last executing test programs:

2.82247632s ago: executing program 0 (id=2614):
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x9)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x81, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x14, 0x2, 0x3, 0x400, 0x800, 0xffffffffffffffff, 0xd, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x50)
write$cgroup_subtree(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="24000000660091ef"], 0xfe33)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x8020000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x7, 0x6}, 0x1, 0x0, 0x800001, 0x3, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000007feffff720af0ff0000020071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61142000000000001d430000000000007a0a00fe0000001f6114180000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081504507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5e7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927e2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28e6ce4d9791c73c2d37999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fcf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x19, 0x4, 0x8, 0x9}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)=r4}, 0x20)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000005c0)={r4}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r5)
close(0xffffffffffffffff)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\"\x00'/12, @ANYBLOB='j'], 0x20)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000080000000000000000000000180900002020702500000000002020207b1af8ff00000000bda004000000000027000000f8ffffffb702000008000000b7030000000004002500f8ff0600000095"], &(0x7f0000000040)='syzkaller\x00', 0xe}, 0x94)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00070000420091"], 0xfe33)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000003700)=""/4064, 0xfe0}], 0x1}, 0x10100)

1.826836947s ago: executing program 2 (id=2621):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x14869}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair(0x21, 0x1, 0xfffffffe, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001ffe000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0)

1.792065628s ago: executing program 0 (id=2622):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$sock(r0, &(0x7f0000000180)={&(0x7f0000000040)=@hci={0x1f, 0x2, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000400), 0x90}, 0x800)
r1 = socket$kcm(0x2, 0x2, 0x73)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x80)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x1, 0x2b4}, 0x0, 0x10000, 0x0, 0x0, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='..\x00')
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000015006b0300224ed86e6c1d000a117ea6e070d6064e22000300000000250002000f00000017d34460bc24eab556a705251e6182949a00003d3b48dfd8cdbf9767b4fa51f62a64c9f4060046d88037e786a6d0a5d700000017", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x0, 0x17, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/146, 0x92}, {&(0x7f0000001300)=""/71, 0x47}], 0x3, &(0x7f0000001280)=[@cred={{0x1c}}], 0x20}, 0x2000)

1.603538179s ago: executing program 2 (id=2624):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xffff0000, 0xfffffffd}, 0x39)

1.537159243s ago: executing program 3 (id=2626):
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x1b, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f00000011c0)="9d7fcf3efc6316a6a555ba8b4726d7ccaf8a060000009cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71ad21b965f615b31105d60a4b16fa2fa1371850a1be85ffcad45b49422b2121d709014f49cf6bd1d18acc4c19e4356669a2ac3e05d5cdc6f0f485c1eb52ea8faf7e83a1468b6a491e71ae3d03cd9677e72413954feae71b5775a6e3e9fa9db9e1ed56e56bff66a7a86214d8145d878e26fa35bd55db98ecdef374d26a5d9cd0e89f3ae45be2d8e1d98ee0865fb64d6dd1e8c89608733370f12be1495d81b36dd72cc28e9c9b2c45f925b38b21818d93ce604772c21824e45793c4073eb44773f8e42c9ebb297dd5e76e856a22253c0e8a80f33b4d015c3f9c0c26bcdd6b440322a23b10d507eecead59faa166bdac1bd840211336dc0c", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x38, 0x29, 0x2}}, @ip_tos_u8={{0x100000000000000, 0x2000000}}], 0x50}, 0xff00)

1.501622955s ago: executing program 2 (id=2627):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x1c, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x100})
perf_event_open(0x0, 0x0, 0xd, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f0, &(0x7f0000000080))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @random="01000000c95d"})
ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x5)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001e00)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a118000600014002020a600e41b0000900ac00040211007c00160012000a00ff020048035c4c61c1d67f6f94007133cf6efb8000a007a290457f01a7cee4090000001fb7d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de61fccd40dd6e4edef3d93452a9247c47870ae1d092665c07a81ead0f98a952c795c0e9703920723f9000000008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x105}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000580), &(0x7f0000000240)=""/255}, 0x20)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x7fffffff, '\x00', 0x0, r0, 0x5, 0x5, 0x5}, 0x50)

1.41489939s ago: executing program 3 (id=2628):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000005000000000000be97604be80ca63ca8b738a2c98f17d4eadb894a9accfa1248a9eb1d184b9e8d4334c8b2e098ac3eaf0c16017c2f6b02918dc0b89d3ed7df337773dd456e59383fd4a25fd56e12e8ac2edde25ab32a2ed7fa0787b6478b886c4e3415d4806e003423fc30fd058a07863b555c16c49010db6f08b5e84f8009fdbf3cc94ad43ad142040e1b4d68eb75afdf1ea784e5b0733b884270faea39136be8d5f2cfdfcc915e682835c66c1aa27109a3bcea580260d91ae7"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r0, 0x7, 0xfffffffffffffffe}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfffffffffffffff8, 0x3}, 0x0, 0x0, 0x2, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4004801)
ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r5, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x8, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x63, 0x2, 0x0, 0x0, 0x0, 0x0, 0x37a05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x500}, 0x1075, 0x4, 0x0, 0x0, 0xffffffffffffbbfe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1c0000000000000}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))

1.273136108s ago: executing program 2 (id=2631):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x1c, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x94)
socketpair(0x1, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffffffffffffffff, 0x7}, 0x104101, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x8, 0x2, 0x4}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x4, 0x1, 0x7, 0x0, 0x0, 0x1}]}, &(0x7f0000000100)='syzkaller\x00', 0x2}, 0x94)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x400, 0x1000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r2)
socket$kcm(0x2, 0x200000000000001, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xf, 0x4, 0x4, 0xf, 0x0, 0x1}, 0x50)
r3 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000080)=[{&(0x7f00000000c0)="81", 0x1}], 0x1, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'b'}, {0x10, 0x84, 0x8}], 0x28}, 0x41)

1.266049769s ago: executing program 1 (id=2632):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x4}, 0x1aa0d, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x14, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x18000000}, 0x50)

1.260020269s ago: executing program 3 (id=2633):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfd, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb44ef09000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0)

1.05733286s ago: executing program 3 (id=2634):
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x9)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
close(0xffffffffffffffff)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00070000420091"], 0xfe33)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000003700)=""/4064, 0xfe0}], 0x1}, 0x10100) (fail_nth: 4)

1.05600658s ago: executing program 2 (id=2635):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d00", 0x28}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000002200)=""/265, 0x109}, {&(0x7f0000000600)=""/234, 0xea}, {&(0x7f00000007c0)=""/178, 0xb2}, {&(0x7f0000000500)=""/190, 0xbe}, {&(0x7f00000020c0)=""/252, 0xfc}, {&(0x7f0000002340)=""/4084, 0xff4}, {&(0x7f00000000c0)=""/20, 0x14}, {&(0x7f0000000940)=""/184, 0xb8}, {&(0x7f0000000700)=""/88, 0x58}, {&(0x7f00000002c0)=""/27, 0x1b}], 0xa}, 0x40012100)

1.030920671s ago: executing program 1 (id=2636):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0x1, 0x58, &(0x7f0000000140)={0x0, <r0=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x0, 0x2b, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f00000005c0)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1, 0x12)
r5 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000340)="0209070002000000e400000000d2ac52901046ead915d55f21c7c6f57b956618e5fdcf1ce582ff9adaa4482ee31b663d3901591c7bb64bde0c86bade4b7a3db630873dde868e8b545c96c6841e04d4328e81c799a8570a402817df2b0b0ee559f0015dc4958fc42c34bab25c9f9d90c401cf171ac15f9454995153ff508894284aab23b68e4b1f91dc8f99c4e44cf39afed91ad7f52ab6a6ab802778ee1264cf54f007a25bd6aa966d4f87ac50b1ed453ea22be6691afb95bbde2b0e51", 0xbd}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRES8=r0], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xbc, &(0x7f00000001c0)=""/188, 0x0, 0xc, '\x00', r1, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r4}, 0x94)
write$cgroup_int(r4, &(0x7f0000000300)=0xfff, 0x12)
r6 = getpid()
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x34120, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x7, 0x2}, 0x8386, 0x0, 0x0, 0x0, 0x0, 0x4}, r6, 0x1, 0xffffffffffffffff, 0x3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r6, r4, 0x0, 0xe, &(0x7f0000000280)='cgroup.events\x00'}, 0x30)

509.310111ms ago: executing program 1 (id=2637):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x140, &(0x7f0000000900)=[{&(0x7f0000000040)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f0000000104c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00010006080c00bdad01409bbc7a46e39a8285dcdf12176679df069163ce955fed0009d78f0a947ee2b49e33538afaeb2713f450ebd010a20ff27fff", 0x89}], 0x1}, 0xff0f000020000080)

477.123953ms ago: executing program 0 (id=2638):
r0 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000140)={0x2, 0x0, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)="ba", 0x1}], 0x1}, 0x4008804)
sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000000)="c109001100001200001d1e020e", 0xd}, {&(0x7f0000000500)='9&', 0x2}], 0x2}, 0x20040000)

402.793348ms ago: executing program 3 (id=2639):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x73)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000), 0x8)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e37024801", 0x27}], 0x1}, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030030000b12d25a80648c2594f90124fc60100c044002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0xa}, 0x0)

374.904229ms ago: executing program 1 (id=2640):
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000000)={0x2, 0x0, [0x0, 0x0]})
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0x1)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff, 0x6, 0x8}, 0xc)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r0, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_ext={0x1c, 0x6, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xab42}, [@map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @alu={0x7, 0x1, 0x2, 0x1, 0x2, 0xfffffffffffffff0, 0x8}]}, &(0x7f0000000140)='syzkaller\x00', 0x6, 0x7e, &(0x7f0000000180)=""/126, 0x40f00, 0x2d, '\x00', r2, 0x0, r0, 0x8, &(0x7f00000002c0)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x6, 0x3, 0x2}, 0x10, 0x16e67, r0, 0x2, &(0x7f0000000340)=[r0, r0, r0], &(0x7f0000000380)=[{0x5, 0x5, 0xc, 0xa}, {0x5, 0x3, 0xf}]}, 0x94)
recvmsg(r0, &(0x7f0000000880)={&(0x7f0000000480)=@nfc_llcp, 0x80, &(0x7f0000000700)=[{&(0x7f0000000500)=""/29, 0x1d}, {&(0x7f0000000540)=""/151, 0x97}, {&(0x7f0000000600)=""/4, 0x4}, {&(0x7f0000000640)=""/121, 0x79}, {&(0x7f00000006c0)=""/30, 0x1e}], 0x5, &(0x7f0000000780)=""/214, 0xd6}, 0x40000002)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000b40)={&(0x7f00000008c0)="5c03229304c25309def3e8210ddb855236d9f5c3a4cf2a4b7ade7c87", &(0x7f0000000900)=""/234, &(0x7f0000000a00)="15f700b3a3aca6e20fca1a25e23df478cc29d02aa69ad6e3302e0725efe1d15f269abdc3fb099906212d0fe4244f0a071e16bfcb57c3c7af7ec7b00115703f7fbfbd50a34570099588174d2dce0e6c67aa843a31a3e0c0b5370007de2a48b7113c9629d9ad4a69846b80438484786942f701984e398e09c73b61ba8b85d8a2c309e3549865fb0afb8a3de252188565300310c51b97b536f798d5758d4f3261f6a76368b92591c52c3cbde0ca62c2288e87e9b4bc9a86ae4b51946f3e640dd4680823319228b1dd59419b788f8bbb0c980cc5bfdb99c8ff70c9cd6de9a6d998", &(0x7f0000000b00)="bf96bf28eb51caaddef016b6df8b90f4d5cd86811822e9035b3d853e31cea58592331279b2b2162a33bf3d2f09c42ec9be913ac85db1", 0x1, r1}, 0x38)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000b80), 0x1, 0x0)
ioctl$TUNGETVNETLE(r4, 0x800454dd, &(0x7f0000000bc0))
ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000c00)=""/203)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ec0)={0x6, 0xe, &(0x7f0000000d00)=@raw=[@call={0x85, 0x0, 0x0, 0x92}, @call={0x85, 0x0, 0x0, 0x68}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0x63}, @call={0x85, 0x0, 0x0, 0x42}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}], &(0x7f0000000d80)='syzkaller\x00', 0x9, 0xba, &(0x7f0000000dc0)=""/186, 0x41000, 0x60, '\x00', r2, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000e80)={0x5, 0xa, 0x9000, 0x1ff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001080)={@ifindex=<r6=>r2, 0x2, 0x1, 0x7, &(0x7f0000000f80)=[0x0], 0x1, 0x0, &(0x7f0000000fc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001000)=[0x0, 0x0, 0x0], &(0x7f0000001040)=[0x0, 0x0], <r7=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000010c0)={@ifindex=r2, r5, 0x3, 0x4, r3, @void, @value=r3, @void, @void, r7}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0)
close(0xffffffffffffffff)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', r2, r0, 0x3, 0x5, 0x3}, 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001280)={r8, &(0x7f0000001180)="5004e034cc4e3da599e350a0cf09f947383858bced64dcfa9bd5dec1ae87269e47aa39ca0f866f547b519005d55f9b271fdc85272a4268a086ca4e14a99c2565d8457366f9a2cc49196856f16fe4004454380e26ebadd0a6409219eca1a621a5f10104b61b98a0a86e83bbd3a80dfdf2c6aca7d7e599d6a71d2517dcd18bbf08b620fc06eb42295b5a96cd737e49722139fd60e353bf531e2b703e6760159f9d75f8f5639931eaa7ba6d69f2ed4f9138c74e55ce3804b4c29ba0f2a9c8552bc91d95b96dfadfc05d9efa6bc1d80dae2540697e0fcc7b11577955b811805886d2ef723e1048ebe1a238"}, 0x20)
syz_clone(0x200, &(0x7f00000012c0)="7ea651e771d5a2255c5c7dd4306d14d2494fd19b7c85b6456e00226aa65dc5d4f1bf77ad7e7f21f750d7c8120d013e176c38b21fab6f9915f02b1e6afcd911ecdb6b5167bb8486c28fc6fe", 0x4b, &(0x7f0000001340), &(0x7f0000001380), &(0x7f00000013c0)="b39f953bbcb345767b9efc77fea559f81a017df6d977aab3b6155a72c76e61c64f1fccd6b7d71ca6bfaa465a42a7482f6e7ca3ffe55054336d724ef215342636a2cb089037c3b877f982b26296b46ecf2496761a96cfb9dced281de02d87160c95972c11864cb84c4726d64069eb007c58ebb1c807672b9e4ba7ff7b915e869dbcf047b1c69325263593bc3a6774638b8f7a7b904979446a2cd9c2df4a244d29b3e7ebd7b9cb7ce670ef8eb19c2ce46afbd08184a931157c9cebd63a")
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x12, 0x22, &(0x7f0000001480)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @map_fd={0x18, 0x9, 0x1, 0x0, r8}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x2}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4db}}, @printk={@llx}], &(0x7f00000015c0)='syzkaller\x00', 0x2, 0x47, &(0x7f0000001600)=""/71, 0x40f00, 0x1, '\x00', r6, @cgroup_sock_addr=0xf, r0, 0x8, &(0x7f0000001680)={0x7, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x2, &(0x7f00000016c0)=[r0, r1, r8, r0, r8], &(0x7f0000001700)=[{0x4, 0x4, 0xb, 0xd}, {0x3, 0x3, 0xd, 0x8}], 0x10, 0x927}, 0x94)
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000001800)={'batadv_slave_0\x00', @random="24e395c9ead2"})
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001840)={@ifindex=r6, r0, 0xa, 0x2000, 0x0, @value=r0, @void, @void, @void, r7}, 0x20)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000001880)={<r10=>0xffffffffffffffff})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001b80)={&(0x7f00000018c0)="7e8d4f7514c0003f86d80e7dacea3183e049a0e5ea7df4462f81195f3298a0e090a53d843c2b056ce01799e4b6fa2e4046563a0da3a8e399a8cd6d73b85c4ece72a77c1d02066b9257193b6a0b0e504583167862092ffbe94749", &(0x7f0000001940)=""/97, &(0x7f00000019c0)="3a160babe2e154112bb2c0fcc8dff9401c4c07ba0f206f74220f54ee38eb048b4bdf470856e7c168594790c90ff630e7b5ebb3d518a9afbb0a4d2ba820bb74f83057928fd3dde62ac1cc409dc960049ed00b4148a46888c916d13ff0963832dd1f2f8e354fcaa0a82bb6aa1ad8afe622efdb95264e4ceffc71f843a9c7582fe1ec883b0a0b569a99722df7234de19b2d8b0fd82b86ae7aab029dcfeaf301cb6ec82017be0b9e4bc7061debe50bfba4dc67355bee380db59029ac8dde133e14a9bf3eb240273d50d2929c", &(0x7f0000001ac0)="8d9176dc3eb7d9f1ec0976f41fb6761632511d94b91a17497a670f0b962cda60d13393ef7a40991f5c3bf06d6652d7a979ba73afc735ecc6189bc48cadfacdc3aa7c00389abbc097b7f3b2ce22409d49da9e386e9358838c227c85954da1dafd9d72ab8b10f69babe1d7af0578ac9f9ec21bc0c15b049c203b5cd47c5b1b0f37838227784cbff8529b8f548191bb5eb7bf58047dd73376e05fbf1b37941a9c4285572dbb2cb5f4720ef1d2bc58daca10b4f6bea13c6c2ca4f3cfc47155", 0x7, r8, 0x4}, 0x38)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000001bc0)={0x4, 0x0, [0x0, 0x0, 0x0, 0x0]})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001ec0)={r1, 0x58, &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000001f80)={0x9, <r12=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000002000)={0x16, 0x38, &(0x7f0000001c00)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe0d3}, [@exit, @func, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc557}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0xad}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfff}}, @exit, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @printk={@x}]}, &(0x7f0000001dc0)='GPL\x00', 0x3, 0x17, &(0x7f0000001e00)=""/23, 0x41100, 0x11, '\x00', r11, @fallback, r0, 0x8, &(0x7f0000001f00)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000001f40)={0x3, 0x4, 0xcaa, 0x1}, 0x10, r12, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000001fc0)=[{0x1, 0x5, 0xf, 0xc}], 0x10, 0x6}, 0x94)
sendmsg$sock(r10, &(0x7f0000002540)={&(0x7f00000020c0)=@l2tp6={0xa, 0x0, 0x9, @remote, 0x2}, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002140)="d96e90d45dbb8df1671c5cc9baf7db674b5d4f10e4f51218f380de1e29e995b09eaac0eb76937fc7bb80de212b6ae05c6093a14e55dd08e0951b178d316762b7650c26842667e1b1511831a5272b018657f8448f58cd597bdd48ded75edce96e08a9081e6412d6692fcd6780f1fbf39cb4029ee0edb3e27bc3c6ebc0acdc015d06aef132c032282b352eac35780abf1fe31557f7a0cc294d720d0a70cc82b0391e3901bb76677cf57146f0a650ecc09ca845fb0b47d387d988ee8abf", 0xbc}, {&(0x7f0000002200)="9716b5442b09b194d087fcb7a4d7c7daccd6f7abb2fd3296a9db48b820ee22e60a04b1bed68040c814ed30bc7b0bc6d9a2a3209d83fca16b3aa4b0fedc221aa007f4ae130d8a223e579cd05e0515111393752a290579aa938546ece6ad5ca126823a512842655b54a44908e98dd8a1ff036019a88247", 0x76}, {&(0x7f0000002280)="ecffb56cca571d019b50e8fb6ef09fd05c791ad9672d021f07122d913f843227575d449709b238a8fb76f02f2c7ca223e3e43f774e79c17818a9a5348e20372a6cf0289ecd5ee146a5e2fb40f861e2acbba77e99b0b47ad897c4bcbc4ee5d7468f16aa5b36c5c6fca3dcb6329e4c87308f00914821ccf601bdb07b980c4a48a882f59a79ee618fcc9fdd52d83ebd1ea125aad74c00be0b20ec283a1a7fb88ba76d85f13f3c7e5f302b7bfce887ca13e8569554e3ccaa6aec96dfc966373e1df46750fc500eed4269a93c587f3819d17ffa531e699317", 0xd6}, {&(0x7f0000002380)="7ac4f5dde95567411cfabfe014d2d9de39853b15b8699973c0bd919a1c1365", 0x1f}, {&(0x7f00000023c0)="a1af65d45005650f540602e0358acfa1468f6b8eac1af74ee79f4feb057ec9784a0a1eb60d27b67157afebe9dc8d97e78b4ccd759944b427ff8fe51984054b86d5243e9596a3c2036960e42a5f22d9941cc70ee7f3aa4a115309adba41d94730501e004177c7d334af00136be0e4be48e2232f96285ec0bbd286384b1ef5e76b0f00f8c864796dd7f0240a3bfeabc6cfe0abe2b37775ea758b74e1fd43cf3ebe3f8b2139e268116a8428011b11cfdd5bfa4da7e3c0d519ba6949fc9d424683729db5b01786f6610621657de38825979a40cdb4348f3b57f74c3dcf8aebaf", 0xde}], 0x5}, 0x4000800)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000002580)={@map=r0, r9, 0x19, 0x28, r0, @void, @void, @void, @value, r7}, 0x20)

