ 1915.381632][  T980] team0: Port device team_slave_1 added
[ 1915.457886][  T980] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1915.483930][  T980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1915.510833][  T980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1915.546708][  T980] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1915.559694][  T980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1915.586632][  T980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1915.705105][  T980] hsr_slave_0: entered promiscuous mode
[ 1915.722353][  T980] hsr_slave_1: entered promiscuous mode
[ 1915.732384][  T980] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1915.740267][  T980] Cannot create hsr debugfs directory
[ 1915.994370][ T1012] netlink: 'syz.4.9769': attribute type 9 has an invalid length.
[ 1916.026555][ T1012] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9769'.
[ 1916.201259][  T980] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1916.451818][T12256] Bluetooth: hci3: command tx timeout
[ 1916.592121][  T980] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1916.764548][  T980] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1916.900842][  T980] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1917.100231][ T1035] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9774'.
[ 1917.411979][  T980] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1917.464940][  T980] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1917.488062][  T980] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1917.512426][  T980] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1917.724890][  T980] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1917.780241][  T980] 8021q: adding VLAN 0 to HW filter on device team0
[ 1917.810232][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1917.817530][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1917.837466][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1917.844685][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1918.504294][T12256] Bluetooth: hci3: command tx timeout
[ 1918.810029][  T980] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1918.895553][  T980] veth0_vlan: entered promiscuous mode
[ 1919.005588][  T980] veth1_vlan: entered promiscuous mode
[ 1919.102930][  T980] veth0_macvtap: entered promiscuous mode
[ 1919.125504][  T980] veth1_macvtap: entered promiscuous mode
[ 1919.191482][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1919.245036][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.276147][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1919.287163][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.297129][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1919.314094][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.324960][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1919.338883][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.354701][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1919.368622][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.390560][  T980] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1919.400915][ T1073] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9785'.
[ 1919.503269][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1919.518004][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.529468][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1919.540788][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.552044][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1919.563236][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.574112][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1919.585568][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.596616][  T980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1919.608699][  T980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1919.622182][  T980] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1919.640436][  T980] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1919.659028][  T980] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1919.668651][  T980] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1919.679413][  T980] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1920.582579][T12256] Bluetooth: hci3: command tx timeout
[ 1922.550002][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1922.566445][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1922.629579][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1922.648339][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1922.660127][T12256] Bluetooth: hci3: command tx timeout
[ 1922.920437][ T1092] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9796'.
[ 1923.028638][ T1097] netlink: 'syz.4.9790': attribute type 2 has an invalid length.
[ 1923.076165][ T1097] netlink: 51 bytes leftover after parsing attributes in process `syz.4.9790'.
[ 1923.250485][T12256] Bluetooth: hci3: ACL packet for unknown connection handle 0
[ 1924.024591][ T1113] netlink: 'syz.3.9798': attribute type 9 has an invalid length.
[ 1924.055677][ T1113] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9798'.
[ 1924.190902][ T1114] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1924.256435][ T1114] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1924.295169][ T1114] bond0 (unregistering): Released all slaves
[ 1924.584976][T28073] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1924.606790][T28073] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1924.615303][T28073] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1924.628519][T28073] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1924.637771][T28073] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1924.653820][T28073] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1925.091128][ T1119] chnl_net:caif_netlink_parms(): no params data found
[ 1925.325299][ T1130] C: renamed from team_slave_0 (while UP)
[ 1925.338720][ T1130] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9802'.
[ 1925.503198][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1925.510934][ T1119] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1925.518702][ T1119] bridge_slave_0: entered allmulticast mode
[ 1925.528867][ T1119] bridge_slave_0: entered promiscuous mode
[ 1925.540594][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1925.578109][ T1119] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1925.596206][ T1119] bridge_slave_1: entered allmulticast mode
[ 1925.603916][ T1119] bridge_slave_1: entered promiscuous mode
[ 1925.634116][T12256] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1925.701633][ T1119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1925.714838][ T1119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1925.787980][ T1119] team0: Port device team_slave_0 added
[ 1925.800952][ T1119] team0: Port device team_slave_1 added
[ 1925.845602][ T1119] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1925.863426][ T1119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1925.899499][ T1119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1925.913361][ T1119] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1925.921465][ T1119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1925.966344][ T1119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1926.094829][ T1119] hsr_slave_0: entered promiscuous mode
[ 1926.103210][ T1119] hsr_slave_1: entered promiscuous mode
[ 1926.111155][ T1119] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1926.123577][ T1119] Cannot create hsr debugfs directory
[ 1926.357599][ T1151] netlink: 'syz.3.9809': attribute type 9 has an invalid length.
[ 1926.386186][ T1151] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9809'.
[ 1926.808036][T12256] Bluetooth: hci1: command tx timeout
[ 1928.886641][T12256] Bluetooth: hci1: command tx timeout
[ 1929.361193][ T1119] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1929.572536][ T1119] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1929.698357][ T1119] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1929.720424][T12256] Bluetooth: hci2: ACL packet for unknown connection handle 0
[ 1929.879205][ T1119] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1930.244421][ T1119] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1930.254859][ T1119] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1930.264832][ T1119] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1930.282846][ T1119] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1930.508106][ T1119] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1930.570401][ T1119] 8021q: adding VLAN 0 to HW filter on device team0
[ 1930.599234][ T1179] netlink: 'syz.1.9820': attribute type 9 has an invalid length.
[ 1930.630750][T30418] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1930.630861][T30418] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1930.661134][T30418] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1930.674659][T30418] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1930.706621][ T1179] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9820'.
[ 1930.966590][T12256] Bluetooth: hci1: command tx timeout
[ 1931.789243][ T1119] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1932.024453][T12256] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1932.811896][ T1119] veth0_vlan: entered promiscuous mode
[ 1932.884400][ T1119] veth1_vlan: entered promiscuous mode
[ 1933.056327][T12256] Bluetooth: hci1: command tx timeout
[ 1933.080002][ T1119] veth0_macvtap: entered promiscuous mode
[ 1933.121376][ T1119] veth1_macvtap: entered promiscuous mode
[ 1933.242777][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1933.266937][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.277653][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1933.289234][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.299876][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1933.312141][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.323046][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1933.335937][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.346307][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1933.357046][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.367706][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1933.378707][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.397887][ T1119] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1933.421674][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1933.446160][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.464471][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1933.475878][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.485748][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1933.496752][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.506887][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1933.517627][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.528869][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1933.540658][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.551077][ T1119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1933.561702][ T1119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1933.578202][ T1119] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1933.594480][ T1119] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1933.603866][ T1119] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1933.616464][ T1119] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1933.625271][ T1119] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1933.790557][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1933.820134][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1933.893341][  T745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1933.904440][  T745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1934.142217][T12256] Bluetooth: hci2: ACL packet for unknown connection handle 0
[ 1935.741688][ T1253] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1935.771639][ T1253] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1935.797532][ T1253] bond0 (unregistering): Released all slaves
[ 1936.519626][ T1271] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9850'.
[ 1936.861477][T28073] Bluetooth: hci3: ACL packet for unknown connection handle 0
[ 1937.622281][T28073] Bluetooth: hci0: command 0x0406 tx timeout
[ 1938.818508][ T1309] C: renamed from team_slave_0 (while UP)
[ 1938.849476][ T1309] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9862'.
[ 1939.120524][ T1315] netlink: 'syz.3.9863': attribute type 9 has an invalid length.
[ 1939.137646][ T1315] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9863'.
[ 1939.634882][ T1314] netlink: 'syz.1.9864': attribute type 9 has an invalid length.
[ 1939.646211][ T1314] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9864'.
