last executing test programs:

4.79649272s ago: executing program 1 (id=15918):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0xfede, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848420000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) (async)
recvmsg$kcm(r0, &(0x7f0000000940)={&(0x7f00000000c0)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000140)=""/193, 0xc1}, {&(0x7f0000000240)=""/6, 0x6}, {&(0x7f0000000280)=""/146, 0x92}, {&(0x7f0000000340)=""/207, 0xcf}, {&(0x7f0000000440)=""/41, 0x29}, {&(0x7f0000000480)=""/246, 0xf6}, {&(0x7f0000000580)=""/76, 0x4c}, {&(0x7f0000000600)=""/68, 0x44}, {&(0x7f0000000680)=""/49, 0x31}, {&(0x7f00000006c0)=""/192, 0xc0}], 0xa, &(0x7f0000000840)=""/211, 0xd3}, 0x0) (async, rerun: 32)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000980)='memory.stat\x00', 0x0, 0x0) (rerun: 32)
ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f00000009c0))

4.227649139s ago: executing program 3 (id=15924):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000020851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006600000000000000180000000700000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207a0af8ff00000000cf510000000000000701000000feffffb702000008000000b703000000000000850000002d0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)

4.108579937s ago: executing program 3 (id=15925):
r0 = perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30080, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x5f21df7aec8d40fb, 0x0, 0x0, 0x5}, 0x0, 0x0, r2, 0x0)
syz_clone(0x4800000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x52b)

3.954534148s ago: executing program 3 (id=15926):
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffffff, 0x4}, 0x38)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b90402000000e8fe55a11800152c280014", 0x1f}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10, 0x0}, 0x3000c085)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x6, 0x13, &(0x7f0000000200)=r3, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x10867, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, @void, @value, @value=r3}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r4, &(0x7f0000000140), 0x0}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffffff, 0x4}, 0x38) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b90402000000e8fe55a11800152c280014", 0x1f}], 0x1}, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0) (async)
socket$kcm(0x2b, 0x1, 0x0) (async)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10, 0x0}, 0x3000c085) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) (async)
recvmsg$unix(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) (async)
setsockopt$sock_attach_bpf(r1, 0x6, 0x13, &(0x7f0000000200)=r3, 0x4) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x10867, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, @void, @value, @value=r3}, 0x50) (async)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r4, &(0x7f0000000140), 0x0}, 0x20) (async)

2.600169721s ago: executing program 1 (id=15927):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_tracing={0x1a, 0x1b, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa2}, @ringbuf_query, @call={0x85, 0x0, 0x0, 0xd0}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x1}, 0x8, 0x10, &(0x7f00000001c0)={0x1, 0x3, 0x7, 0x3}, 0x10, 0x2d0ce, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x60}, 0x94)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f0000000000)='./file0\x00', r0, 0x4000, r1}, 0x18)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f00000003c0)='cgroup.threads\x00', 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x23, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x31}, @ringbuf_query, @ringbuf_query, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x2}, @jmp={0x5, 0x0, 0xa, 0x0, 0x9, 0xfffffffffffffff8}, @exit, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7}, @ringbuf_query]}, &(0x7f0000000540)='syzkaller\x00', 0x7, 0xe6, &(0x7f0000000580)=""/230, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x2, 0x4}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x1, 0x2, 0x3ff}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000700)=[0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000740)=[{0x4, 0x3, 0x7}, {0x0, 0x1, 0x8, 0x8}, {0x0, 0x5, 0x8, 0x6}, {0x3, 0x8, 0xd, 0xc}, {0x5, 0x1, 0xb, 0x3}], 0x10, 0x400}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000980)={@map=<r5=>0xffffffffffffffff, 0x3, 0x0, 0x2, &(0x7f0000000880)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000008c0)=[0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0], <r6=>0x0}, 0x40)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r0, 0xe0, &(0x7f0000000bc0)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000a00)=[0x0, 0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000a40)=[0x0, 0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0], <r9=>0x0, 0x62, &(0x7f0000000ac0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000b00), &(0x7f0000000b40), 0x8, 0x92, 0x8, 0x8, &(0x7f0000000b80)}}, 0x10)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000009c0)={@map=0x1, r0, 0x1a, 0x28, r4, @void, @void, @void, @value=r7, r6}, 0x20)
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000d00)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x6, '\x00', r8, 0xffffffffffffffff, 0x5, 0x0, 0x1}, 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000d80)={0x0, r10}, 0x8)
close(r4)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000f80)={r5, &(0x7f0000000dc0)="c05ee9836b50ae385efdf437bdbfd50f6f71a35f11e4edc77c3c7b064a92b42cb82cc2777830064582444686020ebadab56c87f4d99f2f54c47355ca9c13958ac8165f6c3ffc21e607a89ddec7499461b2653cc1fc1703d041bc4e0d7afe82bcee49955eaf38784b801504c1011ea3f299b8b47d041186bede5d0d2576a051fb2b02cffb4219c24604dcb50cd97a0f12a4fa270f8260cb485fc4dc44fdfc1472aa25c67ad59aa1adc1f63b5bf47efd8429fcafe34f473435cb40242b010db281d60516d80bf5192f0c04f893b7667e53f6e58329f996e087b045e32887f9c00bb58836750e450ab40f2e85ec756e938c27d3f3eeff972467c9", &(0x7f0000000ec0)=""/175, 0x4}, 0x20)
openat$cgroup_int(r1, &(0x7f0000000fc0)='io.bfq.weight\x00', 0x2, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x15, 0xf, &(0x7f0000001000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, [@btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000}}]}, &(0x7f0000001080)='GPL\x00', 0x7f, 0x2a, &(0x7f00000010c0)=""/42, 0x41100, 0x6, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000001100)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000001140)={0x2, 0x3, 0x3, 0x10001}, 0x10, 0xffffffffffffffff, r0, 0x7, &(0x7f0000001180)=[r2], &(0x7f00000011c0)=[{0x1, 0x3, 0xa, 0x2}, {0x3, 0x4, 0xb, 0x4}, {0x0, 0x2, 0xa, 0x1}, {0x0, 0x2, 0x1, 0xc}, {0x5, 0x0, 0x5, 0x5}, {0x3, 0x3, 0x7, 0x9}, {0x4, 0x3, 0x10, 0xa}], 0x10, 0x7}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001300)={r5, <r12=>0xffffffffffffffff}, 0x4)
r13 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001640)={&(0x7f00000014c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc4, 0xc4, 0x9, [@restrict={0xd, 0x0, 0x0, 0xb, 0x2}, @decl_tag={0x9, 0x0, 0x0, 0x11, 0x2}, @const={0xa, 0x0, 0x0, 0xa, 0x5}, @enum64={0xd, 0x4, 0x0, 0x13, 0x0, 0x1, [{0xa, 0x7f2c8031, 0xffffffff}, {0x10, 0x8, 0x80000001}, {0x6, 0x9, 0x9}, {0xf, 0x4, 0x2}]}, @float={0x6, 0x0, 0x0, 0x10, 0x10}, @union={0x3, 0x5, 0x0, 0x5, 0x1, 0x8, [{0x6, 0x4, 0x7}, {0x3, 0x2, 0x43b}, {0xb, 0x0, 0x770}, {0x5, 0x5, 0x2dc8}, {0x5, 0x5, 0x9}]}, @restrict={0x7, 0x0, 0x0, 0xb, 0x3}]}, {0x0, [0x5f, 0x0, 0x30, 0x0, 0x61, 0x30, 0x5f]}}, &(0x7f00000015c0)=""/97, 0xe5, 0x61, 0x0, 0x8}, 0x28)
r14 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001700)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x2, '\x00', r8, 0xffffffffffffffff, 0x2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1b, 0x1a, &(0x7f0000001340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x153, 0x0, 0x0, 0x0, 0x6}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7718}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x924}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r12}}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000001440)='GPL\x00', 0x3, 0x1, &(0x7f0000001480)=""/1, 0x41100, 0x26, '\x00', r8, @fallback=0x33, r13, 0x8, &(0x7f0000001680)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000016c0)={0x3, 0x6, 0x1000, 0x973b}, 0x10, r9, r11, 0x0, &(0x7f0000001780)=[r5, r5, r10, r10, r5, r14, r10], 0x0, 0x10, 0xfffffff9}, 0x94)
openat$cgroup_int(r2, &(0x7f0000001880)='memory.max\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000018c0), 0x12)
ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001a40)={r14, &(0x7f0000001900)="277935065e346ca4ac1056cfbbe29550d50c7c94232321dd461eb00c0d448ac3879c940d24d5995f4e3fe6fa5168f76b5932c92492f9b9fb100aa2", &(0x7f0000001940)=""/211, 0x4}, 0x20)
r15 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002c40)={0x6, 0xb, &(0x7f0000001a80)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r14}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10}}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}], &(0x7f0000001b00)='syzkaller\x00', 0x3, 0x1000, &(0x7f0000001b40)=""/4096, 0x41000, 0x40, '\x00', r8, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000002b40)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000002b80)={0x3, 0x1, 0x686, 0x3}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000002bc0)=[r10], &(0x7f0000002c00)=[{0x5, 0x1, 0x1}], 0x10, 0x6f66}, 0x94)
openat$cgroup_ro(r2, &(0x7f0000002d00)='pids.events\x00', 0x0, 0x0)
r16 = openat$tun(0xffffffffffffff9c, &(0x7f0000002d80), 0xbbc56dfb4d261076, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000002d40)={@fallback=r16, r11, 0x28, 0x10, r0, @void, @value=r15, @void, @void, r6}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000002dc0)=r9, 0x4)
r17 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002e40)={0x0, 0x7, 0x8}, 0xc)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000002e80)=@o_path={&(0x7f0000002e00)='./file0\x00', 0x0, 0x18, r17}, 0x18)

2.557783394s ago: executing program 3 (id=15928):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000ff00000000000000fbffffff18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0908000000000055090100c60000009500000000000000b7020000001200007b2af0ff00000000d609080008200000db9af0ff411b0000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000015020100760080ffbf9800000000000056080000020000008500000007000000b70000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.556454024s ago: executing program 2 (id=15929):
socket$kcm(0x10, 0x2, 0x0) (async)
perf_event_open(&(0x7f0000000500)={0x4, 0x80, 0x9, 0x6, 0x0, 0x80, 0x0, 0x6, 0x64095, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x3, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x7, 0x6}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_config_ext={0x1, 0x2}, 0x2006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) (async)
mkdir(0x0, 0x0) (async)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$kcm(0x10, 0x2, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000070000000000000e01000000010000f40b00000000000008030000"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff}) (async)
r5 = gettid()
sendmsg$unix(r4, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r5, 0xee01, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r4]}}], 0x38, 0x800}, 0x40800) (async)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}, 0xe900)
sendmsg(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000740)="ecfd5dd05d6c0e6578521ac4e478af07c681a27448cc50044f340c5dc69cc58e120af98a620e851653d5faa8f685f8d3fc9db17b661ea653826bc6f0b912291acd05d2e8defb939fdb46ed4e5d3ee7e2fa6261", 0x53}, {&(0x7f0000000040)="68ca218686a9c9e719fa8197085e22ebd0f1", 0x12}, {&(0x7f0000002800)}], 0x3}, 0x40e4804)
r7 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r7, 0x0, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x50) (async)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x4) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={0x1, 0x58, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x1c, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0xefa, 0xa2, &(0x7f0000000240)=""/162, 0x0, 0x6, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000600), &(0x7f0000000640)=[{0x1, 0x2, 0xf, 0x8}, {0x4, 0x2, 0x0, 0x4}, {0x4, 0x3, 0x2, 0xc}, {0x2, 0x4, 0x9}, {0x4, 0x3, 0xe, 0xb}, {0x3, 0x4, 0x6, 0x2}, {0x5, 0x3, 0x2, 0x9}, {0x3, 0x2, 0x8, 0x2}, {0x1, 0x5, 0x4}, {0x4, 0x1, 0x0, 0x5}], 0x10, 0x3}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x19, &(0x7f0000000c80)=@raw=[@map_idx={0x18, 0x1, 0x5, 0x0, 0xb}, @exit, @map_idx={0x18, 0x1, 0x5, 0x0, 0x9}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xcdc0}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x2}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000380)='syzkaller\x00', 0x400, 0xf0, &(0x7f00000007c0)=""/240, 0x40f00, 0x32, '\x00', r10, 0x0, r3, 0x8, &(0x7f00000008c0)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000900)={0x4, 0x10, 0x1, 0xfff}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000940)=[r2], &(0x7f0000000980)=[{0x1, 0x4, 0x3, 0xa}, {0x5, 0x5, 0x3, 0xe}, {0x0, 0x3, 0x3}, {0x0, 0x4, 0x9, 0x4}], 0x10, 0x1}, 0x94) (async)
r11 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188005ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0)

2.508738497s ago: executing program 0 (id=15930):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x73)
recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=""/78, 0x4e}, 0x42)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)

2.47160642s ago: executing program 3 (id=15931):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x40}, 0x0, 0x3}, 0x80, &(0x7f0000000d80)=[{0x0, 0x28}], 0x1}, 0x20040000)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb0100180000601fac8b00e2c30d000c00000005000000fdffffff0000000604000000839a6ab19c15f93747692e19f5f757860712df9ec5be3423764c2ccaf3e78fe8d2d2b6c64e34f78894fd7566d763eb89be4f198af192c873ba35d3f238b59aaafc2c445a7a19c9100af292fd50d3cf7257441a8a9dbd45626b09ea6e65aa79ea"], 0x0, 0x29, 0x0, 0x1, 0xfffffffa}, 0x28)
r2 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x81, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x7}, 0x0, 0x400008, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x5, 0x90, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0x5, &(0x7f0000000540)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0xfffffffa}, @jmp={0x5, 0x1, 0x6, 0x9, 0x0, 0x20, 0x8}, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000580)='GPL\x00', 0xd, 0x4f, &(0x7f00000005c0)=""/79, 0x41000, 0x20, '\x00', 0x0, @sched_cls=0x37, r1, 0x8, &(0x7f0000000640)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x5, 0x9, 0x3, 0x1f}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f00000006c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000700)=[{0x2, 0x1, 0xb, 0xc}, {0x0, 0x4, 0xb, 0x1}, {0x2, 0x5, 0xe, 0xa}], 0x10, 0x58586df}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000500)=r4)
r6 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r6, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1, 0x0, 0x0, 0x900}, 0x0)
recvmsg(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7c2})
openat$tun(0xffffffffffffff9c, 0x0, 0xa0800, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x2ada}, 0x0, 0x0, 0x90a, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x3, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000180)='cpu>=0||!')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlink(&(0x7f0000000080)='./cgroup/cgroup.procs\x00')
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

2.456771491s ago: executing program 1 (id=15932):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000abf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.396358945s ago: executing program 2 (id=15933):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x10, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x100)
write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce2200000000000000"], 0xfdef)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYRES8=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x28, 0x0, 0x4, 0x0, 0x0, 0x9, 0x640a9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0xa3, 0xfff}, 0x0, 0x5, 0x43a1bd77, 0x7, 0xd, 0x6, 0x101, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r5 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0x0, 0x7}, 0x2, 0x7, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r5, 0x40042409, 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180200002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000004b00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000010000008000a4ca", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r8, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000400)="e00500000087dbe9abc8d24470e7", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="05000000010000008e000000c9e7000001000000", @ANYRES32=r4, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX], 0x50)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r9, &(0x7f0000000280)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xfffffe43, &(0x7f00000001c0)=[{&(0x7f0000000080)}, {&(0x7f0000000180)='W', 0x1}], 0x2}, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="5c00000014006b03000000d86e6c1d00028409fcffff564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6aee6d700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x84)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="11000000040000000400000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbffffe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

2.392587115s ago: executing program 0 (id=15934):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r0, 0x0, 0x12)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x800, 0xffffffffffffffff, 0xb)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB="acc5f7ff000000000400b8a4000000005d06000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xa, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000b4000000bf09000000000000350901000000000095000000000000623e9800000000000056080000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
socket$kcm(0xa, 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740))
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)

2.32766879s ago: executing program 1 (id=15935):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1500000004000011a685d594c4f297031315f33600faffffff6ae3b3d309000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000d1000000", @ANYRES32=0x0, @ANYRESDEC, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00P'], 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100"], 0x128}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)}], 0x1}, 0x20004800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x4, 0xd}, {0x10000002, 0x0, 0xf, 0x6}], 0x10, 0x4000000}, 0xfe33)
r4 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x84, 0x6e, &(0x7f0000000000)=r7, 0x10)
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x8a, 0x3, 0x0, 0x3, 0x0, 0x10000000000, 0xcc90, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001, 0x4, @perf_bp={0x0, 0x6}, 0x14728, 0x3, 0x81d, 0x6, 0x1, 0xffffffff, 0x802, 0x0, 0x4}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x19)
r8 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
close(r10)
recvmsg$unix(r9, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r11=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x84, 0x18, &(0x7f0000000000)=r11, 0x8)
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000000), 0x4)
recvmsg$unix(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440), 0xfd}, 0x2062)
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000400)={@map, 0x2b, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
close(r12)
sendmsg$inet(r12, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c012)
write$cgroup_type(r12, &(0x7f0000000080), 0x11ffffce1)
write$cgroup_devices(r12, &(0x7f00000001c0)=ANY=[@ANYBLOB="08000000000000000004521e31dc54bc9389d8c7a562d4de7d1fd534f459128ad1ab226233074e5095c4d1c74fb072f8ab1714eab3e8b632e6ee0ea103f4061c413e93df98d22de6ef1fa71656eb6ca7b43ece564b00cd5bab2b2877d4a3fd12d78412b4792bff03ed2854c6704baaea939ae9e272b41a34f19b1ce400"/134], 0x9)
write$cgroup_subtree(r1, &(0x7f00000002c0)=ANY=[], 0x8)

2.167201221s ago: executing program 0 (id=15936):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRES16, @ANYRESHEX], 0x3a) (async)
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRES16, @ANYRESHEX], 0x3a)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d0000000000000000030000000000000000000001ff200000400000000000000000000003000000000200000002", @ANYRES32=0x0], 0x0, 0x56}, 0x28)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

1.947721886s ago: executing program 0 (id=15937):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r0) (async)
close(r0)
bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r0}, 0x8)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1c, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016", 0x33}], 0x1}, 0x4000004)
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfe45) (async)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfe45)
write$cgroup_devices(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="80fd"], 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random='@\x00'}) (async)
ioctl$SIOCSIFHWADDR(r3, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random='@\x00'})

1.258444213s ago: executing program 1 (id=15938):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd848c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x1, @perf_bp={0x0, 0x3}, 0xc001, 0x3, 0x43a1bd76, 0x6, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlink(&(0x7f0000000180)='./file0\x00')
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x41, &(0x7f00000000c0), 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x41100, 0x60}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016004163d25a8064", 0xc}], 0x1}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa06"], 0xfdef)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="180004000000000000000000fdff0f009500000000e65a15"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x8040, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x7, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="140000001a00910c07a551559a257aac81"], 0xfe33)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0xaf0, 0x0, 0x0, 0x4}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x5, 0x5, 0xfff, 0x7, 0x88, 0xffffffffffffffff, 0x81}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x2000002, 0x7, 0x0, &(0x7f0000000200)="63eced8e46dc3f", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000100)=r1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x26, 0x0, &(0x7f0000000a80)='syzkaller\x00', 0x9, 0x2b, &(0x7f0000000ac0)=""/43, 0x41100, 0x4, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000b00)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000b40)={0x0, 0x2, 0x3, 0x1ff}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000bc0), 0x10, 0x1}, 0x94)
socketpair(0x1, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x16, 0x8, 0x29, 0x0, 0x7fffffff, 0xff178d7635c760fc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x1000000000000000, 0x5}, 0x5, 0x2, 0x3, 0x8, 0x81, 0x2108004, 0x3, 0x0, 0x2c7, 0x0, 0xfffffffffffffffb}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

781.912316ms ago: executing program 3 (id=15939):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000780)={0x2, &(0x7f0000000400)=[{0x3d, 0x0, 0x2}, {0x4, 0x0, 0xd, 0x8}]})
r2 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000001240)={&(0x7f0000000940)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @empty}, 0x4, 0x3, 0x7f, 0x2}}, 0x80, 0x0}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x0, 0x28}, 0x28)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b80)={r4, 0xe0, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, &(0x7f0000000880)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xba, &(0x7f0000000900)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000009c0), &(0x7f0000000a00), 0x8, 0xe9, 0x8, 0x8, &(0x7f0000000a40)}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fd1ff7907001175f37538e486dd"], 0xfdef)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x100, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3}, 0x50)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000800)=@o_path={&(0x7f00000001c0)='./file0\x00', r6, 0x4000, r3}, 0x18)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x66)
sendmsg(r5, &(0x7f00000007c0)={&(0x7f0000000100)=@nfc_llcp={0x27, 0x0, 0x1, 0x1, 0xc2, 0x9, "9148e4243b595397811a840a622a601602143b03e959dec278e30f2d146ed6488f7988ad065f7de1e2feb8ab346f5c4f17396517e8b44355a283d7d1ed0900", 0x3e}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000180)="88516baf70074b773e6c24ce26f656fc28f4f4527b87554985597f90bea0af4baa853b1b1b423e8e421d2649479256a6d920afcefad14185033a54e5f5963712", 0x40}, {&(0x7f00000001c0)}, {&(0x7f0000000240)="fae30df862f27c1d2151839eae059c3c54bf33df3b88b57403d8503a1a95fafca78132530022a5ecc2b532329ed65aa68ca600e1bdca38e6ff278a9bdec0d51270d72f64409d1f3f132654e8edf944cb5137cb65478c62dc7c752c2023a33710eff4c17c1497efeb6d1f6a1e8ed2cdfa9e97b348e2e4df407ca081a0a9ecc33a5ec87f1c2523a96b88e82a6ae92a4ae364af3d084aebd04647ba74bc78d7755848ea2f5bc8728ac560481c3d90682ddb7d1d34a205ae1939da9a66969ea63d188530d4eae361e441f43da72bcefdeb542552", 0xd2}, {&(0x7f0000000340)}, {&(0x7f0000000380)="90c2724bf664c2ffbb85faa1b701073cabcdd6dbe64ae57e1d3f857cb05345ea11da17fca46d984cdd66f8887d4cff0808ccca061c14a88e8be7ee1d4d0bc897ce500baa98d15f10b438a7ed36f402b83940983ae8618ad226fb6f0785021d", 0x5f}, {&(0x7f0000000400)="d8", 0x1}, {&(0x7f0000000500)="1a1591d8e2e811d0071b04d4f83f94a9b36f2205a1eea50eeb250b8e0a8ad8a40b1e94fab9bc9895b6ba036d93d484e7aa7a2dfa692194aac6ff188fe5c20cf23a4e3473c2e0f20d50fa88898642bdaa4fdd51d33f49a29e68ad80616b5418f10fb31e269a736aaa60ad539e29f9db22d60a473be5478d543d42aa45c2e805d0f0e278a9b80b4673d96d6d03ffd1d030ef213cc18a2782657b684c57680841d11227570fab5c9d792b558da53049", 0xae}], 0x7, &(0x7f0000000640)=[{0xf8, 0x1, 0x1, "e03d322bfd834a9505f3c9d153d71cbcffe317af17651d134ba09187446b4949911e35b58d1cf405ca5312eb73021f93f744fffc1458b5593a92277df594b104e3c5d35603a4c96169189551cc9573abaa218812d8805c9b951237ce07673f2d675e4a59117cad5230fe03e1222b0d768f2db99075e05fddc8d9f4444d0aba9354a8ae697ee351fb604e6a43399689b44ac283986798c6f5355480ab2bf350211324640293bdc0b480377fe6c1dd7bd4d549584d5cbc60eae98be2ffcc87dd227fbe4c9d1333c6fe08b8fade7d40ab61156350bad3ca8f792bf29bf026b3550defa3a9be946b4d"}, {0x68, 0x0, 0x0, "338bb577d79518f6486dc072100161a8210ade2635dc1dadeb0e5f6008041dcd9b58d90168caa8f977eb8cb1b6229582bdec2feb4ee73584f26b855f87f1bced33a1e1424683a5545a32d392e206423a64"}], 0x160}, 0x10)

