last executing test programs:

8.163511537s ago: executing program 2 (id=9579):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00')
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0xf, 0x2, 0xff, 0x0, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x5, 0xdf1d, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8=r2], 0x9a)

7.922562413s ago: executing program 2 (id=9581):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffffffffffffffff, 0x7}, 0x104101, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x7ffffc, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
r3 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x6, 0x1e, &(0x7f0000000500), 0x4)

7.714504139s ago: executing program 2 (id=9584):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x12008, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x14, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

7.67044916s ago: executing program 2 (id=9586):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0x22, &(0x7f0000000200), 0x4)

6.880867912s ago: executing program 2 (id=9589):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00')
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0xf, 0x2, 0xff, 0x0, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x5, 0xdf1d, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8=r2], 0x9a)

6.719868216s ago: executing program 2 (id=9591):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x40, 0x3, 0x0, 0x0, 0x0, 0x5, 0x400, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x401, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='{[\\]+\x00')
socketpair(0x3f, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYBLOB='\x00/\x00\x00\x00\x00\x00\x00\x00F\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x13300, 0x2, 0xffffff81, 0x0, 0x0, 0x7d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000000, 0x3}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0)
close(0x3)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00', @random="0c0000000988"})

5.49279279s ago: executing program 1 (id=9596):
r0 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) (async)
r1 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f0000000600), 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@restrict={0x3, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x2a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x30]}}, &(0x7f0000000600)=""/231, 0x2d, 0xe7, 0x0, 0x1}, 0x28)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="9110390000c39800956088fe00000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x10006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x2c44, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000440)={r6, &(0x7f0000000380)="feb934b9519096da86b48fefb7890d75c77adb120a611919b21b6026f9ebac041c1cd7333d92b1e9a3984dde938b04af212682c66ef76a2da6a7a424f03204303ca2b24b7dac0848441cb82837dafcb3f389eb8fa1f2ad2b6042892318f29df72c0e07f229f93b0991670bab2fac8ab378e4b4625460f4c1eff4e097ccb39093deea6207af9efaee4ec0a9562523e66c8917e8806de9a05d7b66ac"}, 0x20)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000580)}, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x12}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) (async)
r8 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005e0007"], 0xfe33) (async)
perf_event_open(0x0, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x3) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000040)={r1})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000740)={r7, r9, 0x4, r3}, 0x10) (async, rerun: 32)
r10 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) (rerun: 32)
mkdirat$cgroup(r10, &(0x7f0000000140)='syz1\x00', 0x1ff)
sendmsg$kcm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x48800) (async)
r11 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r11, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
close(0x3)

5.490936709s ago: executing program 3 (id=9603):
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xffffffffffffffff, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x1000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000057700000000000000000000182ec0002020702500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb70200000800c309b7030000240000008500"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = perf_event_open(&(0x7f0000000540)={0x7, 0x80, 0xb, 0xc0, 0x7, 0x6, 0x0, 0x5, 0x100, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x8, 0x1}, 0x8, 0x5, 0x6, 0x9, 0x7, 0x35b, 0x7, 0x0, 0x2, 0x0, 0x8}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x8)
ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000780)="d80000001a0081044e81f782db4cb904021d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a800160020001d400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(&(0x7f0000000dc0)={0x0, 0x80, 0x0, 0x5, 0x8, 0x6, 0x0, 0xd, 0x20002, 0xf, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfb, 0x4, @perf_config_ext={0x5, 0x8}, 0x2a0f, 0xc046, 0x3e, 0xa, 0x0, 0x7, 0x8, 0x0, 0x8, 0x0, 0x4}, r4, 0xc, r2, 0x0)
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000140)={'wlan1\x00', @random="0100000000eb"})
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000ec0)=ANY=[@ANYBLOB="720ac4ffe3d5332d6910160f848e00000000009500"], &(0x7f0000000480)='GPL\x00'}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x10000, 0x0)
ioctl$TUNGETFEATURES(r6, 0x800454cf, &(0x7f0000000500))
socket$kcm(0xa, 0x7, 0x88)
close(0x3)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000100)={&(0x7f0000000180)="8621457b1771c16215fa9f61f75cf2b7f246ca4726d77339de5f19bddf0e5e56d67a9c943710e1856ef4ad79e01a9e315c18d7cfe9f2b7527bb11ccb33e891fa895730a87e5468f436edbb5d4eba1e745b31397bed3c53a4c68eaf5697a2c64ed886ef9b468a17df0d2b8c040881d9bedade4bdde343850d", &(0x7f0000000280)=""/154, &(0x7f0000000040)="5c40ff6c90ecb6021e46e04c1f7aae2f2d8e506a417ab09fbb2b537853cfa3e9c5d04be090aed655ef6821faf3ca9dadea8cafd1a902", &(0x7f0000000340)="784be7fc6158bb0b3359fdfa2a5268088c9a001d031aeebbe7ea32e7d7471d6a12035e3e287920198e1e8b7f4b9ea835cd3507f75eeb3d14aaf87b67cd380c6aca71308453aa304c285216186aa407310c25a9cdc6f262efe072fe58b303a96c51616cffa3f1235c60d84dd19034455c78646b6318116eef81d035553dc7f149e23c84b72fc2cd5363fbe9411d5f4c8ac8a75c352e0e4a24a1c50f95d3d2e6eb9c4d4afff03860fe1455a9fc8b2ddcdc38cbee31137a544b36fa3690d6449ea78c1a3702c99a11ccbb998d210cb81c5c11", 0x8a8, 0xffffffffffffffff, 0x4}, 0x38)
r7 = socket$kcm(0x29, 0x2, 0x0)
close(r7)
r8 = socket$kcm(0x2b, 0x1, 0x0)
close(r8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x12, 0x0, 0x0, 0x6}, 0x50)

5.245888146s ago: executing program 1 (id=9597):
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xffffffffffffffff, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x1000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000057700000000000000000000182ec0002020702500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb70200000800c309b7030000240000008500"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = perf_event_open(&(0x7f0000000540)={0x7, 0x80, 0xb, 0xc0, 0x7, 0x6, 0x0, 0x5, 0x100, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x8, 0x1}, 0x8, 0x5, 0x6, 0x9, 0x7, 0x35b, 0x7, 0x0, 0x2, 0x0, 0x8}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x8)
ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000780)="d80000001a0081044e81f782db4cb904021d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a800160020001d400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(&(0x7f0000000dc0)={0x0, 0x80, 0x0, 0x5, 0x8, 0x6, 0x0, 0xd, 0x20002, 0xf, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfb, 0x4, @perf_config_ext={0x5, 0x8}, 0x2a0f, 0xc046, 0x3e, 0xa, 0x0, 0x7, 0x8, 0x0, 0x8, 0x0, 0x4}, r4, 0xc, r2, 0x0)
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000140)={'wlan1\x00', @random="0100000000eb"})
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000ec0)=ANY=[@ANYBLOB="720ac4ffe3d5332d6910160f848e00000000009500"], &(0x7f0000000480)='GPL\x00'}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x10000, 0x0)
ioctl$TUNGETFEATURES(r6, 0x800454cf, &(0x7f0000000500))
socket$kcm(0xa, 0x7, 0x88)
close(0x3)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000100)={&(0x7f0000000180), &(0x7f0000000280)=""/154, &(0x7f0000000040)="5c40ff6c90ecb6021e46e04c1f7aae2f2d8e506a417ab09fbb2b537853cfa3e9c5d04be090aed655ef6821faf3ca9dadea8cafd1a902", &(0x7f0000000340)="784be7fc6158bb0b3359fdfa2a5268088c9a001d031aeebbe7ea32e7d7471d6a12035e3e287920198e1e8b7f4b9ea835cd3507f75eeb3d14aaf87b67cd380c6aca71308453aa304c285216186aa407310c25a9cdc6f262efe072fe58b303a96c51616cffa3f1235c60d84dd19034455c78646b6318116eef81d035553dc7f149e23c84b72fc2cd5363fbe9411d5f4c8ac8a75c352e0e4a24a1c50f95d3d2e6eb9c4d4afff03860fe1455a9fc8b2ddcdc38cbee31137a544b36fa3690d6449ea78c1a3702c99a11ccbb998d210cb81c5c11", 0x8a8, 0xffffffffffffffff, 0x4}, 0x38)
r7 = socket$kcm(0x29, 0x2, 0x0)
close(r7)
r8 = socket$kcm(0x2b, 0x1, 0x0)
close(r8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x12, 0x0, 0x0, 0x6}, 0x50)

2.495217592s ago: executing program 0 (id=9607):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x12008, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x14, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.336900206s ago: executing program 3 (id=9608):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x40, 0x3, 0x0, 0x0, 0x0, 0x5, 0x400, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x401, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$kcm(0x28, 0x5, 0x0)
close(r1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='{[\\]+\x00')
socketpair(0x3f, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYBLOB='\x00/\x00\x00\x00\x00\x00\x00\x00F\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x13300, 0x2, 0xffffff81, 0x0, 0x0, 0x7d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000000, 0x3}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
close(0x3)
socketpair(0x2a, 0x5, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x89a2, &(0x7f0000000080)={'bridge0\x00', @random="0c0000000988"})

2.242524748s ago: executing program 0 (id=9609):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00')
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000120000"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0xf, 0x2, 0xff, 0x0, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x5, 0xdf1d, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8=r2], 0x9a)

2.038914294s ago: executing program 1 (id=9610):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0x3}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)="53b12d3fa0ba", 0x6}], 0x1}, 0x0)

1.81109699s ago: executing program 0 (id=9611):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x154, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10006, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="060075c2735ad354dbedae330cc75c9d0200000000000000000003060000001000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000400)=@o_path={&(0x7f0000000340)='./file0\x00', r1, 0x4000, r0}, 0x18)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0}, 0x24, 0x0, 0xffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000100), 0x200df000, r1, 0x0, 0x800000000}, 0x38)
socket$kcm(0x1e, 0x5, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000800)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000007000000000000000000000001050000000800000000000000010000850000002100000000020000000000000100000000da002d1b0d67217e22e650dd4375a980f07d9511212d408207d9054c992a58c4ee409feebe1c2447005809c13ed2ecd96010a0f3047e735a0214d73197799dc2dc702350b2a2a9299bdfc9105bcec68a5131ca5d30d22d0eb441517a3c13fe7fc2"], 0x0, 0x52, 0x0, 0x1}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[], 0x0, 0x4a}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x6, <r3=>0x0}, 0x8)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x35, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4020940d, &(0x7f00000005c0)=0x81000000000004)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000))
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x0, 0x37, 0x0, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_lsm={0x1d, 0x0, &(0x7f0000000440), &(0x7f0000000700)='syzkaller\x00', 0x3, 0x97, &(0x7f00000008c0)=""/151, 0x41100, 0x33, '\x00', 0x0, 0x1b, r2, 0x8, &(0x7f0000000980)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, r3, 0x0, 0x1, &(0x7f00000009c0)=[r1, r1], &(0x7f0000000a00)=[{0x3, 0x4, 0x8, 0xa}], 0x10, 0x8}, 0x94)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x87}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x10000, 0x800000, 0x9, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000600)={r1, 0x58, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x1, '\x00', r7, r5, 0x2, 0x1}, 0x50)
r8 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2511, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0x4}, 0x828, 0x8, 0x0, 0x0, 0x0, 0x800000, 0xffff, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000000)='cpu<00||!')
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="d8000000180081084e81f783db4cb9040a07080006007c09e8fc55a10a0015000600142603600e120800020081000401a8000180fec0ffff000000fd035c0461c1d67f6f94007134cf6efb803fa007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x89a1, &(0x7f0000000080))

1.724389293s ago: executing program 1 (id=9612):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7c, 0x4, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1d, 0x2, 0x6, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_time\x00', 0x100002, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000320081184e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600040001", 0x37}], 0x1}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socketpair(0x18, 0x800, 0x3, &(0x7f0000000040))
r3 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r3, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0xfffff001}, 0x80, 0x0}, 0xe07e872420dfefca)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r5)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce8102033208120000000000000000000000ac14140a000000000000000000000000ac1414aa"], 0xfdef)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="260a00000000000061114800000000001800000000000002000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2, 0x200000000000006, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.602701676s ago: executing program 3 (id=9613):
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x4, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[], 0xfffffeff)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
close(r3)
setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r5=>0x0, 0x0})
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000)
close(r5)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={0x0, 0x0, 0x0}, 0x4040005)
socket$kcm(0x22, 0x2, 0x21)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000040)=0x700, 0x0}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0x0}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0x20, &(0x7f0000000800)={&(0x7f0000000680)=""/82, 0x52, <r7=>0x0, 0x0}}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1e00000003000000050000000800000040140100", @ANYRES32=r6, @ANYBLOB="e600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000104000100020000000a003f92881d00000000000004c4c7729eb7e4b0ab1e42965e034d240ab5a93d", @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0xe, 0x23, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx={0x18, 0xb, 0x5, 0x0, 0x2}, @generic={0x2, 0x6, 0xc, 0xfff9, 0x4}, @exit, @exit, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1cbe, 0x0, 0x0, 0x0, 0x4}, @ringbuf_query], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0x7, 0x7fff, 0x1f40}, 0x10, r7, r1, 0xa, &(0x7f0000000900)=[r6, r8, 0xffffffffffffffff, r2], &(0x7f0000000940)=[{0x0, 0x3, 0x7, 0x3}, {0x1, 0x4, 0xe, 0x6}, {0x3, 0x5, 0x5}, {0x0, 0x2, 0x6, 0x3}, {0x0, 0x4, 0xb, 0xa}, {0x4, 0x1, 0x7}, {0x3, 0x2, 0xd, 0x5}, {0x1, 0x2, 0x3, 0x3}, {0x2, 0x4, 0x2, 0xc}, {0x5, 0x4, 0x10, 0x3}], 0x10, 0x6}, 0x94)
r9 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90524fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8923, &(0x7f0000000cc0)='lo:\x96o\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x88\x1f\xa1\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xd4\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\a\xf6\xfc\x1d\xd4\x893\xeb)\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O!\xd2q\xda}\xe2\xa2\xfe\xfd)\\\xdf\x9aN\\\xaeyc\xe4g\xc0\x8a\n\v{\xa9H\\\xd1\x9d\x00'/779)

1.350250363s ago: executing program 0 (id=9614):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x40, 0x3, 0x0, 0x0, 0x0, 0x5, 0x400, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x401, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='{[\\]+\x00')
socketpair(0x3f, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYBLOB='\x00/\x00\x00\x00\x00\x00\x00\x00F\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x13300, 0x2, 0xffffff81, 0x0, 0x0, 0x7d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000000, 0x3}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0)
close(0x3)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, &(0x7f0000000080)={'bridge0\x00', @random="0c0000000988"})

1.277668405s ago: executing program 1 (id=9615):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

1.040324521s ago: executing program 1 (id=9616):
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xffffffffffffffff, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x1000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000057700000000000000000000182ec0002020702500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb70200000800c309b7030000240000008500"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = perf_event_open(&(0x7f0000000540)={0x7, 0x80, 0xb, 0xc0, 0x7, 0x6, 0x0, 0x5, 0x100, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x8, 0x1}, 0x8, 0x5, 0x6, 0x9, 0x7, 0x35b, 0x7, 0x0, 0x2, 0x0, 0x8}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x8)
ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000780)="d80000001a0081044e81f782db4cb904021d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a800160020001d400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(&(0x7f0000000dc0)={0x0, 0x80, 0x0, 0x5, 0x8, 0x6, 0x0, 0xd, 0x20002, 0xf, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfb, 0x4, @perf_config_ext={0x5, 0x8}, 0x2a0f, 0xc046, 0x3e, 0xa, 0x0, 0x7, 0x8, 0x0, 0x8, 0x0, 0x4}, r4, 0xc, r2, 0x0)
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000140)={'wlan1\x00', @random="0100000000eb"})
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000ec0)=ANY=[@ANYBLOB="720ac4ffe3d5332d6910160f848e00000000009500"], &(0x7f0000000480)='GPL\x00'}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x10000, 0x0)
ioctl$TUNGETFEATURES(r6, 0x800454cf, &(0x7f0000000500))
socket$kcm(0xa, 0x7, 0x88)
close(0x3)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000100)={&(0x7f0000000180)="8621457b1771c16215fa9f61f75cf2b7f246ca4726d77339de5f19bddf0e5e56d67a9c943710e1856ef4ad79e01a9e315c18d7cfe9f2b7527bb11ccb33e891fa895730a87e5468f436edbb5d4eba1e745b31397bed3c53a4c68eaf5697a2c64ed886ef9b468a17df0d2b8c040881d9bedade4bdde343850d24292a7c60802c73cf50c1ae0025bd41c61d4c0b3102ef54a5f3794886c958e725ec90ce3eca7054853eec33b7402219c45ff36057cf8b61e733ff4a", &(0x7f0000000280)=""/154, &(0x7f0000000040)="5c40ff6c90ecb6021e46e04c1f7aae2f2d8e506a417ab09fbb2b537853cfa3e9c5d04be090aed655ef6821faf3ca9dadea8cafd1a902", &(0x7f0000000340)="784be7fc6158bb0b3359fdfa2a5268088c9a001d031aeebbe7ea32e7d7471d6a12035e3e287920198e1e8b7f4b9ea835cd3507f75eeb3d14aaf87b67cd380c6aca71308453aa304c285216186aa407310c25a9cdc6f262efe072fe58b303a96c51616cffa3f1235c60d84dd19034455c78646b6318116eef81d035553dc7f149e23c84b72fc2cd5363fbe9411d5f4c8ac8a75c352e0e4a24a1c50f95d3d2e6eb9c4d4afff03860fe1455a9fc8b2ddcdc38cbee31137a544b36fa3690d6449ea78c1a3702c99a11ccbb998d210cb81c5c11", 0x8a8, 0xffffffffffffffff, 0x4}, 0x38)
r7 = socket$kcm(0x29, 0x2, 0x0)
close(r7)
r8 = socket$kcm(0x2b, 0x1, 0x0)
close(r8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x12, 0x0, 0x0, 0x6}, 0x50)

856.247886ms ago: executing program 0 (id=9617):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x40, 0x3, 0x0, 0x0, 0x0, 0x5, 0x400, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x401, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close(0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='{[\\]+\x00')
socketpair(0x3f, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYBLOB='\x00/\x00\x00\x00\x00\x00\x00\x00F\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x13300, 0x2, 0xffffff81, 0x0, 0x0, 0x7d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000000, 0x3}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
close(0x3)
socketpair(0x2a, 0x5, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x89a2, &(0x7f0000000080)={'bridge0\x00', @random="0c0000000988"})

781.764718ms ago: executing program 3 (id=9618):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00')
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000120000"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0xf, 0x2, 0xff, 0x0, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0, 0x1}, 0x80000, 0xca, 0x0, 0x5, 0xdf1d, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES8=r2], 0x9a)

442.306168ms ago: executing program 3 (id=9619):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0x3}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)="53b12d3fa0ba", 0x6}], 0x1}, 0x0)

246.386533ms ago: executing program 3 (id=9620):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x40, 0x3, 0x0, 0x0, 0x0, 0x5, 0x400, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x401, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$kcm(0x28, 0x5, 0x0)
close(r1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='{[\\]+\x00')
socketpair(0x3f, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYBLOB='\x00/\x00\x00\x00\x00\x00\x00\x00F\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x13300, 0x2, 0xffffff81, 0x0, 0x0, 0x7d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000002040)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000000, 0x3}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
close(0x3)
socketpair(0x2a, 0x5, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x89a2, &(0x7f0000000080)={'bridge0\x00', @random="0c0000000988"})

