last executing test programs:

4.367052204s ago: executing program 0 (id=3337):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000001c80)={0x0, 0x20, &(0x7f0000001b40)=[{&(0x7f0000000240)=""/224, 0xe0}, {&(0x7f0000003940)=""/4092, 0xffc}, {&(0x7f0000001940)=""/19, 0x13}, {&(0x7f0000001b00)=""/37, 0x25}], 0x4}, 0x2)

4.132839045s ago: executing program 3 (id=3340):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)

4.059034318s ago: executing program 0 (id=3341):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000003ac0)=""/4108, 0x100c}, {&(0x7f0000000c80)=""/182, 0xb6}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000640)=""/268, 0x10c}], 0x7}, 0x20)
write$cgroup_subtree(r4, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000120091ef"], 0xfe33)
recvmsg$kcm(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000005c0)=r2, 0x12)
r6 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x1, 0x12)

3.59753416s ago: executing program 0 (id=3343):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d00)={0x3, 0x3, &(0x7f0000000a80)=ANY=[@ANYBLOB="185000ffffffff00000000000000000095"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x94)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, 0x0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r2, 0x0}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x1090da, 0x0, 0x0, 0x0, 0x0, 0x4, 0x749}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e64, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200088c0)
close(r4)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="d800000019008111e00212ba0d8105040a610200ff0f040b067c55a1bc000900b800069903000000b0000500fe808178a8001500030001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r6, 0x0, 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x51, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b87033c0000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="3f46351e48d8073f4921cc3ffaa32d20a7a624d03ddd3fe4f14ca802a6e0e258da4c609f24b2d8d081b3ea25c177365adb37c5873eec3149919228728ac236bd9b484fd546b8", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x1a)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x1000, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x11, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000200), &(0x7f0000000240)=[{0x3, 0x5, 0xc}], 0x10, 0x10000}, 0x94)
socket$kcm(0x29, 0x3, 0x0)

3.251563576s ago: executing program 0 (id=3346):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x1ff, 0x200}, 0x11c044, 0xcdd, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0700000004000000180000000100000000000000", @ANYRES32, @ANYBLOB="9dbe000000000000df0000000000000000000000ddc5f29b98de1cab617ce37fdd36bb22a6bd3172cf05efda5148c4a83322fcd4d0ca1a1fce4ed8464149de8d988eb7bb0fb0c20c6f8a1c66a6f0e15b01146525154fa487aca8b4fee6c8c77f6b02edcc6a44a8b02241b22e43752c715290648715b31cc4c596aa2df1f2984d961a50315e773f0602ee7574cc996f67794037b137a031035118346bbed6a23eb6a0c3c2cfc2665b3a3ae83b0cdbcbbc424c6bf7275b81ee5064b5133941a71afbb1a7fa4b9fa85d60510a44e646fcf0e1a84de6f9b9028cd14f804442", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000, 0x0, 0x0, 0x0, 0x0, 0xda}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
syz_clone(0xc920000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x9}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000020006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
syz_clone(0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000940)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000100)=r4, 0x4)
sendmsg$inet(r3, &(0x7f0000000400)={&(0x7f00000000c0)={0x2, 0x4e22, @private=0xa010100}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000140)="7484583153b44460196b5feff6e9b449f23a69185c2812efe1feef303045864bd57ebcff83700e01f47437b8dcb55be4db097b4bd587215b3fbe7ee598fe1200b9b374418dcc5d23d7016a5949dd743ebbe5c7000bb67940583a5f7557e179aa9e2a53", 0x63}], 0x1}, 0x4084)
sendmsg$kcm(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)="a6", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="a0000000000000000b0100000400000043e2c520c578ad0d79b52008ea172c0d7d7cc6241cb8bb9e6be742f80851e7d1a502bedc0c2a4da1c3c0da096ed25e8c3fae526c09700b3a6bcdffb293d1d4ec80642b2cc5cfacf1e37fe7f1d34933bc5a15aa733e1db0e8c1db400fce316af4f3d838302154d2feb15c1f721a6fcaeb3dd3be72af44ea46445d8410618d28c4fac1602ab56d45cb561212d51770000088000000000000009200000040000000459fae71ec32c699873d5edcf9c6c7ca72ae2780f36a9f5f0e6c2fe3d72228efd5744252e240d68ac38dbd8a7652b381ef33a1e0882c6cde710fa3ad2c0f0b77062dfb4d12675b588d5bbdc2fba065cdd2de40c57c6ea7fe5efe1d1cb76650b1646361cccbe83b39d2bb23795e5f1fd8b41f000000000000e0000000000000000c010000a4000000e0a51d83dc5711f91fe63a552b4ea897a4a03ab8435d08374aaa864f710f033f2420d39fcecfd8651207c39f3468a85ba9a1839991df3315b4c03afbba8cc24a7ea61719d0f8858a99f48a639f4955b1e5b5c1e637ee964a37e2379990b272644d7e8e5913c32e677c623cfc86335a2cb34bf3c3815be8e68a6ea98025c632063cd2ebc230fceb149f4e5221aaece73543ee03e420d65fd92dc037169d8e1f554726b21e16d54321dd01156d1bb9f0569155b69f3a62c66959a849aef0b79f91b1cb8fe3aecf5b0ace96000000000000a8000000000000001401000002000000a10b958486bf6b0cbc98ebdc89064c5d44aea5ffe4ab31df2e9d02c2251a76c19738557bcda205a2d8c4542efe31c63b694ba4e0645e600333d8b43f986313dd3fc77a37737bc207af8730fb0681a919b1063dde130f4317dddd5983c70a4e5d4e77ff7928fb27d54ac3ac8a20c967fb469f58e835bcaa5128c7093e11a3c3cfd46f646dcc91fcdb4a70ee5770c1c1ec33d8b2562440500078000000000000000a010000d6fdffff2ef60dd173b4bf57df11c370733e67cd7c42f2b4e12148b1b011087318bdc755ae1c848b9fe0bf6e731058b71f88bbf8a0daa7e088cbf313b9d6f6095d1aa1a5ee63a395e0b4b1b6bc0b23e405b8d87c2ec0ba97eefa23c2d2f96d4511a9d4bb823ebc2786760000100100000000000006000000ff000000c9e8b55eb3a7fcb473dd3719455ff31861c305bf2ab2fa8fb81379792c069130c32c4f1707b0ee64671bf17810bfd56e03b15fe7c0b79e910e2b522ed68f01d77fcaab2896c9d860e9de2e74e4dc710d61339544aa342b6eaf2a19603bb2fab64b4ea922cb63d5e8b484fbfb9330a1e594778491e9e42e269f27e668835307f62829f30892f7aa7a054a3c10fc01ab8fc219fb5b16408b5955ce3cb3420229ce2b7679ce5e60db78a2a2a388f3280778fc7e762c9feec8c9e101f9a357bbdf12bbcde051c574305a47474e6abf9e30396a5953ed1971a112e9ba37c49603e2ebead6f00c67fda9808d7fcdeb434625afe680caf436f5ad952969312649000000b00000000000000019010000070000004208ce68676a1b55239a58080ba5da591bcb492159f7477460341ab35b5180689ac91bd9e3d2d55040207acce0c8d340d1123777fc46a662e657840588000900363219c0d7b495fa0d9317b587b19c1635a498842d58900e513bfe365869c5abec05e880952dddb89d8e10a2d721fc291052ff28dc60f290a5186c2cc42a4df70c6666a21ddbff160fa5b059ee0e14a1c42b0b871a230b45c36d9f737e23000040000000000000000101000007000000ff18ee2204ef27c8d6bf42fb8cbeafd359a0c387b53e43b1989e50656670e9b8bb5c2cbb38c187361d8e000000000000b8"], 0x5e0}, 0x4801)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone(0x81200, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)