738.907979ms ago: executing program 0 (id=15940):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000ff00000000000000fbffffff18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0908000000000055090100c60000009500000000000000b7020000001200007b2af0ff00000000d609080008200000db9af0ff411b0000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000001502010076000020bf9800000000000056080000020000008500000007000000b70000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

513.279035ms ago: executing program 0 (id=15941):
r0 = perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="0004f678ec630000000066"], 0xd)
r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)=@o_path={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4000, r0}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x6, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000380)=r4}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000740)={r5, 0x44, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@ifindex=r6, 0x35, 0x0, 0xd, &(0x7f0000000100)=[0x0, 0x0], 0x2, 0x0, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r7}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c40)={r7, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000940)=[0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000980), &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x67, &(0x7f0000000a00)=[{}], 0x8, 0x0, 0x0, &(0x7f0000000a80), 0x8, 0xe1, 0x8, 0x8, &(0x7f0000000ac0)}}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32=r8, @ANYRES32, @ANYBLOB="00000000010000000400"/28], 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2, '\x00', r8, r7, 0x5, 0x4}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x1, 0x4, 0x8000, 0x4041, r2, 0xffffff7f, '\x00', r6, r7, 0x2, 0x1, 0x2, 0x9}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x8914, &(0x7f0000000080))
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x8202)

456.423089ms ago: executing program 2 (id=15942):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000b"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0x3)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000480)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0x54, &(0x7f0000000740)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0xe4, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000440)={0x1}, 0x8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
write$cgroup_devices(r5, 0x0, 0xa)
r6 = socket$kcm(0x29, 0x0, 0x0)
sendmsg$kcm(r6, &(0x7f0000000f40)={&(0x7f00000005c0)=@llc={0x1a, 0x8, 0x1, 0x6, 0x9, 0x36, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000640)="e44f4c6a9a58260be454f8dc4ea7f4ba882146ed1940add9238b27c31a3a6587ba283ab90029ce0375cea9", 0x2b}], 0x1, &(0x7f0000000a00)=[{0x48, 0x117, 0xfffffff8, "f678fa3d6d2ff387cc8fd944626572f01ae7a0292a07a77ba2f118861a3ce7ed67cfd4a796853a4533c5765ce93d1f8ecf"}, {0xa0, 0x11, 0x10000, "65e4267b2626a3892c5c86fdc6b08498cbaa00003778e9899f69442a1128d7a76519c5f2a23a70d04840cd1371630b5e62823a36dccce47ebf7538d64ffed454b9650e781aa10a176be9ec832c9df5e0b8a5c7451f535754e10769f962be017edf833ba14be348db27ae80a1516641a074a1f4d9ca3122441ac76a455f88146e980cc496cf103c865fb2236b"}, {0x80, 0x112, 0x1, "44b9f2f42ce296e1f3d034df1854c4b0b5ade78b10e70be9bee9fa840709ad8ec63c120aee97f2a85dcfb3be8a4a9d4f07c841e6832fb2cc725538d82d873b686b380c64e5a2e6cd8a7e6cb516ad18acd3bfa5bac357b945387cfb830ab167c83eeafeeb621226656e602727a8391732"}, {0xa0, 0x11, 0x59, "3097b23cd079f65f78a31f3f93bed421c7642e927d7b1399f9053d7befe7f66ea109d32b7fc64b16908e4f44e6e8ebee459547ccfdb4f0c1dd77328353ceb4e63258f5070f3961b0032e24b5a760b5bd3087e5dffb8296e07d8bd175abf7f742228c4361ebf17d9ba429b03ce4aa196bf14cc2fffd9b92478207d8f5a32288cbe0aff7dd72a994f8d252fbcd8b0b3ec5"}, {0xc0, 0x10d, 0x1d98, "bb9b1af668945051a1f0aad6db7c613ba99686bf92337b50ef06b459f3c17f674b6c2361abe3b85ad142891f47037d494dad727accfdc83864f1b4320c8025b18a50090f896653c77a2ddc0a44d286e5551e0f31758102a371b8139ccc278e3c639df652bfc858aaf27812fa9a3098a1bb1587a991efa9ff6d7e2b077c64a2f831c43bae0458bc85238f3bea1ec3962bcee3d670de7ac2050090495605ab2d230779bec71c24608299b6"}, {0xa0, 0x6, 0xfffffff3, "3c96e7adcadea94d730ab5bd6800cf699becda0a8fb3a81d1110bd34c4c7b43234324aae168cbc9a472c54a1cd18a67ebd11cb1dd205ac4a5d879743fa5002f4de93817cfeeff1ae43b1060bdbf5e349154ff619bb8262514a2ef73c65d9b07077002291fc3d1c1cd6dc9e6f51f0b57796175a4c14e2082f17730f02f271e86a180cf5ae25f96f502f04887e6aeb10b7"}, {0xd0, 0x121, 0xd0, "816a5c27bcbf3bbd15ad604f06452af742fbede794a1c790999076a7c5c70c86d179e89dc312fd28b664522012d407e30eae4772545bd7176240e6e6f430564091afd9953d381c65c0f062a270bb730c554bb0b3d6f990cb756380e824eefc89f449e37214954f13879b0e8acd0a71672294d21aecfa7e4a7c34e6e0480aa3901380b1c708f0467a7d4ac3d9fe5a72a4863671e9e99a155b6e7eef434f56587bff43baef3901603c568e96afa0b396516300e18ef0baf166dff5cd"}, {0xd8, 0x10b, 0x80000001, "a1ed12a44b423821c63641cdea3150ee510add9a612409852ab8e254bffacfe492fe11de47a9f2847b8ef5bf2a0a5f1e5944da8555351d7eaa0cf4aa990d630f91b62bfd60f064543d6517f11bbaf03b8bad1c61ba43c7c49142ae1e4e9377592262dc1a95eec84456d47fec6369c0da368ca718852d93f9b86d5eb856fcbbaf9e91901cf12ac7b73c96b0be0a0abe3bbfd77804ff6f974aaf6ff24202739e513abeed757a8255879d440ad18c04043f4f8005c6150731ac6a99e7d0801f44b7036e0c70d0"}], 0x510}, 0x4011)
ioctl$TUNSETCARRIER(r5, 0x400454e2, &(0x7f0000000400))
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x7, 0x4, 0x8, 0x8, 0x0, 0x1, 0xa0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r8}, 0xc)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x7, 0x31, &(0x7f0000000f80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3889eda2}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x6d}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @map_fd={0x18, 0x5, 0x1, 0x0, r7}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x3}, @generic={0x3, 0x7, 0x0, 0x4, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001140)='syzkaller\x00', 0x2000000, 0x44, &(0x7f0000001180)=""/68, 0x0, 0x0, '\x00', r3, @fallback=0x34, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001200)={0x5, 0x3, 0x7, 0xfffffffd}, 0x10, r4, r5, 0x3, &(0x7f0000001240)=[r7, r5, r7, r5, r1, r1, 0xffffffffffffffff], &(0x7f0000001280)=[{0x5, 0x1, 0x0, 0x8}, {0x1, 0x2, 0x6}, {0x5, 0x4, 0xe, 0x5}], 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x15}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000001380)={r9, r7}, 0xc)

422.562431ms ago: executing program 2 (id=15943):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000cbf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

372.466415ms ago: executing program 2 (id=15944):
socket$kcm(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x90) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
socket$kcm(0xa, 0x5, 0x0) (async)
socket$kcm(0xa, 0x5, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000fc00400009"], 0x50) (async)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x200, 0x81}, 0x11efa, 0x5, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) (async)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)=0x141086)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="08000000040000000400000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000200), &(0x7f0000000240)=r0}, 0x20)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}) (async)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0xb, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x5}, 0x8b048, 0x0, 0xfffffffd, 0x6, 0x1fe, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x10000000000080}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080))

1.24941ms ago: executing program 2 (id=15945):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xf, 0x5}, 0x111be0, 0x8001, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x45004400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10, 0x0}, 0x20000080)
setsockopt$sock_attach_bpf(r0, 0x6, 0x19, &(0x7f0000000200)=r0, 0x21)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
socket$kcm(0x2a, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000940)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$kcm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)='4', 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="a0000000000000000b0100000400000043e2c520c578ad0d79b52008ea172c0d7d7cc6241cb8bb9e6be742f80851e7d1a502bedc0c2a4da1c3c0da096ed25e8c3fae526c09700b3a6bcdffb293d1d4ec80642b2cc5cfacf1e37fe7f1d34933bc5a15aa733e1db0e8c1db400fce316af4f3d838302154d2feb15c1f721a6fcaeb3dd3be72af44ea46445d8410618d28c4fac1602ab56d45cb561212d51770000088000000000000009200000040000000459fae71ec32c699873d5edcf9c6c7ca72ae2780f36a9f5f0e6c2fe3d72228efd5744252e240d68ac38dbd8a7652b381ef33a1e0882c6cde710fa3ad2c0f0b77062dfb4d12675b588d5bbdc2fba065cdd2de40c57c6ea7fe5efe1d1cb76650b1646361cccbe83b39d2bb23795e5f1fd8b41f000000000000e0000000000000000c010000a4000000e0a51d83dc5711f91fe63a552b4ea897a4a03ab8435d08374aaa864f710f033f2420d39fcecfd8651207c39f3468a85ba9a1839991df3315b4c03afbba8cc24a7ea61719d0f8858a99f48a639f4955b1e5b5c1e637ee964a37e2379990b272644d7e8e5913c32e677c623cfc86335a2cb34bf3c3815be8e68a6ea98025c632063cd2ebc230fceb149f4e5221aaece73543ee03e420d65fd92dc037169d8e1f554726b21e16d54321dd01156d1bb9f0569155b69f3a62c66959a849aef0b79f91b1cb8fe3aecf5b0ace96000000000000a8000000000000001401000002000000a10b958486bf6b0cbc98ebdc89064c5d44aea5ffe4ab31df2e9d02c2251a76c19738557bcda205a2d8c4542efe31c63b694ba4e0645e600333d8b43f986313dd3fc77a37737bc207af8730fb0681a919b1063dde130f4317dddd5983c70a4e5d4e77ff7928fb27d54ac3ac8a20c967fb469f58e835bcaa5128c7093e11a3c3cfd46f646dcc91fcdb4a70ee5770c1c1ec33d8b2562440500078000000000000000a010000d6fdffff2ef60dd173b4bf57df11c370733e67cd7c42f2b4e12148b1b011087318bdc755ae1c848b9fe0bf6e731058b71f88bbf8a0daa7e088cbf313b9d6f6095d1aa1a5ee63a395e0b4b1b6bc0b23e405b8d87c2ec0ba97eefa23c2d2f96d4511a9d4bb823ebc2786760000100100000000000006000000ff000000c9e8b55eb3a7fcb473dd3719455ff31861c305bf2ab2fa8fb81379792c069130c32c4f1707b0ee64671bf17810bfd56e03b15fe7c0b79e910e2b522ed68f01d77fcaab2896c9d860e9de2e74e4dc710d61339544aa342b6eaf2a19603bb2fab64b4ea922cb63d5e8b484fbfb9330a1e594778491e9e42e269f27e668835307f62829f30892f7aa7a054a3c10fc01ab8fc219fb5b16408b5955ce3cb3420229ce2b7679ce5e60db78a2a2a388f3280778fc7e762c9feec8c9e101f9a357bbdf12bbcde051c574305a47474e6abf9e30396a5953ed1971a112e9ba37c49603e2ebead6f00c67fda9808d7fcdeb434625afe680caf436f5ad952969312649000000b00000000000000019010000070000004208ce68676a1b55239a58080ba5da591bcb492159f7477460341ab35b5180689ac91bd9e3d2d55040207acce0c8d340d1123777fc46a662e657840588000900363219c0d7b495fa0d9317b587b19c1635a498842d58900e513bfe365869c5abec05e880952dddb89d8e10a2d721fc291052ff28dc60f290a5186c2cc42a4df70c6666a21ddbff160fa5b059ee0e14a1c42b0b871a230b45c36d9f737e23000040000000000000000101000007000000ff18ee2204ef27c8d6bf42fb8cbeafd359a0c387b53e43b1989e50656670e9b8bb5c2cbb38c187361d8e000000000000b8"], 0x5e0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

0s ago: executing program 1 (id=15946):
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfe123, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0xd, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, 0x1}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r2, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0x28, &(0x7f00000001c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000200), &(0x7f0000000300), 0x8, 0xed, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0x41, &(0x7f0000000380)=ANY=[@ANYRESHEX=r3], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5a, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, r4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r6)
r7 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x66137, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0x200000000000028a, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x9, 0x1, 0x56d, 0x4, 0x42, 0xffffffffffffffff, 0x1000}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r9}, 0x38)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8)

kernel console output (not intermixed with test programs):

