last executing test programs:

6.452189136s ago: executing program 2 (id=4258):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x10cd22, 0xac5d, 0x3, 0x0, 0x9, 0x23c}, 0x0, 0xffffffffffffffff, r0, 0x0) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@generic={0x0, 0xffffffffffffffff, 0x80000}, 0x18)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100080, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000}, 0x0, 0xfffffffdffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./cgroup.cpu/cpuset.cpus\x00'}, 0x18)
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000100)) (async)
r2 = perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x8cff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x81}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r3 = socket$kcm(0x10, 0x2, 0x0) (rerun: 64)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000005000000fd0900008500000041000000", @ANYRES32, @ANYBLOB="000000001500", @ANYBLOB], 0x50) (async)
r4 = perf_event_open$cgroup(&(0x7f0000000300)={0x0, 0x80, 0xb, 0x6, 0x5, 0x4, 0x0, 0x3, 0x80, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3ad92ab8, 0x2, @perf_bp={&(0x7f0000000240), 0x8}, 0x108078, 0xfffffffffffffff6, 0x40, 0x8, 0x334, 0x0, 0x1, 0x0, 0x1000, 0x0, 0x6}, 0xffffffffffffffff, 0x2, r2, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000280)={0x4, 0x80, 0x9, 0x4, 0x41, 0xb, 0x0, 0x3f5, 0xaa920, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x7fffffff, 0x1, @perf_config_ext={0x2, 0x1ff}, 0x10800, 0x1, 0x3, 0x0, 0x3, 0x1, 0x5, 0x0, 0xa, 0x0, 0x4b8}) (async)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')

6.042608204s ago: executing program 2 (id=4262):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c23004a)
r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x2, &(0x7f0000000340)=ANY=[@ANYRESOCT=r1], &(0x7f0000000180)='GPL\x00', 0x3, 0xce, &(0x7f0000000240)=""/206, 0x0, 0x1c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000400)="5c00000013006bcd9e3fe3d46e48aa31086b8703130000ff0400000000000000080003002e000a000d002e009ee517d34460bc24eab556a705251e6182949a3651f60a84c902d1938037e7c87962a841fca873753f07d7fcf50e4509", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x5421, &(0x7f0000000900)={'tunl0\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
r5 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
setsockopt$sock_attach_bpf(r5, 0x84, 0x18, &(0x7f0000000000), 0x8)

4.298545374s ago: executing program 2 (id=4266):
socket$kcm(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000001, 0x1, @perf_bp={0x0}, 0x8061, 0x3, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000b5"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000000085"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000180)="c1dfb080cd21d308098ee6888035", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.748793512s ago: executing program 4 (id=4271):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x7, 0x11, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x400}, {}, {}, [@alu={0x7, 0x0, 0x6, 0x5, 0x1, 0x0, 0x4}, @alu={0x7, 0x0, 0xb, 0x1, 0x5, 0x20, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, r3, 0x8, &(0x7f00000009c0)={0x0, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000a80)=[r3, 0xffffffffffffffff], &(0x7f0000000ac0)=[{0x2, 0x5, 0xf, 0x9}, {0x5, 0x5, 0xf, 0xa}, {0x3, 0x3, 0xd, 0x5}, {0x2, 0x5, 0xf, 0x4}, {0x4, 0x2, 0xd, 0x3}, {0x2, 0x1, 0x9, 0x2}], 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

3.370848048s ago: executing program 2 (id=4273):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_config_ext={0x4f3, 0x3}, 0x21, 0x0, 0x0, 0x4, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f00000001c0)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r0}, 0x4)
openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x12000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000700"/32], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x80)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20)

3.323077422s ago: executing program 0 (id=4275):
perf_event_open(0x0, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x21, 0x0, 0x0, 0x6, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xdd, 0x708}, 0x0, 0x3, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000000240)='n', 0x0, 0x40002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001bc0)=@generic={0x0, 0x2000000, 0x18}, 0x18)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
r2 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@tipc=@id, 0xc, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x4, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r4=>0xffffffffffffffff})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000008c0)={r1, 0x58, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000980)={r1, 0x58, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
sendmsg$inet(r4, &(0x7f0000000bc0)={&(0x7f0000000300)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000600)="f767acdc88edba78f83cea08caa33ef213908466251818b575baaf18a2e4300a677f8ce39448d00c35d0e499b091a40bc6d52c8b8f5ae2992ec3956545375822ba83c9994dd31e4e36c5a18a8359ffed06d1fcc0d347a7879a44d6800f63e262219f474b6cc1f6099a130c7993adb660d428299ad3fb2b9f97d499aa4c50eb2600c4333a999d0dc529ebaf5a535ec036116ecbdae92b7c8aaf84dc640e46e4a091821f539f40fd29a042ed025d7f16c824d9c6c5c1f5e5914af98f3a0eca7a5fafbc7a5c596f57", 0xc7}], 0x1, &(0x7f00000009c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @local, @empty}}}, @ip_retopts={{0x34, 0x0, 0x7, {[@timestamp_addr={0x44, 0x4, 0xdd, 0x1, 0x7}, @end, @timestamp_addr={0x44, 0x1c, 0x2d, 0x1, 0x1, [{@local, 0x3}, {@dev={0xac, 0x14, 0x14, 0x2c}, 0xffff}, {@broadcast, 0x8000}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @local, @remote}}}, @ip_ttl={{0x14, 0x0, 0x2, 0xd1e}}, @ip_retopts={{0x9c, 0x0, 0x7, {[@cipso={0x86, 0x22, 0x2, [{0x2, 0xf, "0d9aed5e3089caf3d10cc80c5a"}, {0x1, 0xd, "b844d0d82e6fc46507484d"}]}, @timestamp_prespec={0x44, 0x4c, 0x6e, 0x3, 0xe, [{@local, 0x10000}, {@loopback, 0x6}, {@broadcast, 0x87}, {@loopback, 0x7fff}, {@multicast1, 0xfffffff9}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@empty, 0x4}, {@broadcast, 0x5}, {@multicast1, 0xfffffffa}]}, @generic={0x89, 0xe, "1cd7a2db42d1e52155f47b66"}, @generic={0x7, 0xe, "91d4c20635d1ffb980ebaaa7"}]}}}, @ip_retopts={{0x54, 0x0, 0x7, {[@lsrr={0x83, 0x1f, 0x25, [@remote, @empty, @rand_addr=0x64010102, @private=0xa010101, @loopback, @multicast2, @broadcast]}, @timestamp_addr={0x44, 0x24, 0xdc, 0x1, 0x6, [{@remote}, {@multicast1, 0x7}, {@multicast1, 0x7fff}, {@loopback, 0x45}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0xd}}, @ip_retopts={{0x48, 0x0, 0x7, {[@timestamp_addr={0x44, 0x24, 0x19, 0x1, 0xd, [{@broadcast, 0x3}, {@local, 0xffff}, {@loopback, 0x9}, {@rand_addr=0x64010102, 0x16}]}, @ra={0x94, 0x4}, @noop, @generic={0x88, 0xf, "61d7f58baf7330234ba49905e2"}]}}}], 0x200}, 0x4004000)
setsockopt$sock_attach_bpf(r3, 0x0, 0x19, 0x0, 0x0)
socketpair(0x1e, 0x4, 0x6, &(0x7f0000000000))
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bd6efb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{}]})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740))
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x15, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x3, 0x5}, 0x440, 0x0, 0x0, 0x0, 0x46fa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020039000b05d25a806f8c6394f90324fc602f00000008000100feff020037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
socket$kcm(0x2, 0x1, 0x0)
write$cgroup_int(r7, &(0x7f0000000100), 0x1001)

3.268472935s ago: executing program 4 (id=4276):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c23004a)
r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x2, &(0x7f0000000340)=ANY=[@ANYRESOCT=r1], &(0x7f0000000180)='GPL\x00', 0x3, 0xce, &(0x7f0000000240)=""/206, 0x0, 0x1c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x5421, &(0x7f0000000900)={'tunl0\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
r4 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
setsockopt$sock_attach_bpf(r4, 0x84, 0x18, &(0x7f0000000000), 0x8)

2.897223371s ago: executing program 3 (id=4279):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e47"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r3 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[], 0x101d0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x0, 0xb3, 0x7f}, 0x48)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x0, 0x0)
sendmsg$kcm(r3, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000c40)=ANY=[], 0x1458}, 0x20048811)

2.833563295s ago: executing program 1 (id=4280):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90)
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r1=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x18, &(0x7f0000000000)=r1, 0x8)

2.833262416s ago: executing program 0 (id=4281):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0xc, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.726776483s ago: executing program 1 (id=4282):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x7f}, 0x50)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x16, 0x2, 0x0, 0x0, 0x0, 0x1, 0x220, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x5ff, 0x100000001}, 0x11619d, 0x80006, 0xfffffbff, 0x5, 0x2, 0x200, 0x5, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000c40)=ANY=[], 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x4, 0xc272}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000000000a600ed1f0000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
getpid()
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74029, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x40000000}, r0, 0x5, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0d00000004000000040000000c00000000000000", @ANYRES32=r1, @ANYBLOB="000000000000000000000000d5f3000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1053e0, 0x2, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c00)={&(0x7f0000001780)=ANY=[@ANYBLOB="9feb0100180059b2000000001800000018000000020000000000000000000003001e000006010000030000006694790000a7144c0a10e985250dbedd2d922bd58ce6801bb0e36f38645c845bfc92d067062368bd1c1f5928199cc8bc5e3cf0d1d6609c3bf3a7959a5010b73b83522ecb973485a2d1167e107ccd07a1f6bd234789f8635d0122b54908ade6d275dc3d2ad8a240546cd6a1b5f894d1ead0c22a38025d66ecca1a83876bd58124964c60c7175b444f5ed7c1e08646cf193e63ac966a6f5e63007d107bdd30e36edc933d24c0be76fc2a2648e993a0e1b794ff859d5330b79d9f7292b6b9dfb897e11ff973856a4747d834d07ba5353833f9110163a362b328b064844881"], &(0x7f0000001680)=""/225, 0x32, 0xe1, 0x1}, 0x28)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848420000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)

2.658102117s ago: executing program 0 (id=4283):
socket$kcm(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000001, 0x1, @perf_bp={0x0}, 0x8061, 0x3, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000b5"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000000085"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000180)="c1dfb080cd21d308098ee6888035", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.522002197s ago: executing program 1 (id=4284):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x8001, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2})
ioctl$TUNSETDEBUG(r1, 0x400454c9, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x2020, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f15, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff85850000007100000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="5fd63edbfd8a4a6077fd87686f9a", 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x3}, 0x50)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x306)
socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfd, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0)

2.398511665s ago: executing program 0 (id=4285):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x7, 0x11, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x400}, {}, {}, [@alu={0x7, 0x0, 0x6, 0x5, 0x1, 0x0, 0x4}, @alu={0x7, 0x0, 0xb, 0x1, 0x5, 0x20, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, r3, 0x8, &(0x7f00000009c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000a00)={0x0, 0xf, 0x7f, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000ac0)=[{0x2, 0x5, 0xf, 0x9}, {0x5, 0x5, 0xf, 0xa}, {0x3, 0x3, 0xd, 0x5}, {0x2, 0x5, 0xf, 0x4}, {0x4, 0x2, 0xd, 0x3}, {0x2, 0x1, 0x9, 0x2}], 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

2.309568212s ago: executing program 2 (id=4286):
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x40020000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803003f000b12d25a80648c2594f90124fc60020c024002000a00053582c137153e370248078000f01705d1bd", 0x33fe0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf09"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb010789005e107538e486dd6317ce22000000fffe80000000000000101000007f0600080000000000000071273fa7b49301641184a907"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x739, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

1.911447399s ago: executing program 3 (id=4287):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x7, 0x11, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x400}, {}, {}, [@alu={0x7, 0x0, 0x6, 0x5, 0x1, 0x0, 0x4}, @alu={0x7, 0x0, 0xb, 0x1, 0x5, 0x20, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, r3, 0x8, &(0x7f00000009c0)={0x0, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000a80)=[r3, 0xffffffffffffffff], &(0x7f0000000ac0)=[{0x2, 0x5, 0xf, 0x9}, {0x5, 0x5, 0xf, 0xa}, {0x3, 0x3, 0xd, 0x5}, {0x2, 0x5, 0xf, 0x4}, {0x4, 0x2, 0xd, 0x3}, {0x2, 0x1, 0x9, 0x2}], 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

1.90014276s ago: executing program 0 (id=4297):
r0 = getpid()
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x2, 0x3cd, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, r0, 0x0, 0xffffffffffffffff, 0x2)
syz_clone(0x41064400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f00000001c0)=0xa00, &(0x7f0000000200)}, 0x20)
r2 = socket$kcm(0x2, 0x5, 0x84)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280))
sendmsg$inet(r2, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x4e23, @private=0xa010101}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000200)=""/166}, 0x20)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000cc0)=""/4085, 0xff5}, {&(0x7f0000001ec0)=""/4096, 0x1000}], 0x2}, 0x12000)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f92124fc60042011000a7403004700000037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
getpid()
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x200})

1.362701367s ago: executing program 4 (id=4288):
socket$kcm(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000001, 0x1, @perf_bp={0x0}, 0x8061, 0x3, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000180)="c1dfb080cd21d308098ee6888035", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.32181184s ago: executing program 3 (id=4289):
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x48440, 0x0)
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x83, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x9, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x20242, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9}, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e}, 0x94)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[@rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080))

1.283617442s ago: executing program 1 (id=4290):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000014462000bfa30000000000001702000000feffff7a0af0ff14ffffff61a4f0ff00000000b7060000ff0800007e640200000000005502faff037202000404000001007d60a6040000001000006a0a58fe39000f008500000019000000bc600000000000009500000000000000a81bbfa32d51a7d0679fd43041097666ab982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c4580034fb000000e3a94bd24d2eb3860d808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b893d3b72cd6c832e986440ff0a7e8620cb231ccd00000000000000000000007777e2704653f620b2272c3c7fea60491073847c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a1f00e891728807982d90e116bba29bb70900000000000000c63ad2e7402f9cb424ac416e66af9ebbfea905d37cf226312cb81e48439cea06e7fa5e5b3596301460142f83b464d9e57dfdb06dcf9101000100130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ebdecbd061772daa52a38539295d3fea7a7e669441e1ff04114dfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cbe8925efd0c81af69a3e97588878d7ce18b68bc37e061d33357d6a39d33c702576cc2a8891663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b51949b7d4b67300580d854c280206bfb93122fc776aadec51a367658100000000000000b148a90000000000a2a283801ff218538cb12c72b56ffb6b7a062581ec749f5700000000009f1f5ab2e02739ccffff0000360300005cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb933d81967c4d0e6d5244c1ffb0e97628a88a5e37032f1e8f6c893e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2816e301fc8a24dba6fca8b270d44fe65e7bd90a5fc16387bcb5e3df18d7d2a33c72cfda827b8926a6dc6bc19ce398cb8fe48b11b7f93e6fdfb040283c9627bd40909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9598eb067b21111dbaa58b19a52f3f12880128d08eb477ad349ca214bc7f80000000000ffb52da89cff41552996e20a585c7d265bd749eeba040fa7111c84142757709d7c475fac2839beb833327db41c6b647c7ee9ad419a6c68dd5c2ce4fa23c280518fc6e54d1b055cae5492e8c4cdd314a49631a15de2bffc920dd74e670794c3133bdfa17d809bf956f1af51cf3c0711792d3071dfdaec3c66053cdb00028f6fba8da8f53de39a5999e56fc26ae866674627c8a53d3fd245050060ed40782d1d98bf1e1f5dfd4d1fb399624c12732e300818b222ce029ce01055f941721226e3e5f05d2837240f8f6831b6ef2a02ec64aae1eea9cfac06d8b7042e8ebdc69a0d4a14281e631d06afc99d397c5b67b290344e347c953806b298f288884335f624378b3748a4a86bbd0a62127b2c28ce3737661b98bd45965b537ece7bd4e365ffd5567df4d02034c8d488a49c6fb1a0a02eaab2f271d3a14e44211e4ff602d146f72355972860bdd14719d65301964d022819b75696ce47534c9d989d69a445095ff8fbebd2c84635acc333f2aca4623cfe9f9e6c3f9fbb4374c08e1be5eec12c329a87d335fd7a52a4e4e7c2e57fa2f0df9500347b300f84230783cb665f3fa44f5d6fa987aa93c2619ef4977f9e4d38adec323778f3bc987533ffd85fe5417398a3001b394fccbd2faee83b5e2b8a2dd18cf067b6198366283c531b3ef336a84e825c63b9bc7b98b4ad6a471692224adef86f4c9930169dfa133e22929d5a27e10bfbcfe7c02ca451afd74d26f489e0e09cf1b596ae0c959cf26cb0c8114a9311b7f2fe2ad977074ff5f62f6777a20700414ed03ba3d7404eadd43a62ad1173491a5c099290393e1f85aeb3886fbb7f6646212054a850d58a71c6d6027cd3a5ff22e98672349f9bddb23622e2f19b39e51ced84524567ec1fcb233a2fb85371e9b08b6fd4adcd4db148ed26757123a0e604bcf6ffdcc303956e1805f1746361bd3eeb55d3fefe6ac274c2e6c78963430118942d62a465698e600dadd81a53ffd29358746e8db2499e3fca62b0ff660b0aaeedadeb194a9217e9fed2ce04cc24451871d5bcd76173ab7123cc27eef33dbb4d3c3bf1fc2df68a98345c15667388c5000000000000000000000015000000c0459f900702908d4979288d06c7159ef2663dc7ea9302b10bf2da21e3990ddf20a38adc1fd15124310daf2461224cfbfd5e6265d012d60fc9e39209ce3209720f8d7bf39bf71d0d46ed6d51eede797da70cf0b7463cffc8557f9a2e15483dbafb146a3221c20d51f172cf2eefe1e6b28cffc1e40a789d5513626f5c4fbf65a2b5a093634b806b7ee570f70f624ce8c02d4c1ec7a9370f42a807f1d46fe77be0637a8007343b7771788f64b36cab94a99243bc780702f98f34a80f81aeb853f97c3e9586805d1a240d7e870b15defbc6b21fdc98a79759c9b8375313deea0000000009e38e9539d6b9507b6f3f8d29992d080a13aed8879a1f2cb3475be3376427f89d432f7fe7c0cad2ce38427fc773cef47e00000000000000000000000000000000000d09b8ee6321377ffcb6cc386f8704ae9ce6c11b4bb91d0097ef2b77e0cd28af1222e68c2745eca64fa40db07f6e5925224069d14395f7170ab9c2d396f7510f65ce5b0405d8951a70a37117d13c5b2f684c52bff2dc895f5e06e497adee9de0012dd140c592137c90319f8a578007b57aaba3fb93d29a6584313e5b58f8a71cebf77a0891f3633dba69588ec728e785e6e4431fce5a143451c7a51c22b1b605347db811eb9a461f4ef2612181aa8cafc33a4552d4550a717339bdcae1d5c2e78d0a2f550a865811c0162d6dd0b5f834b6295f2a2b0045d8b0033a878daae3db955f2689e3e13842a6219da4e3"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)