3.17323731s ago: executing program 3 (id=3348):
r0 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x38}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b02", 0x4}], 0x1, 0x0, 0x0, 0x900}, 0x0)

3.17219791s ago: executing program 1 (id=3349):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r0 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg(r0, &(0x7f0000000240)={&(0x7f00000003c0)=@in6={0xa, 0x4e21, 0x10, @dev={0xfe, 0x80, '\x00', 0x27}, 0x8}, 0x80, &(0x7f0000000e00), 0x0, 0x0, 0xb0}, 0x20000004)
sendmsg$sock(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x102}}], 0x18}, 0x0)
recvmsg$kcm(r1, 0x0, 0x2000)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000bd4d072a00000000040098feff5e00000000ebef122c6b4cdbb237bba7383566eb32b2668821df398282235e41ca0fe51d258f141d66d64969253568f92e69b7121a71f56c43f8f15bda93e9231d4fb8f64c237800d188243054fe41ec6d6b8512586e051a09b5f36c26728c9417b363f4f0d68287adb0c97098d6199b46e4b0ceaceeaa0f260097d25718a9be0b4aef8893ebae108cf59391c8f0d0f152886df2995448b524d83d6493d371dfa7dfdda323be56a7c4717b6cf74e235971d2c8dc8a970600000000e452ff0a4c5c3386ca2ef34721e772bc798b8736dc2a2e53282f381eb4f4fdb2c3", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x50)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0}, 0x2000, 0x80000, 0x0, 0x9, 0x0, 0xfffffffe, 0x0, 0x0, 0x4861, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x18, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = socket$kcm(0xa, 0x0, 0x0)
setsockopt$sock_attach_bpf(r5, 0x6, 0x1f, &(0x7f0000000080), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb4, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0xffffffffffffffeb, &(0x7f00000002c0), 0x0, 0x0, 0xef, 0x8, 0x8, &(0x7f0000000200)}}, 0x10)
getpid()
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003540)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000080000100851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000097c02b1400003c0000180000000000000000000000000000009500000000e2ffff94000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)

2.95232277s ago: executing program 3 (id=3350):
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x6, 0x804, 0x0, 0x3}, {0x10400002, 0x2, 0xfffffffe, 0x5}], 0x10, 0xfffffffd}, 0x94)
socket$kcm(0x2, 0x5, 0x84)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="3504000040000511d25a35400c0002000200002037153e370c040180060410", 0x1f}], 0x1}, 0x10049014)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = socket$kcm(0xa, 0x3, 0x3a)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x0, 0x7c, 0x0, 0xa, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000002"], 0x48)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x890b, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000180)={r1})
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x890c, &(0x7f0000000100))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r2 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, 0x0, 0x0)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_pressure(r4, &(0x7f0000000180)='memory.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000080)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f)
write$cgroup_pressure(r5, &(0x7f0000000140)={'some', 0x20, 0x6, 0x20, 0xffffffff}, 0x2f)
openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
r6 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0)
write$cgroup_freezer_state(r6, &(0x7f00000000c0)='THAWED\x00', 0x7)
socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

2.770807659s ago: executing program 2 (id=3351):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000003ac0)=""/4108, 0x100c}, {&(0x7f0000000c80)=""/182, 0xb6}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000640)=""/268, 0x10c}], 0x7}, 0x20)
write$cgroup_subtree(r0, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000120091ef"], 0xfe33)

2.514202341s ago: executing program 1 (id=3352):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000003ac0)=""/4108, 0x100c}, {&(0x7f0000000c80)=""/182, 0xb6}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000640)=""/268, 0x10c}], 0x7}, 0x20)
write$cgroup_subtree(r4, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000120091ef"], 0xfe33)
recvmsg$kcm(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000005c0)=r2, 0x12)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)

2.362395948s ago: executing program 2 (id=3353):
r0 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x38}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa", 0x6}], 0x1, 0x0, 0x0, 0x900}, 0x0)

2.104934491s ago: executing program 2 (id=3354):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d00)={0x3, 0x3, &(0x7f0000000a80)=ANY=[@ANYBLOB="185000ffffffff00000000000000000095"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x94)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, 0x0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r2, 0x0}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x1090da, 0x0, 0x0, 0x0, 0x0, 0x4, 0x749}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e64, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200088c0)
close(r4)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="d800000019008111e00212ba0d8105040a610200ff0f040b067c55a1bc000900b800069903000000b0000500fe808178a8001500030001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r6, 0x0, 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x51, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b87033c0000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="3f46351e48d8073f4921cc3ffaa32d20a7a624d03ddd3fe4f14ca802a6e0e258da4c609f24b2d8d081b3ea25c177365adb37c5873eec3149919228728ac236bd9b484fd546b8", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x1a)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x1000, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x11, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@map_idx={0x18, 0x7, 0x5, 0x0, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000200), &(0x7f0000000240)=[{0x3, 0x5, 0xc}], 0x10, 0x10000}, 0x94)
socket$kcm(0x29, 0x3, 0x0)