0s ago: executing program 0 (id=9621):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0x1, 0x58, &(0x7f00000000c0)}, 0x10)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019000800004460bc06000000a701251e6182949a3651fbffffffd4d4938037e7c7a0a03400ac09c51c268811000096859fc57a00000000000000002571cd53b9851b30", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/174, 0xae}, {&(0x7f0000000500)=""/232, 0xe8}, {&(0x7f0000001b40)=""/4065, 0xfe1}, {&(0x7f0000003b80)=""/4124, 0x101c}], 0x4}, 0x20)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x80)

kernel console output (not intermixed with test programs):

ibute type 10 has an invalid length.
[ 1443.593752][T30592] netlink: 'syz.1.8767': attribute type 28 has an invalid length.
[ 1443.619368][T30592] netlink: 'syz.1.8767': attribute type 29 has an invalid length.
[ 1443.978543][T30599] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1444.009189][T30599] netlink: 'syz.0.8770': attribute type 17 has an invalid length.
[ 1444.018598][T30599] netlink: 'syz.0.8770': attribute type 10 has an invalid length.
[ 1444.403878][T30606] netlink: 'syz.0.8774': attribute type 4 has an invalid length.
[ 1444.428783][T30605] delete_channel: no stack
[ 1444.587233][T30610] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1444.712163][T30613] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1445.133808][T30626] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1445.452755][T30632] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1445.501286][T30632] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1445.551546][T30632] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1445.570578][T30632] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1445.608781][T30632] bond0 (unregistering): Released all slaves
[ 1445.663459][T30627] delete_channel: no stack
[ 1445.941685][T30641] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1445.976736][T30641] __nla_validate_parse: 14 callbacks suppressed
[ 1445.976756][T30641] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8788'.
[ 1446.218891][T30650] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1446.245262][T30650] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8792'.
[ 1446.272947][T30650] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.8792'.
[ 1446.438809][T30652] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.8793'.
[ 1446.537557][T30651] delete_channel: no stack
[ 1446.763160][T30658] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8794'.
[ 1447.030037][T30670] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1447.092050][T30670] validate_nla: 14 callbacks suppressed
[ 1447.092072][T30670] netlink: 'syz.3.8799': attribute type 17 has an invalid length.
[ 1447.111783][T30670] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8799'.
[ 1447.122768][T30670] netlink: 'syz.3.8799': attribute type 10 has an invalid length.
[ 1447.248246][T30674] netlink: 'syz.2.8801': attribute type 10 has an invalid length.
[ 1447.262131][T30674] netlink: 55 bytes leftover after parsing attributes in process `syz.2.8801'.
[ 1447.736893][T30679] netlink: 'syz.1.8803': attribute type 4 has an invalid length.
[ 1447.748898][T30679] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.8803'.
[ 1448.184087][T30676] netlink: 168 bytes leftover after parsing attributes in process `syz.3.8802'.
[ 1448.196244][T30678] delete_channel: no stack
[ 1448.379308][T30687] netlink: 'syz.3.8804': attribute type 28 has an invalid length.
[ 1448.406995][T30687] netlink: 'syz.3.8804': attribute type 29 has an invalid length.
[ 1448.429342][T30687] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8804'.
[ 1448.461058][T30689] FAULT_INJECTION: forcing a failure.
[ 1448.461058][T30689] name failslab, interval 1, probability 0, space 0, times 0
[ 1448.486887][T30689] CPU: 1 PID: 30689 Comm: syz.2.8806 Not tainted syzkaller #0
[ 1448.494500][T30689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1448.504633][T30689] Call Trace:
[ 1448.507987][T30689]  <TASK>
[ 1448.511072][T30689]  dump_stack_lvl+0x18c/0x250
[ 1448.515843][T30689]  ? show_regs_print_info+0x20/0x20
[ 1448.521140][T30689]  ? load_image+0x420/0x420
[ 1448.525838][T30689]  ? __might_sleep+0xe0/0xe0
[ 1448.530518][T30689]  ? __lock_acquire+0x7d40/0x7d40
[ 1448.535618][T30689]  should_fail_ex+0x39d/0x4d0
[ 1448.540388][T30689]  should_failslab+0x9/0x20
[ 1448.544971][T30689]  slab_pre_alloc_hook+0x59/0x310
[ 1448.550114][T30689]  ? __lock_acquire+0x7d40/0x7d40
[ 1448.555233][T30689]  kmem_cache_alloc_node+0x60/0x320
[ 1448.560632][T30689]  ? __alloc_skb+0x103/0x2c0
[ 1448.565324][T30689]  __alloc_skb+0x103/0x2c0
[ 1448.569847][T30689]  netlink_sendmsg+0x66a/0xbf0
[ 1448.574903][T30689]  ? netlink_getsockopt+0x590/0x590
[ 1448.580591][T30689]  ? aa_sock_msg_perm+0x94/0x150
[ 1448.585720][T30689]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1448.591430][T30689]  ? security_socket_sendmsg+0x80/0xa0
[ 1448.597243][T30689]  ? netlink_getsockopt+0x590/0x590
[ 1448.602529][T30689]  ____sys_sendmsg+0x5ba/0x960
[ 1448.607502][T30689]  ? __asan_memset+0x22/0x40
[ 1448.612159][T30689]  ? __sys_sendmsg_sock+0x30/0x30
[ 1448.617276][T30689]  ? __import_iovec+0x5f2/0x850
[ 1448.622197][T30689]  ? import_iovec+0x73/0xa0
[ 1448.626846][T30689]  ___sys_sendmsg+0x2a6/0x360
[ 1448.631578][T30689]  ? get_pid_task+0x20/0x1e0
[ 1448.636230][T30689]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1448.641079][T30689]  ? __lock_acquire+0x7d40/0x7d40
[ 1448.646285][T30689]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1448.651186][T30689]  ? __x64_sys_sendmsg+0x80/0x80
[ 1448.656193][T30689]  ? lockdep_hardirqs_on+0x98/0x150
[ 1448.661453][T30689]  do_syscall_64+0x55/0xa0
[ 1448.665925][T30689]  ? clear_bhb_loop+0x40/0x90
[ 1448.670649][T30689]  ? clear_bhb_loop+0x40/0x90
[ 1448.675373][T30689]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1448.681313][T30689] RIP: 0033:0x7f067e99cdd9
[ 1448.685776][T30689] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1448.705551][T30689] RSP: 002b:00007f067f93e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1448.714107][T30689] RAX: ffffffffffffffda RBX: 00007f067ec15fa0 RCX: 00007f067e99cdd9
[ 1448.722208][T30689] RDX: 0000000024044054 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1448.730223][T30689] RBP: 00007f067f93e090 R08: 0000000000000000 R09: 0000000000000000
[ 1448.738246][T30689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1448.746259][T30689] R13: 00007f067ec16038 R14: 00007f067ec15fa0 R15: 00007ffda30926a8
[ 1448.754312][T30689]  </TASK>
[ 1449.131734][T30698] netlink: 'syz.2.8809': attribute type 17 has an invalid length.
[ 1449.197746][T30701] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1449.289409][T30701] netlink: 'syz.1.8810': attribute type 17 has an invalid length.
[ 1449.319617][T30701] netlink: 'syz.1.8810': attribute type 10 has an invalid length.
[ 1449.558350][T30708] netlink: 'syz.2.8812': attribute type 28 has an invalid length.
[ 1450.323737][T30733] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1451.474399][T30749] __nla_validate_parse: 8 callbacks suppressed
[ 1451.474430][T30749] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8828'.
[ 1451.737619][T30757] netlink: 168 bytes leftover after parsing attributes in process `syz.0.8832'.
[ 1451.970111][T30762] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1451.996757][T30762] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8834'.
[ 1452.135597][T30764] validate_nla: 7 callbacks suppressed
[ 1452.135610][T30764] netlink: 'syz.0.8835': attribute type 2 has an invalid length.
[ 1452.149874][T30764] netlink: 'syz.0.8835': attribute type 4 has an invalid length.
[ 1452.158087][T30764] FAULT_INJECTION: forcing a failure.
[ 1452.158087][T30764] name failslab, interval 1, probability 0, space 0, times 0
[ 1452.171716][T30764] CPU: 1 PID: 30764 Comm: syz.0.8835 Not tainted syzkaller #0
[ 1452.179248][T30764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1452.189399][T30764] Call Trace:
[ 1452.192726][T30764]  <TASK>
[ 1452.195705][T30764]  dump_stack_lvl+0x18c/0x250
[ 1452.200463][T30764]  ? show_regs_print_info+0x20/0x20
[ 1452.205741][T30764]  ? load_image+0x420/0x420
[ 1452.210312][T30764]  ? __might_sleep+0xe0/0xe0
[ 1452.215007][T30764]  ? __lock_acquire+0x7d40/0x7d40
[ 1452.220115][T30764]  should_fail_ex+0x39d/0x4d0
[ 1452.224871][T30764]  should_failslab+0x9/0x20
[ 1452.229438][T30764]  slab_pre_alloc_hook+0x59/0x310
[ 1452.234540][T30764]  ? lockdep_hardirqs_on+0x98/0x150
[ 1452.239780][T30764]  kmem_cache_alloc_node+0x60/0x320
[ 1452.245052][T30764]  ? __alloc_skb+0x103/0x2c0
[ 1452.249705][T30764]  __alloc_skb+0x103/0x2c0
[ 1452.254164][T30764]  netlink_ack+0x376/0x1180
[ 1452.258721][T30764]  ? __dev_queue_xmit+0x265/0x3660
[ 1452.263919][T30764]  ? netlink_dump+0xe50/0xe50
[ 1452.268665][T30764]  ? ref_tracker_free+0x690/0x840
[ 1452.273805][T30764]  netlink_rcv_skb+0x2c5/0x4d0
[ 1452.278986][T30764]  ? rtnetlink_bind+0x80/0x80
[ 1452.283708][T30764]  ? netlink_ack+0x1180/0x1180
[ 1452.288696][T30764]  ? __lock_acquire+0x7d40/0x7d40
[ 1452.293796][T30764]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1452.299133][T30764]  netlink_unicast+0x751/0x8d0
[ 1452.303948][T30764]  netlink_sendmsg+0x8d0/0xbf0
[ 1452.308780][T30764]  ? netlink_getsockopt+0x590/0x590
[ 1452.314043][T30764]  ? aa_sock_msg_perm+0x94/0x150
[ 1452.319016][T30764]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1452.324516][T30764]  ? security_socket_sendmsg+0x80/0xa0
[ 1452.330006][T30764]  ? netlink_getsockopt+0x590/0x590
[ 1452.335330][T30764]  ____sys_sendmsg+0x5ba/0x960
[ 1452.340170][T30764]  ? __asan_memset+0x22/0x40
[ 1452.344830][T30764]  ? __sys_sendmsg_sock+0x30/0x30
[ 1452.349904][T30764]  ? __import_iovec+0x5f2/0x850
[ 1452.354801][T30764]  ? import_iovec+0x73/0xa0
[ 1452.359344][T30764]  ___sys_sendmsg+0x2a6/0x360
[ 1452.364061][T30764]  ? get_pid_task+0x20/0x1e0
[ 1452.368710][T30764]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1452.373552][T30764]  ? __lock_acquire+0x7d40/0x7d40
[ 1452.378656][T30764]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1452.383556][T30764]  ? __x64_sys_sendmsg+0x80/0x80
[ 1452.388574][T30764]  ? lockdep_hardirqs_on+0x98/0x150
[ 1452.393809][T30764]  do_syscall_64+0x55/0xa0
[ 1452.398250][T30764]  ? clear_bhb_loop+0x40/0x90
[ 1452.402980][T30764]  ? clear_bhb_loop+0x40/0x90
[ 1452.407708][T30764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1452.413647][T30764] RIP: 0033:0x7f6a7ed9cdd9
[ 1452.418089][T30764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1452.437851][T30764] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1452.446321][T30764] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1452.454323][T30764] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1452.462324][T30764] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1452.470343][T30764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1452.478453][T30764] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1452.486476][T30764]  </TASK>
[ 1452.779887][T30774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8838'.
[ 1452.875510][T30775] netlink: 'syz.0.8840': attribute type 3 has an invalid length.
[ 1452.883639][T30775] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8840'.
[ 1452.899850][T30775] netlink: 'syz.0.8840': attribute type 4 has an invalid length.
[ 1452.920086][T30777] netlink: 168 bytes leftover after parsing attributes in process `syz.2.8841'.
[ 1453.117643][T30783] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1453.161573][T30783] netlink: 'syz.2.8844': attribute type 17 has an invalid length.
[ 1453.169771][T30783] netlink: 152 bytes leftover after parsing attributes in process `syz.2.8844'.
[ 1453.180453][T30783] netlink: 'syz.2.8844': attribute type 10 has an invalid length.
[ 1453.232039][T30787] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.8846'.
[ 1453.245240][T30787] netlink: 'syz.0.8846': attribute type 2 has an invalid length.
[ 1453.322554][T30788] netlink: 'syz.1.8845': attribute type 28 has an invalid length.
[ 1453.331005][T30788] netlink: 'syz.1.8845': attribute type 29 has an invalid length.
[ 1453.339554][T30788] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8845'.
[ 1454.000792][T30802] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8850'.
[ 1454.351165][T30813] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1454.407370][T30813] netlink: 'syz.0.8855': attribute type 17 has an invalid length.
[ 1454.660478][T30825] FAULT_INJECTION: forcing a failure.
[ 1454.660478][T30825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1454.674093][T30825] CPU: 0 PID: 30825 Comm: syz.0.8861 Not tainted syzkaller #0
[ 1454.681713][T30825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1454.691884][T30825] Call Trace:
[ 1454.695207][T30825]  <TASK>
[ 1454.698177][T30825]  dump_stack_lvl+0x18c/0x250
[ 1454.702926][T30825]  ? show_regs_print_info+0x20/0x20
[ 1454.708199][T30825]  ? load_image+0x420/0x420
[ 1454.712763][T30825]  ? __might_fault+0xaa/0x120
[ 1454.717506][T30825]  ? __lock_acquire+0x7d40/0x7d40
[ 1454.722640][T30825]  should_fail_ex+0x39d/0x4d0
[ 1454.727393][T30825]  _copy_from_user+0x2f/0xe0
[ 1454.732060][T30825]  __sys_bpf+0x23e/0x890
[ 1454.736361][T30825]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1454.741799][T30825]  ? lock_chain_count+0x20/0x20
[ 1454.746723][T30825]  __x64_sys_bpf+0x7c/0x90
[ 1454.751200][T30825]  do_syscall_64+0x55/0xa0
[ 1454.755669][T30825]  ? clear_bhb_loop+0x40/0x90
[ 1454.760414][T30825]  ? clear_bhb_loop+0x40/0x90
[ 1454.765272][T30825]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1454.771240][T30825] RIP: 0033:0x7f6a7ed9cdd9
[ 1454.775716][T30825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1454.795558][T30825] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1454.804033][T30825] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1454.812074][T30825] RDX: 0000000000000078 RSI: 0000200000000440 RDI: 0000000000000005
[ 1454.820119][T30825] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1454.828151][T30825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1454.836346][T30825] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1454.844398][T30825]  </TASK>
[ 1455.242750][T30844] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1456.628781][T30861] __nla_validate_parse: 6 callbacks suppressed
[ 1456.628845][T30861] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8877'.
[ 1456.870412][T30874] netlink: 168 bytes leftover after parsing attributes in process `syz.0.8883'.
[ 1457.011764][T30876] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8884'.
[ 1457.033975][T30880] FAULT_INJECTION: forcing a failure.
[ 1457.033975][T30880] name failslab, interval 1, probability 0, space 0, times 0
[ 1457.084598][T30880] CPU: 1 PID: 30880 Comm: syz.2.8887 Not tainted syzkaller #0
[ 1457.092166][T30880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1457.102303][T30880] Call Trace:
[ 1457.105627][T30880]  <TASK>
[ 1457.108607][T30880]  dump_stack_lvl+0x18c/0x250
[ 1457.113353][T30880]  ? show_regs_print_info+0x20/0x20
[ 1457.118617][T30880]  ? load_image+0x420/0x420
[ 1457.123184][T30880]  ? __might_sleep+0xe0/0xe0
[ 1457.127845][T30880]  ? __lock_acquire+0x7d40/0x7d40
[ 1457.132924][T30880]  ? rcu_is_watching+0x15/0xb0
[ 1457.137760][T30880]  should_fail_ex+0x39d/0x4d0
[ 1457.142513][T30880]  should_failslab+0x9/0x20
[ 1457.147191][T30880]  slab_pre_alloc_hook+0x59/0x310
[ 1457.152286][T30880]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1457.158244][T30880]  __kmem_cache_alloc_node+0x53/0x250
[ 1457.163699][T30880]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1457.169677][T30880]  kmalloc_trace+0x2a/0xe0
[ 1457.174183][T30880]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1457.179986][T30880]  sctp_association_new+0x15d3/0x25c0
[ 1457.185437][T30880]  sctp_connect_new_asoc+0x2de/0x6a0
[ 1457.190965][T30880]  ? __sctp_connect+0xd80/0xd80
[ 1457.195897][T30880]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1457.201340][T30880]  ? _local_bh_enable+0xa0/0xa0
[ 1457.206368][T30880]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1457.212585][T30880]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1457.218618][T30880]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[ 1457.224413][T30880]  ? security_sctp_bind_connect+0x89/0xb0
[ 1457.230215][T30880]  sctp_sendmsg+0x1575/0x28c0
[ 1457.230501][T30883] validate_nla: 5 callbacks suppressed
[ 1457.230544][T30883] netlink: 'syz.0.8885': attribute type 28 has an invalid length.
[ 1457.235038][T30880]  ? sctp_getsockopt+0xb60/0xb60
[ 1457.235070][T30880]  ? aa_sk_perm+0x83c/0x970
[ 1457.235111][T30880]  ? aa_af_perm+0x330/0x330
[ 1457.262665][T30880]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[ 1457.269151][T30880]  ? sock_rps_record_flow+0x19/0x3f0
[ 1457.274528][T30880]  ? inet_sendmsg+0x7c/0x2f0
[ 1457.279444][T30880]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1457.284993][T30880]  ? security_socket_sendmsg+0x80/0xa0
[ 1457.290530][T30880]  ? inet_send_prepare+0x260/0x260
[ 1457.295716][T30880]  ____sys_sendmsg+0x5ba/0x960
[ 1457.300588][T30880]  ? __lock_acquire+0x7d40/0x7d40
[ 1457.303310][T30883] netlink: 'syz.0.8885': attribute type 29 has an invalid length.
[ 1457.305655][T30880]  ? __asan_memset+0x22/0x40
[ 1457.318144][T30880]  ? __sys_sendmsg_sock+0x30/0x30
[ 1457.323224][T30880]  ? __import_iovec+0x5f2/0x850
[ 1457.328137][T30880]  ? import_iovec+0x73/0xa0
[ 1457.332702][T30880]  ___sys_sendmsg+0x2a6/0x360
[ 1457.335151][T30883] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8885'.
[ 1457.337429][T30880]  ? get_pid_task+0x20/0x1e0
[ 1457.337467][T30880]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1457.337510][T30880]  ? __lock_acquire+0x7d40/0x7d40
[ 1457.337561][T30880]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1457.337587][T30880]  ? __x64_sys_sendmsg+0x80/0x80
[ 1457.337625][T30880]  ? lockdep_hardirqs_on+0x98/0x150
[ 1457.376281][T30880]  do_syscall_64+0x55/0xa0
[ 1457.380749][T30880]  ? clear_bhb_loop+0x40/0x90
[ 1457.385483][T30880]  ? clear_bhb_loop+0x40/0x90
[ 1457.390232][T30880]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1457.396192][T30880] RIP: 0033:0x7f067e99cdd9
[ 1457.400673][T30880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1457.420345][T30880] RSP: 002b:00007f067f93e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1457.429084][T30880] RAX: ffffffffffffffda RBX: 00007f067ec15fa0 RCX: 00007f067e99cdd9
[ 1457.437126][T30880] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000003
[ 1457.445170][T30880] RBP: 00007f067f93e090 R08: 0000000000000000 R09: 0000000000000000
[ 1457.453188][T30880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1457.461214][T30880] R13: 00007f067ec16038 R14: 00007f067ec15fa0 R15: 00007ffda30926a8
[ 1457.469349][T30880]  </TASK>
[ 1458.024373][T30894] bridge0: port 3(ip6gretap0) entered blocking state
[ 1458.058601][T30894] bridge0: port 3(ip6gretap0) entered disabled state
[ 1458.077395][T30894] ip6gretap0: entered allmulticast mode