1.262458223s ago: executing program 2 (id=4291):
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000020000000000000000000000180200002020702500000000002020207b0af8ff00000000bda106000000000026010000f8ffffffb702000008000000b703000000000000850000000500000018010000202070250000000000202020c31af8ff01000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x3}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
recvmsg$unix(r2, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r5, &(0x7f0000000d00)=ANY=[], 0x9a)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={0x1, <r6=>0xffffffffffffffff}, 0x4)
r7 = bpf$OBJ_GET_MAP(0x7, 0x0, 0xffffffffffffff28)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x4, 0x8, 0x3d, 0x41}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000a40)={0x1, 0x58, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c40)=@bpf_tracing={0x1a, 0x15, &(0x7f0000000800)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @generic={0x2, 0x9, 0x3, 0x8, 0x3}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x3}], &(0x7f00000008c0)='syzkaller\x00', 0x3ff, 0xbc, &(0x7f0000000900)=""/188, 0x40f00, 0x54, '\x00', r10, 0x1a, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x5, 0x5, 0x68fc, 0x9}, 0x10, 0x26af3, r4, 0x0, 0x0, 0x0, 0x10, 0xfffffff7}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000180), 0x1003, r9}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r9, &(0x7f0000000080), &(0x7f0000000540)=""/210}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000f00)={r7, 0x58, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000e40)=ANY=[@ANYRESDEC=r8, @ANYRES32, @ANYRES32=r9], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000f80)=""/222, 0x0, 0x0, '\x00', r11, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x865}, 0x94)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xd, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x4}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r13=>0xffffffffffffffff})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000780)={r7, <r14=>0xffffffffffffffff}, 0x4)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000007c0)=@o_path={&(0x7f0000000240)='./file0\x00', r14, 0x4000, r9}, 0x18)
recvmsg$unix(r13, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r15=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r15, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96')
ioctl$TUNGETFEATURES(r15, 0x5452, &(0x7f00000013c0))
r16 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0x6, 0x7, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r16}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x29, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x284}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xe}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000440)='syzkaller\x00', 0x1ff, 0x0, 0x0, 0x40f00, 0x6, '\x00', r11, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0x8, 0xde, 0x755c5e94}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000640)=[r12, r15, r16], &(0x7f0000000680)=[{0x4, 0x1, 0xc, 0xc}, {0x5, 0x4, 0x0, 0xa}, {0x3, 0x2, 0x7, 0x6}], 0x10, 0x3}, 0x94)
sendmsg$kcm(r0, &(0x7f0000000280)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x47}, 0x80, 0x0}, 0x0)

1.150358901s ago: executing program 4 (id=4292):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90)
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r1=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x18, &(0x7f0000000000)=r1, 0x8)

1.103130425s ago: executing program 3 (id=4293):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0xc, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x0, 0x7, 0x0, &(0x7f00000002c0)="e02742e86c0d85", 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.010346761s ago: executing program 1 (id=4294):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x7f}, 0x50)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x16, 0x2, 0x0, 0x0, 0x0, 0x1, 0x220, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x5ff, 0x100000001}, 0x11619d, 0x80006, 0xfffffbff, 0x5, 0x2, 0x200, 0x5, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000c40)=ANY=[], 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x4, 0xc272}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000000000a600ed1f0000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
getpid()
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74029, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x40000000}, r0, 0x5, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0d00000004000000040000000c00000000000000", @ANYRES32=r1, @ANYBLOB="000000000000000000000000d5f3000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1053e0, 0x2, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c00)={&(0x7f0000001780)=ANY=[@ANYBLOB="9feb0100180059b2000000001800000018000000020000000000000000000003001e000006010000030000006694790000a7144c0a10e985250dbedd2d922bd58ce6801bb0e36f38645c845bfc92d067062368bd1c1f5928199cc8bc5e3cf0d1d6609c3bf3a7959a5010b73b83522ecb973485a2d1167e107ccd07a1f6bd234789f8635d0122b54908ade6d275dc3d2ad8a240546cd6a1b5f894d1ead0c22a38025d66ecca1a83876bd58124964c60c7175b444f5ed7c1e08646cf193e63ac966a6f5e63007d107bdd30e36edc933d24c0be76fc2a2648e993a0e1b794ff859d5330b79d9f7292b6b9dfb897e11ff973856a4747d834d07ba5353833f9110163a362b328b064844881"], &(0x7f0000001680)=""/225, 0x32, 0xe1, 0x1}, 0x28)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848420000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)

1.010016891s ago: executing program 4 (id=4295):
socket$kcm(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000001, 0x1, @perf_bp={0x0}, 0x8061, 0x3, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000b5"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000000085"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000180)="c1dfb080cd21d308098ee6888035", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

944.033425ms ago: executing program 3 (id=4296):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_config_ext={0x4f3, 0x3}, 0x21, 0x0, 0x0, 0x4, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f00000001c0)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r0}, 0x4)
perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x6000, 0x1, 0xfffffffe, 0x1}, 0x0, 0xffffffffffffefff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000700"/32], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x80)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20)

895.913489ms ago: executing program 0 (id=4298):
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x60, 0x8}, {}, {0x2}]})
socket$kcm(0x21, 0x2, 0x2)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c012, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x21, &(0x7f00000000c0), 0x4)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYRES32], 0x50)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000000000850000000500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb70300004caf0000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
sendmsg$sock(r2, &(0x7f0000001200)={&(0x7f0000000b00)=@caif=@util={0x25, "b6cfd1ade4f5f4138d7045f5024db60a"}, 0x80, 0x0, 0x0, &(0x7f0000001180)=[@mark={{0x14, 0x1, 0x24, 0xc}}, @mark={{0x14, 0x1, 0x24, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x1}}], 0x48}, 0xc4)

805.753395ms ago: executing program 4 (id=4299):
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x58c8, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc006, 0xac5d, 0xffffffff, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3000c085)
close(0x4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001080)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000e80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5945}}, &(0x7f0000000e00)='GPL\x00', 0xccf9, 0x96, &(0x7f0000000f00)=""/150, 0x40f00, 0x9}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0e00009bd029ef8020ab070004000523a608463a3f", @ANYRES16=r2], 0xfe33)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x21, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x7}, 0x21, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x80001000, 0x0, 0x0, 0x0, 0x0, 0x0)

800.716285ms ago: executing program 1 (id=4300):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c23004a)
r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x2, &(0x7f0000000340)=ANY=[@ANYRESOCT=r1], &(0x7f0000000180)='GPL\x00', 0x3, 0xce, &(0x7f0000000240)=""/206, 0x0, 0x1c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x5421, &(0x7f0000000900)={'tunl0\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
r4 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
setsockopt$sock_attach_bpf(r4, 0x84, 0x18, &(0x7f0000000000), 0x8)

0s ago: executing program 3 (id=4301):
r0 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0}, 0x0, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'\x00', 0x6132})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xb6123, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0xfff, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = gettid()
sendmsg$unix(r3, &(0x7f0000001840)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000005c0)='>', 0x7ffff002}], 0x1, &(0x7f0000001800)=[@rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0x0, 0xee01}}}], 0x38}, 0xfd)
r8 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002, 0x0, 0x0, 0x2}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
close(r10)
recvmsg$unix(r9, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r11=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x84, 0x65, &(0x7f0000000000)=r11, 0x10)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYRES16], 0xffd3)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000180)='\x00')
recvmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r12=>0xffffffffffffffff]}}], 0x18}, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000300), 0x4)
write$cgroup_subtree(r12, &(0x7f0000000340)=ANY=[@ANYRES64], 0x2)

kernel console output (not intermixed with test programs):