[ 1941.848325][ T1351] netlink: 'syz.4.9876': attribute type 9 has an invalid length.
[ 1941.859847][ T1350] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9874'.
[ 1941.862071][ T1351] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.9876'.
[ 1942.054560][ T1349] netlink: 'syz.3.9877': attribute type 9 has an invalid length.
[ 1942.086290][ T1349] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9877'.
[ 1943.897323][ T1383] netlink: 'syz.3.9889': attribute type 9 has an invalid length.
[ 1943.905245][ T1383] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9889'.
[ 1944.972776][ T1398] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9895'.
[ 1945.168408][ T1404] netlink: 'syz.0.9897': attribute type 9 has an invalid length.
[ 1945.199000][ T1404] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9897'.
[ 1946.467791][ T1431] netlink: 'syz.0.9907': attribute type 9 has an invalid length.
[ 1946.498582][ T1431] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9907'.
[ 1947.527627][ T1442] netlink: 'syz.1.9909': attribute type 39 has an invalid length.
[ 1947.606567][ T1442] hsr_slave_1 (unregistering): left promiscuous mode
[ 1948.385109][T12256] Bluetooth: hci0: ACL packet for unknown connection handle 0
[ 1948.787498][ T1462] netlink: 'syz.3.9918': attribute type 9 has an invalid length.
[ 1948.806867][ T1462] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9918'.
[ 1951.012390][T12256] Bluetooth: hci3: ACL packet for unknown connection handle 0
[ 1953.681169][ T1507] netlink: 'syz.1.9932': attribute type 9 has an invalid length.
[ 1953.704630][ T1507] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.9932'.
[ 1954.741494][ T1526] netlink: 'syz.1.9938': attribute type 39 has an invalid length.
[ 1955.160520][T12256] Bluetooth: hci1: ACL packet for unknown connection handle 0
[ 1955.172821][ T1536] C: renamed from team_slave_0 (while UP)
[ 1955.921902][ T1536] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9947'.
[ 1958.642226][ T1558] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.9946'.
[ 1958.670543][ T1558] bridge_slave_1: default FDB implementation only supports local addresses
[ 1958.717060][ T1561] netlink: 'syz.3.9948': attribute type 9 has an invalid length.
[ 1958.725388][ T1561] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9948'.
[ 1959.792258][ T1558] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.9946'.
[ 1960.310933][ T1588] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.9958'.
[ 1960.559012][T12256] Bluetooth: hci2: ACL packet for unknown connection handle 0
[ 1960.803832][ T1600] netlink: 'syz.0.9963': attribute type 9 has an invalid length.
[ 1960.873249][ T1600] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9963'.
[ 1961.585950][ T1610] FAULT_INJECTION: forcing a failure.
[ 1961.585950][ T1610] name failslab, interval 1, probability 0, space 0, times 0
[ 1961.610507][ T1610] CPU: 1 PID: 1610 Comm: syz.4.9967 Not tainted syzkaller #0
[ 1961.618083][ T1610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1961.628210][ T1610] Call Trace:
[ 1961.631614][ T1610]  <TASK>
[ 1961.634670][ T1610]  dump_stack_lvl+0x18c/0x250
[ 1961.639406][ T1610]  ? show_regs_print_info+0x20/0x20
[ 1961.644656][ T1610]  ? load_image+0x420/0x420
[ 1961.649211][ T1610]  ? __might_sleep+0xe0/0xe0
[ 1961.653846][ T1610]  ? __lock_acquire+0x7d40/0x7d40
[ 1961.658919][ T1610]  should_fail_ex+0x39d/0x4d0
[ 1961.663654][ T1610]  should_failslab+0x9/0x20
[ 1961.668254][ T1610]  slab_pre_alloc_hook+0x59/0x310
[ 1961.673592][ T1610]  ? kvmalloc_node+0x70/0x180
[ 1961.678318][ T1610]  ? kvmalloc_node+0x70/0x180
[ 1961.683033][ T1610]  __kmem_cache_alloc_node+0x53/0x250
[ 1961.688448][ T1610]  ? kvmalloc_node+0x70/0x180
[ 1961.693155][ T1610]  __kmalloc_node+0xa4/0x230
[ 1961.697771][ T1610]  kvmalloc_node+0x70/0x180
[ 1961.702304][ T1610]  alloc_netdev_mqs+0x87/0x1040
[ 1961.707356][ T1610]  ? IP6_ECN_decapsulate+0x1810/0x1810
[ 1961.712930][ T1610]  ip6_tnl_locate+0x684/0x830
[ 1961.717645][ T1610]  ? ip6_tnl_parm_from_user+0x340/0x340
[ 1961.723294][ T1610]  ? __might_fault+0xaa/0x120
[ 1961.728075][ T1610]  ? __might_fault+0xc6/0x120
[ 1961.732899][ T1610]  ? __might_fault+0xaa/0x120
[ 1961.737598][ T1610]  ? ip6_tnl_siocdevprivate+0x5eb/0xab0
[ 1961.743763][ T1610]  ip6_tnl_siocdevprivate+0x619/0xab0
[ 1961.749361][ T1610]  ? ip6_tnl_start_xmit+0x11c0/0x11c0
[ 1961.755024][ T1610]  ? dev_ioctl+0x83c/0x1140
[ 1961.759559][ T1610]  ? dev_ifsioc+0x958/0xc40
[ 1961.764084][ T1610]  dev_ioctl+0x84c/0x1140
[ 1961.769057][ T1610]  sock_ioctl+0x74c/0x7e0
[ 1961.773405][ T1610]  ? sock_poll+0x3e0/0x3e0
[ 1961.777847][ T1610]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1961.782824][ T1610]  ? security_file_ioctl+0x80/0xa0
[ 1961.787960][ T1610]  ? sock_poll+0x3e0/0x3e0
[ 1961.792402][ T1610]  __se_sys_ioctl+0xfd/0x170
[ 1961.797040][ T1610]  do_syscall_64+0x55/0xa0
[ 1961.801474][ T1610]  ? clear_bhb_loop+0x40/0x90
[ 1961.806168][ T1610]  ? clear_bhb_loop+0x40/0x90
[ 1961.810863][ T1610]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1961.816783][ T1610] RIP: 0033:0x7f065e19cdd9
[ 1961.821215][ T1610] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1961.840939][ T1610] RSP: 002b:00007f065efa7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1961.849412][ T1610] RAX: ffffffffffffffda RBX: 00007f065e415fa0 RCX: 00007f065e19cdd9
[ 1961.857400][ T1610] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000008
[ 1961.865385][ T1610] RBP: 00007f065efa7090 R08: 0000000000000000 R09: 0000000000000000
[ 1961.873371][ T1610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1961.881355][ T1610] R13: 00007f065e416038 R14: 00007f065e415fa0 R15: 00007ffd47242308
[ 1961.889360][ T1610]  </TASK>
[ 1964.673731][T12256] Bluetooth: hci1: ACL packet for unknown connection handle 0
[ 1966.361326][ T1638] netlink: 'syz.3.9979': attribute type 9 has an invalid length.
[ 1966.386559][ T1638] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.9979'.
[ 1966.738967][T12256] Bluetooth: hci3: ACL packet for unknown connection handle 0
[ 1969.827355][ T1654] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9981'.
[ 1970.352877][ T1671] FAULT_INJECTION: forcing a failure.