362.55353ms ago: executing program 0 (id=2641):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000005000000000000be97604be80ca63ca8b738a2c98f17d4eadb894a9accfa1248a9eb1d184b9e8d4334c8b2e098ac3eaf0c16017c2f6b02918dc0b89d3ed7df337773dd456e59383fd4a25fd56e12e8ac2edde25ab32a2ed7fa0787b6478b886c4e3415d4806e003423fc30fd058a07863b555c16c49010db6f08b5e84f8009fdbf3cc94ad43ad142040e1b4d68eb75afdf1ea784e5b0733b884270faea39136be8d5f2cfdfcc915e682835c66c1aa27109a3bcea580260d91ae7"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r0, 0x7, 0xfffffffffffffffe}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfffffffffffffff8, 0x3}, 0x0, 0x0, 0x2, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4004801)
ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r5, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x8, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x63, 0x2, 0x0, 0x0, 0x0, 0x0, 0x37a05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x500}, 0x1075, 0x4, 0x0, 0x0, 0xffffffffffffbbfe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1c0000000000000}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))

242.624037ms ago: executing program 3 (id=2642):
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000240)={0x4, 0x80, 0x6, 0x3, 0x1, 0x1, 0x0, 0xd0d, 0x20020, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x2, @perf_bp={&(0x7f0000000100)}, 0x100003, 0x7fffffffffffffff, 0xfffffffc, 0x0, 0x8, 0xfffffff9, 0x0, 0x0, 0x2, 0x0, 0x100000000})
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f00000008c0)=r4, 0x4)
ioctl$TUNSETVNETBE(r4, 0x400454de, &(0x7f0000000140)=0x1)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000fee3ffff0000000000000000850000004100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffff", @ANYRES32=0x1], 0x48)
perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r6 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r6, 0x6, 0x24, &(0x7f0000000200), 0x4)
socket$kcm(0xa, 0x5, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfe1b)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x89, 0x1, 0x0, 0x0, 0x0, 0x34, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x2}, 0x8002, 0x2, 0xfffffffe, 0x0, 0x200, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x2, 0x73)
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x9a, 0x0, 0xfd, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}, 0x408, 0xca, 0xfffffffc, 0x2, 0xfffffffffffffffc, 0x8}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0xb)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
r10 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x4, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r10, 0x40042408, r11)
write$cgroup_subtree(r9, &(0x7f0000000200)=ANY=[], 0x12)
socketpair(0x38, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r12, 0x8946, 0x0)

178.75951ms ago: executing program 1 (id=2643):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61154c00fffe00006113500000000000bfa00000000000001503000008004e002d3501000000000095004160000000006916360000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf670000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18487b6feb89752cd600000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bbff4bbe0000000000000000000000000044585397feaadda3fcc64e7b0c08f7ac5c64cb190f1712a3b10fc34eb758705f1751d8c8b712eb39d2b8ad44f129c2c9aedb15"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)

171.729771ms ago: executing program 0 (id=2644):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d08391000ff00000000a1180015000600142603600e1209002100ff000401a80016000400144006000300036010fab94dcf5c0461c1d67f6f94007134c76ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccbb0dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)

116.141624ms ago: executing program 2 (id=2645):
socket$kcm(0x2, 0x3, 0x2) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f0000000840)=[{0xfdc0, 0x0, 0x3, 0xff7ff038}]}) (async, rerun: 32)
r2 = socket$kcm(0x10, 0x2, 0x10) (async, rerun: 32)
r3 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x400, 0x10506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x1000000000000801, 0x1}, 0x7402, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
syz_clone(0x126400, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x1c, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x40000, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r4) (async)
close(r3)
syz_clone(0x0, &(0x7f0000000c00), 0x0, 0x0, 0x0, 0x0) (async)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x50) (async)
r7 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x280000, 0x4}, 0x108b84, 0x4, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x0, 0x1, 0xffffffffffffffff, 0x0) (async)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r10 = openat$cgroup_freezer_state(r9, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r10, &(0x7f0000000040)='FROZEN\x00', 0x7) (async)
mkdirat$cgroup(r9, &(0x7f00000000c0)='syz1\x00', 0x1ff) (async)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f95f24fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r6}, &(0x7f0000000340), &(0x7f0000000380)='%pK    \x00'}, 0x20) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={&(0x7f00000000c0)="e7", &(0x7f0000000100)=""/95, &(0x7f0000000180)="2ca40499330a89f8b29de98e8936c81c485469a0a357ed490e9c123dc044a521221440168820fa608a6baae0c071de4355d66fd8177e7c4cb066c89dd1c08a74e37a902c72800c4d508be152757ebfbfe4de24e6c9632d282353789dd7611138801ba9712bf4c7aa737778ded4e1a4ab3811ce7faddd3043dbea6c97494a7063ac388f87e51d31c1ffbb9f6f228e22ba", &(0x7f0000000240)="76db817f5d2ecb975e366b3507a746dc98ffc53445852e1754da0e83c76ad346e6ec5313780d392734a68a243a620386eee3411d71934cfb19f62baa3ff91cfa8bce", 0x4, 0x1}, 0x38) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8941, &(0x7f0000000080)) (async)
sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="1c000000000000000000000001"], 0x48}, 0x0)

2.69319ms ago: executing program 0 (id=2646):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
syz_clone(0x900000000000000, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=2654):
r0 = socket$kcm(0x2, 0x3, 0x2)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1)
sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000002800), 0x0, &(0x7f0000000200)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x10}, @multicast1}}}], 0x20}, 0x0)
socketpair(0x1d, 0x4, 0x0, &(0x7f0000000380))

kernel console output (not intermixed with test programs):