[ 1458.127978][T30894] ip6gretap0: entered promiscuous mode
[ 1458.150533][T30894] bridge0: port 3(ip6gretap0) entered blocking state
[ 1458.160724][T30894] bridge0: port 3(ip6gretap0) entered forwarding state
[ 1458.365666][T30910] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8892'.
[ 1458.586981][T30905] netlink: 168 bytes leftover after parsing attributes in process `syz.3.8893'.
[ 1459.162034][T30922] netlink: 'syz.3.8898': attribute type 28 has an invalid length.
[ 1459.176841][T30922] netlink: 'syz.3.8898': attribute type 29 has an invalid length.
[ 1459.185409][T30922] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8898'.
[ 1459.470753][T30932] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8902'.
[ 1459.736046][T30944] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8905'.
[ 1460.279171][T30959] netlink: 'syz.1.8911': attribute type 28 has an invalid length.
[ 1460.301069][T30959] netlink: 'syz.1.8911': attribute type 29 has an invalid length.
[ 1460.312965][T30959] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8911'.
[ 1462.197696][T30982] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1462.222215][T30979] netlink: 'syz.3.8919': attribute type 28 has an invalid length.
[ 1462.231639][T30979] netlink: 'syz.3.8919': attribute type 29 has an invalid length.
[ 1462.247026][T30979] __nla_validate_parse: 2 callbacks suppressed
[ 1462.247070][T30979] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8919'.
[ 1462.321135][T30982] netlink: 'syz.0.8927': attribute type 17 has an invalid length.
[ 1462.346675][T30982] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8927'.
[ 1462.390485][T30985] netlink: 'syz.0.8927': attribute type 10 has an invalid length.
[ 1462.488001][T30991] netlink: 168 bytes leftover after parsing attributes in process `syz.2.8922'.
[ 1462.708056][T30997] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8923'.
[ 1463.047119][T31007] netlink: 'syz.2.8928': attribute type 28 has an invalid length.
[ 1463.075458][T31007] netlink: 'syz.2.8928': attribute type 29 has an invalid length.
[ 1463.107173][T31007] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8928'.
[ 1463.235223][T31005] delete_channel: no stack
[ 1463.404391][T31017] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8932'.
[ 1463.453196][T31019] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1463.502838][T31019] netlink: 'syz.0.8933': attribute type 17 has an invalid length.
[ 1463.513159][T31019] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8933'.
[ 1463.527897][T31019] netlink: 'syz.0.8933': attribute type 10 has an invalid length.
[ 1463.765842][T31025] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8936'.
[ 1464.053590][T31028] delete_channel: no stack
[ 1464.222523][T31037] bridge0: port 3(ip6gretap0) entered blocking state
[ 1464.234581][T31037] bridge0: port 3(ip6gretap0) entered disabled state
[ 1464.245590][T31037] ip6gretap0: entered allmulticast mode
[ 1464.262361][T31037] ip6gretap0: entered promiscuous mode
[ 1464.282877][T31037] bridge0: port 3(ip6gretap0) entered blocking state
[ 1464.292158][T31037] bridge0: port 3(ip6gretap0) entered forwarding state
[ 1464.324051][T31039] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8942'.
[ 1464.581590][T31047] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1464.632767][T31047] netlink: 'syz.1.8944': attribute type 17 has an invalid length.
[ 1464.643854][T31047] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8944'.
[ 1464.663185][T31047] netlink: 'syz.1.8944': attribute type 10 has an invalid length.
[ 1465.333273][T31061] netlink: 'syz.1.8950': attribute type 4 has an invalid length.
[ 1465.506739][T31060] delete_channel: no stack
[ 1465.663884][T31065] delete_channel: no stack
[ 1465.710842][T31075] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1465.740479][T31075] netlink: 'syz.3.8955': attribute type 17 has an invalid length.
[ 1467.334150][T31096] __nla_validate_parse: 8 callbacks suppressed
[ 1467.334195][T31096] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8961'.
[ 1467.620440][T31105] validate_nla: 3 callbacks suppressed
[ 1467.620484][T31105] netlink: 'syz.1.8965': attribute type 4 has an invalid length.
[ 1467.648244][T31105] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.8965'.
[ 1467.866082][T31100] delete_channel: no stack
[ 1467.943961][T31104] delete_channel: no stack
[ 1468.229757][T31122] netlink: 763 bytes leftover after parsing attributes in process `syz.3.8968'.
[ 1468.268654][T31122] netlink: 'syz.3.8968': attribute type 2 has an invalid length.
[ 1468.287710][T31122] netlink: 'syz.3.8968': attribute type 4 has an invalid length.
[ 1468.362381][T31121] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8966'.
[ 1468.684505][T31134] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1468.749040][T31134] netlink: 'syz.1.8972': attribute type 17 has an invalid length.
[ 1468.775043][T31134] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8972'.
[ 1468.786240][T31134] netlink: 'syz.1.8972': attribute type 10 has an invalid length.
[ 1468.819626][T31134] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.8972'.
[ 1468.956147][T31138] netlink: 'syz.0.8974': attribute type 4 has an invalid length.
[ 1468.967353][T31138] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.8974'.
[ 1469.135968][T31136] delete_channel: no stack
[ 1469.174303][T31142] bridge0: port 3(ip6gretap0) entered blocking state
[ 1469.190242][T31142] bridge0: port 3(ip6gretap0) entered disabled state
[ 1469.200914][T31142] ip6gretap0: entered allmulticast mode
[ 1469.225876][T31142] ip6gretap0: entered promiscuous mode
[ 1469.254158][T31142] bridge0: port 3(ip6gretap0) entered blocking state
[ 1469.262459][T31142] bridge0: port 3(ip6gretap0) entered forwarding state
[ 1469.405173][T31150] netlink: 172 bytes leftover after parsing attributes in process `syz.0.8979'.
[ 1470.032736][T31167] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1470.108042][T31167] netlink: 'syz.0.8985': attribute type 17 has an invalid length.
[ 1470.116087][T31167] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8985'.
[ 1470.148905][T31167] netlink: 'syz.0.8985': attribute type 10 has an invalid length.
[ 1470.200113][T31167] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.8985'.
[ 1470.289759][T31171] netlink: 'syz.2.8987': attribute type 4 has an invalid length.
[ 1470.477279][T31170] delete_channel: no stack
[ 1470.738241][T31184] netlink: 'syz.0.8989': attribute type 28 has an invalid length.
[ 1471.882511][T31209] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1472.422316][T31212] delete_channel: no stack
[ 1473.055816][T31234] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1473.112953][T31234] validate_nla: 4 callbacks suppressed
[ 1473.112974][T31234] netlink: 'syz.3.9010': attribute type 17 has an invalid length.
[ 1473.154654][T31234] __nla_validate_parse: 5 callbacks suppressed
[ 1473.154676][T31234] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9010'.
[ 1473.186944][T31238] netlink: 'syz.3.9010': attribute type 10 has an invalid length.
[ 1473.233385][T31234] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.9010'.
[ 1473.253206][T31239] netlink: 'syz.1.9012': attribute type 28 has an invalid length.
[ 1473.278738][T31239] netlink: 'syz.1.9012': attribute type 29 has an invalid length.
[ 1473.299743][T31239] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9012'.
[ 1473.800581][T31245] netlink: 'syz.2.9013': attribute type 4 has an invalid length.
[ 1473.810968][T31245] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9013'.
[ 1473.963390][T31247] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1473.998250][T31244] delete_channel: no stack
[ 1474.004788][T31247] netlink: 'syz.0.9014': attribute type 17 has an invalid length.
[ 1474.017132][T31247] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9014'.
[ 1474.039669][T31247] netlink: 'syz.0.9014': attribute type 10 has an invalid length.
[ 1474.558309][T31266] delete_channel: no stack
[ 1474.653755][T31273] bridge0: port 4(ip6gretap0) entered blocking state
[ 1474.664218][T31273] bridge0: port 4(ip6gretap0) entered disabled state
[ 1474.675158][T31273] ip6gretap0: entered allmulticast mode
[ 1474.705500][T31273] ip6gretap0: entered promiscuous mode
[ 1474.729783][T31273] bridge0: port 4(ip6gretap0) entered blocking state
[ 1474.736784][T31273] bridge0: port 4(ip6gretap0) entered forwarding state
[ 1474.822908][T31277] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1474.875982][T31277] netlink: 'syz.3.9024': attribute type 17 has an invalid length.
[ 1474.885344][T31277] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9024'.
[ 1474.896082][T31277] netlink: 'syz.3.9024': attribute type 10 has an invalid length.
[ 1474.949156][T31277] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.9024'.
[ 1475.061222][T31282] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1475.097625][T31282] netlink: 'syz.2.9026': attribute type 17 has an invalid length.
[ 1475.106101][T31282] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9026'.
[ 1475.465934][T31291] delete_channel: no stack
[ 1475.635066][T31306] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1475.672285][T31306] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9037'.
[ 1476.489659][T31313] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1476.587246][T31313] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9039'.
[ 1477.440345][T31320] delete_channel: no stack
[ 1477.594317][T31329] delete_channel: no stack
[ 1477.832308][T31347] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1477.983146][T31340] delete_channel: no stack
[ 1478.104081][T31355] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1478.212674][T31355] validate_nla: 8 callbacks suppressed
[ 1478.212698][T31355] netlink: 'syz.0.9053': attribute type 17 has an invalid length.
[ 1478.234013][T31355] __nla_validate_parse: 3 callbacks suppressed
[ 1478.234033][T31355] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9053'.
[ 1478.261607][T31355] netlink: 'syz.0.9053': attribute type 10 has an invalid length.
[ 1478.663519][T31367] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9058'.
[ 1478.854868][T31372] netlink: 'syz.0.9060': attribute type 10 has an invalid length.
[ 1478.990732][T31372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1479.102446][T31372] bridge_slave_1: left allmulticast mode
[ 1479.124057][T31372] bridge_slave_1: left promiscuous mode
[ 1479.202012][T31372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1479.500558][T31379] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1479.547580][T31375] delete_channel: no stack
[ 1479.549540][T31389] netlink: 'syz.1.9063': attribute type 10 has an invalid length.
[ 1479.579409][T31387] netlink: 'syz.1.9063': attribute type 17 has an invalid length.
[ 1479.608269][T31387] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9063'.
[ 1479.839322][T31397] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1479.941822][T31397] netlink: 'syz.0.9068': attribute type 17 has an invalid length.
[ 1479.950329][T31397] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9068'.
[ 1479.966744][T31397] netlink: 'syz.0.9068': attribute type 10 has an invalid length.
[ 1480.094964][T31408] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9071'.
[ 1480.492564][T31413] delete_channel: no stack
[ 1481.621455][T31442] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1481.772610][T31442] netlink: 'syz.3.9086': attribute type 17 has an invalid length.
[ 1481.809011][T31442] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9086'.
[ 1481.852569][T31442] netlink: 'syz.3.9086': attribute type 10 has an invalid length.
[ 1482.073230][T31444] delete_channel: no stack
[ 1482.304454][T31456] netlink: 'syz.1.9088': attribute type 4 has an invalid length.
[ 1482.318351][T31456] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9088'.
[ 1482.661236][T31454] delete_channel: no stack
[ 1483.423771][T31483] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1483.513829][T31483] netlink: 'syz.3.9100': attribute type 17 has an invalid length.
[ 1483.701988][T31483] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9100'.
[ 1483.755361][T31483] netlink: 'syz.3.9100': attribute type 10 has an invalid length.
[ 1484.086218][T31475] delete_channel: no stack
[ 1484.226338][T31490] netlink: 'syz.0.9101': attribute type 4 has an invalid length.
[ 1484.236949][T31490] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.9101'.
[ 1484.408578][T31489] delete_channel: no stack
[ 1484.734798][T31512] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1484.836046][T31515] netlink: 'syz.1.9111': attribute type 17 has an invalid length.
[ 1484.869966][T31515] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9111'.
[ 1484.901475][T31516] netlink: 'syz.1.9111': attribute type 10 has an invalid length.
[ 1484.938636][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.945437][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.415303][T31509] delete_channel: no stack
[ 1485.703592][T31527] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1485.764498][T31530] netlink: 'syz.2.9117': attribute type 4 has an invalid length.
[ 1485.773481][T31530] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9117'.
[ 1485.812898][T31527] netlink: 'syz.1.9124': attribute type 17 has an invalid length.
[ 1485.862838][T31527] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9124'.
[ 1485.888630][T31534] netlink: 'syz.1.9124': attribute type 10 has an invalid length.
[ 1486.540162][T31529] delete_channel: no stack
[ 1487.638063][T31544] delete_channel: no stack
[ 1487.833075][T31559] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1487.869110][T31559] netlink: 'syz.2.9128': attribute type 17 has an invalid length.
[ 1487.884850][T31559] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9128'.
[ 1487.897628][T31559] netlink: 'syz.2.9128': attribute type 10 has an invalid length.
[ 1487.945140][T31559] netlink: 37751 bytes leftover after parsing attributes in process `syz.2.9128'.
[ 1488.174099][T31557] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1488.214345][T31557] bridge_slave_1: left allmulticast mode
[ 1488.231327][T31557] bridge_slave_1: left promiscuous mode
[ 1488.242921][T31557] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1488.298805][T31569] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1488.334785][T31569] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9130'.
[ 1488.388173][T31569] netlink: 37751 bytes leftover after parsing attributes in process `syz.0.9130'.
[ 1488.425703][T31573] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9131'.
[ 1488.584150][T31571] delete_channel: no stack
[ 1488.594605][T31579] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1488.631446][T31579] validate_nla: 4 callbacks suppressed
[ 1488.631468][T31579] netlink: 'syz.0.9133': attribute type 17 has an invalid length.
[ 1488.647834][T31579] netlink: 'syz.0.9133': attribute type 10 has an invalid length.
[ 1488.843391][T31586] __nla_validate_parse: 1 callbacks suppressed
[ 1488.843410][T31586] netlink: 14 bytes leftover after parsing attributes in process `syz.3.9136'.
[ 1489.088125][T31580] delete_channel: no stack
[ 1489.120381][T31591] netlink: 168 bytes leftover after parsing attributes in process `syz.3.9138'.
[ 1489.431696][T31595] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1489.686490][T31595] netlink: 'syz.3.9140': attribute type 17 has an invalid length.
[ 1489.716394][T31595] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9140'.
[ 1489.731956][T31595] netlink: 'syz.3.9140': attribute type 10 has an invalid length.
[ 1489.769215][T31595] netlink: 37751 bytes leftover after parsing attributes in process `syz.3.9140'.
[ 1489.934900][T31603] netlink: 'syz.0.9143': attribute type 4 has an invalid length.
[ 1489.987093][T31603] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.9143'.
[ 1490.110686][T31602] delete_channel: no stack
[ 1490.161122][T31609] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1490.227933][T31609] netlink: 'syz.3.9145': attribute type 17 has an invalid length.
[ 1490.242734][T31609] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9145'.
[ 1490.281411][T31615] netlink: 'syz.3.9145': attribute type 10 has an invalid length.
[ 1490.423378][T31618] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9148'.
[ 1490.510435][T31613] delete_channel: no stack
[ 1490.769098][T31627] netlink: 'syz.1.9150': attribute type 10 has an invalid length.
[ 1490.873215][T31634] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1490.924692][T31634] netlink: 'syz.0.9153': attribute type 17 has an invalid length.
[ 1490.946845][T31634] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9153'.
[ 1490.957366][T31634] netlink: 'syz.0.9153': attribute type 10 has an invalid length.
[ 1491.019709][T31636] netlink: 37751 bytes leftover after parsing attributes in process `syz.0.9153'.
[ 1491.226065][T31640] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9155'.
[ 1491.395580][T31648] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1491.463556][T31639] delete_channel: no stack
[ 1491.928977][T31651] delete_channel: no stack
[ 1492.021263][T31667] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1492.037264][T31668] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1492.277264][T31677] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1492.530879][T31674] delete_channel: no stack
[ 1493.344043][T31688] delete_channel: no stack
[ 1493.512946][T31698] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1493.659973][T31703] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1493.744100][T31705] validate_nla: 11 callbacks suppressed
[ 1493.744122][T31705] netlink: 'syz.0.9178': attribute type 10 has an invalid length.
[ 1493.766886][T31703] netlink: 'syz.2.9180': attribute type 17 has an invalid length.
[ 1493.778744][T31703] netlink: 'syz.2.9180': attribute type 10 has an invalid length.
[ 1493.804725][T31698] netlink: 'syz.1.9177': attribute type 17 has an invalid length.
[ 1493.818521][T31698] netlink: 'syz.1.9177': attribute type 10 has an invalid length.
[ 1493.852493][T31698] __nla_validate_parse: 13 callbacks suppressed
[ 1493.852517][T31698] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.9177'.
[ 1494.104230][T31711] netlink: 'syz.0.9181': attribute type 4 has an invalid length.
[ 1494.181697][T31711] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.9181'.
[ 1494.394852][T31710] delete_channel: no stack
[ 1494.883972][T31722] delete_channel: no stack
[ 1495.040025][T31729] netlink: 'syz.2.9189': attribute type 10 has an invalid length.
[ 1495.083255][T31729] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1495.112100][T31729] bridge_slave_1: left allmulticast mode
[ 1495.118702][T31729] bridge_slave_1: left promiscuous mode
[ 1495.129976][T31729] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1495.308310][T31739] netlink: 'syz.3.9190': attribute type 28 has an invalid length.
[ 1495.316235][T31739] netlink: 'syz.3.9190': attribute type 29 has an invalid length.