[ 1970.352877][ T1671] name failslab, interval 1, probability 0, space 0, times 0
[ 1970.382564][ T1671] CPU: 0 PID: 1671 Comm: syz.3.9989 Not tainted syzkaller #0
[ 1970.390121][ T1671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1970.400224][ T1671] Call Trace:
[ 1970.403531][ T1671]  <TASK>
[ 1970.406475][ T1671]  dump_stack_lvl+0x18c/0x250
[ 1970.411202][ T1671]  ? show_regs_print_info+0x20/0x20
[ 1970.416453][ T1671]  ? load_image+0x420/0x420
[ 1970.420984][ T1671]  ? __lock_acquire+0x7d40/0x7d40
[ 1970.426124][ T1671]  should_fail_ex+0x39d/0x4d0
[ 1970.430823][ T1671]  should_failslab+0x9/0x20
[ 1970.435439][ T1671]  slab_pre_alloc_hook+0x59/0x310
[ 1970.440545][ T1671]  ? bpf_netns_link_release+0x3a4/0x630
[ 1970.446139][ T1671]  ? bpf_netns_link_release+0x3a4/0x630
[ 1970.451725][ T1671]  __kmem_cache_alloc_node+0x53/0x250
[ 1970.457161][ T1671]  ? bpf_netns_link_release+0x3a4/0x630
[ 1970.462754][ T1671]  __kmalloc+0xa4/0x230
[ 1970.467415][ T1671]  bpf_netns_link_release+0x3a4/0x630
[ 1970.473122][ T1671]  bpf_link_free+0x131/0x310
[ 1970.477784][ T1671]  ? idr_preload_end+0x200/0x200
[ 1970.482818][ T1671]  bpf_link_release+0x6e/0x80
[ 1970.487620][ T1671]  __fput+0x234/0x970
[ 1970.491773][ T1671]  __se_sys_close+0x15f/0x220
[ 1970.496525][ T1671]  do_syscall_64+0x55/0xa0
[ 1970.500983][ T1671]  ? clear_bhb_loop+0x40/0x90
[ 1970.505793][ T1671]  ? clear_bhb_loop+0x40/0x90
[ 1970.510534][ T1671]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1970.516482][ T1671] RIP: 0033:0x7fd923d9cdd9
[ 1970.520957][ T1671] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1970.540626][ T1671] RSP: 002b:00007fd924c43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1970.549107][ T1671] RAX: ffffffffffffffda RBX: 00007fd924015fa0 RCX: 00007fd923d9cdd9
[ 1970.557135][ T1671] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1970.565166][ T1671] RBP: 00007fd924c43090 R08: 0000000000000000 R09: 0000000000000000
[ 1970.574155][ T1671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1970.582180][ T1671] R13: 00007fd924016038 R14: 00007fd924015fa0 R15: 00007ffcffa3e378
[ 1970.590315][ T1671]  </TASK>
[ 1971.142145][ T1681] netlink: 'syz.0.9992': attribute type 9 has an invalid length.
[ 1971.187780][ T1681] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.9992'.
[ 1971.236595][ T1669] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.9987'.
[ 1971.258749][ T1669] bridge_slave_1: default FDB implementation only supports local addresses
[ 1971.286313][ T1682] netlink: 'syz.3.9991': attribute type 21 has an invalid length.
[ 1971.306309][ T1682] netlink: 176 bytes leftover after parsing attributes in process `syz.3.9991'.
[ 1976.503695][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 1976.510345][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 1977.327531][ T1669] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.9987'.
[ 1977.402770][ T1669] debugfs: Directory '!!ô!' with parent 'ieee80211' already present!
[ 1978.683509][ T1715] netlink: 152 bytes leftover after parsing attributes in process `syz.3.10000'.
[ 1978.694551][ T1711] netlink: 128 bytes leftover after parsing attributes in process `syz.1.9999'.
[ 1979.027111][ T1725] netlink: 'syz.0.10003': attribute type 10 has an invalid length.
[ 1979.151062][ T1725] hsr_slave_0: left promiscuous mode
[ 1979.267574][ T1725] hsr_slave_1: left promiscuous mode
[ 1982.800810][ T1739] netlink: 'syz.0.10005': attribute type 9 has an invalid length.
[ 1982.811581][ T1739] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.10005'.
[ 1983.316493][ T1748] netlink: 'syz.3.10007': attribute type 27 has an invalid length.
[ 1983.335293][ T1748] netlink: 164 bytes leftover after parsing attributes in process `syz.3.10007'.
[ 1987.255498][ T1758] netlink: 128 bytes leftover after parsing attributes in process `syz.1.10011'.
[ 1987.567746][ T1770] netlink: 'syz.1.10014': attribute type 10 has an invalid length.
[ 1987.602006][ T1770] hsr_slave_0: left promiscuous mode
[ 1991.065406][ T1755] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.10018'.
[ 1991.075504][ T1755] bridge_slave_1: default FDB implementation only supports local addresses
[ 1991.356376][ T1789] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.10020'.
[ 1991.388112][ T1789] bridge_slave_1: default FDB implementation only supports local addresses
[ 1993.108928][ T1805] netlink: 'syz.3.10026': attribute type 9 has an invalid length.
[ 1993.166798][ T1805] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.10026'.
[ 1993.526803][ T1804] netlink: 152 bytes leftover after parsing attributes in process `syz.0.10025'.
[ 1994.048150][ T1822] netlink: 'syz.4.10031': attribute type 10 has an invalid length.
[ 1997.115520][ T1822] hsr_slave_0: left promiscuous mode
[ 1997.152686][ T1822] hsr_slave_1: left promiscuous mode
[ 1997.205065][ T1825] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.10032'.
[ 1997.219372][ T1825] bridge_slave_1: default FDB implementation only supports local addresses
[ 1997.919784][ T1846] netlink: 'syz.3.10038': attribute type 9 has an invalid length.
[ 1997.936129][ T1846] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.10038'.
[ 1997.954499][T26309] hsr_slave_1: left promiscuous mode
[ 1997.968556][T26309] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1997.984010][T26309] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1998.008901][T26309] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1998.036488][T26309] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1998.064570][T26309] bridge_slave_1: left allmulticast mode
[ 1998.072950][T26309] bridge_slave_1: left promiscuous mode
[ 1998.073907][ T1852] FAULT_INJECTION: forcing a failure.
[ 1998.073907][ T1852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1998.100482][T26309] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1998.112019][ T1852] CPU: 1 PID: 1852 Comm: syz.1.10040 Not tainted syzkaller #0
[ 1998.119675][ T1852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1998.129804][ T1852] Call Trace:
[ 1998.133120][ T1852]  <TASK>
[ 1998.136077][ T1852]  dump_stack_lvl+0x18c/0x250
[ 1998.140803][ T1852]  ? show_regs_print_info+0x20/0x20
[ 1998.146019][ T1852]  ? load_image+0x420/0x420
[ 1998.150638][ T1852]  ? __might_fault+0xaa/0x120
[ 1998.155427][ T1852]  ? __lock_acquire+0x7d40/0x7d40
[ 1998.160722][ T1852]  should_fail_ex+0x39d/0x4d0
[ 1998.165419][ T1852]  _copy_from_user+0x2f/0xe0
[ 1998.170056][ T1852]  ___sys_sendmsg+0x1c7/0x360
[ 1998.174782][ T1852]  ? get_pid_task+0x20/0x1e0
[ 1998.179440][ T1852]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1998.184336][ T1852]  ? __lock_acquire+0x7d40/0x7d40
[ 1998.189425][ T1852]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1998.194327][ T1852]  ? __x64_sys_sendmsg+0x80/0x80
[ 1998.199404][ T1852]  ? lockdep_hardirqs_on+0x98/0x150
[ 1998.204715][ T1852]  do_syscall_64+0x55/0xa0
[ 1998.209249][ T1852]  ? clear_bhb_loop+0x40/0x90
[ 1998.213971][ T1852]  ? clear_bhb_loop+0x40/0x90
[ 1998.218751][ T1852]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1998.224749][ T1852] RIP: 0033:0x7f1940f9cdd9
[ 1998.229193][ T1852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1998.249276][ T1852] RSP: 002b:00007f1941e3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1998.258067][ T1852] RAX: ffffffffffffffda RBX: 00007f1941215fa0 RCX: 00007f1940f9cdd9
[ 1998.266160][ T1852] RDX: 000000002000c090 RSI: 0000200000000040 RDI: 0000000000000003
[ 1998.274247][ T1852] RBP: 00007f1941e3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1998.282243][ T1852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1998.290416][ T1852] R13: 00007f1941216038 R14: 00007f1941215fa0 R15: 00007ffd7a853078
[ 1998.298452][ T1852]  </TASK>
[ 1998.319316][T26309] bridge_slave_0: left allmulticast mode
[ 1998.334736][T26309] bridge_slave_0: left promiscuous mode
[ 1998.342420][T26309] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1998.398180][T26309] veth1_macvtap: left promiscuous mode
[ 1998.404172][T26309] veth0_macvtap: left promiscuous mode
[ 1998.413510][T26309] veth1_vlan: left promiscuous mode
[ 1998.420907][T26309] veth0_vlan: left promiscuous mode
[ 1999.325238][T26309] team0 (unregistering): Port device team_slave_1 removed
[ 1999.384357][T26309] team0 (unregistering): Port device C removed
[ 1999.904583][T26309] team0 (unregistering): Port device bridge0 removed
[ 2000.064933][ T1857] netlink: 'syz.1.10042': attribute type 21 has an invalid length.