]  ? clear_bhb_loop+0x40/0x90
[  390.478322][T11947]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.484214][T11947] RIP: 0033:0x7fcd80f9aeb9
[  390.488624][T11947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  390.508244][T11947] RSP: 002b:00007fcd81ef5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  390.516654][T11947] RAX: ffffffffffffffda RBX: 00007fcd81216090 RCX: 00007fcd80f9aeb9
[  390.524624][T11947] RDX: 0000000000008054 RSI: 0000200000000300 RDI: 0000000000000003
[  390.532581][T11947] RBP: 00007fcd81ef5090 R08: 0000000000000000 R09: 0000000000000000
[  390.540545][T11947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  390.548593][T11947] R13: 00007fcd81216128 R14: 00007fcd81216090 R15: 00007fff1a7cbb38
[  390.556566][T11947]  </TASK>
[  390.804030][T11949] netlink: 'syz.2.2066': attribute type 21 has an invalid length.
[  391.240070][T11958] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2069'.
[  391.459540][T11962] netlink: 135856 bytes leftover after parsing attributes in process `syz.3.2070'.
[  391.468903][T11962] netlink: 8442 bytes leftover after parsing attributes in process `syz.3.2070'.
[  391.501281][T11964] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2071'.
[  392.288193][T11971] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2073'.
[  392.555819][T11977] netlink: 'syz.1.2075': attribute type 21 has an invalid length.
[  392.563997][T11977] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2075'.
[  392.704239][T11981] netlink: 'syz.2.2077': attribute type 64 has an invalid length.
[  392.752181][T11985] FAULT_INJECTION: forcing a failure.
[  392.752181][T11985] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  392.784634][T11985] CPU: 0 PID: 11985 Comm: syz.3.2079 Not tainted syzkaller #0
[  392.792141][T11985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  392.801314][T11987] netlink: 'syz.1.2078': attribute type 10 has an invalid length.
[  392.802193][T11985] Call Trace:
[  392.802204][T11985]  <TASK>
[  392.816235][T11985]  dump_stack_lvl+0x18c/0x250
[  392.820947][T11985]  ? show_regs_print_info+0x20/0x20
[  392.826175][T11985]  ? load_image+0x400/0x400
[  392.830703][T11985]  ? __lock_acquire+0x7d40/0x7d40
[  392.835753][T11985]  ? mark_lock+0x94/0x320
[  392.840106][T11985]  should_fail_ex+0x39d/0x4d0
[  392.844809][T11985]  prepare_alloc_pages+0x1e2/0x5f0
[  392.849956][T11985]  __alloc_pages+0x134/0x460
[  392.854575][T11985]  ? zone_statistics+0x170/0x170
[  392.859541][T11985]  ? do_wp_page+0x7ca/0x35f0
[  392.864142][T11985]  ? do_wp_page+0xfc5/0x35f0
[  392.868746][T11985]  __folio_alloc+0x10/0x20
[  392.873176][T11985]  vma_alloc_folio+0x47a/0x8f0
[  392.877966][T11985]  do_wp_page+0x1243/0x35f0
[  392.882510][T11985]  ? folio_put+0xd0/0xd0
[  392.886765][T11985]  ? do_raw_spin_lock+0x11f/0x2c0
[  392.891819][T11985]  ? __rwlock_init+0x150/0x150
[  392.896613][T11985]  handle_mm_fault+0x135d/0x4c00
[  392.901568][T11985]  ? handle_mm_fault+0xe7/0x4c00
[  392.906534][T11985]  ? numa_migrate_prep+0x350/0x350
[  392.911680][T11985]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  392.916987][T11985]  do_user_addr_fault+0x730/0x12c0
[  392.922133][T11985]  exc_page_fault+0x64/0x100
[  392.926745][T11985]  asm_exc_page_fault+0x26/0x30
[  392.931610][T11985] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  392.937438][T11985] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  392.957153][T11985] RSP: 0018:ffffc900042cf6f0 EFLAGS: 00050206
[  392.963220][T11985] RAX: ffffffff8426f801 RBX: 00000000000101d0 RCX: 00000000000005d0
[  392.971187][T11985] RDX: 0000000000000000 RSI: ffff88804730fce8 RDI: 0000200000010000
[  392.979243][T11985] RBP: ffffc900042cf878 R08: ffff8880473102b7 R09: 1ffff11008e62056
[  392.987212][T11985] R10: dffffc0000000000 R11: ffffed1008e62057 R12: 00002000000105d0
[  392.995178][T11985] R13: ffffc900042cfe40 R14: 0000200000000400 R15: ffff8880473000e8
[  393.003151][T11985]  ? copyout+0x1/0x90
[  393.007140][T11985]  copyout+0x70/0x90
[  393.011031][T11985]  _copy_to_iter+0x432/0x1120
[  393.015721][T11985]  ? iov_iter_init+0x1e0/0x1e0
[  393.020487][T11985]  ? __virt_addr_valid+0x18c/0x540
[  393.025595][T11985]  ? __virt_addr_valid+0x469/0x540
[  393.030704][T11985]  ? __phys_addr_symbol+0x2f/0x70
[  393.035732][T11985]  ? __check_object_size+0x506/0xa20
[  393.041028][T11985]  __skb_datagram_iter+0xdb/0x780
[  393.046051][T11985]  ? tsk_importance+0x150/0x150
[  393.050898][T11985]  ? skb_copy_datagram_iter+0x200/0x200
[  393.056533][T11985]  skb_copy_datagram_iter+0xb1/0x200
[  393.061818][T11985]  tipc_recvstream+0x72b/0xe70
[  393.066609][T11985]  ? tipc_sendstream+0x70/0x70
[  393.071385][T11985]  ____sys_recvmsg+0x2ce/0x5e0
[  393.076162][T11985]  ? __sys_recvmsg_sock+0x50/0x50
[  393.081208][T11985]  ? import_iovec+0x73/0xa0
[  393.085722][T11985]  ___sys_recvmsg+0x216/0x590
[  393.090408][T11985]  ? __sys_recvmsg+0x2a0/0x2a0
[  393.095181][T11985]  ? ksys_write+0x1c4/0x260
[  393.099701][T11985]  ? __fget_files+0x43d/0x4b0
[  393.104398][T11985]  __x64_sys_recvmsg+0x20c/0x2e0
[  393.109337][T11985]  ? ___sys_recvmsg+0x590/0x590
[  393.114200][T11985]  ? lockdep_hardirqs_on+0x98/0x150
[  393.119398][T11985]  do_syscall_64+0x55/0xa0
[  393.123808][T11985]  ? clear_bhb_loop+0x40/0x90
[  393.128477][T11985]  ? clear_bhb_loop+0x40/0x90
[  393.133151][T11985]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  393.139044][T11985] RIP: 0033:0x7fcd80f9aeb9
[  393.143452][T11985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  393.163057][T11985] RSP: 002b:00007fcd81f16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  393.171649][T11985] RAX: ffffffffffffffda RBX: 00007fcd81215fa0 RCX: 00007fcd80f9aeb9
[  393.179617][T11985] RDX: 0000000000001f00 RSI: 0000200000000500 RDI: 0000000000000004
[  393.187584][T11985] RBP: 00007fcd81f16090 R08: 0000000000000000 R09: 0000000000000000
[  393.195556][T11985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  393.203518][T11985] R13: 00007fcd81216038 R14: 00007fcd81215fa0 R15: 00007fff1a7cbb38
[  393.211529][T11985]  </TASK>
[  393.334509][T11993] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2080'.
[  393.467217][T11998] netlink: 'syz.1.2083': attribute type 10 has an invalid length.
[  394.108878][ T5763] Bluetooth: hci1: unexpected event 0x03 length: 15 > 11
[  395.217500][T12045] FAULT_INJECTION: forcing a failure.
[  395.217500][T12045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.242202][T12045] CPU: 0 PID: 12045 Comm: syz.0.2100 Not tainted syzkaller #0
[  395.249711][T12045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  395.259782][T12045] Call Trace:
[  395.263074][T12045]  <TASK>
[  395.266016][T12045]  dump_stack_lvl+0x18c/0x250
[  395.270714][T12045]  ? show_regs_print_info+0x20/0x20
[  395.275932][T12045]  ? load_image+0x400/0x400
[  395.280455][T12045]  ? __might_fault+0xaa/0x120
[  395.285136][T12045]  ? __lock_acquire+0x7d40/0x7d40
[  395.290163][T12045]  should_fail_ex+0x39d/0x4d0
[  395.294840][T12045]  _copy_from_user+0x2f/0xe0
[  395.299430][T12045]  generic_map_update_batch+0x54b/0x810
[  395.304972][T12045]  ? rcu_read_unlock+0xa0/0xa0
[  395.309726][T12045]  ? __fdget+0x180/0x210
[  395.313960][T12045]  ? rcu_read_unlock+0xa0/0xa0
[  395.318712][T12045]  bpf_map_do_batch+0x3d7/0x610
[  395.323561][T12045]  __sys_bpf+0x381/0x890
[  395.327795][T12045]  ? bpf_link_show_fdinfo+0x390/0x390
[  395.333170][T12045]  ? lock_chain_count+0x20/0x20
[  395.338016][T12045]  __x64_sys_bpf+0x7c/0x90
[  395.342422][T12045]  do_syscall_64+0x55/0xa0
[  395.346830][T12045]  ? clear_bhb_loop+0x40/0x90
[  395.351495][T12045]  ? clear_bhb_loop+0x40/0x90
[  395.356173][T12045]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  395.362059][T12045] RIP: 0033:0x7f6474d9aeb9
[  395.366466][T12045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  395.386065][T12045] RSP: 002b:00007f6475c8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  395.394470][T12045] RAX: ffffffffffffffda RBX: 00007f6475015fa0 RCX: 00007f6474d9aeb9
[  395.402431][T12045] RDX: 0000000000000038 RSI: 0000200000002340 RDI: 000000000000001a
[  395.410390][T12045] RBP: 00007f6475c8d090 R08: 0000000000000000 R09: 0000000000000000
[  395.418355][T12045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  395.426316][T12045] R13: 00007f6475016038 R14: 00007f6475015fa0 R15: 00007ffe1290f838
[  395.434304][T12045]  </TASK>
[  397.266870][T12083] netlink: 'syz.0.2116': attribute type 15 has an invalid length.
[  397.274857][T12083] netlink: 'syz.0.2116': attribute type 5 has an invalid length.
[  397.283183][T12083] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2116'.
[  397.661169][T12101] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2123'.
[  398.494435][T12115] FAULT_INJECTION: forcing a failure.
[  398.494435][T12115] name failslab, interval 1, probability 0, space 0, times 0
[  398.564237][T12115] CPU: 0 PID: 12115 Comm: syz.3.2129 Not tainted syzkaller #0
[  398.571765][T12115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  398.581845][T12115] Call Trace:
[  398.585137][T12115]  <TASK>
[  398.588078][T12115]  dump_stack_lvl+0x18c/0x250
[  398.592796][T12115]  ? show_regs_print_info+0x20/0x20
[  398.598016][T12115]  ? load_image+0x400/0x400
[  398.602536][T12115]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  398.608543][T12115]  ? __asan_memset+0x22/0x40
[  398.613161][T12115]  should_fail_ex+0x39d/0x4d0
[  398.617865][T12115]  should_failslab+0x9/0x20
[  398.622385][T12115]  slab_pre_alloc_hook+0x59/0x310
[  398.627423][T12115]  ? __debug_object_init+0xec/0x450
[  398.632641][T12115]  kmem_cache_alloc+0x5a/0x2d0
[  398.637425][T12115]  ? slab_build_skb+0x2b/0x3f0
[  398.642211][T12115]  slab_build_skb+0x2b/0x3f0
[  398.646822][T12115]  bpf_prog_test_run_skb+0x3c8/0x12b0
[  398.652201][T12115]  ? __fget_files+0x28/0x4b0
[  398.656803][T12115]  ? __fget_files+0x28/0x4b0
[  398.661408][T12115]  ? __fget_files+0x43d/0x4b0
[  398.666108][T12115]  ? cpu_online+0x60/0x60
[  398.670449][T12115]  bpf_prog_test_run+0x321/0x390
[  398.675404][T12115]  __sys_bpf+0x49d/0x890
[  398.679663][T12115]  ? bpf_link_show_fdinfo+0x390/0x390
[  398.685064][T12115]  ? lock_chain_count+0x20/0x20
[  398.689934][T12115]  __x64_sys_bpf+0x7c/0x90
[  398.694371][T12115]  do_syscall_64+0x55/0xa0
[  398.698810][T12115]  ? clear_bhb_loop+0x40/0x90
[  398.703500][T12115]  ? clear_bhb_loop+0x40/0x90
[  398.708202][T12115]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  398.714127][T12115] RIP: 0033:0x7fcd80f9aeb9
[  398.718555][T12115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  398.738250][T12115] RSP: 002b:00007fcd81f16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  398.746689][T12115] RAX: ffffffffffffffda RBX: 00007fcd81215fa0 RCX: 00007fcd80f9aeb9
[  398.754674][T12115] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a
[  398.762659][T12115] RBP: 00007fcd81f16090 R08: 0000000000000000 R09: 0000000000000000
[  398.770643][T12115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.778622][T12115] R13: 00007fcd81216038 R14: 00007fcd81215fa0 R15: 00007fff1a7cbb38
[  398.786620][T12115]  </TASK>
[  399.177393][T12121] netlink: 'syz.3.2131': attribute type 10 has an invalid length.
[  399.216519][T12121] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2131'.
[  399.247050][T12121] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  399.273118][T12121] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  399.387245][T12121] batman_adv: batadv0: Adding interface: virt_wifi0
[  399.405357][T12121] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  399.449956][T12121] batman_adv: batadv0: Interface activated: virt_wifi0
[  399.875059][T12133] netlink: 'syz.2.2133': attribute type 10 has an invalid length.
[  399.890289][T12133] hsr0: left allmulticast mode
[  399.906877][T12133] hsr_slave_0: left allmulticast mode
[  399.933448][T12133] hsr_slave_1: left allmulticast mode
[  404.044649][T12184] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2151'.
[  404.241754][T12191] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2154'.
[  404.261970][T12191] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2154'.
[  404.508395][T12195] netlink: 'syz.3.2155': attribute type 10 has an invalid length.
[  404.632545][T12201] syzkaller0: left promiscuous mode
[  404.637805][T12201] syzkaller0: left allmulticast mode
[  404.697936][T12204] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2159'.
[  405.155733][T12230] netlink: 'syz.0.2168': attribute type 6 has an invalid length.
[  405.170540][T12230] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2168'.
[  405.229972][T12232] netlink: 'syz.2.2169': attribute type 10 has an invalid length.
[  405.312442][T12237] tap2: tun_chr_ioctl cmd 35108
[  405.463288][T12248] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  405.470163][T12248] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  405.631702][T12256] netlink: 'syz.1.2180': attribute type 10 has an invalid length.
[  405.691696][T12258] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2181'.
[  405.738886][T12260] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  405.745583][T12260] FAULT_INJECTION: forcing a failure.
[  405.745583][T12260] name failslab, interval 1, probability 0, space 0, times 0
[  405.758409][T12260] CPU: 0 PID: 12260 Comm: syz.3.2182 Not tainted syzkaller #0
[  405.765896][T12260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  405.775966][T12260] Call Trace:
[  405.779252][T12260]  <TASK>
[  405.782188][T12260]  dump_stack_lvl+0x18c/0x250
[  405.786892][T12260]  ? show_regs_print_info+0x20/0x20
[  405.792101][T12260]  ? load_image+0x400/0x400
[  405.796615][T12260]  ? __local_bh_enable_ip+0x13a/0x1c0
[  405.802009][T12260]  should_fail_ex+0x39d/0x4d0
[  405.806715][T12260]  should_failslab+0x9/0x20
[  405.811229][T12260]  slab_pre_alloc_hook+0x59/0x310
[  405.816272][T12260]  kmem_cache_alloc_node+0x60/0x320
[  405.821479][T12260]  ? __alloc_skb+0x103/0x2c0
[  405.826083][T12260]  __alloc_skb+0x103/0x2c0
[  405.830514][T12260]  __pskb_copy_fclone+0xac/0x10c0
[  405.835547][T12260]  ? __local_bh_enable_ip+0x13a/0x1c0
[  405.840929][T12260]  ? __local_bh_enable_ip+0x13a/0x1c0
[  405.846304][T12260]  ? _local_bh_enable+0xa0/0xa0
[  405.851160][T12260]  hsr_create_tagged_frame+0x223/0xc80
[  405.856637][T12260]  ? hsr_register_frame_out+0x263/0x3a0
[  405.862191][T12260]  ? hsr_register_frame_out+0x263/0x3a0
[  405.867747][T12260]  ? hsr_drop_frame+0x81/0x160
[  405.872522][T12260]  hsr_forward_skb+0xf4c/0x2140
[  405.877381][T12260]  ? hsr_forward_skb+0xa5/0x2140
[  405.882326][T12260]  ? prp_fill_frame_info+0x6f0/0x6f0
[  405.887616][T12260]  ? do_raw_spin_lock+0x11f/0x2c0
[  405.892653][T12260]  ? __rwlock_init+0x150/0x150
[  405.897426][T12260]  ? hsr_dev_xmit+0x1dc/0x350
[  405.902107][T12260]  hsr_dev_xmit+0x1e7/0x350
[  405.906612][T12260]  ? hsr_dev_xmit+0x2d/0x350
[  405.911209][T12260]  dev_hard_start_xmit+0x246/0x740
[  405.916340][T12260]  __dev_queue_xmit+0x1ac2/0x36b0
[  405.921371][T12260]  ? __dev_queue_xmit+0x26b/0x36b0
[  405.926502][T12260]  ? sock_alloc_send_pskb+0x8a1/0x9a0
[  405.931888][T12260]  ? netdev_core_pick_tx+0x340/0x340
[  405.937178][T12260]  ? packet_parse_headers+0x7cb/0xac0
[  405.942575][T12260]  ? packet_parse_headers+0x85e/0xac0
[  405.947953][T12260]  ? __virt_addr_valid+0x18c/0x540
[  405.953077][T12260]  ? __check_object_size+0x506/0xa20
[  405.958402][T12260]  ? skb_setup_tx_timestamp+0x1f0/0x1f0
[  405.963964][T12260]  ? skb_copy_datagram_from_iter+0x5f6/0x6e0
[  405.969958][T12260]  ? packet_xmit+0x66/0x330
[  405.974467][T12260]  ? packet_sendmsg+0x3a37/0x4d70
[  405.979499][T12260]  packet_sendmsg+0x3b7a/0x4d70
[  405.984392][T12260]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  405.990385][T12260]  ? lock_chain_count+0x20/0x20
[  405.995243][T12260]  ? aa_sk_perm+0x83c/0x970
[  405.999756][T12260]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  406.005912][T12260]  ? lockdep_hardirqs_on+0x98/0x150
[  406.011114][T12260]  ? packet_getsockopt+0xad0/0xad0
[  406.016237][T12260]  ? aa_sock_msg_perm+0x94/0x150
[  406.021184][T12260]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  406.026482][T12260]  ? security_socket_sendmsg+0x80/0xa0
[  406.031943][T12260]  ? packet_getsockopt+0xad0/0xad0
[  406.037065][T12260]  ____sys_sendmsg+0x5ba/0x960
[  406.041848][T12260]  ? __lock_acquire+0x7d40/0x7d40
[  406.046881][T12260]  ? __asan_memset+0x22/0x40
[  406.051480][T12260]  ? __sys_sendmsg_sock+0x30/0x30
[  406.056511][T12260]  ? __import_iovec+0x5f2/0x850
[  406.061379][T12260]  ? import_iovec+0x73/0xa0
[  406.065898][T12260]  ___sys_sendmsg+0x2a6/0x360
[  406.070594][T12260]  ? __sys_sendmsg+0x2a0/0x2a0
[  406.075388][T12260]  ? __lock_acquire+0x7d40/0x7d40
[  406.080448][T12260]  __se_sys_sendmsg+0x1c2/0x2b0
[  406.085317][T12260]  ? __x64_sys_sendmsg+0x80/0x80
[  406.090283][T12260]  ? lockdep_hardirqs_on+0x98/0x150
[  406.095488][T12260]  do_syscall_64+0x55/0xa0
[  406.099911][T12260]  ? clear_bhb_loop+0x40/0x90
[  406.104597][T12260]  ? clear_bhb_loop+0x40/0x90
[  406.109368][T12260]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  406.115273][T12260] RIP: 0033:0x7fcd80f9aeb9
[  406.119694][T12260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  406.139303][T12260] RSP: 002b:00007fcd81f16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  406.147721][T12260] RAX: ffffffffffffffda RBX: 00007fcd81215fa0 RCX: 00007fcd80f9aeb9
[  406.155695][T12260] RDX: 0000000000000000 RSI: 0000200000000fc0 RDI: 0000000000000005
[  406.163672][T12260] RBP: 00007fcd81f16090 R08: 0000000000000000 R09: 0000000000000000
[  406.171646][T12260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.179621][T12260] R13: 00007fcd81216038 R14: 00007fcd81215fa0 R15: 00007fff1a7cbb38
[  406.187617][T12260]  </TASK>
[  406.261231][T12264] netlink: 'syz.1.2183': attribute type 10 has an invalid length.
[  406.448448][T12275] netlink: 'syz.3.2187': attribute type 9 has an invalid length.
[  406.456750][T12275] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2187'.
[  406.478995][T12275] netlink: 'syz.3.2187': attribute type 3 has an invalid length.
[  406.487193][T12275] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2187'.
[  406.504208][T12275] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  406.545744][T12281] netlink: 'syz.2.2190': attribute type 33 has an invalid length.
[  406.564512][T12281] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2190'.
[  406.981705][T12286] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2191'.
[  407.444775][T12297] netlink: 'syz.3.2195': attribute type 1 has an invalid length.
[  407.610203][T12306] netlink: 'syz.2.2199': attribute type 2 has an invalid length.
[  409.049795][T12331] __nla_validate_parse: 7 callbacks suppressed
[  409.049834][T12331] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.2209'.
[  409.500196][T12342] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2214'.
[  409.536580][T12342] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2214'.
[  409.571756][T12352] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2214'.
[  409.598794][T12351] validate_nla: 1 callbacks suppressed
[  409.598812][T12351] netlink: 'syz.2.2217': attribute type 10 has an invalid length.
[  409.620139][T12342] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2214'.
[  409.724568][T12342] netlink: 'syz.1.2214': attribute type 21 has an invalid length.
[  409.739719][T12342] IPv6: NLM_F_CREATE should be specified when creating new route
[  409.928119][T12363] netlink: 'syz.0.2222': attribute type 29 has an invalid length.
[  409.948451][T12363] netlink: 'syz.0.2222': attribute type 29 has an invalid length.
[  409.966851][T12361] netlink: 'syz.3.2221': attribute type 1 has an invalid length.
[  409.986357][T12361] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2221'.
[  410.108638][T12369] netlink: 'syz.1.2224': attribute type 10 has an invalid length.
[  410.910923][T12368] netlink: 'syz.0.2222': attribute type 29 has an invalid length.
[  410.929711][T12374] netlink: 'syz.3.2226': attribute type 10 has an invalid length.
[  411.046782][T12373] netlink: 'syz.0.2222': attribute type 29 has an invalid length.
[  411.055810][T12375] netlink: 'syz.0.2222': attribute type 29 has an invalid length.