1.949745507s ago: executing program 3 (id=3355):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x4, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0x100000000000000, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x2003, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3a}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r0, &(0x7f0000000040)='syz1\x00', 0x1ff)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000005c0)=""/227, 0xe3}], 0x1}, 0x40000001)
r3 = socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
recvmsg$unix(r4, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
setsockopt$sock_attach_bpf(r3, 0x6, 0x1b, &(0x7f0000000100)=r6, 0x4)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000280)={'veth1_to_bridge\x00', @random="f14511df978a"})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x19, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r2, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x17)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)

1.949379798s ago: executing program 0 (id=3356):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)

1.708814579s ago: executing program 1 (id=3357):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="d800000019008111e00212ba0d8105040a610200ff0f040b067c55a1bc000900b800069903000000b0000500fe808178a8001500030001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/215, 0xd7}], 0x1}, 0x0)

1.364176046s ago: executing program 1 (id=3358):
r0 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x38}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa", 0x6}], 0x1, 0x0, 0x0, 0x900}, 0x0)

1.227017412s ago: executing program 1 (id=3359):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000003ac0)=""/4108, 0x100c}, {&(0x7f0000000c80)=""/182, 0xb6}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000640)=""/268, 0x10c}], 0x7}, 0x20)
write$cgroup_subtree(r4, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000120091ef"], 0xfe33)
recvmsg$kcm(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000005c0)=r2, 0x12)
r6 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x1, 0x12)

1.226676922s ago: executing program 2 (id=3360):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x1000d7, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1a000}], 0x1}, 0x80d1) (fail_nth: 8)
close(r0)

511.883086ms ago: executing program 3 (id=3361):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000003ac0)=""/4108, 0x100c}, {&(0x7f0000000c80)=""/182, 0xb6}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000640)=""/268, 0x10c}], 0x7}, 0x20)
write$cgroup_subtree(r0, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000120091ef"], 0xfe33)

353.890693ms ago: executing program 0 (id=3362):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r0 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg(r0, &(0x7f0000000240)={&(0x7f00000003c0)=@in6={0xa, 0x4e21, 0x10, @dev={0xfe, 0x80, '\x00', 0x27}, 0x8}, 0x80, &(0x7f0000000e00), 0x0, 0x0, 0xb0}, 0x20000004)
sendmsg$sock(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x102}}], 0x18}, 0x0)
recvmsg$kcm(r1, 0x0, 0x2000)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000bd4d072a00000000040098feff5e00000000ebef122c6b4cdbb237bba7383566eb32b2668821df398282235e41ca0fe51d258f141d66d64969253568f92e69b7121a71f56c43f8f15bda93e9231d4fb8f64c237800d188243054fe41ec6d6b8512586e051a09b5f36c26728c9417b363f4f0d68287adb0c97098d6199b46e4b0ceaceeaa0f260097d25718a9be0b4aef8893ebae108cf59391c8f0d0f152886df2995448b524d83d6493d371dfa7dfdda323be56a7c4717b6cf74e235971d2c8dc8a970600000000e452ff0a4c5c3386ca2ef34721e772bc798b8736dc2a2e53282f381eb4f4fdb2c3", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x50)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0}, 0x2000, 0x80000, 0x0, 0x9, 0x0, 0xfffffffe, 0x0, 0x0, 0x4861, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x18, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = socket$kcm(0xa, 0x0, 0x0)
setsockopt$sock_attach_bpf(r5, 0x6, 0x1f, &(0x7f0000000080), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb4, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0xffffffffffffffeb, &(0x7f00000002c0), 0x0, 0x0, 0xef, 0x8, 0x8, &(0x7f0000000200)}}, 0x10)
getpid()
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003540)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000080000100851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000097c02b1400003c0000180000000000000000000000000000009500000000e2ffff94000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)

353.787513ms ago: executing program 2 (id=3363):
r0 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x38}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa", 0x6}], 0x1, 0x0, 0x0, 0x900}, 0x0)

195.487901ms ago: executing program 3 (id=3364):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0xffffffff, 0x0, 0xb, 0x3}, {0x10000002, 0x20, 0x400084, 0x3}]}, 0x94)
close(0x3)
r1 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000010000000000000000000000850000005300000085000000050000009500000000000000a94be0c51261be6a99fe3d0000a232d5e1f59f18f845f82e9a7bde9e8f4b9197701b547edf612a03f1737d95"], 0x0, 0x68b, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r4 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)="fbe6bd8dfcdda5a210b8cfefbd66f459c7261b927d25d3cf74d2f7c97735eba47f606a290d18492592230700000000000000081fdbd921ed4db0e67c9d5ab1452445a1e0da5ac68b13f4afe2712eeaad350d07", 0x53}], 0x1}, 0x0)
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0x12, &(0x7f00000008c0)=r7, 0x4)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r9)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0}, 0x45)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
write$cgroup_devices(r8, &(0x7f0000000140)=ANY=[@ANYBLOB="1e000300008c71ef28ff4b"], 0xffdd)
recvmsg$unix(r2, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r10, 0x84, 0x64, &(0x7f0000000000)=r10, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x10000)

620.82µs ago: executing program 1 (id=3365):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000003ac0)=""/4108, 0x100c}, {&(0x7f0000000c80)=""/182, 0xb6}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000640)=""/268, 0x10c}], 0x7}, 0x20)
write$cgroup_subtree(r3, &(0x7f0000001a00)=ANY=[@ANYBLOB="13100000120091ef"], 0xfe33)
recvmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_procs(r2, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
r4 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)