 bytes leftover after parsing attributes in process `syz.2.13854'.
[ 2150.016680][T12487] netlink: 'syz.1.13855': attribute type 10 has an invalid length.
[ 2152.969939][T12536] __nla_validate_parse: 1 callbacks suppressed
[ 2152.969959][T12536] netlink: 14 bytes leftover after parsing attributes in process `syz.1.13871'.
[ 2153.088294][T12536] netlink: get zone limit has 4 unknown bytes
[ 2153.141511][T12544] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13873'.
[ 2153.151351][T12544] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13873'.
[ 2153.163350][T12544] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13873'.
[ 2153.295613][T12544] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13873'.
[ 2153.463866][T11221] tipc: Subscription rejected, illegal request
[ 2153.783411][T12560] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.13877'.
[ 2156.934025][T12574] netlink: 60 bytes leftover after parsing attributes in process `syz.1.13884'.
[ 2156.970711][T12574] netlink: 60 bytes leftover after parsing attributes in process `syz.1.13884'.
[ 2157.004379][T12574] netlink: 60 bytes leftover after parsing attributes in process `syz.1.13884'.
[ 2157.065015][T12579] netlink: 14 bytes leftover after parsing attributes in process `syz.3.13887'.
[ 2157.090942][T12579] netlink: get zone limit has 4 unknown bytes
[ 2157.935282][T12604] netlink: zone id is out of range
[ 2157.977179][T12604] netlink: set zone limit has 8 unknown bytes
[ 2158.284030][T12607] __nla_validate_parse: 1 callbacks suppressed
[ 2158.284089][T12607] netlink: 14 bytes leftover after parsing attributes in process `syz.1.13898'.
[ 2158.324639][T12607] netlink: get zone limit has 4 unknown bytes
[ 2160.630348][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.637086][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.683282][T12611] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13901'.
[ 2161.761416][T12647] netlink: 'syz.1.13915': attribute type 6 has an invalid length.
[ 2161.795889][T12647] netlink: 168 bytes leftover after parsing attributes in process `syz.1.13915'.
[ 2162.200437][T12657] netlink: 1057 bytes leftover after parsing attributes in process `syz.0.13920'.
[ 2162.271981][T12666] veth1_to_bond: entered promiscuous mode
[ 2162.286983][T12666] veth1_to_bond: entered allmulticast mode
[ 2162.370206][T12664] netlink: 160116 bytes leftover after parsing attributes in process `syz.3.13922'.
[ 2163.489658][T12699] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 2163.497289][T12699] IPv6: NLM_F_CREATE should be set when creating new route
[ 2163.505785][T12699] IPv6: NLM_F_CREATE should be set when creating new route
[ 2163.513778][T12699] IPv6: NLM_F_CREATE should be set when creating new route
[ 2163.526627][T11228] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2165.170586][T12744] netlink: 14 bytes leftover after parsing attributes in process `syz.2.13952'.
[ 2165.183055][T12744] netlink: get zone limit has 4 unknown bytes
[ 2165.410269][T12754] delete_channel: no stack
[ 2165.713043][T28239] Bluetooth: hci1: ISO packet for unknown connection handle 59
[ 2165.997151][T12773] netlink: 14 bytes leftover after parsing attributes in process `syz.3.13964'.
[ 2166.017936][T12773] netlink: get zone limit has 4 unknown bytes
[ 2166.034001][T12775] netlink: 14 bytes leftover after parsing attributes in process `syz.2.13966'.
[ 2166.046789][T12775] netlink: get zone limit has 4 unknown bytes
[ 2166.827552][T12811] netlink: 'syz.0.13979': attribute type 9 has an invalid length.
[ 2166.837418][T12813] netlink: 763 bytes leftover after parsing attributes in process `syz.2.13980'.
[ 2166.846770][T12811] netlink: 399 bytes leftover after parsing attributes in process `syz.0.13979'.
[ 2171.253519][T12875] netlink: 14 bytes leftover after parsing attributes in process `syz.2.14003'.
[ 2171.279744][T12875] netlink: get zone limit has 4 unknown bytes
[ 2171.481557][T12879] netlink: 'syz.1.14002': attribute type 10 has an invalid length.
[ 2173.949539][T12924] netlink: 'syz.3.14017': attribute type 10 has an invalid length.
[ 2174.635559][T12942] hsr0: entered promiscuous mode
[ 2174.653944][T12942] hsr0: entered allmulticast mode
[ 2174.672287][T12942] hsr_slave_0: entered allmulticast mode
[ 2174.690754][T12942] hsr_slave_1: entered allmulticast mode
[ 2175.657398][T12950] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 2175.716532][T12952] netlink: 'syz.1.14026': attribute type 1 has an invalid length.
[ 2175.724626][T12952] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.14026'.
[ 2175.838924][T12957] syzkaller0: entered promiscuous mode
[ 2175.844460][T12957] syzkaller0: entered allmulticast mode
[ 2179.947195][T12967] netlink: 'syz.1.14031': attribute type 39 has an invalid length.
[ 2180.110968][T12989] netlink: 'syz.2.14037': attribute type 10 has an invalid length.
[ 2185.242083][T13052] netlink: 'syz.0.14060': attribute type 10 has an invalid length.
[ 2186.133553][T13069] netlink: 'syz.3.14067': attribute type 10 has an invalid length.
[ 2187.345494][T13098] netlink: 'syz.1.14077': attribute type 10 has an invalid length.
[ 2187.431426][T13095] netlink: 'syz.3.14078': attribute type 10 has an invalid length.
[ 2190.168844][T13147] netlink: 'syz.1.14093': attribute type 10 has an invalid length.
[ 2193.964546][T13181] netlink: 188 bytes leftover after parsing attributes in process `syz.1.14108'.
[ 2195.889416][T13200] netlink: 'syz.1.14112': attribute type 10 has an invalid length.
[ 2195.975680][T13201] netlink: 'syz.0.14115': attribute type 21 has an invalid length.
[ 2195.988698][T13201] netlink: 156 bytes leftover after parsing attributes in process `syz.0.14115'.
[ 2196.362606][T13211] netlink: 188 bytes leftover after parsing attributes in process `syz.3.14119'.
[ 2200.193638][T13241] netlink: 188 bytes leftover after parsing attributes in process `syz.2.14130'.
[ 2200.357960][T13245] netlink: 'syz.2.14133': attribute type 10 has an invalid length.
[ 2201.062347][T13255] netlink: 'syz.1.14138': attribute type 3 has an invalid length.
[ 2201.070595][T13255] netlink: 'syz.1.14138': attribute type 275 has an invalid length.
[ 2201.825433][T13267] netlink: 'syz.3.14143': attribute type 10 has an invalid length.
[ 2202.071708][T13272] netlink: 'syz.2.14145': attribute type 21 has an invalid length.
[ 2202.080427][T13272] netlink: 128 bytes leftover after parsing attributes in process `syz.2.14145'.
[ 2202.091511][T13272] netlink: 'syz.2.14145': attribute type 5 has an invalid length.
[ 2202.105112][T13272] netlink: 3 bytes leftover after parsing attributes in process `syz.2.14145'.
[ 2203.601512][T13301] netlink: 'syz.3.14156': attribute type 10 has an invalid length.
[ 2204.059848][T13316] netlink: 13439 bytes leftover after parsing attributes in process `syz.2.14163'.
[ 2204.185659][T13321] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.14164'.
[ 2204.640095][T13329] netlink: 'syz.1.14168': attribute type 21 has an invalid length.
[ 2204.730140][T13331] netlink: 'syz.1.14168': attribute type 11 has an invalid length.
[ 2204.741890][T13331] netlink: 184116 bytes leftover after parsing attributes in process `syz.1.14168'.
[ 2204.760515][T13331] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[ 2204.778604][T13331] CPU: 1 PID: 13331 Comm: syz.1.14168 Not tainted syzkaller #0
[ 2204.786207][T13331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2204.796292][T13331] Call Trace:
[ 2204.799603][T13331]  <TASK>
[ 2204.802558][T13331]  dump_stack_lvl+0x18c/0x250
[ 2204.807303][T13331]  ? show_regs_print_info+0x20/0x20
[ 2204.812557][T13331]  ? load_image+0x420/0x420
[ 2204.817121][T13331]  sysfs_warn_dup+0x8e/0xa0
[ 2204.821659][T13331]  sysfs_do_create_link_sd+0xc0/0x110
[ 2204.827084][T13331]  device_add_class_symlinks+0x1cf/0x240
[ 2204.832770][T13331]  device_add+0x507/0xc20
[ 2204.837151][T13331]  wiphy_register+0x1dad/0x2ae0
[ 2204.842069][T13331]  ? cfg80211_event_work+0x40/0x40
[ 2204.847225][T13331]  ? minstrel_ht_alloc+0x88a/0x990
[ 2204.852398][T13331]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[ 2204.858549][T13331]  ieee80211_register_hw+0x3464/0x4250
[ 2204.864078][T13331]  ? ieee80211_tasklet_handler+0x20/0x20
[ 2204.869773][T13331]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 2204.875712][T13331]  ? __debug_object_init+0xec/0x450
[ 2204.880983][T13331]  ? __asan_memset+0x22/0x40
[ 2204.885630][T13331]  ? __hrtimer_init+0x186/0x270
[ 2204.890526][T13331]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[ 2204.896307][T13331]  ? mac80211_hwsim_free+0x220/0x220
[ 2204.901625][T13331]  ? rcu_is_watching+0x15/0xb0
[ 2204.906455][T13331]  ? kstrndup+0xbd/0x140
[ 2204.910779][T13331]  hwsim_new_radio_nl+0xdc9/0x1a90
[ 2204.915946][T13331]  ? __nla_validate+0x50/0x50
[ 2204.920683][T13331]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[ 2204.927074][T13331]  ? __nla_parse+0x40/0x50
[ 2204.931588][T13331]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[ 2204.937972][T13331]  genl_family_rcv_msg_doit+0x211/0x310
[ 2204.943551][T13331]  ? end_current_label_crit_section+0x170/0x170
[ 2204.949828][T13331]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[ 2204.955788][T13331]  ? bpf_lsm_capable+0x9/0x10
[ 2204.960514][T13331]  ? security_capable+0x89/0xb0
[ 2204.965423][T13331]  genl_rcv_msg+0x619/0x7a0
[ 2204.969968][T13331]  ? genl_bind+0x360/0x360
[ 2204.974421][T13331]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[ 2204.980799][T13331]  ? perf_trace_lock+0xfc/0x3b0
[ 2204.985704][T13331]  netlink_rcv_skb+0x241/0x4d0
[ 2204.990526][T13331]  ? genl_bind+0x360/0x360
[ 2204.994980][T13331]  ? netlink_ack+0x1180/0x1180
[ 2204.999800][T13331]  ? __lock_acquire+0x7d40/0x7d40
[ 2205.004872][T13331]  ? down_read+0x1ac/0x2e0
[ 2205.009333][T13331]  genl_rcv+0x28/0x40
[ 2205.013352][T13331]  netlink_unicast+0x751/0x8d0
[ 2205.018170][T13331]  netlink_sendmsg+0x8d0/0xbf0
[ 2205.022982][T13331]  ? netlink_getsockopt+0x590/0x590
[ 2205.028231][T13331]  ? aa_sock_msg_perm+0x94/0x150
[ 2205.033219][T13331]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2205.038547][T13331]  ? security_socket_sendmsg+0x80/0xa0
[ 2205.044037][T13331]  ? netlink_getsockopt+0x590/0x590
[ 2205.049280][T13331]  ____sys_sendmsg+0x5ba/0x960
[ 2205.054081][T13331]  ? __asan_memset+0x22/0x40
[ 2205.058714][T13331]  ? __sys_sendmsg_sock+0x30/0x30
[ 2205.063782][T13331]  ? __import_iovec+0x5f2/0x850
[ 2205.068676][T13331]  ? import_iovec+0x73/0xa0
[ 2205.073225][T13331]  ___sys_sendmsg+0x2a6/0x360
[ 2205.077948][T13331]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2205.082800][T13331]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2205.087684][T13331]  ? __x64_sys_sendmsg+0x80/0x80
[ 2205.092679][T13331]  ? lockdep_hardirqs_on+0x98/0x150
[ 2205.097922][T13331]  do_syscall_64+0x55/0xa0
[ 2205.102368][T13331]  ? clear_bhb_loop+0x40/0x90
[ 2205.107109][T13331]  ? clear_bhb_loop+0x40/0x90
[ 2205.111842][T13331]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2205.117782][T13331] RIP: 0033:0x7f246ef9c819
[ 2205.122236][T13331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2205.141884][T13331] RSP: 002b:00007f246fe4c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2205.150347][T13331] RAX: ffffffffffffffda RBX: 00007f246f216090 RCX: 00007f246ef9c819
[ 2205.158352][T13331] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 2205.166359][T13331] RBP: 00007f246f032c91 R08: 0000000000000000 R09: 0000000000000000
[ 2205.174368][T13331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2205.182377][T13331] R13: 00007f246f216128 R14: 00007f246f216090 R15: 00007fff86ef3788
[ 2205.190423][T13331]  </TASK>
[ 2205.384966][T13334] netlink: 'syz.3.14169': attribute type 10 has an invalid length.
[ 2206.724793][T11967] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2206.736779][T11967] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2206.749986][T11967] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2206.760742][T11967] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2206.789177][T11967] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2206.803454][T11967] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2207.150715][T13363] chnl_net:caif_netlink_parms(): no params data found
[ 2207.301452][T13363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2207.313639][T13363] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2207.324224][T13363] bridge_slave_0: entered allmulticast mode
[ 2207.338782][T13363] bridge_slave_0: entered promiscuous mode
[ 2207.348146][T13363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2207.373493][T13363] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2207.381759][T13363] bridge_slave_1: entered allmulticast mode
[ 2207.395355][T13363] bridge_slave_1: entered promiscuous mode
[ 2207.453884][T13363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2207.466727][T13363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2207.525232][T13363] team0: Port device team_slave_0 added
[ 2207.540885][T13363] team0: Port device team_slave_1 added
[ 2207.584131][T13363] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2207.594429][T13363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2207.628526][T13363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2207.648805][T13363] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2207.656025][T13363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2207.688608][T13363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2207.872219][T13363] hsr_slave_0: entered promiscuous mode
[ 2207.898331][T13363] hsr_slave_1: entered promiscuous mode
[ 2207.909396][T13363] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2207.917203][T13363] Cannot create hsr debugfs directory
[ 2207.944259][T13373] netlink: 'syz.3.14181': attribute type 13 has an invalid length.
[ 2207.975102][T13373] netlink: 160 bytes leftover after parsing attributes in process `syz.3.14181'.
[ 2208.140230][T13379] netlink: 'syz.0.14182': attribute type 10 has an invalid length.
[ 2208.209659][T11234] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2208.867946][T11967] Bluetooth: hci4: command tx timeout
[ 2209.497649][T11234] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2210.212260][T13389] netlink: 'syz.0.14187': attribute type 10 has an invalid length.
[ 2210.243122][T13389] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14187'.
[ 2210.270406][T13389] ipvlan1: entered promiscuous mode
[ 2210.303685][T13389] ipvlan1: entered allmulticast mode
[ 2210.348966][T13389] bridge0: port 3(ipvlan1) entered blocking state
[ 2210.369989][T13389] bridge0: port 3(ipvlan1) entered disabled state
[ 2210.432227][T13389] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[ 2210.544786][T11234] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2210.673906][T11234] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2210.733209][T13408] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.14191'.
[ 2210.928620][T13413] netlink: 'syz.0.14194': attribute type 10 has an invalid length.
[ 2210.947126][T11967] Bluetooth: hci4: command tx timeout
[ 2211.107293][T11234] tipc: Left network mode
[ 2211.706455][T13440] netlink: 'syz.1.14199': attribute type 11 has an invalid length.
[ 2211.759811][T13440] netlink: 184116 bytes leftover after parsing attributes in process `syz.1.14199'.
[ 2212.370306][T13440] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[ 2212.382469][T13440] CPU: 1 PID: 13440 Comm: syz.1.14199 Not tainted syzkaller #0
[ 2212.390069][T13440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2212.400159][T13440] Call Trace:
[ 2212.403480][T13440]  <TASK>
[ 2212.406443][T13440]  dump_stack_lvl+0x18c/0x250
[ 2212.411182][T13440]  ? show_regs_print_info+0x20/0x20
[ 2212.416445][T13440]  ? load_image+0x420/0x420
[ 2212.421004][T13440]  sysfs_warn_dup+0x8e/0xa0
[ 2212.425542][T13440]  sysfs_do_create_link_sd+0xc0/0x110
[ 2212.430955][T13440]  device_add_class_symlinks+0x1cf/0x240
[ 2212.436640][T13440]  device_add+0x507/0xc20
[ 2212.441022][T13440]  wiphy_register+0x1dad/0x2ae0
[ 2212.445933][T13440]  ? cfg80211_event_work+0x40/0x40
[ 2212.451080][T13440]  ? minstrel_ht_alloc+0x88a/0x990
[ 2212.456243][T13440]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[ 2212.462348][T13440]  ieee80211_register_hw+0x3464/0x4250
[ 2212.467876][T13440]  ? ieee80211_tasklet_handler+0x20/0x20
[ 2212.473522][T13440]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 2212.479439][T13440]  ? __debug_object_init+0xec/0x450
[ 2212.484665][T13440]  ? __asan_memset+0x22/0x40
[ 2212.489278][T13440]  ? __hrtimer_init+0x186/0x270
[ 2212.494156][T13440]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[ 2212.499932][T13440]  ? mac80211_hwsim_free+0x220/0x220
[ 2212.505236][T13440]  ? rcu_is_watching+0x15/0xb0
[ 2212.510018][T13440]  ? kstrndup+0xbd/0x140
[ 2212.514316][T13440]  hwsim_new_radio_nl+0xdc9/0x1a90
[ 2212.519454][T13440]  ? __nla_validate+0x50/0x50
[ 2212.524160][T13440]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[ 2212.530534][T13440]  ? __nla_parse+0x40/0x50
[ 2212.534973][T13440]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[ 2212.541330][T13440]  genl_family_rcv_msg_doit+0x211/0x310
[ 2212.546913][T13440]  ? end_current_label_crit_section+0x170/0x170
[ 2212.553199][T13440]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[ 2212.559130][T13440]  ? bpf_lsm_capable+0x9/0x10
[ 2212.563846][T13440]  ? security_capable+0x89/0xb0
[ 2212.568750][T13440]  genl_rcv_msg+0x619/0x7a0
[ 2212.573293][T13440]  ? genl_bind+0x360/0x360
[ 2212.577746][T13440]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[ 2212.584110][T13440]  ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0
[ 2212.590731][T13440]  ? perf_trace_lock+0xfc/0x3b0
[ 2212.595626][T13440]  netlink_rcv_skb+0x241/0x4d0
[ 2212.600434][T13440]  ? genl_bind+0x360/0x360
[ 2212.604888][T13440]  ? netlink_ack+0x1180/0x1180
[ 2212.609702][T13440]  ? __lock_acquire+0x7d40/0x7d40
[ 2212.614766][T13440]  ? down_read+0x1ac/0x2e0
[ 2212.619221][T13440]  genl_rcv+0x28/0x40
[ 2212.623231][T13440]  netlink_unicast+0x751/0x8d0
[ 2212.628045][T13440]  netlink_sendmsg+0x8d0/0xbf0
[ 2212.632855][T13440]  ? netlink_getsockopt+0x590/0x590
[ 2212.638089][T13440]  ? aa_sock_msg_perm+0x94/0x150
[ 2212.643060][T13440]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2212.648379][T13440]  ? security_socket_sendmsg+0x80/0xa0
[ 2212.653879][T13440]  ? netlink_getsockopt+0x590/0x590
[ 2212.659108][T13440]  ____sys_sendmsg+0x5ba/0x960
[ 2212.663902][T13440]  ? __asan_memset+0x22/0x40
[ 2212.668518][T13440]  ? __sys_sendmsg_sock+0x30/0x30
[ 2212.673553][T13440]  ? __import_iovec+0x5f2/0x850
[ 2212.678431][T13440]  ? import_iovec+0x73/0xa0
[ 2212.682959][T13440]  ___sys_sendmsg+0x2a6/0x360
[ 2212.687661][T13440]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2212.692496][T13440]  ? __lock_acquire+0x7d40/0x7d40
[ 2212.697590][T13440]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2212.702463][T13440]  ? __x64_sys_sendmsg+0x80/0x80
[ 2212.707460][T13440]  ? lockdep_hardirqs_on+0x98/0x150
[ 2212.712696][T13440]  do_syscall_64+0x55/0xa0
[ 2212.717153][T13440]  ? clear_bhb_loop+0x40/0x90
[ 2212.721865][T13440]  ? clear_bhb_loop+0x40/0x90
[ 2212.726574][T13440]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2212.732505][T13440] RIP: 0033:0x7f246ef9c819
[ 2212.736986][T13440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2212.756624][T13440] RSP: 002b:00007f246fe2b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2212.765081][T13440] RAX: ffffffffffffffda RBX: 00007f246f216180 RCX: 00007f246ef9c819
[ 2212.773081][T13440] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 2212.781072][T13440] RBP: 00007f246f032c91 R08: 0000000000000000 R09: 0000000000000000
[ 2212.789056][T13440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2212.797051][T13440] R13: 00007f246f216218 R14: 00007f246f216180 R15: 00007fff86ef3788
[ 2212.805102][T13440]  </TASK>
[ 2213.027481][T11967] Bluetooth: hci4: command tx timeout
[ 2213.623129][T13363] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2213.743231][T13363] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2213.777814][T13463] netlink: 'syz.1.14204': attribute type 10 has an invalid length.
[ 2213.884144][T13363] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2213.989619][T11234] gretap0 (unregistering): left allmulticast mode
[ 2214.012099][T11234] gretap0 (unregistering): left promiscuous mode
[ 2214.036344][T11234] Ÿë
: port 1(gretap0) entered disabled state
[ 2214.073202][T13363] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2215.107238][T11967] Bluetooth: hci4: command tx timeout
[ 2217.330213][T13363] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2217.370926][T13363] 8021q: adding VLAN 0 to HW filter on device team0
[ 2217.446103][T11222] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2217.453345][T11222] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2217.539014][T11222] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2217.546233][T11222] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2217.825175][T11234] hsr_slave_0: left promiscuous mode
[ 2217.841164][T11234] hsr_slave_1: left promiscuous mode
[ 2217.857863][T11234] batman_adv: batadv0: Interface deactivated: 
€Â0
[ 2217.881353][T11234] batman_adv: batadv0: Removing interface: 
€Â0
[ 2217.905838][T11234] bridge_slave_1: left allmulticast mode
[ 2217.930901][T11234] bridge_slave_1: left promiscuous mode
[ 2217.952624][T11234] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2217.993587][T11234] bridge_slave_0: left allmulticast mode
[ 2218.016937][T11234] bridge_slave_0: left promiscuous mode
[ 2218.057222][T11234] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2218.136080][T11234] veth1_vlan: left promiscuous mode
[ 2219.099877][T11234] .` (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 2219.157098][T11234] team0 (unregistering): Port device team_slave_1 removed
[ 2219.204828][T11234] team0 (unregistering): Port device team_slave_0 removed
[ 2219.253238][T11234] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2219.300814][T11234] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2219.607503][T11234] .` (unregistering): (slave team0): Releasing backup interface
[ 2219.643850][T11234] .` (unregistering): Released all slaves
[ 2219.767348][T13514] netlink: 'syz.0.14216': attribute type 10 has an invalid length.