[  411.361294][T12385] netlink: 399 bytes leftover after parsing attributes in process `syz.3.2230'.
[  412.243227][T12404] 8021q: adding VLAN 0 to HW filter on device team0
[  412.261519][T12404] team0: entered promiscuous mode
[  412.266586][T12404] team_slave_0: entered promiscuous mode
[  412.273014][T12404] team_slave_1: entered promiscuous mode
[  412.278961][T12404] team0: entered allmulticast mode
[  412.284584][T12404] team_slave_0: entered allmulticast mode
[  412.293607][T12404] team_slave_1: entered allmulticast mode
[  412.311668][T12404] bond0: (slave team0): Enslaving as an active interface with an up link
[  412.363809][T12408] team0: Port device wlan1 removed
[  413.783249][T12418] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  414.444223][T12450] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2250'.
[  416.942369][T12452] validate_nla: 14 callbacks suppressed
[  416.942388][T12452] netlink: 'syz.2.2251': attribute type 10 has an invalid length.
[  416.985779][T12456] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  416.986940][T12453] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.005481][T12453] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.030718][T12452] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.048796][T12453] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.065393][T12452] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.078277][T12453] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.097226][T12452] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2251'.
[  417.246769][T12455] netlink: 'syz.1.2253': attribute type 3 has an invalid length.
[  417.262518][T12455] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2253'.
[  417.285562][T12460] netlink: 'syz.1.2253': attribute type 10 has an invalid length.
[  417.408497][T12465] netlink: 'syz.2.2255': attribute type 29 has an invalid length.
[  417.451041][T12465] netlink: 'syz.2.2255': attribute type 29 has an invalid length.
[  418.167593][ T5082] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  418.184522][ T5082] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  418.195891][ T5082] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  418.210142][ T5082] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  418.218021][ T5082] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  418.225869][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  418.349970][ T7785] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.368762][T12466] netlink: 'syz.2.2255': attribute type 29 has an invalid length.
[  418.388630][T12467] netlink: 'syz.2.2255': attribute type 29 has an invalid length.
[  418.398460][T12469] netlink: 'syz.2.2255': attribute type 29 has an invalid length.
[  418.430121][ T7785] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.534141][ T7785] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.558801][T12475] netlink: 'syz.2.2257': attribute type 10 has an invalid length.
[  418.649948][ T7785] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.688285][T12470] chnl_net:caif_netlink_parms(): no params data found
[  418.820923][T12470] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.828273][T12470] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.835681][T12470] bridge_slave_0: entered allmulticast mode
[  418.843375][T12470] bridge_slave_0: entered promiscuous mode
[  418.887011][T12470] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.894552][T12470] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.902069][T12470] bridge_slave_1: entered allmulticast mode
[  418.920371][T12470] bridge_slave_1: entered promiscuous mode
[  418.968629][T12484] dvmrp0: tun_chr_ioctl cmd 1074025677
[  418.980568][T12484] dvmrp0: linktype set to 768
[  419.020468][T12470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  419.034546][T12470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  419.097127][T12490] netlink: 'syz.3.2260': attribute type 1 has an invalid length.
[  419.132974][T12470] team0: Port device team_slave_0 added
[  419.251358][T12470] team0: Port device team_slave_1 added
[  419.320333][T12470] batman_adv: batadv0: Adding interface: batadv_slave_0
[  419.327317][T12470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.389466][T12470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  419.451714][T12470] batman_adv: batadv0: Adding interface: batadv_slave_1
[  419.458697][T12470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.558871][T12470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  420.235185][T12470] hsr_slave_0: entered promiscuous mode
[  420.275987][T12470] hsr_slave_1: entered promiscuous mode
[  420.297729][T12470] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  420.308642][T12470] Cannot create hsr debugfs directory
[  420.329422][ T5082] Bluetooth: hci3: command tx timeout
[  420.954499][T12530] __nla_validate_parse: 1 callbacks suppressed
[  420.954518][T12530] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2269'.
[  421.492883][T12545] dvmrp0: tun_chr_ioctl cmd 1074025677
[  421.552161][T12545] dvmrp0: linktype set to 768
[  421.691725][T12543] delete_channel: no stack
[  421.853101][ T7785] hsr_slave_0: left promiscuous mode
[  421.866863][ T7785] hsr_slave_1: left promiscuous mode
[  421.930994][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  421.955555][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_0
[  422.010810][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  422.018290][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_1
[  422.070500][ T7785] bond0: left allmulticast mode
[  422.075458][ T7785] bond_slave_0: left allmulticast mode
[  422.099472][ T7785] bond_slave_1: left allmulticast mode
[  422.105023][ T7785] team0: left allmulticast mode
[  422.113328][T12562] validate_nla: 8 callbacks suppressed
[  422.113345][T12562] netlink: 'syz.1.2282': attribute type 29 has an invalid length.
[  422.127793][ T7785] team_slave_0: left allmulticast mode
[  422.134314][ T7785] team_slave_1: left allmulticast mode
[  422.143893][ T7785] bridge0: port 4(bond0) entered disabled state
[  422.180386][ T7785] dummy0: left allmulticast mode
[  422.185734][ T7785] bridge0: port 3(dummy0) entered disabled state
[  422.212798][ T7785] bridge_slave_1: left allmulticast mode
[  422.218524][ T7785] bridge_slave_1: left promiscuous mode
[  422.239027][ T7785] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.279541][ T7785] bridge_slave_0: left allmulticast mode
[  422.287422][ T7785] bridge_slave_0: left promiscuous mode
[  422.291634][T12570] netlink: 'syz.3.2273': attribute type 3 has an invalid length.
[  422.301410][ T7785] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.319679][T12570] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2273'.
[  422.389961][ T5082] Bluetooth: hci3: command tx timeout
[  422.412854][ T7785] veth1_macvtap: left promiscuous mode
[  422.418947][ T7785] veth0_macvtap: left promiscuous mode
[  422.425106][ T7785] veth1_vlan: left promiscuous mode
[  422.431044][ T7785] veth0_vlan: left promiscuous mode
[  423.349353][ T7785] team_slave_1 (unregistering): left promiscuous mode
[  423.359099][ T7785] team0 (unregistering): Port device team_slave_1 removed
[  423.410440][ T7785] team_slave_0 (unregistering): left promiscuous mode
[  423.419234][ T7785] team0 (unregistering): Port device team_slave_0 removed
[  423.468458][ T7785] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  423.481838][ T7785] bond_slave_1 (unregistering): left promiscuous mode
[  423.524439][ T7785] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  423.536154][ T7785] bond_slave_0 (unregistering): left promiscuous mode
[  423.845580][ T7785] bond0 (unregistering): (slave team0): Releasing backup interface
[  423.854248][ T7785] team0 (unregistering): left promiscuous mode
[  423.887221][ T7785] bond0 (unregistering): Released all slaves
[  423.988800][T12562] netlink: 'syz.1.2282': attribute type 29 has an invalid length.
[  424.020003][T12572] netlink: 'syz.3.2273': attribute type 10 has an invalid length.
[  424.300485][T12470] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  424.469661][ T5082] Bluetooth: hci3: command tx timeout
[  425.280216][T12470] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  425.495983][T12581] syzkaller0: entered promiscuous mode
[  425.530459][T12581] syzkaller0: entered allmulticast mode
[  425.542336][T12597] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2279'.
[  425.551584][T12470] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  426.554013][ T5082] Bluetooth: hci3: command tx timeout
[  427.872170][T12470] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  427.883352][T12597] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2279'.
[  427.894723][T12612] netlink: 'syz.1.2283': attribute type 39 has an invalid length.
[  427.987747][T12612] hsr_slave_1 (unregistering): left promiscuous mode
[  428.199042][T12630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  428.440480][T12644] netlink: 'syz.3.2286': attribute type 29 has an invalid length.
[  428.471646][T12644] netlink: 'syz.3.2286': attribute type 29 has an invalid length.
[  428.537151][T12649] netlink: 'syz.3.2286': attribute type 29 has an invalid length.
[  428.597943][T12470] 8021q: adding VLAN 0 to HW filter on device bond0
[  428.757987][T12470] 8021q: adding VLAN 0 to HW filter on device team0
[  428.871663][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.878931][ T7788] bridge0: port 1(bridge_slave_0) entered forwarding state
[  428.967706][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.975778][ T7788] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.810139][T12687] netlink: 'syz.1.2295': attribute type 19 has an invalid length.
[  429.830043][T12687] netlink: 14552 bytes leftover after parsing attributes in process `syz.1.2295'.
[  429.860881][T12689] netlink: 'syz.2.2296': attribute type 3 has an invalid length.
[  429.896408][T12470] 8021q: adding VLAN 0 to HW filter on device batadv0
[  429.912049][T12689] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2296'.
[  430.076572][T12470] veth0_vlan: entered promiscuous mode
[  430.124724][T12470] veth1_vlan: entered promiscuous mode
[  430.202246][T12470] veth0_macvtap: entered promiscuous mode
[  430.222937][T12470] veth1_macvtap: entered promiscuous mode
[  430.277604][T12470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.293416][T12470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.304170][T12470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.321559][T12470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.344771][T12470] batman_adv: batadv0: Interface activated: batadv_slave_0
[  430.369782][T12470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.380728][T12470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.402968][T12470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.437974][T12470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.472247][T12470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  430.502100][T12470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.548689][T12470] batman_adv: batadv0: Interface activated: batadv_slave_1
[  430.602326][T12470] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  430.633898][T12714] netlink: 'syz.2.2300': attribute type 29 has an invalid length.
[  430.649888][T12470] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  430.669396][T12470] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.678264][T12470] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.735971][T12714] netlink: 'syz.2.2300': attribute type 29 has an invalid length.
[  430.779956][T12721] netlink: 'syz.2.2300': attribute type 29 has an invalid length.
[  431.104050][ T7788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.135903][ T7788] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.253439][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.281180][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.397840][T12730] FAULT_INJECTION: forcing a failure.
[  431.397840][T12730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.416239][T12730] CPU: 0 PID: 12730 Comm: syz.1.2304 Not tainted syzkaller #0
[  431.423749][T12730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  431.433821][T12730] Call Trace:
[  431.437092][T12730]  <TASK>
[  431.440013][T12730]  dump_stack_lvl+0x18c/0x250
[  431.444685][T12730]  ? show_regs_print_info+0x20/0x20
[  431.449881][T12730]  ? load_image+0x400/0x400
[  431.454371][T12730]  ? __lock_acquire+0x7d40/0x7d40
[  431.459383][T12730]  ? snprintf+0xe9/0x140
[  431.463625][T12730]  should_fail_ex+0x39d/0x4d0
[  431.468317][T12730]  _copy_to_user+0x2f/0xa0
[  431.472746][T12730]  simple_read_from_buffer+0xe7/0x150
[  431.478130][T12730]  proc_fail_nth_read+0x1e8/0x260
[  431.483158][T12730]  ? proc_fault_inject_write+0x360/0x360
[  431.488788][T12730]  ? fsnotify_perm+0x271/0x5e0
[  431.493553][T12730]  ? proc_fault_inject_write+0x360/0x360
[  431.499200][T12730]  vfs_read+0x28b/0x970
[  431.503371][T12730]  ? kernel_read+0x1e0/0x1e0
[  431.507967][T12730]  ? __fget_files+0x28/0x4b0
[  431.512556][T12730]  ? __fget_files+0x28/0x4b0
[  431.517145][T12730]  ? __fget_files+0x43d/0x4b0
[  431.521822][T12730]  ? __fdget_pos+0x2a3/0x330
[  431.526409][T12730]  ? ksys_read+0x75/0x260
[  431.530737][T12730]  ksys_read+0x150/0x260
[  431.534977][T12730]  ? vfs_write+0x990/0x990
[  431.539389][T12730]  ? lockdep_hardirqs_on+0x98/0x150
[  431.544578][T12730]  do_syscall_64+0x55/0xa0
[  431.548987][T12730]  ? clear_bhb_loop+0x40/0x90
[  431.553652][T12730]  ? clear_bhb_loop+0x40/0x90
[  431.558321][T12730]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  431.564203][T12730] RIP: 0033:0x7f2a68f5b78e
[  431.568616][T12730] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  431.588221][T12730] RSP: 002b:00007f2a69e32fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  431.596629][T12730] RAX: ffffffffffffffda RBX: 00007f2a69e336c0 RCX: 00007f2a68f5b78e
[  431.604618][T12730] RDX: 000000000000000f RSI: 00007f2a69e330a0 RDI: 0000000000000004
[  431.612595][T12730] RBP: 00007f2a69e33090 R08: 0000000000000000 R09: 0000000000000000
[  431.620575][T12730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.628557][T12730] R13: 00007f2a69216038 R14: 00007f2a69215fa0 R15: 00007fffb4725358
[  431.636537][T12730]  </TASK>
[  431.902845][T12747] netlink: 'syz.2.2310': attribute type 4 has an invalid length.
[  433.453713][T12777] delete_channel: no stack
[  433.821335][ T5763] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  433.831387][ T5763] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  433.839083][T12788] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  433.839933][ T5763] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  433.863767][ T5763] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  433.872580][ T5763] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  433.887210][ T5763] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  434.087479][T12797] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2329'.
[  434.141888][T12799] validate_nla: 3 callbacks suppressed
[  434.141930][T12799] netlink: 'syz.3.2331': attribute type 9 has an invalid length.
[  434.156052][T12799] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.2331'.
[  434.189296][T12802] netlink: 'syz.2.2330': attribute type 1 has an invalid length.
[  434.205144][T12802] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.2330'.
[  434.248364][T12799] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2331'.
[  434.313183][ T1130] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.529184][ T1130] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.887064][ T1130] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.105754][T12818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2337'.
[  435.167545][ T1130] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.221508][T12818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2337'.
[  435.307480][T12819] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2337'.
[  435.477594][T12789] chnl_net:caif_netlink_parms(): no params data found
[  435.525365][T12819] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2337'.
[  435.751810][T12828] netlink: 'syz.2.2339': attribute type 10 has an invalid length.
[  435.994123][ T5082] Bluetooth: hci4: command tx timeout
[  436.273349][T12840] FAULT_INJECTION: forcing a failure.
[  436.273349][T12840] name failslab, interval 1, probability 0, space 0, times 0
[  436.286469][T12840] CPU: 1 PID: 12840 Comm: syz.2.2341 Not tainted syzkaller #0
[  436.293948][T12840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  436.304025][T12840] Call Trace:
[  436.307322][T12840]  <TASK>
[  436.310273][T12840]  dump_stack_lvl+0x18c/0x250
[  436.314975][T12840]  ? show_regs_print_info+0x20/0x20
[  436.320187][T12840]  ? load_image+0x400/0x400
[  436.324710][T12840]  ? skb_network_protocol+0x51f/0x780
[  436.330110][T12840]  should_fail_ex+0x39d/0x4d0
[  436.334808][T12840]  should_failslab+0x9/0x20
[  436.339328][T12840]  slab_pre_alloc_hook+0x59/0x310
[  436.344392][T12840]  kmem_cache_alloc+0x5a/0x2d0
[  436.349165][T12840]  ? skb_clone+0x1eb/0x370
[  436.353601][T12840]  skb_clone+0x1eb/0x370
[  436.357845][T12840]  ? dev_queue_xmit_nit+0x212/0xbb0
[  436.363056][T12840]  dev_queue_xmit_nit+0x24d/0xbb0
[  436.368095][T12840]  ? dev_queue_xmit_nit+0x2d/0xbb0
[  436.373224][T12840]  ? validate_xmit_skb+0x949/0xf60
[  436.378362][T12840]  dev_hard_start_xmit+0x148/0x740
[  436.383521][T12840]  __dev_queue_xmit+0x1ac2/0x36b0
[  436.388561][T12840]  ? __dev_queue_xmit+0x26b/0x36b0
[  436.393823][T12840]  ? netdev_core_pick_tx+0x340/0x340
[  436.399131][T12840]  ? __copy_skb_header+0xa3/0x4a0
[  436.404169][T12840]  ? __asan_memcpy+0x40/0x70
[  436.408771][T12840]  ? __skb_clone+0x63/0x790
[  436.413298][T12840]  ? __skb_clone+0x480/0x790
[  436.417914][T12840]  ? skb_clone+0x21f/0x370
[  436.422344][T12840]  __netlink_deliver_tap+0x5ab/0x830
[  436.427667][T12840]  ? netlink_deliver_tap+0x2e/0x1b0
[  436.432880][T12840]  netlink_deliver_tap+0x19c/0x1b0
[  436.438093][T12840]  netlink_unicast+0x72c/0x8d0
[  436.442893][T12840]  netlink_sendmsg+0x8d0/0xbf0
[  436.447664][T12840]  ? perf_trace_lock+0x304/0x3b0
[  436.452631][T12840]  ? netlink_getsockopt+0x590/0x590
[  436.457847][T12840]  ? aa_sock_msg_perm+0x94/0x150
[  436.462810][T12840]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  436.468105][T12840]  ? security_socket_sendmsg+0x80/0xa0
[  436.473585][T12840]  ? netlink_getsockopt+0x590/0x590
[  436.478804][T12840]  ____sys_sendmsg+0x5ba/0x960
[  436.483605][T12840]  ? __asan_memset+0x22/0x40
[  436.488211][T12840]  ? __sys_sendmsg_sock+0x30/0x30
[  436.493284][T12840]  ? __import_iovec+0x5f2/0x850
[  436.498202][T12840]  ? import_iovec+0x73/0xa0
[  436.502748][T12840]  ___sys_sendmsg+0x2a6/0x360
[  436.507461][T12840]  ? __sys_sendmsg+0x2a0/0x2a0
[  436.512300][T12840]  ? __lock_acquire+0x7d40/0x7d40
[  436.517477][T12840]  __se_sys_sendmsg+0x1c2/0x2b0
[  436.522359][T12840]  ? __x64_sys_sendmsg+0x80/0x80
[  436.527403][T12840]  ? lockdep_hardirqs_on+0x98/0x150
[  436.532654][T12840]  do_syscall_64+0x55/0xa0
[  436.537095][T12840]  ? clear_bhb_loop+0x40/0x90
[  436.541780][T12840]  ? clear_bhb_loop+0x40/0x90
[  436.546467][T12840]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  436.552382][T12840] RIP: 0033:0x7fb68a59aeb9
[  436.556820][T12840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  436.576451][T12840] RSP: 002b:00007fb68b524028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  436.584885][T12840] RAX: ffffffffffffffda RBX: 00007fb68a815fa0 RCX: 00007fb68a59aeb9
[  436.592940][T12840] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  436.600919][T12840] RBP: 00007fb68b524090 R08: 0000000000000000 R09: 0000000000000000
[  436.608898][T12840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.616882][T12840] R13: 00007fb68a816038 R14: 00007fb68a815fa0 R15: 00007fffa47ebc58
[  436.624903][T12840]  </TASK>
[  436.765035][T12844] FAULT_INJECTION: forcing a failure.
[  436.765035][T12844] name failslab, interval 1, probability 0, space 0, times 0
[  436.790352][T12844] CPU: 1 PID: 12844 Comm: syz.0.2343 Not tainted syzkaller #0
[  436.797871][T12844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  436.807948][T12844] Call Trace:
[  436.811774][T12844]  <TASK>