: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  525.490721][T10516] bridge0: port 2(bridge_slave_1) entered blocking state
[  525.497953][T10516] bridge0: port 2(bridge_slave_1) entered forwarding state
[  525.521594][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  525.552794][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  525.622254][T13184] netlink: 'syz.2.3051': attribute type 10 has an invalid length.
[  525.632887][T13187] netlink: 'syz.3.3053': attribute type 39 has an invalid length.
[  525.742181][T13193] netlink: 'syz.3.3053': attribute type 4 has an invalid length.
[  525.795616][T13193] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3053'.
[  526.073054][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  526.134721][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  526.153572][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  526.184996][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  526.214068][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  526.233995][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  526.269484][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  526.320774][T13200] netlink: 'syz.1.3056': attribute type 39 has an invalid length.
[  526.357369][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  526.387340][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  526.398507][T13002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  526.813274][T13227] netlink: 'syz.0.3063': attribute type 10 has an invalid length.
[  527.324818][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  527.341686][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  527.383613][T13002] 8021q: adding VLAN 0 to HW filter on device batadv0
[  527.473312][T13241] netlink: 'syz.3.3068': attribute type 39 has an invalid length.
[  527.543253][T13241] netlink: 'syz.3.3068': attribute type 4 has an invalid length.
[  527.603634][T13241] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3068'.
[  527.868807][T13250] FAULT_INJECTION: forcing a failure.
[  527.868807][T13250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  527.919894][T13250] CPU: 0 PID: 13250 Comm: syz.2.3070 Not tainted syzkaller #0
[  527.927453][T13250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  527.937540][T13250] Call Trace:
[  527.940828][T13250]  <TASK>
[  527.943760][T13250]  dump_stack_lvl+0x188/0x24e
[  527.948454][T13250]  ? show_regs_print_info+0x12/0x12
[  527.953719][T13250]  ? load_image+0x400/0x400
[  527.958232][T13250]  ? __lock_acquire+0x7d10/0x7d10
[  527.963264][T13250]  should_fail_ex+0x399/0x4d0
[  527.967944][T13250]  _copy_from_user+0x2c/0x170
[  527.972626][T13250]  iovec_from_user+0x143/0x360
[  527.977403][T13250]  __import_iovec+0x6d/0x500
[  527.982007][T13250]  import_iovec+0x6f/0xa0
[  527.986342][T13250]  ___sys_sendmsg+0x252/0x360
[  527.991030][T13250]  ? __sys_sendmsg+0x290/0x290
[  527.995829][T13250]  ? __lock_acquire+0x7d10/0x7d10
[  528.000899][T13250]  __se_sys_sendmsg+0x1bb/0x2a0
[  528.005768][T13250]  ? __x64_sys_sendmsg+0x80/0x80
[  528.010757][T13250]  ? lockdep_hardirqs_on+0x94/0x140
[  528.016009][T13250]  do_syscall_64+0x4c/0xa0
[  528.020452][T13250]  ? clear_bhb_loop+0x60/0xb0
[  528.025141][T13250]  ? clear_bhb_loop+0x60/0xb0
[  528.029849][T13250]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  528.035765][T13250] RIP: 0033:0x7f6aac59c819
[  528.040206][T13250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  528.060278][T13250] RSP: 002b:00007f6aad38a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  528.068720][T13250] RAX: ffffffffffffffda RBX: 00007f6aac816090 RCX: 00007f6aac59c819
[  528.076696][T13250] RDX: 0000000000004040 RSI: 0000200000002b00 RDI: 000000000000000d
[  528.084666][T13250] RBP: 00007f6aad38a090 R08: 0000000000000000 R09: 0000000000000000
[  528.092641][T13250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.100621][T13250] R13: 00007f6aac816128 R14: 00007f6aac816090 R15: 00007ffd6be15338
[  528.108610][T13250]  </TASK>
[  528.898857][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  528.917598][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  528.960340][T13288] netlink: 'syz.2.3080': attribute type 39 has an invalid length.
[  528.994226][T13002] device veth0_vlan entered promiscuous mode
[  529.021968][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  529.041215][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  529.059747][T13290] netlink: 'syz.2.3080': attribute type 4 has an invalid length.
[  529.088640][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  529.110227][T13290] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3080'.
[  529.124112][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  529.161034][T13002] device veth1_vlan entered promiscuous mode
[  529.243932][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  529.258272][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  529.287569][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  529.308006][T10520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  529.341363][T13002] device veth0_macvtap entered promiscuous mode
[  529.354834][T13295] netlink: 'syz.0.3083': attribute type 39 has an invalid length.
[  529.380512][T13002] device veth1_macvtap entered promiscuous mode
[  529.411145][T13295] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3083'.
[  529.450035][T13002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.471205][T13002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.492428][T13002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  529.556861][T13002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.577707][T13002] batman_adv: batadv0: Interface activated: batadv_slave_0
[  529.587659][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  529.619529][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  529.636274][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  529.656021][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  529.697453][T13002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.722335][T13002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.747794][T13002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  529.813251][T13002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  529.835657][T13002] batman_adv: batadv0: Interface activated: batadv_slave_1
[  529.852674][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  529.867373][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  529.908852][T13002] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  529.927958][T13002] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  529.988059][T13002] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.000689][T13002] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.429485][T13329] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3094'.
[  530.544577][T13336] FAULT_INJECTION: forcing a failure.
[  530.544577][T13336] name failslab, interval 1, probability 0, space 0, times 0
[  530.558833][T10516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.585762][T10516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.593943][T13336] CPU: 1 PID: 13336 Comm: syz.0.3096 Not tainted syzkaller #0
[  530.601501][T13336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  530.611587][T13336] Call Trace:
[  530.614899][T13336]  <TASK>
[  530.617856][T13336]  dump_stack_lvl+0x188/0x24e
[  530.622578][T13336]  ? show_regs_print_info+0x12/0x12
[  530.627834][T13336]  ? load_image+0x400/0x400
[  530.632375][T13336]  ? __might_sleep+0xd0/0xd0
[  530.636993][T13336]  ? __lock_acquire+0x7d10/0x7d10
[  530.642060][T13336]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  530.648093][T13336]  should_fail_ex+0x399/0x4d0
[  530.652818][T13336]  should_failslab+0x5/0x20
[  530.657357][T13336]  slab_pre_alloc_hook+0x59/0x310
[  530.662425][T13336]  ? lockdep_hardirqs_on+0x94/0x140
[  530.667649][T13336]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  530.673218][T13336]  __kmem_cache_alloc_node+0x4f/0x260
[  530.678616][T13336]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  530.684174][T13336]  __kmalloc+0xa0/0x240
[  530.688348][T13336]  bpf_prog_test_run_skb+0x234/0x12a0
[  530.693730][T13336]  ? __fget_files+0x28/0x4b0
[  530.698337][T13336]  ? __fget_files+0x28/0x4b0
[  530.702944][T13336]  ? __fget_files+0x43d/0x4b0
[  530.707726][T13336]  ? cpu_online+0xa0/0xa0
[  530.712079][T13336]  bpf_prog_test_run+0x31e/0x390
[  530.717042][T13336]  __sys_bpf+0x62b/0x780
[  530.721294][T13336]  ? bpf_link_show_fdinfo+0x380/0x380
[  530.726684][T13336]  ? lock_chain_count+0x20/0x20
[  530.731546][T13336]  __x64_sys_bpf+0x78/0x90
[  530.735980][T13336]  do_syscall_64+0x4c/0xa0
[  530.740413][T13336]  ? clear_bhb_loop+0x60/0xb0
[  530.745098][T13336]  ? clear_bhb_loop+0x60/0xb0
[  530.749785][T13336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  530.755707][T13336] RIP: 0033:0x7fec7079c819
[  530.760132][T13336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  530.779766][T13336] RSP: 002b:00007fec715d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  530.788207][T13336] RAX: ffffffffffffffda RBX: 00007fec70a15fa0 RCX: 00007fec7079c819
[  530.796195][T13336] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a
[  530.804172][T13336] RBP: 00007fec715d2090 R08: 0000000000000000 R09: 0000000000000000
[  530.812149][T13336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.820122][T13336] R13: 00007fec70a16038 R14: 00007fec70a15fa0 R15: 00007fff7cd3ae88
[  530.828109][T13336]  </TASK>
[  530.841798][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  530.925346][T13341] validate_nla: 4 callbacks suppressed
[  530.925362][T13341] netlink: 'syz.1.3098': attribute type 39 has an invalid length.
[  530.939954][ T5027] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.955296][ T5027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.977875][   T71] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  531.011021][T13341] netlink: 'syz.1.3098': attribute type 4 has an invalid length.
[  531.019228][T13341] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3098'.
[  532.301583][T12749] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  532.314040][T12749] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  532.322807][T12749] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  532.336909][T12749] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  532.345972][T12749] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  532.353499][T12749] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  532.360397][T13373] netlink: 'syz.3.3109': attribute type 4 has an invalid length.
[  532.405468][T13373] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3109'.
[  534.599447][T13375] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.703447][T13370] chnl_net:caif_netlink_parms(): no params data found
[  535.078708][T13370] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.090919][T13370] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.100758][T13370] device bridge_slave_0 entered promiscuous mode
[  535.111184][T13370] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.118762][T13370] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.128292][T13370] device bridge_slave_1 entered promiscuous mode
[  535.154243][T13370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.194456][T13370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.249873][T13370] team0: Port device team_slave_0 added
[  535.257785][T13391] netlink: 'syz.2.3112': attribute type 39 has an invalid length.
[  535.273262][T13370] team0: Port device team_slave_1 added
[  535.349405][T13370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  535.350858][T13391] netlink: 'syz.2.3112': attribute type 4 has an invalid length.
[  535.361330][T13370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  535.370884][T13391] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3112'.
[  535.391030][T13370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  535.448284][T13395] netlink: 'syz.4.3114': attribute type 39 has an invalid length.
[  535.478058][T13395] device veth0_macvtap left promiscuous mode
[  535.568769][T13370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  535.580325][T13370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  535.636673][T13370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  535.742100][T13370] device hsr_slave_0 entered promiscuous mode
[  535.749789][T13370] device hsr_slave_1 entered promiscuous mode
[  536.315484][T13370] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.441281][T13370] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.484007][T13422] netlink: 'syz.4.3128': attribute type 10 has an invalid length.
[  536.589883][T13422] team0: Port device geneve1 added
[  536.597619][T13424] netlink: 'syz.2.3129': attribute type 10 has an invalid length.
[  536.658132][T13370] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.701071][T13426] netlink: 'syz.1.3130': attribute type 39 has an invalid length.
[  536.725348][ T4276] Bluetooth: hci5: command 0x0409 tx timeout
[  536.867319][T13370] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  537.100508][T13370] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  537.132767][T13370] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  537.165769][T13370] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  537.199011][T13370] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  537.451768][T13370] 8021q: adding VLAN 0 to HW filter on device bond0
[  537.469953][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  537.479383][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  537.494080][T13370] 8021q: adding VLAN 0 to HW filter on device team0
[  537.512135][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  537.528226][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  537.540826][T10513] bridge0: port 1(bridge_slave_0) entered blocking state
[  537.548074][T10513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  537.586278][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  537.598594][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  537.627340][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  537.643439][T10513] bridge0: port 2(bridge_slave_1) entered blocking state
[  537.650643][T10513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  537.667798][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  537.688571][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  537.703847][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  537.722107][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  537.764899][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  537.790070][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  537.861840][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  537.885868][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  537.902552][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  537.912270][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  537.926129][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  537.944049][T13457] netlink: 'syz.4.3141': attribute type 10 has an invalid length.
[  537.973705][T13459] netlink: 'syz.2.3142': attribute type 39 has an invalid length.
[  538.104798][T13464] bridge0: port 1(bridge_slave_0) entered disabled state
[  538.183586][T13464] device bridge_slave_1 left promiscuous mode
[  538.197189][T13464] bridge0: port 2(bridge_slave_1) entered disabled state
[  538.215158][T13464] device bridge_slave_0 left promiscuous mode
[  538.221692][T13464] bridge0: port 1(bridge_slave_0) entered disabled state
[  538.795308][ T4276] Bluetooth: hci5: command 0x041b tx timeout
[  538.848464][T13483] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3151'.
[  538.862420][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  538.896682][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  538.990541][T13370] 8021q: adding VLAN 0 to HW filter on device batadv0
[  539.022766][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  539.033916][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  539.051560][T13486] netlink: 'syz.4.3154': attribute type 10 has an invalid length.
[  539.071775][T13490] FAULT_INJECTION: forcing a failure.
[  539.071775][T13490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  539.131202][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  539.161328][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  539.178518][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  539.187662][T13490] CPU: 1 PID: 13490 Comm: syz.1.3155 Not tainted syzkaller #0
[  539.195172][T13490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  539.205249][T13490] Call Trace:
[  539.208553][T13490]  <TASK>
[  539.211500][T13490]  dump_stack_lvl+0x188/0x24e
[  539.216248][T13490]  ? show_regs_print_info+0x12/0x12
[  539.221471][T13490]  ? load_image+0x400/0x400
[  539.225999][T13490]  ? __lock_acquire+0x7d10/0x7d10
[  539.231071][T13490]  should_fail_ex+0x399/0x4d0
[  539.235770][T13490]  _copy_from_user+0x2c/0x170
[  539.240479][T13490]  __sys_bpf+0x2ea/0x780
[  539.244751][T13490]  ? bpf_link_show_fdinfo+0x380/0x380
[  539.250172][T13490]  ? lock_chain_count+0x20/0x20
[  539.255073][T13490]  __x64_sys_bpf+0x78/0x90
[  539.259515][T13490]  do_syscall_64+0x4c/0xa0
[  539.263968][T13490]  ? clear_bhb_loop+0x60/0xb0
[  539.268670][T13490]  ? clear_bhb_loop+0x60/0xb0
[  539.273359][T13490]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  539.279349][T13490] RIP: 0033:0x7f235d39c819
[  539.283777][T13490] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  539.303678][T13490] RSP: 002b:00007f235b5f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  539.312122][T13490] RAX: ffffffffffffffda RBX: 00007f235d615fa0 RCX: 00007f235d39c819
[  539.320110][T13490] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000001
[  539.328088][T13490] RBP: 00007f235b5f6090 R08: 0000000000000000 R09: 0000000000000000
[  539.336075][T13490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  539.344055][T13490] R13: 00007f235d616038 R14: 00007f235d615fa0 R15: 00007fff6da3bb78
[  539.352050][T13490]  </TASK>
[  539.366953][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  539.376029][T13488] netlink: 'syz.3.3152': attribute type 39 has an invalid length.
[  539.398164][T13488] device veth0_macvtap left promiscuous mode
[  539.467360][T13370] device veth0_vlan entered promiscuous mode
[  539.489907][T13492] netlink: 'syz.2.3156': attribute type 39 has an invalid length.
[  539.519955][T13370] device veth1_vlan entered promiscuous mode
[  539.564755][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  539.616597][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  539.649482][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  539.669445][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  539.723471][T13370] device veth0_macvtap entered promiscuous mode
[  539.744358][T13370] device veth1_macvtap entered promiscuous mode
[  539.870259][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  539.928508][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  539.971364][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  540.045940][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.085557][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  540.105313][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.137314][T13370] batman_adv: batadv0: Interface activated: batadv_slave_0
[  540.193290][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  540.217170][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  540.238645][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  540.249062][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  540.270185][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.283945][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.298103][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.341062][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.354681][T13370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  540.379178][T13370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  540.398961][T13370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  540.414855][T13370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.425002][T13370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.447103][T13370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.465094][T13370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.493893][T13511] netlink: 'syz.3.3164': attribute type 10 has an invalid length.
[  540.799356][T13511] team0: Port device geneve1 added
[  540.810162][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  540.825046][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  540.842439][T13515] netlink: 'syz.4.3166': attribute type 10 has an invalid length.
[  540.853147][T13519] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3168'.
[  540.873474][ T4276] Bluetooth: hci5: command 0x040f tx timeout
[  541.097512][T13528] FAULT_INJECTION: forcing a failure.
[  541.097512][T13528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  541.135871][T10516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  541.175488][T13528] CPU: 1 PID: 13528 Comm: syz.1.3171 Not tainted syzkaller #0
[  541.183026][T13528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  541.193089][T13528] Call Trace:
[  541.196383][T13528]  <TASK>
[  541.199323][T13528]  dump_stack_lvl+0x188/0x24e
[  541.204021][T13528]  ? show_regs_print_info+0x12/0x12
[  541.209235][T13528]  ? load_image+0x400/0x400
[  541.213753][T13528]  ? __lock_acquire+0x7d10/0x7d10
[  541.218798][T13528]  should_fail_ex+0x399/0x4d0
[  541.223492][T13528]  _copy_from_user+0x2c/0x170
[  541.228196][T13528]  iovec_from_user+0x143/0x360
[  541.232988][T13528]  __import_iovec+0x6d/0x500
[  541.237607][T13528]  import_iovec+0x6f/0xa0
[  541.241948][T13528]  ___sys_sendmsg+0x252/0x360