[ 2219.811851][T13363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2220.330386][T13363] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2220.418679][T13363] veth0_vlan: entered promiscuous mode
[ 2220.432177][T13363] veth1_vlan: entered promiscuous mode
[ 2220.500028][T13363] veth0_macvtap: entered promiscuous mode
[ 2220.539911][T13363] veth1_macvtap: entered promiscuous mode
[ 2220.579450][T13363] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2220.592902][T13363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2220.604619][T13363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2220.621192][T13363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: 
€Â0
[ 2220.633585][T13363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2220.643689][T13363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: 
€Â0
[ 2220.653396][T13363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2220.664548][T13363] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2220.685655][T13363] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2220.705442][T13363] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2220.715818][T13363] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2220.724762][T13363] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2220.742676][T13554] netlink: 'syz.1.14227': attribute type 10 has an invalid length.
[ 2220.833129][T11235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2220.848767][T11235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2220.886123][T11235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2220.897070][T11235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2221.376360][T13577] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.14237'.
[ 2221.840309][T13597] netlink: 'syz.1.14245': attribute type 2 has an invalid length.
[ 2221.867463][T13597] netlink: 'syz.1.14245': attribute type 9 has an invalid length.
[ 2221.880980][T13597] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14245'.
[ 2222.121697][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2222.128370][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2222.313991][T13607] netlink: 'syz.3.14247': attribute type 6 has an invalid length.
[ 2222.327205][T13607] netlink: 168 bytes leftover after parsing attributes in process `syz.3.14247'.
[ 2222.341702][T13609] mac80211_hwsim hwsim127 wlan0: entered promiscuous mode
[ 2222.365575][T13609] mac80211_hwsim hwsim127 wlan0: entered allmulticast mode
[ 2222.460640][T13615] netlink: 'syz.0.14250': attribute type 10 has an invalid length.
[ 2222.507935][T13617] netlink: 144 bytes leftover after parsing attributes in process `syz.1.14252'.
[ 2222.533587][T13620] netlink: 144 bytes leftover after parsing attributes in process `syz.1.14252'.
[ 2225.154499][T13668] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[ 2225.800800][T13675] netlink: 60 bytes leftover after parsing attributes in process `syz.2.14270'.
[ 2227.670571][T13656] netlink: 'syz.1.14263': attribute type 46 has an invalid length.
[ 2227.694658][T13675] netlink: 60 bytes leftover after parsing attributes in process `syz.2.14270'.
[ 2228.309967][T13695] netlink: 'syz.0.14272': attribute type 10 has an invalid length.
[ 2230.188379][T13720] mac80211_hwsim hwsim119 wlan0: entered promiscuous mode
[ 2230.217420][T13720] mac80211_hwsim hwsim119 wlan0: entered allmulticast mode
[ 2230.393234][T13724] netlink: 'syz.2.14287': attribute type 5 has an invalid length.
[ 2230.619717][T13736] netlink: 60 bytes leftover after parsing attributes in process `syz.3.14288'.
[ 2230.640020][T13736] netlink: 60 bytes leftover after parsing attributes in process `syz.3.14288'.
[ 2230.649544][T13733] netlink: 60 bytes leftover after parsing attributes in process `syz.3.14288'.
[ 2230.767196][T13740] netlink: 'syz.0.14290': attribute type 10 has an invalid length.
[ 2232.990281][T13760] mac80211_hwsim hwsim115 wlan0: entered promiscuous mode
[ 2233.009413][T13760] mac80211_hwsim hwsim115 wlan0: entered allmulticast mode
[ 2233.258252][T13781] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14302'.
[ 2233.271761][T13781] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14302'.
[ 2233.287253][T13774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14302'.
[ 2233.318543][T13782] netlink: 'syz.3.14304': attribute type 10 has an invalid length.
[ 2233.740512][T13798] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.14313'.
[ 2234.247481][T13803] netlink: 140 bytes leftover after parsing attributes in process `syz.0.14312'.
[ 2237.285965][T13825] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14320'.
[ 2237.301358][T13825] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14320'.
[ 2237.311146][T13822] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14320'.
[ 2237.641272][T13835] netlink: 'syz.2.14323': attribute type 10 has an invalid length.
[ 2237.655839][T13835] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2237.683370][T13835] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2237.765489][T13835] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 2237.794503][T13836] netlink: 140 bytes leftover after parsing attributes in process `syz.3.14325'.
[ 2237.940403][T13840] IPv6: Can't replace route, no match found
[ 2238.631200][T13851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14331'.
[ 2238.894822][T13854] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2238.941203][T13854] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2239.512107][T13868] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.14338'.
[ 2239.542541][T13868] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.14338'.
[ 2239.582620][T13870] netlink: 'syz.3.14339': attribute type 2 has an invalid length.
[ 2239.598496][T13870] netlink: 51 bytes leftover after parsing attributes in process `syz.3.14339'.
[ 2239.785796][T13876] netlink: 'syz.0.14340': attribute type 10 has an invalid length.
[ 2243.279115][T13916] netlink: 'syz.0.14356': attribute type 10 has an invalid length.
[ 2244.552798][T13947] IPv6: Can't replace route, no match found
[ 2245.012053][T13968] netlink: 'syz.2.14374': attribute type 10 has an invalid length.
[ 2245.391718][T13971] netlink: 'syz.1.14375': attribute type 21 has an invalid length.
[ 2245.403608][T13971] netlink: 128 bytes leftover after parsing attributes in process `syz.1.14375'.
[ 2245.420924][T13971] netlink: 'syz.1.14375': attribute type 4 has an invalid length.
[ 2245.434617][T13971] netlink: 3 bytes leftover after parsing attributes in process `syz.1.14375'.
[ 2246.251676][T13977] netlink: 188 bytes leftover after parsing attributes in process `syz.3.14378'.
[ 2250.069099][T14023] netlink: 'syz.2.14393': attribute type 2 has an invalid length.
[ 2250.096929][T14023] netlink: 'syz.2.14393': attribute type 1 has an invalid length.
[ 2250.126959][T14023] netlink: 'syz.2.14393': attribute type 8 has an invalid length.
[ 2250.151324][T14025] netlink: 'syz.2.14393': attribute type 29 has an invalid length.
[ 2250.170869][T14023] netlink: 44 bytes leftover after parsing attributes in process `syz.2.14393'.
[ 2250.191686][T14022] netlink: 'syz.3.14390': attribute type 10 has an invalid length.
[ 2250.259369][T14025] netlink: 'syz.2.14393': attribute type 29 has an invalid length.
[ 2250.374085][T14023] netlink: 'syz.2.14393': attribute type 29 has an invalid length.
[ 2254.072952][T14062] netlink: 'syz.2.14405': attribute type 10 has an invalid length.
[ 2254.085708][T14064] netlink: 'syz.3.14406': attribute type 7 has an invalid length.
[ 2254.106085][T14064] netlink: 'syz.3.14406': attribute type 1 has an invalid length.
[ 2254.127314][T14064] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.14406'.
[ 2254.201451][T14066] netlink: 44 bytes leftover after parsing attributes in process `syz.0.14407'.
[ 2254.869020][T14086] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14416'.
[ 2255.436592][T14099] validate_nla: 9 callbacks suppressed
[ 2255.436612][T14099] netlink: 'syz.3.14419': attribute type 2 has an invalid length.
[ 2256.017205][T14109] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.14425'.
[ 2256.037324][T14109] netlink: zone id is out of range
[ 2256.042785][T14109] netlink: zone id is out of range
[ 2256.057150][T14109] netlink: zone id is out of range
[ 2256.062566][T14109] netlink: zone id is out of range
[ 2256.088596][T14109] netlink: zone id is out of range
[ 2256.101661][T14109] netlink: zone id is out of range
[ 2256.111777][T14109] netlink: zone id is out of range
[ 2256.126749][T14109] netlink: zone id is out of range
[ 2256.137191][T14109] netlink: zone id is out of range
[ 2256.148013][T14109] netlink: zone id is out of range
[ 2256.214494][T14117] netlink: 'syz.1.14428': attribute type 10 has an invalid length.
[ 2257.463215][T14150] netlink: 'syz.2.14442': attribute type 10 has an invalid length.
[ 2257.523871][T14151] netlink: 1772 bytes leftover after parsing attributes in process `syz.0.14441'.
[ 2258.520876][T14174] netlink: 'syz.1.14452': attribute type 10 has an invalid length.
[ 2258.625304][T14178] netlink: 'syz.2.14454': attribute type 1 has an invalid length.
[ 2259.352959][T14203] Â: renamed from pim6reg1
[ 2259.490186][T14211] netlink: 'syz.2.14465': attribute type 10 has an invalid length.
[ 2260.998321][T14256] netlink: 'syz.2.14483': attribute type 10 has an invalid length.
[ 2261.734178][T14277] TCP: TCP_TX_DELAY enabled
[ 2262.101110][T14290] netlink: 'syz.1.14495': attribute type 17 has an invalid length.
[ 2262.147178][T14290] netlink: 'syz.1.14495': attribute type 16 has an invalid length.
[ 2262.185893][T14290] netlink: 152 bytes leftover after parsing attributes in process `syz.1.14495'.
[ 2263.855877][T14288] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14495'.
[ 2263.883729][T14305] netlink: 'syz.2.14501': attribute type 10 has an invalid length.
[ 2264.048185][T14312] pim6reg1: entered promiscuous mode
[ 2264.067333][T14312] pim6reg1: entered allmulticast mode
[ 2264.440012][T14330] FAULT_INJECTION: forcing a failure.
[ 2264.440012][T14330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2264.457989][T14330] CPU: 1 PID: 14330 Comm: syz.3.14512 Not tainted syzkaller #0
[ 2264.465602][T14330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2264.475687][T14330] Call Trace:
[ 2264.478999][T14330]  <TASK>
[ 2264.481974][T14330]  dump_stack_lvl+0x18c/0x250
[ 2264.486744][T14330]  ? show_regs_print_info+0x20/0x20
[ 2264.491997][T14330]  ? load_image+0x420/0x420
[ 2264.496577][T14330]  ? __might_fault+0xaa/0x120
[ 2264.501319][T14330]  ? __lock_acquire+0x7d40/0x7d40
[ 2264.506399][T14330]  should_fail_ex+0x39d/0x4d0
[ 2264.511128][T14330]  _copy_from_user+0x2f/0xe0
[ 2264.515763][T14330]  do_tcp_setsockopt+0x5cb/0x1e10
[ 2264.520849][T14330]  ? tcp_set_window_clamp+0x4e0/0x4e0
[ 2264.526265][T14330]  ? aa_af_perm+0x330/0x330
[ 2264.530815][T14330]  ? __fget_files+0x28/0x4b0
[ 2264.535450][T14330]  ? __fget_files+0x28/0x4b0
[ 2264.540081][T14330]  ? aa_sock_opt_perm+0x74/0x100
[ 2264.545066][T14330]  ? sock_common_setsockopt+0x36/0xc0
[ 2264.550487][T14330]  ? tcp_setsockopt+0x3d/0xe0
[ 2264.555210][T14330]  ? tcp_enable_tx_delay+0x70/0x70
[ 2264.560372][T14330]  ? sock_common_recvmsg+0x190/0x190
[ 2264.565697][T14330]  do_sock_setsockopt+0x175/0x1a0
[ 2264.570763][T14330]  ? __fdget+0x180/0x210
[ 2264.575061][T14330]  __x64_sys_setsockopt+0x182/0x200
[ 2264.580294][T14330]  do_syscall_64+0x55/0xa0
[ 2264.584735][T14330]  ? clear_bhb_loop+0x40/0x90
[ 2264.589444][T14330]  ? clear_bhb_loop+0x40/0x90
[ 2264.594148][T14330]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2264.600075][T14330] RIP: 0033:0x7fc49839c819
[ 2264.604511][T14330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2264.624146][T14330] RSP: 002b:00007fc4992df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 2264.632589][T14330] RAX: ffffffffffffffda RBX: 00007fc498615fa0 RCX: 00007fc49839c819
[ 2264.640585][T14330] RDX: 0000000000000015 RSI: 0000000000000006 RDI: 0000000000000003
[ 2264.648582][T14330] RBP: 00007fc4992df090 R08: 0000000000000004 R09: 0000000000000000
[ 2264.656576][T14330] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001
[ 2264.664575][T14330] R13: 00007fc498616038 R14: 00007fc498615fa0 R15: 00007ffe6c4e2678
[ 2264.672594][T14330]  </TASK>
[ 2264.906196][T14335] netlink: 'syz.1.14514': attribute type 9 has an invalid length.
[ 2264.917066][T14335] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.14514'.
[ 2266.617249][T14369] netlink: 'syz.1.14523': attribute type 10 has an invalid length.
[ 2266.862393][T14372] netlink: 'syz.2.14527': attribute type 2 has an invalid length.
[ 2267.406147][T28239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2267.416614][T28239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2267.427248][T28239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2267.440291][T28239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2267.471062][T28239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 2267.482569][T28239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2268.233496][T11234] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2268.466610][T11234] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2268.696538][T11234] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2268.750572][T14404] netlink: 'syz.1.14536': attribute type 10 has an invalid length.
[ 2268.788025][T14402] netlink: 60 bytes leftover after parsing attributes in process `syz.3.14535'.
[ 2268.835078][T14405] netlink: 'syz.3.14535': attribute type 4 has an invalid length.
[ 2268.996554][T11234] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2269.099658][T14378] chnl_net:caif_netlink_parms(): no params data found
[ 2269.352352][T14378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2269.359775][T14378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2269.367601][T14378] bridge_slave_0: entered allmulticast mode
[ 2269.375205][T14378] bridge_slave_0: entered promiscuous mode
[ 2269.414045][T14378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2269.427366][T14378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2269.439841][T14378] bridge_slave_1: entered allmulticast mode
[ 2269.461533][T14378] bridge_slave_1: entered promiscuous mode
[ 2269.604382][T11967] Bluetooth: hci1: command tx timeout
[ 2269.609488][T14378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2269.665675][T14378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2269.844273][T14378] team0: Port device team_slave_0 added
[ 2269.901658][T14422] netlink: 'syz.3.14540': attribute type 29 has an invalid length.
[ 2270.058476][T14378] team0: Port device team_slave_1 added
[ 2270.103557][T14422] netlink: 'syz.3.14540': attribute type 29 has an invalid length.
[ 2270.145073][T14425] netlink: 'syz.3.14540': attribute type 29 has an invalid length.
[ 2270.208034][T14428] netlink: 'syz.3.14540': attribute type 10 has an invalid length.
[ 2270.317898][T14428] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 2270.643025][T14378] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2270.666472][T14378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2270.737303][T14378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2270.768740][T14378] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2270.775751][T14378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2270.892231][T14378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2271.674623][T11967] Bluetooth: hci1: command tx timeout
[ 2272.464228][T14460] netlink: 'syz.1.14549': attribute type 10 has an invalid length.
[ 2272.558190][T14463] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14550'.
[ 2272.624109][T14378] hsr_slave_0: entered promiscuous mode
[ 2272.644359][T14378] hsr_slave_1: entered promiscuous mode
[ 2272.670572][T14378] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2272.690458][T14378] Cannot create hsr debugfs directory
[ 2273.162423][T14472] netlink: 'syz.3.14552': attribute type 39 has an invalid length.
[ 2273.766916][T11967] Bluetooth: hci1: command tx timeout
[ 2273.942983][T11234] hsr_slave_0: left promiscuous mode
[ 2273.957843][T11234] hsr_slave_1: left promiscuous mode
[ 2273.969730][T11234] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2273.997178][T11234] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2274.396194][T11234] bridge_slave_1: left allmulticast mode
[ 2274.403706][T11234] bridge_slave_1: left promiscuous mode
[ 2274.413352][T11234] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2274.424430][T11234] bridge_slave_0: left allmulticast mode
[ 2274.432301][T11234] bridge_slave_0: left promiscuous mode
[ 2274.445051][T11234] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2274.469678][T11234] veth1_macvtap: left promiscuous mode
[ 2274.475414][T11234] veth1_vlan: left promiscuous mode
[ 2275.036495][T11234] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 2275.085728][T11234] team0 (unregistering): Port device team_slave_1 removed
[ 2275.130843][T11234] team0 (unregistering): Port device team_slave_0 removed
[ 2275.175083][T11234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2275.224648][T11234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2275.523022][T11234] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 2275.532274][T11234] bond0 (unregistering): Released all slaves
[ 2275.832637][T11967] Bluetooth: hci1: command tx timeout
[ 2276.449409][T14538] netlink: 40 bytes leftover after parsing attributes in process `syz.3.14567'.
[ 2276.668022][T14538] netlink: 40 bytes leftover after parsing attributes in process `syz.3.14567'.
[ 2276.701728][T14538] netlink: 13 bytes leftover after parsing attributes in process `syz.3.14567'.
[ 2277.033956][T14378] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2277.068310][T14378] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2277.100482][T14378] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2277.214708][T14378] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2277.839226][T14378] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2277.950088][T14378] 8021q: adding VLAN 0 to HW filter on device team0
[ 2278.062271][T11234] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2278.069586][T11234] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2278.224651][T11234] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2278.232119][T11234] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2278.514649][T14378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2279.403352][T14378] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2279.629192][T14378] veth0_vlan: entered promiscuous mode
[ 2279.664026][T14378] veth1_vlan: entered promiscuous mode
[ 2279.791078][T14378] veth0_macvtap: entered promiscuous mode
[ 2279.813036][T14378] veth1_macvtap: entered promiscuous mode
[ 2279.893667][T14378] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2279.942992][T14378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: 
€Â0
[ 2279.965690][T14378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2279.977108][T14378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: 
€Â0
[ 2279.987439][T14378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2280.015319][T14378] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2280.067415][T14378] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2280.076185][T14378] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2280.108052][T14378] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2280.133250][T14378] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2280.384834][T11234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2280.409450][T11234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2280.491736][T11234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2280.514768][T11234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2283.046445][T14664] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.14597'.
[ 2283.520409][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.526966][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.688216][T14680] -1: renamed from syzkaller0
[ 2283.850324][T14696] netlink: 'syz.2.14605': attribute type 11 has an invalid length.
[ 2283.889136][T14696] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.14605'.
[ 2284.582194][T14721] netlink: 'syz.2.14614': attribute type 10 has an invalid length.
[ 2284.674377][T14721] veth0_vlan: left promiscuous mode
[ 2284.751749][T14721] veth0_vlan: entered promiscuous mode
[ 2284.780552][T14721] team0: Device veth0_vlan failed to register rx_handler
[ 2285.180192][T14728] net_ratelimit: 15 callbacks suppressed
[ 2285.180252][T14728] netlink: set zone limit has 8 unknown bytes
[ 2285.559984][T14756] netlink: 172 bytes leftover after parsing attributes in process `syz.3.14627'.
[ 2285.593581][T14758] netlink: 172 bytes leftover after parsing attributes in process `syz.3.14627'.
[ 2285.893187][T14775] mac80211_hwsim hwsim115 wlan0: left promiscuous mode
[ 2285.900963][T14775] mac80211_hwsim hwsim115 wlan0: left allmulticast mode
[ 2285.941019][T14778] mac80211_hwsim hwsim115 wlan0: entered promiscuous mode
[ 2285.949434][T14778] mac80211_hwsim hwsim115 wlan0: entered allmulticast mode
[ 2286.416877][T14793] netlink: 'syz.2.14639': attribute type 2 has an invalid length.
[ 2286.425689][T14793] netlink: 'syz.2.14639': attribute type 8 has an invalid length.
[ 2286.439034][T14793] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14639'.
[ 2286.478377][T14793] netlink: 'syz.2.14639': attribute type 2 has an invalid length.
[ 2286.493197][T14793] netlink: 'syz.2.14639': attribute type 8 has an invalid length.
[ 2286.514477][T14793] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14639'.
[ 2286.609650][T14798] netlink: 'syz.0.14641': attribute type 3 has an invalid length.
[ 2286.618827][T14798] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.14641'.
[ 2286.932905][T14814] netlink: 'syz.2.14646': attribute type 10 has an invalid length.
[ 2287.154134][T14823] can: request_module (can-proto-5) failed.
[ 2287.209934][T14829] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.14654'.
[ 2287.226761][T14829] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 2287.233429][T14829] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 2288.290611][T14859] delete_channel: no stack
[ 2288.563915][T14871] netlink: 'syz.3.14670': attribute type 10 has an invalid length.
[ 2288.636171][T14875] netlink: 830 bytes leftover after parsing attributes in process `syz.0.14667'.