[ 1495.355991][T31739] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9190'.
[ 1495.368730][T31735] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1495.384452][T31737] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9192'.
[ 1495.459702][T31735] netlink: 'syz.0.9191': attribute type 17 has an invalid length.
[ 1495.477735][T31735] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9191'.
[ 1495.558571][T31735] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.9191'.
[ 1495.591416][T31747] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1495.635430][T31747] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9194'.
[ 1495.724645][T31747] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.9194'.
[ 1495.752322][T31748] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9195'.
[ 1495.908571][T31746] delete_channel: no stack
[ 1496.114460][T31756] delete_channel: no stack
[ 1496.188668][T31764] netlink: 14 bytes leftover after parsing attributes in process `syz.2.9199'.
[ 1496.453205][T31774] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1497.304677][T31779] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1497.504904][T31780] delete_channel: no stack
[ 1498.469784][T31808] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1499.284240][T31809] delete_channel: no stack
[ 1499.392005][T31819] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1499.462433][T31819] validate_nla: 12 callbacks suppressed
[ 1499.462458][T31819] netlink: 'syz.3.9221': attribute type 17 has an invalid length.
[ 1499.496013][T31819] __nla_validate_parse: 8 callbacks suppressed
[ 1499.496035][T31819] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9221'.
[ 1499.547630][T31821] netlink: 'syz.3.9221': attribute type 10 has an invalid length.
[ 1499.615255][T31819] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.9221'.
[ 1499.935295][T31831] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9224'.
[ 1500.104665][T31833] netlink: 'syz.3.9225': attribute type 10 has an invalid length.
[ 1500.806850][T31845] netlink: 'syz.0.9226': attribute type 28 has an invalid length.
[ 1500.850142][T31842] netlink: 'syz.2.9227': attribute type 28 has an invalid length.
[ 1500.861893][T31833] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1500.877215][T31842] netlink: 'syz.2.9227': attribute type 29 has an invalid length.
[ 1500.885510][T31842] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9227'.
[ 1500.891063][T31845] netlink: 'syz.0.9226': attribute type 29 has an invalid length.
[ 1500.937140][T31845] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9226'.
[ 1500.958148][T31833] bridge_slave_1: left allmulticast mode
[ 1500.964469][T31833] bridge_slave_1: left promiscuous mode
[ 1500.974757][T31833] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1502.087434][T31858] delete_channel: no stack
[ 1502.511791][T31874] netlink: 'syz.1.9235': attribute type 4 has an invalid length.
[ 1502.520635][T31874] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9235'.
[ 1502.560056][T31877] netlink: 168 bytes leftover after parsing attributes in process `syz.3.9236'.
[ 1502.674744][T31873] delete_channel: no stack
[ 1502.703190][T31880] netlink: 'syz.3.9237': attribute type 10 has an invalid length.
[ 1503.304417][T31891] delete_channel: no stack
[ 1503.510314][T31897] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1503.580214][T31897] netlink: 'syz.2.9244': attribute type 17 has an invalid length.
[ 1503.593006][T31897] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9244'.
[ 1503.740425][T31899] netlink: 37751 bytes leftover after parsing attributes in process `syz.2.9244'.
[ 1504.026461][T31901] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9245'.
[ 1504.556088][T31908] delete_channel: no stack
[ 1504.806145][T31928] validate_nla: 2 callbacks suppressed
[ 1504.806166][T31928] netlink: 'syz.1.9252': attribute type 28 has an invalid length.
[ 1504.837197][T31928] netlink: 'syz.1.9252': attribute type 29 has an invalid length.
[ 1504.845124][T31928] __nla_validate_parse: 1 callbacks suppressed
[ 1504.845140][T31928] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9252'.
[ 1505.897460][T31921] delete_channel: no stack
[ 1506.387103][T31945] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9255'.
[ 1506.452438][T31947] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1506.519790][T31947] netlink: 'syz.0.9257': attribute type 17 has an invalid length.
[ 1506.546854][T31947] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9257'.
[ 1506.574919][T31947] netlink: 'syz.0.9257': attribute type 10 has an invalid length.
[ 1507.550517][T31956] netlink: 'syz.2.9260': attribute type 4 has an invalid length.
[ 1507.567904][T31956] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9260'.
[ 1507.697409][T31957] delete_channel: no stack
[ 1507.764386][T31955] delete_channel: no stack
[ 1508.153582][T31975] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9266'.
[ 1508.430363][T31983] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1508.551783][T31983] netlink: 'syz.0.9270': attribute type 17 has an invalid length.
[ 1508.569478][T31983] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9270'.
[ 1508.582679][T31983] netlink: 'syz.0.9270': attribute type 10 has an invalid length.
[ 1509.443908][T31993] netlink: 'syz.0.9273': attribute type 10 has an invalid length.
[ 1509.537126][T31991] netlink: 'syz.3.9274': attribute type 4 has an invalid length.
[ 1509.551040][T31991] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9274'.
[ 1509.577735][T31994] netlink: 'syz.2.9272': attribute type 28 has an invalid length.
[ 1509.586003][T31994] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9272'.
[ 1510.252925][T31989] delete_channel: no stack
[ 1510.473329][T32001] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9276'.
[ 1510.613176][T32012] netlink: 168 bytes leftover after parsing attributes in process `syz.2.9278'.
[ 1510.699867][T32016] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1510.804542][T32016] validate_nla: 1 callbacks suppressed
[ 1510.804565][T32016] netlink: 'syz.1.9280': attribute type 17 has an invalid length.
[ 1510.823991][T32016] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9280'.
[ 1510.844718][T32016] netlink: 'syz.1.9280': attribute type 10 has an invalid length.
[ 1510.895386][T32020] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1510.918433][T32016] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.9280'.
[ 1511.030005][T32020] netlink: 'syz.2.9282': attribute type 17 has an invalid length.
[ 1511.077568][T32020] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9282'.
[ 1511.178659][T32020] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.9282'.
[ 1511.439098][T32029] netlink: 'syz.1.9285': attribute type 10 has an invalid length.
[ 1511.576809][T32035] netlink: 'syz.2.9286': attribute type 28 has an invalid length.
[ 1511.600532][T32035] netlink: 'syz.2.9286': attribute type 29 has an invalid length.
[ 1511.614843][T32035] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9286'.
[ 1511.882540][T32038] netlink: 'syz.1.9288': attribute type 4 has an invalid length.
[ 1511.894765][T32038] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9288'.
[ 1512.032804][T32044] netlink: 168 bytes leftover after parsing attributes in process `syz.0.9289'.
[ 1512.075789][T32037] delete_channel: no stack
[ 1512.546448][T32057] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1512.579044][T32057] netlink: 'syz.1.9294': attribute type 17 has an invalid length.
[ 1512.588191][T32057] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9294'.
[ 1512.598268][T32057] netlink: 'syz.1.9294': attribute type 10 has an invalid length.
[ 1512.681615][T32061] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1512.759426][T32061] netlink: 'syz.0.9296': attribute type 17 has an invalid length.
[ 1514.542834][T32083] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1515.574470][T32106] __nla_validate_parse: 7 callbacks suppressed
[ 1515.574494][T32106] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9313'.
[ 1516.137710][T32109] validate_nla: 6 callbacks suppressed
[ 1516.137757][T32109] netlink: 'syz.1.9316': attribute type 1 has an invalid length.
[ 1516.206663][T32109] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.9316'.
[ 1516.295117][T32104] netlink: 'syz.0.9315': attribute type 10 has an invalid length.
[ 1516.477924][T32119] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1516.590555][T32119] netlink: 'syz.0.9318': attribute type 17 has an invalid length.
[ 1516.627129][T32119] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9318'.
[ 1516.648580][T32121] netlink: 'syz.0.9318': attribute type 10 has an invalid length.
[ 1516.678528][T32119] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.9318'.
[ 1516.912197][T32131] netlink: 'syz.3.9322': attribute type 10 has an invalid length.
[ 1516.920622][T32131] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[ 1517.041442][T32133] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9323'.
[ 1517.120951][T32130] netlink: 'syz.0.9320': attribute type 10 has an invalid length.
[ 1517.261954][T32138] netlink: 'syz.3.9326': attribute type 10 has an invalid length.
[ 1517.272366][T32138] netlink: 55 bytes leftover after parsing attributes in process `syz.3.9326'.
[ 1517.340020][T32141] netlink: 'syz.3.9326': attribute type 10 has an invalid length.
[ 1517.348295][T32141] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port
[ 1517.514086][T32146] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1517.545963][T32144] netlink: 'syz.0.9327': attribute type 4 has an invalid length.
[ 1517.578695][T32146] netlink: 'syz.1.9328': attribute type 17 has an invalid length.
[ 1517.586347][T32144] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.9327'.
[ 1517.606653][T32146] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9328'.
[ 1517.645535][T32146] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.9328'.
[ 1517.722280][T32143] delete_channel: no stack
[ 1517.799448][T32156] FAULT_INJECTION: forcing a failure.
[ 1517.799448][T32156] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1517.822367][T32156] CPU: 1 PID: 32156 Comm: syz.1.9331 Not tainted syzkaller #0
[ 1517.829922][T32156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1517.840018][T32156] Call Trace:
[ 1517.843400][T32156]  <TASK>
[ 1517.846360][T32156]  dump_stack_lvl+0x18c/0x250
[ 1517.851087][T32156]  ? show_regs_print_info+0x20/0x20
[ 1517.856329][T32156]  ? load_image+0x420/0x420
[ 1517.860897][T32156]  ? __might_fault+0xaa/0x120
[ 1517.865611][T32156]  ? __lock_acquire+0x7d40/0x7d40
[ 1517.870678][T32156]  should_fail_ex+0x39d/0x4d0
[ 1517.875398][T32156]  _copy_from_iter+0x1d9/0x12e0
[ 1517.880323][T32156]  ? slab_post_alloc_hook+0x8a/0x4b0
[ 1517.885651][T32156]  ? __virt_addr_valid+0x18c/0x540
[ 1517.890806][T32156]  ? __lock_acquire+0x7d40/0x7d40
[ 1517.895865][T32156]  ? rcu_is_watching+0x15/0xb0
[ 1517.900683][T32156]  ? copyout_mc+0x70/0x70
[ 1517.905053][T32156]  ? __virt_addr_valid+0x18c/0x540
[ 1517.910199][T32156]  ? __virt_addr_valid+0x18c/0x540
[ 1517.915350][T32156]  ? __virt_addr_valid+0x469/0x540
[ 1517.920500][T32156]  ? __check_object_size+0x506/0xa20
[ 1517.925831][T32156]  netlink_sendmsg+0x76b/0xbf0
[ 1517.930653][T32156]  ? netlink_getsockopt+0x590/0x590
[ 1517.935921][T32156]  ? aa_sock_msg_perm+0x94/0x150
[ 1517.940891][T32156]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1517.946206][T32156]  ? security_socket_sendmsg+0x80/0xa0
[ 1517.951695][T32156]  ? netlink_getsockopt+0x590/0x590
[ 1517.956941][T32156]  ____sys_sendmsg+0x5ba/0x960
[ 1517.961744][T32156]  ? __asan_memset+0x22/0x40
[ 1517.966384][T32156]  ? __sys_sendmsg_sock+0x30/0x30
[ 1517.972072][T32156]  ? __import_iovec+0x5f2/0x850
[ 1517.977246][T32156]  ? import_iovec+0x73/0xa0
[ 1517.981780][T32156]  ___sys_sendmsg+0x2a6/0x360
[ 1517.986491][T32156]  ? get_pid_task+0x20/0x1e0
[ 1517.991139][T32156]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1517.995987][T32156]  ? __lock_acquire+0x7d40/0x7d40
[ 1518.001070][T32156]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1518.005961][T32156]  ? __x64_sys_sendmsg+0x80/0x80
[ 1518.010942][T32156]  ? lockdep_hardirqs_on+0x98/0x150
[ 1518.016206][T32156]  do_syscall_64+0x55/0xa0
[ 1518.020656][T32156]  ? clear_bhb_loop+0x40/0x90
[ 1518.025379][T32156]  ? clear_bhb_loop+0x40/0x90
[ 1518.030199][T32156]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1518.036148][T32156] RIP: 0033:0x7ff69619cdd9
[ 1518.040599][T32156] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1518.060236][T32156] RSP: 002b:00007ff696f70028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1518.068714][T32156] RAX: ffffffffffffffda RBX: 00007ff696415fa0 RCX: 00007ff69619cdd9
[ 1518.076890][T32156] RDX: 0000000000044010 RSI: 0000200000000180 RDI: 0000000000000003
[ 1518.084890][T32156] RBP: 00007ff696f70090 R08: 0000000000000000 R09: 0000000000000000
[ 1518.092889][T32156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1518.100886][T32156] R13: 00007ff696416038 R14: 00007ff696415fa0 R15: 00007ffd7d0c17d8
[ 1518.108902][T32156]  </TASK>
[ 1518.259023][T32161] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9333'.
[ 1519.312517][T32179] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1521.020562][T32209] __nla_validate_parse: 5 callbacks suppressed
[ 1521.020583][T32209] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9346'.
[ 1521.933398][T32217] validate_nla: 10 callbacks suppressed
[ 1521.933490][T32217] netlink: 'syz.3.9351': attribute type 4 has an invalid length.
[ 1521.969226][T32217] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9351'.
[ 1522.197393][T32216] delete_channel: no stack
[ 1522.455267][T32226] netlink: 168 bytes leftover after parsing attributes in process `syz.3.9352'.
[ 1522.742767][T32234] netlink: 'syz.2.9354': attribute type 17 has an invalid length.
[ 1522.760735][T32234] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9354'.
[ 1522.796787][T32234] netlink: 'syz.2.9354': attribute type 10 has an invalid length.
[ 1522.840927][T32238] netlink: 16222 bytes leftover after parsing attributes in process `syz.2.9354'.
[ 1523.894170][T32239] netlink: 'syz.0.9355': attribute type 10 has an invalid length.
[ 1524.195308][T32249] FAULT_INJECTION: forcing a failure.
[ 1524.195308][T32249] name failslab, interval 1, probability 0, space 0, times 0
[ 1524.210070][T32244] netlink: 'syz.1.9357': attribute type 10 has an invalid length.
[ 1524.254709][T32249] CPU: 0 PID: 32249 Comm: syz.2.9360 Not tainted syzkaller #0
[ 1524.262365][T32249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1524.272475][T32249] Call Trace:
[ 1524.275804][T32249]  <TASK>
[ 1524.278778][T32249]  dump_stack_lvl+0x18c/0x250
[ 1524.283544][T32249]  ? show_regs_print_info+0x20/0x20
[ 1524.288800][T32249]  ? load_image+0x420/0x420
[ 1524.293359][T32249]  ? __might_sleep+0xe0/0xe0
[ 1524.298090][T32249]  ? __lock_acquire+0x7d40/0x7d40
[ 1524.303160][T32249]  ? mark_lock+0x94/0x320
[ 1524.307536][T32249]  should_fail_ex+0x39d/0x4d0
[ 1524.312269][T32249]  should_failslab+0x9/0x20
[ 1524.316991][T32249]  slab_pre_alloc_hook+0x59/0x310
[ 1524.322070][T32249]  ? __get_vm_area_node+0x125/0x370
[ 1524.327422][T32249]  __kmem_cache_alloc_node+0x53/0x250
[ 1524.332837][T32249]  ? __get_vm_area_node+0x125/0x370
[ 1524.338165][T32249]  kmalloc_node_trace+0x26/0xe0
[ 1524.343067][T32249]  __get_vm_area_node+0x125/0x370
[ 1524.348160][T32249]  __vmalloc_node_range+0x36e/0x1330
[ 1524.353489][T32249]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.359118][T32249]  ? mark_lock+0x94/0x320
[ 1524.363502][T32249]  ? __lock_acquire+0x1347/0x7d40
[ 1524.368594][T32249]  ? free_vm_area+0x50/0x50
[ 1524.373142][T32249]  ? end_current_label_crit_section+0x170/0x170
[ 1524.379431][T32249]  ? perf_trace_lock+0xfc/0x3b0
[ 1524.384323][T32249]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.389900][T32249]  __vmalloc+0x7a/0x90
[ 1524.394005][T32249]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.399704][T32249]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.405153][T32249]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1524.409981][T32249]  bpf_prog_alloc+0x3d/0x1a0
[ 1524.414640][T32249]  bpf_prog_load+0x6eb/0x1670
[ 1524.419382][T32249]  ? map_freeze+0x420/0x420
[ 1524.424036][T32249]  ? __might_fault+0xaa/0x120
[ 1524.428842][T32249]  ? __lock_acquire+0x7d40/0x7d40
[ 1524.433901][T32249]  ? file_end_write+0x159/0x250
[ 1524.438793][T32249]  ? __might_fault+0xaa/0x120
[ 1524.443502][T32249]  ? __might_fault+0xc6/0x120
[ 1524.448206][T32249]  ? __might_fault+0xaa/0x120
[ 1524.452910][T32249]  ? bpf_lsm_bpf+0x9/0x10
[ 1524.457272][T32249]  ? security_bpf+0x7e/0xa0
[ 1524.461820][T32249]  __sys_bpf+0x5ba/0x890
[ 1524.466108][T32249]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1524.471528][T32249]  ? lock_chain_count+0x20/0x20
[ 1524.476420][T32249]  __x64_sys_bpf+0x7c/0x90
[ 1524.480872][T32249]  do_syscall_64+0x55/0xa0
[ 1524.485319][T32249]  ? clear_bhb_loop+0x40/0x90
[ 1524.490031][T32249]  ? clear_bhb_loop+0x40/0x90
[ 1524.494754][T32249]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1524.500689][T32249] RIP: 0033:0x7f067e99cdd9
[ 1524.505135][T32249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1524.524784][T32249] RSP: 002b:00007f067f93e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1524.533242][T32249] RAX: ffffffffffffffda RBX: 00007f067ec15fa0 RCX: 00007f067e99cdd9
[ 1524.541275][T32249] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005
[ 1524.549310][T32249] RBP: 00007f067f93e090 R08: 0000000000000000 R09: 0000000000000000
[ 1524.557345][T32249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1524.565461][T32249] R13: 00007f067ec16038 R14: 00007f067ec15fa0 R15: 00007ffda30926a8
[ 1524.573488][T32249]  </TASK>
[ 1524.588653][T32249] syz.2.9360: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[ 1524.607733][T32249] CPU: 1 PID: 32249 Comm: syz.2.9360 Not tainted syzkaller #0
[ 1524.615272][T32249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1524.625378][T32249] Call Trace:
[ 1524.628694][T32249]  <TASK>
[ 1524.631657][T32249]  dump_stack_lvl+0x18c/0x250
[ 1524.636392][T32249]  ? show_regs_print_info+0x20/0x20
[ 1524.641633][T32249]  ? load_image+0x420/0x420
[ 1524.646175][T32249]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1524.652721][T32249]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1524.659257][T32249]  warn_alloc+0x246/0x340
[ 1524.663628][T32249]  ? __get_vm_area_node+0x125/0x370
[ 1524.668873][T32249]  ? zone_watermark_ok_safe+0x230/0x230
[ 1524.674462][T32249]  ? rcu_is_watching+0x15/0xb0
[ 1524.679273][T32249]  ? __get_vm_area_node+0x356/0x370
[ 1524.684529][T32249]  __vmalloc_node_range+0x393/0x1330
[ 1524.689857][T32249]  ? mark_lock+0x94/0x320
[ 1524.694243][T32249]  ? __lock_acquire+0x1347/0x7d40
[ 1524.699329][T32249]  ? free_vm_area+0x50/0x50
[ 1524.703956][T32249]  ? end_current_label_crit_section+0x170/0x170
[ 1524.710327][T32249]  ? perf_trace_lock+0xfc/0x3b0