[  541.246655][T13528]  ? __sys_sendmsg+0x290/0x290
[  541.251461][T13528]  ? __lock_acquire+0x7d10/0x7d10
[  541.256533][T13528]  __se_sys_sendmsg+0x1bb/0x2a0
[  541.261406][T13528]  ? __x64_sys_sendmsg+0x80/0x80
[  541.266372][T13528]  ? lockdep_hardirqs_on+0x94/0x140
[  541.271579][T13528]  do_syscall_64+0x4c/0xa0
[  541.276005][T13528]  ? clear_bhb_loop+0x60/0xb0
[  541.280690][T13528]  ? clear_bhb_loop+0x60/0xb0
[  541.285380][T13528]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  541.291285][T13528] RIP: 0033:0x7f235d39c819
[  541.295710][T13528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  541.315329][T13528] RSP: 002b:00007f235b5f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  541.323751][T13528] RAX: ffffffffffffffda RBX: 00007f235d615fa0 RCX: 00007f235d39c819
[  541.331729][T13528] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  541.339705][T13528] RBP: 00007f235b5f6090 R08: 0000000000000000 R09: 0000000000000000
[  541.347680][T13528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  541.355677][T13528] R13: 00007f235d616038 R14: 00007f235d615fa0 R15: 00007fff6da3bb78
[  541.363738][T13528]  </TASK>
[  541.379742][T10516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.424404][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  541.461322][ T4309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  541.473277][ T4309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.482899][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  541.497783][T13535] validate_nla: 1 callbacks suppressed
[  541.497927][T13535] netlink: 'syz.3.3174': attribute type 39 has an invalid length.
[  541.662517][T13540] netlink: 'syz.0.3102': attribute type 9 has an invalid length.
[  542.300698][T13549] netlink: 'syz.4.3181': attribute type 10 has an invalid length.
[  542.387345][T13551] netlink: 'syz.0.3180': attribute type 10 has an invalid length.
[  542.649116][T12749] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  542.659595][T12749] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  542.667943][ T4282] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  542.676785][ T4282] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  542.687592][ T4282] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  542.695076][ T4282] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  542.696621][T13551] team0: Port device geneve1 added
[  542.739104][T13553] netlink: 'syz.2.3182': attribute type 39 has an invalid length.
[  542.757140][T13555] netlink: 'syz.4.3183': attribute type 39 has an invalid length.
[  542.946264][ T4276] Bluetooth: hci5: command 0x0419 tx timeout
[  543.035969][T13563] netlink: 134056 bytes leftover after parsing attributes in process `syz.2.3184'.
[  543.192458][T13573] netlink: 'syz.4.3188': attribute type 9 has an invalid length.
[  543.336854][T13556] chnl_net:caif_netlink_parms(): no params data found
[  543.609900][T13556] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.618738][T13556] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.630751][T13556] device bridge_slave_0 entered promiscuous mode
[  543.648771][T13556] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.662288][T13556] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.664495][T13578] FAULT_INJECTION: forcing a failure.
[  543.664495][T13578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.684164][T13578] CPU: 0 PID: 13578 Comm: syz.4.3189 Not tainted syzkaller #0
[  543.691694][T13578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  543.701755][T13578] Call Trace:
[  543.705035][T13578]  <TASK>
[  543.707966][T13578]  dump_stack_lvl+0x188/0x24e
[  543.712660][T13578]  ? show_regs_print_info+0x12/0x12
[  543.717862][T13578]  ? load_image+0x400/0x400
[  543.722374][T13578]  ? __lock_acquire+0x7d10/0x7d10
[  543.727405][T13578]  should_fail_ex+0x399/0x4d0
[  543.732085][T13578]  fpu__restore_sig+0x258/0x1290
[  543.737033][T13578]  ? copy_fpstate_to_sigframe+0xd50/0xd50
[  543.742765][T13578]  ? __might_fault+0xc2/0x120
[  543.747454][T13578]  ? __might_fault+0xa6/0x120
[  543.752138][T13578]  __ia32_sys_rt_sigreturn+0x5e4/0x760
[  543.757619][T13578]  ? load_gs_index+0x130/0x130
[  543.762405][T13578]  ? lock_chain_count+0x20/0x20
[  543.767275][T13578]  ? exit_to_user_mode_loop+0xdc/0x110
[  543.772745][T13578]  ? lockdep_hardirqs_on+0x94/0x140
[  543.777961][T13578]  do_syscall_64+0x4c/0xa0
[  543.782385][T13578]  ? clear_bhb_loop+0x60/0xb0
[  543.787063][T13578]  ? clear_bhb_loop+0x60/0xb0
[  543.791748][T13578]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  543.797646][T13578] RIP: 0033:0x7f371579c819
[  543.802060][T13578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  543.821673][T13578] RSP: 002b:00007f3716645028 EFLAGS: 00000246
[  543.827748][T13578] RAX: fffffffffffffffc RBX: 00007f3715a15fa0 RCX: 00007f371579c819
[  543.835722][T13578] RDX: 0000000040010100 RSI: 0000200000000180 RDI: 0000000000000007
[  543.843699][T13578] RBP: 00007f3716645090 R08: 0000000000000000 R09: 0000000000000000
[  543.851671][T13578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.859644][T13578] R13: 00007f3715a16038 R14: 00007f3715a15fa0 R15: 00007ffc70a531f8
[  543.867629][T13578]  </TASK>
[  543.896831][T13556] device bridge_slave_1 entered promiscuous mode
[  543.960746][T13556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  544.014556][T13586] netlink: 'syz.2.3190': attribute type 21 has an invalid length.
[  544.033016][T13556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  544.131481][T13556] team0: Port device team_slave_0 added
[  544.165037][T13591] netlink: 'syz.0.3192': attribute type 4 has an invalid length.
[  544.175772][T13556] team0: Port device team_slave_1 added
[  544.211348][T13591] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3192'.
[  544.275997][T13556] batman_adv: batadv0: Adding interface: batadv_slave_0
[  544.283044][T13556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.370572][T13556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  544.404477][T13556] batman_adv: batadv0: Adding interface: batadv_slave_1
[  544.436910][T13556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.506072][T13556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  544.625174][T13556] device hsr_slave_0 entered promiscuous mode
[  544.659868][T13556] device hsr_slave_1 entered promiscuous mode
[  544.683973][T13556] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  544.711383][T13556] Cannot create hsr debugfs directory
[  544.720097][T13606] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.3196'.
[  544.785657][ T4282] Bluetooth: hci0: command 0x0409 tx timeout
[  544.800039][T13606] netlink: zone id is out of range
[  544.884888][T13606] netlink: zone id is out of range
[  544.908623][T13606] netlink: zone id is out of range
[  544.949362][T13606] netlink: zone id is out of range
[  544.965172][T13612] netlink: 'syz.2.3198': attribute type 9 has an invalid length.
[  545.286153][T13606] netlink: zone id is out of range
[  545.330481][T13606] netlink: zone id is out of range
[  545.389568][T13606] netlink: zone id is out of range
[  545.435558][T13606] netlink: zone id is out of range
[  545.535069][T13606] netlink: zone id is out of range
[  545.572452][T13606] netlink: zone id is out of range
[  545.712718][T13556] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.880128][T13556] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.952164][T13626] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3204'.
[  545.953697][T13624] FAULT_INJECTION: forcing a failure.
[  545.953697][T13624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  545.977770][T13624] CPU: 0 PID: 13624 Comm: syz.2.3203 Not tainted syzkaller #0
[  545.985276][T13624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  545.995363][T13624] Call Trace:
[  545.998661][T13624]  <TASK>
[  546.001610][T13624]  dump_stack_lvl+0x188/0x24e
[  546.006316][T13624]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  546.012503][T13624]  ? show_regs_print_info+0x12/0x12
[  546.017722][T13624]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  546.023916][T13624]  should_fail_ex+0x399/0x4d0
[  546.028604][T13624]  _copy_from_user+0x2c/0x170
[  546.033287][T13624]  ___sys_sendmsg+0x1c3/0x360
[  546.038001][T13624]  ? __sys_sendmsg+0x290/0x290
[  546.042809][T13624]  __se_sys_sendmsg+0x1bb/0x2a0
[  546.047672][T13624]  ? __x64_sys_sendmsg+0x80/0x80
[  546.052620][T13624]  ? syscall_enter_from_user_mode+0x2a/0x80
[  546.058530][T13624]  do_syscall_64+0x4c/0xa0
[  546.062963][T13624]  ? clear_bhb_loop+0x60/0xb0
[  546.067641][T13624]  ? clear_bhb_loop+0x60/0xb0
[  546.072319][T13624]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  546.078226][T13624] RIP: 0033:0x7f6aac59c819
[  546.082655][T13624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  546.102262][T13624] RSP: 002b:00007f6aad3ab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  546.110691][T13624] RAX: ffffffffffffffda RBX: 00007f6aac815fa0 RCX: 00007f6aac59c819
[  546.118688][T13624] RDX: 00000000000000fd RSI: 0000200000001840 RDI: 0000000000000006
[  546.126673][T13624] RBP: 00007f6aad3ab090 R08: 0000000000000000 R09: 0000000000000000
[  546.134643][T13624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.142616][T13624] R13: 00007f6aac816038 R14: 00007f6aac815fa0 R15: 00007ffd6be15338
[  546.150613][T13624]  </TASK>
[  546.225630][T13556] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.634269][T13556] team0: Port device netdevsim0 removed
[  546.650188][T13556] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.677139][T13638] validate_nla: 3 callbacks suppressed
[  546.677161][T13638] netlink: 'syz.0.3208': attribute type 9 has an invalid length.
[  546.696453][T13637] netlink: 'syz.3.3209': attribute type 10 has an invalid length.
[  546.875493][ T4282] Bluetooth: hci0: command 0x041b tx timeout
[  546.975085][T13556] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  547.066973][T13556] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  547.169817][T13556] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  547.683815][T13556] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  547.862623][T13556] 8021q: adding VLAN 0 to HW filter on device bond0
[  547.881250][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  547.896839][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  547.908524][T13556] 8021q: adding VLAN 0 to HW filter on device team0
[  547.928544][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  547.945127][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  547.955141][ T4309] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.962359][ T4309] bridge0: port 1(bridge_slave_0) entered forwarding state
[  547.987114][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  547.997021][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  548.006559][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  548.015172][ T4309] bridge0: port 2(bridge_slave_1) entered blocking state
[  548.022348][ T4309] bridge0: port 2(bridge_slave_1) entered forwarding state
[  548.033081][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  548.053437][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  548.063296][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  548.075048][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  548.084802][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  548.133924][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  548.168333][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  548.182377][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  548.193555][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  548.203841][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  548.218516][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  548.240851][T13556] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  548.256195][T13670] netlink: 'syz.4.3221': attribute type 9 has an invalid length.
[  548.272267][T13671] netlink: 'syz.0.3218': attribute type 39 has an invalid length.
[  548.284308][T13671] device veth0_macvtap left promiscuous mode
[  548.957027][ T4282] Bluetooth: hci0: command 0x040f tx timeout
[  549.003813][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  549.018017][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  549.032978][T13556] 8021q: adding VLAN 0 to HW filter on device batadv0
[  549.057834][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  549.090447][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  549.112030][T13687] FAULT_INJECTION: forcing a failure.
[  549.112030][T13687] name failslab, interval 1, probability 0, space 0, times 0
[  549.130901][T13687] CPU: 0 PID: 13687 Comm: syz.4.3226 Not tainted syzkaller #0
[  549.138429][T13687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  549.148513][T13687] Call Trace:
[  549.151814][T13687]  <TASK>
[  549.154758][T13687]  dump_stack_lvl+0x188/0x24e
[  549.159475][T13687]  ? show_regs_print_info+0x12/0x12
[  549.164710][T13687]  ? load_image+0x400/0x400
[  549.169281][T13687]  ? kasan_set_track+0x60/0x70
[  549.174094][T13687]  ? __alloc_skb+0x22a/0x7e0
[  549.178720][T13687]  ? verify_lock_unused+0x140/0x140
[  549.184033][T13687]  ? netlink_rcv_skb+0x1fb/0x450
[  549.189000][T13687]  ? netlink_sendmsg+0x8ad/0xbd0
[  549.193986][T13687]  ? ____sys_sendmsg+0x5be/0x970
[  549.198953][T13687]  ? ___sys_sendmsg+0x2a2/0x360
[  549.203828][T13687]  ? __se_sys_sendmsg+0x1bb/0x2a0
[  549.208869][T13687]  ? do_syscall_64+0x4c/0xa0
[  549.213470][T13687]  should_fail_ex+0x399/0x4d0
[  549.218154][T13687]  should_failslab+0x5/0x20
[  549.222654][T13687]  slab_pre_alloc_hook+0x59/0x310
[  549.227682][T13687]  kmem_cache_alloc+0x56/0x2f0
[  549.232445][T13687]  ? skb_clone+0x1e7/0x370
[  549.236874][T13687]  skb_clone+0x1e7/0x370
[  549.241130][T13687]  __netlink_deliver_tap+0x3ed/0x800
[  549.246432][T13687]  ? netlink_deliver_tap+0x2e/0x1b0
[  549.252070][T13687]  netlink_deliver_tap+0x19c/0x1b0
[  549.257187][T13687]  __netlink_sendskb+0x4b/0x90
[  549.261957][T13687]  netlink_dump+0x957/0xd00
[  549.266473][T13687]  ? netlink_lookup+0x200/0x200
[  549.271337][T13687]  ? netlink_lookup+0x30/0x200
[  549.276105][T13687]  ? netlink_lookup+0x30/0x200
[  549.280887][T13687]  __netlink_dump_start+0x537/0x6f0
[  549.286099][T13687]  rtnetlink_rcv_msg+0xe63/0xfc0
[  549.291051][T13687]  ? vxlan_fill_vni_filter_entry+0x12b0/0x12b0
[  549.297214][T13687]  ? rtnetlink_bind+0x80/0x80
[  549.301895][T13687]  ? __local_bh_enable_ip+0x136/0x1c0
[  549.307268][T13687]  ? lockdep_hardirqs_on+0x94/0x140
[  549.312471][T13687]  ? __local_bh_enable_ip+0x136/0x1c0
[  549.317846][T13687]  ? _local_bh_enable+0xa0/0xa0
[  549.322700][T13687]  ? __dev_queue_xmit+0x26b/0x37c0
[  549.327810][T13687]  ? __dev_queue_xmit+0x26b/0x37c0
[  549.332926][T13687]  ? __dev_queue_xmit+0x1cd2/0x37c0
[  549.338132][T13687]  ? __dev_queue_xmit+0x26b/0x37c0
[  549.343257][T13687]  ? ref_tracker_free+0x68c/0x840
[  549.348291][T13687]  ? __copy_skb_header+0x3ba/0x4f0
[  549.353419][T13687]  ? refcount_inc+0x70/0x70
[  549.357929][T13687]  ? memcpy+0x3c/0x60
[  549.361910][T13687]  ? vxlan_fill_vni_filter_entry+0x12b0/0x12b0
[  549.368070][T13687]  ? __skb_clone+0x480/0x790
[  549.372667][T13687]  netlink_rcv_skb+0x1fb/0x450
[  549.377441][T13687]  ? rtnetlink_bind+0x80/0x80
[  549.382135][T13687]  ? netlink_ack+0x1170/0x1170
[  549.386919][T13687]  ? netlink_deliver_tap+0x2e/0x1b0
[  549.392126][T13687]  netlink_unicast+0x74d/0x8d0
[  549.396904][T13687]  netlink_sendmsg+0x8ad/0xbd0
[  549.401679][T13687]  ? netlink_getsockopt+0x550/0x550
[  549.406902][T13687]  ? aa_sock_msg_perm+0x94/0x150
[  549.411853][T13687]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  549.417145][T13687]  ? security_socket_sendmsg+0x7c/0xa0
[  549.422615][T13687]  ? netlink_getsockopt+0x550/0x550
[  549.427816][T13687]  ____sys_sendmsg+0x5be/0x970
[  549.432593][T13687]  ? __sys_sendmsg_sock+0x30/0x30
[  549.437628][T13687]  ? __import_iovec+0x315/0x500
[  549.442486][T13687]  ? import_iovec+0x6f/0xa0
[  549.446992][T13687]  ___sys_sendmsg+0x2a2/0x360
[  549.451708][T13687]  ? __sys_sendmsg+0x290/0x290
[  549.456502][T13687]  ? __lock_acquire+0x7d10/0x7d10
[  549.461559][T13687]  __se_sys_sendmsg+0x1bb/0x2a0
[  549.466421][T13687]  ? __x64_sys_sendmsg+0x80/0x80
[  549.471374][T13687]  ? lockdep_hardirqs_on+0x94/0x140
[  549.476572][T13687]  do_syscall_64+0x4c/0xa0
[  549.480989][T13687]  ? clear_bhb_loop+0x60/0xb0
[  549.485662][T13687]  ? clear_bhb_loop+0x60/0xb0
[  549.490340][T13687]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  549.496235][T13687] RIP: 0033:0x7f371579c819
[  549.500649][T13687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  549.520256][T13687] RSP: 002b:00007f3716645028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.528674][T13687] RAX: ffffffffffffffda RBX: 00007f3715a15fa0 RCX: 00007f371579c819
[  549.536660][T13687] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  549.544627][T13687] RBP: 00007f3716645090 R08: 0000000000000000 R09: 0000000000000000
[  549.552593][T13687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.560559][T13687] R13: 00007f3715a16038 R14: 00007f3715a15fa0 R15: 00007ffc70a531f8
[  549.568539][T13687]  </TASK>
[  549.627951][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  549.648977][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  549.692991][T13556] device veth0_vlan entered promiscuous mode
[  549.710060][T13690] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3227'.
[  549.766463][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  549.803155][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  549.831524][T13695] FAULT_INJECTION: forcing a failure.
[  549.831524][T13695] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  549.869600][T13556] device veth1_vlan entered promiscuous mode
[  549.903817][T13695] CPU: 1 PID: 13695 Comm: syz.2.3229 Not tainted syzkaller #0
[  549.911350][T13695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  549.921435][T13695] Call Trace:
[  549.924733][T13695]  <TASK>
[  549.927684][T13695]  dump_stack_lvl+0x188/0x24e
[  549.932400][T13695]  ? show_regs_print_info+0x12/0x12
[  549.937632][T13695]  ? load_image+0x400/0x400
[  549.942148][T13695]  ? __lock_acquire+0x7d10/0x7d10
[  549.942182][T13695]  ? snprintf+0xe5/0x140
[  549.942201][T13695]  should_fail_ex+0x399/0x4d0
[  549.956285][T13695]  _copy_to_user+0x2c/0x130
[  549.960812][T13695]  simple_read_from_buffer+0xe3/0x150
[  549.966194][T13695]  proc_fail_nth_read+0x1a6/0x220
[  549.971228][T13695]  ? proc_fault_inject_write+0x310/0x310
[  549.976873][T13695]  ? fsnotify_perm+0x248/0x550
[  549.981642][T13695]  ? proc_fault_inject_write+0x310/0x310
[  549.987282][T13695]  vfs_read+0x2de/0xa00
[  549.991455][T13695]  ? kernel_read+0x1e0/0x1e0
[  549.996050][T13695]  ? __fget_files+0x28/0x4b0
[  550.000644][T13695]  ? __fget_files+0x28/0x4b0
[  550.005240][T13695]  ? __fget_files+0x43d/0x4b0
[  550.009939][T13695]  ? __fdget_pos+0x2ae/0x360
[  550.014556][T13695]  ? ksys_read+0x71/0x250
[  550.018900][T13695]  ksys_read+0x14c/0x250
[  550.023148][T13695]  ? vfs_write+0xa30/0xa30
[  550.027572][T13695]  ? lockdep_hardirqs_on+0x94/0x140
[  550.032779][T13695]  do_syscall_64+0x4c/0xa0
[  550.037202][T13695]  ? clear_bhb_loop+0x60/0xb0
[  550.041884][T13695]  ? clear_bhb_loop+0x60/0xb0
[  550.046568][T13695]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  550.052468][T13695] RIP: 0033:0x7f6aac55d04e
[  550.056886][T13695] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  550.076508][T13695] RSP: 002b:00007f6aad3aafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  550.084922][T13695] RAX: ffffffffffffffda RBX: 00007f6aad3ab6c0 RCX: 00007f6aac55d04e
[  550.092908][T13695] RDX: 000000000000000f RSI: 00007f6aad3ab0a0 RDI: 0000000000000007
[  550.100877][T13695] RBP: 00007f6aad3ab090 R08: 0000000000000000 R09: 0000000000000000
[  550.108848][T13695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  550.116833][T13695] R13: 00007f6aac816038 R14: 00007f6aac815fa0 R15: 00007ffd6be15338
[  550.124820][T13695]  </TASK>
[  550.140755][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  550.166146][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  550.187724][T13698] netlink: 'syz.3.3230': attribute type 4 has an invalid length.
[  550.196943][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  550.207692][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  550.216172][T13698] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3230'.
[  550.229806][T13556] device veth0_macvtap entered promiscuous mode
[  550.248845][T13556] device veth1_macvtap entered promiscuous mode
[  550.277462][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.288609][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.298848][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.334168][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.370627][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.384260][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.399609][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.410489][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.438165][T13556] batman_adv: batadv0: Interface activated: batadv_slave_0
[  550.462236][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  550.482856][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  550.504359][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  550.514942][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  550.533252][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.550408][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.560995][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.574774][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.594058][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.615871][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.647328][T13556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.682737][T13556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.729195][T13556] batman_adv: batadv0: Interface activated: batadv_slave_1