[ 2291.155434][T14883] mac80211_hwsim hwsim127 wlan0: left promiscuous mode
[ 2291.163550][T14883] mac80211_hwsim hwsim127 wlan0: left allmulticast mode
[ 2291.218079][T14884] mac80211_hwsim hwsim127 wlan0: entered promiscuous mode
[ 2291.225311][T14884] mac80211_hwsim hwsim127 wlan0: entered allmulticast mode
[ 2291.652416][T14907] netlink: 'syz.3.14682': attribute type 21 has an invalid length.
[ 2291.676415][T14907] netlink: 132 bytes leftover after parsing attributes in process `syz.3.14682'.
[ 2291.849291][T14916] netlink: 'syz.0.14685': attribute type 10 has an invalid length.
[ 2291.868607][T14916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2291.898349][T14916] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2291.978239][T14916] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 2292.011413][T14918] netlink: 'syz.2.14688': attribute type 29 has an invalid length.
[ 2292.020250][T14918] netlink: 'syz.2.14688': attribute type 29 has an invalid length.
[ 2292.039467][T14918] netlink: 'syz.2.14688': attribute type 29 has an invalid length.
[ 2292.056572][T14918] netlink: 'syz.2.14688': attribute type 29 has an invalid length.
[ 2292.528143][T14924] netlink: 'syz.1.14689': attribute type 2 has an invalid length.
[ 2292.536236][T14924] netlink: 'syz.1.14689': attribute type 8 has an invalid length.
[ 2292.544838][T14924] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14689'.
[ 2292.592279][T14924] netlink: 'syz.1.14689': attribute type 2 has an invalid length.
[ 2292.640983][T14924] netlink: 'syz.1.14689': attribute type 8 has an invalid length.
[ 2292.664560][T14924] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14689'.
[ 2292.935009][T14932] netlink: 132 bytes leftover after parsing attributes in process `syz.0.14692'.
[ 2296.862016][T14963] delete_channel: no stack
[ 2297.544665][T14993] validate_nla: 1 callbacks suppressed
[ 2297.544683][T14993] netlink: 'syz.3.14713': attribute type 10 has an invalid length.
[ 2298.419862][T28239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2298.428989][T28239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2298.437488][T28239] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2298.445872][T28239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2298.464219][T28239] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 2298.476619][T28239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2298.710621][T15002] chnl_net:caif_netlink_parms(): no params data found
[ 2298.832546][T15002] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2298.840580][T15002] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2298.855878][T15002] bridge_slave_0: entered allmulticast mode
[ 2298.864565][T15002] bridge_slave_0: entered promiscuous mode
[ 2298.888416][T15002] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2298.916074][T15002] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2298.936386][T15002] bridge_slave_1: entered allmulticast mode
[ 2298.948519][T15002] bridge_slave_1: entered promiscuous mode
[ 2299.054637][T15002] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2299.090079][T15002] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2299.198686][T15002] team0: Port device team_slave_0 added
[ 2299.234900][T15002] team0: Port device team_slave_1 added
[ 2299.324875][T15002] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2299.347394][T15002] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2299.419414][T15002] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2299.455942][T15002] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2299.473255][T15002] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2299.543128][T15002] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2300.484826][T15002] hsr_slave_0: entered promiscuous mode
[ 2300.527416][T15002] hsr_slave_1: entered promiscuous mode
[ 2300.555162][T15002] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2300.557237][T28239] Bluetooth: hci2: command tx timeout
[ 2300.562845][T15002] Cannot create hsr debugfs directory
[ 2301.236767][T15002] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2301.264072][T15036] netlink: 'syz.0.14725': attribute type 10 has an invalid length.
[ 2301.345658][T15002] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2301.446423][T15002] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2301.552113][T15002] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2302.002663][T15002] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 2302.020911][T15002] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 2302.095826][T15002] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 2302.108161][T15002] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 2302.504858][T15002] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2302.627516][T28239] Bluetooth: hci2: command tx timeout
[ 2303.233119][T15072] netlink: 'syz.0.14740': attribute type 10 has an invalid length.
[ 2303.299313][T15002] 8021q: adding VLAN 0 to HW filter on device team0
[ 2303.326104][T11238] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2303.333373][T11238] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2303.422286][T11238] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2303.429526][T11238] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2303.643617][T15002] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2303.814769][T11228] hsr_slave_0: left promiscuous mode
[ 2303.832790][T11228] hsr_slave_1: left promiscuous mode
[ 2303.844352][T11228] batman_adv: batadv0: Interface deactivated: 
€Â0
[ 2303.852698][T11228] batman_adv: batadv0: Removing interface: 
€Â0
[ 2304.707157][T28239] Bluetooth: hci2: command tx timeout
[ 2304.737238][T11228] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 2304.819690][T11228] team0 (unregistering): Port device team_slave_1 removed
[ 2304.940449][T11228] team0 (unregistering): Port device team_slave_0 removed
[ 2305.048842][T11228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2305.125454][T11228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2305.241650][T11228] team0 (unregistering): Port device bridge_slave_1 removed
[ 2305.610470][T11228] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 2305.663861][T11228] bond0 (unregistering): Released all slaves
[ 2305.705349][T15112] netlink: 'syz.3.14753': attribute type 10 has an invalid length.
[ 2305.971570][T15002] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2306.094238][T15002] veth0_vlan: entered promiscuous mode
[ 2306.148923][T15002] veth1_vlan: entered promiscuous mode
[ 2306.195797][T15002] veth0_macvtap: entered promiscuous mode
[ 2306.207918][T15002] veth1_macvtap: entered promiscuous mode
[ 2306.257887][T15002] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2306.297689][T15002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: 
€Â0
[ 2306.317135][T15002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2306.330380][T15002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2306.342023][T15002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2306.353699][T15002] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2306.380893][T15002] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2306.393647][T15002] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2306.404030][T15002] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2306.419571][T15002] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2306.454843][T15134] can: request_module (can-proto-3) failed.
[ 2306.588432][T11238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2306.606437][T11238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2306.705172][T11238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2306.782330][T11238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2306.790259][T28239] Bluetooth: hci2: command tx timeout
[ 2309.795523][T15147] netlink: 'syz.0.14764': attribute type 10 has an invalid length.
[ 2310.202553][T15163] netlink: 14 bytes leftover after parsing attributes in process `syz.1.14772'.
[ 2310.221668][T15163] veth0_macvtap: left promiscuous mode
[ 2313.602109][T15184] netlink: 188 bytes leftover after parsing attributes in process `syz.3.14781'.
[ 2313.823849][T15195] netlink: 'syz.1.14783': attribute type 10 has an invalid length.
[ 2313.847196][T15195] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2313.890460][T15195] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2313.933615][T15195] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 2317.533786][T15224] ÿ: renamed from bond_slave_0 (while UP)
[ 2317.594844][T15222] delete_channel: no stack
[ 2321.689393][T15272] netlink: 'syz.1.14810': attribute type 10 has an invalid length.
[ 2321.765102][T15272] batman_adv: batadv0: Adding interface: netdevsim0
[ 2321.800144][T15272] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2321.858207][T15272] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[ 2321.897028][T15274] netlink: 'syz.1.14810': attribute type 10 has an invalid length.
[ 2322.078831][T15277] netlink: 'syz.2.14811': attribute type 29 has an invalid length.
[ 2322.097242][T15277] netlink: 'syz.2.14811': attribute type 3 has an invalid length.
[ 2322.105362][T15277] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14811'.
[ 2325.142901][T15298] syz.0.14821[15298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2325.143155][T15298] syz.0.14821[15298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2325.172423][T15298] syz.0.14821[15298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2325.199454][T15298] syz.0.14821[15298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2328.727536][T15327] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14830'.
[ 2328.920705][T15334] netlink: 'syz.2.14833': attribute type 4 has an invalid length.
[ 2328.937323][T15334] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.14833'.
[ 2331.668048][T11967] Bluetooth: hci4: command 0x0406 tx timeout
[ 2334.880468][T15420] delete_channel: no stack
[ 2335.023183][T15423] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2341.012588][T15485] netlink: 'syz.2.14894': attribute type 3 has an invalid length.
[ 2341.020999][T15485] netlink: 'syz.2.14894': attribute type 1 has an invalid length.
[ 2341.035326][T15485] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.14894'.
[ 2341.524265][T15511] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.14905'.
[ 2343.058389][T15515] netlink: 72 bytes leftover after parsing attributes in process `syz.2.14906'.
[ 2343.282887][T15524] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 2343.290378][T15524] IPv6: NLM_F_CREATE should be set when creating new route
[ 2343.298069][T15524] IPv6: NLM_F_CREATE should be set when creating new route
[ 2343.305458][T15524] IPv6: NLM_F_CREATE should be set when creating new route
[ 2343.395168][T15525] netlink: 'syz.1.14908': attribute type 10 has an invalid length.
[ 2344.287747][T15525] 8021q: adding VLAN 0 to HW filter on device team0
[ 2344.312197][T15525] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2344.955282][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2344.963413][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2346.524995][T15560] veth0_vlan: entered allmulticast mode
[ 2346.643470][T15560] veth0_vlan: left promiscuous mode
[ 2346.699473][T15560] veth0_vlan: entered promiscuous mode
[ 2351.698400][T15620] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.14946'.
[ 2351.715042][T15620] netlink: 14 bytes leftover after parsing attributes in process `syz.0.14946'.
[ 2351.813424][T15621] netlink: 14 bytes leftover after parsing attributes in process `syz.0.14946'.
[ 2352.249920][T15642] sctp: [Deprecated]: syz.3.14954 (pid 15642) Use of int in max_burst socket option deprecated.
[ 2352.249920][T15642] Use struct sctp_assoc_value instead
[ 2352.268576][T15642] netlink: 'syz.3.14954': attribute type 6 has an invalid length.
[ 2352.909627][T15653] netlink: 'syz.3.14960': attribute type 10 has an invalid length.
[ 2352.921737][T15653] netlink: 40 bytes leftover after parsing attributes in process `syz.3.14960'.
[ 2352.932084][T15653] batadv0: entered promiscuous mode
[ 2352.940596][T15653] batadv0: entered allmulticast mode
[ 2352.947116][T15653] bridge0: port 3(batadv0) entered blocking state
[ 2352.953765][T15653] bridge0: port 3(batadv0) entered disabled state
[ 2352.970244][T15653] bridge0: port 3(batadv0) entered blocking state
[ 2352.976950][T15653] bridge0: port 3(batadv0) entered forwarding state
[ 2353.187144][T11234] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 2353.196484][T11234] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 2354.114419][T15673] netlink: 156 bytes leftover after parsing attributes in process `syz.2.14968'.
[ 2356.175257][T15699] netlink: 'syz.2.14979': attribute type 9 has an invalid length.
[ 2356.195953][T15699] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.14979'.
[ 2357.876041][T15737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14993'.
[ 2361.622685][T15760] netlink: 'syz.0.15000': attribute type 10 has an invalid length.
[ 2368.043583][T15864] netlink: 'syz.2.15041': attribute type 10 has an invalid length.
[ 2368.061575][T15864] bond0: (slave bond_slave_0): Releasing backup interface
[ 2374.729650][T15940] netlink: 'syz.3.15071': attribute type 10 has an invalid length.
[ 2374.754262][T15940] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15071'.
[ 2374.784194][T15940] netlink: 'syz.3.15071': attribute type 10 has an invalid length.
[ 2374.839358][T15940] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15071'.
[ 2375.245859][T15957] sctp: [Deprecated]: syz.1.15080 (pid 15957) Use of int in max_burst socket option deprecated.
[ 2375.245859][T15957] Use struct sctp_assoc_value instead
[ 2379.378640][T16009] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 2379.388395][T16009] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 2379.678208][T16009] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.15100'.
[ 2382.862997][T28239] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2388.498708][T16123] netlink: 60 bytes leftover after parsing attributes in process `syz.2.15144'.
[ 2388.520116][T16123] netlink: 60 bytes leftover after parsing attributes in process `syz.2.15144'.
[ 2388.540847][T16123] netlink: 60 bytes leftover after parsing attributes in process `syz.2.15144'.
[ 2391.296667][T28239] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2391.304458][T28239] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[ 2393.141313][T28239] Bluetooth: hci1: command 0x0406 tx timeout
[ 2393.377006][T16183] veth1_to_bond: entered allmulticast mode
[ 2395.418124][T16231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2397.306348][T16267] netlink: 'syz.0.15193': attribute type 3 has an invalid length.
[ 2397.344154][T16267] netlink: 'syz.0.15193': attribute type 1 has an invalid length.
[ 2397.416957][T16267] netlink: 130160 bytes leftover after parsing attributes in process `syz.0.15193'.
[ 2402.139911][T16304] netlink: 'syz.1.15210': attribute type 13 has an invalid length.
[ 2402.169926][T16304] netlink: 160 bytes leftover after parsing attributes in process `syz.1.15210'.
[ 2406.393045][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2406.399795][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2406.449087][T16357] netlink: 'syz.0.15229': attribute type 10 has an invalid length.
[ 2406.458427][T16357] netlink: 40 bytes leftover after parsing attributes in process `syz.0.15229'.
[ 2406.473629][T16357] vcan0: entered promiscuous mode
[ 2406.481084][T16357] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check.
[ 2410.136092][T16382] netlink: 'syz.3.15240': attribute type 9 has an invalid length.
[ 2410.149962][T16382] netlink: 399 bytes leftover after parsing attributes in process `syz.3.15240'.
[ 2410.735787][T16408] netlink: 'syz.2.15251': attribute type 1 has an invalid length.
[ 2410.748542][T16408] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.15251'.
[ 2412.246196][T16433] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.15261'.
[ 2412.397394][T16433] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[ 2414.446881][T16456] FAULT_INJECTION: forcing a failure.
[ 2414.446881][T16456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2414.460107][T16456] CPU: 1 PID: 16456 Comm: syz.1.15270 Not tainted syzkaller #0
[ 2414.467701][T16456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2414.477822][T16456] Call Trace:
[ 2414.481150][T16456]  <TASK>
[ 2414.484137][T16456]  dump_stack_lvl+0x18c/0x250
[ 2414.488874][T16456]  ? show_regs_print_info+0x20/0x20
[ 2414.494113][T16456]  ? load_image+0x420/0x420
[ 2414.498678][T16456]  ? __might_fault+0xaa/0x120
[ 2414.503382][T16456]  ? __lock_acquire+0x7d40/0x7d40
[ 2414.508426][T16456]  should_fail_ex+0x39d/0x4d0
[ 2414.513128][T16456]  _copy_from_user+0x2f/0xe0
[ 2414.517750][T16456]  __sys_bpf+0x23e/0x890
[ 2414.522030][T16456]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2414.527445][T16456]  ? lock_chain_count+0x20/0x20
[ 2414.532332][T16456]  __x64_sys_bpf+0x7c/0x90
[ 2414.536772][T16456]  do_syscall_64+0x55/0xa0
[ 2414.541219][T16456]  ? clear_bhb_loop+0x40/0x90
[ 2414.545925][T16456]  ? clear_bhb_loop+0x40/0x90
[ 2414.550627][T16456]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2414.556543][T16456] RIP: 0033:0x7ff49479c819
[ 2414.560987][T16456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2414.580606][T16456] RSP: 002b:00007ff4929f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2414.589039][T16456] RAX: ffffffffffffffda RBX: 00007ff494a15fa0 RCX: 00007ff49479c819
[ 2414.597029][T16456] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2414.605011][T16456] RBP: 00007ff4929f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2414.613003][T16456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2414.621008][T16456] R13: 00007ff494a16038 R14: 00007ff494a15fa0 R15: 00007ffd88223f38
[ 2414.629008][T16456]  </TASK>
[ 2417.476963][T16497] syzkaller0: entered promiscuous mode
[ 2417.482638][T16497] syzkaller0: entered allmulticast mode
[ 2417.518426][T16498] netlink: 'syz.2.15285': attribute type 10 has an invalid length.
[ 2417.626882][T16503] netlink: 'syz.0.15287': attribute type 10 has an invalid length.
[ 2419.615257][T16510] netlink: 'syz.2.15292': attribute type 19 has an invalid length.
[ 2419.631772][T16511] FAULT_INJECTION: forcing a failure.
[ 2419.631772][T16511] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2419.645522][T16511] CPU: 1 PID: 16511 Comm: syz.1.15291 Not tainted syzkaller #0
[ 2419.653163][T16511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2419.663273][T16511] Call Trace:
[ 2419.666604][T16511]  <TASK>
[ 2419.669583][T16511]  dump_stack_lvl+0x18c/0x250
[ 2419.674339][T16511]  ? show_regs_print_info+0x20/0x20
[ 2419.679618][T16511]  ? load_image+0x420/0x420
[ 2419.684192][T16511]  ? __might_fault+0xaa/0x120
[ 2419.688942][T16511]  ? __lock_acquire+0x7d40/0x7d40
[ 2419.694039][T16511]  should_fail_ex+0x39d/0x4d0
[ 2419.698812][T16511]  _copy_from_user+0x2f/0xe0
[ 2419.703472][T16511]  ___sys_sendmsg+0x1c7/0x360
[ 2419.708228][T16511]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2419.713102][T16511]  ? __lock_acquire+0x7d40/0x7d40
[ 2419.718242][T16511]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2419.723172][T16511]  ? __x64_sys_sendmsg+0x80/0x80
[ 2419.728208][T16511]  ? lockdep_hardirqs_on+0x98/0x150
[ 2419.733490][T16511]  do_syscall_64+0x55/0xa0
[ 2419.737998][T16511]  ? clear_bhb_loop+0x40/0x90
[ 2419.742740][T16511]  ? clear_bhb_loop+0x40/0x90
[ 2419.747495][T16511]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2419.753458][T16511] RIP: 0033:0x7ff49479c819
[ 2419.757925][T16511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2419.777588][T16511] RSP: 002b:00007ff4929d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2419.786042][T16511] RAX: ffffffffffffffda RBX: 00007ff494a16090 RCX: 00007ff49479c819
[ 2419.794044][T16511] RDX: 000000000400c084 RSI: 0000200000000040 RDI: 0000000000000006
[ 2419.802067][T16511] RBP: 00007ff4929d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2419.810110][T16511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2419.818127][T16511] R13: 00007ff494a16128 R14: 00007ff494a16090 R15: 00007ffd88223f38
[ 2419.826191][T16511]  </TASK>
[ 2420.053703][T16521] netlink: 'syz.0.15295': attribute type 3 has an invalid length.
[ 2420.062480][T16521] netlink: 'syz.0.15295': attribute type 275 has an invalid length.
[ 2420.132078][T16525] netlink: 'syz.3.15296': attribute type 29 has an invalid length.
[ 2420.143413][T16525] netlink: 'syz.3.15296': attribute type 29 has an invalid length.
[ 2420.161201][T16525] netlink: 'syz.3.15296': attribute type 29 has an invalid length.
[ 2420.170095][T16525] netlink: 'syz.3.15296': attribute type 29 has an invalid length.
[ 2420.194630][T16527] FAULT_INJECTION: forcing a failure.
[ 2420.194630][T16527] name failslab, interval 1, probability 0, space 0, times 0
[ 2420.208286][T16527] CPU: 0 PID: 16527 Comm: syz.0.15297 Not tainted syzkaller #0
[ 2420.215922][T16527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2420.226015][T16527] Call Trace:
[ 2420.229329][T16527]  <TASK>
[ 2420.232297][T16527]  dump_stack_lvl+0x18c/0x250
[ 2420.237032][T16527]  ? show_regs_print_info+0x20/0x20
[ 2420.242299][T16527]  ? load_image+0x420/0x420
[ 2420.246855][T16527]  ? __lock_acquire+0x7d40/0x7d40
[ 2420.251947][T16527]  should_fail_ex+0x39d/0x4d0
[ 2420.256702][T16527]  should_failslab+0x9/0x20
[ 2420.261259][T16527]  slab_pre_alloc_hook+0x59/0x310
[ 2420.266344][T16527]  ? bpf_test_init+0x9f/0x140
[ 2420.271054][T16527]  ? bpf_test_init+0x9f/0x140
[ 2420.275772][T16527]  __kmem_cache_alloc_node+0x53/0x250
[ 2420.281208][T16527]  ? bpf_test_init+0x9f/0x140
[ 2420.285932][T16527]  __kmalloc+0xa4/0x230
[ 2420.290139][T16527]  bpf_test_init+0x9f/0x140
[ 2420.294672][T16527]  bpf_prog_test_run_xdp+0x4d1/0x10e0
[ 2420.300100][T16527]  ? dev_put+0x80/0x80
[ 2420.304213][T16527]  ? dev_put+0x80/0x80
[ 2420.308317][T16527]  bpf_prog_test_run+0x321/0x390
[ 2420.313278][T16527]  __sys_bpf+0x49d/0x890
[ 2420.317540][T16527]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2420.322939][T16527]  ? lock_chain_count+0x20/0x20
[ 2420.327832][T16527]  __x64_sys_bpf+0x7c/0x90
[ 2420.332282][T16527]  do_syscall_64+0x55/0xa0
[ 2420.336726][T16527]  ? clear_bhb_loop+0x40/0x90
[ 2420.341440][T16527]  ? clear_bhb_loop+0x40/0x90