[ 2000.082949][ T1857] netlink: 'syz.1.10042': attribute type 6 has an invalid length.
[ 2000.094618][ T1857] netlink: 132 bytes leftover after parsing attributes in process `syz.1.10042'.
[ 2000.953318][ T1866] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.10044'.
[ 2000.969376][ T1866] bridge_slave_1: default FDB implementation only supports local addresses
[ 2001.303265][ T1878] FAULT_INJECTION: forcing a failure.
[ 2001.303265][ T1878] name failslab, interval 1, probability 0, space 0, times 0
[ 2001.316819][ T1878] CPU: 0 PID: 1878 Comm: syz.0.10049 Not tainted syzkaller #0
[ 2001.324437][ T1878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 2001.334715][ T1878] Call Trace:
[ 2001.338106][ T1878]  <TASK>
[ 2001.341084][ T1878]  dump_stack_lvl+0x18c/0x250
[ 2001.345817][ T1878]  ? show_regs_print_info+0x20/0x20
[ 2001.351239][ T1878]  ? load_image+0x420/0x420
[ 2001.355788][ T1878]  ? perf_trace_lock_acquire+0x104/0x410
[ 2001.361479][ T1878]  ? verify_lock_unused+0x140/0x140
[ 2001.366750][ T1878]  ? perf_trace_lock_acquire+0x104/0x410
[ 2001.372627][ T1878]  should_fail_ex+0x39d/0x4d0
[ 2001.377388][ T1878]  should_failslab+0x9/0x20
[ 2001.381964][ T1878]  slab_pre_alloc_hook+0x59/0x310
[ 2001.387067][ T1878]  kmem_cache_alloc+0x5a/0x2d0
[ 2001.391886][ T1878]  ? skb_clone+0x1eb/0x370
[ 2001.396357][ T1878]  skb_clone+0x1eb/0x370
[ 2001.400647][ T1878]  __netlink_deliver_tap+0x41c/0x830
[ 2001.405989][ T1878]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2001.411223][ T1878]  netlink_deliver_tap+0x19c/0x1b0
[ 2001.416364][ T1878]  netlink_unicast+0x72c/0x8d0
[ 2001.421160][ T1878]  netlink_sendmsg+0x8d0/0xbf0
[ 2001.425975][ T1878]  ? netlink_getsockopt+0x590/0x590
[ 2001.431212][ T1878]  ? aa_sock_msg_perm+0x94/0x150
[ 2001.436206][ T1878]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2001.441536][ T1878]  ? security_socket_sendmsg+0x80/0xa0
[ 2001.447012][ T1878]  ? netlink_getsockopt+0x590/0x590
[ 2001.452237][ T1878]  ____sys_sendmsg+0x5ba/0x960
[ 2001.457029][ T1878]  ? __asan_memset+0x22/0x40
[ 2001.461740][ T1878]  ? __sys_sendmsg_sock+0x30/0x30
[ 2001.466791][ T1878]  ? __import_iovec+0x5f2/0x850
[ 2001.471755][ T1878]  ? import_iovec+0x73/0xa0
[ 2001.476279][ T1878]  ___sys_sendmsg+0x2a6/0x360
[ 2001.480975][ T1878]  ? get_pid_task+0x20/0x1e0
[ 2001.485591][ T1878]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2001.490750][ T1878]  ? __lock_acquire+0x7d40/0x7d40
[ 2001.495826][ T1878]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2001.500792][ T1878]  ? __x64_sys_sendmsg+0x80/0x80
[ 2001.505779][ T1878]  ? lockdep_hardirqs_on+0x98/0x150
[ 2001.511015][ T1878]  do_syscall_64+0x55/0xa0
[ 2001.515444][ T1878]  ? clear_bhb_loop+0x40/0x90
[ 2001.520323][ T1878]  ? clear_bhb_loop+0x40/0x90
[ 2001.525028][ T1878]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2001.530949][ T1878] RIP: 0033:0x7f719ab9cdd9
[ 2001.535414][ T1878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2001.555297][ T1878] RSP: 002b:00007f719bb03028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2001.563734][ T1878] RAX: ffffffffffffffda RBX: 00007f719ae15fa0 RCX: 00007f719ab9cdd9
[ 2001.571731][ T1878] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 2001.579992][ T1878] RBP: 00007f719bb03090 R08: 0000000000000000 R09: 0000000000000000
[ 2001.588068][ T1878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2001.596150][ T1878] R13: 00007f719ae16038 R14: 00007f719ae15fa0 R15: 00007ffcfdf845c8
[ 2001.604157][ T1878]  </TASK>
[ 2001.669782][ T1878] netlink: 'syz.0.10049': attribute type 21 has an invalid length.
[ 2001.693915][ T1878] netlink: 'syz.0.10049': attribute type 6 has an invalid length.
[ 2001.702148][ T1878] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10049'.
[ 2001.742500][ T1880] sit0: entered allmulticast mode
[ 2001.808393][ T1880] sit0: entered promiscuous mode
[ 2001.846640][ T1884] netlink: 'syz.4.10052': attribute type 9 has an invalid length.
[ 2001.864455][ T1884] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.10052'.
[ 2002.712446][ T1899] netlink: 'syz.1.10056': attribute type 13 has an invalid length.
[ 2002.750146][ T1899] netlink: 152 bytes leftover after parsing attributes in process `syz.1.10056'.
[ 2002.783138][ T1899] syz_tun: refused to change device tx_queue_len
[ 2002.795162][ T1899] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 2002.919316][ T1904] netlink: 'syz.4.10057': attribute type 10 has an invalid length.
[ 2006.248971][ T1918] netlink: 'syz.0.10062': attribute type 5 has an invalid length.
[ 2006.266056][ T1918] netlink: 176 bytes leftover after parsing attributes in process `syz.0.10062'.
[ 2006.621843][ T1929] netlink: 'syz.4.10066': attribute type 9 has an invalid length.
[ 2006.652300][ T1929] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.10066'.
[ 2010.105952][ T1959] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.10077'.
[ 2010.141008][ T1959] netlink: 6320 bytes leftover after parsing attributes in process `syz.3.10077'.