[  436.814716][T12844]  dump_stack_lvl+0x18c/0x250
[  436.819417][T12844]  ? show_regs_print_info+0x20/0x20
[  436.824649][T12844]  ? load_image+0x400/0x400
[  436.829186][T12844]  ? __might_sleep+0xe0/0xe0
[  436.833820][T12844]  ? __lock_acquire+0x7d40/0x7d40
[  436.838875][T12844]  should_fail_ex+0x39d/0x4d0
[  436.843587][T12844]  should_failslab+0x9/0x20
[  436.848124][T12844]  slab_pre_alloc_hook+0x59/0x310
[  436.853187][T12844]  ? nbp_vlan_add+0x20f/0x3c0
[  436.857902][T12844]  __kmem_cache_alloc_node+0x53/0x250
[  436.863312][T12844]  ? __vlan_flush+0x3c0/0x3c0
[  436.868013][T12844]  ? nbp_vlan_add+0x20f/0x3c0
[  436.872711][T12844]  kmalloc_trace+0x2a/0xe0
[  436.877143][T12844]  nbp_vlan_add+0x20f/0x3c0
[  436.881664][T12844]  br_vlan_info+0x101/0x460
[  436.886191][T12844]  ? br_process_vlan_info+0x8a0/0x8a0
[  436.891569][T12844]  ? __lock_acquire+0x7d40/0x7d40
[  436.896593][T12844]  br_process_vlan_info+0x316/0x8a0
[  436.901809][T12844]  ? __lock_acquire+0x1347/0x7d40
[  436.906829][T12844]  ? br_getlink+0x180/0x180
[  436.911335][T12844]  br_afspec+0x399/0x5f0
[  436.915579][T12844]  ? br_setport+0x1680/0x1680
[  436.920258][T12844]  br_setlink+0x2dc/0x8b0
[  436.924587][T12844]  ? br_vlan_info+0x460/0x460
[  436.929333][T12844]  ? __mutex_lock+0x956/0xcc0
[  436.934013][T12844]  ? mutex_is_locked+0x12/0x40
[  436.938784][T12844]  rtnl_bridge_setlink+0x5b7/0x7d0
[  436.943894][T12844]  ? rtnl_bridge_dellink+0x6f0/0x6f0
[  436.949172][T12844]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  436.954279][T12844]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  436.959396][T12844]  ? rtnl_bridge_dellink+0x6f0/0x6f0
[  436.964685][T12844]  rtnetlink_rcv_msg+0x869/0xfa0
[  436.969619][T12844]  ? lockdep_hardirqs_on+0x98/0x150
[  436.974811][T12844]  ? rtnetlink_bind+0x80/0x80
[  436.979490][T12844]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  436.985468][T12844]  ? __dev_queue_xmit+0x26b/0x36b0
[  436.990579][T12844]  ? lock_chain_count+0x20/0x20
[  436.995444][T12844]  ? __local_bh_enable_ip+0x13a/0x1c0
[  437.000810][T12844]  ? lockdep_hardirqs_on+0x98/0x150
[  437.006002][T12844]  ? __local_bh_enable_ip+0x13a/0x1c0
[  437.011369][T12844]  ? _local_bh_enable+0xa0/0xa0
[  437.016220][T12844]  ? __dev_queue_xmit+0x26b/0x36b0
[  437.021331][T12844]  ? __dev_queue_xmit+0x26b/0x36b0
[  437.026438][T12844]  ? __dev_queue_xmit+0x124f/0x36b0
[  437.031629][T12844]  ? __dev_queue_xmit+0x26b/0x36b0
[  437.036855][T12844]  ? ref_tracker_free+0x690/0x840
[  437.041902][T12844]  netlink_rcv_skb+0x241/0x4d0
[  437.046676][T12844]  ? rtnetlink_bind+0x80/0x80
[  437.051369][T12844]  ? netlink_ack+0x1180/0x1180
[  437.056158][T12844]  ? __lock_acquire+0x7d40/0x7d40
[  437.061289][T12844]  ? netlink_deliver_tap+0x2e/0x1b0
[  437.066492][T12844]  netlink_unicast+0x751/0x8d0
[  437.071276][T12844]  netlink_sendmsg+0x8d0/0xbf0
[  437.076042][T12844]  ? netlink_getsockopt+0x590/0x590
[  437.081259][T12844]  ? aa_sock_msg_perm+0x94/0x150
[  437.086209][T12844]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  437.091491][T12844]  ? security_socket_sendmsg+0x80/0xa0
[  437.096951][T12844]  ? netlink_getsockopt+0x590/0x590
[  437.102149][T12844]  ____sys_sendmsg+0x5ba/0x960
[  437.106923][T12844]  ? __asan_memset+0x22/0x40
[  437.111509][T12844]  ? __sys_sendmsg_sock+0x30/0x30
[  437.116532][T12844]  ? __import_iovec+0x5f2/0x850
[  437.121389][T12844]  ? import_iovec+0x73/0xa0
[  437.125908][T12844]  ___sys_sendmsg+0x2a6/0x360
[  437.130582][T12844]  ? get_pid_task+0x20/0x1e0
[  437.135170][T12844]  ? __sys_sendmsg+0x2a0/0x2a0
[  437.139952][T12844]  ? __lock_acquire+0x7d40/0x7d40
[  437.144989][T12844]  __se_sys_sendmsg+0x1c2/0x2b0
[  437.149840][T12844]  ? __x64_sys_sendmsg+0x80/0x80
[  437.154787][T12844]  ? lockdep_hardirqs_on+0x98/0x150
[  437.159981][T12844]  do_syscall_64+0x55/0xa0
[  437.164392][T12844]  ? clear_bhb_loop+0x40/0x90
[  437.169067][T12844]  ? clear_bhb_loop+0x40/0x90
[  437.173740][T12844]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  437.179626][T12844] RIP: 0033:0x7f0004f9aeb9
[  437.184036][T12844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  437.203642][T12844] RSP: 002b:00007f0005e9f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  437.212051][T12844] RAX: ffffffffffffffda RBX: 00007f0005215fa0 RCX: 00007f0004f9aeb9
[  437.220015][T12844] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  437.227986][T12844] RBP: 00007f0005e9f090 R08: 0000000000000000 R09: 0000000000000000
[  437.235949][T12844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.243910][T12844] R13: 00007f0005216038 R14: 00007f0005215fa0 R15: 00007ffef3b85178
[  437.251887][T12844]  </TASK>
[  437.337913][T12850] netlink: 'syz.2.2344': attribute type 29 has an invalid length.
[  437.400771][T12789] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.408147][T12789] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.418677][T12789] bridge_slave_0: entered allmulticast mode
[  437.459926][T12789] bridge_slave_0: entered promiscuous mode
[  437.477474][T12850] netlink: 'syz.2.2344': attribute type 29 has an invalid length.
[  437.500728][T12852] netlink: 'syz.2.2344': attribute type 29 has an invalid length.
[  437.574519][T12789] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.599512][T12789] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.617259][T12789] bridge_slave_1: entered allmulticast mode
[  437.631164][T12789] bridge_slave_1: entered promiscuous mode
[  437.798597][T12789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  437.856862][T12789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  437.955047][T12789] team0: Port device team_slave_0 added
[  438.060879][T12868] netlink: 16399 bytes leftover after parsing attributes in process `syz.2.2349'.
[  438.071625][ T5082] Bluetooth: hci4: command tx timeout
[  438.427581][T12789] team0: Port device team_slave_1 added
[  438.435617][T12867] netlink: 'syz.2.2349': attribute type 21 has an invalid length.
[  438.456769][T12867] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2349'.
[  438.470519][T12867] netlink: 'syz.2.2349': attribute type 4 has an invalid length.
[  440.159604][ T5082] Bluetooth: hci4: command tx timeout
[  440.235390][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  440.252085][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  441.623964][T12789] batman_adv: batadv0: Adding interface: batadv_slave_0
[  441.635844][T12789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  441.663325][T12789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  441.722406][T12789] batman_adv: batadv0: Adding interface: batadv_slave_1
[  441.733310][T12789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  441.761905][T12789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  441.846490][T12789] hsr_slave_0: entered promiscuous mode
[  441.855715][T12789] hsr_slave_1: entered promiscuous mode
[  441.867961][T12789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  441.876049][T12789] Cannot create hsr debugfs directory
[  441.908167][T12899] netlink: 'syz.2.2354': attribute type 1 has an invalid length.
[  441.935630][T12899] __nla_validate_parse: 1 callbacks suppressed
[  441.935676][T12899] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.2354'.
[  442.229610][ T5082] Bluetooth: hci4: command tx timeout
[  442.508000][ T1130] hsr_slave_0: left promiscuous mode
[  442.523867][ T1130] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  442.534682][ T1130] batman_adv: batadv0: Removing interface: batadv_slave_0
[  442.547002][ T1130] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  442.563712][ T1130] batman_adv: batadv0: Removing interface: batadv_slave_1
[  442.645347][ T1130] veth1_macvtap: left allmulticast mode
[  442.657219][ T1130] veth1_macvtap: left promiscuous mode
[  442.662959][ T1130] veth0_macvtap: left promiscuous mode
[  442.677950][ T1130] veth1_vlan: left promiscuous mode
[  442.685288][ T1130] veth0_vlan: left promiscuous mode
[  445.045101][ T1130] team0 (unregistering): Port device team_slave_1 removed
[  445.094196][ T1130] team0 (unregistering): Port device C removed
[  446.367771][T12947] netlink: 'syz.0.2363': attribute type 1 has an invalid length.
[  446.375969][T12947] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.2363'.
[  447.634691][T12789] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  447.662734][T12789] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  447.693923][T12789] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  447.725129][T12789] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  451.248281][T13000] netlink: 'syz.3.2374': attribute type 1 has an invalid length.
[  451.273436][T13000] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2374'.
[  451.366789][T12789] 8021q: adding VLAN 0 to HW filter on device bond0
[  451.438629][T12789] 8021q: adding VLAN 0 to HW filter on device team0
[  451.509033][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.516251][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  451.644557][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.651790][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.965064][T12789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  452.473331][T12789] 8021q: adding VLAN 0 to HW filter on device batadv0
[  452.619622][T12789] veth0_vlan: entered promiscuous mode
[  452.667362][T12789] veth1_vlan: entered promiscuous mode
[  452.782253][T12789] veth0_macvtap: entered promiscuous mode
[  452.833317][T12789] veth1_macvtap: entered promiscuous mode
[  452.905064][T12789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  452.940601][T12789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  452.985913][T12789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.022237][T12789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.057009][T12789] batman_adv: batadv0: Interface activated: batadv_slave_0
[  453.087713][T12789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.126168][T12789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.169561][T12789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.184407][T12789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.220847][T12789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.235848][T12789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.255535][T12789] batman_adv: batadv0: Interface activated: batadv_slave_1
[  453.313036][T13047] syz.2.2381[13047] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  453.313187][T13047] syz.2.2381[13047] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  453.339913][T13042] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2381'.
[  453.460947][T13045] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  453.468007][T13045] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  453.548740][T12789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.568025][T12789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.579948][T12789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  453.606217][T12789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  453.739551][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  453.770362][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  453.814546][ T7788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  453.849554][ T7788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.545857][T13077] netlink: 830 bytes leftover after parsing attributes in process `syz.1.2388'.
[  454.874041][T13081] FAULT_INJECTION: forcing a failure.
[  454.874041][T13081] name failslab, interval 1, probability 0, space 0, times 0
[  454.886994][T13081] CPU: 0 PID: 13081 Comm: syz.2.2390 Not tainted syzkaller #0
[  454.894473][T13081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  454.904731][T13081] Call Trace:
[  454.908023][T13081]  <TASK>
[  454.910988][T13081]  dump_stack_lvl+0x18c/0x250
[  454.915693][T13081]  ? kasan_set_track+0x4e/0x70
[  454.917994][ T5763] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  454.920459][T13081]  ? show_regs_print_info+0x20/0x20
[  454.920503][T13081]  ? load_image+0x400/0x400
[  454.930070][ T5763] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  454.932710][T13081]  ? rxrpc_lookup_peer+0x427/0x850
[  454.938196][ T5763] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  454.944104][T13081]  ? ___sys_sendmsg+0x2a6/0x360
[  454.944159][T13081]  ? do_syscall_64+0x55/0xa0
[  454.944180][T13081]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  454.944204][T13081]  should_fail_ex+0x39d/0x4d0
[  454.944232][T13081]  should_failslab+0x9/0x20
[  454.944252][T13081]  slab_pre_alloc_hook+0x59/0x310
[  454.950864][ T5763] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  454.956264][T13081]  ? memcg_alloc_slab_cgroups+0x87/0x130
[  454.963064][ T5763] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  454.965664][T13081]  ? memcg_alloc_slab_cgroups+0x87/0x130
[  454.972368][ T5763] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  454.976364][T13081]  __kmem_cache_alloc_node+0x53/0x250
[  455.023387][T13081]  ? memcg_alloc_slab_cgroups+0x87/0x130
[  455.029049][T13081]  __kmalloc_node+0xa4/0x230
[  455.033675][T13081]  memcg_alloc_slab_cgroups+0x87/0x130
[  455.039159][T13081]  slab_post_alloc_hook+0xf4/0x4b0
[  455.044306][T13081]  kmem_cache_alloc+0x11a/0x2d0
[  455.049181][T13081]  ? dst_alloc+0x105/0x170
[  455.053612][T13081]  ? ipv6_sysctl_rtcache_flush+0xf0/0xf0
[  455.059263][T13081]  dst_alloc+0x105/0x170
[  455.063532][T13081]  ip6_pol_route+0x93d/0x1210
[  455.068226][T13081]  ? arch_stack_walk+0x160/0x190
[  455.073181][T13081]  ? ip6_pol_route+0x171/0x1210
[  455.078054][T13081]  ? trace_fib6_table_lookup+0x1b0/0x1b0
[  455.083715][T13081]  ? stack_trace_save+0xaa/0x100
[  455.088675][T13081]  ? stack_trace_snprint+0xf0/0xf0
[  455.093820][T13081]  fib6_rule_lookup+0x33d/0x570
[  455.098710][T13081]  ? skb_header_pointer+0x120/0x120
[  455.103944][T13081]  ? fib6_lookup+0x2d0/0x2d0
[  455.108552][T13081]  ? __kasan_kmalloc+0x8f/0xa0
[  455.113339][T13081]  ? rxrpc_alloc_peer+0x7e/0x340
[  455.118296][T13081]  ? rxrpc_lookup_peer+0x3f4/0x850
[  455.123424][T13081]  ? rxrpc_new_client_call+0xb99/0x1410
[  455.128996][T13081]  ? rxrpc_do_sendmsg+0xc42/0x1280
[  455.134149][T13081]  ? read_lock_is_recursive+0x20/0x20
[  455.139538][T13081]  ? do_syscall_64+0x55/0xa0
[  455.144168][T13081]  ip6_route_output_flags+0x364/0x5d0
[  455.149558][T13081]  ? ip6_route_output_flags+0x2e/0x5d0
[  455.155039][T13081]  rxrpc_init_peer+0x1ce/0x740
[  455.159833][T13081]  ? rxrpc_new_incoming_peer+0x5a0/0x5a0
[  455.165494][T13081]  ? rcu_is_watching+0x15/0xb0
[  455.170282][T13081]  ? trace_rxrpc_peer+0x80/0x1c0
[  455.175238][T13081]  ? rxrpc_lookup_peer+0x419/0x850
[  455.180374][T13081]  rxrpc_lookup_peer+0x427/0x850
[  455.185340][T13081]  rxrpc_new_client_call+0xb99/0x1410
[  455.190764][T13081]  rxrpc_do_sendmsg+0xc42/0x1280
[  455.195734][T13081]  ? rxrpc_propose_abort+0x200/0x200
[  455.201044][T13081]  ? __local_bh_enable_ip+0x13a/0x1c0
[  455.206455][T13081]  ? rxrpc_sendmsg+0x391/0x5b0
[  455.211246][T13081]  ? rxrpc_getsockopt+0x150/0x150
[  455.216301][T13081]  ____sys_sendmsg+0x5ba/0x960
[  455.221100][T13081]  ? __lock_acquire+0x7d40/0x7d40
[  455.226156][T13081]  ? __sys_sendmsg_sock+0x30/0x30
[  455.231227][T13081]  ? __import_iovec+0x3fa/0x850
[  455.236121][T13081]  ? import_iovec+0x73/0xa0
[  455.240656][T13081]  ___sys_sendmsg+0x2a6/0x360
[  455.245452][T13081]  ? get_pid_task+0x20/0x1e0
[  455.250154][T13081]  ? __sys_sendmsg+0x2a0/0x2a0
[  455.254965][T13081]  ? __lock_acquire+0x7d40/0x7d40
[  455.260035][T13081]  __se_sys_sendmsg+0x1c2/0x2b0
[  455.264920][T13081]  ? __x64_sys_sendmsg+0x80/0x80
[  455.269959][T13081]  ? lockdep_hardirqs_on+0x98/0x150
[  455.275184][T13081]  do_syscall_64+0x55/0xa0
[  455.279626][T13081]  ? clear_bhb_loop+0x40/0x90
[  455.284405][T13081]  ? clear_bhb_loop+0x40/0x90
[  455.289118][T13081]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  455.295030][T13081] RIP: 0033:0x7fb68a59aeb9
[  455.299469][T13081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  455.319105][T13081] RSP: 002b:00007fb68b524028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  455.327551][T13081] RAX: ffffffffffffffda RBX: 00007fb68a815fa0 RCX: 00007fb68a59aeb9
[  455.335722][T13081] RDX: 000000000000fc00 RSI: 0000200000000080 RDI: 0000000000000005
[  455.343726][T13081] RBP: 00007fb68b524090 R08: 0000000000000000 R09: 0000000000000000
[  455.351732][T13081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.359723][T13081] R13: 00007fb68a816038 R14: 00007fb68a815fa0 R15: 00007fffa47ebc58
[  455.367733][T13081]  </TASK>
[  455.498329][ T7785] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  455.648695][ T7785] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  455.667157][T13099] netlink: 'syz.0.2396': attribute type 2 has an invalid length.
[  455.684247][T13099] netlink: 'syz.0.2396': attribute type 8 has an invalid length.
[  455.693342][T13099] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2396'.
[  455.767921][ T7785] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  455.816608][T13101] netlink: 'syz.1.2397': attribute type 10 has an invalid length.
[  455.849799][T13101] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2397'.
[  455.873941][T13101] batman_adv: batadv0: Adding interface: hsr_slave_1
[  455.896002][T13101] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  455.961453][T13101] batman_adv: batadv0: Interface activated: hsr_slave_1
[  457.029550][ T5763] Bluetooth: hci0: command tx timeout
[  457.839767][ T7785] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.218345][T13083] chnl_net:caif_netlink_parms(): no params data found
[  458.526029][T13136] FAULT_INJECTION: forcing a failure.
[  458.526029][T13136] name failslab, interval 1, probability 0, space 0, times 0
[  458.527160][T13083] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.546033][T13083] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.554438][T13083] bridge_slave_0: entered allmulticast mode
[  458.562620][T13083] bridge_slave_0: entered promiscuous mode
[  458.614513][T13136] CPU: 0 PID: 13136 Comm: syz.1.2408 Not tainted syzkaller #0
[  458.622038][T13136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  458.632114][T13136] Call Trace:
[  458.635414][T13136]  <TASK>
[  458.638455][T13136]  dump_stack_lvl+0x18c/0x250
[  458.643168][T13136]  ? show_regs_print_info+0x20/0x20
[  458.648492][T13136]  ? load_image+0x400/0x400
[  458.653023][T13136]  ? __might_sleep+0xe0/0xe0
[  458.657684][T13136]  ? __lock_acquire+0x7d40/0x7d40
[  458.662745][T13136]  should_fail_ex+0x39d/0x4d0
[  458.667475][T13136]  should_failslab+0x9/0x20
[  458.672009][T13136]  slab_pre_alloc_hook+0x59/0x310
[  458.677072][T13136]  ? lockdep_hardirqs_on+0x98/0x150
[  458.682361][T13136]  kmem_cache_alloc_node+0x60/0x320
[  458.687569][T13136]  ? __alloc_skb+0x103/0x2c0
[  458.692165][T13136]  __alloc_skb+0x103/0x2c0
[  458.696613][T13136]  netlink_ack+0x376/0x1180
[  458.701112][T13136]  ? __dev_queue_xmit+0x26b/0x36b0
[  458.706234][T13136]  ? netlink_dump+0xe50/0xe50
[  458.710912][T13136]  ? ref_tracker_free+0x690/0x840
[  458.716032][T13136]  netlink_rcv_skb+0x2c5/0x4d0
[  458.720814][T13136]  ? rtnetlink_bind+0x80/0x80
[  458.725488][T13136]  ? netlink_ack+0x1180/0x1180
[  458.730258][T13136]  ? __lock_acquire+0x7d40/0x7d40
[  458.735280][T13136]  ? netlink_deliver_tap+0x2e/0x1b0
[  458.740484][T13136]  netlink_unicast+0x751/0x8d0
[  458.745266][T13136]  netlink_sendmsg+0x8d0/0xbf0
[  458.750028][T13136]  ? netlink_getsockopt+0x590/0x590
[  458.755218][T13136]  ? aa_sock_msg_perm+0x94/0x150
[  458.760149][T13136]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  458.765424][T13136]  ? security_socket_sendmsg+0x80/0xa0
[  458.770874][T13136]  ? netlink_getsockopt+0x590/0x590
[  458.776069][T13136]  ____sys_sendmsg+0x5ba/0x960
[  458.780836][T13136]  ? __asan_memset+0x22/0x40
[  458.785419][T13136]  ? __sys_sendmsg_sock+0x30/0x30
[  458.790434][T13136]  ? __import_iovec+0x5f2/0x850
[  458.795379][T13136]  ? import_iovec+0x73/0xa0
[  458.799878][T13136]  ___sys_sendmsg+0x2a6/0x360
[  458.804565][T13136]  ? get_pid_task+0x20/0x1e0
[  458.809166][T13136]  ? __sys_sendmsg+0x2a0/0x2a0
[  458.813996][T13136]  ? __lock_acquire+0x7d40/0x7d40
[  458.819036][T13136]  __se_sys_sendmsg+0x1c2/0x2b0