[ 2420.346145][T16527]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2420.352061][T16527] RIP: 0033:0x7f3fe359c819
[ 2420.356503][T16527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2420.376131][T16527] RSP: 002b:00007f3fe445f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2420.384569][T16527] RAX: ffffffffffffffda RBX: 00007f3fe3815fa0 RCX: 00007f3fe359c819
[ 2420.392564][T16527] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2420.400756][T16527] RBP: 00007f3fe445f090 R08: 0000000000000000 R09: 0000000000000000
[ 2420.408745][T16527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2420.416736][T16527] R13: 00007f3fe3816038 R14: 00007f3fe3815fa0 R15: 00007ffc16132bc8
[ 2420.424755][T16527]  </TASK>
[ 2423.604136][T16558] netlink: 'syz.2.15310': attribute type 21 has an invalid length.
[ 2423.612974][T16558] netlink: 'syz.2.15310': attribute type 4 has an invalid length.
[ 2423.828529][T16546] Bluetooth: hci2: command 0x0406 tx timeout
[ 2423.995681][T16578] netlink: 'syz.1.15315': attribute type 10 has an invalid length.
[ 2425.802100][T16594] netlink: 'syz.1.15318': attribute type 10 has an invalid length.
[ 2426.772698][T16602] tc_dump_action: action bad kind
[ 2426.841535][T16604] FAULT_INJECTION: forcing a failure.
[ 2426.841535][T16604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2426.875633][T16604] CPU: 0 PID: 16604 Comm: syz.2.15323 Not tainted syzkaller #0
[ 2426.883247][T16604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2426.893347][T16604] Call Trace:
[ 2426.896652][T16604]  <TASK>
[ 2426.899597][T16604]  dump_stack_lvl+0x18c/0x250
[ 2426.904305][T16604]  ? show_regs_print_info+0x20/0x20
[ 2426.909530][T16604]  ? load_image+0x420/0x420
[ 2426.914076][T16604]  ? __lock_acquire+0x7d40/0x7d40
[ 2426.919127][T16604]  ? __virt_addr_valid+0x18c/0x540
[ 2426.924272][T16604]  should_fail_ex+0x39d/0x4d0
[ 2426.928985][T16604]  _copy_from_user+0x2f/0xe0
[ 2426.933606][T16604]  bpf_test_init+0xde/0x140
[ 2426.938136][T16604]  bpf_prog_test_run_xdp+0x4d1/0x10e0
[ 2426.943532][T16604]  ? dev_put+0x80/0x80
[ 2426.947624][T16604]  ? dev_put+0x80/0x80
[ 2426.951718][T16604]  bpf_prog_test_run+0x321/0x390
[ 2426.956687][T16604]  __sys_bpf+0x49d/0x890
[ 2426.960956][T16604]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2426.966363][T16604]  ? lock_chain_count+0x20/0x20
[ 2426.971242][T16604]  __x64_sys_bpf+0x7c/0x90
[ 2426.975685][T16604]  do_syscall_64+0x55/0xa0
[ 2426.980148][T16604]  ? clear_bhb_loop+0x40/0x90
[ 2426.984850][T16604]  ? clear_bhb_loop+0x40/0x90
[ 2426.989565][T16604]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2426.995510][T16604] RIP: 0033:0x7f4ef699c819
[ 2426.999952][T16604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2427.019595][T16604] RSP: 002b:00007f4ef77b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2427.028030][T16604] RAX: ffffffffffffffda RBX: 00007f4ef6c15fa0 RCX: 00007f4ef699c819
[ 2427.036046][T16604] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2427.044045][T16604] RBP: 00007f4ef77b5090 R08: 0000000000000000 R09: 0000000000000000
[ 2427.052039][T16604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2427.060058][T16604] R13: 00007f4ef6c16038 R14: 00007f4ef6c15fa0 R15: 00007ffc963a93a8
[ 2427.068110][T16604]  </TASK>
[ 2427.082083][T16608] FAULT_INJECTION: forcing a failure.
[ 2427.082083][T16608] name failslab, interval 1, probability 0, space 0, times 0
[ 2427.096499][T16608] CPU: 1 PID: 16608 Comm: syz.1.15324 Not tainted syzkaller #0
[ 2427.104123][T16608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2427.114228][T16608] Call Trace:
[ 2427.117554][T16608]  <TASK>
[ 2427.120533][T16608]  dump_stack_lvl+0x18c/0x250
[ 2427.125283][T16608]  ? show_regs_print_info+0x20/0x20
[ 2427.130569][T16608]  ? load_image+0x420/0x420
[ 2427.135160][T16608]  ? __might_sleep+0xe0/0xe0
[ 2427.139799][T16608]  ? __lock_acquire+0x7d40/0x7d40
[ 2427.144916][T16608]  should_fail_ex+0x39d/0x4d0
[ 2427.149678][T16608]  should_failslab+0x9/0x20
[ 2427.154237][T16608]  slab_pre_alloc_hook+0x59/0x310
[ 2427.159328][T16608]  ? __lock_acquire+0x7d40/0x7d40
[ 2427.164419][T16608]  kmem_cache_alloc_node+0x60/0x320
[ 2427.169680][T16608]  ? __alloc_skb+0x103/0x2c0
[ 2427.174334][T16608]  __alloc_skb+0x103/0x2c0
[ 2427.178806][T16608]  netlink_sendmsg+0x66a/0xbf0
[ 2427.183619][T16608]  ? perf_trace_lock+0x304/0x3b0
[ 2427.188614][T16608]  ? netlink_getsockopt+0x590/0x590
[ 2427.193879][T16608]  ? aa_sock_msg_perm+0x94/0x150
[ 2427.198907][T16608]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2427.204256][T16608]  ? security_socket_sendmsg+0x80/0xa0
[ 2427.209746][T16608]  ? netlink_getsockopt+0x590/0x590
[ 2427.214990][T16608]  ____sys_sendmsg+0x5ba/0x960
[ 2427.219804][T16608]  ? __asan_memset+0x22/0x40
[ 2427.224456][T16608]  ? __sys_sendmsg_sock+0x30/0x30
[ 2427.229519][T16608]  ? __import_iovec+0x5f2/0x850
[ 2427.234440][T16608]  ? import_iovec+0x73/0xa0
[ 2427.238978][T16608]  ___sys_sendmsg+0x2a6/0x360
[ 2427.243719][T16608]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2427.248544][T16608]  ? __lock_acquire+0x7d40/0x7d40
[ 2427.253737][T16608]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2427.258641][T16608]  ? __x64_sys_sendmsg+0x80/0x80
[ 2427.263643][T16608]  ? lockdep_hardirqs_on+0x98/0x150
[ 2427.268911][T16608]  do_syscall_64+0x55/0xa0
[ 2427.273364][T16608]  ? clear_bhb_loop+0x40/0x90
[ 2427.278076][T16608]  ? clear_bhb_loop+0x40/0x90
[ 2427.282791][T16608]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2427.288735][T16608] RIP: 0033:0x7ff49479c819
[ 2427.293184][T16608] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2427.312825][T16608] RSP: 002b:00007ff4929d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2427.321273][T16608] RAX: ffffffffffffffda RBX: 00007ff494a16090 RCX: 00007ff49479c819
[ 2427.329367][T16608] RDX: 000000000400c084 RSI: 0000200000000040 RDI: 0000000000000006
[ 2427.337367][T16608] RBP: 00007ff4929d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2427.345373][T16608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2427.353371][T16608] R13: 00007ff494a16128 R14: 00007ff494a16090 R15: 00007ffd88223f38
[ 2427.361413][T16608]  </TASK>
[ 2431.125917][T16640] netlink: 'syz.1.15334': attribute type 4 has an invalid length.
[ 2431.146878][T16640] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.15334'.
[ 2433.784665][T16670] netlink: 'syz.3.15345': attribute type 10 has an invalid length.
[ 2434.015213][T16683] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.15351'.
[ 2434.033369][T16685] FAULT_INJECTION: forcing a failure.
[ 2434.033369][T16685] name failslab, interval 1, probability 0, space 0, times 0
[ 2434.052896][T16685] CPU: 0 PID: 16685 Comm: syz.0.15352 Not tainted syzkaller #0
[ 2434.060505][T16685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2434.070610][T16685] Call Trace:
[ 2434.073922][T16685]  <TASK>
[ 2434.076882][T16685]  dump_stack_lvl+0x18c/0x250
[ 2434.081621][T16685]  ? show_regs_print_info+0x20/0x20
[ 2434.086870][T16685]  ? load_image+0x420/0x420
[ 2434.091467][T16685]  ? __might_sleep+0xe0/0xe0
[ 2434.096097][T16685]  ? __lock_acquire+0x7d40/0x7d40
[ 2434.101138][T16685]  should_fail_ex+0x39d/0x4d0
[ 2434.105845][T16685]  should_failslab+0x9/0x20
[ 2434.110387][T16685]  slab_pre_alloc_hook+0x59/0x310
[ 2434.115488][T16685]  ? __lock_acquire+0x7d40/0x7d40
[ 2434.120607][T16685]  ? kvmalloc_node+0x70/0x180
[ 2434.125328][T16685]  ? kvmalloc_node+0x70/0x180
[ 2434.130025][T16685]  __kmem_cache_alloc_node+0x53/0x250
[ 2434.135427][T16685]  ? __schedule_delayed_monitor_work+0x200/0x200
[ 2434.141788][T16685]  ? kvmalloc_node+0x70/0x180
[ 2434.146497][T16685]  __kmalloc_node+0xa4/0x230
[ 2434.151125][T16685]  kvmalloc_node+0x70/0x180
[ 2434.155650][T16685]  bpf_test_run_xdp_live+0x1c2/0x1b20
[ 2434.161052][T16685]  ? 0xffffffffa0004740
[ 2434.165221][T16685]  ? 0xffffffffa0004740
[ 2434.169391][T16685]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 2434.175313][T16685]  ? 0xffffffffa0004740
[ 2434.179510][T16685]  ? xdp_convert_md_to_buff+0x330/0x330
[ 2434.185099][T16685]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 2434.191360][T16685]  ? _copy_from_user+0xa5/0xe0
[ 2434.196174][T16685]  ? bpf_test_init+0x119/0x140
[ 2434.200962][T16685]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 2434.206467][T16685]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 2434.211885][T16685]  ? dev_put+0x80/0x80
[ 2434.215990][T16685]  ? dev_put+0x80/0x80
[ 2434.220084][T16685]  bpf_prog_test_run+0x321/0x390
[ 2434.225064][T16685]  __sys_bpf+0x49d/0x890
[ 2434.229334][T16685]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2434.234742][T16685]  ? lock_chain_count+0x20/0x20
[ 2434.239630][T16685]  __x64_sys_bpf+0x7c/0x90
[ 2434.244075][T16685]  do_syscall_64+0x55/0xa0
[ 2434.248512][T16685]  ? clear_bhb_loop+0x40/0x90
[ 2434.253223][T16685]  ? clear_bhb_loop+0x40/0x90
[ 2434.257923][T16685]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2434.263837][T16685] RIP: 0033:0x7f3fe359c819
[ 2434.268269][T16685] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2434.287901][T16685] RSP: 002b:00007f3fe445f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2434.296411][T16685] RAX: ffffffffffffffda RBX: 00007f3fe3815fa0 RCX: 00007f3fe359c819
[ 2434.304409][T16685] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2434.312404][T16685] RBP: 00007f3fe445f090 R08: 0000000000000000 R09: 0000000000000000
[ 2434.320406][T16685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2434.328412][T16685] R13: 00007f3fe3816038 R14: 00007f3fe3815fa0 R15: 00007ffc16132bc8
[ 2434.336441][T16685]  </TASK>
[ 2434.521963][T16683] netlink: 'syz.1.15351': attribute type 10 has an invalid length.
[ 2440.655518][T16726] netlink: 'syz.1.15365': attribute type 153 has an invalid length.
[ 2440.665242][T16726] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.15365'.
[ 2443.818490][T16752] FAULT_INJECTION: forcing a failure.
[ 2443.818490][T16752] name failslab, interval 1, probability 0, space 0, times 0
[ 2443.844583][T16752] CPU: 1 PID: 16752 Comm: syz.2.15376 Not tainted syzkaller #0
[ 2443.852283][T16752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2443.862383][T16752] Call Trace:
[ 2443.865701][T16752]  <TASK>
[ 2443.868667][T16752]  dump_stack_lvl+0x18c/0x250
[ 2443.873397][T16752]  ? show_regs_print_info+0x20/0x20
[ 2443.878664][T16752]  ? load_image+0x420/0x420
[ 2443.883208][T16752]  ? __might_sleep+0xe0/0xe0
[ 2443.887838][T16752]  ? __lock_acquire+0x7d40/0x7d40
[ 2443.892898][T16752]  should_fail_ex+0x39d/0x4d0
[ 2443.897624][T16752]  should_failslab+0x9/0x20
[ 2443.902177][T16752]  slab_pre_alloc_hook+0x59/0x310
[ 2443.907254][T16752]  ? kvmalloc_node+0x70/0x180
[ 2443.911984][T16752]  ? kvmalloc_node+0x70/0x180
[ 2443.916716][T16752]  __kmem_cache_alloc_node+0x53/0x250
[ 2443.922161][T16752]  ? kvmalloc_node+0x70/0x180
[ 2443.926893][T16752]  __kmalloc_node+0xa4/0x230
[ 2443.931540][T16752]  kvmalloc_node+0x70/0x180
[ 2443.936094][T16752]  bpf_test_run_xdp_live+0x1e9/0x1b20
[ 2443.941526][T16752]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 2443.946864][T16752]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 2443.952198][T16752]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 2443.958143][T16752]  ? bpf_dispatcher_xdp+0x800/0x1000
[ 2443.963507][T16752]  ? xdp_convert_md_to_buff+0x330/0x330
[ 2443.969138][T16752]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 2443.975421][T16752]  ? _copy_from_user+0xa5/0xe0
[ 2443.980227][T16752]  ? bpf_test_init+0x119/0x140
[ 2443.985028][T16752]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 2443.990528][T16752]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 2443.995959][T16752]  ? dev_put+0x80/0x80
[ 2444.000075][T16752]  ? dev_put+0x80/0x80
[ 2444.004176][T16752]  bpf_prog_test_run+0x321/0x390
[ 2444.009149][T16752]  __sys_bpf+0x49d/0x890
[ 2444.013431][T16752]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2444.018865][T16752]  ? lock_chain_count+0x20/0x20
[ 2444.023765][T16752]  __x64_sys_bpf+0x7c/0x90
[ 2444.028214][T16752]  do_syscall_64+0x55/0xa0
[ 2444.032663][T16752]  ? clear_bhb_loop+0x40/0x90
[ 2444.037374][T16752]  ? clear_bhb_loop+0x40/0x90
[ 2444.042089][T16752]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2444.048021][T16752] RIP: 0033:0x7f4ef699c819
[ 2444.052472][T16752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2444.072136][T16752] RSP: 002b:00007f4ef77b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2444.080594][T16752] RAX: ffffffffffffffda RBX: 00007f4ef6c15fa0 RCX: 00007f4ef699c819
[ 2444.088619][T16752] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2444.096627][T16752] RBP: 00007f4ef77b5090 R08: 0000000000000000 R09: 0000000000000000
[ 2444.104655][T16752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2444.112670][T16752] R13: 00007f4ef6c16038 R14: 00007f4ef6c15fa0 R15: 00007ffc963a93a8
[ 2444.120727][T16752]  </TASK>
[ 2444.349216][T16766] netlink: 'syz.1.15379': attribute type 10 has an invalid length.
[ 2444.528944][T16771] FAULT_INJECTION: forcing a failure.
[ 2444.528944][T16771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2444.554978][T16771] CPU: 1 PID: 16771 Comm: syz.2.15381 Not tainted syzkaller #0
[ 2444.562647][T16771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2444.572744][T16771] Call Trace:
[ 2444.576064][T16771]  <TASK>
[ 2444.579034][T16771]  dump_stack_lvl+0x18c/0x250
[ 2444.583777][T16771]  ? show_regs_print_info+0x20/0x20
[ 2444.589032][T16771]  ? load_image+0x420/0x420
[ 2444.593608][T16771]  ? __might_fault+0xaa/0x120
[ 2444.598341][T16771]  ? __lock_acquire+0x7d40/0x7d40
[ 2444.603439][T16771]  should_fail_ex+0x39d/0x4d0
[ 2444.608170][T16771]  _copy_from_iter+0x1d9/0x12e0
[ 2444.613058][T16771]  ? slab_post_alloc_hook+0x8a/0x4b0
[ 2444.618395][T16771]  ? __virt_addr_valid+0x18c/0x540
[ 2444.623569][T16771]  ? __lock_acquire+0x7d40/0x7d40
[ 2444.628667][T16771]  ? rcu_is_watching+0x15/0xb0
[ 2444.633484][T16771]  ? copyout_mc+0x70/0x70
[ 2444.637868][T16771]  ? __virt_addr_valid+0x18c/0x540
[ 2444.643030][T16771]  ? __virt_addr_valid+0x18c/0x540
[ 2444.648198][T16771]  ? __virt_addr_valid+0x469/0x540
[ 2444.653357][T16771]  ? __check_object_size+0x506/0xa20
[ 2444.658801][T16771]  netlink_sendmsg+0x76b/0xbf0
[ 2444.663622][T16771]  ? perf_trace_lock+0x304/0x3b0
[ 2444.668606][T16771]  ? netlink_getsockopt+0x590/0x590
[ 2444.673847][T16771]  ? aa_sock_msg_perm+0x94/0x150
[ 2444.678864][T16771]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2444.684193][T16771]  ? security_socket_sendmsg+0x80/0xa0
[ 2444.689690][T16771]  ? netlink_getsockopt+0x590/0x590
[ 2444.694947][T16771]  ____sys_sendmsg+0x5ba/0x960
[ 2444.699761][T16771]  ? __asan_memset+0x22/0x40
[ 2444.704392][T16771]  ? __sys_sendmsg_sock+0x30/0x30
[ 2444.709453][T16771]  ? __import_iovec+0x5f2/0x850
[ 2444.714355][T16771]  ? import_iovec+0x73/0xa0
[ 2444.718934][T16771]  ___sys_sendmsg+0x2a6/0x360
[ 2444.723661][T16771]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2444.728502][T16771]  ? __lock_acquire+0x7d40/0x7d40
[ 2444.733644][T16771]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2444.738541][T16771]  ? __x64_sys_sendmsg+0x80/0x80
[ 2444.743559][T16771]  ? lockdep_hardirqs_on+0x98/0x150
[ 2444.748851][T16771]  do_syscall_64+0x55/0xa0
[ 2444.753300][T16771]  ? clear_bhb_loop+0x40/0x90
[ 2444.758032][T16771]  ? clear_bhb_loop+0x40/0x90
[ 2444.762769][T16771]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2444.768739][T16771] RIP: 0033:0x7f4ef699c819
[ 2444.773201][T16771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2444.792937][T16771] RSP: 002b:00007f4ef7794028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2444.801463][T16771] RAX: ffffffffffffffda RBX: 00007f4ef6c16090 RCX: 00007f4ef699c819
[ 2444.809483][T16771] RDX: 000000000400c084 RSI: 0000200000000040 RDI: 0000000000000006
[ 2444.817492][T16771] RBP: 00007f4ef7794090 R08: 0000000000000000 R09: 0000000000000000
[ 2444.825533][T16771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2444.833741][T16771] R13: 00007f4ef6c16128 R14: 00007f4ef6c16090 R15: 00007ffc963a93a8
[ 2444.841811][T16771]  </TASK>
[ 2450.976316][T16818] FAULT_INJECTION: forcing a failure.
[ 2450.976316][T16818] name failslab, interval 1, probability 0, space 0, times 0
[ 2450.989317][T16818] CPU: 0 PID: 16818 Comm: syz.3.15401 Not tainted syzkaller #0
[ 2450.996918][T16818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2451.007003][T16818] Call Trace:
[ 2451.010312][T16818]  <TASK>
[ 2451.013265][T16818]  dump_stack_lvl+0x18c/0x250
[ 2451.017974][T16818]  ? show_regs_print_info+0x20/0x20
[ 2451.023204][T16818]  ? load_image+0x420/0x420
[ 2451.027739][T16818]  ? __might_sleep+0xe0/0xe0
[ 2451.032371][T16818]  ? __lock_acquire+0x7d40/0x7d40
[ 2451.037439][T16818]  should_fail_ex+0x39d/0x4d0
[ 2451.042148][T16818]  should_failslab+0x9/0x20
[ 2451.046686][T16818]  slab_pre_alloc_hook+0x59/0x310
[ 2451.051771][T16818]  ? page_pool_create+0x71/0x5c0
[ 2451.056750][T16818]  __kmem_cache_alloc_node+0x53/0x250
[ 2451.062182][T16818]  ? page_pool_create+0x71/0x5c0
[ 2451.067149][T16818]  kmalloc_node_trace+0x26/0xe0
[ 2451.072030][T16818]  page_pool_create+0x71/0x5c0
[ 2451.076824][T16818]  bpf_test_run_xdp_live+0x203/0x1b20
[ 2451.082234][T16818]  ? 0xffffffffa0004740
[ 2451.086413][T16818]  ? 0xffffffffa0004740
[ 2451.090577][T16818]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 2451.096480][T16818]  ? 0xffffffffa0004740
[ 2451.100653][T16818]  ? xdp_convert_md_to_buff+0x330/0x330
[ 2451.106234][T16818]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 2451.112500][T16818]  ? _copy_from_user+0xa5/0xe0
[ 2451.117299][T16818]  ? bpf_test_init+0x119/0x140
[ 2451.122085][T16818]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 2451.127585][T16818]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 2451.132993][T16818]  ? dev_put+0x80/0x80
[ 2451.137090][T16818]  ? dev_put+0x80/0x80
[ 2451.141197][T16818]  bpf_prog_test_run+0x321/0x390
[ 2451.146154][T16818]  __sys_bpf+0x49d/0x890
[ 2451.150415][T16818]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2451.155811][T16818]  ? lock_chain_count+0x20/0x20
[ 2451.160773][T16818]  __x64_sys_bpf+0x7c/0x90
[ 2451.165231][T16818]  do_syscall_64+0x55/0xa0
[ 2451.169748][T16818]  ? clear_bhb_loop+0x40/0x90
[ 2451.174438][T16818]  ? clear_bhb_loop+0x40/0x90
[ 2451.179134][T16818]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2451.185045][T16818] RIP: 0033:0x7fc49839c819
[ 2451.189483][T16818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2451.209121][T16818] RSP: 002b:00007fc4992df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2451.217553][T16818] RAX: ffffffffffffffda RBX: 00007fc498615fa0 RCX: 00007fc49839c819
[ 2451.225546][T16818] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2451.233533][T16818] RBP: 00007fc4992df090 R08: 0000000000000000 R09: 0000000000000000
[ 2451.241526][T16818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2451.249521][T16818] R13: 00007fc498616038 R14: 00007fc498615fa0 R15: 00007ffe6c4e2678
[ 2451.257520][T16818]  </TASK>
[ 2451.583678][T16836] netlink: 'syz.1.15406': attribute type 10 has an invalid length.
[ 2451.623319][T16837] FAULT_INJECTION: forcing a failure.
[ 2451.623319][T16837] name failslab, interval 1, probability 0, space 0, times 0
[ 2451.636256][T16837] CPU: 1 PID: 16837 Comm: syz.2.15408 Not tainted syzkaller #0
[ 2451.643907][T16837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2451.653980][T16837] Call Trace:
[ 2451.657285][T16837]  <TASK>
[ 2451.660314][T16837]  dump_stack_lvl+0x18c/0x250
[ 2451.665008][T16837]  ? show_regs_print_info+0x20/0x20
[ 2451.670227][T16837]  ? load_image+0x420/0x420
[ 2451.674754][T16837]  ? verify_lock_unused+0x140/0x140
[ 2451.679964][T16837]  ? perf_trace_lock+0x304/0x3b0
[ 2451.684935][T16837]  should_fail_ex+0x39d/0x4d0
[ 2451.689667][T16837]  should_failslab+0x9/0x20
[ 2451.694217][T16837]  slab_pre_alloc_hook+0x59/0x310
[ 2451.699303][T16837]  kmem_cache_alloc+0x5a/0x2d0
[ 2451.704109][T16837]  ? skb_clone+0x1eb/0x370
[ 2451.708577][T16837]  skb_clone+0x1eb/0x370
[ 2451.712872][T16837]  __netlink_deliver_tap+0x41c/0x830
[ 2451.718239][T16837]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2451.723505][T16837]  netlink_deliver_tap+0x19c/0x1b0
[ 2451.728672][T16837]  netlink_unicast+0x72c/0x8d0
[ 2451.733501][T16837]  netlink_sendmsg+0x8d0/0xbf0
[ 2451.738311][T16837]  ? perf_trace_lock+0x304/0x3b0
[ 2451.743312][T16837]  ? netlink_getsockopt+0x590/0x590
[ 2451.748574][T16837]  ? aa_sock_msg_perm+0x94/0x150
[ 2451.753559][T16837]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2451.758901][T16837]  ? security_socket_sendmsg+0x80/0xa0
[ 2451.764428][T16837]  ? netlink_getsockopt+0x590/0x590
[ 2451.769685][T16837]  ____sys_sendmsg+0x5ba/0x960
[ 2451.774505][T16837]  ? __asan_memset+0x22/0x40
[ 2451.779167][T16837]  ? __sys_sendmsg_sock+0x30/0x30
[ 2451.784247][T16837]  ? __import_iovec+0x5f2/0x850
[ 2451.789184][T16837]  ? import_iovec+0x73/0xa0
[ 2451.793772][T16837]  ___sys_sendmsg+0x2a6/0x360
[ 2451.798523][T16837]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2451.803409][T16837]  ? trace_call_bpf+0xc3/0x6c0
[ 2451.808269][T16837]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2451.813178][T16837]  ? __x64_sys_sendmsg+0x80/0x80
[ 2451.818217][T16837]  ? lockdep_hardirqs_on+0x98/0x150
[ 2451.823481][T16837]  do_syscall_64+0x55/0xa0
[ 2451.827950][T16837]  ? clear_bhb_loop+0x40/0x90
[ 2451.832684][T16837]  ? clear_bhb_loop+0x40/0x90
[ 2451.837410][T16837]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2451.843363][T16837] RIP: 0033:0x7f4ef699c819
[ 2451.847837][T16837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2451.867488][T16837] RSP: 002b:00007f4ef7794028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2451.875956][T16837] RAX: ffffffffffffffda RBX: 00007f4ef6c16090 RCX: 00007f4ef699c819
[ 2451.883972][T16837] RDX: 000000000400c084 RSI: 0000200000000040 RDI: 0000000000000006
[ 2451.891991][T16837] RBP: 00007f4ef7794090 R08: 0000000000000000 R09: 0000000000000000
[ 2451.900017][T16837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2451.908023][T16837] R13: 00007f4ef6c16128 R14: 00007f4ef6c16090 R15: 00007ffc963a93a8
[ 2451.916063][T16837]  </TASK>
[ 2451.934797][T16837] netlink: 'syz.2.15408': attribute type 10 has an invalid length.
[ 2456.400069][T16900] netlink: 'syz.2.15435': attribute type 3 has an invalid length.