[ 2010.181477][ T1959] tc_dump_action: action bad kind
[ 2010.877166][ T1977] netlink: 'syz.1.10083': attribute type 13 has an invalid length.
[ 2010.888469][ T1977] netlink: 152 bytes leftover after parsing attributes in process `syz.1.10083'.
[ 2010.907489][ T1977] syz_tun: refused to change device tx_queue_len
[ 2010.913930][ T1977] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 2010.925018][ T1976] netlink: 'syz.0.10082': attribute type 9 has an invalid length.
[ 2010.956370][ T1976] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.10082'.
[ 2014.885295][ T2013] netlink: 'syz.1.10094': attribute type 9 has an invalid length.
[ 2014.936627][ T2013] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.10094'.
[ 2015.197894][ T2017] netlink: 'syz.3.10095': attribute type 9 has an invalid length.
[ 2015.271839][ T2017] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.10095'.
[ 2019.523046][ T2050] netlink: 'syz.1.10108': attribute type 3 has an invalid length.
[ 2019.556452][ T2050] netlink: 'syz.1.10108': attribute type 1 has an invalid length.
[ 2019.566483][ T2050] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.10108'.
[ 2019.933534][ T2039] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.10104'.
[ 2019.967158][ T2039] bridge_slave_1: default FDB implementation only supports local addresses
[ 2020.310180][ T2063] netlink: 'syz.0.10112': attribute type 2 has an invalid length.
[ 2020.344206][ T2063] netlink: 'syz.0.10112': attribute type 8 has an invalid length.
[ 2020.374160][ T2063] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10112'.
[ 2020.542651][ T2067] netlink: 'syz.1.10114': attribute type 2 has an invalid length.
[ 2020.558304][ T2067] netlink: 'syz.1.10114': attribute type 8 has an invalid length.
[ 2020.614233][ T2067] netlink: 132 bytes leftover after parsing attributes in process `syz.1.10114'.
[ 2020.852338][ T2075] netlink: 'syz.4.10116': attribute type 9 has an invalid length.
[ 2020.887576][ T2075] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.10116'.
[ 2024.638740][ T2087] netlink: 'syz.3.10120': attribute type 3 has an invalid length.
[ 2024.676154][ T2087] netlink: 'syz.3.10120': attribute type 1 has an invalid length.
[ 2024.697508][ T2087] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.10120'.
[ 2024.894326][T30418] hsr_slave_0: left promiscuous mode
[ 2024.917224][T30418] hsr_slave_1: left promiscuous mode
[ 2024.975556][T30418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2024.986859][T30418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2025.010992][T30418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2025.018065][ T2099] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 2025.025170][ T2099] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 2025.045147][T30418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2025.077992][T30418] bridge_slave_1: left allmulticast mode
[ 2025.089709][T30418] bridge_slave_1: left promiscuous mode
[ 2025.096214][T30418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2025.139544][T30418] bridge_slave_0: left allmulticast mode
[ 2025.145347][T30418] bridge_slave_0: left promiscuous mode
[ 2025.162619][T30418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2025.310636][T30418] veth1_macvtap: left promiscuous mode
[ 2025.323895][T30418] veth0_macvtap: left promiscuous mode
[ 2025.353211][T30418] veth1_vlan: left promiscuous mode
[ 2025.370612][T30418] veth0_vlan: left promiscuous mode
[ 2025.661985][ T2106] netlink: 'syz.0.10127': attribute type 9 has an invalid length.
[ 2025.776525][ T2106] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.10127'.
[ 2029.203350][T30418] team0 (unregistering): Port device team_slave_1 removed
[ 2029.263113][T30418] team0 (unregistering): Port device C removed
[ 2029.770305][T30418] team0 (unregistering): Port device bridge0 removed
[ 2029.855956][T12256] Bluetooth: hci2: command 0x0406 tx timeout
[ 2029.904679][ T2116] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.10125'.
[ 2029.914158][ T2116] bridge_slave_1: default FDB implementation only supports local addresses
[ 2030.149882][ T2123] FAULT_INJECTION: forcing a failure.
[ 2030.149882][ T2123] name failslab, interval 1, probability 0, space 0, times 0
[ 2030.186807][ T2123] CPU: 1 PID: 2123 Comm: syz.1.10132 Not tainted syzkaller #0
[ 2030.194443][ T2123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 2030.204600][ T2123] Call Trace:
[ 2030.207903][ T2123]  <TASK>
[ 2030.210874][ T2123]  dump_stack_lvl+0x18c/0x250
[ 2030.215608][ T2123]  ? show_regs_print_info+0x20/0x20
[ 2030.220848][ T2123]  ? load_image+0x420/0x420
[ 2030.225478][ T2123]  ? __might_sleep+0xe0/0xe0
[ 2030.230100][ T2123]  ? __lock_acquire+0x7d40/0x7d40
[ 2030.235157][ T2123]  ? is_dynamic_key+0x260/0x260
[ 2030.240041][ T2123]  should_fail_ex+0x39d/0x4d0
[ 2030.244770][ T2123]  should_failslab+0x9/0x20
[ 2030.249304][ T2123]  slab_pre_alloc_hook+0x59/0x310
[ 2030.254356][ T2123]  kmem_cache_alloc_node+0x60/0x320
[ 2030.259631][ T2123]  ? __alloc_skb+0x103/0x2c0
[ 2030.264253][ T2123]  __alloc_skb+0x103/0x2c0
[ 2030.268696][ T2123]  __ip_append_data+0x2b73/0x3d40
[ 2030.273769][ T2123]  ? ip_route_output_key_hash+0x13d/0x330
[ 2030.279603][ T2123]  ? raw_send_hdrinc+0x1170/0x1170
[ 2030.284824][ T2123]  ? mark_lock+0x94/0x320
[ 2030.289186][ T2123]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 2030.295194][ T2123]  ? ip_setup_cork+0x860/0x860
[ 2030.299985][ T2123]  ? ip_setup_cork+0x530/0x860
[ 2030.304863][ T2123]  ip_append_data+0x10d/0x180
[ 2030.309557][ T2123]  ? raw_send_hdrinc+0x1170/0x1170
[ 2030.314877][ T2123]  raw_sendmsg+0x15c1/0x1c00
[ 2030.319588][ T2123]  ? compat_raw_ioctl+0x70/0x70
[ 2030.324503][ T2123]  ? tomoyo_socket_sendmsg_permission+0x216/0x2f0
[ 2030.330970][ T2123]  ? sock_rps_record_flow+0x19/0x3f0
[ 2030.336395][ T2123]  ? inet_sendmsg+0x7c/0x2f0
[ 2030.341004][ T2123]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2030.346311][ T2123]  ? security_socket_sendmsg+0x80/0xa0
[ 2030.351788][ T2123]  ? inet_send_prepare+0x260/0x260
[ 2030.357131][ T2123]  ____sys_sendmsg+0x5ba/0x960
[ 2030.361912][ T2123]  ? __lock_acquire+0x7d40/0x7d40
[ 2030.366958][ T2123]  ? __asan_memset+0x22/0x40
[ 2030.371664][ T2123]  ? __sys_sendmsg_sock+0x30/0x30
[ 2030.376899][ T2123]  ? __import_iovec+0x3fa/0x850
[ 2030.381971][ T2123]  ? import_iovec+0x73/0xa0
[ 2030.387029][ T2123]  ___sys_sendmsg+0x2a6/0x360
[ 2030.391758][ T2123]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2030.396750][ T2123]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2030.401625][ T2123]  ? __x64_sys_sendmsg+0x80/0x80
[ 2030.406607][ T2123]  ? lockdep_hardirqs_on+0x98/0x150
[ 2030.411845][ T2123]  do_syscall_64+0x55/0xa0
[ 2030.416277][ T2123]  ? clear_bhb_loop+0x40/0x90
[ 2030.421060][ T2123]  ? clear_bhb_loop+0x40/0x90
[ 2030.425782][ T2123]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2030.431824][ T2123] RIP: 0033:0x7f1940f9cdd9
[ 2030.436281][ T2123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2030.456175][ T2123] RSP: 002b:00007f1941e3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2030.464797][ T2123] RAX: ffffffffffffffda RBX: 00007f1941215fa0 RCX: 00007f1940f9cdd9
[ 2030.472806][ T2123] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 2030.480845][ T2123] RBP: 00007f1941e3d090 R08: 0000000000000000 R09: 0000000000000000
[ 2030.488842][ T2123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2030.497114][ T2123] R13: 00007f1941216038 R14: 00007f1941215fa0 R15: 00007ffd7a853078
[ 2030.505220][ T2123]  </TASK>
[ 2030.681534][ T2130] FAULT_INJECTION: forcing a failure.