0s ago: executing program 2 (id=3366):
r0 = socket$kcm(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0xffffffff, 0x0, 0xb, 0x3}, {0x10000002, 0x20, 0x400084, 0x3}]}, 0x94)
close(0x3)
r1 = socket$kcm(0x2, 0x1, 0x84)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)={@fallback, 0xffffffffffffffff, 0x1b, 0x1}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r7 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r7, 0x84, 0x10, &(0x7f0000000000), 0x8)
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x2, 0x0, 0x1800}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x149, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x84, 0x64, &(0x7f0000000000)=r4, 0x10)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x102)

kernel console output (not intermixed with test programs):

ves
[  653.909315][ T7215] bridge0: port 1(bridge_slave_0) entered blocking state
[  653.916687][ T7215] bridge0: port 1(bridge_slave_0) entered forwarding state
[  653.956346][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  653.963713][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  654.108469][T12646] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  654.586433][T12646] 8021q: adding VLAN 0 to HW filter on device batadv0
[  654.717656][T12646] veth0_vlan: entered promiscuous mode
[  654.747903][T12646] veth1_vlan: entered promiscuous mode
[  654.806131][T12646] veth0_macvtap: entered promiscuous mode
[  654.824983][T12646] veth1_macvtap: entered promiscuous mode
[  654.856785][T12646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  654.868752][T12646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  654.882392][T12646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  654.894971][T12646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  654.910771][T12646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  654.937416][T12646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  654.951848][T12646] batman_adv: batadv0: Interface activated: batadv_slave_0
[  654.982088][T12646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  655.005746][T12646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  655.026876][T12646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  655.037951][T12646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  655.055276][T12646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  655.068047][T12646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  655.092218][T12646] batman_adv: batadv0: Interface activated: batadv_slave_1
[  655.126959][T12646] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  655.154735][T12646] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  655.172532][T12646] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  655.214994][T12646] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  658.267076][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  658.287100][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  658.373677][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  658.394616][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  658.692939][T12920] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2352'.
[  662.483999][T12934] netlink: 'syz.2.2356': attribute type 10 has an invalid length.
[  662.512536][T12934] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2356'.
[  667.543468][T12968] netlink: 'syz.2.2369': attribute type 10 has an invalid length.
[  667.580316][T12968] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2369'.
[  669.020058][ T5782] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  669.031710][ T5782] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  669.042451][ T5782] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  669.060033][ T5782] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  669.068730][ T5782] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  669.077178][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  669.877276][T13018] netlink: 'syz.2.2382': attribute type 10 has an invalid length.
[  669.909934][T13018] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2382'.
[  670.386314][ T7215] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.509628][T12991] chnl_net:caif_netlink_parms(): no params data found
[  670.603171][ T7215] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.781566][ T7215] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.492488][ T5782] Bluetooth: hci3: command tx timeout
[  671.796533][ T7215] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.933901][T12991] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.941450][T12991] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.948814][T12991] bridge_slave_0: entered allmulticast mode
[  671.956638][T12991] bridge_slave_0: entered promiscuous mode
[  671.966178][T12991] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.974741][T12991] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.982214][T12991] bridge_slave_1: entered allmulticast mode
[  671.989920][T12991] bridge_slave_1: entered promiscuous mode
[  672.038795][T12991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  672.063189][T12991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  672.153076][T12991] team0: Port device team_slave_0 added
[  672.172697][T12991] team0: Port device team_slave_1 added
[  672.248446][T13053] netlink: 'syz.3.2393': attribute type 10 has an invalid length.
[  672.300245][T13053] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.2393'.
[  672.450952][T12991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  672.458077][T12991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.536676][T12991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  672.689566][T12991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  672.697653][T12991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  673.051109][T12991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  673.435214][T12991] hsr_slave_0: entered promiscuous mode
[  673.559538][ T5782] Bluetooth: hci3: command tx timeout
[  674.208885][T12991] hsr_slave_1: entered promiscuous mode
[  674.239534][T12991] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  674.279849][T12991] Cannot create hsr debugfs directory
[  674.924825][T13103] netlink: 'syz.2.2407': attribute type 10 has an invalid length.
[  674.949460][T13103] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2407'.
[  674.965803][T13105] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2408'.
[  675.639470][ T5782] Bluetooth: hci3: command tx timeout
[  676.810233][T13143] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2417'.
[  677.037222][T13145] netlink: 'syz.3.2418': attribute type 10 has an invalid length.
[  677.071863][T13145] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.2418'.
[  677.723970][ T5782] Bluetooth: hci3: command tx timeout
[  679.842233][T12991] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  680.031502][T12991] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  680.496579][T12991] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  680.657746][T12991] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  681.455622][T13180] netlink: 'syz.1.2430': attribute type 10 has an invalid length.
[  681.564785][T13180] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2430'.
[  681.805253][T12991] 8021q: adding VLAN 0 to HW filter on device bond0
[  681.891536][T12991] 8021q: adding VLAN 0 to HW filter on device team0
[  682.010930][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  682.018335][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  682.106853][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  682.114194][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  682.351891][T12991] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  683.329780][T12991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  684.131363][ T7215] vlan0: left allmulticast mode