[  550.756802][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  550.784040][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  550.852477][T13556] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  550.882608][T13556] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  550.925371][T13556] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  550.972877][T13556] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  551.027011][ T4282] Bluetooth: hci0: command 0x0419 tx timeout
[  551.252484][T13714] netlink: 'syz.4.3237': attribute type 10 has an invalid length.
[  551.310015][ T4325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  551.341691][ T4325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.374348][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  551.402832][ T4325] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  551.413824][ T4325] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.444931][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  551.641392][T13720] netlink: 'syz.3.3239': attribute type 39 has an invalid length.
[  552.364762][T13736] netlink: 'syz.3.3244': attribute type 4 has an invalid length.
[  552.420778][T13736] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3244'.
[  553.351483][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  553.364179][ T4282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  553.373222][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  553.383054][ T4282] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  553.391274][ T4282] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  553.398941][ T4282] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  553.572770][T13753] netlink: 'syz.1.3251': attribute type 10 has an invalid length.
[  553.942851][T13753] team0: Port device geneve1 added
[  553.965847][T13755] netlink: 'syz.4.3253': attribute type 39 has an invalid length.
[  554.332599][T13772] netlink: 'syz.1.3258': attribute type 4 has an invalid length.
[  554.359481][T13772] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3258'.
[  554.570656][T13750] chnl_net:caif_netlink_parms(): no params data found
[  554.602476][T13780] netlink: 'syz.1.3262': attribute type 2 has an invalid length.
[  554.687328][T13780] netlink: 'syz.1.3262': attribute type 8 has an invalid length.
[  554.753266][T13780] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3262'.
[  555.077842][T13750] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.115985][T13750] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.167560][T13750] device bridge_slave_0 entered promiscuous mode
[  555.196526][T13795] FAULT_INJECTION: forcing a failure.
[  555.196526][T13795] name failslab, interval 1, probability 0, space 0, times 0
[  555.234703][T13795] CPU: 1 PID: 13795 Comm: syz.0.3266 Not tainted syzkaller #0
[  555.242245][T13795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  555.252333][T13795] Call Trace:
[  555.255668][T13795]  <TASK>
[  555.258682][T13795]  dump_stack_lvl+0x188/0x24e
[  555.263402][T13795]  ? show_regs_print_info+0x12/0x12
[  555.268645][T13795]  ? load_image+0x400/0x400
[  555.273193][T13795]  ? __might_sleep+0xd0/0xd0
[  555.277825][T13795]  ? __lock_acquire+0x7d10/0x7d10
[  555.282908][T13795]  should_fail_ex+0x399/0x4d0
[  555.287639][T13795]  should_failslab+0x5/0x20
[  555.292176][T13795]  slab_pre_alloc_hook+0x59/0x310
[  555.297230][T13795]  ? mutex_lock_nested+0x10/0x10
[  555.302204][T13795]  ? bpf_xdp_link_attach+0x147/0x490
[  555.307526][T13795]  __kmem_cache_alloc_node+0x4f/0x260
[  555.312937][T13795]  ? bpf_xdp_link_attach+0x147/0x490
[  555.318281][T13795]  kmalloc_trace+0x26/0xe0
[  555.322749][T13795]  bpf_xdp_link_attach+0x147/0x490
[  555.327923][T13795]  ? dev_xdp_prog+0x100/0x100
[  555.332670][T13795]  link_create+0x648/0xa20
[  555.337229][T13795]  __sys_bpf+0x6cb/0x780
[  555.341518][T13795]  ? bpf_link_show_fdinfo+0x380/0x380
[  555.346954][T13795]  ? lock_chain_count+0x20/0x20
[  555.351860][T13795]  __x64_sys_bpf+0x78/0x90
[  555.356320][T13795]  do_syscall_64+0x4c/0xa0
[  555.360760][T13795]  ? clear_bhb_loop+0x60/0xb0
[  555.365446][T13795]  ? clear_bhb_loop+0x60/0xb0
[  555.370133][T13795]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  555.376029][T13795] RIP: 0033:0x7f3040f9c819
[  555.380447][T13795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  555.400074][T13795] RSP: 002b:00007f3041f1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  555.408498][T13795] RAX: ffffffffffffffda RBX: 00007f3041215fa0 RCX: 00007f3040f9c819
[  555.416472][T13795] RDX: 0000000000000040 RSI: 0000200000000240 RDI: 000000000000001c
[  555.424547][T13795] RBP: 00007f3041f1a090 R08: 0000000000000000 R09: 0000000000000000
[  555.432540][T13795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  555.440515][T13795] R13: 00007f3041216038 R14: 00007f3041215fa0 R15: 00007ffe5e0aab78
[  555.448509][T13795]  </TASK>
[  555.455095][T13750] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.472759][T13750] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.505515][T13750] device bridge_slave_1 entered promiscuous mode
[  555.507412][ T4276] Bluetooth: hci2: command 0x0409 tx timeout
[  555.668770][T13750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.731891][T13750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.934561][T13750] team0: Port device team_slave_0 added
[  555.971086][T13750] team0: Port device team_slave_1 added
[  556.083505][T13750] batman_adv: batadv0: Adding interface: batadv_slave_0
[  556.094969][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.128034][T13750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  556.204485][T13750] batman_adv: batadv0: Adding interface: batadv_slave_1
[  556.226923][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.325403][T13750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  556.344686][T13812] netlink: 'syz.4.3271': attribute type 4 has an invalid length.
[  556.369992][T13812] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3271'.
[  556.435408][T13750] device hsr_slave_0 entered promiscuous mode
[  556.442648][T13750] device hsr_slave_1 entered promiscuous mode
[  556.449703][T13750] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  556.457543][T13750] Cannot create hsr debugfs directory
[  556.645855][T13811] can: request_module (can-proto-0) failed.
[  556.814899][T13818] netlink: 'syz.4.3273': attribute type 2 has an invalid length.
[  556.833743][T13818] netlink: 199848 bytes leftover after parsing attributes in process `syz.4.3273'.
[  557.625613][ T4276] Bluetooth: hci2: command 0x041b tx timeout
[  558.156696][ T4325] wlan1: Trigger new scan to find an IBSS to join
[  558.163834][ T4325] wlan1: Trigger new scan to find an IBSS to join
[  558.492157][T13750] team0: Port device netdevsim0 removed
[  558.973125][T13840] netlink: 'syz.4.3283': attribute type 4 has an invalid length.
[  559.002581][T13840] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3283'.
[  559.675346][ T4276] Bluetooth: hci2: command 0x040f tx timeout
[  559.893125][T13849] can: request_module (can-proto-0) failed.
[  560.208697][T13750] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  560.825929][T13750] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  560.857454][T13866] netlink: 'syz.4.3292': attribute type 27 has an invalid length.
[  561.018775][T13866] bond0: (slave bond_slave_0): Releasing backup interface
[  561.202411][T13873] netlink: 'syz.3.3294': attribute type 4 has an invalid length.
[  561.236221][T13750] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  561.243741][T13873] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3294'.
[  561.289288][T13750] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  561.528678][T13750] 8021q: adding VLAN 0 to HW filter on device bond0
[  561.596188][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  561.606007][T10516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  561.627900][T13750] 8021q: adding VLAN 0 to HW filter on device team0
[  561.677604][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  561.687779][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  561.716627][ T4309] bridge0: port 1(bridge_slave_0) entered blocking state
[  561.723819][ T4309] bridge0: port 1(bridge_slave_0) entered forwarding state
[  561.745327][ T4276] Bluetooth: hci2: command 0x0419 tx timeout
[  561.857181][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  561.884281][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  561.933651][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  561.970466][ T4309] bridge0: port 2(bridge_slave_1) entered blocking state
[  561.977752][ T4309] bridge0: port 2(bridge_slave_1) entered forwarding state
[  562.033410][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  562.066520][ T5052] wlan1: Trigger new scan to find an IBSS to join
[  562.077363][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  562.144633][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  562.157035][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  562.177065][   T71] wlan1: Trigger new scan to find an IBSS to join
[  562.207393][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  562.246803][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  562.298584][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  562.336582][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  562.386360][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  562.427720][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  562.478312][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  562.518679][T13750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  563.082058][ T4325] wlan1: Creating new IBSS network, BSSID 9a:e0:74:f7:aa:b0
[  563.257694][T13903] netlink: 'syz.4.3306': attribute type 4 has an invalid length.
[  563.305563][T13903] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3306'.
[  563.393695][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  563.409456][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  563.451685][T13750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  563.567105][ T4325] wlan1: Creating new IBSS network, BSSID 26:c1:89:51:d6:8f
[  563.591887][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  563.618806][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  563.833908][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  563.858208][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  563.885959][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  563.915071][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  563.943830][T13750] device veth0_vlan entered promiscuous mode
[  564.010536][T13750] device veth1_vlan entered promiscuous mode
[  564.116614][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  564.136028][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  564.172883][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  564.202378][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  564.243652][T13750] device veth0_macvtap entered promiscuous mode
[  564.270758][T13750] device veth1_macvtap entered promiscuous mode
[  564.407581][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  564.441144][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  564.499262][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  564.561271][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.603242][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  564.634420][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.664852][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  564.703058][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.733252][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  564.773039][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.802209][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  564.820517][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.853364][T13750] batman_adv: batadv0: Interface activated: batadv_slave_0
[  564.882859][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  564.893031][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  564.904802][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.920971][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.931699][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.942562][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.954187][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.965139][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.995275][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  565.015358][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.025303][T13750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  565.042510][T13750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.058462][T13750] batman_adv: batadv0: Interface activated: batadv_slave_1
[  565.072335][T13915] delete_channel: no stack
[  565.075574][T13921] netlink: 'syz.3.3322': attribute type 9 has an invalid length.
[  565.096276][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  565.132472][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  565.184120][T13750] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  565.219555][T13750] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  565.264598][T13750] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  565.310982][T13750] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  565.635080][   T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  565.663659][   T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  565.735998][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  565.782564][T10513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  565.824573][T10513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  565.850576][T10513] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  565.856182][T13934] netlink: 'syz.4.3318': attribute type 4 has an invalid length.
[  565.894545][T13934] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3318'.
[  566.161495][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  566.167912][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  566.723716][T13953] netlink: 'syz.2.3324': attribute type 39 has an invalid length.
[  566.816790][T13953] device veth0_macvtap left promiscuous mode
[  566.867422][T13955] netlink: 'syz.3.3325': attribute type 9 has an invalid length.
[  566.891039][T13959] netlink: 'syz.0.3327': attribute type 39 has an invalid length.
[  567.159964][T13968] netlink: 'syz.3.3331': attribute type 4 has an invalid length.
[  567.186136][T13968] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3331'.
[  567.802908][T13978] netlink: 'syz.1.3334': attribute type 10 has an invalid length.
[  567.827765][T13978] device veth0_macvtap left promiscuous mode
[  569.911693][T14000] netlink: 'syz.0.3342': attribute type 9 has an invalid length.
[  570.035144][T13999] netlink: 'syz.4.3341': attribute type 39 has an invalid length.
[  570.702563][T14013] netlink: 'syz.3.3346': attribute type 4 has an invalid length.
[  570.752401][T14013] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3346'.
[  571.506110][T14024] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3352'.
[  572.444895][T14021] delete_channel: no stack
[  573.138885][T14040] netlink: 'syz.2.3357': attribute type 39 has an invalid length.
[  573.677643][T14055] netlink: 'syz.4.3361': attribute type 4 has an invalid length.
[  573.710506][T14055] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3361'.
[  574.168678][T14058] netlink: 'syz.1.3374': attribute type 4 has an invalid length.
[  574.201863][T14058] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3374'.
[  574.363050][T14072] netlink: 'syz.3.3367': attribute type 10 has an invalid length.
[  574.757111][T14085] netlink: 'syz.1.3371': attribute type 39 has an invalid length.
[  574.978852][T14057] delete_channel: no stack
[  575.339454][T14094] netlink: 'syz.4.3378': attribute type 2 has an invalid length.
[  575.366927][T14094] netlink: 199848 bytes leftover after parsing attributes in process `syz.4.3378'.
[  576.154992][T14107] netlink: 'syz.0.3383': attribute type 10 has an invalid length.
[  576.258113][T14109] netlink: 'syz.4.3384': attribute type 3 has an invalid length.
[  576.298810][T14109] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.3384'.
[  576.467882][T14116] netlink: 'syz.3.3386': attribute type 39 has an invalid length.
[  577.207484][T14137] netlink: 'syz.2.3395': attribute type 2 has an invalid length.
[  577.258349][T14137] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.3395'.
[  578.348066][T14156] netlink: 'syz.0.3402': attribute type 39 has an invalid length.
[  578.861629][T14161] FAULT_INJECTION: forcing a failure.
[  578.861629][T14161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  578.962488][T14161] CPU: 1 PID: 14161 Comm: syz.0.3404 Not tainted syzkaller #0
[  578.970032][T14161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  578.980142][T14161] Call Trace:
[  578.983456][T14161]  <TASK>
[  578.986415][T14161]  dump_stack_lvl+0x188/0x24e
[  578.991136][T14161]  ? show_regs_print_info+0x12/0x12
[  578.996366][T14161]  ? load_image+0x400/0x400
[  579.000902][T14161]  ? __lock_acquire+0x7d10/0x7d10
[  579.005961][T14161]  should_fail_ex+0x399/0x4d0
[  579.010675][T14161]  _copy_from_user+0x2c/0x170
[  579.015384][T14161]  iovec_from_user+0x143/0x360
[  579.020182][T14161]  __import_iovec+0x6d/0x500
[  579.024808][T14161]  import_iovec+0x6f/0xa0
[  579.029176][T14161]  ___sys_sendmsg+0x252/0x360
[  579.033887][T14161]  ? __sys_sendmsg+0x290/0x290
[  579.038706][T14161]  ? __lock_acquire+0x7d10/0x7d10
[  579.043786][T14161]  __se_sys_sendmsg+0x1bb/0x2a0
[  579.048676][T14161]  ? __x64_sys_sendmsg+0x80/0x80
[  579.053656][T14161]  ? lockdep_hardirqs_on+0x94/0x140
[  579.058880][T14161]  do_syscall_64+0x4c/0xa0
[  579.063328][T14161]  ? clear_bhb_loop+0x60/0xb0
[  579.068034][T14161]  ? clear_bhb_loop+0x60/0xb0
[  579.072748][T14161]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  579.078676][T14161] RIP: 0033:0x7f3040f9c819
[  579.083141][T14161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  579.102768][T14161] RSP: 002b:00007f3041f1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  579.111215][T14161] RAX: ffffffffffffffda RBX: 00007f3041215fa0 RCX: 00007f3040f9c819
[  579.119224][T14161] RDX: 0000000000000000 RSI: 0000200000002080 RDI: 000000000000000b
[  579.127223][T14161] RBP: 00007f3041f1a090 R08: 0000000000000000 R09: 0000000000000000
[  579.135222][T14161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.143224][T14161] R13: 00007f3041216038 R14: 00007f3041215fa0 R15: 00007ffe5e0aab78
[  579.151239][T14161]  </TASK>
[  579.194591][T14173] netlink: 196 bytes leftover after parsing attributes in process `syz.1.3406'.
[  579.552834][T14182] netlink: 'syz.2.3411': attribute type 2 has an invalid length.
[  579.560787][T14182] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.3411'.
[  581.003188][T14206] netlink: 'syz.4.3422': attribute type 10 has an invalid length.
[  581.247349][T14217] netlink: 212908 bytes leftover after parsing attributes in process `syz.4.3427'.
[  581.300897][T14217] net_ratelimit: 6 callbacks suppressed
[  581.301014][T14217] netlink: zone id is out of range
[  582.076123][ T4325] wlan1: Trigger new scan to find an IBSS to join
[  582.669410][T14241] FAULT_INJECTION: forcing a failure.
[  582.669410][T14241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  582.716611][T14241] CPU: 1 PID: 14241 Comm: syz.3.3435 Not tainted syzkaller #0
[  582.724146][T14241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  582.734231][T14241] Call Trace:
[  582.737537][T14241]  <TASK>
[  582.740478][T14241]  dump_stack_lvl+0x188/0x24e
[  582.745188][T14241]  ? show_regs_print_info+0x12/0x12
[  582.750418][T14241]  ? load_image+0x400/0x400
[  582.754955][T14241]  ? __lock_acquire+0x7d10/0x7d10
[  582.760020][T14241]  ? perf_trace_lock_acquire+0x100/0x3e0
[  582.765694][T14241]  should_fail_ex+0x399/0x4d0
[  582.770399][T14241]  _copy_from_user+0x2c/0x170
[  582.775108][T14241]  ___sys_sendmsg+0x1c3/0x360
[  582.779826][T14241]  ? __sys_sendmsg+0x290/0x290
[  582.784643][T14241]  ? __lock_acquire+0x7d10/0x7d10
[  582.789741][T14241]  __se_sys_sendmsg+0x1bb/0x2a0
[  582.794638][T14241]  ? __x64_sys_sendmsg+0x80/0x80
[  582.799640][T14241]  ? lockdep_hardirqs_on+0x94/0x140
[  582.804890][T14241]  do_syscall_64+0x4c/0xa0
[  582.809348][T14241]  ? clear_bhb_loop+0x60/0xb0
[  582.814045][T14241]  ? clear_bhb_loop+0x60/0xb0
[  582.818734][T14241]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  582.824630][T14241] RIP: 0033:0x7f2fc8f9c819
[  582.829050][T14241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  582.848666][T14241] RSP: 002b:00007f2fc71d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  582.857083][T14241] RAX: ffffffffffffffda RBX: 00007f2fc9216090 RCX: 00007f2fc8f9c819
[  582.865060][T14241] RDX: 0900000000000000 RSI: 0000200000000500 RDI: 0000000000000005
[  582.873048][T14241] RBP: 00007f2fc71d5090 R08: 0000000000000000 R09: 0000000000000000
[  582.881040][T14241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.889013][T14241] R13: 00007f2fc9216128 R14: 00007f2fc9216090 R15: 00007ffce7302398
[  582.897007][T14241]  </TASK>
[  583.109072][ T4325] wlan1: Trigger new scan to find an IBSS to join
[  583.116713][T10513] wlan1: Trigger new scan to find an IBSS to join
[  583.418997][T14256] netlink: 'syz.3.3442': attribute type 49 has an invalid length.
[  583.463899][T14257] netlink: 'syz.1.3441': attribute type 46 has an invalid length.
[  583.481730][T14257] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3441'.
[  583.508394][T14259] netlink: 'syz.2.3443': attribute type 3 has an invalid length.