[ 2030.681534][ T2130] name failslab, interval 1, probability 0, space 0, times 0
[ 2030.733662][ T2130] CPU: 0 PID: 2130 Comm: syz.1.10134 Not tainted syzkaller #0
[ 2030.741227][ T2130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 2030.751338][ T2130] Call Trace:
[ 2030.754656][ T2130]  <TASK>
[ 2030.757630][ T2130]  dump_stack_lvl+0x18c/0x250
[ 2030.762461][ T2130]  ? show_regs_print_info+0x20/0x20
[ 2030.767808][ T2130]  ? load_image+0x420/0x420
[ 2030.772391][ T2130]  ? __might_sleep+0xe0/0xe0
[ 2030.777047][ T2130]  ? __lock_acquire+0x7d40/0x7d40
[ 2030.782170][ T2130]  ? __lock_acquire+0x1273/0x7d40
[ 2030.787239][ T2130]  ? trace_call_bpf+0xc3/0x6c0
[ 2030.792055][ T2130]  should_fail_ex+0x39d/0x4d0
[ 2030.796228][ T2125] netlink: 'syz.0.10131': attribute type 3 has an invalid length.
[ 2030.796770][ T2130]  should_failslab+0x9/0x20
[ 2030.796802][ T2130]  slab_pre_alloc_hook+0x59/0x310
[ 2030.796837][ T2130]  kmem_cache_alloc_node+0x60/0x320
[ 2030.796863][ T2130]  ? __lock_acquire+0x1273/0x7d40
[ 2030.796885][ T2130]  ? __alloc_skb+0x103/0x2c0
[ 2030.796910][ T2130]  __alloc_skb+0x103/0x2c0
[ 2030.796932][ T2130]  alloc_skb_with_frags+0xca/0x7b0
[ 2030.796959][ T2130]  ? mark_lock+0x94/0x320
[ 2030.796984][ T2130]  ? __lock_acquire+0x1273/0x7d40
[ 2030.797011][ T2130]  sock_alloc_send_pskb+0x883/0x9a0
[ 2030.797057][ T2130]  ? sock_kzfree_s+0x50/0x50
[ 2030.797082][ T2130]  ? verify_lock_unused+0x140/0x140
[ 2030.797108][ T2130]  ? verify_lock_unused+0x140/0x140
[ 2030.797137][ T2130]  __ip6_append_data+0x29f3/0x3c50
[ 2030.797183][ T2130]  ? ip6_mtu+0x7d/0x3f0
[ 2030.797215][ T2130]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[ 2030.797241][ T2130]  ? ip6_mtu+0x7d/0x3f0
[ 2030.797270][ T2130]  ? ip6_setup_cork+0xfe0/0xfe0
[ 2030.797295][ T2130]  ? ip6_setup_cork+0xa2f/0xfe0
[ 2030.797324][ T2130]  ip6_make_skb+0x39c/0x520
[ 2030.797365][ T2130]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[ 2030.797390][ T2130]  ? __ip6_flush_pending_frames+0x3a0/0x3a0
[ 2030.797426][ T2130]  ? ip6_dst_hoplimit+0x96/0x350
[ 2030.797451][ T2130]  ? ip6_dst_hoplimit+0x96/0x350
[ 2030.797481][ T2130]  udpv6_sendmsg+0x1c0e/0x2390
[ 2030.797523][ T2130]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[ 2030.797547][ T2130]  ? udp_v6_early_demux+0xf80/0xf80
[ 2030.797581][ T2130]  ? lock_chain_count+0x20/0x20
[ 2030.797614][ T2130]  ? _local_bh_enable+0xa0/0xa0
[ 2030.797642][ T2130]  ? inet_send_prepare+0x1b3/0x260
[ 2030.797670][ T2130]  ? inet_send_prepare+0x1b3/0x260
[ 2030.797698][ T2130]  ? inet6_sendmsg+0x5f/0xd0
[ 2030.797717][ T2130]  ? inet6_compat_ioctl+0x3c0/0x3c0
[ 2030.797741][ T2130]  ____sys_sendmsg+0x5ba/0x960
[ 2030.797762][ T2130]  ? __lock_acquire+0x7d40/0x7d40
[ 2030.797788][ T2130]  ? __asan_memset+0x22/0x40
[ 2030.797813][ T2130]  ? __sys_sendmsg_sock+0x30/0x30
[ 2030.797830][ T2130]  ? __import_iovec+0x3fa/0x850
[ 2030.797860][ T2130]  ? import_iovec+0x73/0xa0
[ 2030.797883][ T2130]  ___sys_sendmsg+0x2a6/0x360
[ 2030.797909][ T2130]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2030.797950][ T2130]  ? trace_call_bpf+0xc3/0x6c0
[ 2030.798005][ T2130]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2030.798027][ T2130]  ? __x64_sys_sendmsg+0x80/0x80
[ 2030.798063][ T2130]  ? lockdep_hardirqs_on+0x98/0x150
[ 2030.798092][ T2130]  do_syscall_64+0x55/0xa0
[ 2030.798109][ T2130]  ? clear_bhb_loop+0x40/0x90
[ 2030.798133][ T2130]  ? clear_bhb_loop+0x40/0x90
[ 2030.798157][ T2130]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2030.798180][ T2130] RIP: 0033:0x7f1940f9cdd9
[ 2030.798201][ T2130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2030.798218][ T2130] RSP: 002b:00007f1941e3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2030.798242][ T2130] RAX: ffffffffffffffda RBX: 00007f1941215fa0 RCX: 00007f1940f9cdd9
[ 2030.798257][ T2130] RDX: 0000000000040844 RSI: 00002000000000c0 RDI: 0000000000000003
[ 2030.798272][ T2130] RBP: 00007f1941e3d090 R08: 0000000000000000 R09: 0000000000000000
[ 2030.798285][ T2130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2030.798298][ T2130] R13: 00007f1941216038 R14: 00007f1941215fa0 R15: 00007ffd7a853078
[ 2030.798328][ T2130]  </TASK>
[ 2031.334806][ T2125] netlink: 'syz.0.10131': attribute type 1 has an invalid length.
[ 2031.351525][ T2125] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.10131'.
[ 2031.766717][ T2145] netlink: 'syz.4.10140': attribute type 9 has an invalid length.
[ 2031.824939][ T2145] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.10140'.
[ 2032.619467][ T2156] FAULT_INJECTION: forcing a failure.
[ 2032.619467][ T2156] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2032.645181][ T2153] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.10141'.