[  684.136299][ T7215] veth0_vlan: left allmulticast mode
[  684.149760][ T7215] vlan0: left promiscuous mode
[  684.173273][ T7215] À: port 1(vlan0) entered disabled state
[  684.392630][ T7215] hsr_slave_0: left promiscuous mode
[  684.611432][ T7215] hsr_slave_1: left promiscuous mode
[  684.669543][ T7215] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  684.691743][ T7215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  684.739852][ T7215] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  684.768628][ T7215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  684.986796][ T7215] veth1_macvtap: left promiscuous mode
[  685.001872][ T7215] veth0_macvtap: left promiscuous mode
[  686.226188][ T7215] team0 (unregistering): Port device geneve1 removed
[  686.454396][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  686.463427][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  688.514680][ T7215] team0 (unregistering): Port device 
2
6±ÿ removed
[  688.671002][ T7215] team0 (unregistering): Port device team_slave_0 removed
[  688.762459][ T7215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  688.846467][ T7215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  689.562764][ T7215] bond0 (unregistering): Released all slaves
[  689.811942][T12991] veth0_vlan: entered promiscuous mode
[  689.846822][T12991] veth1_vlan: entered promiscuous mode
[  690.027644][T12991] veth0_macvtap: entered promiscuous mode
[  690.039205][T12991] veth1_macvtap: entered promiscuous mode
[  690.095389][T12991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  690.127818][T12991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.161430][T12991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  690.209358][T12991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.239376][T12991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  690.259434][T12991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.281673][T12991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  690.314350][T12991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  690.340757][T12991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.369358][T12991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  690.389333][T12991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.425958][T12991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  690.446919][T12991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.477290][T12991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  690.525401][T12991] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  690.570372][T12991] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  690.589435][T12991] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  690.609105][T12991] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  690.862066][ T7231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  690.884865][ T7231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  690.980367][ T7231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  691.013043][ T7231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.196253][T12649] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  693.209008][T12649] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  693.219361][T12649] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  693.234637][T12649] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  693.255813][T12649] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  693.264855][T12649] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  693.310671][T13344] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2474'.
[  693.532020][ T1139] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.355763][ T1139] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.446586][T13360] netlink: 'syz.1.2479': attribute type 10 has an invalid length.
[  694.479676][T13360] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2479'.
[  694.562047][ T1139] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.732001][ T1139] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.061956][T13342] chnl_net:caif_netlink_parms(): no params data found
[  695.320178][ T5782] Bluetooth: hci0: command tx timeout
[  696.721480][T13414] netlink: 'syz.0.2490': attribute type 10 has an invalid length.
[  696.750635][T13414] netlink: 65015 bytes leftover after parsing attributes in process `syz.0.2490'.
[  696.801197][T13342] bridge0: port 1(bridge_slave_0) entered blocking state
[  696.828309][T13342] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.841643][T13342] bridge_slave_0: entered allmulticast mode
[  696.859700][T13342] bridge_slave_0: entered promiscuous mode
[  697.001653][T13342] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.031153][T13342] bridge0: port 2(bridge_slave_1) entered disabled state
[  697.048536][T13342] bridge_slave_1: entered allmulticast mode
[  697.059772][T13342] bridge_slave_1: entered promiscuous mode
[  697.243677][T13342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  697.399771][ T5782] Bluetooth: hci0: command tx timeout
[  698.725215][T13342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  699.020193][T13342] team0: Port device team_slave_0 added
[  699.029835][T13342] team0: Port device team_slave_1 added
[  699.204001][T13342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  699.222209][T13342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  699.260319][T13342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  699.291926][T13342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  699.310654][T13342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  699.369917][T13342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  699.493593][ T5782] Bluetooth: hci0: command tx timeout
[  700.501870][T13342] hsr_slave_0: entered promiscuous mode
[  700.540204][T13342] hsr_slave_1: entered promiscuous mode
[  701.569397][ T5782] Bluetooth: hci0: command tx timeout
[  702.464652][ T1139] vlan0: left allmulticast mode
[  702.502714][ T1139] veth0_vlan: left allmulticast mode
[  702.508103][ T1139] vlan0: left promiscuous mode
[  702.539771][ T1139] À: port 1(vlan0) entered disabled state
[  702.645131][ T1139] hsr_slave_0: left promiscuous mode
[  702.670941][ T1139] hsr_slave_1: left promiscuous mode
[  702.699599][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  702.709085][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0
[  702.742962][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  702.766561][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1
[  702.899942][ T1139] veth1_macvtap: left promiscuous mode
[  704.590189][ T1139] team0 (unregistering): Port device team_slave_1 removed
[  704.700401][ T1139] team0 (unregistering): Port device C removed
[  704.828913][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  705.379082][ T1139] bond0 (unregistering): Released all slaves
[  707.254992][T13342] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  707.286415][T13342] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  707.329736][T13342] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  707.382916][T13342] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  707.877380][T13342] 8021q: adding VLAN 0 to HW filter on device bond0
[  707.953218][T13342] 8021q: adding VLAN 0 to HW filter on device team0
[  708.251844][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.259459][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state
[  711.338610][ T7215] bridge0: port 2(bridge_slave_1) entered blocking state
[  711.345968][ T7215] bridge0: port 2(bridge_slave_1) entered forwarding state
[  711.950481][T13617] netlink: 'syz.1.2543': attribute type 10 has an invalid length.