[  583.527406][T14259] netlink: 163968 bytes leftover after parsing attributes in process `syz.2.3443'.
[  585.106194][   T71] wlan1: Trigger new scan to find an IBSS to join
[  586.161134][T10520] wlan1: Trigger new scan to find an IBSS to join
[  586.171070][ T4309] wlan1: Trigger new scan to find an IBSS to join
[  586.195995][T14319] netlink: 'syz.0.3466': attribute type 46 has an invalid length.
[  586.222005][T14319] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3466'.
[  587.108292][ T4309] wlan1: Trigger new scan to find an IBSS to join
[  588.099069][T10513] wlan1: Creating new IBSS network, BSSID 6a:39:7d:2e:2b:95
[  588.126602][T14355] netlink: 'syz.3.3483': attribute type 15 has an invalid length.
[  588.147785][T10520] wlan1: Trigger new scan to find an IBSS to join
[  588.906531][T14371] netlink: 'syz.4.3490': attribute type 46 has an invalid length.
[  588.945428][T14371] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3490'.
[  589.106157][T10516] wlan1: Trigger new scan to find an IBSS to join
[  589.107101][ T4309] wlan1: Creating new IBSS network, BSSID 46:a4:d2:6b:ff:97
[  589.513199][T10520] wlan1: Creating new IBSS network, BSSID 9e:99:25:5b:5f:28
[  590.099779][ T4325] wlan1: Creating new IBSS network, BSSID 6e:d8:67:09:0b:09
[  593.006460][T14426] netlink: 'syz.3.3511': attribute type 46 has an invalid length.
[  593.021365][T14426] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3511'.
[  593.109690][T14429] netlink: 'syz.3.3511': attribute type 29 has an invalid length.
[  593.429969][T14429] netlink: 'syz.3.3511': attribute type 29 has an invalid length.
[  593.456633][T14430] netlink: 'syz.3.3511': attribute type 29 has an invalid length.
[  595.890753][T14467] netlink: 'syz.2.3529': attribute type 39 has an invalid length.
[  595.984134][T14471] netlink: 'syz.2.3529': attribute type 4 has an invalid length.
[  596.013623][T14471] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3529'.
[  596.213483][T14475] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3531'.
[  597.045030][ T4325] device hsr_slave_0 left promiscuous mode
[  597.054365][ T4325] device hsr_slave_1 left promiscuous mode
[  597.186268][ T4325] device veth1_vlan left promiscuous mode
[  597.193537][ T4325] device veth0_vlan left promiscuous mode
[  598.272597][ T4325] team0 (unregistering): Port device geneve1 removed
[  599.334255][T14510] netlink: 'syz.1.3545': attribute type 4 has an invalid length.
[  599.351210][T14510] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3545'.
[  599.482112][ T4325] team0 (unregistering): Port device macvlan0 removed
[  599.616358][T14517] netlink: 'syz.4.3547': attribute type 29 has an invalid length.
[  600.160332][ T4325] team0 (unregistering): Port device team_slave_1 removed
[  600.265608][ T4325] team0 (unregistering): Port device team_slave_0 removed
[  600.346477][ T4325] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  600.937485][ T4325] team0 (unregistering): Port device dummy0 removed
[  600.992873][ T4325] team0 (unregistering): Port device bond0 removed
[  601.068014][ T4325] bond0 (unregistering): Released all slaves
[  601.193865][T14509] netlink: 'syz.1.3545': attribute type 39 has an invalid length.
[  601.401096][T14514] netlink: 'syz.4.3547': attribute type 46 has an invalid length.
[  601.452787][T14514] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3547'.
[  601.513709][T14517] netlink: 'syz.4.3547': attribute type 29 has an invalid length.
[  601.552976][T14518] netlink: 'syz.3.3548': attribute type 46 has an invalid length.
[  601.574500][T14518] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3548'.
[  601.598658][T14523] netlink: 'syz.2.3549': attribute type 10 has an invalid length.
[  602.160843][T14523] team0: Port device geneve1 added
[  602.677297][T14538] netlink: 'syz.0.3554': attribute type 2 has an invalid length.
[  602.725426][T14538] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.3554'.
[  602.813131][T14546] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.3556'.
[  602.893088][T14546] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[  603.779130][ T4325] device 0 left promiscuous mode
[  603.907538][ T4325] device 0 left promiscuous mode
[  603.944232][T14560] netlink: 'syz.2.3562': attribute type 46 has an invalid length.
[  603.952454][T14560] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3562'.
[  604.061345][T14563] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3563'.
[  605.910926][T14591] netlink: 'syz.3.3574': attribute type 2 has an invalid length.
[  606.008159][T14591] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.3574'.
[  607.644502][T14608] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3575'.
[  607.764490][T14608] team0: Port device team_slave_0 removed
[  607.771918][T14608] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  607.789933][T14613] netlink: 'syz.0.3579': attribute type 39 has an invalid length.
[  610.131419][ T4325] bond0: (slave wlan1): Releasing backup interface
[  610.186466][T14638] netlink: 'syz.0.3589': attribute type 39 has an invalid length.
[  610.782022][T14644] netlink: 'syz.1.3591': attribute type 39 has an invalid length.
[  610.924568][ T4325] device hsr_slave_0 left promiscuous mode
[  610.985949][ T4325] device hsr_slave_1 left promiscuous mode
[  610.996202][ T4325] device veth1_to_hsr left promiscuous mode
[  611.002432][ T4325] bridge0: port 3(veth1_to_hsr) entered disabled state
[  611.051571][ T4325] device bridge_slave_1 left promiscuous mode
[  611.086069][ T4325] bridge0: port 2(bridge_slave_1) entered disabled state
[  611.156551][ T4325] device bridge_slave_0 left promiscuous mode
[  611.163487][ T4325] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.257973][ T4325] device veth1_macvtap left promiscuous mode
[  611.270800][ T4325] device veth1_vlan left promiscuous mode
[  611.289278][ T4325] device veth0_vlan left promiscuous mode
[  612.187303][ T4325] team0 (unregistering): Port device geneve1 removed
[  612.243674][ T4325] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  613.274224][ T4325] team0 (unregistering): Port device macvlan0 removed
[  613.792625][ T4325] team0 (unregistering): Port device team_slave_1 removed
[  613.881391][ T4325] team0 (unregistering): Port device team_slave_0 removed
[  613.983743][ T4325] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  614.042942][ T4325] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  614.400352][ T4325] team0 (unregistering): Port device bond0 removed
[  614.439296][ T4325] bond0 (unregistering): Released all slaves
[  614.611885][T14654] FAULT_INJECTION: forcing a failure.
[  614.611885][T14654] name failslab, interval 1, probability 0, space 0, times 0
[  614.635336][T14654] CPU: 0 PID: 14654 Comm: syz.4.3595 Not tainted syzkaller #0
[  614.642872][T14654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  614.652956][T14654] Call Trace:
[  614.656241][T14654]  <TASK>
[  614.659162][T14654]  dump_stack_lvl+0x188/0x24e
[  614.663843][T14654]  ? show_regs_print_info+0x12/0x12
[  614.669054][T14654]  ? load_image+0x400/0x400
[  614.673602][T14654]  ? __cfg80211_wext_siwfreq+0x69f/0x7d0
[  614.679282][T14654]  should_fail_ex+0x399/0x4d0
[  614.683987][T14654]  should_failslab+0x5/0x20
[  614.688508][T14654]  slab_pre_alloc_hook+0x59/0x310
[  614.693563][T14654]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  614.699237][T14654]  kmem_cache_alloc_node+0x5a/0x320
[  614.704456][T14654]  ? __alloc_skb+0xfc/0x7e0
[  614.708993][T14654]  __alloc_skb+0xfc/0x7e0
[  614.713352][T14654]  wireless_send_event+0x2d2/0xbf0
[  614.718502][T14654]  ? __cfg80211_wext_siwfreq+0x69f/0x7d0
[  614.724167][T14654]  ? wireless_nlevent_flush+0x100/0x100
[  614.729754][T14654]  ? full_name_hash+0x8e/0xe0
[  614.734468][T14654]  ioctl_standard_call+0x15a/0x2b0
[  614.739608][T14654]  ? __cfg80211_wext_giwname+0x30/0x30
[  614.745098][T14654]  wext_ioctl_dispatch+0x3da/0x470
[  614.750241][T14654]  ? wext_ioctl_dispatch+0x470/0x470
[  614.755555][T14654]  ? iw_handler_get_private+0x1e0/0x1e0
[  614.761159][T14654]  wext_handle_ioctl+0x113/0x1d0
[  614.766130][T14654]  ? call_commit_handler+0xf0/0xf0
[  614.771288][T14654]  sock_ioctl+0x143/0x710
[  614.775648][T14654]  ? sock_poll+0x410/0x410
[  614.780107][T14654]  ? bpf_lsm_file_ioctl+0x5/0x10
[  614.785077][T14654]  ? security_file_ioctl+0x7c/0xa0
[  614.790573][T14654]  ? sock_poll+0x410/0x410
[  614.795015][T14654]  __se_sys_ioctl+0xfa/0x170
[  614.799626][T14654]  do_syscall_64+0x4c/0xa0
[  614.804066][T14654]  ? clear_bhb_loop+0x60/0xb0
[  614.808802][T14654]  ? clear_bhb_loop+0x60/0xb0
[  614.813488][T14654]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  614.819388][T14654] RIP: 0033:0x7f371579c819
[  614.823808][T14654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  614.843422][T14654] RSP: 002b:00007f3716645028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  614.851844][T14654] RAX: ffffffffffffffda RBX: 00007f3715a15fa0 RCX: 00007f371579c819
[  614.859822][T14654] RDX: 0000200000000040 RSI: 0000000000008b04 RDI: 000000000000000e
[  614.867800][T14654] RBP: 00007f3716645090 R08: 0000000000000000 R09: 0000000000000000
[  614.875771][T14654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  614.883743][T14654] R13: 00007f3715a16038 R14: 00007f3715a15fa0 R15: 00007ffc70a531f8
[  614.891733][T14654]  </TASK>
[  614.905039][T14659] netlink: 'syz.1.3597': attribute type 39 has an invalid length.
[  616.176220][T14711] netlink: 'syz.4.3616': attribute type 39 has an invalid length.
[  617.597206][T14726] netlink: 'syz.2.3623': attribute type 39 has an invalid length.
[  617.845026][T14738] netlink: 'syz.1.3636': attribute type 39 has an invalid length.
[  618.819107][T14749] FAULT_INJECTION: forcing a failure.
[  618.819107][T14749] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  618.856219][T14749] CPU: 0 PID: 14749 Comm: syz.3.3631 Not tainted syzkaller #0
[  618.863750][T14749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  618.873835][T14749] Call Trace:
[  618.877129][T14749]  <TASK>
[  618.880078][T14749]  dump_stack_lvl+0x188/0x24e
[  618.884788][T14749]  ? show_regs_print_info+0x12/0x12
[  618.890012][T14749]  ? load_image+0x400/0x400
[  618.894546][T14749]  ? __lock_acquire+0x7d10/0x7d10
[  618.899593][T14749]  should_fail_ex+0x399/0x4d0
[  618.904308][T14749]  _copy_from_user+0x2c/0x170
[  618.909012][T14749]  iovec_from_user+0x143/0x360
[  618.913794][T14749]  __import_iovec+0x6d/0x500
[  618.918396][T14749]  import_iovec+0x6f/0xa0
[  618.922737][T14749]  ___sys_sendmsg+0x252/0x360
[  618.927427][T14749]  ? __sys_sendmsg+0x290/0x290
[  618.932243][T14749]  ? ktime_get_real_ts64+0x440/0x440
[  618.937532][T14749]  ? seqcount_lockdep_reader_access+0x177/0x1d0
[  618.943797][T14749]  __se_sys_sendmsg+0x1bb/0x2a0
[  618.948659][T14749]  ? __x64_sys_sendmsg+0x80/0x80
[  618.953615][T14749]  ? lockdep_hardirqs_on+0x94/0x140
[  618.958829][T14749]  do_syscall_64+0x4c/0xa0
[  618.963259][T14749]  ? clear_bhb_loop+0x60/0xb0
[  618.967938][T14749]  ? clear_bhb_loop+0x60/0xb0
[  618.972626][T14749]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  618.978521][T14749] RIP: 0033:0x7f2fc8f9c819
[  618.982933][T14749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  619.002540][T14749] RSP: 002b:00007f2fc71f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  619.010960][T14749] RAX: ffffffffffffffda RBX: 00007f2fc9215fa0 RCX: 00007f2fc8f9c819
[  619.018932][T14749] RDX: 00000000000052cc RSI: 0000200000000040 RDI: 000000000000000c
[  619.026904][T14749] RBP: 00007f2fc71f6090 R08: 0000000000000000 R09: 0000000000000000
[  619.034879][T14749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.042866][T14749] R13: 00007f2fc9216038 R14: 00007f2fc9215fa0 R15: 00007ffce7302398
[  619.050859][T14749]  </TASK>
[  619.448176][T14765] FAULT_INJECTION: forcing a failure.
[  619.448176][T14765] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  619.489982][T14765] CPU: 1 PID: 14765 Comm: syz.4.3640 Not tainted syzkaller #0
[  619.497525][T14765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  619.507609][T14765] Call Trace:
[  619.510910][T14765]  <TASK>
[  619.513858][T14765]  dump_stack_lvl+0x188/0x24e
[  619.518571][T14765]  ? show_regs_print_info+0x12/0x12
[  619.523811][T14765]  ? load_image+0x400/0x400
[  619.528357][T14765]  ? __lock_acquire+0x7d10/0x7d10
[  619.533418][T14765]  should_fail_ex+0x399/0x4d0
[  619.538124][T14765]  _copy_from_user+0x2c/0x170
[  619.542840][T14765]  iovec_from_user+0x143/0x360
[  619.547645][T14765]  __import_iovec+0x6d/0x500
[  619.552267][T14765]  import_iovec+0x6f/0xa0
[  619.556632][T14765]  ___sys_sendmsg+0x252/0x360
[  619.561344][T14765]  ? __sys_sendmsg+0x290/0x290
[  619.566161][T14765]  ? __lock_acquire+0x7d10/0x7d10
[  619.571239][T14765]  __se_sys_sendmsg+0x1bb/0x2a0
[  619.576119][T14765]  ? ct_nmi_exit+0x145/0x1c0
[  619.580734][T14765]  ? __x64_sys_sendmsg+0x80/0x80
[  619.585724][T14765]  ? lockdep_hardirqs_on+0x94/0x140
[  619.590955][T14765]  do_syscall_64+0x4c/0xa0
[  619.595407][T14765]  ? clear_bhb_loop+0x60/0xb0
[  619.600109][T14765]  ? clear_bhb_loop+0x60/0xb0
[  619.604800][T14765]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  619.610730][T14765] RIP: 0033:0x7f371579c819
[  619.615151][T14765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  619.634760][T14765] RSP: 002b:00007f3716645028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  619.643190][T14765] RAX: ffffffffffffffda RBX: 00007f3715a15fa0 RCX: 00007f371579c819
[  619.651228][T14765] RDX: 0000000020008004 RSI: 0000200000004f80 RDI: 0000000000000003
[  619.659201][T14765] RBP: 00007f3716645090 R08: 0000000000000000 R09: 0000000000000000
[  619.667187][T14765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.675173][T14765] R13: 00007f3715a16038 R14: 00007f3715a15fa0 R15: 00007ffc70a531f8
[  619.683166][T14765]  </TASK>
[  619.766018][T14769] netlink: 'syz.3.3641': attribute type 46 has an invalid length.
[  619.815382][T14769] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3641'.
[  620.984746][T14786] netlink: 'syz.3.3647': attribute type 10 has an invalid length.
[  621.133009][T14786] team0: Port device macvlan0 added
[  621.151605][T14788] netlink: 'syz.2.3648': attribute type 10 has an invalid length.
[  621.571756][T14806] netlink: 'syz.4.3656': attribute type 39 has an invalid length.
[  621.871773][T14810] netlink: 'syz.2.3657': attribute type 46 has an invalid length.
[  621.912464][T14810] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3657'.
[  622.404840][T14822] netlink: 'syz.0.3663': attribute type 10 has an invalid length.
[  622.596565][T14822] team0: Port device macvlan0 added
[  623.020752][T14831] netlink: 'syz.0.3666': attribute type 10 has an invalid length.
[  623.061291][T14833] netlink: 144 bytes leftover after parsing attributes in process `syz.2.3667'.
[  623.439125][T14833] team0: Port device team_slave_0 removed
[  623.492275][T14833] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  625.104085][T14860] netlink: 'syz.1.3677': attribute type 46 has an invalid length.
[  625.133782][T14860] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3677'.
[  625.724928][T14866] netlink: 'syz.4.3679': attribute type 10 has an invalid length.
[  625.832596][T14867] netlink: 'syz.2.3680': attribute type 10 has an invalid length.
[  625.998546][T14867] team0: Port device macvlan0 added
[  626.390212][T14873] netlink: 'syz.1.3683': attribute type 39 has an invalid length.
[  627.729674][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  627.736222][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  628.534135][T14895] netlink: 'syz.2.3693': attribute type 46 has an invalid length.
[  628.564615][T14895] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3693'.
[  628.593968][T14893] netlink: 'syz.3.3692': attribute type 10 has an invalid length.
[  628.758757][T14902] netlink: 'syz.4.3696': attribute type 39 has an invalid length.
[  629.667447][ T4282] Bluetooth: hci4: command 0x0406 tx timeout
[  629.741201][T14926] netlink: 'syz.3.3702': attribute type 2 has an invalid length.
[  629.801131][T14926] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.3702'.
[  630.488547][T14935] netlink: 'syz.4.3707': attribute type 10 has an invalid length.
[  631.408714][T14945] netlink: 'syz.2.3710': attribute type 39 has an invalid length.
[  631.653575][T14955] netlink: 'syz.0.3714': attribute type 46 has an invalid length.
[  631.738021][T14955] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3714'.
[  632.189033][T14968] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3717'.
[  632.199446][T14968] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  632.258099][T14969] netlink: 'syz.3.3719': attribute type 15 has an invalid length.
[  632.267502][T14971] netlink: 'syz.1.3718': attribute type 10 has an invalid length.
[  632.526420][T14975] netlink: 'syz.2.3720': attribute type 2 has an invalid length.
[  632.563348][T14975] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.3720'.
[  632.589957][T14968] netlink: 'syz.4.3717': attribute type 39 has an invalid length.
[  633.172906][T14983] netlink: 'syz.4.3723': attribute type 10 has an invalid length.
[  633.231375][T14983] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  633.296206][T14987] netlink: 'syz.1.3725': attribute type 39 has an invalid length.
[  633.417379][T14991] netlink: 'syz.3.3726': attribute type 46 has an invalid length.
[  633.463355][T14991] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3726'.
[  634.415142][T15009] netlink: 'syz.1.3733': attribute type 15 has an invalid length.
[  634.992166][T15016] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3734'.
[  635.227628][T15024] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3737'.
[  635.346879][T15024] team0: Port device team_slave_0 removed
[  635.365447][T15024] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  635.568808][T15034] FAULT_INJECTION: forcing a failure.
[  635.568808][T15034] name failslab, interval 1, probability 0, space 0, times 0
[  635.626284][T15035] netlink: 22 bytes leftover after parsing attributes in process `syz.4.3741'.
[  635.657583][T15034] CPU: 1 PID: 15034 Comm: syz.2.3740 Not tainted syzkaller #0
[  635.665111][T15034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  635.675198][T15034] Call Trace:
[  635.678502][T15034]  <TASK>
[  635.681452][T15034]  dump_stack_lvl+0x188/0x24e
[  635.686182][T15034]  ? show_regs_print_info+0x12/0x12
[  635.691425][T15034]  ? load_image+0x400/0x400
[  635.695965][T15034]  ? __might_sleep+0xd0/0xd0
[  635.700590][T15034]  ? __lock_acquire+0x7d10/0x7d10
[  635.705660][T15034]  should_fail_ex+0x399/0x4d0
[  635.710378][T15034]  should_failslab+0x5/0x20
[  635.714922][T15034]  slab_pre_alloc_hook+0x59/0x310
[  635.719986][T15034]  ? iovec_from_user+0x83/0x360
[  635.724871][T15034]  __kmem_cache_alloc_node+0x4f/0x260
[  635.730268][T15034]  ? iovec_from_user+0x83/0x360
[  635.735122][T15034]  __kmalloc+0xa0/0x240
[  635.739290][T15034]  iovec_from_user+0x83/0x360
[  635.743972][T15034]  __import_iovec+0x6d/0x500
[  635.748609][T15034]  import_iovec+0x6f/0xa0
[  635.752944][T15034]  ___sys_sendmsg+0x252/0x360
[  635.757637][T15034]  ? __sys_sendmsg+0x290/0x290
[  635.762425][T15034]  ? __lock_acquire+0x7d10/0x7d10
[  635.767478][T15034]  __se_sys_sendmsg+0x1bb/0x2a0
[  635.772349][T15034]  ? ct_nmi_exit+0x145/0x1c0
[  635.776942][T15034]  ? __x64_sys_sendmsg+0x80/0x80
[  635.781900][T15034]  ? lockdep_hardirqs_on+0x94/0x140
[  635.787140][T15034]  do_syscall_64+0x4c/0xa0
[  635.791569][T15034]  ? clear_bhb_loop+0x60/0xb0
[  635.796251][T15034]  ? clear_bhb_loop+0x60/0xb0
[  635.800937][T15034]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  635.806836][T15034] RIP: 0033:0x7f80b2d9c819
[  635.811330][T15034] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  635.830951][T15034] RSP: 002b:00007f80b0fd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  635.839378][T15034] RAX: ffffffffffffffda RBX: 00007f80b3016090 RCX: 00007f80b2d9c819
[  635.847364][T15034] RDX: 00000000000012cd RSI: 0000200000000040 RDI: 0000000000000010
[  635.855343][T15034] RBP: 00007f80b0fd5090 R08: 0000000000000000 R09: 0000000000000000
[  635.863341][T15034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  635.871332][T15034] R13: 00007f80b3016128 R14: 00007f80b3016090 R15: 00007fff71671458
[  635.879323][T15034]  </TASK>
[  636.128561][T15043] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3744'.
[  637.008942][T15059] FAULT_INJECTION: forcing a failure.
[  637.008942][T15059] name failslab, interval 1, probability 0, space 0, times 0
[  637.082960][T15059] CPU: 1 PID: 15059 Comm: syz.0.3750 Not tainted syzkaller #0
[  637.090498][T15059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  637.100592][T15059] Call Trace:
[  637.103908][T15059]  <TASK>
[  637.106867][T15059]  dump_stack_lvl+0x188/0x24e
[  637.111583][T15059]  ? sctp_sendmsg+0x15b0/0x2940
[  637.116475][T15059]  ? ___sys_sendmsg+0x2a2/0x360
[  637.121359][T15059]  ? show_regs_print_info+0x12/0x12
[  637.126595][T15059]  ? load_image+0x400/0x400
[  637.131152][T15059]  should_fail_ex+0x399/0x4d0
[  637.135881][T15059]  should_failslab+0x5/0x20
[  637.140419][T15059]  slab_pre_alloc_hook+0x59/0x310
[  637.145486][T15059]  ? sctp_add_bind_addr+0x89/0x350
[  637.150626][T15059]  __kmem_cache_alloc_node+0x4f/0x260
[  637.156007][T15059]  ? sctp_add_bind_addr+0x89/0x350
[  637.161127][T15059]  kmalloc_trace+0x26/0xe0
[  637.165550][T15059]  sctp_add_bind_addr+0x89/0x350
[  637.170498][T15059]  sctp_copy_local_addr_list+0x311/0x4e0
[  637.176148][T15059]  ? sctp_copy_local_addr_list+0xa1/0x4e0
[  637.181878][T15059]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  637.187964][T15059]  ? sctp_v4_is_any+0x31/0x50
[  637.192653][T15059]  ? sctp_copy_one_addr+0x93/0x660
[  637.197776][T15059]  sctp_bind_addr_copy+0xaf/0x3c0
[  637.202812][T15059]  ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190