[  458.823904][T13136]  ? __x64_sys_sendmsg+0x80/0x80
[  458.828852][T13136]  ? lockdep_hardirqs_on+0x98/0x150
[  458.834130][T13136]  do_syscall_64+0x55/0xa0
[  458.838546][T13136]  ? clear_bhb_loop+0x40/0x90
[  458.843241][T13136]  ? clear_bhb_loop+0x40/0x90
[  458.847919][T13136]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  458.853889][T13136] RIP: 0033:0x7f934999aeb9
[  458.858293][T13136] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  458.877899][T13136] RSP: 002b:00007f934a824028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  458.886311][T13136] RAX: ffffffffffffffda RBX: 00007f9349c15fa0 RCX: 00007f934999aeb9
[  458.894284][T13136] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  458.902246][T13136] RBP: 00007f934a824090 R08: 0000000000000000 R09: 0000000000000000
[  458.910219][T13136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.918187][T13136] R13: 00007f9349c16038 R14: 00007f9349c15fa0 R15: 00007ffd1c6fc178
[  458.926166][T13136]  </TASK>
[  459.116607][ T5763] Bluetooth: hci0: command tx timeout
[  459.143093][T13083] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.167866][T13083] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.203905][T13083] bridge_slave_1: entered allmulticast mode
[  459.224253][T13083] bridge_slave_1: entered promiscuous mode
[  459.291860][T13142] netlink: 'syz.0.2410': attribute type 10 has an invalid length.
[  459.329277][T13142] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2410'.
[  459.356251][T13142] batman_adv: batadv0: Adding interface: hsr_slave_1
[  459.389576][T13142] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  459.497262][T13142] batman_adv: batadv0: Interface activated: hsr_slave_1
[  459.539854][T13108] delete_channel: no stack
[  461.190591][ T5763] Bluetooth: hci0: command tx timeout
[  462.682613][T13159] C: renamed from team_slave_0 (while UP)
[  462.699101][T13159] netlink: 'syz.1.2412': attribute type 4 has an invalid length.
[  462.708594][T13159] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2412'.
[  462.721089][T13159] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  462.810128][T13147] delete_channel: no stack
[  462.956889][T13083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  463.112943][T13083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  463.269673][ T5763] Bluetooth: hci0: command tx timeout
[  463.271124][T13083] team0: Port device team_slave_0 added
[  463.314313][T13083] team0: Port device team_slave_1 added
[  463.540486][T13083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  463.553152][T13083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.605140][T13083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  463.666687][T13083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  463.686195][T13083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.723385][T13083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  463.913718][T13083] hsr_slave_0: entered promiscuous mode
[  463.928865][T13083] hsr_slave_1: entered promiscuous mode
[  464.311153][T13212] netlink: 'syz.1.2425': attribute type 1 has an invalid length.
[  464.346801][T13212] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2425'.
[  464.526021][T13219] netlink: 'syz.1.2427': attribute type 3 has an invalid length.
[  464.553846][T13219] netlink: 'syz.1.2427': attribute type 1 has an invalid length.
[  464.579735][T13219] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2427'.
[  464.588818][T13219] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  465.097539][T13240] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2433'.
[  465.154387][ T7785] hsr_slave_0: left promiscuous mode
[  465.167551][ T7785] hsr_slave_1: left promiscuous mode
[  465.175654][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  465.183261][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_1
[  465.201656][ T7785] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  465.208894][ T7785] batman_adv: batadv0: Removing interface: virt_wifi0
[  465.230848][ T7785] veth1_macvtap: left allmulticast mode
[  465.242761][ T7785] veth0_macvtap: left promiscuous mode
[  465.248491][ T7785] veth1_vlan: left promiscuous mode
[  466.001510][ T7785] team0 (unregistering): Port device hsr0 removed
[  466.156254][ T7785] .` (unregistering): (slave batadv_slave_0): Releasing backup interface
[  466.211615][ T7785] team0 (unregistering): Port device team_slave_1 removed
[  466.269859][ T7785] team0 (unregistering): Port device C removed
[  466.322133][ T7785] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[  466.416599][ T7785] .` (unregistering): (slave bridge_slave_1): Releasing backup interface
[  466.717778][ T7785] .` (unregistering): (slave team0): Releasing backup interface
[  466.755787][ T7785] .` (unregistering): Released all slaves
[  466.840276][T13246] FAULT_INJECTION: forcing a failure.
[  466.840276][T13246] name failslab, interval 1, probability 0, space 0, times 0
[  466.880260][T13246] CPU: 1 PID: 13246 Comm: syz.0.2436 Not tainted syzkaller #0
[  466.887787][T13246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  466.897872][T13246] Call Trace:
[  466.901171][T13246]  <TASK>
[  466.904129][T13246]  dump_stack_lvl+0x18c/0x250
[  466.908843][T13246]  ? show_regs_print_info+0x20/0x20
[  466.914065][T13246]  ? load_image+0x400/0x400
[  466.918579][T13246]  ? verify_lock_unused+0x140/0x140
[  466.923777][T13246]  should_fail_ex+0x39d/0x4d0
[  466.928461][T13246]  should_failslab+0x9/0x20
[  466.933034][T13246]  slab_pre_alloc_hook+0x59/0x310
[  466.938073][T13246]  kmem_cache_alloc+0x5a/0x2d0
[  466.942827][T13246]  ? skb_clone+0x1eb/0x370
[  466.947237][T13246]  skb_clone+0x1eb/0x370
[  466.951476][T13246]  __netlink_deliver_tap+0x41c/0x830
[  466.956772][T13246]  ? netlink_deliver_tap+0x2e/0x1b0
[  466.961965][T13246]  netlink_deliver_tap+0x19c/0x1b0
[  466.967069][T13246]  netlink_sendskb+0x68/0x130
[  466.971743][T13246]  netlink_ack+0xce1/0x1180
[  466.976247][T13246]  ? __dev_queue_xmit+0x26b/0x36b0
[  466.981363][T13246]  ? netlink_dump+0xe50/0xe50
[  466.986041][T13246]  ? ref_tracker_free+0x690/0x840
[  466.991060][T13246]  netlink_rcv_skb+0x2c5/0x4d0
[  466.995816][T13246]  ? rtnetlink_bind+0x80/0x80
[  467.000488][T13246]  ? netlink_ack+0x1180/0x1180
[  467.005267][T13246]  ? __lock_acquire+0x7d40/0x7d40
[  467.010299][T13246]  ? netlink_deliver_tap+0x2e/0x1b0
[  467.015490][T13246]  netlink_unicast+0x751/0x8d0
[  467.020251][T13246]  netlink_sendmsg+0x8d0/0xbf0
[  467.025026][T13246]  ? netlink_getsockopt+0x590/0x590
[  467.030220][T13246]  ? aa_sock_msg_perm+0x94/0x150
[  467.035148][T13246]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  467.040426][T13246]  ? security_socket_sendmsg+0x80/0xa0
[  467.045880][T13246]  ? netlink_getsockopt+0x590/0x590
[  467.051076][T13246]  ____sys_sendmsg+0x5ba/0x960
[  467.055861][T13246]  ? __asan_memset+0x22/0x40
[  467.060453][T13246]  ? __sys_sendmsg_sock+0x30/0x30
[  467.065525][T13246]  ? __import_iovec+0x5f2/0x850
[  467.070373][T13246]  ? import_iovec+0x73/0xa0
[  467.074877][T13246]  ___sys_sendmsg+0x2a6/0x360
[  467.079548][T13246]  ? get_pid_task+0x20/0x1e0
[  467.084132][T13246]  ? __sys_sendmsg+0x2a0/0x2a0
[  467.088902][T13246]  ? __lock_acquire+0x7d40/0x7d40
[  467.093940][T13246]  __se_sys_sendmsg+0x1c2/0x2b0
[  467.098802][T13246]  ? __x64_sys_sendmsg+0x80/0x80
[  467.103755][T13246]  ? lockdep_hardirqs_on+0x98/0x150
[  467.109001][T13246]  do_syscall_64+0x55/0xa0
[  467.113418][T13246]  ? clear_bhb_loop+0x40/0x90
[  467.118086][T13246]  ? clear_bhb_loop+0x40/0x90
[  467.122754][T13246]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  467.128637][T13246] RIP: 0033:0x7f0004f9aeb9
[  467.133044][T13246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.152638][T13246] RSP: 002b:00007f0005e9f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  467.161049][T13246] RAX: ffffffffffffffda RBX: 00007f0005215fa0 RCX: 00007f0004f9aeb9
[  467.169020][T13246] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  467.176980][T13246] RBP: 00007f0005e9f090 R08: 0000000000000000 R09: 0000000000000000
[  467.184938][T13246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.192900][T13246] R13: 00007f0005216038 R14: 00007f0005215fa0 R15: 00007ffef3b85178
[  467.200876][T13246]  </TASK>
[  467.312480][T13252] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2438'.
[  467.572608][T13083] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  467.584660][T13083] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  467.596514][T13083] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  467.607943][T13083] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  467.758622][T13278] C: renamed from team_slave_0 (while UP)
[  467.778768][T13278] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2443'.
[  468.021240][T13083] 8021q: adding VLAN 0 to HW filter on device bond0
[  468.152108][T13083] 8021q: adding VLAN 0 to HW filter on device team0
[  468.236311][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state
[  468.243507][ T7788] bridge0: port 1(bridge_slave_0) entered forwarding state
[  468.311072][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.318239][ T7788] bridge0: port 2(bridge_slave_1) entered forwarding state
[  469.643599][T13083] 8021q: adding VLAN 0 to HW filter on device batadv0
[  469.794186][T13083] veth0_vlan: entered promiscuous mode
[  469.833063][T13083] veth1_vlan: entered promiscuous mode
[  469.897004][T13083] veth0_macvtap: entered promiscuous mode
[  469.918496][T13083] veth1_macvtap: entered promiscuous mode
[  469.976629][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.000263][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.022929][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.043714][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.066057][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.089254][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.168383][T13083] batman_adv: batadv0: Interface activated: batadv_slave_0
[  470.268422][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.291813][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.336616][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.347986][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.366446][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.387610][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.405631][T13083] batman_adv: batadv0: Interface activated: batadv_slave_1
[  470.446716][T13083] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  470.499457][T13083] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  470.508208][T13083] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  470.543005][T13083] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  470.774227][ T7792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.826247][ T7792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  470.896910][ T7785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.928294][ T7785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.415901][T13367] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2460'.
[  472.697831][ T5082] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  472.712506][ T5082] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  472.743199][ T5082] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  472.756679][ T5082] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  472.768653][ T5082] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  472.779094][ T5082] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  472.977089][ T1130] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.084165][ T1130] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.143903][T13396] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.2468'.
[  473.223108][ T1130] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.355856][ T1130] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.369101][T13401] netlink: 'syz.0.2469': attribute type 1 has an invalid length.
[  473.400935][T13401] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.2469'.
[  473.474130][T13403] netlink: 'syz.3.2470': attribute type 3 has an invalid length.
[  473.490660][T13403] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2470'.
[  473.729706][T13387] chnl_net:caif_netlink_parms(): no params data found
[  474.870337][ T5763] Bluetooth: hci2: command tx timeout
[  475.177306][T13387] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.184774][T13387] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.211201][T13387] bridge_slave_0: entered allmulticast mode
[  475.229994][T13387] bridge_slave_0: entered promiscuous mode
[  475.359922][T13387] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.367742][T13387] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.390667][T13387] bridge_slave_1: entered allmulticast mode
[  475.404311][T13387] bridge_slave_1: entered promiscuous mode
[  475.436205][T13445] netlink: 'syz.3.2478': attribute type 1 has an invalid length.
[  475.484353][T13445] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2478'.
[  475.519268][T13387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  475.539586][T13387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  475.760592][T13387] team0: Port device team_slave_0 added
[  475.774487][T13387] team0: Port device team_slave_1 added
[  475.853913][T13387] batman_adv: batadv0: Adding interface: batadv_slave_0
[  475.861036][T13387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  475.912827][T13387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  475.968301][T13387] batman_adv: batadv0: Adding interface: batadv_slave_1
[  475.976922][T13387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  476.028215][T13387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  476.067272][T13467] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2490'.
[  476.371674][T13387] hsr_slave_0: entered promiscuous mode
[  476.420993][T13387] hsr_slave_1: entered promiscuous mode
[  476.433397][T13387] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  476.461032][T13387] Cannot create hsr debugfs directory
[  476.949763][ T5763] Bluetooth: hci2: command tx timeout
[  477.445427][T13489] netlink: 'syz.1.2485': attribute type 13 has an invalid length.
[  477.471008][T13489] netlink: 160 bytes leftover after parsing attributes in process `syz.1.2485'.
[  477.529186][T13489] erspan0: refused to change device tx_queue_len
[  477.559426][T13489] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  477.656052][T13497] netlink: 65051 bytes leftover after parsing attributes in process `syz.3.2487'.
[  477.669214][T13499] netlink: 'syz.3.2487': attribute type 21 has an invalid length.
[  477.846166][T13505] netlink: 'syz.1.2488': attribute type 1 has an invalid length.
[  477.875914][ T1130] hsr_slave_0: left promiscuous mode
[  477.889601][T13505] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2488'.
[  477.912403][ T1130] hsr_slave_1: left promiscuous mode
[  477.962940][ T1130] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  477.976742][ T1130] batman_adv: batadv0: Removing interface: batadv_slave_0
[  478.020119][ T1130] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  478.027584][ T1130] batman_adv: batadv0: Removing interface: batadv_slave_1
[  478.037648][ T1130] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  478.045254][ T1130] batman_adv: batadv0: Removing interface: virt_wifi0
[  478.053488][ T1130] dummy0: left promiscuous mode
[  478.060061][ T1130] bridge0: port 2(dummy0) entered disabled state
[  478.071916][ T1130] bridge_slave_0: left allmulticast mode
[  478.081048][ T1130] bridge_slave_0: left promiscuous mode
[  478.093761][ T1130] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.176663][ T1130] veth1_vlan: left promiscuous mode
[  478.188963][ T1130] veth0_vlan: left promiscuous mode
[  478.435315][ T1130] ` (unregistering): Port device geneve1 removed
[  478.534951][ T1130] ` (unregistering): Port device macvlan0 removed
[  478.865850][ T1130] ` (unregistering): Port device team_slave_1 removed
[  478.911578][ T1130] ` (unregistering): Port device C removed
[  479.032476][ T5763] Bluetooth: hci2: command tx timeout
[  479.476957][T13511] netlink: 'syz.0.2491': attribute type 21 has an invalid length.
[  479.494097][T13520] IPv6: Can't replace route, no match found
[  479.683834][T13529] netlink: 'syz.0.2495': attribute type 21 has an invalid length.
[  479.871622][T13387] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  479.923569][T13387] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  479.988492][T13387] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  480.013888][T13387] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  480.092107][T13538] netlink: 'syz.1.2499': attribute type 1 has an invalid length.
[  480.102506][T13538] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2499'.
[  480.321959][T13387] 8021q: adding VLAN 0 to HW filter on device bond0
[  480.369603][T13556] netlink: 'syz.3.2501': attribute type 1 has an invalid length.
[  480.410056][T13556] netlink: 180900 bytes leftover after parsing attributes in process `syz.3.2501'.
[  480.429038][T13387] 8021q: adding VLAN 0 to HW filter on device team0
[  480.471882][T13555] netlink: 'syz.1.2502': attribute type 4 has an invalid length.
[  480.530547][T13555] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2502'.
[  480.628988][T13555] .`: renamed from bond0 (while UP)
[  480.701841][ T7792] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.709029][ T7792] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.763261][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.770506][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  481.112839][ T5763] Bluetooth: hci2: command tx timeout
[  481.400849][T13387] 8021q: adding VLAN 0 to HW filter on device batadv0
[  481.617285][T13387] veth0_vlan: entered promiscuous mode
[  481.672767][T13387] veth1_vlan: entered promiscuous mode
[  481.784481][T13387] veth0_macvtap: entered promiscuous mode
[  481.813218][T13387] veth1_macvtap: entered promiscuous mode
[  481.913889][T13387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.961130][T13387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.981666][T13387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  482.016868][T13387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.061124][T13387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  482.085264][T13387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.098062][T13387] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.137682][T13601] netlink: 'syz.1.2513': attribute type 10 has an invalid length.
[  482.153627][T13601] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2513'.
[  483.730748][T13387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  483.769438][T13387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.818977][T13387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  483.854910][T13387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.877831][T13387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  483.911126][T13387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  483.926078][T13387] batman_adv: batadv0: Interface activated: batadv_slave_1
[  483.972254][T13634] netlink: 'syz.3.2518': attribute type 1 has an invalid length.
[  483.993564][T13387] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  484.005748][T13634] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2518'.
[  484.033304][T13387] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  484.054258][T13387] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  484.073072][T13387] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  484.292304][T13643] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.2520'.
[  484.336188][T13644] netlink: 'syz.3.2521': attribute type 10 has an invalid length.
[  484.346737][T13644] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2521'.
[  484.387558][T13644] dummy0: entered promiscuous mode
[  484.416829][ T7791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.437642][ T7791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.553441][ T7789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.574101][ T7789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.765022][T13663] netlink: 'syz.1.2525': attribute type 39 has an invalid length.