[  711.958638][T13617] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2543'.
[  712.765232][T13342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  712.998882][T13342] veth0_vlan: entered promiscuous mode
[  713.045291][T13342] veth1_vlan: entered promiscuous mode
[  713.169531][T13342] veth0_macvtap: entered promiscuous mode
[  713.224512][T13342] veth1_macvtap: entered promiscuous mode
[  713.282418][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  713.315309][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.339462][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  713.390291][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.409690][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  713.423860][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.448893][T13342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  713.519673][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  713.578902][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.611979][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  713.668713][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.694790][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  713.795650][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.827924][T13342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  713.892820][T13342] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  713.922172][T13342] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  713.999984][T13342] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  714.028471][T13342] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  714.280475][ T7221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.300318][ T7221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  714.423013][ T7221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.457422][ T7221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  717.886770][T12649] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  717.896801][T12649] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  717.911881][T12649] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  717.950553][T12649] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  717.969657][T12649] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  717.977634][T12649] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  720.047459][T12649] Bluetooth: hci1: command tx timeout
[  720.101539][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.200599][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.788280][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.419834][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.546687][T13751] netlink: 'syz.2.2566': attribute type 10 has an invalid length.
[  721.555101][T13751] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2566'.
[  721.610485][T13754] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2568'.
[  722.120162][T12649] Bluetooth: hci1: command tx timeout
[  723.465600][T13695] chnl_net:caif_netlink_parms(): no params data found
[  724.232688][T12649] Bluetooth: hci1: command tx timeout
[  726.279515][ T5782] Bluetooth: hci1: command tx timeout
[  726.676355][T13804] netlink: 'syz.2.2575': attribute type 10 has an invalid length.
[  726.709579][T13804] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2575'.
[  726.785887][T13695] bridge0: port 1(bridge_slave_0) entered blocking state
[  726.797961][T13695] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.808573][T13695] bridge_slave_0: entered allmulticast mode
[  726.835351][T13695] bridge_slave_0: entered promiscuous mode
[  727.031506][T13695] bridge0: port 2(bridge_slave_1) entered blocking state
[  727.049222][T13695] bridge0: port 2(bridge_slave_1) entered disabled state
[  727.058525][T13695] bridge_slave_1: entered allmulticast mode
[  727.087872][T13695] bridge_slave_1: entered promiscuous mode
[  727.457589][T13695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  730.919038][T13695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  731.385233][T13695] team0: Port device team_slave_0 added
[  731.432910][T13695] team0: Port device team_slave_1 added
[  731.439514][T13862] netlink: 'syz.1.2586': attribute type 10 has an invalid length.
[  731.579432][T13862] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2586'.
[  731.883561][T13695] batman_adv: batadv0: Adding interface: batadv_slave_0
[  731.937722][T13695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  731.997387][T13695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  732.011853][T13695] batman_adv: batadv0: Adding interface: batadv_slave_1
[  732.018991][T13695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  732.089383][T13695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  732.466678][T13695] hsr_slave_0: entered promiscuous mode
[  735.348553][T13695] hsr_slave_1: entered promiscuous mode
[  735.469001][T13695] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  735.484344][T13695] Cannot create hsr debugfs directory
[  737.580187][   T12] bond0: (slave wlan1): Releasing backup interface
[  737.690337][T13936] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2602'.
[  738.863229][   T12] vlan0: left allmulticast mode
[  738.891965][   T12] veth0_vlan: left allmulticast mode
[  738.922168][   T12] vlan0: left promiscuous mode
[  738.944073][   T12] À: port 1(vlan0) entered disabled state
[  739.031566][   T12] hsr_slave_0: left promiscuous mode
[  739.183732][   T12] hsr_slave_1: left promiscuous mode
[  739.234172][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  739.266976][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  739.453639][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  739.477226][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  739.551603][   T12] veth1_macvtap: left promiscuous mode
[  740.272584][   T12] geneve1 (unregistering): left promiscuous mode
[  740.343044][   T12] geneve1 (unregistering): left allmulticast mode
[  740.526505][   T12] team0 (unregistering): Port device geneve1 removed
[  741.263595][   T12] team_slave_1 (unregistering): left promiscuous mode
[  741.271043][   T12] team_slave_1 (unregistering): left allmulticast mode
[  741.282054][   T12] team0 (unregistering): Port device team_slave_1 removed
[  741.332619][   T12] team_slave_0 (unregistering): left promiscuous mode
[  741.341192][   T12] team_slave_0 (unregistering): left allmulticast mode
[  741.349129][   T12] team0 (unregistering): Port device team_slave_0 removed
[  741.393638][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  741.806081][   T12] bond0 (unregistering): Released all slaves
[  742.758882][T13695] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  742.802664][T13695] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  742.847662][T13695] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  742.882239][T13695] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  743.212044][T13695] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.267464][T13695] 8021q: adding VLAN 0 to HW filter on device team0
[  743.311483][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.319025][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.375305][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.382553][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  744.204143][T13695] 8021q: adding VLAN 0 to HW filter on device batadv0
[  744.442501][T13695] veth0_vlan: entered promiscuous mode
[  744.498263][T13695] veth1_vlan: entered promiscuous mode
[  745.538784][T13695] veth0_macvtap: entered promiscuous mode
[  745.555926][T13695] veth1_macvtap: entered promiscuous mode