[ 2456.416899][T16900] netlink: 'syz.2.15435': attribute type 1 has an invalid length.
[ 2456.425118][T16900] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.15435'.
[ 2456.517746][T16907] FAULT_INJECTION: forcing a failure.
[ 2456.517746][T16907] name failslab, interval 1, probability 0, space 0, times 0
[ 2456.530996][T16907] CPU: 1 PID: 16907 Comm: syz.0.15436 Not tainted syzkaller #0
[ 2456.538599][T16907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2456.548712][T16907] Call Trace:
[ 2456.552048][T16907]  <TASK>
[ 2456.555040][T16907]  dump_stack_lvl+0x18c/0x250
[ 2456.559798][T16907]  ? show_regs_print_info+0x20/0x20
[ 2456.565080][T16907]  ? load_image+0x420/0x420
[ 2456.569658][T16907]  ? skb_network_protocol+0x51f/0x780
[ 2456.575115][T16907]  should_fail_ex+0x39d/0x4d0
[ 2456.579874][T16907]  should_failslab+0x9/0x20
[ 2456.584432][T16907]  slab_pre_alloc_hook+0x59/0x310
[ 2456.589527][T16907]  kmem_cache_alloc+0x5a/0x2d0
[ 2456.594357][T16907]  ? skb_clone+0x1eb/0x370
[ 2456.598849][T16907]  skb_clone+0x1eb/0x370
[ 2456.603155][T16907]  ? dev_queue_xmit_nit+0x212/0xbb0
[ 2456.608435][T16907]  dev_queue_xmit_nit+0x24d/0xbb0
[ 2456.613536][T16907]  ? dev_queue_xmit_nit+0x2d/0xbb0
[ 2456.618744][T16907]  ? validate_xmit_skb+0x949/0xf60
[ 2456.623934][T16907]  dev_hard_start_xmit+0x148/0x740
[ 2456.629155][T16907]  __dev_queue_xmit+0x19a3/0x3660
[ 2456.634293][T16907]  ? __dev_queue_xmit+0x265/0x3660
[ 2456.639545][T16907]  ? netdev_core_pick_tx+0x340/0x340
[ 2456.644904][T16907]  ? __copy_skb_header+0xa3/0x4a0
[ 2456.650006][T16907]  ? __asan_memcpy+0x40/0x70
[ 2456.654675][T16907]  ? __skb_clone+0x63/0x790
[ 2456.659265][T16907]  ? __skb_clone+0x480/0x790
[ 2456.663969][T16907]  ? skb_clone+0x21f/0x370
[ 2456.668472][T16907]  __netlink_deliver_tap+0x5ab/0x830
[ 2456.673858][T16907]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2456.679150][T16907]  netlink_deliver_tap+0x19c/0x1b0
[ 2456.684344][T16907]  netlink_unicast+0x72c/0x8d0
[ 2456.689216][T16907]  netlink_sendmsg+0x8d0/0xbf0
[ 2456.694058][T16907]  ? perf_trace_lock+0x304/0x3b0
[ 2456.699079][T16907]  ? netlink_getsockopt+0x590/0x590
[ 2456.704363][T16907]  ? aa_sock_msg_perm+0x94/0x150
[ 2456.709376][T16907]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2456.714735][T16907]  ? security_socket_sendmsg+0x80/0xa0
[ 2456.720264][T16907]  ? netlink_getsockopt+0x590/0x590
[ 2456.725545][T16907]  ____sys_sendmsg+0x5ba/0x960
[ 2456.730395][T16907]  ? __asan_memset+0x22/0x40
[ 2456.735058][T16907]  ? __sys_sendmsg_sock+0x30/0x30
[ 2456.740142][T16907]  ? __import_iovec+0x5f2/0x850
[ 2456.745083][T16907]  ? import_iovec+0x73/0xa0
[ 2456.749669][T16907]  ___sys_sendmsg+0x2a6/0x360
[ 2456.754433][T16907]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2456.759402][T16907]  ? __lock_acquire+0x7d40/0x7d40
[ 2456.764560][T16907]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2456.769484][T16907]  ? __x64_sys_sendmsg+0x80/0x80
[ 2456.774526][T16907]  ? lockdep_hardirqs_on+0x98/0x150
[ 2456.779810][T16907]  do_syscall_64+0x55/0xa0
[ 2456.784301][T16907]  ? clear_bhb_loop+0x40/0x90
[ 2456.789052][T16907]  ? clear_bhb_loop+0x40/0x90
[ 2456.793803][T16907]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2456.799757][T16907] RIP: 0033:0x7f3fe359c819
[ 2456.804229][T16907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2456.823911][T16907] RSP: 002b:00007f3fe443e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2456.832423][T16907] RAX: ffffffffffffffda RBX: 00007f3fe3816090 RCX: 00007f3fe359c819
[ 2456.840476][T16907] RDX: 000000000400c084 RSI: 0000200000000040 RDI: 0000000000000006
[ 2456.848526][T16907] RBP: 00007f3fe443e090 R08: 0000000000000000 R09: 0000000000000000
[ 2456.856548][T16907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2456.864604][T16907] R13: 00007f3fe3816128 R14: 00007f3fe3816090 R15: 00007ffc16132bc8
[ 2456.872804][T16907]  </TASK>
[ 2456.887582][T16907] netlink: 'syz.0.15436': attribute type 10 has an invalid length.
[ 2457.170918][T16920] netlink: 'syz.3.15442': attribute type 1 has an invalid length.
[ 2457.180684][T16920] netlink: 15743 bytes leftover after parsing attributes in process `syz.3.15442'.
[ 2457.512836][T16930] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15446'.
[ 2457.522235][T16930] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15446'.
[ 2457.537011][T16930] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15446'.
[ 2461.171234][T16974] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15460'.
[ 2461.199009][T16974] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15460'.
[ 2461.248476][T16974] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15460'.
[ 2463.978221][T16985] veth0_vlan: entered allmulticast mode
[ 2464.090360][T16986] veth0_vlan: left promiscuous mode
[ 2464.101275][T16986] veth0_vlan: entered promiscuous mode
[ 2464.118736][T16989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15466'.
[ 2464.146138][T16991] netlink: 'syz.2.15466': attribute type 6 has an invalid length.
[ 2464.157116][T16991] netlink: 164 bytes leftover after parsing attributes in process `syz.2.15466'.
[ 2464.433552][T17003] netlink: 'syz.3.15470': attribute type 10 has an invalid length.
[ 2464.452800][T17003] FAULT_INJECTION: forcing a failure.
[ 2464.452800][T17003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2464.491893][T17003] CPU: 1 PID: 17003 Comm: syz.3.15470 Not tainted syzkaller #0
[ 2464.499548][T17003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2464.509676][T17003] Call Trace:
[ 2464.513023][T17003]  <TASK>
[ 2464.516014][T17003]  dump_stack_lvl+0x18c/0x250
[ 2464.520819][T17003]  ? show_regs_print_info+0x20/0x20
[ 2464.526110][T17003]  ? load_image+0x420/0x420
[ 2464.530749][T17003]  ? __might_fault+0xaa/0x120
[ 2464.535646][T17003]  ? __lock_acquire+0x7d40/0x7d40
[ 2464.540806][T17003]  should_fail_ex+0x39d/0x4d0
[ 2464.545626][T17003]  _copy_from_user+0x2f/0xe0
[ 2464.550304][T17003]  kstrtouint_from_user+0xde/0x170
[ 2464.555543][T17003]  ? kstrtol_from_user+0x190/0x190
[ 2464.560791][T17003]  proc_fail_nth_write+0x8f/0x250
[ 2464.565872][T17003]  ? proc_fail_nth_read+0x260/0x260
[ 2464.571159][T17003]  ? proc_fail_nth_read+0x260/0x260
[ 2464.576514][T17003]  vfs_write+0x296/0x990
[ 2464.580879][T17003]  ? file_end_write+0x250/0x250
[ 2464.585820][T17003]  ? __fget_files+0x28/0x4b0
[ 2464.590487][T17003]  ? __fget_files+0x28/0x4b0
[ 2464.595159][T17003]  ? __fget_files+0x43d/0x4b0
[ 2464.599955][T17003]  ? __fdget_pos+0x2a3/0x330
[ 2464.604619][T17003]  ? ksys_write+0x75/0x260
[ 2464.609124][T17003]  ksys_write+0x150/0x260
[ 2464.613606][T17003]  ? __ia32_sys_read+0x90/0x90
[ 2464.618469][T17003]  ? lockdep_hardirqs_on+0x98/0x150
[ 2464.623744][T17003]  do_syscall_64+0x55/0xa0
[ 2464.628223][T17003]  ? clear_bhb_loop+0x40/0x90
[ 2464.632969][T17003]  ? clear_bhb_loop+0x40/0x90
[ 2464.637715][T17003]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2464.643693][T17003] RIP: 0033:0x7fc49835d04e
[ 2464.648151][T17003] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2464.667878][T17003] RSP: 002b:00007fc4992bdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2464.676330][T17003] RAX: ffffffffffffffda RBX: 00007fc4992be6c0 RCX: 00007fc49835d04e
[ 2464.684360][T17003] RDX: 0000000000000001 RSI: 00007fc4992be0a0 RDI: 0000000000000008
[ 2464.692366][T17003] RBP: 00007fc4992be090 R08: 0000000000000000 R09: 0000000000000000
[ 2464.700376][T17003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2464.708386][T17003] R13: 00007fc498616128 R14: 00007fc498616090 R15: 00007ffe6c4e2678
[ 2464.716431][T17003]  </TASK>
[ 2465.206611][T17005] netlink: 'syz.0.15471': attribute type 29 has an invalid length.
[ 2465.224899][T17005] netlink: 'syz.0.15471': attribute type 3 has an invalid length.
[ 2465.233483][T17005] netlink: 132 bytes leftover after parsing attributes in process `syz.0.15471'.
[ 2466.490793][T17010] tc_dump_action: action bad kind
[ 2467.395258][T17024] veth0_vlan: entered allmulticast mode
[ 2467.605674][T17026] veth0_vlan: left promiscuous mode
[ 2467.628165][T17026] veth0_vlan: entered promiscuous mode
[ 2467.812025][T17031] netlink: 60 bytes leftover after parsing attributes in process `syz.3.15480'.
[ 2467.867156][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2467.880939][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2467.887501][T17031] netlink: 60 bytes leftover after parsing attributes in process `syz.3.15480'.
[ 2467.902105][T17031] netlink: 60 bytes leftover after parsing attributes in process `syz.3.15480'.
[ 2471.887486][T17064] netlink: 'syz.1.15486': attribute type 29 has an invalid length.
[ 2471.895682][T17064] netlink: 'syz.1.15486': attribute type 3 has an invalid length.
[ 2471.903746][T17064] netlink: 132 bytes leftover after parsing attributes in process `syz.1.15486'.
[ 2472.839248][T17061] tc_dump_action: action bad kind
[ 2472.870846][T17062] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2473.417316][T17085] netlink: 'syz.0.15496': attribute type 10 has an invalid length.
[ 2474.186079][T16546] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2474.199519][T16546] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2474.217195][T16546] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2474.228233][T16546] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2474.240382][T16546] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2474.248274][T16546] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2474.681692][T17103] netlink: 'syz.2.15502': attribute type 3 has an invalid length.
[ 2474.696918][T17103] netlink: 'syz.2.15502': attribute type 5 has an invalid length.
[ 2475.920351][T11243] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2475.952578][T17107] netlink: 164 bytes leftover after parsing attributes in process `syz.2.15504'.
[ 2476.093421][T11243] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2476.232299][T11243] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2476.289575][T17090] chnl_net:caif_netlink_parms(): no params data found
[ 2476.306980][T16546] Bluetooth: hci0: command tx timeout
[ 2476.313615][T17123] netlink: 65055 bytes leftover after parsing attributes in process `syz.1.15510'.
[ 2476.344211][T11243] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2476.473098][T17090] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2476.483076][T17090] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2476.490967][T17090] bridge_slave_0: entered allmulticast mode
[ 2476.498635][T17090] bridge_slave_0: entered promiscuous mode
[ 2476.567864][T17090] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2476.575295][T17090] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2476.587692][T17090] bridge_slave_1: entered allmulticast mode
[ 2476.595343][T17090] bridge_slave_1: entered promiscuous mode
[ 2476.734187][T17090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2476.753640][T11243] tipc: Left network mode
[ 2476.763188][T17090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2476.930027][T17090] team0: Port device team_slave_0 added
[ 2478.408647][T16546] Bluetooth: hci0: command tx timeout
[ 2479.724216][T17090] team0: Port device team_slave_1 added
[ 2479.736415][T17146] netlink: 168 bytes leftover after parsing attributes in process `syz.2.15515'.
[ 2479.746026][T17149] netlink: 'syz.2.15515': attribute type 10 has an invalid length.
[ 2479.933124][T17090] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2479.948366][T17090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2479.979056][T17090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2479.994667][T17090] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2480.002238][T17090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2480.036999][T17090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2480.257424][T17173] netlink: 'syz.2.15518': attribute type 10 has an invalid length.
[ 2480.477572][T16546] Bluetooth: hci0: command tx timeout
[ 2482.555493][T16546] Bluetooth: hci0: command tx timeout
[ 2483.262251][T17090] hsr_slave_0: entered promiscuous mode
[ 2483.278141][T17090] hsr_slave_1: entered promiscuous mode
[ 2483.294232][T17090] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2483.306890][T17090] Cannot create hsr debugfs directory
[ 2484.409527][T11243] bond0: (slave wlan1): Releasing backup interface
[ 2485.535705][T11243] hsr_slave_0: left promiscuous mode
[ 2485.552437][T11243] hsr_slave_1: left promiscuous mode
[ 2485.560393][T11243] batman_adv: batadv0: Interface deactivated: 
€Â0
[ 2485.573387][T11243] batman_adv: batadv0: Removing interface: 
€Â0
[ 2485.582219][T11243] bridge0: port 3(batadv0) entered disabled state
[ 2485.592525][T11243] bridge_slave_1: left allmulticast mode
[ 2485.599731][T11243] bridge_slave_1: left promiscuous mode
[ 2485.605572][T11243] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2485.616587][T11243] bridge_slave_0: left allmulticast mode
[ 2485.623602][T11243] bridge_slave_0: left promiscuous mode
[ 2485.629471][T11243] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2485.675451][T11243] veth1_macvtap: left promiscuous mode
[ 2485.681454][T11243] veth0_macvtap: left promiscuous mode
[ 2485.687889][T11243] veth1_vlan: left promiscuous mode
[ 2485.694556][T11243] veth0_vlan: left promiscuous mode
[ 2486.433536][T11243] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 2486.481495][T11243] team0 (unregistering): Port device team_slave_1 removed
[ 2486.529064][T11243] team0 (unregistering): Port device team_slave_0 removed
[ 2486.574378][T11243] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2486.624296][T11243] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2486.941606][T11243] bond0 (unregistering): Released all slaves
[ 2487.051630][T17250] mac80211_hwsim hwsim127 wlan0: left promiscuous mode
[ 2487.058840][T17250] mac80211_hwsim hwsim127 wlan0: left allmulticast mode
[ 2487.558350][T17090] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2487.603644][T17090] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2487.634552][T17090] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2487.728059][T17090] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2487.984813][T17090] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2488.082723][T17090] 8021q: adding VLAN 0 to HW filter on device team0
[ 2488.129852][T14772] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2488.137131][T14772] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2488.285263][T14772] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2488.292510][T14772] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2488.581792][T17090] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2488.837392][T17293] netlink: 'syz.0.15540': attribute type 10 has an invalid length.
[ 2488.845487][T17293] netlink: 40 bytes leftover after parsing attributes in process `syz.0.15540'.
[ 2488.913681][T17293] batman_adv: batadv0: Adding interface: veth1_virt_wifi
[ 2488.940320][T17293] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2489.024385][T17293] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[ 2489.335651][T17090] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2489.458557][T17090] veth0_vlan: entered promiscuous mode
[ 2489.499262][T17090] veth1_vlan: entered promiscuous mode
[ 2489.585290][T17090] veth0_macvtap: entered promiscuous mode
[ 2489.628506][T17090] veth1_macvtap: entered promiscuous mode
[ 2489.678494][T17090] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2489.699745][T17090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2489.722383][T17090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2489.734456][T17090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2489.748725][T17090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2489.761688][T17090] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2489.788448][T17090] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2489.801151][T17090] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2489.814746][T17090] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2489.826401][T17090] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2490.856569][T11232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2490.889973][T11232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2490.933901][T17330] netlink: 144 bytes leftover after parsing attributes in process `syz.1.15546'.
[ 2491.058248][T17330] team0: Port device team_slave_0 removed
[ 2491.078454][T17330] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[ 2491.111978][T14772] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2491.141415][T14772] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2492.357664][T17372] netlink: 'syz.0.15564': attribute type 39 has an invalid length.
[ 2494.984861][T17372] veth0_macvtap: left promiscuous mode
[ 2495.048631][T17376] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.15564'.
[ 2495.066356][T17376] bridge_slave_1: default FDB implementation only supports local addresses
[ 2496.743092][T17422] netlink: 76 bytes leftover after parsing attributes in process `syz.3.15570'.
[ 2499.755614][T17439] netlink: 'syz.1.15576': attribute type 10 has an invalid length.
[ 2500.560902][T17457] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.15584'.
[ 2500.582983][T17457] netlink: 6324 bytes leftover after parsing attributes in process `syz.2.15584'.
[ 2502.380852][T17477] netlink: 'syz.2.15587': attribute type 10 has an invalid length.
[ 2502.468213][T17480] netlink: 'syz.0.15593': attribute type 3 has an invalid length.
[ 2502.505018][T17480] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.15593'.
[ 2503.696319][T17521] netlink: 'syz.3.15605': attribute type 10 has an invalid length.
[ 2503.707838][T17521] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2503.731081][T17521] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2503.766539][T17521] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 2504.389766][T17535] netlink: 'syz.2.15615': attribute type 49 has an invalid length.
[ 2504.448817][T17535] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.15615'.
[ 2504.630290][T17544] netlink: set zone limit has 8 unknown bytes
[ 2504.673388][T17543] netlink: 'syz.3.15617': attribute type 10 has an invalid length.
[ 2504.694455][T17543] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15617'.
[ 2504.706620][T17543] batman_adv: batadv0: Adding interface: veth0_vlan
[ 2504.713719][T17543] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2504.773857][T17543] batman_adv: batadv0: Interface activated: veth0_vlan
[ 2505.016398][T17555] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.15622'.
[ 2505.195506][T17566] netlink: 132 bytes leftover after parsing attributes in process `syz.0.15624'.
[ 2506.216697][T16546] Bluetooth: hci2: unexpected event 0x3c length: 15 > 7
[ 2507.281968][T17621] mac80211_hwsim hwsim128 wlan1: entered allmulticast mode
[ 2507.688633][T17630] netlink: 'syz.1.15648': attribute type 1 has an invalid length.
[ 2507.702725][T17630] netlink: 'syz.1.15648': attribute type 3 has an invalid length.
[ 2507.719854][T17630] netlink: 132 bytes leftover after parsing attributes in process `syz.1.15648'.
[ 2508.407637][T17658] netlink: 'syz.1.15659': attribute type 10 has an invalid length.
[ 2508.911869][T17673] netlink: 14 bytes leftover after parsing attributes in process `syz.3.15662'.
[ 2509.891044][T17697] veth1_to_bond: entered allmulticast mode
[ 2510.660445][T17734] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2510.894871][T17747] netlink: 16410 bytes leftover after parsing attributes in process `syz.3.15691'.
[ 2510.907107][T17747] syz.3.15691[17747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2510.907246][T17747] syz.3.15691[17747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2511.223598][T17754] delete_channel: no stack
[ 2511.821865][T17753] delete_channel: no stack
[ 2512.089809][T17769] netlink: 'syz.0.15702': attribute type 10 has an invalid length.
[ 2514.988678][T17775] mac80211_hwsim hwsim134 wlan1: entered allmulticast mode
[ 2515.540395][T17808] netlink: 'syz.2.15718': attribute type 3 has an invalid length.
[ 2515.563122][T17808] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.15718'.
[ 2515.603458][T17808] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.15718'.
[ 2515.619184][T17817] netlink: 'syz.1.15719': attribute type 10 has an invalid length.
[ 2517.529817][T17824] mac80211_hwsim hwsim140 wlan1: entered allmulticast mode
[ 2517.675229][T17838] netlink: 'syz.1.15726': attribute type 21 has an invalid length.
[ 2517.695331][T17838] netlink: 132 bytes leftover after parsing attributes in process `syz.1.15726'.
[ 2518.853257][T17862] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.15736'.
[ 2519.055325][T17871] netlink: 132 bytes leftover after parsing attributes in process `syz.1.15740'.
[ 2519.084611][T17871] netlink: 'syz.1.15740': attribute type 21 has an invalid length.
[ 2519.101025][T17871] netlink: 156 bytes leftover after parsing attributes in process `syz.1.15740'.
[ 2519.152950][T17871] netlink: 132 bytes leftover after parsing attributes in process `syz.1.15740'.
[ 2519.409951][T17878] netlink: 'syz.2.15742': attribute type 10 has an invalid length.
[ 2519.659285][T17884] netlink: 'syz.2.15744': attribute type 9 has an invalid length.
[ 2519.669933][T17884] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.15744'.
[ 2520.061064][T17893] netlink: 'syz.1.15748': attribute type 4 has an invalid length.
[ 2520.360202][T17893] netlink: 'syz.1.15748': attribute type 29 has an invalid length.
[ 2520.401270][T17893] netlink: 'syz.1.15748': attribute type 29 has an invalid length.
[ 2523.463076][T17927] netlink: 'syz.2.15757': attribute type 3 has an invalid length.
[ 2523.494687][T17927] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.15757'.
[ 2524.581858][T17952] netlink: 132 bytes leftover after parsing attributes in process `syz.1.15768'.
[ 2527.404115][T17984] netlink: 132 bytes leftover after parsing attributes in process `syz.2.15781'.
[ 2527.520076][T17983] netlink: 'syz.1.15779': attribute type 10 has an invalid length.
[ 2527.599914][T17983] bond0: (slave team0): Releasing backup interface
[ 2527.620267][T17983] team0 (unregistering): Port device team_slave_1 removed
[ 2527.790193][T17995] netlink: 'syz.1.15786': attribute type 7 has an invalid length.