[ 2032.658036][ T2153] bridge_slave_1: default FDB implementation only supports local addresses
[ 2032.680317][ T2156] CPU: 1 PID: 2156 Comm: syz.0.10142 Not tainted syzkaller #0
[ 2032.687879][ T2156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 2032.698074][ T2156] Call Trace:
[ 2032.701396][ T2156]  <TASK>
[ 2032.704452][ T2156]  dump_stack_lvl+0x18c/0x250
[ 2032.709283][ T2156]  ? show_regs_print_info+0x20/0x20
[ 2032.715072][ T2156]  ? load_image+0x420/0x420
[ 2032.719766][ T2156]  ? __might_fault+0xaa/0x120
[ 2032.724687][ T2156]  ? __lock_acquire+0x7d40/0x7d40
[ 2032.729944][ T2156]  should_fail_ex+0x39d/0x4d0
[ 2032.734874][ T2156]  _copy_from_user+0x2f/0xe0
[ 2032.739532][ T2156]  ___sys_sendmsg+0x1c7/0x360
[ 2032.744352][ T2156]  ? get_pid_task+0x20/0x1e0
[ 2032.749011][ T2156]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2032.753861][ T2156]  ? __lock_acquire+0x7d40/0x7d40
[ 2032.758962][ T2156]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2032.763857][ T2156]  ? __x64_sys_sendmsg+0x80/0x80
[ 2032.768934][ T2156]  ? lockdep_hardirqs_on+0x98/0x150
[ 2032.774170][ T2156]  do_syscall_64+0x55/0xa0
[ 2032.778718][ T2156]  ? clear_bhb_loop+0x40/0x90
[ 2032.783437][ T2156]  ? clear_bhb_loop+0x40/0x90
[ 2032.788151][ T2156]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2032.794079][ T2156] RIP: 0033:0x7f719ab9cdd9
[ 2032.798548][ T2156] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2032.818802][ T2156] RSP: 002b:00007f719bb03028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2032.827340][ T2156] RAX: ffffffffffffffda RBX: 00007f719ae15fa0 RCX: 00007f719ab9cdd9
[ 2032.835425][ T2156] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 2032.843413][ T2156] RBP: 00007f719bb03090 R08: 0000000000000000 R09: 0000000000000000
[ 2032.851443][ T2156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2032.859692][ T2156] R13: 00007f719ae16038 R14: 00007f719ae15fa0 R15: 00007ffcfdf845c8
[ 2032.867700][ T2156]  </TASK>
[ 2033.650250][ T2163] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.10145'.
[ 2033.671660][ T2163] bridge: RTM_NEWNEIGH with invalid state 0x1
[ 2034.397625][ T2183] netlink: 'syz.0.10149': attribute type 3 has an invalid length.
[ 2034.421053][ T2183] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10149'.
[ 2037.031230][ T2177] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2037.371699][ T2192] netlink: 'syz.4.10155': attribute type 10 has an invalid length.
[ 2037.416163][ T2192] netlink: 82 bytes leftover after parsing attributes in process `syz.4.10155'.
[ 2037.699651][ T2190] netlink: 'syz.0.10154': attribute type 9 has an invalid length.
[ 2037.716550][ T2190] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.10154'.
[ 2038.073963][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 2038.090993][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[ 2038.641219][ T2210] netlink: 'syz.0.10169': attribute type 9 has an invalid length.
[ 2038.670403][ T2210] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.10169'.
[ 2039.233075][ T2223] netlink: 763 bytes leftover after parsing attributes in process `syz.1.10165'.
[ 2040.086016][T28073] Bluetooth: hci3: command 0x0406 tx timeout
[ 2041.666862][T30418] 
[ 2041.669265][T30418] ======================================================
[ 2041.676320][T30418] WARNING: possible circular locking dependency detected
[ 2041.683364][T30418] syzkaller #0 Not tainted
[ 2041.687789][T30418] ------------------------------------------------------
[ 2041.694899][T30418] kworker/u4:8/30418 is trying to acquire lock:
[ 2041.701325][T30418] ffff88802a530d00 (team->team_lock_key#13){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[ 2041.711109][T30418] 
[ 2041.711109][T30418] but task is already holding lock:
[ 2041.718519][T30418] ffff888030438768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[ 2041.728896][T30418] 
[ 2041.728896][T30418] which lock already depends on the new lock.
[ 2041.728896][T30418] 
[ 2041.739480][T30418] 
[ 2041.739480][T30418] the existing dependency chain (in reverse order) is:
[ 2041.748499][T30418] 
[ 2041.748499][T30418] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[ 2041.756243][T30418]        __mutex_lock+0x136/0xcc0
[ 2041.761282][T30418]        ieee80211_open+0x144/0x200
[ 2041.766497][T30418]        __dev_open+0x2cb/0x430
[ 2041.771360][T30418]        dev_open+0xab/0x190
[ 2041.775970][T30418]        team_add_slave+0x75f/0x29a0
[ 2041.781274][T30418]        do_setlink+0xdfe/0x4130
[ 2041.786312][T30418]        rtnl_newlink+0x17da/0x20a0
[ 2041.791535][T30418]        rtnetlink_rcv_msg+0x869/0xfa0
[ 2041.797100][T30418]        netlink_rcv_skb+0x241/0x4d0
[ 2041.802412][T30418]        netlink_unicast+0x751/0x8d0
[ 2041.807727][T30418]        netlink_sendmsg+0x8d0/0xbf0
[ 2041.813045][T30418]        ____sys_sendmsg+0x5ba/0x960
[ 2041.818340][T30418]        ___sys_sendmsg+0x2a6/0x360
[ 2041.823732][T30418]        __se_sys_sendmsg+0x1c2/0x2b0
[ 2041.829116][T30418]        do_syscall_64+0x55/0xa0
[ 2041.834060][T30418]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2041.840496][T30418] 
[ 2041.840496][T30418] -> #0 (team->team_lock_key#13){+.+.}-{3:3}:
[ 2041.848767][T30418]        __lock_acquire+0x2df1/0x7d40
[ 2041.854237][T30418]        lock_acquire+0x19e/0x420
[ 2041.859275][T30418]        __mutex_lock+0x136/0xcc0
[ 2041.864306][T30418]        team_del_slave+0x32/0x1c0
[ 2041.869441][T30418]        team_device_event+0x28d/0xa20
[ 2041.874936][T30418]        notifier_call_chain+0x197/0x380
[ 2041.880578][T30418]        unregister_netdevice_many_notify+0x100d/0x1900
[ 2041.887609][T30418]        unregister_netdevice_queue+0x32c/0x370
[ 2041.894049][T30418]        _cfg80211_unregister_wdev+0x16b/0x580
[ 2041.900411][T30418]        ieee80211_remove_interfaces+0x49e/0x690
[ 2041.907019][T30418]        ieee80211_unregister_hw+0x5d/0x2a0
[ 2041.913020][T30418]        mac80211_hwsim_del_radio+0x289/0x480
[ 2041.919109][T30418]        hwsim_exit_net+0x58d/0x650
[ 2041.924418][T30418]        cleanup_net+0x70a/0xbb0
[ 2041.929373][T30418]        process_scheduled_works+0xa5d/0x15d0
[ 2041.935591][T30418]        worker_thread+0xa55/0xfc0
[ 2041.940713][T30418]        kthread+0x2fa/0x390
[ 2041.945327][T30418]        ret_from_fork+0x48/0x80