[  745.604321][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  745.649425][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.669325][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  745.696470][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.709714][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  745.720931][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.755802][T13695] batman_adv: batadv0: Interface activated: batadv_slave_0
[  745.784592][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  745.816152][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.835194][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  745.873993][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.898707][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  745.921687][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.937988][T13695] batman_adv: batadv0: Interface activated: batadv_slave_1
[  746.038302][T13695] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  746.063723][T13695] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  746.076818][T13695] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  746.087367][T13695] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  746.386663][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  746.401932][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  746.579758][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  746.593821][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  747.890351][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  747.896986][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  760.200444][T12649] Bluetooth: hci4: command 0x0406 tx timeout
[  773.112365][T14304] netlink: 'syz.3.2722': attribute type 10 has an invalid length.
[  773.176213][T14304] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.2722'.
[  776.366523][T14352] netlink: 'syz.2.2734': attribute type 10 has an invalid length.
[  776.403805][T14352] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2734'.
[  780.907065][T14398] netlink: 'syz.3.2748': attribute type 10 has an invalid length.
[  780.949283][T14398] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.2748'.
[  782.915387][T14438] netlink: 'syz.2.2763': attribute type 10 has an invalid length.
[  782.958408][T14438] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2763'.
[  784.511366][T14477] netlink: 'syz.3.2775': attribute type 10 has an invalid length.
[  784.590286][T14477] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.2775'.
[  785.408274][T14498] netlink: 'syz.3.2784': attribute type 3 has an invalid length.
[  785.438050][T14498] netlink: 201336 bytes leftover after parsing attributes in process `syz.3.2784'.
[  785.533784][T14498] netlink: 'syz.3.2784': attribute type 3 has an invalid length.
[  785.569696][T14498] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2784'.
[  785.753379][T14509] netlink: 'syz.2.2788': attribute type 10 has an invalid length.
[  785.778272][T14509] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2788'.
[  788.493643][T14524] FAULT_INJECTION: forcing a failure.
[  788.493643][T14524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  788.535873][T14524] CPU: 1 PID: 14524 Comm: syz.2.2791 Not tainted syzkaller #0
[  788.543463][T14524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  788.553913][T14524] Call Trace:
[  788.557215][T14524]  <TASK>
[  788.560168][T14524]  dump_stack_lvl+0x18c/0x250
[  788.564893][T14524]  ? show_regs_print_info+0x20/0x20
[  788.570382][T14524]  ? load_image+0x420/0x420
[  788.575004][T14524]  ? __might_fault+0xaa/0x120
[  788.579793][T14524]  ? __lock_acquire+0x7d40/0x7d40
[  788.585024][T14524]  should_fail_ex+0x39d/0x4d0
[  788.590184][T14524]  _copy_from_iter+0x1d9/0x12e0
[  788.595344][T14524]  ? rep_movs_alternative+0x4a/0x90
[  788.601007][T14524]  ? _copy_from_iter+0x24e/0x12e0
[  788.606407][T14524]  ? __virt_addr_valid+0x18c/0x540
[  788.611821][T14524]  ? __lock_acquire+0x7d40/0x7d40
[  788.617044][T14524]  ? copyout_mc+0x70/0x70
[  788.621498][T14524]  ? copyout_mc+0x70/0x70
[  788.625961][T14524]  ? __virt_addr_valid+0x18c/0x540
[  788.631192][T14524]  ? page_copy_sane+0x16a/0x270
[  788.636335][T14524]  copy_page_from_iter+0x7b/0x100
[  788.641508][T14524]  skb_copy_datagram_from_iter+0x2e4/0x6e0
[  788.647487][T14524]  tun_get_user+0x15db/0x3ca0
[  788.652460][T14524]  ? aa_file_perm+0x11b/0xee0
[  788.657462][T14524]  ? rcu_read_unlock+0xa0/0xa0
[  788.662497][T14524]  ? tun_get+0x1c/0x2e0
[  788.666685][T14524]  ? __lock_acquire+0x7d40/0x7d40
[  788.672595][T14524]  ? tun_get+0x1c/0x2e0
[  788.676870][T14524]  tun_chr_write_iter+0x119/0x200
[  788.682025][T14524]  vfs_write+0x46c/0x990
[  788.686405][T14524]  ? file_end_write+0x250/0x250
[  788.691291][T14524]  ? __fget_files+0x43d/0x4b0
[  788.696011][T14524]  ? __fdget_pos+0x1d8/0x330
[  788.700625][T14524]  ? ksys_write+0x75/0x260
[  788.705073][T14524]  ksys_write+0x150/0x260
[  788.709610][T14524]  ? __ia32_sys_read+0x90/0x90
[  788.714674][T14524]  ? lockdep_hardirqs_on+0x98/0x150
[  788.719964][T14524]  do_syscall_64+0x55/0xa0
[  788.724509][T14524]  ? clear_bhb_loop+0x40/0x90
[  788.729428][T14524]  ? clear_bhb_loop+0x40/0x90
[  788.734236][T14524]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  788.740413][T14524] RIP: 0033:0x7fb2a4d9c819
[  788.745022][T14524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  788.765351][T14524] RSP: 002b:00007fb2a5cc2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  788.773966][T14524] RAX: ffffffffffffffda RBX: 00007fb2a5015fa0 RCX: 00007fb2a4d9c819
[  788.781960][T14524] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 00000000000000c8
[  788.790323][T14524] RBP: 00007fb2a5cc2090 R08: 0000000000000000 R09: 0000000000000000
[  788.798504][T14524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  788.806664][T14524] R13: 00007fb2a5016038 R14: 00007fb2a5015fa0 R15: 00007ffdad497c78
[  788.814768][T14524]  </TASK>
[  789.408302][T14548] netlink: 'syz.0.2799': attribute type 10 has an invalid length.
[  789.426395][T14548] netlink: 65015 bytes leftover after parsing attributes in process `syz.0.2799'.
[  793.042488][T14590] netlink: 'syz.3.2819': attribute type 29 has an invalid length.
[  793.072675][T14590] netlink: 'syz.3.2819': attribute type 29 has an invalid length.
[  793.097121][T14585] netlink: 'syz.0.2817': attribute type 10 has an invalid length.
[  793.285789][T14585] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  793.365500][T14591] netlink: 'syz.2.2818': attribute type 10 has an invalid length.
[  793.379517][T14591] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2818'.
[  793.536789][T14604] FAULT_INJECTION: forcing a failure.
[  793.536789][T14604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  793.588165][T14604] CPU: 0 PID: 14604 Comm: syz.3.2823 Not tainted syzkaller #0
[  793.596246][T14604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  793.606596][T14604] Call Trace:
[  793.609926][T14604]  <TASK>
[  793.612990][T14604]  dump_stack_lvl+0x18c/0x250
[  793.617818][T14604]  ? show_regs_print_info+0x20/0x20
[  793.623099][T14604]  ? load_image+0x420/0x420
[  793.627753][T14604]  ? __might_fault+0xaa/0x120
[  793.632658][T14604]  ? __lock_acquire+0x7d40/0x7d40
[  793.637909][T14604]  ? __might_fault+0xaa/0x120
[  793.641949][T14611] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2826'.
[  793.643230][T14604]  should_fail_ex+0x39d/0x4d0
[  793.643271][T14604]  _copy_from_iter+0x1d9/0x12e0
[  793.643299][T14604]  ? __might_fault+0xaa/0x120
[  793.643323][T14604]  ? _copy_from_iter+0x24e/0x12e0
[  793.672202][T14604]  ? __virt_addr_valid+0x18c/0x540
[  793.677634][T14604]  ? __lock_acquire+0x7d40/0x7d40
[  793.682785][T14604]  ? copyout_mc+0x70/0x70
[  793.687132][T14604]  ? copyout_mc+0x70/0x70
[  793.691836][T14604]  ? __virt_addr_valid+0x18c/0x540