[ 2529.274427][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[ 2529.281034][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[ 2530.213642][T18060] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.15809'.
[ 2530.525644][T18066] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.15812'.
[ 2530.736522][T18066] netlink: 'syz.1.15812': attribute type 153 has an invalid length.
[ 2530.769659][T18066] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.15812'.
[ 2530.895442][T18065] delete_channel: no stack
[ 2531.163367][T18089] netlink: 'syz.1.15821': attribute type 39 has an invalid length.
[ 2531.265287][T18089] hsr_slave_1 (unregistering): left promiscuous mode
[ 2531.308790][T18088] netlink: 'syz.2.15820': attribute type 21 has an invalid length.
[ 2531.326414][T18088] netlink: 128 bytes leftover after parsing attributes in process `syz.2.15820'.
[ 2531.346079][T18088] netlink: 'syz.2.15820': attribute type 4 has an invalid length.
[ 2531.546581][T18101] netlink: 'syz.3.15825': attribute type 6 has an invalid length.
[ 2535.622599][T18140] netlink: 'syz.3.15839': attribute type 10 has an invalid length.
[ 2535.632723][T18145] netlink: 194488 bytes leftover after parsing attributes in process `syz.0.15840'.
[ 2535.776450][T18140] team0 (unregistering): Port device team_slave_0 removed
[ 2535.837383][T18140] team0 (unregistering): Port device team_slave_1 removed
[ 2536.086452][T18158] netlink: 40 bytes leftover after parsing attributes in process `syz.0.15845'.
[ 2536.429226][T18171] netlink: 60 bytes leftover after parsing attributes in process `syz.3.15850'.
[ 2536.458027][T18171] netlink: 'syz.3.15850': attribute type 10 has an invalid length.
[ 2536.469578][T18171] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15850'.
[ 2536.487537][T18171] dummy0: entered promiscuous mode
[ 2536.500041][T18171] dummy0: entered allmulticast mode
[ 2536.506297][T18171] bridge0: port 3(dummy0) entered blocking state
[ 2536.525050][T18171] bridge0: port 3(dummy0) entered disabled state
[ 2536.535187][T18171] bridge0: port 3(dummy0) entered blocking state
[ 2536.541809][T18171] bridge0: port 3(dummy0) entered forwarding state
[ 2536.798125][T18185] netlink: 40 bytes leftover after parsing attributes in process `syz.2.15858'.
[ 2536.854792][T18189] mac80211_hwsim hwsim140 wlan1: entered promiscuous mode
[ 2537.370362][T18215] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15869'.
[ 2537.667435][T18225] netlink: 'syz.0.15870': attribute type 33 has an invalid length.
[ 2537.726975][T18225] netlink: 36 bytes leftover after parsing attributes in process `syz.0.15870'.
[ 2541.562358][T18257] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.15885'.
[ 2541.616160][T18257] netlink: 'syz.1.15885': attribute type 10 has an invalid length.
[ 2542.231302][T18277] sctp: [Deprecated]: syz.1.15890 (pid 18277) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2542.231302][T18277] Use struct sctp_sack_info instead
[ 2542.805642][T18295] FAULT_INJECTION: forcing a failure.
[ 2542.805642][T18295] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2542.819181][T18295] CPU: 1 PID: 18295 Comm: syz.0.15898 Not tainted syzkaller #0
[ 2542.826796][T18295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2542.836923][T18295] Call Trace:
[ 2542.840258][T18295]  <TASK>
[ 2542.843239][T18295]  dump_stack_lvl+0x18c/0x250
[ 2542.848000][T18295]  ? show_regs_print_info+0x20/0x20
[ 2542.853283][T18295]  ? load_image+0x420/0x420
[ 2542.857836][T18295]  ? __might_fault+0xaa/0x120
[ 2542.862573][T18295]  ? __lock_acquire+0x7d40/0x7d40
[ 2542.867675][T18295]  should_fail_ex+0x39d/0x4d0
[ 2542.872406][T18295]  _copy_from_user+0x2f/0xe0
[ 2542.877069][T18295]  ___sys_recvmsg+0x176/0x590
[ 2542.881794][T18295]  ? __sys_recvmsg+0x2a0/0x2a0
[ 2542.886615][T18295]  ? trace_call_bpf+0xc3/0x6c0
[ 2542.891450][T18295]  ? trace_call_bpf+0x5e9/0x6c0
[ 2542.896389][T18295]  ? __fget_files+0x43d/0x4b0
[ 2542.901137][T18295]  __x64_sys_recvmsg+0x20c/0x2e0
[ 2542.906136][T18295]  ? ___sys_recvmsg+0x590/0x590
[ 2542.911033][T18295]  ? lockdep_hardirqs_on+0x98/0x150
[ 2542.916272][T18295]  do_syscall_64+0x55/0xa0
[ 2542.920706][T18295]  ? clear_bhb_loop+0x40/0x90
[ 2542.925404][T18295]  ? clear_bhb_loop+0x40/0x90
[ 2542.930127][T18295]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2542.936064][T18295] RIP: 0033:0x7f3fe359c819
[ 2542.940517][T18295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2542.960173][T18295] RSP: 002b:00007f3fe443e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 2542.968633][T18295] RAX: ffffffffffffffda RBX: 00007f3fe3816090 RCX: 00007f3fe359c819
[ 2542.976642][T18295] RDX: 0000000000000040 RSI: 0000200000003ec0 RDI: 0000000000000003
[ 2542.984654][T18295] RBP: 00007f3fe443e090 R08: 0000000000000000 R09: 0000000000000000
[ 2542.992682][T18295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2543.000695][T18295] R13: 00007f3fe3816128 R14: 00007f3fe3816090 R15: 00007ffc16132bc8
[ 2543.008739][T18295]  </TASK>
[ 2544.115537][T18317] netlink: 'syz.2.15907': attribute type 2 has an invalid length.
[ 2544.126897][T18317] netlink: 164 bytes leftover after parsing attributes in process `syz.2.15907'.
[ 2545.670635][T18297] netlink: 'syz.3.15899': attribute type 10 has an invalid length.
[ 2545.679273][T18297] netlink: 40 bytes leftover after parsing attributes in process `syz.3.15899'.
[ 2545.688620][T18297] batadv0: entered promiscuous mode
[ 2545.693971][T18297] batadv0: entered allmulticast mode
[ 2545.702168][T18297] bridge0: port 4(batadv0) entered blocking state
[ 2545.712590][T18297] bridge0: port 4(batadv0) entered disabled state
[ 2545.728999][T18297] bridge0: port 4(batadv0) entered blocking state
[ 2545.735583][T18297] bridge0: port 4(batadv0) entered forwarding state
[ 2545.789970][T18319] netlink: 'syz.2.15907': attribute type 10 has an invalid length.
[ 2545.836924][T18319] hsr_slave_0: left promiscuous mode
[ 2545.856674][T18319] hsr_slave_1: left promiscuous mode
[ 2546.082219][T18332] netlink: 148 bytes leftover after parsing attributes in process `syz.0.15913'.
[ 2546.107114][T11224] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 2546.116404][T11224] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 2546.320605][T18344] syzkaller0: entered promiscuous mode
[ 2546.326278][T18344] syzkaller0: entered allmulticast mode
[ 2550.025676][T18346] netlink: 'syz.1.15918': attribute type 10 has an invalid length.
[ 2550.035858][T18369] netlink: 148 bytes leftover after parsing attributes in process `syz.3.15926'.
[ 2550.910396][T18401] netlink: 'syz.0.15937': attribute type 21 has an invalid length.
[ 2550.956416][T18401] netlink: 164 bytes leftover after parsing attributes in process `syz.0.15937'.
[ 2550.972078][T18402] netlink: 'syz.0.15937': attribute type 21 has an invalid length.
[ 2550.980680][T18402] netlink: 164 bytes leftover after parsing attributes in process `syz.0.15937'.
[ 2552.798130][T18434] ==================================================================
[ 2552.806349][T18434] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900
[ 2552.814214][T18434] Write of size 72 at addr ffff88807801ca90 by task syz.1.15946/18434
[ 2552.822398][T18434] 
[ 2552.824752][T18434] CPU: 1 PID: 18434 Comm: syz.1.15946 Not tainted syzkaller #0
[ 2552.832333][T18434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2552.842431][T18434] Call Trace:
[ 2552.845749][T18434]  <TASK>
[ 2552.848715][T18434]  dump_stack_lvl+0x18c/0x250
[ 2552.853444][T18434]  ? __lock_acquire+0x7d40/0x7d40
[ 2552.858515][T18434]  ? show_regs_print_info+0x20/0x20
[ 2552.863758][T18434]  ? load_image+0x420/0x420
[ 2552.868298][T18434]  ? _raw_spin_lock_irqsave+0xc0/0x100
[ 2552.873805][T18434]  ? __virt_addr_valid+0x18c/0x540
[ 2552.878972][T18434]  ? __virt_addr_valid+0x469/0x540
[ 2552.884173][T18434]  print_report+0xa8/0x210
[ 2552.888656][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2552.893830][T18434]  kasan_report+0x117/0x150
[ 2552.898393][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2552.903558][T18434]  kasan_check_range+0x241/0x290
[ 2552.908556][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2552.913717][T18434]  __asan_memcpy+0x40/0x70
[ 2552.918175][T18434]  __bpf_get_stackid+0x6bf/0x900
[ 2552.923167][T18434]  bpf_get_stackid_pe+0x343/0x410
[ 2552.928225][T18434]  bpf_prog_a448e89f4c9ad9d1+0x30/0x4a
[ 2552.933695][T18434]  bpf_overflow_handler+0x1fc/0x510
[ 2552.938918][T18434]  ? perf_prepare_header+0x1e0/0x1e0
[ 2552.944216][T18434]  ? bpf_overflow_handler+0xde/0x510
[ 2552.949555][T18434]  ? tp_perf_event_destroy+0x20/0x20
[ 2552.954884][T18434]  ? __perf_event_account_interrupt+0x187/0x280
[ 2552.961142][T18434]  __perf_event_overflow+0x447/0x630
[ 2552.966449][T18434]  perf_swevent_event+0x319/0x570
[ 2552.971538][T18434]  ? perf_tp_event+0x1520/0x1520
[ 2552.976530][T18434]  ___perf_sw_event+0x4a7/0x730
[ 2552.981408][T18434]  ? ___perf_sw_event+0x199/0x730
[ 2552.986492][T18434]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[ 2552.992935][T18434]  ? __lock_acquire+0x1347/0x7d40
[ 2552.997993][T18434]  ? rep_movs_alternative+0x4a/0x90
[ 2553.003249][T18434]  ? verify_lock_unused+0x140/0x140
[ 2553.008470][T18434]  ? kasan_set_track+0x5f/0x70
[ 2553.013277][T18434]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 2553.019288][T18434]  ? do_syscall_64+0x55/0xa0
[ 2553.023906][T18434]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2553.029985][T18434]  ? lock_chain_count+0x20/0x20
[ 2553.034861][T18434]  __perf_sw_event+0x139/0x270
[ 2553.039647][T18434]  do_user_addr_fault+0x123e/0x12c0
[ 2553.044862][T18434]  ? rcu_is_watching+0x15/0xb0
[ 2553.049654][T18434]  exc_page_fault+0x64/0x100
[ 2553.054259][T18434]  asm_exc_page_fault+0x26/0x30
[ 2553.059124][T18434] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 2553.064948][T18434] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[ 2553.084568][T18434] RSP: 0018:ffffc9000e397bd0 EFLAGS: 00050206
[ 2553.090647][T18434] RAX: ffffffff842a1f01 RBX: 000000000000056d RCX: 00000000000004ed
[ 2553.098634][T18434] RDX: 0000000000000001 RSI: 0000200000002000 RDI: ffff88805a5e9080
[ 2553.106624][T18434] RBP: ffffc9000e397d20 R08: 0000000000000004 R09: 0000000000000005
[ 2553.114603][T18434] R10: dffffc0000000000 R11: ffffed100b4bd2ad R12: 00002000000024ed
[ 2553.122605][T18434] R13: 1ffff92001c72fbd R14: ffff88805a5e9000 R15: 0000200000001f80
[ 2553.130619][T18434]  ? _copy_from_user+0x11/0xe0
[ 2553.135422][T18434]  _copy_from_user+0x8b/0xe0
[ 2553.140032][T18434]  generic_map_update_batch+0x59a/0x810
[ 2553.145599][T18434]  ? rcu_read_unlock+0xa0/0xa0
[ 2553.150379][T18434]  ? __fdget+0x180/0x210
[ 2553.154642][T18434]  ? rcu_read_unlock+0xa0/0xa0
[ 2553.159416][T18434]  bpf_map_do_batch+0x3d7/0x610
[ 2553.164282][T18434]  __sys_bpf+0x381/0x890
[ 2553.168553][T18434]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2553.173955][T18434]  ? lock_chain_count+0x20/0x20
[ 2553.178825][T18434]  __x64_sys_bpf+0x7c/0x90
[ 2553.183274][T18434]  do_syscall_64+0x55/0xa0
[ 2553.187710][T18434]  ? clear_bhb_loop+0x40/0x90
[ 2553.192416][T18434]  ? clear_bhb_loop+0x40/0x90
[ 2553.197131][T18434]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2553.203046][T18434] RIP: 0033:0x7ff49479c819
[ 2553.207481][T18434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2553.227118][T18434] RSP: 002b:00007ff4929f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2553.235555][T18434] RAX: ffffffffffffffda RBX: 00007ff494a15fa0 RCX: 00007ff49479c819
[ 2553.243539][T18434] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a
[ 2553.251532][T18434] RBP: 00007ff494832c91 R08: 0000000000000000 R09: 0000000000000000
[ 2553.259528][T18434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2553.267513][T18434] R13: 00007ff494a16038 R14: 00007ff494a15fa0 R15: 00007ffd88223f38
[ 2553.275509][T18434]  </TASK>
[ 2553.278543][T18434] 
[ 2553.280886][T18434] Allocated by task 18434:
[ 2553.285316][T18434]  kasan_set_track+0x4e/0x70
[ 2553.289930][T18434]  __kasan_kmalloc+0x8f/0xa0
[ 2553.294623][T18434]  __kmalloc_node+0xb4/0x230
[ 2553.299237][T18434]  bpf_map_area_alloc+0x5e/0x110
[ 2553.304280][T18434]  prealloc_elems_and_freelist+0x86/0x1c0
[ 2553.310023][T18434]  stack_map_alloc+0x33a/0x4c0
[ 2553.314801][T18434]  map_create+0x877/0x12f0
[ 2553.319242][T18434]  __sys_bpf+0x651/0x890
[ 2553.323508][T18434]  __x64_sys_bpf+0x7c/0x90
[ 2553.327947][T18434]  do_syscall_64+0x55/0xa0
[ 2553.332385][T18434]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2553.338302][T18434] 
[ 2553.340640][T18434] Last potentially related work creation:
[ 2553.346387][T18434]  kasan_save_stack+0x3e/0x60
[ 2553.351101][T18434]  __kasan_record_aux_stack+0xaf/0xc0
[ 2553.356495][T18434]  call_rcu+0x153/0x950
[ 2553.360669][T18434]  nf_unregister_net_hooks+0xcb/0x130
[ 2553.366090][T18434]  cleanup_net+0x595/0xbb0
[ 2553.370526][T18434]  process_scheduled_works+0xa5d/0x15d0
[ 2553.376110][T18434]  worker_thread+0xa55/0xfc0
[ 2553.380732][T18434]  kthread+0x2fa/0x390
[ 2553.384821][T18434]  ret_from_fork+0x48/0x80
[ 2553.389273][T18434]  ret_from_fork_asm+0x11/0x20
[ 2553.394060][T18434] 
[ 2553.396393][T18434] Second to last potentially related work creation:
[ 2553.402989][T18434]  kasan_save_stack+0x3e/0x60
[ 2553.407682][T18434]  __kasan_record_aux_stack+0xaf/0xc0
[ 2553.413070][T18434]  call_rcu+0x153/0x950
[ 2553.417242][T18434]  nf_unregister_net_hooks+0xcb/0x130
[ 2553.422646][T18434]  setup_net+0x7e7/0xa30
[ 2553.426935][T18434]  copy_net_ns+0x36d/0x5e0
[ 2553.431389][T18434]  create_new_namespaces+0x3d3/0x6f0
[ 2553.436729][T18434]  copy_namespaces+0x430/0x4a0
[ 2553.441512][T18434]  copy_process+0x1724/0x3d80
[ 2553.446209][T18434]  kernel_clone+0x24b/0x8a0
[ 2553.450726][T18434]  __x64_sys_clone+0x1b7/0x230
[ 2553.455508][T18434]  do_syscall_64+0x55/0xa0
[ 2553.459949][T18434]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2553.465961][T18434] 
[ 2553.468305][T18434] The buggy address belongs to the object at ffff88807801ca80
[ 2553.468305][T18434]  which belongs to the cache kmalloc-cg-64 of size 64
[ 2553.482456][T18434] The buggy address is located 16 bytes inside of
[ 2553.482456][T18434]  allocated 40-byte region [ffff88807801ca80, ffff88807801caa8)
[ 2553.496452][T18434] 
[ 2553.498795][T18434] The buggy address belongs to the physical page:
[ 2553.505249][T18434] page:ffffea0001e00700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7801c
[ 2553.515411][T18434] memcg:ffff88807a3efa01
[ 2553.519660][T18434] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 2553.527214][T18434] page_type: 0xffffffff()
[ 2553.531575][T18434] raw: 00fff00000000800 ffff888017c4da00 ffffea0001ec7e80 dead000000000006
[ 2553.540179][T18434] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88807a3efa01
[ 2553.548782][T18434] page dumped because: kasan: bad access detected
[ 2553.555212][T18434] page_owner tracks the page as allocated
[ 2553.560933][T18434] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 20411, tgid 20411 (syz-executor), ts 944203912244, free_ts 944182092550
[ 2553.579524][T18434]  post_alloc_hook+0x1c1/0x200
[ 2553.584311][T18434]  get_page_from_freelist+0x1951/0x19e0
[ 2553.589971][T18434]  __alloc_pages+0x1f0/0x460
[ 2553.594570][T18434]  alloc_slab_page+0x5d/0x160
[ 2553.599264][T18434]  new_slab+0x87/0x2d0
[ 2553.603340][T18434]  ___slab_alloc+0xc5d/0x12f0
[ 2553.608036][T18434]  __kmem_cache_alloc_node+0x19e/0x250
[ 2553.613511][T18434]  kmalloc_trace+0x2a/0xe0
[ 2553.617948][T18434]  alloc_fdtable+0xca/0x2c0
[ 2553.622465][T18434]  dup_fd+0x786/0xa50
[ 2553.626501][T18434]  copy_files+0xc3/0x120
[ 2553.630759][T18434]  copy_process+0x15ab/0x3d80
[ 2553.635456][T18434]  kernel_clone+0x24b/0x8a0
[ 2553.639975][T18434]  __x64_sys_clone+0x1b7/0x230
[ 2553.644749][T18434]  do_syscall_64+0x55/0xa0
[ 2553.649174][T18434]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2553.655092][T18434] page last free stack trace:
[ 2553.659769][T18434]  free_unref_page_prepare+0x7b2/0x8c0
[ 2553.665290][T18434]  free_unref_page_list+0xbe/0x860
[ 2553.670460][T18434]  release_pages+0x1f7a/0x2200
[ 2553.675249][T18434]  tlb_flush_mmu+0x379/0x510
[ 2553.679864][T18434]  tlb_finish_mmu+0xf9/0x220
[ 2553.684500][T18434]  exit_mmap+0x428/0xb90
[ 2553.688765][T18434]  __mmput+0x118/0x3c0
[ 2553.692855][T18434]  exit_mm+0x1f2/0x2c0
[ 2553.696951][T18434]  do_exit+0x8dd/0x2460
[ 2553.701163][T18434]  do_group_exit+0x21b/0x2d0
[ 2553.705773][T18434]  get_signal+0x12fc/0x13f0
[ 2553.710304][T18434]  arch_do_signal_or_restart+0xc2/0x800
[ 2553.715876][T18434]  exit_to_user_mode_loop+0x70/0x110
[ 2553.721177][T18434]  exit_to_user_mode_prepare+0xee/0x180
[ 2553.726743][T18434]  syscall_exit_to_user_mode+0x1a/0x50
[ 2553.732226][T18434]  do_syscall_64+0x61/0xa0
[ 2553.736657][T18434] 
[ 2553.738990][T18434] Memory state around the buggy address:
[ 2553.744646][T18434]  ffff88807801c980: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 2553.752719][T18434]  ffff88807801ca00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 2553.760796][T18434] >ffff88807801ca80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 2553.768863][T18434]                                   ^
[ 2553.774239][T18434]  ffff88807801cb00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2553.782310][T18434]  ffff88807801cb80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 2553.790383][T18434] ==================================================================
[ 2553.798465][T18434] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 2553.805679][T18434] CPU: 1 PID: 18434 Comm: syz.1.15946 Not tainted syzkaller #0
[ 2553.813249][T18434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2553.823326][T18434] Call Trace:
[ 2553.826629][T18434]  <TASK>
[ 2553.829588][T18434]  dump_stack_lvl+0x18c/0x250
[ 2553.834321][T18434]  ? show_regs_print_info+0x20/0x20
[ 2553.839568][T18434]  ? load_image+0x420/0x420
[ 2553.844123][T18434]  panic+0x2dc/0x730
[ 2553.848048][T18434]  ? __lock_acquire+0x7d40/0x7d40
[ 2553.853100][T18434]  ? bpf_jit_dump+0xd0/0xd0
[ 2553.857620][T18434]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 2553.863524][T18434]  ? _raw_spin_unlock+0x40/0x40
[ 2553.868431][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2553.873573][T18434]  check_panic_on_warn+0x84/0xa0
[ 2553.878537][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2553.883681][T18434]  end_report+0x6f/0x130
[ 2553.887951][T18434]  kasan_report+0x128/0x150
[ 2553.892480][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2553.897632][T18434]  kasan_check_range+0x241/0x290
[ 2553.902609][T18434]  ? __bpf_get_stackid+0x6bf/0x900
[ 2553.907765][T18434]  __asan_memcpy+0x40/0x70
[ 2553.912210][T18434]  __bpf_get_stackid+0x6bf/0x900
[ 2553.917201][T18434]  bpf_get_stackid_pe+0x343/0x410
[ 2553.922296][T18434]  bpf_prog_a448e89f4c9ad9d1+0x30/0x4a
[ 2553.927776][T18434]  bpf_overflow_handler+0x1fc/0x510
[ 2553.932993][T18434]  ? perf_prepare_header+0x1e0/0x1e0
[ 2553.938290][T18434]  ? bpf_overflow_handler+0xde/0x510
[ 2553.943604][T18434]  ? tp_perf_event_destroy+0x20/0x20
[ 2553.948912][T18434]  ? __perf_event_account_interrupt+0x187/0x280
[ 2553.955171][T18434]  __perf_event_overflow+0x447/0x630
[ 2553.960472][T18434]  perf_swevent_event+0x319/0x570
[ 2553.965512][T18434]  ? perf_tp_event+0x1520/0x1520
[ 2553.970463][T18434]  ___perf_sw_event+0x4a7/0x730
[ 2553.975331][T18434]  ? ___perf_sw_event+0x199/0x730
[ 2553.980376][T18434]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[ 2553.986821][T18434]  ? __lock_acquire+0x1347/0x7d40
[ 2553.991862][T18434]  ? rep_movs_alternative+0x4a/0x90
[ 2553.997112][T18434]  ? verify_lock_unused+0x140/0x140
[ 2554.002350][T18434]  ? kasan_set_track+0x5f/0x70
[ 2554.007151][T18434]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 2554.013158][T18434]  ? do_syscall_64+0x55/0xa0
[ 2554.017770][T18434]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2554.023865][T18434]  ? lock_chain_count+0x20/0x20
[ 2554.028753][T18434]  __perf_sw_event+0x139/0x270
[ 2554.033555][T18434]  do_user_addr_fault+0x123e/0x12c0
[ 2554.038786][T18434]  ? rcu_is_watching+0x15/0xb0
[ 2554.043576][T18434]  exc_page_fault+0x64/0x100
[ 2554.048184][T18434]  asm_exc_page_fault+0x26/0x30
[ 2554.053069][T18434] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 2554.058895][T18434] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[ 2554.078526][T18434] RSP: 0018:ffffc9000e397bd0 EFLAGS: 00050206
[ 2554.084614][T18434] RAX: ffffffff842a1f01 RBX: 000000000000056d RCX: 00000000000004ed
[ 2554.092607][T18434] RDX: 0000000000000001 RSI: 0000200000002000 RDI: ffff88805a5e9080
[ 2554.100620][T18434] RBP: ffffc9000e397d20 R08: 0000000000000004 R09: 0000000000000005
[ 2554.108604][T18434] R10: dffffc0000000000 R11: ffffed100b4bd2ad R12: 00002000000024ed
[ 2554.116596][T18434] R13: 1ffff92001c72fbd R14: ffff88805a5e9000 R15: 0000200000001f80
[ 2554.124588][T18434]  ? _copy_from_user+0x11/0xe0
[ 2554.129386][T18434]  _copy_from_user+0x8b/0xe0
[ 2554.133998][T18434]  generic_map_update_batch+0x59a/0x810
[ 2554.139567][T18434]  ? rcu_read_unlock+0xa0/0xa0
[ 2554.144354][T18434]  ? __fdget+0x180/0x210
[ 2554.148632][T18434]  ? rcu_read_unlock+0xa0/0xa0
[ 2554.153416][T18434]  bpf_map_do_batch+0x3d7/0x610
[ 2554.158282][T18434]  __sys_bpf+0x381/0x890
[ 2554.162541][T18434]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2554.167956][T18434]  ? lock_chain_count+0x20/0x20
[ 2554.172833][T18434]  __x64_sys_bpf+0x7c/0x90
[ 2554.177265][T18434]  do_syscall_64+0x55/0xa0
[ 2554.181715][T18434]  ? clear_bhb_loop+0x40/0x90
[ 2554.186429][T18434]  ? clear_bhb_loop+0x40/0x90
[ 2554.191130][T18434]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2554.197041][T18434] RIP: 0033:0x7ff49479c819
[ 2554.201495][T18434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2554.221124][T18434] RSP: 002b:00007ff4929f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2554.229559][T18434] RAX: ffffffffffffffda RBX: 00007ff494a15fa0 RCX: 00007ff49479c819
[ 2554.237545][T18434] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a
[ 2554.245527][T18434] RBP: 00007ff494832c91 R08: 0000000000000000 R09: 0000000000000000
[ 2554.253511][T18434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2554.261523][T18434] R13: 00007ff494a16038 R14: 00007ff494a15fa0 R15: 00007ffd88223f38
[ 2554.269526][T18434]  </TASK>
[ 2554.273175][T18434] Kernel Offset: disabled
[ 2554.277534][T18434] Rebooting in 86400 seconds..