[ 2041.950372][T30418]        ret_from_fork_asm+0x11/0x20
[ 2041.955786][T30418] 
[ 2041.955786][T30418] other info that might help us debug this:
[ 2041.955786][T30418] 
[ 2041.966300][T30418]  Possible unsafe locking scenario:
[ 2041.966300][T30418] 
[ 2041.973856][T30418]        CPU0                    CPU1
[ 2041.979420][T30418]        ----                    ----
[ 2041.984890][T30418]   lock(&rdev->wiphy.mtx);
[ 2041.989419][T30418]                                lock(team->team_lock_key#13);
[ 2041.999152][T30418]                                lock(&rdev->wiphy.mtx);
[ 2042.006290][T30418]   lock(team->team_lock_key#13);
[ 2042.011331][T30418] 
[ 2042.011331][T30418]  *** DEADLOCK ***
[ 2042.011331][T30418] 
[ 2042.019832][T30418] 5 locks held by kworker/u4:8/30418:
[ 2042.025336][T30418]  #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 2042.036240][T30418]  #1: ffffc9000d507d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 2042.046788][T30418]  #2: ffffffff8e3b5ad0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0
[ 2042.056207][T30418]  #3: ffffffff8e3c2b08 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[ 2042.066053][T30418]  #4: ffff888030438768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[ 2042.076972][T30418] 
[ 2042.076972][T30418] stack backtrace:
[ 2042.082864][T30418] CPU: 1 PID: 30418 Comm: kworker/u4:8 Not tainted syzkaller #0
[ 2042.090501][T30418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 2042.100684][T30418] Workqueue: netns cleanup_net
[ 2042.105514][T30418] Call Trace:
[ 2042.108802][T30418]  <TASK>
[ 2042.111743][T30418]  dump_stack_lvl+0x18c/0x250
[ 2042.116616][T30418]  ? load_image+0x420/0x420
[ 2042.121142][T30418]  ? show_regs_print_info+0x20/0x20
[ 2042.126363][T30418]  ? print_circular_bug+0x12b/0x1a0
[ 2042.131577][T30418]  check_noncircular+0x2fc/0x400
[ 2042.136530][T30418]  ? print_deadlock_bug+0x5d0/0x5d0
[ 2042.141835][T30418]  ? lockdep_lock+0xf5/0x230
[ 2042.146437][T30418]  ? __lock_acquire+0x1273/0x7d40
[ 2042.151486][T30418]  ? _find_first_zero_bit+0xd3/0x100
[ 2042.156791][T30418]  __lock_acquire+0x2df1/0x7d40
[ 2042.161750][T30418]  ? verify_lock_unused+0x140/0x140
[ 2042.167047][T30418]  ? verify_lock_unused+0x140/0x140
[ 2042.172262][T30418]  lock_acquire+0x19e/0x420
[ 2042.176784][T30418]  ? team_del_slave+0x32/0x1c0
[ 2042.182057][T30418]  ? __might_sleep+0xe0/0xe0
[ 2042.186684][T30418]  ? read_lock_is_recursive+0x20/0x20
[ 2042.192074][T30418]  __mutex_lock+0x136/0xcc0
[ 2042.196684][T30418]  ? team_del_slave+0x32/0x1c0
[ 2042.201660][T30418]  ? __lock_acquire+0x7d40/0x7d40
[ 2042.206723][T30418]  ? rcu_is_watching+0x15/0xb0
[ 2042.211522][T30418]  ? trace_contention_end+0x39/0xe0
[ 2042.216731][T30418]  ? __mutex_lock+0x315/0xcc0
[ 2042.221425][T30418]  ? team_del_slave+0x32/0x1c0
[ 2042.226208][T30418]  ? mutex_lock_nested+0x20/0x20
[ 2042.231237][T30418]  ? bond_netdev_event+0xeb/0xf20
[ 2042.236283][T30418]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 2042.241937][T30418]  team_del_slave+0x32/0x1c0
[ 2042.246557][T30418]  team_device_event+0x28d/0xa20
[ 2042.251593][T30418]  notifier_call_chain+0x197/0x380
[ 2042.256723][T30418]  unregister_netdevice_many_notify+0x100d/0x1900
[ 2042.263190][T30418]  ? lock_chain_count+0x20/0x20
[ 2042.268107][T30418]  ? unregister_netdevice_many+0x20/0x20
[ 2042.273752][T30418]  ? kernfs_remove_by_name_ns+0x117/0x150
[ 2042.279575][T30418]  ? __lock_acquire+0x7d40/0x7d40
[ 2042.284646][T30418]  unregister_netdevice_queue+0x32c/0x370
[ 2042.290471][T30418]  ? list_netdevice+0x730/0x730
[ 2042.295331][T30418]  ? kernfs_remove_by_name_ns+0x117/0x150
[ 2042.301095][T30418]  _cfg80211_unregister_wdev+0x16b/0x580
[ 2042.306750][T30418]  ieee80211_remove_interfaces+0x49e/0x690
[ 2042.312579][T30418]  ? ieee80211_do_stop+0x1e20/0x1e20
[ 2042.317987][T30418]  ? rcu_is_watching+0x15/0xb0
[ 2042.322944][T30418]  ieee80211_unregister_hw+0x5d/0x2a0
[ 2042.328611][T30418]  mac80211_hwsim_del_radio+0x289/0x480
[ 2042.334275][T30418]  ? rhashtable_remove_fast+0xc00/0xc00
[ 2042.339920][T30418]  hwsim_exit_net+0x58d/0x650
[ 2042.344630][T30418]  ? hwsim_init_net+0x90/0x90
[ 2042.349320][T30418]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[ 2042.355195][T30418]  cleanup_net+0x70a/0xbb0
[ 2042.359630][T30418]  ? ops_free_list+0x3b0/0x3b0
[ 2042.364415][T30418]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2042.369801][T30418]  ? process_scheduled_works+0x96f/0x15d0
[ 2042.375532][T30418]  ? process_scheduled_works+0x96f/0x15d0
[ 2042.381265][T30418]  process_scheduled_works+0xa5d/0x15d0
[ 2042.386837][T30418]  ? worker_attach_to_pool+0x380/0x380
[ 2042.392310][T30418]  ? assign_work+0x3d2/0x5d0
[ 2042.396915][T30418]  worker_thread+0xa55/0xfc0
[ 2042.401524][T30418]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 2042.407428][T30418]  ? _raw_spin_unlock+0x40/0x40
[ 2042.412288][T30418]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 2042.418232][T30418]  kthread+0x2fa/0x390
[ 2042.422412][T30418]  ? pr_cont_work+0x560/0x560
[ 2042.427164][T30418]  ? kthread_blkcg+0xd0/0xd0
[ 2042.431865][T30418]  ret_from_fork+0x48/0x80
[ 2042.436339][T30418]  ? kthread_blkcg+0xd0/0xd0
[ 2042.441037][T30418]  ret_from_fork_asm+0x11/0x20
[ 2042.445943][T30418]  </TASK>
[ 2042.474935][T30418] team0: Port device wlan1 removed
[ 2042.492029][ T2234] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.10167'.
[ 2042.502070][ T2234] bridge: RTM_NEWNEIGH with invalid state 0x1
[ 2042.623123][T30418] hsr_slave_0: left promiscuous mode
[ 2042.629916][T30418] hsr_slave_1: left promiscuous mode
[ 2042.636109][T30418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2042.643583][T30418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2042.651642][T30418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2042.660719][T30418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2042.670073][T30418] veth1_macvtap: left promiscuous mode
[ 2042.675624][T30418] veth0_macvtap: left promiscuous mode
[ 2042.681450][T30418] veth1_vlan: left promiscuous mode
[ 2042.687001][T30418] veth0_vlan: left promiscuous mode
[ 2042.881877][T30418] team0 (unregistering): Port device team_slave_1 removed
[ 2042.917236][T30418] team0 (unregistering): Port device C removed
[ 2050.245945][T28073] Bluetooth: hci1: command 0x0406 tx timeout