[  485.399152][T13686] FAULT_INJECTION: forcing a failure.
[  485.399152][T13686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  485.478723][T13686] CPU: 0 PID: 13686 Comm: syz.3.2529 Not tainted syzkaller #0
[  485.486252][T13686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  485.496337][T13686] Call Trace:
[  485.499646][T13686]  <TASK>
[  485.502633][T13686]  dump_stack_lvl+0x18c/0x250
[  485.507338][T13686]  ? show_regs_print_info+0x20/0x20
[  485.512561][T13686]  ? load_image+0x400/0x400
[  485.517185][T13686]  ? __lock_acquire+0x7d40/0x7d40
[  485.522239][T13686]  ? snprintf+0xe9/0x140
[  485.526509][T13686]  should_fail_ex+0x39d/0x4d0
[  485.531220][T13686]  _copy_to_user+0x2f/0xa0
[  485.535659][T13686]  simple_read_from_buffer+0xe7/0x150
[  485.541057][T13686]  proc_fail_nth_read+0x1e8/0x260
[  485.546106][T13686]  ? proc_fault_inject_write+0x360/0x360
[  485.551775][T13686]  ? fsnotify_perm+0x271/0x5e0
[  485.556571][T13686]  ? proc_fault_inject_write+0x360/0x360
[  485.562215][T13686]  vfs_read+0x28b/0x970
[  485.566379][T13686]  ? kernel_read+0x1e0/0x1e0
[  485.570984][T13686]  ? __fget_files+0x28/0x4b0
[  485.575589][T13686]  ? __fget_files+0x28/0x4b0
[  485.580181][T13686]  ? __fget_files+0x43d/0x4b0
[  485.584877][T13686]  ? __fdget_pos+0x2a3/0x330
[  485.589463][T13686]  ? ksys_read+0x75/0x260
[  485.593797][T13686]  ksys_read+0x150/0x260
[  485.598035][T13686]  ? vfs_write+0x990/0x990
[  485.602472][T13686]  ? lockdep_hardirqs_on+0x98/0x150
[  485.607927][T13686]  do_syscall_64+0x55/0xa0
[  485.612338][T13686]  ? clear_bhb_loop+0x40/0x90
[  485.617004][T13686]  ? clear_bhb_loop+0x40/0x90
[  485.621673][T13686]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  485.627559][T13686] RIP: 0033:0x7fe76595b78e
[  485.631969][T13686] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  485.651623][T13686] RSP: 002b:00007fe76679dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  485.660033][T13686] RAX: ffffffffffffffda RBX: 00007fe76679e6c0 RCX: 00007fe76595b78e
[  485.668000][T13686] RDX: 000000000000000f RSI: 00007fe76679e0a0 RDI: 0000000000000008
[  485.675977][T13686] RBP: 00007fe76679e090 R08: 0000000000000000 R09: 0000000000000000
[  485.683952][T13686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  485.691924][T13686] R13: 00007fe765c16128 R14: 00007fe765c16090 R15: 00007ffdb0680218
[  485.699908][T13686]  </TASK>
[  486.392789][T13714] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2538'.
[  486.905503][T13725] netlink: 'syz.2.2540': attribute type 29 has an invalid length.
[  486.973054][T13725] netlink: 'syz.2.2540': attribute type 29 has an invalid length.
[  487.038536][T13728] netlink: 'syz.2.2540': attribute type 29 has an invalid length.
[  487.405855][T13743] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2547'.
[  487.448029][T13743] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2547'.
[  487.484982][T13744] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2547'.
[  487.506162][T13747] FAULT_INJECTION: forcing a failure.
[  487.506162][T13747] name failslab, interval 1, probability 0, space 0, times 0
[  487.519447][T13747] CPU: 0 PID: 13747 Comm: syz.0.2548 Not tainted syzkaller #0
[  487.526937][T13747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  487.537026][T13747] Call Trace:
[  487.538649][T13387] cgroup: fork rejected by pids controller in 
[  487.540305][T13747]  <TASK>
[  487.540315][T13747]  dump_stack_lvl+0x18c/0x250
[  487.540340][T13747]  ? sctp_sendmsg+0x1575/0x28c0
[  487.540357][T13747]  ? ___sys_sendmsg+0x2a6/0x360
[  487.559384][T13387] /syz2
[  487.563831][T13747]  ? show_regs_print_info+0x20/0x20
[  487.563863][T13747]  ? load_image+0x400/0x400
[  487.563991][T13387] 
[  487.566745][T13747]  should_fail_ex+0x39d/0x4d0
[  487.583441][T13747]  should_failslab+0x9/0x20
[  487.587964][T13747]  slab_pre_alloc_hook+0x59/0x310
[  487.592994][T13747]  ? sctp_add_bind_addr+0x8c/0x360
[  487.598108][T13747]  __kmem_cache_alloc_node+0x53/0x250
[  487.603482][T13747]  ? sctp_add_bind_addr+0x8c/0x360
[  487.608592][T13747]  kmalloc_trace+0x2a/0xe0
[  487.613018][T13747]  sctp_add_bind_addr+0x8c/0x360
[  487.617971][T13747]  sctp_copy_local_addr_list+0x315/0x4f0
[  487.623605][T13747]  ? sctp_copy_local_addr_list+0xa5/0x4f0
[  487.629336][T13747]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  487.635450][T13747]  ? sctp_v4_is_any+0x35/0x60
[  487.640125][T13747]  ? sctp_copy_one_addr+0x8c/0x350
[  487.645235][T13747]  sctp_bind_addr_copy+0xb3/0x3c0
[  487.650269][T13747]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  487.656609][T13747]  sctp_connect_new_asoc+0x2f9/0x6a0
[  487.661914][T13747]  ? __sctp_connect+0xd80/0xd80
[  487.666770][T13747]  ? __local_bh_enable_ip+0x13a/0x1c0
[  487.672144][T13747]  ? _local_bh_enable+0xa0/0xa0
[  487.676986][T13747]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  487.682798][T13747]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  487.688615][T13747]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  487.694170][T13747]  ? security_sctp_bind_connect+0x89/0xb0
[  487.699980][T13747]  sctp_sendmsg+0x1575/0x28c0
[  487.704663][T13747]  ? sctp_getsockopt+0xb60/0xb60
[  487.709601][T13747]  ? aa_sk_perm+0x83c/0x970
[  487.714113][T13747]  ? aa_af_perm+0x330/0x330
[  487.718606][T13747]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  487.725019][T13747]  ? sock_rps_record_flow+0x19/0x3f0
[  487.730298][T13747]  ? inet_sendmsg+0x7c/0x2f0
[  487.734877][T13747]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  487.740156][T13747]  ? security_socket_sendmsg+0x80/0xa0
[  487.745607][T13747]  ? inet_send_prepare+0x260/0x260
[  487.750720][T13747]  ____sys_sendmsg+0x5ba/0x960
[  487.755478][T13747]  ? __lock_acquire+0x7d40/0x7d40
[  487.760503][T13747]  ? __asan_memset+0x22/0x40
[  487.765082][T13747]  ? __sys_sendmsg_sock+0x30/0x30
[  487.770100][T13747]  ? __import_iovec+0x5f2/0x850
[  487.774952][T13747]  ? import_iovec+0x73/0xa0
[  487.779457][T13747]  ___sys_sendmsg+0x2a6/0x360
[  487.784146][T13747]  ? get_pid_task+0x20/0x1e0
[  487.788736][T13747]  ? __sys_sendmsg+0x2a0/0x2a0
[  487.793526][T13747]  ? __lock_acquire+0x7d40/0x7d40
[  487.798567][T13747]  __se_sys_sendmsg+0x1c2/0x2b0
[  487.803423][T13747]  ? __x64_sys_sendmsg+0x80/0x80
[  487.808380][T13747]  ? lockdep_hardirqs_on+0x98/0x150
[  487.813573][T13747]  do_syscall_64+0x55/0xa0
[  487.817990][T13747]  ? clear_bhb_loop+0x40/0x90
[  487.822655][T13747]  ? clear_bhb_loop+0x40/0x90
[  487.827321][T13747]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  487.833206][T13747] RIP: 0033:0x7f0004f9aeb9
[  487.837620][T13747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  487.857229][T13747] RSP: 002b:00007f0005e9f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  487.865634][T13747] RAX: ffffffffffffffda RBX: 00007f0005215fa0 RCX: 00007f0004f9aeb9
[  487.873688][T13747] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000003
[  487.881660][T13747] RBP: 00007f0005e9f090 R08: 0000000000000000 R09: 0000000000000000
[  487.889804][T13747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  487.897766][T13747] R13: 00007f0005216038 R14: 00007f0005215fa0 R15: 00007ffef3b85178
[  487.905746][T13747]  </TASK>
[  487.912896][T13743] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2547'.
[  488.387018][T13752] FAULT_INJECTION: forcing a failure.
[  488.387018][T13752] name failslab, interval 1, probability 0, space 0, times 0
[  488.418298][T13752] CPU: 1 PID: 13752 Comm: syz.1.2553 Not tainted syzkaller #0
[  488.425811][T13752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  488.435877][T13752] Call Trace:
[  488.439178][T13752]  <TASK>
[  488.442315][T13752]  dump_stack_lvl+0x18c/0x250
[  488.447039][T13752]  ? show_regs_print_info+0x20/0x20
[  488.452268][T13752]  ? load_image+0x400/0x400
[  488.456801][T13752]  ? ___sys_recvmsg+0x216/0x590
[  488.461693][T13752]  should_fail_ex+0x39d/0x4d0
[  488.466408][T13752]  should_failslab+0x9/0x20
[  488.470936][T13752]  slab_pre_alloc_hook+0x59/0x310
[  488.476001][T13752]  kmem_cache_alloc_node+0x60/0x320
[  488.481228][T13752]  ? __alloc_skb+0x103/0x2c0
[  488.485856][T13752]  __alloc_skb+0x103/0x2c0
[  488.490313][T13752]  tipc_msg_create+0x4f/0x4d0
[  488.495028][T13752]  tipc_sk_send_ack+0x101/0x580
[  488.499906][T13752]  ? tipc_recvstream+0x790/0xe70
[  488.504868][T13752]  ? kmem_cache_free+0xf8/0x270
[  488.509751][T13752]  tipc_recvstream+0x832/0xe70
[  488.514563][T13752]  ? tipc_sendstream+0x70/0x70
[  488.519352][T13752]  ____sys_recvmsg+0x2ce/0x5e0
[  488.524242][T13752]  ? __sys_recvmsg_sock+0x50/0x50
[  488.529283][T13752]  ? import_iovec+0x73/0xa0
[  488.533808][T13752]  ___sys_recvmsg+0x216/0x590
[  488.538491][T13752]  ? __sys_recvmsg+0x2a0/0x2a0
[  488.543273][T13752]  ? ksys_write+0x1c4/0x260
[  488.547877][T13752]  ? __fget_files+0x43d/0x4b0
[  488.552571][T13752]  __x64_sys_recvmsg+0x20c/0x2e0
[  488.557715][T13752]  ? ___sys_recvmsg+0x590/0x590
[  488.562581][T13752]  ? lockdep_hardirqs_on+0x98/0x150
[  488.567785][T13752]  do_syscall_64+0x55/0xa0
[  488.572205][T13752]  ? clear_bhb_loop+0x40/0x90
[  488.576879][T13752]  ? clear_bhb_loop+0x40/0x90
[  488.581553][T13752]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  488.587449][T13752] RIP: 0033:0x7f934999aeb9
[  488.591858][T13752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  488.611557][T13752] RSP: 002b:00007f934a824028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  488.619979][T13752] RAX: ffffffffffffffda RBX: 00007f9349c15fa0 RCX: 00007f934999aeb9
[  488.627943][T13752] RDX: 0000000000001f00 RSI: 0000200000000500 RDI: 0000000000000004
[  488.635940][T13752] RBP: 00007f934a824090 R08: 0000000000000000 R09: 0000000000000000
[  488.643925][T13752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  488.651890][T13752] R13: 00007f9349c16038 R14: 00007f9349c15fa0 R15: 00007ffd1c6fc178
[  488.659882][T13752]  </TASK>
[  489.128553][T13764] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2554'.
[  489.370759][T13767] sock: sock_set_timeout: `syz.0.2554' (pid 13767) tries to set negative timeout
[  489.561157][ T5082] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  489.576094][ T5082] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  489.584164][ T5082] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  489.593828][ T5082] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  489.601738][ T5082] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  489.611829][ T5082] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  490.097040][T13765] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2555'.
[  490.324181][T13777] FAULT_INJECTION: forcing a failure.
[  490.324181][T13777] name failslab, interval 1, probability 0, space 0, times 0
[  490.339957][T13777] CPU: 1 PID: 13777 Comm: syz.1.2556 Not tainted syzkaller #0
[  490.347477][T13777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  490.357553][T13777] Call Trace:
[  490.360828][T13777]  <TASK>
[  490.363744][T13777]  dump_stack_lvl+0x18c/0x250
[  490.368507][T13777]  ? sctp_sendmsg+0x1575/0x28c0
[  490.373357][T13777]  ? ___sys_sendmsg+0x2a6/0x360
[  490.378208][T13777]  ? show_regs_print_info+0x20/0x20
[  490.383415][T13777]  ? load_image+0x400/0x400
[  490.387926][T13777]  should_fail_ex+0x39d/0x4d0
[  490.392602][T13777]  should_failslab+0x9/0x20
[  490.397099][T13777]  slab_pre_alloc_hook+0x59/0x310
[  490.402124][T13777]  ? sctp_add_bind_addr+0x8c/0x360
[  490.407292][T13777]  __kmem_cache_alloc_node+0x53/0x250
[  490.412660][T13777]  ? sctp_add_bind_addr+0x8c/0x360
[  490.417798][T13777]  kmalloc_trace+0x2a/0xe0
[  490.422217][T13777]  sctp_add_bind_addr+0x8c/0x360
[  490.427158][T13777]  sctp_copy_local_addr_list+0x315/0x4f0
[  490.432789][T13777]  ? sctp_copy_local_addr_list+0xa5/0x4f0
[  490.438502][T13777]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  490.444564][T13777]  ? sctp_v4_is_any+0x35/0x60
[  490.449240][T13777]  ? sctp_copy_one_addr+0x8c/0x350
[  490.454352][T13777]  sctp_bind_addr_copy+0xb3/0x3c0
[  490.459378][T13777]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  490.465702][T13777]  sctp_connect_new_asoc+0x2f9/0x6a0
[  490.470987][T13777]  ? __sctp_connect+0xd80/0xd80
[  490.475834][T13777]  ? __local_bh_enable_ip+0x13a/0x1c0
[  490.481197][T13777]  ? _local_bh_enable+0xa0/0xa0
[  490.486049][T13777]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  490.491843][T13777]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  490.497637][T13777]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  490.503178][T13777]  ? security_sctp_bind_connect+0x89/0xb0
[  490.508916][T13777]  sctp_sendmsg+0x1575/0x28c0
[  490.513593][T13777]  ? sctp_getsockopt+0xb60/0xb60
[  490.518518][T13777]  ? aa_sk_perm+0x83c/0x970
[  490.523198][T13777]  ? aa_af_perm+0x330/0x330
[  490.527693][T13777]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  490.534099][T13777]  ? sock_rps_record_flow+0x19/0x3f0
[  490.539402][T13777]  ? inet_sendmsg+0x7c/0x2f0
[  490.544008][T13777]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  490.549297][T13777]  ? security_socket_sendmsg+0x80/0xa0
[  490.554757][T13777]  ? inet_send_prepare+0x260/0x260
[  490.559866][T13777]  ____sys_sendmsg+0x5ba/0x960
[  490.564631][T13777]  ? __asan_memset+0x22/0x40
[  490.569219][T13777]  ? __sys_sendmsg_sock+0x30/0x30
[  490.574238][T13777]  ? __import_iovec+0x3fa/0x850
[  490.579099][T13777]  ? import_iovec+0x73/0xa0
[  490.583599][T13777]  ___sys_sendmsg+0x2a6/0x360
[  490.588275][T13777]  ? get_pid_task+0x20/0x1e0
[  490.592862][T13777]  ? __sys_sendmsg+0x2a0/0x2a0
[  490.597648][T13777]  ? __lock_acquire+0x7d40/0x7d40
[  490.602683][T13777]  __se_sys_sendmsg+0x1c2/0x2b0
[  490.607561][T13777]  ? __x64_sys_sendmsg+0x80/0x80
[  490.612503][T13777]  ? lockdep_hardirqs_on+0x98/0x150
[  490.617700][T13777]  do_syscall_64+0x55/0xa0
[  490.622115][T13777]  ? clear_bhb_loop+0x40/0x90
[  490.626781][T13777]  ? clear_bhb_loop+0x40/0x90
[  490.631452][T13777]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  490.637333][T13777] RIP: 0033:0x7f934999aeb9
[  490.641826][T13777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  490.661446][T13777] RSP: 002b:00007f934a803028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  490.669950][T13777] RAX: ffffffffffffffda RBX: 00007f9349c16090 RCX: 00007f934999aeb9
[  490.677911][T13777] RDX: 0000000000008054 RSI: 0000200000000300 RDI: 0000000000000003
[  490.685869][T13777] RBP: 00007f934a803090 R08: 0000000000000000 R09: 0000000000000000
[  490.693926][T13777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  490.701890][T13777] R13: 00007f9349c16128 R14: 00007f9349c16090 R15: 00007ffd1c6fc178
[  490.709865][T13777]  </TASK>
[  490.844697][ T7785] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.869513][T13768] chnl_net:caif_netlink_parms(): no params data found
[  490.918301][T13783] netlink: 'syz.0.2560': attribute type 1 has an invalid length.
[  490.925946][T13781] netlink: 'syz.3.2559': attribute type 1 has an invalid length.
[  490.926725][T13783] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.2560'.
[  490.957787][T13781] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2559'.
[  490.988606][ T7785] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.073714][ T7785] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.139452][T13788] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.2561'.
[  491.154302][T13768] bridge0: port 1(bridge_slave_0) entered blocking state
[  491.161773][T13768] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.196172][T13768] bridge_slave_0: entered allmulticast mode
[  491.221796][T13768] bridge_slave_0: entered promiscuous mode
[  491.326373][ T7785] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.353308][T13768] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.366460][T13768] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.398285][T13768] bridge_slave_1: entered allmulticast mode
[  491.412718][T13768] bridge_slave_1: entered promiscuous mode
[  491.477676][T13768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  491.494046][T13768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  491.607983][T13768] team0: Port device team_slave_0 added
[  491.631475][T13768] team0: Port device team_slave_1 added
[  491.682130][ T5082] Bluetooth: hci1: command tx timeout
[  491.806618][T13768] batman_adv: batadv0: Adding interface: batadv_slave_0
[  491.818070][T13768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  491.856726][T13768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  491.882684][T13768] batman_adv: batadv0: Adding interface: batadv_slave_1
[  491.889804][T13768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  491.936806][T13768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  492.191693][T13768] hsr_slave_0: entered promiscuous mode
[  492.225927][T13768] hsr_slave_1: entered promiscuous mode
[  492.232916][T13768] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  492.254325][T13768] Cannot create hsr debugfs directory
[  492.716704][T13823] netlink: 'syz.1.2570': attribute type 1 has an invalid length.
[  492.740032][T13823] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2570'.
[  493.055699][T13833] dvmrp1: tun_chr_ioctl cmd 1074025677
[  493.061912][T13833] dvmrp1: linktype set to 825
[  493.593103][T13848] netlink: 'syz.1.2580': attribute type 21 has an invalid length.
[  493.613229][T13848] netlink: 'syz.1.2580': attribute type 30 has an invalid length.
[  493.636012][T13850] netlink: 'syz.1.2580': attribute type 21 has an invalid length.
[  493.648411][T13850] netlink: 'syz.1.2580': attribute type 30 has an invalid length.
[  493.735240][T13852] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2581'.
[  493.749775][ T5082] Bluetooth: hci1: command tx timeout
[  493.997975][T13768] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  494.055571][T13768] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  494.067755][T13768] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  494.115997][ T7785] hsr_slave_0: left promiscuous mode
[  494.124790][ T7785] hsr_slave_1: left promiscuous mode
[  494.135207][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  494.144352][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_0
[  494.158465][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  494.173787][T13864] netlink: 'syz.3.2586': attribute type 1 has an invalid length.
[  494.179465][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_1
[  494.187092][T13864] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2586'.
[  494.199114][ T7785] bridge_slave_1: left allmulticast mode
[  494.231222][ T7785] bridge_slave_1: left promiscuous mode
[  494.238256][ T7785] bridge0: port 2(bridge_slave_1) entered disabled state
[  494.265323][T13862] netlink: 'syz.1.2585': attribute type 1 has an invalid length.
[  494.281592][T13862] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2585'.
[  494.295632][ T7785] bridge_slave_0: left allmulticast mode
[  494.301610][ T7785] bridge_slave_0: left promiscuous mode
[  494.307966][ T7785] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.364840][ T7785] veth1_macvtap: left promiscuous mode
[  494.370818][ T7785] veth0_macvtap: left promiscuous mode
[  494.376452][ T7785] veth1_vlan: left promiscuous mode
[  494.382794][ T7785] veth0_vlan: left promiscuous mode
[  494.591490][T13874] FAULT_INJECTION: forcing a failure.
[  494.591490][T13874] name failslab, interval 1, probability 0, space 0, times 0
[  494.604595][T13874] CPU: 0 PID: 13874 Comm: syz.3.2591 Not tainted syzkaller #0
[  494.612052][T13874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  494.622126][T13874] Call Trace:
[  494.625427][T13874]  <TASK>
[  494.628359][T13874]  dump_stack_lvl+0x18c/0x250
[  494.633124][T13874]  ? show_regs_print_info+0x20/0x20
[  494.638320][T13874]  ? load_image+0x400/0x400
[  494.642818][T13874]  ? netdev_core_pick_tx+0x340/0x340
[  494.648197][T13874]  should_fail_ex+0x39d/0x4d0
[  494.652874][T13874]  should_failslab+0x9/0x20
[  494.657364][T13874]  slab_pre_alloc_hook+0x59/0x310
[  494.662394][T13874]  kmem_cache_alloc+0x5a/0x2d0
[  494.667162][T13874]  ? skb_clone+0x1eb/0x370
[  494.671585][T13874]  skb_clone+0x1eb/0x370
[  494.675824][T13874]  bpf_clone_redirect+0xad/0x3d0