[ 1524.715215][T32249]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.720795][T32249]  __vmalloc+0x7a/0x90
[ 1524.724993][T32249]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.730590][T32249]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1524.735994][T32249]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1524.740793][T32249]  bpf_prog_alloc+0x3d/0x1a0
[ 1524.745510][T32249]  bpf_prog_load+0x6eb/0x1670
[ 1524.750492][T32249]  ? map_freeze+0x420/0x420
[ 1524.755031][T32249]  ? __might_fault+0xaa/0x120
[ 1524.759738][T32249]  ? __lock_acquire+0x7d40/0x7d40
[ 1524.764840][T32249]  ? file_end_write+0x159/0x250
[ 1524.769730][T32249]  ? __might_fault+0xaa/0x120
[ 1524.774450][T32249]  ? __might_fault+0xc6/0x120
[ 1524.779193][T32249]  ? __might_fault+0xaa/0x120
[ 1524.783924][T32249]  ? bpf_lsm_bpf+0x9/0x10
[ 1524.788297][T32249]  ? security_bpf+0x7e/0xa0
[ 1524.792836][T32249]  __sys_bpf+0x5ba/0x890
[ 1524.797123][T32249]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1524.802540][T32249]  ? lock_chain_count+0x20/0x20
[ 1524.807467][T32249]  __x64_sys_bpf+0x7c/0x90
[ 1524.811945][T32249]  do_syscall_64+0x55/0xa0
[ 1524.816388][T32249]  ? clear_bhb_loop+0x40/0x90
[ 1524.821094][T32249]  ? clear_bhb_loop+0x40/0x90
[ 1524.825813][T32249]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1524.831753][T32249] RIP: 0033:0x7f067e99cdd9
[ 1524.836204][T32249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1524.855842][T32249] RSP: 002b:00007f067f93e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1524.864291][T32249] RAX: ffffffffffffffda RBX: 00007f067ec15fa0 RCX: 00007f067e99cdd9
[ 1524.872303][T32249] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005
[ 1524.880303][T32249] RBP: 00007f067f93e090 R08: 0000000000000000 R09: 0000000000000000
[ 1524.888324][T32249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1524.896343][T32249] R13: 00007f067ec16038 R14: 00007f067ec15fa0 R15: 00007ffda30926a8
[ 1524.904390][T32249]  </TASK>
[ 1524.941326][T32249] Mem-Info:
[ 1524.944620][T32249] active_anon:29182 inactive_anon:0 isolated_anon:0
[ 1524.944620][T32249]  active_file:21360 inactive_file:40514 isolated_file:0
[ 1524.944620][T32249]  unevictable:768 dirty:93 writeback:0
[ 1524.944620][T32249]  slab_reclaimable:11065 slab_unreclaimable:94388
[ 1524.944620][T32249]  mapped:34965 shmem:25126 pagetables:612
[ 1524.944620][T32249]  sec_pagetables:0 bounce:0
[ 1524.944620][T32249]  kernel_misc_reclaimable:0
[ 1524.944620][T32249]  free:1316768 free_pcp:8006 free_cma:0
[ 1525.051520][T32249] Node 0 active_anon:120028kB inactive_anon:0kB active_file:85440kB inactive_file:161856kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139860kB dirty:372kB writeback:0kB shmem:102368kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10008kB pagetables:2348kB sec_pagetables:0kB all_unreclaimable? no
[ 1525.089662][T32249] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1525.125677][T32249] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1525.166607][T32249] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1525.172629][T32249] Node 0 DMA32 free:1354444kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:122088kB inactive_anon:0kB active_file:85440kB inactive_file:161036kB unevictable:1536kB writepending:372kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:8844kB local_pcp:2036kB free_cma:0kB
[ 1525.209179][T32249] lowmem_reserve[]: 0 0 0 0 0
[ 1525.214165][T32249] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[ 1525.274108][T32249] lowmem_reserve[]: 0 0 0 0 0
[ 1525.286694][T32249] Node 1 Normal free:3891976kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22920kB local_pcp:9572kB free_cma:0kB
[ 1525.332715][T32249] lowmem_reserve[]: 0 0 0 0 0
[ 1525.343897][T32249] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1525.362207][T32249] Node 0 DMA32: 702*4kB (UM) 412*8kB (UME) 572*16kB (UME) 1100*32kB (UE) 940*64kB (UE) 338*128kB (UME) 159*256kB (UM) 132*512kB (UME) 68*1024kB (UM) 35*2048kB (UME) 231*4096kB (UM) = 1349656kB
[ 1525.392574][T32249] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1525.406963][T32249] Node 1 Normal: 214*4kB (UME) 62*8kB (UME) 40*16kB (UME) 58*32kB (UME) 18*64kB (UME) 7*128kB (UME) 2*256kB (UM) 1*512kB (U) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3891976kB
[ 1525.441756][T32249] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1525.461470][T32249] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1525.481170][T32249] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1525.502738][T32249] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1525.524727][T32249] 90800 total pagecache pages
[ 1525.531231][T32249] 0 pages in swap cache
[ 1525.572344][T32249] Free swap  = 124472kB
[ 1525.594207][T32249] Total swap = 124996kB
[ 1525.608707][T32249] 2097051 pages RAM
[ 1525.612602][T32249] 0 pages HighMem/MovableOnly
[ 1525.637507][T32249] 416927 pages reserved
[ 1525.642297][T32249] 0 pages cma reserved
[ 1526.225022][T32259] netlink: 'syz.3.9362': attribute type 10 has an invalid length.
[ 1526.569166][T32267] netlink: 168 bytes leftover after parsing attributes in process `syz.0.9364'.
[ 1527.002325][T32273] netlink: 'syz.3.9366': attribute type 28 has an invalid length.
[ 1527.052715][T32273] netlink: 'syz.3.9366': attribute type 29 has an invalid length.
[ 1527.071513][T32273] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9366'.
[ 1527.383105][T32276] netlink: 'syz.2.9367': attribute type 10 has an invalid length.
[ 1527.717889][T32287] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1527.820813][T32289] netlink: 'syz.2.9371': attribute type 10 has an invalid length.
[ 1527.869391][T32292] FAULT_INJECTION: forcing a failure.
[ 1527.869391][T32292] name failslab, interval 1, probability 0, space 0, times 0
[ 1527.890184][T32292] CPU: 0 PID: 32292 Comm: syz.3.9373 Not tainted syzkaller #0
[ 1527.897747][T32292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1527.907860][T32292] Call Trace:
[ 1527.911195][T32292]  <TASK>
[ 1527.914178][T32292]  dump_stack_lvl+0x18c/0x250
[ 1527.918941][T32292]  ? show_regs_print_info+0x20/0x20
[ 1527.924209][T32292]  ? load_image+0x420/0x420
[ 1527.928794][T32292]  ? __might_sleep+0xe0/0xe0
[ 1527.933442][T32292]  ? __lock_acquire+0x7d40/0x7d40
[ 1527.938529][T32292]  should_fail_ex+0x39d/0x4d0
[ 1527.943277][T32292]  should_failslab+0x9/0x20
[ 1527.947847][T32292]  slab_pre_alloc_hook+0x59/0x310
[ 1527.952944][T32292]  ? rtnl_newlink+0x10d/0x20a0
[ 1527.957777][T32292]  __kmem_cache_alloc_node+0x53/0x250
[ 1527.963225][T32292]  ? rtnl_newlink+0x10d/0x20a0
[ 1527.968146][T32292]  kmalloc_trace+0x2a/0xe0
[ 1527.972638][T32292]  ? rtnl_setlink+0x4e0/0x4e0
[ 1527.977397][T32292]  rtnl_newlink+0x10d/0x20a0
[ 1527.982058][T32292]  ? arch_stack_walk+0x160/0x190
[ 1527.987243][T32292]  ? __mutex_trylock_common+0x159/0x260
[ 1527.992939][T32292]  ? rtnl_setlink+0x4e0/0x4e0
[ 1527.997675][T32292]  ? trace_raw_output_contention_end+0xd0/0xd0
[ 1528.003903][T32292]  ? rcu_is_watching+0x15/0xb0
[ 1528.009262][T32292]  ? trace_contention_end+0x39/0xe0
[ 1528.014531][T32292]  ? __mutex_lock+0x315/0xcc0
[ 1528.019281][T32292]  ? rtnetlink_rcv_msg+0x811/0xfa0
[ 1528.024551][T32292]  ? mutex_lock_nested+0x20/0x20
[ 1528.029649][T32292]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1528.034928][T32292]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1528.040103][T32292]  ? rtnl_setlink+0x4e0/0x4e0
[ 1528.044835][T32292]  rtnetlink_rcv_msg+0x869/0xfa0
[ 1528.049847][T32292]  ? rtnetlink_bind+0x80/0x80
[ 1528.054591][T32292]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1528.060635][T32292]  ? __dev_queue_xmit+0x265/0x3660
[ 1528.065819][T32292]  ? lock_chain_count+0x20/0x20
[ 1528.070757][T32292]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1528.076191][T32292]  ? lockdep_hardirqs_on+0x98/0x150
[ 1528.081459][T32292]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1528.086890][T32292]  ? _local_bh_enable+0xa0/0xa0
[ 1528.091812][T32292]  ? __dev_queue_xmit+0x265/0x3660
[ 1528.096989][T32292]  ? __dev_queue_xmit+0x265/0x3660
[ 1528.102192][T32292]  ? __dev_queue_xmit+0x1b2c/0x3660
[ 1528.107472][T32292]  ? __dev_queue_xmit+0x265/0x3660
[ 1528.112674][T32292]  ? perf_trace_lock+0xfc/0x3b0
[ 1528.117606][T32292]  netlink_rcv_skb+0x241/0x4d0
[ 1528.122444][T32292]  ? rtnetlink_bind+0x80/0x80
[ 1528.127183][T32292]  ? netlink_ack+0x1180/0x1180
[ 1528.132055][T32292]  ? __lock_acquire+0x7d40/0x7d40
[ 1528.137240][T32292]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1528.142513][T32292]  netlink_unicast+0x751/0x8d0
[ 1528.147364][T32292]  netlink_sendmsg+0x8d0/0xbf0
[ 1528.152212][T32292]  ? netlink_getsockopt+0x590/0x590
[ 1528.157488][T32292]  ? aa_sock_msg_perm+0x94/0x150
[ 1528.162512][T32292]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1528.167865][T32292]  ? security_socket_sendmsg+0x80/0xa0
[ 1528.173391][T32292]  ? netlink_getsockopt+0x590/0x590
[ 1528.178678][T32292]  ____sys_sendmsg+0x5ba/0x960
[ 1528.183527][T32292]  ? __asan_memset+0x22/0x40
[ 1528.188184][T32292]  ? __sys_sendmsg_sock+0x30/0x30
[ 1528.193275][T32292]  ? __import_iovec+0x5f2/0x850
[ 1528.194100][T32296] netlink: 'syz.1.9372': attribute type 4 has an invalid length.
[ 1528.198172][T32292]  ? import_iovec+0x73/0xa0
[ 1528.198202][T32292]  ___sys_sendmsg+0x2a6/0x360
[ 1528.198233][T32292]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1528.198278][T32292]  ? __lock_acquire+0x7d40/0x7d40
[ 1528.198335][T32292]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1528.198361][T32292]  ? __x64_sys_sendmsg+0x80/0x80
[ 1528.198404][T32292]  ? lockdep_hardirqs_on+0x98/0x150
[ 1528.198435][T32292]  do_syscall_64+0x55/0xa0
[ 1528.198454][T32292]  ? clear_bhb_loop+0x40/0x90
[ 1528.198480][T32292]  ? clear_bhb_loop+0x40/0x90
[ 1528.237249][T32296] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9372'.
[ 1528.240569][T32292]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1528.240608][T32292] RIP: 0033:0x7efebd39cdd9
[ 1528.240629][T32292] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1528.294129][T32292] RSP: 002b:00007efebe2c8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1528.302720][T32292] RAX: ffffffffffffffda RBX: 00007efebd615fa0 RCX: 00007efebd39cdd9
[ 1528.311018][T32292] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[ 1528.319083][T32292] RBP: 00007efebe2c8090 R08: 0000000000000000 R09: 0000000000000000
[ 1528.327117][T32292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1528.335170][T32292] R13: 00007efebd616038 R14: 00007efebd615fa0 R15: 00007ffc94620368
[ 1528.343225][T32292]  </TASK>
[ 1528.512550][T32299] netlink: 'syz.0.9368': attribute type 17 has an invalid length.
[ 1528.576247][T32287] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.9368'.
[ 1528.604589][T32299] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9368'.
[ 1528.645494][T32300] netlink: 'syz.0.9368': attribute type 10 has an invalid length.
[ 1528.752042][T32293] delete_channel: no stack
[ 1529.712930][T32316] netlink: 'syz.2.9378': attribute type 4 has an invalid length.
[ 1529.732204][T32314] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9377'.
[ 1529.753411][T32316] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9378'.
[ 1529.982701][T32315] delete_channel: no stack
[ 1530.058842][T32323] netlink: 'syz.0.9380': attribute type 28 has an invalid length.
[ 1530.096801][T32323] netlink: 'syz.0.9380': attribute type 29 has an invalid length.
[ 1530.104728][T32323] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9380'.
[ 1530.333539][T32330] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9390'.
[ 1530.474693][T32329] delete_channel: no stack
[ 1533.349954][T32349] validate_nla: 2 callbacks suppressed
[ 1533.350137][T32349] netlink: 'syz.0.9383': attribute type 10 has an invalid length.
[ 1533.937097][T32359] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1533.964162][T32359] netlink: 'syz.3.9388': attribute type 17 has an invalid length.
[ 1534.012492][T32359] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9388'.
[ 1534.049160][T32362] netlink: 168 bytes leftover after parsing attributes in process `syz.0.9389'.
[ 1534.064430][T32363] netlink: 'syz.3.9388': attribute type 10 has an invalid length.
[ 1534.103244][T32359] netlink: 16222 bytes leftover after parsing attributes in process `syz.3.9388'.
[ 1534.537360][T32369] netlink: 'syz.2.9392': attribute type 28 has an invalid length.
[ 1534.616606][T32369] netlink: 'syz.2.9392': attribute type 29 has an invalid length.
[ 1534.624832][T32369] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9392'.
[ 1535.038912][T32388] netlink: 'syz.0.9395': attribute type 28 has an invalid length.
[ 1535.047591][T32388] netlink: 'syz.0.9395': attribute type 29 has an invalid length.
[ 1535.065779][T32388] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9395'.
[ 1536.754612][T32410] netlink: 'syz.1.9401': attribute type 4 has an invalid length.
[ 1536.769392][T32410] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9401'.
[ 1536.907920][T32409] delete_channel: no stack
[ 1537.040422][T32415] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1537.150281][T32415] netlink: 'syz.3.9402': attribute type 17 has an invalid length.
[ 1537.173996][T32415] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9402'.
[ 1537.234245][T32420] netlink: 'syz.3.9402': attribute type 10 has an invalid length.
[ 1537.264607][T32415] netlink: 16222 bytes leftover after parsing attributes in process `syz.3.9402'.
[ 1537.587444][T32422] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 1537.978076][T32422] syzkaller0: entered promiscuous mode
[ 1537.998587][T32422] syzkaller0: entered allmulticast mode
[ 1538.961517][T32439] netlink: 'syz.1.9411': attribute type 28 has an invalid length.
[ 1538.975543][T32439] netlink: 'syz.1.9411': attribute type 29 has an invalid length.
[ 1538.996827][T32439] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9411'.
[ 1542.212901][T32456] netlink: 'syz.3.9413': attribute type 28 has an invalid length.
[ 1542.310802][T32456] netlink: 'syz.3.9413': attribute type 29 has an invalid length.
[ 1542.371206][T32456] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9413'.
[ 1542.461937][T32447] delete_channel: no stack
[ 1542.494026][T32463] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1542.537601][T32463] netlink: 'syz.1.9417': attribute type 17 has an invalid length.
[ 1542.550676][T32463] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9417'.
[ 1542.563113][T32463] netlink: 'syz.1.9417': attribute type 10 has an invalid length.
[ 1542.613181][T32463] netlink: 16222 bytes leftover after parsing attributes in process `syz.1.9417'.
[ 1542.648362][T32468] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1542.924950][T32474] netlink: 16222 bytes leftover after parsing attributes in process `syz.2.9418'.
[ 1543.231509][T32472] netlink: 'syz.2.9418': attribute type 17 has an invalid length.
[ 1543.249933][T32472] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9418'.
[ 1543.265218][T32473] netlink: 'syz.2.9418': attribute type 10 has an invalid length.
[ 1543.625576][T32481] syzkaller0: entered promiscuous mode
[ 1543.632595][T32481] syzkaller0: entered allmulticast mode
[ 1543.730750][T32487] netlink: 'syz.0.9423': attribute type 28 has an invalid length.
[ 1543.743704][T32487] netlink: 'syz.0.9423': attribute type 29 has an invalid length.
[ 1543.752640][T32487] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9423'.
[ 1546.035140][T32496] delete_channel: no stack
[ 1546.253116][T32494] netlink: 'syz.1.9426': attribute type 10 has an invalid length.
[ 1546.353115][T32501] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1546.367272][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.373856][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.412991][T32501] netlink: 'syz.3.9429': attribute type 17 has an invalid length.
[ 1546.425082][T32501] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9429'.
[ 1546.454750][T32501] netlink: 'syz.3.9429': attribute type 10 has an invalid length.
[ 1546.480046][T32505] netlink: 1 bytes leftover after parsing attributes in process `syz.1.9428'.
[ 1546.501174][T32501] netlink: 16222 bytes leftover after parsing attributes in process `syz.3.9429'.
[ 1546.725968][T32510] netlink: 'syz.2.9430': attribute type 10 has an invalid length.
[ 1546.804288][T32503] syzkaller0: entered promiscuous mode
[ 1546.810215][T32503] syzkaller0: entered allmulticast mode
[ 1547.415568][T32523] FAULT_INJECTION: forcing a failure.
[ 1547.415568][T32523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1547.431821][T32523] CPU: 0 PID: 32523 Comm: syz.3.9435 Not tainted syzkaller #0
[ 1547.439448][T32523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1547.449645][T32523] Call Trace:
[ 1547.452967][T32523]  <TASK>
[ 1547.455936][T32523]  dump_stack_lvl+0x18c/0x250
[ 1547.460685][T32523]  ? lock_chain_count+0x20/0x20
[ 1547.465595][T32523]  ? show_regs_print_info+0x20/0x20
[ 1547.470874][T32523]  ? load_image+0x420/0x420
[ 1547.475420][T32523]  ? lockdep_hardirqs_on+0x98/0x150
[ 1547.480674][T32523]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1547.486900][T32523]  should_fail_ex+0x39d/0x4d0
[ 1547.491840][T32523]  _copy_from_iter+0x1d9/0x12e0
[ 1547.496737][T32523]  ? __virt_addr_valid+0x18c/0x540
[ 1547.501896][T32523]  ? __lock_acquire+0x7d40/0x7d40
[ 1547.506965][T32523]  ? copyout_mc+0x70/0x70
[ 1547.511423][T32523]  ? __virt_addr_valid+0x18c/0x540
[ 1547.516578][T32523]  ? __virt_addr_valid+0x18c/0x540
[ 1547.521762][T32523]  ? __virt_addr_valid+0x469/0x540
[ 1547.526924][T32523]  ? __check_object_size+0x506/0xa20
[ 1547.532249][T32523]  netlink_sendmsg+0x76b/0xbf0
[ 1547.537064][T32523]  ? lockdep_hardirqs_on+0x98/0x150
[ 1547.542303][T32523]  ? netlink_getsockopt+0x590/0x590
[ 1547.547544][T32523]  ? aa_sock_msg_perm+0x94/0x150
[ 1547.552515][T32523]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1547.557837][T32523]  ? security_socket_sendmsg+0x80/0xa0
[ 1547.563327][T32523]  ? netlink_getsockopt+0x590/0x590
[ 1547.568652][T32523]  ____sys_sendmsg+0x5ba/0x960
[ 1547.573457][T32523]  ? __asan_memset+0x22/0x40
[ 1547.578342][T32523]  ? __sys_sendmsg_sock+0x30/0x30
[ 1547.583397][T32523]  ? __import_iovec+0x5f2/0x850
[ 1547.588282][T32523]  ? import_iovec+0x73/0xa0
[ 1547.592824][T32523]  ___sys_sendmsg+0x2a6/0x360
[ 1547.597540][T32523]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1547.602375][T32523]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1547.607268][T32523]  ? __x64_sys_sendmsg+0x80/0x80
[ 1547.612247][T32523]  ? syscall_enter_from_user_mode+0x2e/0x80
[ 1547.618205][T32523]  do_syscall_64+0x55/0xa0
[ 1547.622646][T32523]  ? clear_bhb_loop+0x40/0x90
[ 1547.627361][T32523]  ? clear_bhb_loop+0x40/0x90
[ 1547.632075][T32523]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1547.638003][T32523] RIP: 0033:0x7efebd39cdd9
[ 1547.642457][T32523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1547.662193][T32523] RSP: 002b:00007efebe2c8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1547.670644][T32523] RAX: ffffffffffffffda RBX: 00007efebd615fa0 RCX: 00007efebd39cdd9