[  637.209152][T15059]  sctp_connect_new_asoc+0x2f5/0x6a0
[  637.214451][T15059]  ? __sctp_connect+0xd80/0xd80
[  637.219314][T15059]  ? __local_bh_enable_ip+0x136/0x1c0
[  637.224693][T15059]  ? _local_bh_enable+0xa0/0xa0
[  637.229568][T15059]  ? sctp_endpoint_lookup_assoc+0x77/0x260
[  637.235400][T15059]  ? sctp_endpoint_lookup_assoc+0x77/0x260
[  637.241244][T15059]  ? bpf_lsm_sctp_bind_connect+0x5/0x10
[  637.246804][T15059]  ? security_sctp_bind_connect+0x85/0xb0
[  637.252539][T15059]  sctp_sendmsg+0x15b0/0x2940
[  637.257233][T15059]  ? aa_sk_perm+0x741/0x950
[  637.261741][T15059]  ? sctp_getsockopt+0x8a0/0x8a0
[  637.266682][T15059]  ? __might_fault+0xa6/0x120
[  637.271361][T15059]  ? aa_af_perm+0x340/0x340
[  637.275865][T15059]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  637.282298][T15059]  ? inet_sendmsg+0x78/0x2f0
[  637.286895][T15059]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  637.292177][T15059]  ? security_socket_sendmsg+0x7c/0xa0
[  637.297640][T15059]  ? inet_send_prepare+0x260/0x260
[  637.302759][T15059]  ____sys_sendmsg+0x5be/0x970
[  637.307547][T15059]  ? __sys_sendmsg_sock+0x30/0x30
[  637.312575][T15059]  ? __import_iovec+0x315/0x500
[  637.317432][T15059]  ? import_iovec+0x6f/0xa0
[  637.322026][T15059]  ___sys_sendmsg+0x2a2/0x360
[  637.326727][T15059]  ? __sys_sendmsg+0x290/0x290
[  637.331515][T15059]  ? __lock_acquire+0x7d10/0x7d10
[  637.336564][T15059]  __se_sys_sendmsg+0x1bb/0x2a0
[  637.341417][T15059]  ? ct_nmi_exit+0x145/0x1c0
[  637.346028][T15059]  ? __x64_sys_sendmsg+0x80/0x80
[  637.351007][T15059]  ? lockdep_hardirqs_on+0x94/0x140
[  637.356217][T15059]  do_syscall_64+0x4c/0xa0
[  637.360648][T15059]  ? clear_bhb_loop+0x60/0xb0
[  637.365325][T15059]  ? clear_bhb_loop+0x60/0xb0
[  637.370004][T15059]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  637.375900][T15059] RIP: 0033:0x7f3040f9c819
[  637.380317][T15059] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  637.399940][T15059] RSP: 002b:00007f3041f1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  637.408358][T15059] RAX: ffffffffffffffda RBX: 00007f3041215fa0 RCX: 00007f3040f9c819
[  637.416336][T15059] RDX: 0000000024008051 RSI: 0000200000000140 RDI: 0000000000000003
[  637.424305][T15059] RBP: 00007f3041f1a090 R08: 0000000000000000 R09: 0000000000000000
[  637.432281][T15059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  637.440253][T15059] R13: 00007f3041216038 R14: 00007f3041215fa0 R15: 00007ffe5e0aab78
[  637.448238][T15059]  </TASK>
[  637.718497][T15063] validate_nla: 4 callbacks suppressed
[  637.718716][T15063] netlink: 'syz.4.3751': attribute type 39 has an invalid length.
[  637.742306][T15067] netlink: 'syz.3.3754': attribute type 46 has an invalid length.
[  637.765286][T15067] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3754'.
[  638.645047][T15081] netlink: 'syz.2.3759': attribute type 10 has an invalid length.
[  638.661749][T15081] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3759'.
[  639.114250][T15098] netlink: 'syz.0.3762': attribute type 2 has an invalid length.
[  639.126586][T15099] FAULT_INJECTION: forcing a failure.
[  639.126586][T15099] name failslab, interval 1, probability 0, space 0, times 0
[  639.135381][T15098] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.3762'.
[  639.146866][T15099] CPU: 1 PID: 15099 Comm: syz.2.3765 Not tainted syzkaller #0
[  639.155994][T15099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  639.166081][T15099] Call Trace:
[  639.169360][T15099]  <TASK>
[  639.172292][T15099]  dump_stack_lvl+0x188/0x24e
[  639.176980][T15099]  ? show_regs_print_info+0x12/0x12
[  639.182185][T15099]  ? load_image+0x400/0x400
[  639.186708][T15099]  ? __might_sleep+0xd0/0xd0
[  639.191302][T15099]  ? __lock_acquire+0x7d10/0x7d10
[  639.196341][T15099]  should_fail_ex+0x399/0x4d0
[  639.201026][T15099]  should_failslab+0x5/0x20
[  639.205529][T15099]  slab_pre_alloc_hook+0x59/0x310
[  639.210563][T15099]  kmem_cache_alloc_node+0x5a/0x320
[  639.215851][T15099]  ? __alloc_skb+0xfc/0x7e0
[  639.220381][T15099]  __alloc_skb+0xfc/0x7e0
[  639.224719][T15099]  ? netlink_autobind+0xda/0x300
[  639.229671][T15099]  netlink_sendmsg+0x654/0xbd0
[  639.234447][T15099]  ? netlink_getsockopt+0x550/0x550
[  639.239662][T15099]  ? aa_sock_msg_perm+0x94/0x150
[  639.244599][T15099]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  639.249900][T15099]  ? security_socket_sendmsg+0x7c/0xa0
[  639.255366][T15099]  ? netlink_getsockopt+0x550/0x550
[  639.260568][T15099]  ____sys_sendmsg+0x5be/0x970
[  639.265348][T15099]  ? __sys_sendmsg_sock+0x30/0x30
[  639.270382][T15099]  ? __import_iovec+0x315/0x500
[  639.275241][T15099]  ? import_iovec+0x6f/0xa0
[  639.279746][T15099]  ___sys_sendmsg+0x2a2/0x360
[  639.284437][T15099]  ? __sys_sendmsg+0x290/0x290
[  639.289220][T15099]  ? __lock_acquire+0x7d10/0x7d10
[  639.294265][T15099]  __se_sys_sendmsg+0x1bb/0x2a0
[  639.299122][T15099]  ? ct_nmi_exit+0x145/0x1c0
[  639.303806][T15099]  ? __x64_sys_sendmsg+0x80/0x80
[  639.308766][T15099]  ? lockdep_hardirqs_on+0x94/0x140
[  639.313968][T15099]  do_syscall_64+0x4c/0xa0
[  639.318387][T15099]  ? clear_bhb_loop+0x60/0xb0
[  639.323067][T15099]  ? clear_bhb_loop+0x60/0xb0
[  639.327802][T15099]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  639.333701][T15099] RIP: 0033:0x7f80b2d9c819
[  639.338116][T15099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  639.357730][T15099] RSP: 002b:00007f80b0fd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  639.366144][T15099] RAX: ffffffffffffffda RBX: 00007f80b3016090 RCX: 00007f80b2d9c819
[  639.374119][T15099] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  639.382092][T15099] RBP: 00007f80b0fd5090 R08: 0000000000000000 R09: 0000000000000000
[  639.390067][T15099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.398040][T15099] R13: 00007f80b3016128 R14: 00007f80b3016090 R15: 00007fff71671458
[  639.406032][T15099]  </TASK>
[  639.435727][T15097] netlink: 'syz.1.3764': attribute type 46 has an invalid length.
[  639.443737][T15097] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3764'.
[  639.781559][T15105] netlink: 'syz.2.3767': attribute type 21 has an invalid length.
[  639.814245][T15105] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3767'.
[  639.866415][T15105] netlink: 'syz.2.3767': attribute type 4 has an invalid length.
[  639.874226][T15105] netlink: 'syz.2.3767': attribute type 3 has an invalid length.
[  639.905718][ T4276] Bluetooth: hci3: command 0x0406 tx timeout
[  639.929800][T15105] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3767'.
[  640.630822][T15110] netlink: 'syz.3.3766': attribute type 39 has an invalid length.
[  640.804663][T15117] netlink: 'syz.1.3771': attribute type 46 has an invalid length.
[  640.870964][T15117] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3771'.
[  641.094252][T15127] netlink: 199848 bytes leftover after parsing attributes in process `syz.4.3773'.
[  641.284731][T15130] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3774'.
[  641.777599][T15140] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.3778'.
[  643.167452][T15147] netlink: 22 bytes leftover after parsing attributes in process `syz.1.3780'.
[  643.255278][T15150] netlink: 15487 bytes leftover after parsing attributes in process `syz.4.3781'.
[  643.701713][T15156] validate_nla: 2 callbacks suppressed
[  643.701731][T15156] netlink: 'syz.0.3783': attribute type 46 has an invalid length.
[  643.735634][T15156] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3783'.
[  643.760070][T15154] netlink: 'syz.2.3782': attribute type 39 has an invalid length.
[  644.029621][T10516] device hsr_slave_0 left promiscuous mode
[  644.095305][T10516] device hsr_slave_1 left promiscuous mode
[  644.155362][T10516] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  644.162880][T10516] batman_adv: batadv0: Removing interface: batadv_slave_0
[  644.237395][T10516] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  644.273628][T10516] batman_adv: batadv0: Removing interface: batadv_slave_1
[  644.482592][T10516] device veth1_vlan left promiscuous mode
[  644.489040][T10516] device veth0_vlan left promiscuous mode
[  644.837998][T15180] netlink: 'syz.2.3793': attribute type 2 has an invalid length.
[  644.853081][T15180] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.3793'.
[  644.868554][T10516] team0 (unregistering): Port device geneve1 removed
[  645.727936][T10516] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  646.217984][T10516] team0 (unregistering): Port device macvlan0 removed
[  646.658235][T10516] team0 (unregistering): Port device team_slave_1 removed
[  646.732031][T10516] team0 (unregistering): Port device team_slave_0 removed
[  646.787388][T10516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  646.840035][T10516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  647.193035][T10516] team0 (unregistering): Port device bond0 removed
[  647.229316][T10516] bond0 (unregistering): Released all slaves
[  647.273386][T15177] netlink: 'syz.4.3792': attribute type 10 has an invalid length.
[  647.282013][T15191] netlink: 'syz.1.3797': attribute type 10 has an invalid length.
[  647.548050][T15201] netlink: 'syz.1.3800': attribute type 39 has an invalid length.
[  648.171192][T15216] netlink: 'syz.0.3806': attribute type 2 has an invalid length.
[  648.197173][T15216] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.3806'.
[  649.186276][T15242] netlink: 'syz.2.3813': attribute type 10 has an invalid length.
[  649.208458][T15241] netlink: 'syz.1.3811': attribute type 46 has an invalid length.
[  649.219659][T15241] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3811'.
[  649.233613][T15245] netlink: 'syz.3.3815': attribute type 39 has an invalid length.
[  650.447255][T15266] netlink: 'syz.3.3821': attribute type 2 has an invalid length.
[  650.518013][T15266] netlink: 198692 bytes leftover after parsing attributes in process `syz.3.3821'.
[  650.595495][T15270] netlink: 'syz.4.3824': attribute type 2 has an invalid length.
[  650.614709][T15270] netlink: 199848 bytes leftover after parsing attributes in process `syz.4.3824'.
[  651.517480][T15281] netlink: 'syz.1.3827': attribute type 39 has an invalid length.
[  652.046065][T15300] netlink: 'syz.0.3834': attribute type 46 has an invalid length.
[  652.113165][T15300] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3834'.
[  652.671219][T15311] netlink: 'syz.3.3838': attribute type 10 has an invalid length.
[  653.685822][T15322] netlink: 'syz.0.3842': attribute type 39 has an invalid length.
[  653.816092][T15329] Ÿë
: port 1(gretap0) entered blocking state
[  653.822315][T15329] Ÿë
: port 1(gretap0) entered disabled state
[  653.857584][T15329] device gretap0 entered promiscuous mode
[  653.908354][T15324] Ÿë
: port 2(veth0_to_team) entered blocking state
[  653.935914][T15324] Ÿë
: port 2(veth0_to_team) entered disabled state
[  654.026444][T15324] device veth0_to_team entered promiscuous mode
[  654.256336][T15329] netlink: 'syz.2.3841': attribute type 10 has an invalid length.
[  654.307081][T15329] team0: Device wg1 is of different type
[  654.900715][T15355] netlink: 'syz.1.3855': attribute type 46 has an invalid length.
[  654.966108][T15355] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3855'.
[  655.058955][T15358] netlink: 'syz.0.3856': attribute type 39 has an invalid length.
[  656.397349][T15379] netlink: 'syz.0.3875': attribute type 10 has an invalid length.
[  656.911826][T15392] netlink: 'syz.4.3870': attribute type 39 has an invalid length.
[  657.069638][T15395] netlink: 'syz.3.3871': attribute type 46 has an invalid length.
[  657.135905][T15395] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3871'.
[  658.288899][T15414] netlink: 'syz.4.3880': attribute type 10 has an invalid length.
[  658.464418][T15420] netlink: 'syz.0.3883': attribute type 39 has an invalid length.
[  659.344350][T15436] netlink: 'syz.4.3889': attribute type 46 has an invalid length.
[  659.362184][T15436] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3889'.
[  660.386155][ T4282] Bluetooth: hci5: command 0x0406 tx timeout
[  660.506841][T15452] netlink: 'syz.0.3895': attribute type 10 has an invalid length.
[  662.342234][T15475] netlink: 'syz.3.3906': attribute type 46 has an invalid length.
[  662.361486][T15475] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3906'.
[  664.744487][T15513] netlink: 'syz.3.3925': attribute type 46 has an invalid length.
[  664.765588][T15513] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3925'.
[  665.515459][ T4276] Bluetooth: hci0: command 0x0406 tx timeout
[  665.727209][T15529] netlink: 'syz.0.3930': attribute type 39 has an invalid length.
[  665.883151][T15536] netlink: 'syz.2.3933': attribute type 29 has an invalid length.
[  665.908085][T15536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3933'.
[  665.955005][T15536] netlink: 'syz.2.3933': attribute type 29 has an invalid length.
[  665.981468][T15536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3933'.
[  667.131592][T15559] netlink: 'syz.1.3942': attribute type 46 has an invalid length.
[  667.160911][T15559] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3942'.
[  667.427157][T15564] netlink: 'syz.4.3945': attribute type 39 has an invalid length.
[  668.347267][T15584] netlink: 'syz.1.3955': attribute type 19 has an invalid length.
[  668.411244][T15584] netlink: 14552 bytes leftover after parsing attributes in process `syz.1.3955'.
[  669.407085][T15597] netlink: 'syz.4.3959': attribute type 39 has an invalid length.
[  669.690359][T15603] netlink: 'syz.2.3972': attribute type 39 has an invalid length.
[  669.979917][T15612] syz.2.3964[15612] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  669.980033][T15612] syz.2.3964[15612] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  671.571596][T15643] netlink: 'syz.1.3975': attribute type 39 has an invalid length.
[  671.634234][ T4276] Bluetooth: hci5: ISO packet for unknown connection handle 36
[  673.618751][T15684] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3995'.
[  673.914579][T15694] netlink: 'syz.0.3996': attribute type 39 has an invalid length.
[  674.015070][T15704] netlink: 'syz.3.3999': attribute type 39 has an invalid length.
[  675.755311][ T4282] Bluetooth: hci2: command 0x0406 tx timeout
[  677.255515][T15731] netlink: 'syz.1.4011': attribute type 12 has an invalid length.
[  677.285293][T15731] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4011'.
[  677.422721][T15737] netlink: 'syz.1.4011': attribute type 29 has an invalid length.
[  677.593394][T15734] netlink: 'syz.4.4012': attribute type 39 has an invalid length.
[  677.608760][T15736] netlink: 'syz.3.4010': attribute type 10 has an invalid length.
[  680.204912][T15737] netlink: 'syz.1.4011': attribute type 29 has an invalid length.
[  680.599680][T15756] netlink: 'syz.1.4019': attribute type 39 has an invalid length.
[  680.965573][T15764] netlink: 'syz.0.4023': attribute type 39 has an invalid length.
[  681.219648][T15772] netlink: 'syz.2.4026': attribute type 10 has an invalid length.
[  683.023734][T15816] netlink: 'syz.0.4043': attribute type 1 has an invalid length.
[  683.054107][T15816] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4043'.
[  686.130686][T15822] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4046'.
[  686.432251][T15857] netlink: 'syz.0.4056': attribute type 12 has an invalid length.
[  686.440403][T15857] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4056'.
[  686.625798][T15859] netlink: 'syz.0.4056': attribute type 29 has an invalid length.
[  686.704710][T15859] netlink: 'syz.0.4056': attribute type 29 has an invalid length.
[  687.280676][T15869] netlink: 'syz.1.4062': attribute type 10 has an invalid length.
[  687.329134][T15873] netlink: 'syz.3.4064': attribute type 10 has an invalid length.
[  687.678670][T15878] netlink: 'syz.3.4066': attribute type 10 has an invalid length.
[  688.422053][T15897] netlink: 'syz.4.4074': attribute type 12 has an invalid length.
[  688.446306][T15897] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4074'.
[  688.459114][T15899] netlink: 'syz.0.4075': attribute type 10 has an invalid length.
[  688.562231][T15902] netlink: 'syz.2.4076': attribute type 10 has an invalid length.
[  688.616272][T15901] netlink: 'syz.4.4074': attribute type 29 has an invalid length.
[  688.694957][T15901] netlink: 'syz.4.4074': attribute type 29 has an invalid length.
[  689.125711][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  689.132358][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  689.773345][T15920] netlink: 'syz.2.4081': attribute type 10 has an invalid length.
[  690.451052][T15941] netlink: 'syz.0.4090': attribute type 10 has an invalid length.
[  690.917491][T15950] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4093'.
[  690.920439][T15956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4095'.
[  690.974049][T15950] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.055803][T15950] device bridge_slave_0 left promiscuous mode
[  691.063009][T15950] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.181297][T15956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4095'.
[  691.420334][T15964] netlink: 'syz.4.4099': attribute type 10 has an invalid length.
[  691.889901][T15988] netlink: 'syz.4.4104': attribute type 10 has an invalid length.
[  692.903209][T16007] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4115'.
[  693.678353][T16030] netlink: 'syz.1.4125': attribute type 29 has an invalid length.
[  693.739367][T16030] netlink: 'syz.1.4125': attribute type 29 has an invalid length.
[  693.802133][T16031] netlink: 'syz.1.4125': attribute type 29 has an invalid length.
[  695.609774][T16067] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4139'.
[  695.934876][T16067] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.041829][T16067] device bridge_slave_0 left promiscuous mode
[  696.052638][T16067] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.033586][T16116] netlink: 'syz.2.4159': attribute type 10 has an invalid length.
[  699.402942][T16153] netlink: 'syz.0.4175': attribute type 10 has an invalid length.
[  699.536334][T16158] netlink: 'syz.4.4177': attribute type 10 has an invalid length.
[  699.613824][T16158] team0: Device wg1 is of different type
[  699.969925][T16172] netlink: 'syz.4.4183': attribute type 46 has an invalid length.
[  700.008541][T16172] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4183'.
[  701.375122][T16190] netlink: 'syz.4.4190': attribute type 10 has an invalid length.
[  701.408752][T16194] netlink: 'syz.0.4193': attribute type 3 has an invalid length.
[  701.476246][T16194] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4193'.
[  701.505817][T16198] FAULT_INJECTION: forcing a failure.
[  701.505817][T16198] name failslab, interval 1, probability 0, space 0, times 0
[  701.546794][T16198] CPU: 0 PID: 16198 Comm: syz.2.4194 Not tainted syzkaller #0
[  701.554332][T16198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  701.564421][T16198] Call Trace:
[  701.567724][T16198]  <TASK>
[  701.570675][T16198]  dump_stack_lvl+0x188/0x24e
[  701.575418][T16198]  ? show_regs_print_info+0x12/0x12
[  701.580654][T16198]  ? load_image+0x400/0x400
[  701.585186][T16198]  ? verify_lock_unused+0x140/0x140
[  701.590431][T16198]  should_fail_ex+0x399/0x4d0
[  701.595140][T16198]  should_failslab+0x5/0x20
[  701.599666][T16198]  slab_pre_alloc_hook+0x59/0x310
[  701.604727][T16198]  kmem_cache_alloc+0x56/0x2f0
[  701.609521][T16198]  ? skb_clone+0x1e7/0x370
[  701.613975][T16198]  skb_clone+0x1e7/0x370
[  701.618258][T16198]  __netlink_deliver_tap+0x3ed/0x800
[  701.623590][T16198]  ? netlink_deliver_tap+0x2e/0x1b0
[  701.628829][T16198]  netlink_deliver_tap+0x19c/0x1b0
[  701.633976][T16198]  netlink_unicast+0x728/0x8d0
[  701.638793][T16198]  netlink_sendmsg+0x8ad/0xbd0
[  701.643617][T16198]  ? netlink_getsockopt+0x550/0x550
[  701.648866][T16198]  ? aa_sock_msg_perm+0x94/0x150
[  701.653835][T16198]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  701.659157][T16198]  ? security_socket_sendmsg+0x7c/0xa0
[  701.664663][T16198]  ? netlink_getsockopt+0x550/0x550
[  701.669903][T16198]  ____sys_sendmsg+0x5be/0x970
[  701.674721][T16198]  ? __sys_sendmsg_sock+0x30/0x30
[  701.679787][T16198]  ? __import_iovec+0x315/0x500
[  701.684671][T16198]  ? import_iovec+0x6f/0xa0
[  701.689211][T16198]  ___sys_sendmsg+0x2a2/0x360
[  701.693936][T16198]  ? __sys_sendmsg+0x290/0x290
[  701.698763][T16198]  ? __lock_acquire+0x7d10/0x7d10
[  701.703859][T16198]  __se_sys_sendmsg+0x1bb/0x2a0
[  701.708759][T16198]  ? __x64_sys_sendmsg+0x80/0x80
[  701.713753][T16198]  ? lockdep_hardirqs_on+0x94/0x140
[  701.718989][T16198]  do_syscall_64+0x4c/0xa0
[  701.723441][T16198]  ? clear_bhb_loop+0x60/0xb0
[  701.728159][T16198]  ? clear_bhb_loop+0x60/0xb0
[  701.732898][T16198]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  701.738810][T16198] RIP: 0033:0x7f80b2d9c819
[  701.743247][T16198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  701.762866][T16198] RSP: 002b:00007f80b0ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  701.771284][T16198] RAX: ffffffffffffffda RBX: 00007f80b3015fa0 RCX: 00007f80b2d9c819
[  701.779266][T16198] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  701.787271][T16198] RBP: 00007f80b0ff6090 R08: 0000000000000000 R09: 0000000000000000
[  701.795302][T16198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.803295][T16198] R13: 00007f80b3016038 R14: 00007f80b3015fa0 R15: 00007fff71671458
[  701.811340][T16198]  </TASK>
[  701.822221][T16198] netlink: 'syz.2.4194': attribute type 10 has an invalid length.
[  701.846934][T16198] team0: Device ipvlan1 failed to register rx_handler
[  702.110263][T16212] netlink: 'syz.3.4200': attribute type 46 has an invalid length.
[  702.152343][T16212] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4200'.