[  494.680760][T13874]  bpf_prog_c6f54bbad6dab1ee+0x5e/0x63
[  494.686217][T13874]  ? preempt_schedule+0xc0/0xd0
[  494.691065][T13874]  ? perf_trace_preemptirq_template+0xac/0x330
[  494.697217][T13874]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  494.703189][T13874]  ? lockdep_softirqs_on+0x580/0x580
[  494.708465][T13874]  ? lock_chain_count+0x20/0x20
[  494.713313][T13874]  ? __local_bh_disable_ip+0x108/0x1a0
[  494.718761][T13874]  ? __cant_sleep+0x220/0x220
[  494.723430][T13874]  ? __local_bh_enable_ip+0x13a/0x1c0
[  494.728795][T13874]  ? _local_bh_enable+0xa0/0xa0
[  494.733637][T13874]  ? bpf_test_timer_continue+0x135/0x380
[  494.739263][T13874]  ? bpf_test_run+0x174/0x870
[  494.743929][T13874]  bpf_test_run+0x2df/0x870
[  494.748440][T13874]  ? bpf_test_run+0x174/0x870
[  494.753113][T13874]  ? convert___skb_to_skb+0x590/0x590
[  494.758478][T13874]  ? eth_get_headlen+0x210/0x210
[  494.763412][T13874]  ? slab_build_skb+0x25f/0x3f0
[  494.768253][T13874]  ? convert___skb_to_skb+0x3d/0x590
[  494.773529][T13874]  bpf_prog_test_run_skb+0xad2/0x12b0
[  494.778957][T13874]  ? cpu_online+0x60/0x60
[  494.783275][T13874]  bpf_prog_test_run+0x321/0x390
[  494.788208][T13874]  __sys_bpf+0x49d/0x890
[  494.792445][T13874]  ? bpf_link_show_fdinfo+0x390/0x390
[  494.797818][T13874]  ? lock_chain_count+0x20/0x20
[  494.802665][T13874]  __x64_sys_bpf+0x7c/0x90
[  494.807070][T13874]  do_syscall_64+0x55/0xa0
[  494.811482][T13874]  ? clear_bhb_loop+0x40/0x90
[  494.816149][T13874]  ? clear_bhb_loop+0x40/0x90
[  494.820819][T13874]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.826705][T13874] RIP: 0033:0x7fe76599aeb9
[  494.831114][T13874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  494.850714][T13874] RSP: 002b:00007fe7667bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  494.859125][T13874] RAX: ffffffffffffffda RBX: 00007fe765c15fa0 RCX: 00007fe76599aeb9
[  494.867092][T13874] RDX: 0000000000000050 RSI: 0000200000001a00 RDI: 000000000000000a
[  494.875066][T13874] RBP: 00007fe7667bf090 R08: 0000000000000000 R09: 0000000000000000
[  494.883025][T13874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  494.890989][T13874] R13: 00007fe765c16038 R14: 00007fe765c15fa0 R15: 00007ffdb0680218
[  494.898967][T13874]  </TASK>
[  495.668070][ T7785] team0 (unregistering): Port device team_slave_1 removed
[  495.722313][ T7785] team0 (unregistering): Port device team_slave_0 removed
[  495.768108][ T7785] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  495.822191][ T7785] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  495.830849][ T5082] Bluetooth: hci1: command tx timeout
[  496.454052][ T7785] bond0 (unregistering): Released all slaves
[  496.544835][T13768] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  496.703813][T13902] netlink: 'syz.1.2598': attribute type 1 has an invalid length.
[  496.730442][T13902] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2598'.
[  496.853989][T13768] 8021q: adding VLAN 0 to HW filter on device bond0
[  496.919583][T13768] 8021q: adding VLAN 0 to HW filter on device team0
[  496.937607][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.944905][ T7788] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.981641][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.988846][ T7788] bridge0: port 2(bridge_slave_1) entered forwarding state
[  497.032957][T13910] netlink: 'syz.1.2600': attribute type 10 has an invalid length.
[  497.045477][T13910] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2600'.
[  497.303800][T13918] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2602'.
[  497.336976][T13918] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2602'.
[  497.377508][T13924] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2602'.
[  497.437144][T13918] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.2602'.
[  497.652404][T13768] 8021q: adding VLAN 0 to HW filter on device batadv0
[  497.784255][T13768] veth0_vlan: entered promiscuous mode
[  497.836451][T13768] veth1_vlan: entered promiscuous mode
[  497.900840][T13768] veth0_macvtap: entered promiscuous mode
[  497.909783][ T5082] Bluetooth: hci1: command tx timeout
[  497.938572][T13768] veth1_macvtap: entered promiscuous mode
[  498.024338][T13768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.043074][T13768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.054533][T13768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.094609][T13768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.106519][T13768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.127102][T13768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.149133][T13768] batman_adv: batadv0: Interface activated: batadv_slave_0
[  498.193750][T13768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  498.209288][T13768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.222405][T13768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  498.235954][T13768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.246329][T13768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  498.261404][T13768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.276997][T13768] batman_adv: batadv0: Interface activated: batadv_slave_1
[  498.302444][T13768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.313789][T13768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.332263][T13768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.369744][T13768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  499.417606][T13956] netlink: 'syz.3.2609': attribute type 10 has an invalid length.
[  499.442158][T13956] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2609'.
[  499.455520][T13956] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  499.467855][T13956] batman_adv: batadv0: Adding interface: virt_wifi0
[  499.478370][T13956] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  499.504961][T13956] batman_adv: batadv0: Interface activated: virt_wifi0
[  499.785925][T13967] netlink: 'syz.3.2612': attribute type 1 has an invalid length.
[  499.801137][ T7789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.816548][T13967] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2612'.
[  499.821168][ T7789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.889867][ T7789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.911644][ T7789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  500.962336][T14003] netlink: 'syz.2.2621': attribute type 10 has an invalid length.
[  500.973458][T14003] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2621'.
[  500.987566][T14003] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  501.020575][T14003] batman_adv: batadv0: Adding interface: virt_wifi0
[  501.027781][T14003] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.066717][T14003] batman_adv: batadv0: Interface activated: virt_wifi0
[  501.076927][T14009] netlink: 'syz.1.2623': attribute type 46 has an invalid length.
[  501.085383][T14009] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2623'.
[  501.103956][T14010] netlink: 'syz.1.2623': attribute type 153 has an invalid length.
[  501.113030][T14010] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.2623'.
[  501.258281][T14014] netlink: 'syz.1.2625': attribute type 1 has an invalid length.
[  501.270617][T14014] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.2625'.
[  501.312866][T14018] netlink: 'syz.2.2627': attribute type 6 has an invalid length.
[  501.349509][T14018] netlink: 140 bytes leftover after parsing attributes in process `syz.2.2627'.
[  501.557100][T14027] netlink: 'syz.3.2633': attribute type 10 has an invalid length.
[  501.565354][T14027] ipvlan1: entered promiscuous mode
[  501.583746][T14027] team0: Device ipvlan1 failed to register rx_handler
[  501.676354][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  501.684263][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  501.728986][T14031] FAULT_INJECTION: forcing a failure.
[  501.728986][T14031] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  501.743510][T14031] CPU: 0 PID: 14031 Comm: syz.3.2634 Not tainted syzkaller #0
[  501.751013][T14031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  501.761090][T14031] Call Trace:
[  501.764489][T14031]  <TASK>
[  501.767449][T14031]  dump_stack_lvl+0x18c/0x250
[  501.772168][T14031]  ? show_regs_print_info+0x20/0x20
[  501.777485][T14031]  ? load_image+0x400/0x400
[  501.782025][T14031]  ? __lock_acquire+0x7d40/0x7d40
[  501.787080][T14031]  should_fail_ex+0x39d/0x4d0
[  501.791793][T14031]  prepare_alloc_pages+0x1e2/0x5f0
[  501.796948][T14031]  __alloc_pages+0x134/0x460
[  501.801580][T14031]  ? zone_statistics+0x170/0x170
[  501.806570][T14031]  ? do_wp_page+0x7ca/0x35f0
[  501.811187][T14031]  ? do_wp_page+0xfc5/0x35f0
[  501.815820][T14031]  __folio_alloc+0x10/0x20
[  501.820248][T14031]  vma_alloc_folio+0x47a/0x8f0
[  501.825027][T14031]  do_wp_page+0x1243/0x35f0
[  501.829551][T14031]  ? lockdep_hardirqs_on+0x98/0x150
[  501.834758][T14031]  ? folio_put+0xd0/0xd0
[  501.839011][T14031]  ? handle_mm_fault+0x12fc/0x4c00
[  501.844117][T14031]  handle_mm_fault+0x135d/0x4c00
[  501.849052][T14031]  ? handle_mm_fault+0xe7/0x4c00
[  501.853996][T14031]  ? numa_migrate_prep+0x350/0x350
[  501.859116][T14031]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  501.864419][T14031]  do_user_addr_fault+0x730/0x12c0
[  501.869537][T14031]  exc_page_fault+0x64/0x100
[  501.874123][T14031]  asm_exc_page_fault+0x26/0x30
[  501.878964][T14031] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  501.884768][T14031] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  501.904375][T14031] RSP: 0018:ffffc9000369f658 EFLAGS: 00050206
[  501.910439][T14031] RAX: ffffffff8426e901 RBX: 1ffff920006d3fc7 RCX: 0000000000000714
[  501.918410][T14031] RDX: 0000000000000000 RSI: ffff8880689b0000 RDI: 0000200000003700
[  501.926384][T14031] RBP: ffffc9000369f7c0 R08: ffff8880689b0713 R09: 1ffff1100d1360e2
[  501.934377][T14031] R10: dffffc0000000000 R11: ffffed100d1360e3 R12: ffff8880689b0000
[  501.942432][T14031] R13: 0000000000000714 R14: 0000000000000714 R15: ffffc9000369fe48
[  501.950420][T14031]  ? _copy_to_iter+0x221/0x1120
[  501.955430][T14031]  _copy_to_iter+0x24f/0x1120
[  501.960108][T14031]  ? _raw_spin_unlock_irqrestore+0xc0/0x120
[  501.966079][T14031]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  501.972049][T14031]  ? _raw_spin_unlock+0x40/0x40
[  501.976894][T14031]  ? iov_iter_init+0x1e0/0x1e0
[  501.981659][T14031]  ? __virt_addr_valid+0x18c/0x540
[  501.986777][T14031]  ? __virt_addr_valid+0x469/0x540
[  501.991899][T14031]  ? __phys_addr_symbol+0x2f/0x70
[  501.996931][T14031]  __skb_datagram_iter+0xdb/0x780
[  502.001956][T14031]  ? skb_copy_datagram_iter+0x200/0x200
[  502.007514][T14031]  skb_copy_datagram_iter+0xb1/0x200
[  502.012812][T14031]  netlink_recvmsg+0x2d4/0xe60
[  502.017596][T14031]  ? netlink_sendmsg+0xbf0/0xbf0
[  502.022554][T14031]  ? aa_af_perm+0x330/0x330
[  502.027061][T14031]  ? __lock_acquire+0x1273/0x7d40
[  502.032198][T14031]  ? perf_tp_event+0x1450/0x1450
[  502.037139][T14031]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  502.042430][T14031]  ? security_socket_recvmsg+0x89/0xb0
[  502.047895][T14031]  ? netlink_sendmsg+0xbf0/0xbf0
[  502.052834][T14031]  ____sys_recvmsg+0x2ce/0x5e0
[  502.057695][T14031]  ? __sys_recvmsg_sock+0x50/0x50
[  502.062894][T14031]  ? import_iovec+0x73/0xa0
[  502.067398][T14031]  ___sys_recvmsg+0x216/0x590
[  502.072097][T14031]  ? __sys_recvmsg+0x2a0/0x2a0
[  502.076867][T14031]  ? ksys_write+0x1c4/0x260
[  502.081380][T14031]  ? __fget_files+0x43d/0x4b0
[  502.086069][T14031]  __x64_sys_recvmsg+0x20c/0x2e0
[  502.090998][T14031]  ? ___sys_recvmsg+0x590/0x590
[  502.095850][T14031]  ? syscall_enter_from_user_mode+0x2e/0x80
[  502.101735][T14031]  do_syscall_64+0x55/0xa0
[  502.106144][T14031]  ? clear_bhb_loop+0x40/0x90
[  502.110811][T14031]  ? clear_bhb_loop+0x40/0x90
[  502.115507][T14031]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  502.121412][T14031] RIP: 0033:0x7fe76599aeb9
[  502.125831][T14031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  502.145438][T14031] RSP: 002b:00007fe7667bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  502.153849][T14031] RAX: ffffffffffffffda RBX: 00007fe765c15fa0 RCX: 00007fe76599aeb9
[  502.161815][T14031] RDX: 0000000000010100 RSI: 0000200000000080 RDI: 0000000000000003
[  502.169780][T14031] RBP: 00007fe7667bf090 R08: 0000000000000000 R09: 0000000000000000
[  502.177740][T14031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.185705][T14031] R13: 00007fe765c16038 R14: 00007fe765c15fa0 R15: 00007ffdb0680218
[  502.193681][T14031]  </TASK>
[  502.438523][T14041] netlink: 'syz.3.2639': attribute type 1 has an invalid length.
[  502.451440][T14041] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.2639'.
[  502.604332][T14052] netlink: 'syz.0.2644': attribute type 33 has an invalid length.
[  502.613419][T14052] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2644'.
[  502.666530][ T5082] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  502.793047][T14055] ------------[ cut here ]------------
[  502.798626][T14055] WARNING: CPU: 0 PID: 14055 at kernel/events/core.c:6806 perf_pending_task+0x35c/0x470
[  502.808666][T14055] Modules linked in:
[  502.812690][T14055] CPU: 0 PID: 14055 Comm: syz.2.2645 Not tainted syzkaller #0
[  502.820293][T14055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  502.830500][T14055] RIP: 0010:perf_pending_task+0x35c/0x470
[  502.837024][T14055] Code: ff 84 db 75 14 e8 74 e1 d5 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 60 e1 d5 ff e8 bb 6b 4f ff eb e5 e8 54 e1 d5 ff <0f> 0b e9 f3 fe ff ff e8 48 e1 d5 ff 48 c7 c7 f0 f2 1c 8d 4c 89 f6
[  502.857028][T14055] RSP: 0018:ffffc900035ef9c0 EFLAGS: 00010293
[  502.863589][T14055] RAX: ffffffff81b131cc RBX: ffff888024ccd3a0 RCX: ffff888023eeda00
[  502.871836][T14055] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  502.879901][T14055] RBP: 0000000000000001 R08: ffffffff8e8ad9ef R09: 1ffffffff1d15b3d
[  502.887906][T14055] R10: dffffc0000000000 R11: fffffbfff1d15b3e R12: ffff888023eeda00
[  502.896112][T14055] R13: ffff88801c3efd30 R14: ffff888024ccd160 R15: 1ffff11004999a2c
[  502.904278][T14055] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  502.914061][T14055] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  502.920799][T14055] CR2: 00007f1b9a68e990 CR3: 000000002144c000 CR4: 00000000003506f0
[  502.928806][T14055] DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000
[  502.936919][T14055] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  502.945683][T14055] Call Trace:
[  502.949178][T14055]  <TASK>
[  502.952922][T14055]  task_work_run+0x1d4/0x260
[  502.957558][T14055]  ? task_work_cancel+0x220/0x220
[  502.962999][T14055]  do_exit+0x95a/0x2460
[  502.967203][T14055]  ? lock_chain_count+0x20/0x20
[  502.972290][T14055]  ? put_task_struct+0xc0/0xc0
[  502.977259][T14055]  ? preempt_schedule_common+0x82/0xc0
[  502.982927][T14055]  ? preempt_schedule+0xc0/0xd0
[  502.987803][T14055]  ? schedule_preempt_disabled+0x20/0x20
[  502.993714][T14055]  do_group_exit+0x21b/0x2d0
[  502.998345][T14055]  get_signal+0x12fc/0x13f0
[  503.003027][T14055]  arch_do_signal_or_restart+0xc2/0x800
[  503.008785][T14055]  ? __ia32_sys_get_robust_list+0x110/0x110
[  503.014832][T14055]  ? get_sigframe_size+0x20/0x20
[  503.019875][T14055]  ? exit_to_user_mode_loop+0x3b/0x110
[  503.025372][T14055]  exit_to_user_mode_loop+0x70/0x110
[  503.030876][T14055]  exit_to_user_mode_prepare+0xee/0x180
[  503.036456][T14055]  syscall_exit_to_user_mode+0x1a/0x50
[  503.042705][T14055]  do_syscall_64+0x61/0xa0
[  503.047161][T14055]  ? clear_bhb_loop+0x40/0x90
[  503.052173][T14055]  ? clear_bhb_loop+0x40/0x90
[  503.056884][T14055]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  503.062877][T14055] RIP: 0033:0x7f1b9979aeb9
[  503.067318][T14055] Code: Unable to access opcode bytes at 0x7f1b9979ae8f.
[  503.074515][T14055] RSP: 002b:00007f1b9a68e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  503.083053][T14055] RAX: fffffffffffffe00 RBX: 00007f1b99a15fa8 RCX: 00007f1b9979aeb9
[  503.091186][T14055] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1b99a15fa8
[  503.099187][T14055] RBP: 00007f1b99a15fa0 R08: 0000000000000000 R09: 0000000000000000
[  503.107396][T14055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  503.115658][T14055] R13: 00007f1b99a16038 R14: 00007ffdd0176330 R15: 00007ffdd0176418
[  503.123788][T14055]  </TASK>
[  503.126831][T14055] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  503.134119][T14055] CPU: 0 PID: 14055 Comm: syz.2.2645 Not tainted syzkaller #0
[  503.141597][T14055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  503.151672][T14055] Call Trace:
[  503.154962][T14055]  <TASK>
[  503.157899][T14055]  dump_stack_lvl+0x18c/0x250
[  503.162605][T14055]  ? show_regs_print_info+0x20/0x20
[  503.167828][T14055]  ? load_image+0x400/0x400
[  503.172369][T14055]  panic+0x2dc/0x730
[  503.176290][T14055]  ? bpf_jit_dump+0xd0/0xd0
[  503.180827][T14055]  __warn+0x2e0/0x470
[  503.184823][T14055]  ? perf_pending_task+0x35c/0x470
[  503.189962][T14055]  ? perf_pending_task+0x35c/0x470
[  503.195107][T14055]  report_bug+0x2be/0x4f0
[  503.199469][T14055]  ? perf_pending_task+0x35c/0x470
[  503.204608][T14055]  ? perf_pending_task+0x35c/0x470
[  503.209750][T14055]  ? perf_pending_task+0x35e/0x470
[  503.214890][T14055]  handle_bug+0xcf/0x120
[  503.219171][T14055]  exc_invalid_op+0x1a/0x50
[  503.223700][T14055]  asm_exc_invalid_op+0x1a/0x20
[  503.228547][T14055] RIP: 0010:perf_pending_task+0x35c/0x470
[  503.234265][T14055] Code: ff 84 db 75 14 e8 74 e1 d5 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 60 e1 d5 ff e8 bb 6b 4f ff eb e5 e8 54 e1 d5 ff <0f> 0b e9 f3 fe ff ff e8 48 e1 d5 ff 48 c7 c7 f0 f2 1c 8d 4c 89 f6
[  503.253870][T14055] RSP: 0018:ffffc900035ef9c0 EFLAGS: 00010293
[  503.259931][T14055] RAX: ffffffff81b131cc RBX: ffff888024ccd3a0 RCX: ffff888023eeda00
[  503.267896][T14055] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  503.275857][T14055] RBP: 0000000000000001 R08: ffffffff8e8ad9ef R09: 1ffffffff1d15b3d
[  503.283833][T14055] R10: dffffc0000000000 R11: fffffbfff1d15b3e R12: ffff888023eeda00
[  503.291796][T14055] R13: ffff88801c3efd30 R14: ffff888024ccd160 R15: 1ffff11004999a2c
[  503.299768][T14055]  ? perf_pending_task+0x35c/0x470
[  503.304888][T14055]  task_work_run+0x1d4/0x260
[  503.309475][T14055]  ? task_work_cancel+0x220/0x220
[  503.314505][T14055]  do_exit+0x95a/0x2460
[  503.318661][T14055]  ? lock_chain_count+0x20/0x20
[  503.323512][T14055]  ? put_task_struct+0xc0/0xc0
[  503.328269][T14055]  ? preempt_schedule_common+0x82/0xc0
[  503.333721][T14055]  ? preempt_schedule+0xc0/0xd0
[  503.338559][T14055]  ? schedule_preempt_disabled+0x20/0x20
[  503.344315][T14055]  do_group_exit+0x21b/0x2d0
[  503.348915][T14055]  get_signal+0x12fc/0x13f0
[  503.353448][T14055]  arch_do_signal_or_restart+0xc2/0x800
[  503.359000][T14055]  ? __ia32_sys_get_robust_list+0x110/0x110
[  503.364889][T14055]  ? get_sigframe_size+0x20/0x20
[  503.369840][T14055]  ? exit_to_user_mode_loop+0x3b/0x110
[  503.375313][T14055]  exit_to_user_mode_loop+0x70/0x110
[  503.380594][T14055]  exit_to_user_mode_prepare+0xee/0x180
[  503.386136][T14055]  syscall_exit_to_user_mode+0x1a/0x50
[  503.391585][T14055]  do_syscall_64+0x61/0xa0
[  503.396097][T14055]  ? clear_bhb_loop+0x40/0x90
[  503.400778][T14055]  ? clear_bhb_loop+0x40/0x90
[  503.405494][T14055]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  503.411393][T14055] RIP: 0033:0x7f1b9979aeb9
[  503.415827][T14055] Code: Unable to access opcode bytes at 0x7f1b9979ae8f.
[  503.422848][T14055] RSP: 002b:00007f1b9a68e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  503.431284][T14055] RAX: fffffffffffffe00 RBX: 00007f1b99a15fa8 RCX: 00007f1b9979aeb9
[  503.439280][T14055] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1b99a15fa8
[  503.447363][T14055] RBP: 00007f1b99a15fa0 R08: 0000000000000000 R09: 0000000000000000
[  503.455344][T14055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  503.463315][T14055] R13: 00007f1b99a16038 R14: 00007ffdd0176330 R15: 00007ffdd0176418
[  503.471386][T14055]  </TASK>
[  503.474766][T14055] Kernel Offset: disabled
[  503.479078][T14055] Rebooting in 86400 seconds..