[ 1547.678653][T32523] RDX: 0000000020000800 RSI: 0000200000000600 RDI: 0000000000000007
[ 1547.686661][T32523] RBP: 00007efebe2c8090 R08: 0000000000000000 R09: 0000000000000000
[ 1547.694659][T32523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1547.702657][T32523] R13: 00007efebd616038 R14: 00007efebd615fa0 R15: 00007ffc94620368
[ 1547.710673][T32523]  </TASK>
[ 1547.716701][T32526] netlink: 'syz.2.9436': attribute type 28 has an invalid length.
[ 1547.726020][T32526] netlink: 'syz.2.9436': attribute type 29 has an invalid length.
[ 1547.745232][T32526] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9436'.
[ 1548.831657][T32530] delete_channel: no stack
[ 1550.004730][T32536] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 1550.114345][T32536] syzkaller0: entered promiscuous mode
[ 1550.137269][T32536] syzkaller0: entered allmulticast mode
[ 1550.181876][T32541] netlink: 'syz.1.9447': attribute type 4 has an invalid length.
[ 1550.191156][T32541] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9447'.
[ 1550.509411][T32551] netlink: 'syz.2.9440': attribute type 28 has an invalid length.
[ 1550.519315][T32551] netlink: 'syz.2.9440': attribute type 29 has an invalid length.
[ 1550.527826][T32551] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9440'.
[ 1550.859299][T32560] netlink: 16222 bytes leftover after parsing attributes in process `syz.3.9441'.
[ 1550.875385][T32538] delete_channel: no stack
[ 1552.599163][T32550] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1552.714241][T32556] netlink: 'syz.3.9441': attribute type 17 has an invalid length.
[ 1552.724447][T32556] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9441'.
[ 1552.740263][T32559] netlink: 'syz.3.9441': attribute type 10 has an invalid length.
[ 1552.811514][T32564] netlink: 'syz.0.9443': attribute type 10 has an invalid length.
[ 1553.397424][T32581] netlink: 'syz.1.9449': attribute type 28 has an invalid length.
[ 1553.406322][T32581] netlink: 'syz.1.9449': attribute type 29 has an invalid length.
[ 1553.414738][T32581] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9449'.
[ 1553.978173][T32588] netlink: 'syz.2.9453': attribute type 4 has an invalid length.
[ 1553.996724][T32588] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.9453'.
[ 1554.180717][T32596] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1554.211105][T32587] delete_channel: no stack
[ 1554.220911][T32596] netlink: 'syz.0.9454': attribute type 17 has an invalid length.
[ 1554.230023][T32596] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9454'.
[ 1554.241143][T32596] netlink: 'syz.0.9454': attribute type 10 has an invalid length.
[ 1554.273946][T32596] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.9454'.
[ 1555.119516][T32615] delete_channel: no stack
[ 1555.303171][T32621] netlink: 'syz.3.9463': attribute type 4 has an invalid length.
[ 1555.319064][T32621] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9463'.
[ 1555.497438][T32620] delete_channel: no stack
[ 1555.566416][T32629] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1555.599853][T32629] netlink: 'syz.0.9466': attribute type 17 has an invalid length.
[ 1555.616709][T32629] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9466'.
[ 1555.660181][T32629] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.9466'.
[ 1556.136200][T32639] delete_channel: no stack
[ 1556.428292][T32654] FAULT_INJECTION: forcing a failure.
[ 1556.428292][T32654] name failslab, interval 1, probability 0, space 0, times 0
[ 1556.459418][T32654] CPU: 0 PID: 32654 Comm: syz.1.9475 Not tainted syzkaller #0
[ 1556.467016][T32654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1556.477262][T32654] Call Trace:
[ 1556.480591][T32654]  <TASK>
[ 1556.483567][T32654]  dump_stack_lvl+0x18c/0x250
[ 1556.488315][T32654]  ? show_regs_print_info+0x20/0x20
[ 1556.493677][T32654]  ? load_image+0x420/0x420
[ 1556.498325][T32654]  ? __might_sleep+0xe0/0xe0
[ 1556.503021][T32654]  ? __lock_acquire+0x7d40/0x7d40
[ 1556.508122][T32654]  should_fail_ex+0x39d/0x4d0
[ 1556.512883][T32654]  should_failslab+0x9/0x20
[ 1556.517461][T32654]  slab_pre_alloc_hook+0x59/0x310
[ 1556.522558][T32654]  ? rtnl_newlink+0x10d/0x20a0
[ 1556.527381][T32654]  __kmem_cache_alloc_node+0x53/0x250
[ 1556.532828][T32654]  ? rtnl_newlink+0x10d/0x20a0
[ 1556.537660][T32654]  kmalloc_trace+0x2a/0xe0
[ 1556.542158][T32654]  ? rtnl_setlink+0x4e0/0x4e0
[ 1556.546906][T32654]  rtnl_newlink+0x10d/0x20a0
[ 1556.551590][T32654]  ? arch_stack_walk+0x160/0x190
[ 1556.553581][T32657] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.9476'.
[ 1556.556587][T32654]  ? __mutex_trylock_common+0x159/0x260
[ 1556.556613][T32654]  ? rtnl_setlink+0x4e0/0x4e0
[ 1556.556635][T32654]  ? trace_raw_output_contention_end+0xd0/0xd0
[ 1556.556662][T32654]  ? rcu_is_watching+0x15/0xb0
[ 1556.556691][T32654]  ? trace_contention_end+0x39/0xe0
[ 1556.592580][T32654]  ? __mutex_lock+0x315/0xcc0
[ 1556.597320][T32654]  ? rtnetlink_rcv_msg+0x811/0xfa0
[ 1556.602477][T32654]  ? mutex_lock_nested+0x20/0x20
[ 1556.607468][T32654]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1556.612628][T32654]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1556.617778][T32654]  ? rtnl_setlink+0x4e0/0x4e0
[ 1556.622494][T32654]  rtnetlink_rcv_msg+0x869/0xfa0
[ 1556.627465][T32654]  ? lockdep_hardirqs_on+0x98/0x150
[ 1556.632703][T32654]  ? rtnetlink_bind+0x80/0x80
[ 1556.637415][T32654]  ? perf_trace_preemptirq_template+0xac/0x330
[ 1556.643612][T32654]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1556.649627][T32654]  ? lock_chain_count+0x20/0x20
[ 1556.654542][T32654]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1556.659950][T32654]  ? lockdep_hardirqs_on+0x98/0x150
[ 1556.665181][T32654]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1556.670601][T32654]  ? _local_bh_enable+0xa0/0xa0
[ 1556.675507][T32654]  ? __dev_queue_xmit+0x265/0x3660
[ 1556.680759][T32654]  ? __dev_queue_xmit+0x265/0x3660
[ 1556.685966][T32654]  ? __dev_queue_xmit+0x1b2c/0x3660
[ 1556.691245][T32654]  ? __dev_queue_xmit+0x265/0x3660
[ 1556.696417][T32654]  ? ref_tracker_free+0x690/0x840
[ 1556.701752][T32654]  netlink_rcv_skb+0x241/0x4d0
[ 1556.707005][T32654]  ? rtnetlink_bind+0x80/0x80
[ 1556.711733][T32654]  ? netlink_ack+0x1180/0x1180
[ 1556.716563][T32654]  ? __lock_acquire+0x7d40/0x7d40
[ 1556.721631][T32654]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1556.726899][T32654]  netlink_unicast+0x751/0x8d0
[ 1556.731710][T32654]  netlink_sendmsg+0x8d0/0xbf0
[ 1556.736540][T32654]  ? netlink_getsockopt+0x590/0x590
[ 1556.741780][T32654]  ? aa_sock_msg_perm+0x94/0x150
[ 1556.746759][T32654]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1556.752210][T32654]  ? security_socket_sendmsg+0x80/0xa0
[ 1556.757714][T32654]  ? netlink_getsockopt+0x590/0x590
[ 1556.762972][T32654]  ____sys_sendmsg+0x5ba/0x960
[ 1556.767855][T32654]  ? __asan_memset+0x22/0x40
[ 1556.772751][T32654]  ? __sys_sendmsg_sock+0x30/0x30
[ 1556.777908][T32654]  ? __import_iovec+0x5f2/0x850
[ 1556.782803][T32654]  ? import_iovec+0x73/0xa0
[ 1556.787348][T32654]  ___sys_sendmsg+0x2a6/0x360
[ 1556.792057][T32654]  ? get_pid_task+0x20/0x1e0
[ 1556.796685][T32654]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1556.801518][T32654]  ? __lock_acquire+0x7d40/0x7d40
[ 1556.806599][T32654]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1556.811481][T32654]  ? __x64_sys_sendmsg+0x80/0x80
[ 1556.816466][T32654]  ? lockdep_hardirqs_on+0x98/0x150
[ 1556.821714][T32654]  do_syscall_64+0x55/0xa0
[ 1556.826174][T32654]  ? clear_bhb_loop+0x40/0x90
[ 1556.830884][T32654]  ? clear_bhb_loop+0x40/0x90
[ 1556.835599][T32654]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1556.841613][T32654] RIP: 0033:0x7ff69619cdd9
[ 1556.846057][T32654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1556.865697][T32654] RSP: 002b:00007ff696f70028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1556.874226][T32654] RAX: ffffffffffffffda RBX: 00007ff696415fa0 RCX: 00007ff69619cdd9
[ 1556.882225][T32654] RDX: 0000000020000800 RSI: 0000200000000600 RDI: 0000000000000003
[ 1556.890228][T32654] RBP: 00007ff696f70090 R08: 0000000000000000 R09: 0000000000000000
[ 1556.898223][T32654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1556.906217][T32654] R13: 00007ff696416038 R14: 00007ff696415fa0 R15: 00007ffd7d0c17d8
[ 1556.914229][T32654]  </TASK>
[ 1557.090560][T32665] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1557.120547][T32651] delete_channel: no stack
[ 1557.184826][T32665] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9479'.
[ 1557.248946][T32665] netlink: 16222 bytes leftover after parsing attributes in process `syz.2.9479'.
[ 1558.297976][T32670] delete_channel: no stack
[ 1558.611367][T32690] validate_nla: 7 callbacks suppressed
[ 1558.611411][T32690] netlink: 'syz.3.9487': attribute type 10 has an invalid length.
[ 1558.774270][T32691] delete_channel: no stack
[ 1558.899957][T32706] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1558.914730][T32705] __nla_validate_parse: 2 callbacks suppressed
[ 1558.914750][T32705] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9492'.
[ 1558.954122][T32705] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9492'.
[ 1558.976013][T32706] netlink: 'syz.0.9493': attribute type 17 has an invalid length.
[ 1558.996765][T32706] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9493'.
[ 1559.008526][T32706] netlink: 'syz.0.9493': attribute type 10 has an invalid length.
[ 1559.040868][T32706] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.9493'.
[ 1559.606180][T32719] netlink: 'syz.3.9498': attribute type 10 has an invalid length.
[ 1559.817122][T32735] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.9503'.
[ 1560.033997][T32733] delete_channel: no stack
[ 1560.378757][T32752] netlink: 'syz.3.9511': attribute type 4 has an invalid length.
[ 1560.387135][T32752] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9511'.
[ 1560.490889][T32751] delete_channel: no stack
[ 1560.547259][T32757] FAULT_INJECTION: forcing a failure.
[ 1560.547259][T32757] name failslab, interval 1, probability 0, space 0, times 0
[ 1560.560219][T32757] CPU: 0 PID: 32757 Comm: syz.0.9512 Not tainted syzkaller #0
[ 1560.567738][T32757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1560.577890][T32757] Call Trace:
[ 1560.581348][T32757]  <TASK>
[ 1560.584323][T32757]  dump_stack_lvl+0x18c/0x250
[ 1560.589163][T32757]  ? show_regs_print_info+0x20/0x20
[ 1560.594409][T32757]  ? load_image+0x420/0x420
[ 1560.599048][T32757]  ? __might_sleep+0xe0/0xe0
[ 1560.603696][T32757]  ? __lock_acquire+0x7d40/0x7d40
[ 1560.608756][T32757]  ? mark_lock+0x94/0x320
[ 1560.613143][T32757]  should_fail_ex+0x39d/0x4d0
[ 1560.617953][T32757]  should_failslab+0x9/0x20
[ 1560.622518][T32757]  slab_pre_alloc_hook+0x59/0x310
[ 1560.627587][T32757]  ? __get_vm_area_node+0x125/0x370
[ 1560.632820][T32757]  __kmem_cache_alloc_node+0x53/0x250
[ 1560.638268][T32757]  ? __get_vm_area_node+0x125/0x370
[ 1560.643591][T32757]  kmalloc_node_trace+0x26/0xe0
[ 1560.648487][T32757]  __get_vm_area_node+0x125/0x370
[ 1560.653751][T32757]  __vmalloc_node_range+0x36e/0x1330
[ 1560.659183][T32757]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1560.664849][T32757]  ? mark_lock+0x94/0x320
[ 1560.669329][T32757]  ? __lock_acquire+0x1347/0x7d40
[ 1560.674409][T32757]  ? verify_lock_unused+0x140/0x140
[ 1560.679717][T32757]  ? free_vm_area+0x50/0x50
[ 1560.684259][T32757]  ? end_current_label_crit_section+0x170/0x170
[ 1560.690555][T32757]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1560.696162][T32757]  __vmalloc+0x7a/0x90
[ 1560.700265][T32757]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1560.705850][T32757]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1560.711260][T32757]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1560.716075][T32757]  bpf_prog_alloc+0x3d/0x1a0
[ 1560.720700][T32757]  bpf_prog_load+0x6eb/0x1670
[ 1560.725425][T32757]  ? map_freeze+0x420/0x420
[ 1560.729970][T32757]  ? __might_fault+0xaa/0x120
[ 1560.734685][T32757]  ? __lock_acquire+0x7d40/0x7d40
[ 1560.739739][T32757]  ? file_end_write+0x159/0x250
[ 1560.744650][T32757]  ? __might_fault+0xaa/0x120
[ 1560.749368][T32757]  ? __might_fault+0xc6/0x120
[ 1560.754099][T32757]  ? __might_fault+0xaa/0x120
[ 1560.758822][T32757]  ? bpf_lsm_bpf+0x9/0x10
[ 1560.763197][T32757]  ? security_bpf+0x7e/0xa0
[ 1560.767757][T32757]  __sys_bpf+0x5ba/0x890
[ 1560.772156][T32757]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1560.777783][T32757]  ? lock_chain_count+0x20/0x20
[ 1560.782690][T32757]  __x64_sys_bpf+0x7c/0x90
[ 1560.787148][T32757]  do_syscall_64+0x55/0xa0
[ 1560.791627][T32757]  ? clear_bhb_loop+0x40/0x90
[ 1560.796430][T32757]  ? clear_bhb_loop+0x40/0x90
[ 1560.801148][T32757]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1560.807101][T32757] RIP: 0033:0x7f6a7ed9cdd9
[ 1560.811571][T32757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1560.831522][T32757] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1560.839994][T32757] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1560.848000][T32757] RDX: 0000000000000094 RSI: 0000200000000300 RDI: 0000000000000005
[ 1560.856085][T32757] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1560.864175][T32757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1560.872353][T32757] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1560.880367][T32757]  </TASK>
[ 1560.914979][T32757] syz.0.9512: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 1560.936392][T32757] CPU: 0 PID: 32757 Comm: syz.0.9512 Not tainted syzkaller #0
[ 1560.943944][T32757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1560.954048][T32757] Call Trace:
[ 1560.957372][T32757]  <TASK>
[ 1560.960362][T32757]  dump_stack_lvl+0x18c/0x250
[ 1560.965114][T32757]  ? show_regs_print_info+0x20/0x20
[ 1560.970383][T32757]  ? load_image+0x420/0x420
[ 1560.974950][T32757]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1560.981422][T32757]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1560.987988][T32757]  warn_alloc+0x246/0x340
[ 1560.992381][T32757]  ? __get_vm_area_node+0x125/0x370
[ 1560.997684][T32757]  ? zone_watermark_ok_safe+0x230/0x230
[ 1561.003287][T32757]  ? rcu_is_watching+0x15/0xb0
[ 1561.008118][T32757]  ? __get_vm_area_node+0x356/0x370
[ 1561.013379][T32757]  __vmalloc_node_range+0x393/0x1330
[ 1561.018738][T32757]  ? mark_lock+0x94/0x320
[ 1561.023125][T32757]  ? __lock_acquire+0x1347/0x7d40
[ 1561.028202][T32757]  ? verify_lock_unused+0x140/0x140
[ 1561.033468][T32757]  ? free_vm_area+0x50/0x50
[ 1561.038043][T32757]  ? end_current_label_crit_section+0x170/0x170
[ 1561.044342][T32757]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1561.049940][T32757]  __vmalloc+0x7a/0x90
[ 1561.054072][T32757]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1561.059675][T32757]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1561.065094][T32757]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1561.069943][T32757]  bpf_prog_alloc+0x3d/0x1a0
[ 1561.074612][T32757]  bpf_prog_load+0x6eb/0x1670
[ 1561.079362][T32757]  ? map_freeze+0x420/0x420
[ 1561.084051][T32757]  ? __might_fault+0xaa/0x120
[ 1561.088783][T32757]  ? __lock_acquire+0x7d40/0x7d40
[ 1561.093862][T32757]  ? file_end_write+0x159/0x250
[ 1561.098772][T32757]  ? __might_fault+0xaa/0x120
[ 1561.103523][T32757]  ? __might_fault+0xc6/0x120
[ 1561.108254][T32757]  ? __might_fault+0xaa/0x120
[ 1561.112982][T32757]  ? bpf_lsm_bpf+0x9/0x10
[ 1561.117369][T32757]  ? security_bpf+0x7e/0xa0
[ 1561.121938][T32757]  __sys_bpf+0x5ba/0x890
[ 1561.126237][T32757]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1561.131686][T32757]  ? lock_chain_count+0x20/0x20
[ 1561.136696][T32757]  __x64_sys_bpf+0x7c/0x90
[ 1561.141163][T32757]  do_syscall_64+0x55/0xa0
[ 1561.145619][T32757]  ? clear_bhb_loop+0x40/0x90
[ 1561.150356][T32757]  ? clear_bhb_loop+0x40/0x90
[ 1561.155096][T32757]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1561.161050][T32757] RIP: 0033:0x7f6a7ed9cdd9
[ 1561.165515][T32757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1561.185176][T32757] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1561.193657][T32757] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1561.201685][T32757] RDX: 0000000000000094 RSI: 0000200000000300 RDI: 0000000000000005
[ 1561.209710][T32757] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1561.217732][T32757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1561.225741][T32757] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1561.233772][T32757]  </TASK>
[ 1561.272365][T32757] Mem-Info:
[ 1561.276001][T32757] active_anon:5307 inactive_anon:0 isolated_anon:0
[ 1561.276001][T32757]  active_file:21360 inactive_file:40528 isolated_file:0
[ 1561.276001][T32757]  unevictable:768 dirty:152 writeback:0
[ 1561.276001][T32757]  slab_reclaimable:10859 slab_unreclaimable:94217
[ 1561.276001][T32757]  mapped:25055 shmem:1361 pagetables:500
[ 1561.276001][T32757]  sec_pagetables:0 bounce:0
[ 1561.276001][T32757]  kernel_misc_reclaimable:0
[ 1561.276001][T32757]  free:1336072 free_pcp:11957 free_cma:0
[ 1561.331247][T32757] Node 0 active_anon:21276kB inactive_anon:0kB active_file:85440kB inactive_file:161912kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100256kB dirty:604kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9996kB pagetables:2008kB sec_pagetables:0kB all_unreclaimable? no
[ 1561.370107][T32757] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1561.401969][T32757] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1561.430402][T32764] netlink: 'syz.3.9514': attribute type 10 has an invalid length.
[ 1561.435829][T32757] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1561.444299][T32757] Node 0 DMA32 free:1436952kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21236kB inactive_anon:0kB active_file:85440kB inactive_file:161092kB unevictable:1536kB writepending:604kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:25556kB local_pcp:5668kB free_cma:0kB
[ 1561.475226][T32757] lowmem_reserve[]: 0 0 0 0 0
[ 1561.480365][T32757] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[ 1561.508822][T32757] lowmem_reserve[]: 0 0 0 0 0
[ 1561.513617][T32757] Node 1 Normal free:3891976kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22920kB local_pcp:9572kB free_cma:0kB
[ 1561.544403][T32757] lowmem_reserve[]: 0 0 0 0 0
[ 1561.557014][T32757] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1561.573152][T32757] Node 0 DMA32: 1422*4kB (M) 1934*8kB (UME) 1459*16kB (UME) 1466*32kB (UME) 1548*64kB (UME) 392*128kB (UME) 161*256kB (UM) 132*512kB (UME) 68*1024kB (UM) 35*2048kB (UME) 231*4096kB (UM) = 1436952kB
[ 1561.593479][T32757] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1561.623840][T32757] Node 1 Normal: 214*4kB (UME) 62*8kB (UME) 40*16kB (UME) 58*32kB (UME) 18*64kB (UME) 7*128kB (UME) 2*256kB (UM) 1*512kB (U) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3891976kB