[  703.272728][T16234] netlink: 'syz.0.4208': attribute type 10 has an invalid length.
[  703.331383][T16237] FAULT_INJECTION: forcing a failure.
[  703.331383][T16237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  703.383433][T16237] CPU: 1 PID: 16237 Comm: syz.2.4210 Not tainted syzkaller #0
[  703.391078][T16237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  703.401215][T16237] Call Trace:
[  703.404523][T16237]  <TASK>
[  703.407480][T16237]  dump_stack_lvl+0x188/0x24e
[  703.412208][T16237]  ? show_regs_print_info+0x12/0x12
[  703.417449][T16237]  ? load_image+0x400/0x400
[  703.421999][T16237]  ? __lock_acquire+0x7d10/0x7d10
[  703.427088][T16237]  should_fail_ex+0x399/0x4d0
[  703.431829][T16237]  _copy_from_user+0x2c/0x170
[  703.436567][T16237]  iovec_from_user+0x143/0x360
[  703.441398][T16237]  __import_iovec+0x6d/0x500
[  703.446054][T16237]  import_iovec+0x6f/0xa0
[  703.450428][T16237]  ___sys_sendmsg+0x252/0x360
[  703.455161][T16237]  ? __sys_sendmsg+0x290/0x290
[  703.460011][T16237]  ? __lock_acquire+0x7d10/0x7d10
[  703.465123][T16237]  __se_sys_sendmsg+0x1bb/0x2a0
[  703.470028][T16237]  ? __x64_sys_sendmsg+0x80/0x80
[  703.475090][T16237]  ? lockdep_hardirqs_on+0x94/0x140
[  703.480329][T16237]  do_syscall_64+0x4c/0xa0
[  703.484782][T16237]  ? clear_bhb_loop+0x60/0xb0
[  703.489500][T16237]  ? clear_bhb_loop+0x60/0xb0
[  703.494233][T16237]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  703.500196][T16237] RIP: 0033:0x7f80b2d9c819
[  703.504647][T16237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  703.524307][T16237] RSP: 002b:00007f80b0ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  703.532763][T16237] RAX: ffffffffffffffda RBX: 00007f80b3015fa0 RCX: 00007f80b2d9c819
[  703.540773][T16237] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000004
[  703.548782][T16237] RBP: 00007f80b0ff6090 R08: 0000000000000000 R09: 0000000000000000
[  703.556784][T16237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  703.564852][T16237] R13: 00007f80b3016038 R14: 00007f80b3015fa0 R15: 00007fff71671458
[  703.572969][T16237]  </TASK>
[  704.994366][T16261] netlink: 'syz.4.4219': attribute type 46 has an invalid length.
[  705.066727][T16261] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4219'.
[  705.893979][T16271] netlink: 'syz.0.4223': attribute type 10 has an invalid length.
[  706.073318][T16275] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4225'.
[  706.318286][T16282] netlink: 'syz.1.4229': attribute type 21 has an invalid length.
[  706.356299][T16282] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4229'.
[  706.366261][T16282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4229'.
[  706.912865][T16302] netlink: 'syz.1.4237': attribute type 10 has an invalid length.
[  707.144133][T16306] netlink: 'syz.1.4239': attribute type 46 has an invalid length.
[  707.160083][T16306] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4239'.
[  707.931933][T16324] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.4247'.
[  708.302178][T16331] netlink: 'syz.4.4249': attribute type 10 has an invalid length.
[  708.680856][T16333] tap0: tun_chr_ioctl cmd 1074025677
[  708.688084][T16333] tap0: linktype set to 774
[  708.700436][T16333] netlink: 'syz.2.4251': attribute type 10 has an invalid length.
[  708.749418][T16333] team0: Device ipvlan1 failed to register rx_handler
[  709.027787][T16347] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4257'.
[  709.126988][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.154740][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.184319][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.223869][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.247207][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.263307][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.292790][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.316367][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.326556][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.336858][T16347] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  709.456206][T16363] netlink: 'syz.2.4262': attribute type 46 has an invalid length.
[  709.464083][T16363] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4262'.
[  711.131461][T16368] netlink: 'syz.3.4263': attribute type 10 has an invalid length.
[  712.472655][T16395] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.4275'.
[  712.869831][T16411] netlink: 'syz.1.4282': attribute type 10 has an invalid length.
[  713.126977][T16415] tap0: tun_chr_ioctl cmd 1074025677
[  713.134629][T16415] tap0: linktype set to 774
[  713.170509][T16415] netlink: 'syz.1.4284': attribute type 10 has an invalid length.
[  713.223974][T16415] team0: Device ipvlan1 failed to register rx_handler
[  713.930658][T16429] netlink: 126632 bytes leftover after parsing attributes in process `syz.0.4297'.
[  714.537965][T16444] netlink: 'syz.1.4294': attribute type 10 has an invalid length.
[  715.630282][T16462] ==================================================================
[  715.638434][T16462] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6c9/0x920
[  715.646296][T16462] Write of size 96 at addr ffff88802750cb90 by task syz.3.4301/16462
[  715.654393][T16462] 
[  715.656753][T16462] CPU: 1 PID: 16462 Comm: syz.3.4301 Not tainted syzkaller #0
[  715.664252][T16462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  715.674598][T16462] Call Trace:
[  715.677895][T16462]  <TASK>
[  715.680844][T16462]  dump_stack_lvl+0x188/0x24e
[  715.685560][T16462]  ? __lock_acquire+0x7d10/0x7d10
[  715.690624][T16462]  ? show_regs_print_info+0x12/0x12
[  715.695860][T16462]  ? load_image+0x400/0x400
[  715.700397][T16462]  ? __virt_addr_valid+0x465/0x540
[  715.705554][T16462]  ? __bpf_get_stackid+0x6c9/0x920
[  715.710696][T16462]  print_report+0xa8/0x210
[  715.715167][T16462]  kasan_report+0x10b/0x140
[  715.719719][T16462]  ? __bpf_get_stackid+0x6c9/0x920
[  715.724876][T16462]  kasan_check_range+0x235/0x290
[  715.729853][T16462]  ? __bpf_get_stackid+0x6c9/0x920
[  715.734996][T16462]  memcpy+0x3c/0x60
[  715.738836][T16462]  __bpf_get_stackid+0x6c9/0x920
[  715.743809][T16462]  bpf_get_stackid_pe+0x33f/0x400
[  715.748876][T16462]  bpf_prog_ceda4e53fcf21ae1+0x28/0x40
[  715.754365][T16462]  bpf_overflow_handler+0x522/0x7c0
[  715.759592][T16462]  ? bpf_overflow_handler+0xd9/0x7c0
[  715.764903][T16462]  ? perf_swevent_overflow+0x230/0x230
[  715.770392][T16462]  ? ct_irq_exit_irqson+0x113/0x170
[  715.775647][T16462]  ? __perf_event_account_interrupt+0x187/0x280
[  715.781956][T16462]  __perf_event_overflow+0x448/0x610
[  715.787386][T16462]  perf_swevent_event+0x315/0x570
[  715.792503][T16462]  ? perf_tp_event+0xc30/0xc30
[  715.797309][T16462]  ? trace_event_raw_event_lock+0x250/0x250
[  715.803234][T16462]  ? perf_trace_lock+0xf8/0x390
[  715.808114][T16462]  ___perf_sw_event+0x49e/0x6e0
[  715.813007][T16462]  ? ___perf_sw_event+0x180/0x6e0
[  715.818068][T16462]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[  715.824546][T16462]  ? mark_lock+0x94/0x320
[  715.828934][T16462]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  715.834949][T16462]  ? lock_chain_count+0x20/0x20
[  715.839913][T16462]  __perf_sw_event+0x135/0x260
[  715.844758][T16462]  do_user_addr_fault+0xaea/0xb10
[  715.849831][T16462]  ? trace_event_raw_event_lock+0x250/0x250
[  715.855764][T16462]  ? trace_hardirqs_off_finish+0x86/0x180
[  715.861616][T16462]  exc_page_fault+0x60/0x100
[  715.866243][T16462]  asm_exc_page_fault+0x22/0x30
[  715.871145][T16462] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40
[  715.877782][T16462] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 <f3> a4 31 c0 0f 01 ca c3 89 ca eb 0a 90 90 90 90 90 90 90 90 90 90
[  715.897423][T16462] RSP: 0018:ffffc90003167668 EFLAGS: 00050206
[  715.903536][T16462] RAX: ffffffff840f3201 RBX: 0000000000001000 RCX: 0000000000000480
[  715.911535][T16462] RDX: 0000000000001000 RSI: 0000200000003000 RDI: ffff888055fb9b80
[  715.919546][T16462] RBP: 0000000000000000 R08: ffff888055fb9fff R09: 1ffff1100abf73ff
[  715.927543][T16462] R10: dffffc0000000000 R11: ffffed100abf7400 R12: 00007fffffffe000
[  715.935539][T16462] R13: 0000000000001ec0 R14: 0000200000002480 R15: ffff888055fb9000
[  715.943568][T16462]  ? copyin+0x71/0x120
[  715.947688][T16462]  copyin+0xe7/0x120
[  715.951620][T16462]  _copy_from_iter+0x447/0x1130
[  715.956513][T16462]  ? copyout_mc+0x110/0x110
[  715.961071][T16462]  ? copyout_mc+0x110/0x110
[  715.965643][T16462]  ? __virt_addr_valid+0x188/0x540
[  715.970799][T16462]  ? page_copy_sane+0x194/0x390
[  715.975680][T16462]  copy_page_from_iter+0x77/0x100
[  715.980727][T16462]  skb_copy_datagram_from_iter+0x2b3/0x690
[  715.986591][T16462]  unix_stream_sendmsg+0x4d5/0xa70
[  715.991753][T16462]  ? unix_show_fdinfo+0x2c0/0x2c0
[  715.996808][T16462]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  716.003277][T16462]  ? __might_fault+0xa6/0x120
[  716.008005][T16462]  ? aa_sock_msg_perm+0x94/0x150
[  716.012985][T16462]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  716.018302][T16462]  ? security_socket_sendmsg+0x7c/0xa0
[  716.023797][T16462]  ? unix_show_fdinfo+0x2c0/0x2c0
[  716.028851][T16462]  ____sys_sendmsg+0x5be/0x970
[  716.033656][T16462]  ? __sys_sendmsg_sock+0x30/0x30
[  716.038718][T16462]  ? __import_iovec+0x315/0x500
[  716.043604][T16462]  ? import_iovec+0x6f/0xa0
[  716.048180][T16462]  ___sys_sendmsg+0x2a2/0x360
[  716.052891][T16462]  ? try_to_wake_up+0x67c/0x1080
[  716.057861][T16462]  ? __sys_sendmsg+0x290/0x290
[  716.062702][T16462]  __se_sys_sendmsg+0x1bb/0x2a0
[  716.067591][T16462]  ? __x64_sys_sendmsg+0x80/0x80
[  716.072568][T16462]  ? lockdep_hardirqs_on+0x94/0x140
[  716.077803][T16462]  do_syscall_64+0x4c/0xa0
[  716.082269][T16462]  ? clear_bhb_loop+0x60/0xb0
[  716.086994][T16462]  ? clear_bhb_loop+0x60/0xb0
[  716.091708][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  716.097634][T16462] RIP: 0033:0x7f2fc8f9c819
[  716.102087][T16462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  716.121725][T16462] RSP: 002b:00007f2fc71d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  716.130166][T16462] RAX: ffffffffffffffda RBX: 00007f2fc9216090 RCX: 00007f2fc8f9c819
[  716.138162][T16462] RDX: 00000000000000fd RSI: 0000200000001840 RDI: 0000000000000007
[  716.146170][T16462] RBP: 00007f2fc9032c91 R08: 0000000000000000 R09: 0000000000000000
[  716.154171][T16462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  716.162175][T16462] R13: 00007f2fc9216128 R14: 00007f2fc9216090 R15: 00007ffce7302398
[  716.170214][T16462]  </TASK>
[  716.173270][T16462] 
[  716.175614][T16462] Allocated by task 16462:
[  716.180075][T16462]  kasan_set_track+0x4b/0x70
[  716.184715][T16462]  __kasan_kmalloc+0x8e/0xa0
[  716.189358][T16462]  __kmalloc_node+0xb0/0x240
[  716.193999][T16462]  bpf_map_area_alloc+0x47/0xe0
[  716.198884][T16462]  prealloc_elems_and_freelist+0x86/0x1c0
[  716.204627][T16462]  stack_map_alloc+0x390/0x520
[  716.209414][T16462]  map_create+0x534/0x1000
[  716.213854][T16462]  __sys_bpf+0x38b/0x780
[  716.218117][T16462]  __x64_sys_bpf+0x78/0x90
[  716.222554][T16462]  do_syscall_64+0x4c/0xa0
[  716.227002][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  716.232916][T16462] 
[  716.235248][T16462] Last potentially related work creation:
[  716.240979][T16462]  kasan_save_stack+0x3a/0x60
[  716.245693][T16462]  __kasan_record_aux_stack+0xb2/0xc0
[  716.251081][T16462]  kvfree_call_rcu+0x103/0x870
[  716.255869][T16462]  trie_update_elem+0xa2b/0xe80
[  716.260742][T16462]  bpf_map_update_value+0x59e/0x670
[  716.265965][T16462]  generic_map_update_batch+0x54b/0x810
[  716.271532][T16462]  bpf_map_do_batch+0x466/0x600
[  716.276409][T16462]  __sys_bpf+0x6f7/0x780
[  716.280672][T16462]  __x64_sys_bpf+0x78/0x90
[  716.285109][T16462]  do_syscall_64+0x4c/0xa0
[  716.289555][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  716.295478][T16462] 
[  716.297808][T16462] Second to last potentially related work creation:
[  716.304415][T16462]  kasan_save_stack+0x3a/0x60
[  716.309122][T16462]  __kasan_record_aux_stack+0xb2/0xc0
[  716.314514][T16462]  call_rcu+0x14f/0x990
[  716.318704][T16462]  __nf_register_net_hook+0x788/0x910
[  716.324101][T16462]  nf_register_net_hook+0xae/0x190
[  716.329263][T16462]  nf_register_net_hooks+0x40/0x1a0
[  716.334477][T16462]  ip6t_register_table+0x53f/0x7d0
[  716.339625][T16462]  ip6table_mangle_table_init+0x3d/0x60
[  716.345200][T16462]  xt_find_table_lock+0x220/0x360
[  716.350248][T16462]  xt_request_find_table_lock+0x22/0x100
[  716.355918][T16462]  do_ip6t_get_ctl+0x5e8/0x11b0
[  716.360881][T16462]  nf_getsockopt+0x25e/0x280
[  716.365491][T16462]  ipv6_getsockopt+0x222/0x2e0
[  716.370276][T16462]  __sys_getsockopt+0x1b0/0x230
[  716.375157][T16462]  __x64_sys_getsockopt+0xb1/0xc0
[  716.380206][T16462]  do_syscall_64+0x4c/0xa0
[  716.384644][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  716.390564][T16462] 
[  716.392897][T16462] The buggy address belongs to the object at ffff88802750cb80
[  716.392897][T16462]  which belongs to the cache kmalloc-cg-64 of size 64
[  716.407071][T16462] The buggy address is located 16 bytes inside of
[  716.407071][T16462]  64-byte region [ffff88802750cb80, ffff88802750cbc0)
[  716.420193][T16462] 
[  716.422547][T16462] The buggy address belongs to the physical page:
[  716.429133][T16462] page:ffffea00009d4300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2750c
[  716.439330][T16462] memcg:ffff88807bbea401
[  716.443584][T16462] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  716.451215][T16462] raw: 00fff00000000200 ffffea000074c800 dead000000000003 ffff888017442780
[  716.459815][T16462] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88807bbea401
[  716.468496][T16462] page dumped because: kasan: bad access detected
[  716.474993][T16462] page_owner tracks the page as allocated
[  716.480811][T16462] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4277, tgid 4277 (syz-executor), ts 235643519643, free_ts 235642802793
[  716.499290][T16462]  post_alloc_hook+0x173/0x1a0
[  716.504088][T16462]  get_page_from_freelist+0x1a1e/0x1ab0
[  716.509675][T16462]  __alloc_pages+0x1ec/0x4f0
[  716.514340][T16462]  alloc_slab_page+0x5d/0x160
[  716.519093][T16462]  new_slab+0x87/0x2c0
[  716.523238][T16462]  ___slab_alloc+0xbc6/0x1240
[  716.527929][T16462]  __kmem_cache_alloc_node+0x1a0/0x260
[  716.533409][T16462]  kmalloc_trace+0x26/0xe0
[  716.537857][T16462]  alloc_fdtable+0xca/0x2c0
[  716.542385][T16462]  dup_fd+0x782/0xa50
[  716.546386][T16462]  copy_files+0x72/0xe0
[  716.550560][T16462]  copy_process+0x1835/0x4030
[  716.555255][T16462]  kernel_clone+0x24b/0x900
[  716.559774][T16462]  __x64_sys_clone+0x1a7/0x220
[  716.564555][T16462]  do_syscall_64+0x4c/0xa0
[  716.568992][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  716.574929][T16462] page last free stack trace:
[  716.579624][T16462]  free_unref_page_prepare+0x8b4/0x9a0
[  716.585120][T16462]  free_unref_page+0x2e/0x3f0
[  716.589825][T16462]  __vunmap+0x856/0xa00
[  716.594015][T16462]  do_ip6t_get_ctl+0xec0/0x11b0
[  716.598895][T16462]  nf_getsockopt+0x25e/0x280
[  716.603518][T16462]  ipv6_getsockopt+0x222/0x2e0
[  716.608297][T16462]  __sys_getsockopt+0x1b0/0x230
[  716.613173][T16462]  __x64_sys_getsockopt+0xb1/0xc0
[  716.618243][T16462]  do_syscall_64+0x4c/0xa0
[  716.622691][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  716.628606][T16462] 
[  716.630934][T16462] Memory state around the buggy address:
[  716.636573][T16462]  ffff88802750ca80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  716.644661][T16462]  ffff88802750cb00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  716.652747][T16462] >ffff88802750cb80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  716.660830][T16462]                                   ^
[  716.666224][T16462]  ffff88802750cc00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  716.674302][T16462]  ffff88802750cc80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  716.682373][T16462] ==================================================================
[  716.690464][T16462] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  716.697666][T16462] CPU: 1 PID: 16462 Comm: syz.3.4301 Not tainted syzkaller #0
[  716.705136][T16462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  716.715202][T16462] Call Trace:
[  716.718496][T16462]  <TASK>
[  716.721437][T16462]  dump_stack_lvl+0x188/0x24e
[  716.726155][T16462]  ? memcpy+0x3c/0x60
[  716.730151][T16462]  ? show_regs_print_info+0x12/0x12
[  716.735373][T16462]  ? load_image+0x400/0x400
[  716.739913][T16462]  panic+0x2e5/0x730
[  716.743842][T16462]  ? bpf_jit_dump+0xd0/0xd0
[  716.748370][T16462]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  716.754283][T16462]  ? _raw_spin_unlock+0x40/0x40
[  716.759149][T16462]  ? print_memory_metadata+0x314/0x400
[  716.764633][T16462]  check_panic_on_warn+0x80/0xa0
[  716.769608][T16462]  ? __bpf_get_stackid+0x6c9/0x920
[  716.774732][T16462]  end_report+0x66/0x110
[  716.779002][T16462]  kasan_report+0x118/0x140
[  716.783528][T16462]  ? __bpf_get_stackid+0x6c9/0x920
[  716.788675][T16462]  kasan_check_range+0x235/0x290
[  716.793649][T16462]  ? __bpf_get_stackid+0x6c9/0x920
[  716.798791][T16462]  memcpy+0x3c/0x60
[  716.802624][T16462]  __bpf_get_stackid+0x6c9/0x920
[  716.807591][T16462]  bpf_get_stackid_pe+0x33f/0x400
[  716.812644][T16462]  bpf_prog_ceda4e53fcf21ae1+0x28/0x40
[  716.818128][T16462]  bpf_overflow_handler+0x522/0x7c0
[  716.823350][T16462]  ? bpf_overflow_handler+0xd9/0x7c0
[  716.828654][T16462]  ? perf_swevent_overflow+0x230/0x230
[  716.834131][T16462]  ? ct_irq_exit_irqson+0x113/0x170
[  716.839361][T16462]  ? __perf_event_account_interrupt+0x187/0x280
[  716.845639][T16462]  __perf_event_overflow+0x448/0x610
[  716.850960][T16462]  perf_swevent_event+0x315/0x570
[  716.856020][T16462]  ? perf_tp_event+0xc30/0xc30
[  716.860808][T16462]  ? trace_event_raw_event_lock+0x250/0x250
[  716.866720][T16462]  ? perf_trace_lock+0xf8/0x390
[  716.871603][T16462]  ___perf_sw_event+0x49e/0x6e0
[  716.876488][T16462]  ? ___perf_sw_event+0x180/0x6e0
[  716.881544][T16462]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[  716.888010][T16462]  ? mark_lock+0x94/0x320
[  716.892388][T16462]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  716.898404][T16462]  ? lock_chain_count+0x20/0x20
[  716.903282][T16462]  __perf_sw_event+0x135/0x260
[  716.908084][T16462]  do_user_addr_fault+0xaea/0xb10
[  716.913137][T16462]  ? trace_event_raw_event_lock+0x250/0x250
[  716.919063][T16462]  ? trace_hardirqs_off_finish+0x86/0x180
[  716.924810][T16462]  exc_page_fault+0x60/0x100
[  716.929432][T16462]  asm_exc_page_fault+0x22/0x30
[  716.934309][T16462] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40
[  716.940941][T16462] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 <f3> a4 31 c0 0f 01 ca c3 89 ca eb 0a 90 90 90 90 90 90 90 90 90 90
[  716.960596][T16462] RSP: 0018:ffffc90003167668 EFLAGS: 00050206
[  716.966690][T16462] RAX: ffffffff840f3201 RBX: 0000000000001000 RCX: 0000000000000480
[  716.974676][T16462] RDX: 0000000000001000 RSI: 0000200000003000 RDI: ffff888055fb9b80
[  716.982664][T16462] RBP: 0000000000000000 R08: ffff888055fb9fff R09: 1ffff1100abf73ff
[  716.990675][T16462] R10: dffffc0000000000 R11: ffffed100abf7400 R12: 00007fffffffe000
[  717.001398][T16462] R13: 0000000000001ec0 R14: 0000200000002480 R15: ffff888055fb9000
[  717.009403][T16462]  ? copyin+0x71/0x120
[  717.013509][T16462]  copyin+0xe7/0x120
[  717.017442][T16462]  _copy_from_iter+0x447/0x1130
[  717.022329][T16462]  ? copyout_mc+0x110/0x110
[  717.026865][T16462]  ? copyout_mc+0x110/0x110
[  717.031390][T16462]  ? __virt_addr_valid+0x188/0x540
[  717.036587][T16462]  ? page_copy_sane+0x194/0x390
[  717.041552][T16462]  copy_page_from_iter+0x77/0x100
[  717.046598][T16462]  skb_copy_datagram_from_iter+0x2b3/0x690
[  717.052438][T16462]  unix_stream_sendmsg+0x4d5/0xa70
[  717.057585][T16462]  ? unix_show_fdinfo+0x2c0/0x2c0
[  717.062625][T16462]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  717.069068][T16462]  ? __might_fault+0xa6/0x120
[  717.073775][T16462]  ? aa_sock_msg_perm+0x94/0x150
[  717.078738][T16462]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  717.084127][T16462]  ? security_socket_sendmsg+0x7c/0xa0
[  717.089639][T16462]  ? unix_show_fdinfo+0x2c0/0x2c0
[  717.094687][T16462]  ____sys_sendmsg+0x5be/0x970
[  717.099483][T16462]  ? __sys_sendmsg_sock+0x30/0x30
[  717.104525][T16462]  ? __import_iovec+0x315/0x500
[  717.109397][T16462]  ? import_iovec+0x6f/0xa0
[  717.113916][T16462]  ___sys_sendmsg+0x2a2/0x360
[  717.118621][T16462]  ? try_to_wake_up+0x67c/0x1080
[  717.123580][T16462]  ? __sys_sendmsg+0x290/0x290
[  717.128395][T16462]  __se_sys_sendmsg+0x1bb/0x2a0
[  717.133272][T16462]  ? __x64_sys_sendmsg+0x80/0x80
[  717.138253][T16462]  ? lockdep_hardirqs_on+0x94/0x140
[  717.143476][T16462]  do_syscall_64+0x4c/0xa0
[  717.147919][T16462]  ? clear_bhb_loop+0x60/0xb0
[  717.152633][T16462]  ? clear_bhb_loop+0x60/0xb0
[  717.157338][T16462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  717.163253][T16462] RIP: 0033:0x7f2fc8f9c819
[  717.167684][T16462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  717.187333][T16462] RSP: 002b:00007f2fc71d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  717.195773][T16462] RAX: ffffffffffffffda RBX: 00007f2fc9216090 RCX: 00007f2fc8f9c819
[  717.203766][T16462] RDX: 00000000000000fd RSI: 0000200000001840 RDI: 0000000000000007
[  717.211754][T16462] RBP: 00007f2fc9032c91 R08: 0000000000000000 R09: 0000000000000000
[  717.219740][T16462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  717.227727][T16462] R13: 00007f2fc9216128 R14: 00007f2fc9216090 R15: 00007ffce7302398
[  717.235724][T16462]  </TASK>
[  717.239370][T16462] Kernel Offset: disabled
[  717.243715][T16462] Rebooting in 86400 seconds..