[ 1561.643939][T32757] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1561.659582][T32757] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1561.672344][T32757] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1561.703375][T32757] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1561.729618][T32757] 63249 total pagecache pages
[ 1561.734382][T32757] 0 pages in swap cache
[ 1561.746613][T32757] Free swap  = 124472kB
[ 1561.784473][T32757] Total swap = 124996kB
[ 1561.802798][T32757] 2097051 pages RAM
[ 1561.818256][T32757] 0 pages HighMem/MovableOnly
[ 1561.826783][T32757] 416927 pages reserved
[ 1561.846662][T32757] 0 pages cma reserved
[ 1561.878609][  T306] netlink: 'syz.3.9518': attribute type 27 has an invalid length.
[ 1561.906930][  T306] netlink: 'syz.3.9518': attribute type 3 has an invalid length.
[ 1562.129661][  T300] delete_channel: no stack
[ 1562.762888][  T322] netlink: 'syz.0.9522': attribute type 28 has an invalid length.
[ 1562.784162][  T322] netlink: 'syz.0.9522': attribute type 29 has an invalid length.
[ 1562.810937][  T322] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9522'.
[ 1565.088801][  T337] FAULT_INJECTION: forcing a failure.
[ 1565.088801][  T337] name failslab, interval 1, probability 0, space 0, times 0
[ 1565.116386][  T337] CPU: 0 PID: 337 Comm: syz.2.9526 Not tainted syzkaller #0
[ 1565.123891][  T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1565.134067][  T337] Call Trace:
[ 1565.137408][  T337]  <TASK>
[ 1565.140388][  T337]  dump_stack_lvl+0x18c/0x250
[ 1565.145136][  T337]  ? show_regs_print_info+0x20/0x20
[ 1565.150404][  T337]  ? load_image+0x420/0x420
[ 1565.154993][  T337]  ? __lock_acquire+0x7d40/0x7d40
[ 1565.160237][  T337]  should_fail_ex+0x39d/0x4d0
[ 1565.165007][  T337]  should_failslab+0x9/0x20
[ 1565.169585][  T337]  slab_pre_alloc_hook+0x59/0x310
[ 1565.174695][  T337]  ? bpf_test_init+0x9f/0x140
[ 1565.179468][  T337]  ? bpf_test_init+0x9f/0x140
[ 1565.184208][  T337]  __kmem_cache_alloc_node+0x53/0x250
[ 1565.189661][  T337]  ? bpf_test_init+0x9f/0x140
[ 1565.194404][  T337]  __kmalloc+0xa4/0x230
[ 1565.198644][  T337]  bpf_test_init+0x9f/0x140
[ 1565.203229][  T337]  bpf_prog_test_run_xdp+0x4d1/0x10e0
[ 1565.208687][  T337]  ? dev_put+0x80/0x80
[ 1565.212834][  T337]  ? dev_put+0x80/0x80
[ 1565.216979][  T337]  bpf_prog_test_run+0x321/0x390
[ 1565.221997][  T337]  __sys_bpf+0x49d/0x890
[ 1565.226329][  T337]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1565.231864][  T337]  ? lock_chain_count+0x20/0x20
[ 1565.236784][  T337]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1565.242926][  T337]  __x64_sys_bpf+0x7c/0x90
[ 1565.247549][  T337]  do_syscall_64+0x55/0xa0
[ 1565.252135][  T337]  ? clear_bhb_loop+0x40/0x90
[ 1565.256869][  T337]  ? clear_bhb_loop+0x40/0x90
[ 1565.261614][  T337]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1565.267566][  T337] RIP: 0033:0x7f067e99cdd9
[ 1565.272037][  T337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1565.291701][  T337] RSP: 002b:00007f067f93e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1565.300184][  T337] RAX: ffffffffffffffda RBX: 00007f067ec15fa0 RCX: 00007f067e99cdd9
[ 1565.308207][  T337] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1565.316230][  T337] RBP: 00007f067f93e090 R08: 0000000000000000 R09: 0000000000000000
[ 1565.324353][  T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1565.332379][  T337] R13: 00007f067ec16038 R14: 00007f067ec15fa0 R15: 00007ffda30926a8
[ 1565.340461][  T337]  </TASK>
[ 1565.461614][  T334] delete_channel: no stack
[ 1565.694007][  T352] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1565.800627][  T345] delete_channel: no stack
[ 1565.823180][  T352] netlink: 'syz.2.9531': attribute type 17 has an invalid length.
[ 1565.832042][  T352] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9531'.
[ 1565.843657][  T352] netlink: 'syz.2.9531': attribute type 10 has an invalid length.
[ 1565.898871][  T352] netlink: 16222 bytes leftover after parsing attributes in process `syz.2.9531'.
[ 1566.044965][  T357] netlink: 'syz.0.9532': attribute type 10 has an invalid length.
[ 1567.513972][  T380] netlink: 'syz.3.9540': attribute type 28 has an invalid length.
[ 1567.546764][  T380] netlink: 'syz.3.9540': attribute type 29 has an invalid length.
[ 1567.557997][  T380] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9540'.
[ 1568.465666][  T385] delete_channel: no stack
[ 1568.889809][  T401] netlink: 'syz.0.9553': attribute type 10 has an invalid length.
[ 1569.009739][  T406] netlink: 'syz.1.9545': attribute type 10 has an invalid length.
[ 1569.058842][  T408] netlink: 'syz.0.9546': attribute type 10 has an invalid length.
[ 1569.069175][  T408] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9546'.
[ 1569.080124][  T408] FAULT_INJECTION: forcing a failure.
[ 1569.080124][  T408] name failslab, interval 1, probability 0, space 0, times 0
[ 1569.095692][  T408] CPU: 1 PID: 408 Comm: syz.0.9546 Not tainted syzkaller #0
[ 1569.103051][  T408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1569.113151][  T408] Call Trace:
[ 1569.116475][  T408]  <TASK>
[ 1569.119445][  T408]  dump_stack_lvl+0x18c/0x250
[ 1569.124220][  T408]  ? show_regs_print_info+0x20/0x20
[ 1569.129565][  T408]  ? load_image+0x420/0x420
[ 1569.134149][  T408]  should_fail_ex+0x39d/0x4d0
[ 1569.138888][  T408]  should_failslab+0x9/0x20
[ 1569.143442][  T408]  slab_pre_alloc_hook+0x59/0x310
[ 1569.148560][  T408]  kmem_cache_alloc_node+0x60/0x320
[ 1569.153826][  T408]  ? __alloc_skb+0x103/0x2c0
[ 1569.158499][  T408]  __alloc_skb+0x103/0x2c0
[ 1569.162971][  T408]  rtmsg_ifinfo_build_skb+0x8c/0x260
[ 1569.168342][  T408]  rtmsg_ifinfo+0x8c/0x1a0
[ 1569.172816][  T408]  __dev_notify_flags+0xf3/0x310
[ 1569.177824][  T408]  ? __dev_change_flags+0x6a0/0x6a0
[ 1569.183078][  T408]  ? __dev_change_flags+0x4d4/0x6a0
[ 1569.188331][  T408]  ? vprintk_emit+0x53d/0x610
[ 1569.193078][  T408]  ? dev_get_flags+0x1c0/0x1c0
[ 1569.197917][  T408]  ? printk_sprint+0x460/0x460
[ 1569.202753][  T408]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1569.208714][  T408]  ? _raw_spin_unlock+0x40/0x40
[ 1569.213659][  T408]  dev_change_flags+0xe8/0x1a0
[ 1569.218500][  T408]  do_setlink+0xc58/0x4130
[ 1569.223071][  T408]  ? load_image+0x420/0x420
[ 1569.227648][  T408]  ? nlmsg_parse_deprecated_strict+0x110/0x110
[ 1569.233861][  T408]  ? rcu_is_watching+0x15/0xb0
[ 1569.238687][  T408]  ? do_trace_netlink_extack+0x7e/0x1a0
[ 1569.244292][  T408]  ? __nla_validate_parse+0x262c/0x2ea0
[ 1569.249914][  T408]  ? __nla_validate+0x50/0x50
[ 1569.254638][  T408]  ? __lock_acquire+0x1347/0x7d40
[ 1569.259728][  T408]  ? mark_lock+0x94/0x320
[ 1569.264119][  T408]  ? __lock_acquire+0x1347/0x7d40
[ 1569.269210][  T408]  ? validate_linkmsg+0x719/0x910
[ 1569.274287][  T408]  rtnl_setlink+0x3d9/0x4e0
[ 1569.278854][  T408]  ? rtnl_dump_ifinfo+0x13c0/0x13c0
[ 1569.284109][  T408]  ? __lock_acquire+0x1273/0x7d40
[ 1569.289270][  T408]  ? mutex_lock_nested+0x20/0x20
[ 1569.294274][  T408]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1569.299437][  T408]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1569.304594][  T408]  ? rtnl_dump_ifinfo+0x13c0/0x13c0
[ 1569.309845][  T408]  rtnetlink_rcv_msg+0x869/0xfa0
[ 1569.314832][  T408]  ? lockdep_hardirqs_on+0x98/0x150
[ 1569.320081][  T408]  ? rtnetlink_bind+0x80/0x80
[ 1569.324809][  T408]  ? preempt_schedule_common+0x82/0xc0
[ 1569.330312][  T408]  ? preempt_schedule+0xc0/0xd0
[ 1569.335208][  T408]  ? schedule_preempt_disabled+0x20/0x20
[ 1569.341061][  T408]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1569.347108][  T408]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1569.353137][  T408]  ? lock_chain_count+0x20/0x20
[ 1569.358040][  T408]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1569.363988][  T408]  ? lockdep_hardirqs_on+0x98/0x150
[ 1569.369250][  T408]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1569.375204][  T408]  ? _raw_spin_unlock+0x40/0x40
[ 1569.380117][  T408]  ? rcu_preempt_deferred_qs_irqrestore+0x88e/0xce0
[ 1569.386810][  T408]  netlink_rcv_skb+0x241/0x4d0
[ 1569.391664][  T408]  ? rtnetlink_bind+0x80/0x80
[ 1569.396411][  T408]  ? netlink_ack+0x1180/0x1180
[ 1569.401267][  T408]  ? __lock_acquire+0x7d40/0x7d40
[ 1569.406372][  T408]  ? __rcu_read_unlock+0x7c/0xd0
[ 1569.411404][  T408]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1569.416731][  T408]  netlink_unicast+0x751/0x8d0
[ 1569.421664][  T408]  netlink_sendmsg+0x8d0/0xbf0
[ 1569.426501][  T408]  ? netlink_getsockopt+0x590/0x590
[ 1569.431788][  T408]  ? aa_sock_msg_perm+0x94/0x150
[ 1569.436788][  T408]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1569.442216][  T408]  ? security_socket_sendmsg+0x80/0xa0
[ 1569.447730][  T408]  ? netlink_getsockopt+0x590/0x590
[ 1569.453087][  T408]  ____sys_sendmsg+0x5ba/0x960
[ 1569.457914][  T408]  ? __asan_memset+0x22/0x40
[ 1569.462558][  T408]  ? __sys_sendmsg_sock+0x30/0x30
[ 1569.467735][  T408]  ? __import_iovec+0x5f2/0x850
[ 1569.472746][  T408]  ? import_iovec+0x73/0xa0
[ 1569.477307][  T408]  ___sys_sendmsg+0x2a6/0x360
[ 1569.482030][  T408]  ? get_pid_task+0x20/0x1e0
[ 1569.486710][  T408]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1569.491546][  T408]  ? __lock_acquire+0x7d40/0x7d40
[ 1569.496749][  T408]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1569.501684][  T408]  ? __x64_sys_sendmsg+0x80/0x80
[ 1569.506689][  T408]  ? lockdep_hardirqs_on+0x98/0x150
[ 1569.511941][  T408]  do_syscall_64+0x55/0xa0
[ 1569.516399][  T408]  ? clear_bhb_loop+0x40/0x90
[ 1569.521132][  T408]  ? clear_bhb_loop+0x40/0x90
[ 1569.525911][  T408]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1569.531879][  T408] RIP: 0033:0x7f6a7ed9cdd9
[ 1569.536336][  T408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1569.555984][  T408] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1569.564453][  T408] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1569.572479][  T408] RDX: 0200000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1569.580495][  T408] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1569.588691][  T408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1569.596703][  T408] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1569.604735][  T408]  </TASK>
[ 1569.621340][  T408] batman_adv: batadv0: Adding interface: vlan1
[ 1569.627901][  T408] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1569.671093][  T408] batman_adv: batadv0: Interface activated: vlan1
[ 1569.847015][  T411] netlink: 'syz.0.9547': attribute type 4 has an invalid length.
[ 1569.859843][  T411] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.9547'.
[ 1570.024325][  T409] delete_channel: no stack
[ 1570.463678][  T427] netlink: 'syz.2.9556': attribute type 10 has an invalid length.
[ 1570.791739][  T437] can: request_module (can-proto-0) failed.
[ 1571.754695][  T444] validate_nla: 1 callbacks suppressed
[ 1571.754713][  T444] netlink: 'syz.0.9569': attribute type 10 has an invalid length.
[ 1571.806716][  T444] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9569'.
[ 1571.859526][  T442] netlink: 'syz.1.9560': attribute type 4 has an invalid length.
[ 1571.868899][  T442] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.9560'.
[ 1572.002902][  T446] netlink: 'syz.3.9559': attribute type 10 has an invalid length.
[ 1572.128135][  T441] delete_channel: no stack
[ 1572.474571][  T467] netlink: 'syz.0.9566': attribute type 28 has an invalid length.
[ 1572.492237][  T467] netlink: 'syz.0.9566': attribute type 29 has an invalid length.
[ 1572.500577][  T467] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9566'.
[ 1572.576092][  T469] netlink: 'syz.1.9568': attribute type 10 has an invalid length.
[ 1573.008990][  T485] FAULT_INJECTION: forcing a failure.
[ 1573.008990][  T485] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1573.025748][  T485] CPU: 0 PID: 485 Comm: syz.2.9573 Not tainted syzkaller #0
[ 1573.033119][  T485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1573.043325][  T485] Call Trace:
[ 1573.046648][  T485]  <TASK>
[ 1573.049633][  T485]  dump_stack_lvl+0x18c/0x250
[ 1573.054380][  T485]  ? show_regs_print_info+0x20/0x20
[ 1573.059645][  T485]  ? load_image+0x420/0x420
[ 1573.064651][  T485]  ? __might_fault+0xaa/0x120
[ 1573.069379][  T485]  ? __lock_acquire+0x7d40/0x7d40
[ 1573.074563][  T485]  should_fail_ex+0x39d/0x4d0
[ 1573.079308][  T485]  _copy_from_user+0x2f/0xe0
[ 1573.083959][  T485]  smc_setsockopt+0x3d3/0xac0
[ 1573.088690][  T485]  ? smc_shutdown+0x9b0/0x9b0
[ 1573.093408][  T485]  ? __fget_files+0x28/0x4b0
[ 1573.098062][  T485]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[ 1573.103677][  T485]  ? security_socket_setsockopt+0x7e/0xa0
[ 1573.109481][  T485]  ? smc_shutdown+0x9b0/0x9b0
[ 1573.114257][  T485]  do_sock_setsockopt+0x175/0x1a0
[ 1573.119357][  T485]  ? __fdget+0x180/0x210
[ 1573.123815][  T485]  __x64_sys_setsockopt+0x182/0x200
[ 1573.129430][  T485]  do_syscall_64+0x55/0xa0
[ 1573.134022][  T485]  ? clear_bhb_loop+0x40/0x90
[ 1573.138846][  T485]  ? clear_bhb_loop+0x40/0x90
[ 1573.143677][  T485]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1573.149714][  T485] RIP: 0033:0x7f067e99cdd9
[ 1573.154577][  T485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1573.174371][  T485] RSP: 002b:00007f067f91d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1573.182857][  T485] RAX: ffffffffffffffda RBX: 00007f067ec16090 RCX: 00007f067e99cdd9
[ 1573.190972][  T485] RDX: 000000000000001e RSI: 0000000000000006 RDI: 0000000000000004
[ 1573.199170][  T485] RBP: 00007f067f91d090 R08: 0000000000000004 R09: 0000000000000000
[ 1573.207311][  T485] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[ 1573.215332][  T485] R13: 00007f067ec16128 R14: 00007f067ec16090 R15: 00007ffda30926a8
[ 1573.223380][  T485]  </TASK>
[ 1573.996020][  T494] netlink: 'syz.3.9578': attribute type 4 has an invalid length.
[ 1574.025913][  T494] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9578'.
[ 1574.144069][  T493] delete_channel: no stack
[ 1574.464153][  T516] netlink: 'syz.1.9585': attribute type 10 has an invalid length.
[ 1574.473022][  T516] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9585'.
[ 1574.489308][  T516] batman_adv: batadv0: Adding interface: vlan1
[ 1574.495559][  T516] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1574.526599][  T516] batman_adv: batadv0: Interface activated: vlan1
[ 1575.423720][  T526] netlink: 'syz.3.9590': attribute type 21 has an invalid length.
[ 1575.452083][  T526] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9590'.
[ 1575.861462][  T535] netlink: 'syz.1.9592': attribute type 28 has an invalid length.
[ 1575.873955][  T535] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9592'.
[ 1576.819286][  T555] validate_nla: 1 callbacks suppressed
[ 1576.819309][  T555] netlink: 'syz.3.9603': attribute type 28 has an invalid length.
[ 1576.856647][  T555] netlink: 'syz.3.9603': attribute type 29 has an invalid length.
[ 1576.864664][  T555] netlink: 132 bytes leftover after parsing attributes in process `syz.3.9603'.
[ 1577.111793][  T562] netlink: 'syz.1.9597': attribute type 28 has an invalid length.
[ 1577.205088][  T562] netlink: 'syz.1.9597': attribute type 29 has an invalid length.
[ 1577.299072][  T566] FAULT_INJECTION: forcing a failure.
[ 1577.299072][  T566] name failslab, interval 1, probability 0, space 0, times 0
[ 1577.307244][  T562] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9597'.
[ 1577.368369][  T566] CPU: 0 PID: 566 Comm: syz.0.9598 Not tainted syzkaller #0
[ 1577.375799][  T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1577.385918][  T566] Call Trace:
[ 1577.389290][  T566]  <TASK>
[ 1577.392308][  T566]  dump_stack_lvl+0x18c/0x250
[ 1577.397068][  T566]  ? show_regs_print_info+0x20/0x20
[ 1577.402344][  T566]  ? load_image+0x420/0x420
[ 1577.406908][  T566]  ? __might_sleep+0xe0/0xe0
[ 1577.411563][  T566]  ? __lock_acquire+0x7d40/0x7d40
[ 1577.416735][  T566]  ? rcu_is_watching+0x15/0xb0
[ 1577.421573][  T566]  should_fail_ex+0x39d/0x4d0
[ 1577.426331][  T566]  should_failslab+0x9/0x20
[ 1577.430910][  T566]  slab_pre_alloc_hook+0x59/0x310
[ 1577.436008][  T566]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1577.442247][  T566]  __kmem_cache_alloc_node+0x53/0x250
[ 1577.447703][  T566]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1577.453666][  T566]  kmalloc_trace+0x2a/0xe0
[ 1577.458174][  T566]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1577.464159][  T566]  sctp_association_new+0x15d3/0x25c0
[ 1577.469800][  T566]  sctp_connect_new_asoc+0x2de/0x6a0
[ 1577.475254][  T566]  ? __sctp_connect+0xd80/0xd80
[ 1577.480172][  T566]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1577.486137][  T566]  ? _local_bh_enable+0xa0/0xa0
[ 1577.491145][  T566]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1577.497024][  T566]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1577.503065][  T566]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[ 1577.508659][  T566]  ? security_sctp_bind_connect+0x89/0xb0
[ 1577.514426][  T566]  sctp_sendmsg+0x1575/0x28c0
[ 1577.519335][  T566]  ? sctp_getsockopt+0xb60/0xb60
[ 1577.524399][  T566]  ? aa_sk_perm+0x83c/0x970
[ 1577.528990][  T566]  ? aa_af_perm+0x330/0x330
[ 1577.533536][  T566]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[ 1577.539992][  T566]  ? sock_rps_record_flow+0x19/0x3f0
[ 1577.545321][  T566]  ? inet_sendmsg+0x7c/0x2f0
[ 1577.550040][  T566]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1577.555378][  T566]  ? security_socket_sendmsg+0x80/0xa0
[ 1577.560951][  T566]  ? inet_send_prepare+0x260/0x260
[ 1577.566348][  T566]  ____sys_sendmsg+0x5ba/0x960
[ 1577.571146][  T566]  ? __lock_acquire+0x7d40/0x7d40
[ 1577.576210][  T566]  ? __asan_memset+0x22/0x40
[ 1577.580842][  T566]  ? __sys_sendmsg_sock+0x30/0x30
[ 1577.585934][  T566]  ? __import_iovec+0x5f2/0x850
[ 1577.590855][  T566]  ? import_iovec+0x73/0xa0
[ 1577.595395][  T566]  ___sys_sendmsg+0x2a6/0x360
[ 1577.600126][  T566]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1577.604947][  T566]  ? __lock_acquire+0x7d40/0x7d40
[ 1577.610040][  T566]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1577.614937][  T566]  ? __x64_sys_sendmsg+0x80/0x80
[ 1577.619933][  T566]  ? lockdep_hardirqs_on+0x98/0x150
[ 1577.625169][  T566]  do_syscall_64+0x55/0xa0
[ 1577.629622][  T566]  ? clear_bhb_loop+0x40/0x90
[ 1577.634355][  T566]  ? clear_bhb_loop+0x40/0x90
[ 1577.639075][  T566]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1577.645125][  T566] RIP: 0033:0x7f6a7ed9cdd9
[ 1577.649600][  T566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1577.669431][  T566] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1577.677891][  T566] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1577.685990][  T566] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000003
[ 1577.694079][  T566] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1577.702112][  T566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1577.710148][  T566] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1577.718449][  T566]  </TASK>
[ 1577.870882][T25756] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1577.881020][T25756] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1577.890706][T25756] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1577.899674][T25756] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1577.933990][T25756] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1577.942484][T25756] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1578.242709][T25954] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1578.655693][T25954] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1578.678768][  T570] chnl_net:caif_netlink_parms(): no params data found
[ 1578.753229][T25954] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1578.759193][  T584] FAULT_INJECTION: forcing a failure.
[ 1578.759193][  T584] name failslab, interval 1, probability 0, space 0, times 0
[ 1578.787996][  T584] CPU: 1 PID: 584 Comm: syz.0.9602 Not tainted syzkaller #0
[ 1578.795461][  T584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1578.805620][  T584] Call Trace:
[ 1578.808956][  T584]  <TASK>
[ 1578.811947][  T584]  dump_stack_lvl+0x18c/0x250
[ 1578.816704][  T584]  ? show_regs_print_info+0x20/0x20
[ 1578.822152][  T584]  ? load_image+0x420/0x420
[ 1578.826748][  T584]  ? __lock_acquire+0x7d40/0x7d40
[ 1578.831931][  T584]  should_fail_ex+0x39d/0x4d0
[ 1578.836703][  T584]  should_failslab+0x9/0x20
[ 1578.841312][  T584]  slab_pre_alloc_hook+0x59/0x310
[ 1578.846581][  T584]  ? bpf_test_init+0x9f/0x140
[ 1578.851316][  T584]  ? bpf_test_init+0x9f/0x140
[ 1578.856037][  T584]  __kmem_cache_alloc_node+0x53/0x250
[ 1578.861476][  T584]  ? bpf_test_init+0x9f/0x140
[ 1578.866227][  T584]  __kmalloc+0xa4/0x230
[ 1578.870616][  T584]  bpf_test_init+0x9f/0x140
[ 1578.875286][  T584]  bpf_prog_test_run_xdp+0x4d1/0x10e0
[ 1578.880823][  T584]  ? dev_put+0x80/0x80
[ 1578.884958][  T584]  ? dev_put+0x80/0x80
[ 1578.889431][  T584]  bpf_prog_test_run+0x321/0x390
[ 1578.895035][  T584]  __sys_bpf+0x49d/0x890
[ 1578.899328][  T584]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1578.904773][  T584]  ? lock_chain_count+0x20/0x20
[ 1578.910048][  T584]  __x64_sys_bpf+0x7c/0x90
[ 1578.914503][  T584]  do_syscall_64+0x55/0xa0
[ 1578.918949][  T584]  ? clear_bhb_loop+0x40/0x90
[ 1578.923780][  T584]  ? clear_bhb_loop+0x40/0x90
[ 1578.928496][  T584]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1578.934421][  T584] RIP: 0033:0x7f6a7ed9cdd9
[ 1578.938903][  T584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1578.958663][  T584] RSP: 002b:00007f6a7fc48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1578.967338][  T584] RAX: ffffffffffffffda RBX: 00007f6a7f015fa0 RCX: 00007f6a7ed9cdd9
[ 1578.975573][  T584] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1578.983773][  T584] RBP: 00007f6a7fc48090 R08: 0000000000000000 R09: 0000000000000000
[ 1578.991782][  T584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1578.999808][  T584] R13: 00007f6a7f016038 R14: 00007f6a7f015fa0 R15: 00007fffea82b4e8
[ 1579.007848][  T584]  </TASK>
[ 1579.053199][  T570] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1579.060635][  T570] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1579.068345][  T570] bridge_slave_0: entered allmulticast mode
[ 1579.075929][  T570] bridge_slave_0: entered promiscuous mode
[ 1579.093190][  T570] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1579.106913][  T570] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1579.114701][  T570] bridge_slave_1: entered allmulticast mode
[ 1579.122462][  T570] bridge_slave_1: entered promiscuous mode
[ 1579.169283][T25954] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1579.210150][  T570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1579.223193][  T570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1579.283049][  T570] team0: Port device team_slave_0 added
[ 1579.298578][  T570] team0: Port device team_slave_1 added
[ 1579.377214][  T570] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1579.393656][  T570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1579.425518][  T570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1579.442887][  T570] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1579.450388][  T570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1579.481363][  T570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1579.610181][  T570] hsr_slave_0: entered promiscuous mode
[ 1579.617950][  T570] hsr_slave_1: entered promiscuous mode
[ 1579.630289][  T570] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1579.638563][  T570] Cannot create hsr debugfs directory
[ 1579.806160][T25954] bridge0: port 4(ip6gretap0) entered disabled state
[ 1579.912356][T25954] ip6gretap0 (unregistering): left allmulticast mode
[ 1579.919815][T25954] ip6gretap0 (unregistering): left promiscuous mode
[ 1579.947276][T25954] bridge0: port 4(ip6gretap0) entered disabled state
[ 1580.040656][T25756] Bluetooth: hci2: command tx timeout
[ 1580.599566][  T616] netlink: 'syz.1.9612': attribute type 21 has an invalid length.
[ 1580.630916][  T616] netlink: 'syz.1.9612': attribute type 1 has an invalid length.
[ 1580.780840][  T622] netlink: 'syz.3.9613': attribute type 4 has an invalid length.
[ 1580.817792][  T622] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.9613'.
[ 1581.279462][  T621] delete_channel: no stack
[ 1581.374593][  T637] netlink: 'syz.1.9616': attribute type 28 has an invalid length.
[ 1581.411150][  T637] netlink: 'syz.1.9616': attribute type 29 has an invalid length.
[ 1581.556623][  T637] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9616'.
[ 1581.852809][  T570] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1582.146747][T25756] Bluetooth: hci2: command tx timeout
[ 1582.186263][  T570] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1582.248460][  T570] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1582.302891][  T654] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9621'.
[ 1582.349938][  T570] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1582.385222][  T654] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9621'.
[ 1582.429026][T25954] 
[ 1582.431442][T25954] ======================================================
[ 1582.438669][T25954] WARNING: possible circular locking dependency detected
[ 1582.445734][T25954] syzkaller #0 Not tainted
[ 1582.450270][T25954] ------------------------------------------------------
[ 1582.457366][T25954] kworker/u4:1/25954 is trying to acquire lock:
[ 1582.463653][T25954] ffff888076b64d00 (team->team_lock_key#5){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[ 1582.473583][T25954] 
[ 1582.473583][T25954] but task is already holding lock:
[ 1582.480999][T25954] ffff88807a788768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[ 1582.491609][T25954] 
[ 1582.491609][T25954] which lock already depends on the new lock.
[ 1582.491609][T25954] 
[ 1582.502075][T25954] 
[ 1582.502075][T25954] the existing dependency chain (in reverse order) is:
[ 1582.511135][T25954] 
[ 1582.511135][T25954] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[ 1582.519030][T25954]        __mutex_lock+0x136/0xcc0
[ 1582.524112][T25954]        ieee80211_open+0x144/0x200
[ 1582.529379][T25954]        __dev_open+0x2cb/0x430
[ 1582.534282][T25954]        dev_open+0xab/0x190
[ 1582.538923][T25954]        team_add_slave+0x75f/0x29a0
[ 1582.544282][T25954]        do_setlink+0xdfe/0x4130
[ 1582.549285][T25954]        rtnl_newlink+0x17da/0x20a0
[ 1582.554548][T25954]        rtnetlink_rcv_msg+0x869/0xfa0
[ 1582.560075][T25954]        netlink_rcv_skb+0x241/0x4d0
[ 1582.565426][T25954]        netlink_unicast+0x751/0x8d0
[ 1582.570778][T25954]        netlink_sendmsg+0x8d0/0xbf0
[ 1582.576124][T25954]        ____sys_sendmsg+0x5ba/0x960
[ 1582.581457][T25954]        ___sys_sendmsg+0x2a6/0x360
[ 1582.586797][T25954]        __se_sys_sendmsg+0x1c2/0x2b0
[ 1582.592224][T25954]        do_syscall_64+0x55/0xa0
[ 1582.597209][T25954]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1582.603687][T25954] 
[ 1582.603687][T25954] -> #0 (team->team_lock_key#5){+.+.}-{3:3}:
[ 1582.612043][T25954]        __lock_acquire+0x2df1/0x7d40
[ 1582.617486][T25954]        lock_acquire+0x19e/0x420
[ 1582.622605][T25954]        __mutex_lock+0x136/0xcc0
[ 1582.627673][T25954]        team_del_slave+0x32/0x1c0
[ 1582.632827][T25954]        team_device_event+0x28d/0xa20
[ 1582.638351][T25954]        notifier_call_chain+0x197/0x380
[ 1582.644031][T25954]        unregister_netdevice_many_notify+0x100d/0x1900
[ 1582.651025][T25954]        unregister_netdevice_queue+0x32c/0x370
[ 1582.657343][T25954]        _cfg80211_unregister_wdev+0x16b/0x580
[ 1582.663559][T25954]        ieee80211_remove_interfaces+0x49e/0x690
[ 1582.669947][T25954]        ieee80211_unregister_hw+0x5d/0x2a0
[ 1582.675891][T25954]        mac80211_hwsim_del_radio+0x289/0x480
[ 1582.682009][T25954]        hwsim_exit_net+0x58d/0x650
[ 1582.687299][T25954]        cleanup_net+0x70a/0xbb0
[ 1582.692297][T25954]        process_scheduled_works+0xa5d/0x15d0
[ 1582.698423][T25954]        worker_thread+0xa55/0xfc0
[ 1582.703720][T25954]        kthread+0x2fa/0x390
[ 1582.708366][T25954]        ret_from_fork+0x48/0x80
[ 1582.713428][T25954]        ret_from_fork_asm+0x11/0x20
[ 1582.718805][T25954] 
[ 1582.718805][T25954] other info that might help us debug this:
[ 1582.718805][T25954] 
[ 1582.729085][T25954]  Possible unsafe locking scenario:
[ 1582.729085][T25954] 
[ 1582.736661][T25954]        CPU0                    CPU1
[ 1582.742059][T25954]        ----                    ----
[ 1582.747464][T25954]   lock(&rdev->wiphy.mtx);
[ 1582.752018][T25954]                                lock(team->team_lock_key#5);
[ 1582.759540][T25954]                                lock(&rdev->wiphy.mtx);
[ 1582.766610][T25954]   lock(team->team_lock_key#5);
[ 1582.771608][T25954] 
[ 1582.771608][T25954]  *** DEADLOCK ***
[ 1582.771608][T25954] 
[ 1582.779789][T25954] 5 locks held by kworker/u4:1/25954:
[ 1582.785428][T25954]  #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1582.796556][T25954]  #1: ffffc90004347d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1582.807260][T25954]  #2: ffffffff8e3b5a90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0
[ 1582.816828][T25954]  #3: ffffffff8e3c2ac8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[ 1582.826831][T25954]  #4: ffff88807a788768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[ 1582.837700][T25954] 
[ 1582.837700][T25954] stack backtrace:
[ 1582.843624][T25954] CPU: 0 PID: 25954 Comm: kworker/u4:1 Not tainted syzkaller #0
[ 1582.851316][T25954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1582.861522][T25954] Workqueue: netns cleanup_net
[ 1582.866360][T25954] Call Trace:
[ 1582.869686][T25954]  <TASK>
[ 1582.872658][T25954]  dump_stack_lvl+0x18c/0x250
[ 1582.877409][T25954]  ? load_image+0x420/0x420
[ 1582.881966][T25954]  ? show_regs_print_info+0x20/0x20
[ 1582.887233][T25954]  ? print_circular_bug+0x12b/0x1a0
[ 1582.892542][T25954]  check_noncircular+0x2fc/0x400
[ 1582.897533][T25954]  ? print_deadlock_bug+0x5d0/0x5d0
[ 1582.902780][T25954]  ? lockdep_lock+0xf5/0x230
[ 1582.907464][T25954]  ? __lock_acquire+0x1273/0x7d40
[ 1582.912715][T25954]  ? _find_first_zero_bit+0xd3/0x100
[ 1582.918172][T25954]  __lock_acquire+0x2df1/0x7d40
[ 1582.923093][T25954]  ? verify_lock_unused+0x140/0x140
[ 1582.928357][T25954]  ? verify_lock_unused+0x140/0x140
[ 1582.933881][T25954]  lock_acquire+0x19e/0x420
[ 1582.938468][T25954]  ? team_del_slave+0x32/0x1c0
[ 1582.943549][T25954]  ? __might_sleep+0xe0/0xe0
[ 1582.948752][T25954]  ? read_lock_is_recursive+0x20/0x20
[ 1582.954366][T25954]  __mutex_lock+0x136/0xcc0
[ 1582.959508][T25954]  ? team_del_slave+0x32/0x1c0
[ 1582.964333][T25954]  ? __lock_acquire+0x7d40/0x7d40
[ 1582.969426][T25954]  ? rcu_is_watching+0x15/0xb0
[ 1582.974429][T25954]  ? trace_contention_end+0x39/0xe0
[ 1582.979685][T25954]  ? __mutex_lock+0x315/0xcc0
[ 1582.984850][T25954]  ? team_del_slave+0x32/0x1c0
[ 1582.989669][T25954]  ? mutex_lock_nested+0x20/0x20
[ 1582.995624][T25954]  ? bond_netdev_event+0xeb/0xf20
[ 1583.001854][T25954]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1583.007653][T25954]  team_del_slave+0x32/0x1c0
[ 1583.012683][T25954]  team_device_event+0x28d/0xa20
[ 1583.018035][T25954]  notifier_call_chain+0x197/0x380
[ 1583.023387][T25954]  unregister_netdevice_many_notify+0x100d/0x1900
[ 1583.030124][T25954]  ? lock_chain_count+0x20/0x20
[ 1583.035043][T25954]  ? unregister_netdevice_many+0x20/0x20
[ 1583.040832][T25954]  ? kernfs_remove_by_name_ns+0x117/0x150
[ 1583.046614][T25954]  ? __lock_acquire+0x7d40/0x7d40
[ 1583.051737][T25954]  unregister_netdevice_queue+0x32c/0x370
[ 1583.057507][T25954]  ? list_netdevice+0x730/0x730
[ 1583.062380][T25954]  ? kernfs_remove_by_name_ns+0x117/0x150
[ 1583.068159][T25954]  _cfg80211_unregister_wdev+0x16b/0x580
[ 1583.073846][T25954]  ieee80211_remove_interfaces+0x49e/0x690
[ 1583.079891][T25954]  ? ieee80211_do_stop+0x1e20/0x1e20
[ 1583.085287][T25954]  ? rcu_is_watching+0x15/0xb0
[ 1583.090078][T25954]  ieee80211_unregister_hw+0x5d/0x2a0
[ 1583.095557][T25954]  mac80211_hwsim_del_radio+0x289/0x480
[ 1583.101133][T25954]  ? rhashtable_remove_fast+0xc00/0xc00
[ 1583.106726][T25954]  hwsim_exit_net+0x58d/0x650
[ 1583.111454][T25954]  ? hwsim_init_net+0x90/0x90
[ 1583.116181][T25954]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[ 1583.122012][T25954]  cleanup_net+0x70a/0xbb0
[ 1583.126454][T25954]  ? ops_free_list+0x3b0/0x3b0
[ 1583.131293][T25954]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1583.136527][T25954]  ? process_scheduled_works+0x96f/0x15d0
[ 1583.142372][T25954]  ? process_scheduled_works+0x96f/0x15d0
[ 1583.148116][T25954]  process_scheduled_works+0xa5d/0x15d0
[ 1583.153728][T25954]  ? worker_attach_to_pool+0x380/0x380
[ 1583.159405][T25954]  ? assign_work+0x3d2/0x5d0
[ 1583.164048][T25954]  worker_thread+0xa55/0xfc0
[ 1583.168685][T25954]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1583.174639][T25954]  ? _raw_spin_unlock+0x40/0x40
[ 1583.179529][T25954]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1583.185463][T25954]  kthread+0x2fa/0x390
[ 1583.189553][T25954]  ? pr_cont_work+0x560/0x560
[ 1583.194263][T25954]  ? kthread_blkcg+0xd0/0xd0
[ 1583.198963][T25954]  ret_from_fork+0x48/0x80
[ 1583.203396][T25954]  ? kthread_blkcg+0xd0/0xd0
[ 1583.208015][T25954]  ret_from_fork_asm+0x11/0x20
[ 1583.212854][T25954]  </TASK>
[ 1583.219144][T25954] mac80211_hwsim hwsim38 wlan1 (unregistering): left promiscuous mode
[ 1583.230944][T25954] mac80211_hwsim hwsim38 wlan1 (unregistering): left allmulticast mode
[ 1583.243813][T25954] team0: Port device wlan1 removed
[ 1583.255472][  T657] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9621'.
[ 1583.265299][  T654] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9621'.
[ 1583.366888][T25954] hsr_slave_0: left promiscuous mode
[ 1583.372896][T25954] hsr_slave_1: left promiscuous mode
[ 1583.379532][T25954] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1583.387185][T25954] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1583.395054][T25954] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1583.404091][T25954] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1583.412045][T25954] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi
[ 1583.419640][T25954] batman_adv: batadv0: Removing interface: veth1_virt_wifi
[ 1583.427872][T25954] batman_adv: batadv0: Interface deactivated: virt_wifi0
[ 1583.434962][T25954] batman_adv: batadv0: Removing interface: virt_wifi0
[ 1583.442707][T25954] bridge0: port 3(team0) entered disabled state
[ 1583.452851][T25954] bridge_slave_0: left allmulticast mode
[ 1583.458714][T25954] bridge_slave_0: left promiscuous mode
[ 1583.464512][T25954] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1583.475299][T25954] veth1_macvtap: left promiscuous mode
[ 1583.481368][T25954] veth0_macvtap: left promiscuous mode
[ 1583.688726][T25954] team_slave_1 (unregistering): left promiscuous mode
[ 1583.695604][T25954] team_slave_1 (unregistering): left allmulticast mode
[ 1583.703374][T25954] team0 (unregistering): Port device team_slave_1 removed
[ 1583.740033][T25954] team_slave_0 (unregistering): left promiscuous mode
[ 1583.746980][T25954] team_slave_0 (unregistering): left allmulticast mode
[ 1583.754994][T25954] team0 (unregistering): Port device team_slave_0 removed
[ 1584.103798][  T570] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1584.130258][  T570] 8021q: adding VLAN 0 to HW filter on device team0
[ 1584.169836][T26292] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1584.177759][T26292] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1584.196954][T25756] Bluetooth: hci2: command tx timeout
[ 1584.216523][T26292] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1584.223735][T26292] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1584.462459][  T570] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1584.500410][  T570] veth0_vlan: entered promiscuous mode
[ 1584.512055][  T570] veth1_vlan: entered promiscuous mode
[ 1584.540893][  T570] veth0_macvtap: entered promiscuous mode
[ 1584.550824][  T570] veth1_macvtap: entered promiscuous mode
[ 1584.568852][  T570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1584.580253][  T570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1584.590239][  T570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1584.600921][  T570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1584.610946][  T570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1584.621510][  T570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1584.632595][  T570] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1584.645031][  T570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1584.657963][  T570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1584.668347][  T570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1584.679103][  T570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1584.689024][  T570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1584.699572][  T570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1584.710674][  T570] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1584.723775][  T570] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1584.732686][  T570] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1584.741991][  T570] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1584.750968][  T570] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1584.785223][  T570] ieee80211 phy49: Selected rate control algorithm 'minstrel_ht'
[ 1584.812807][T26292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1584.818393][  T570] ieee80211 phy50: Selected rate control algorithm 'minstrel_ht'
[ 1584.832356][T26292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1584.854148][T26292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1584.862323][T26292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1586.276906][T25756] Bluetooth: hci2: command tx timeout