[  793.697267][T14604]  ? page_copy_sane+0x16a/0x270
[  793.702246][T14604]  copy_page_from_iter+0x7b/0x100
[  793.707761][T14604]  skb_copy_datagram_from_iter+0x2e4/0x6e0
[  793.713704][T14604]  tun_get_user+0x15db/0x3ca0
[  793.718521][T14604]  ? aa_file_perm+0x11b/0xee0
[  793.723400][T14604]  ? rcu_read_unlock+0xa0/0xa0
[  793.728729][T14604]  ? tun_get+0x1c/0x2e0
[  793.733086][T14604]  ? __lock_acquire+0x7d40/0x7d40
[  793.738401][T14604]  ? tun_get+0x1c/0x2e0
[  793.742759][T14604]  tun_chr_write_iter+0x119/0x200
[  793.747987][T14604]  vfs_write+0x46c/0x990
[  793.752643][T14604]  ? file_end_write+0x250/0x250
[  793.757773][T14604]  ? __fget_files+0x43d/0x4b0
[  793.762588][T14604]  ? __fdget_pos+0x1d8/0x330
[  793.767720][T14604]  ? ksys_write+0x75/0x260
[  793.772337][T14604]  ksys_write+0x150/0x260
[  793.776868][T14604]  ? __ia32_sys_read+0x90/0x90
[  793.781679][T14604]  ? lockdep_hardirqs_on+0x98/0x150
[  793.787226][T14604]  do_syscall_64+0x55/0xa0
[  793.791858][T14604]  ? clear_bhb_loop+0x40/0x90
[  793.796651][T14604]  ? clear_bhb_loop+0x40/0x90
[  793.801433][T14604]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  793.807435][T14604] RIP: 0033:0x7f9d55b9c819
[  793.811863][T14604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  793.832239][T14604] RSP: 002b:00007f9d5699d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  793.840700][T14604] RAX: ffffffffffffffda RBX: 00007f9d55e15fa0 RCX: 00007f9d55b9c819
[  793.849135][T14604] RDX: 000000000000fdef RSI: 00002000000004c0 RDI: 00000000000000c8
[  793.857124][T14604] RBP: 00007f9d5699d090 R08: 0000000000000000 R09: 0000000000000000
[  793.865547][T14604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  793.874138][T14604] R13: 00007f9d55e16038 R14: 00007f9d55e15fa0 R15: 00007ffcc74681f8
[  793.882485][T14604]  </TASK>
[  793.892275][T14612] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2824'.
[  794.515638][T14632] netlink: 'syz.2.2834': attribute type 10 has an invalid length.
[  794.594290][T14632] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2834'.
[  794.642189][T14630] netlink: 'syz.3.2835': attribute type 10 has an invalid length.
[  794.727212][T14635] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2833'.
[  794.791847][T14630] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  794.849157][T14635] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2833'.
[  794.937154][T14626] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2833'.
[  794.981585][T14640] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2833'.
[  795.088803][T14641] sit0: entered promiscuous mode
[  795.181446][T14626] netlink: 'syz.0.2833': attribute type 10 has an invalid length.
[  795.229113][T14626] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2833'.
[  795.334768][T14626] batman_adv: batadv0: Adding interface: veth1_virt_wifi
[  795.382339][T14626] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  795.511200][T14626] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[  796.042095][T12649] Bluetooth: hci3: command 0x0406 tx timeout
[  796.163019][T14667] netlink: 'syz.1.2846': attribute type 10 has an invalid length.
[  796.181402][T14667] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2846'.
[  796.218390][T14662] FAULT_INJECTION: forcing a failure.
[  796.218390][T14662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  796.255285][T14662] CPU: 0 PID: 14662 Comm: syz.2.2845 Not tainted syzkaller #0
[  796.263081][T14662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  796.273211][T14662] Call Trace:
[  796.276650][T14662]  <TASK>
[  796.279728][T14662]  dump_stack_lvl+0x18c/0x250
[  796.284569][T14662]  ? show_regs_print_info+0x20/0x20
[  796.289826][T14662]  ? load_image+0x420/0x420
[  796.294684][T14662]  ? __might_fault+0xaa/0x120
[  796.299507][T14662]  ? __lock_acquire+0x7d40/0x7d40
[  796.304924][T14662]  should_fail_ex+0x39d/0x4d0
[  796.309943][T14662]  _copy_from_user+0x2f/0xe0
[  796.314605][T14662]  __sys_bpf+0x23e/0x890
[  796.318921][T14662]  ? bpf_link_show_fdinfo+0x390/0x390
[  796.324629][T14662]  ? lock_chain_count+0x20/0x20
[  796.329850][T14662]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  796.336030][T14662]  __x64_sys_bpf+0x7c/0x90
[  796.340644][T14662]  do_syscall_64+0x55/0xa0
[  796.345453][T14662]  ? clear_bhb_loop+0x40/0x90
[  796.350325][T14662]  ? clear_bhb_loop+0x40/0x90
[  796.355191][T14662]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  796.361552][T14662] RIP: 0033:0x7fb2a4d9c819
[  796.366086][T14662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  796.386934][T14662] RSP: 002b:00007fb2a5cc2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  796.395736][T14662] RAX: ffffffffffffffda RBX: 00007fb2a5015fa0 RCX: 00007fb2a4d9c819
[  796.403834][T14662] RDX: 0000000000000048 RSI: 00002000000003c0 RDI: 000000000000000a
[  796.412011][T14662] RBP: 00007fb2a5cc2090 R08: 0000000000000000 R09: 0000000000000000
[  796.420176][T14662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  796.428332][T14662] R13: 00007fb2a5016038 R14: 00007fb2a5015fa0 R15: 00007ffdad497c78
[  796.436333][T14662]  </TASK>
[  796.865616][T14678] netlink: 'syz.1.2848': attribute type 10 has an invalid length.
[  797.094698][T14678] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  797.517240][T14691] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.2851'.
[  797.603636][T14691] netlink: 6332 bytes leftover after parsing attributes in process `syz.2.2851'.
[  798.306113][T14710] netlink: 'syz.1.2857': attribute type 10 has an invalid length.
[  798.320128][T14710] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2857'.
[  802.276190][T14741] FAULT_INJECTION: forcing a failure.
[  802.276190][T14741] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  802.317224][T14741] CPU: 0 PID: 14741 Comm: syz.0.2872 Not tainted syzkaller #0
[  802.324779][T14741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  802.334898][T14741] Call Trace:
[  802.338217][T14741]  <TASK>
[  802.341188][T14741]  dump_stack_lvl+0x18c/0x250
[  802.346064][T14741]  ? show_regs_print_info+0x20/0x20
[  802.351312][T14741]  ? load_image+0x420/0x420
[  802.356036][T14741]  ? __might_fault+0xaa/0x120
[  802.361072][T14741]  ? __lock_acquire+0x7d40/0x7d40
[  802.366312][T14741]  should_fail_ex+0x39d/0x4d0
[  802.371131][T14741]  _copy_to_user+0x2f/0xa0
[  802.375584][T14741]  bpf_task_fd_query_copy+0x1cd/0x410
[  802.381180][T14741]  bpf_task_fd_query+0x607/0x6d0
[  802.386252][T14741]  ? bpf_task_fd_query+0x18f/0x6d0
[  802.391603][T14741]  ? bpf_btf_get_fd_by_id+0x80/0x80
[  802.396849][T14741]  ? __lock_acquire+0x7d40/0x7d40
[  802.401939][T14741]  ? file_end_write+0x159/0x250
[  802.407021][T14741]  ? __might_fault+0xaa/0x120
[  802.411823][T14741]  ? __might_fault+0xc6/0x120
[  802.416542][T14741]  ? __might_fault+0xaa/0x120
[  802.421265][T14741]  ? bpf_lsm_bpf+0x9/0x10
[  802.425654][T14741]  ? security_bpf+0x7e/0xa0
[  802.430303][T14741]  __sys_bpf+0x6cc/0x890
[  802.434865][T14741]  ? bpf_link_show_fdinfo+0x390/0x390
[  802.440401][T14741]  ? lock_chain_count+0x20/0x20
[  802.445317][T14741]  __x64_sys_bpf+0x7c/0x90
[  802.449799][T14741]  do_syscall_64+0x55/0xa0
[  802.454424][T14741]  ? clear_bhb_loop+0x40/0x90
[  802.459117][T14741]  ? clear_bhb_loop+0x40/0x90
[  802.463803][T14741]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  802.469878][T14741] RIP: 0033:0x7fd16999c819
[  802.474485][T14741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  802.495008][T14741] RSP: 002b:00007fd16a8f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  802.503528][T14741] RAX: ffffffffffffffda RBX: 00007fd169c15fa0 RCX: 00007fd16999c819
[  802.511873][T14741] RDX: 0000000000000012 RSI: 0000200000000340 RDI: 0000000000000014
[  802.519914][T14741] RBP: 00007fd16a8f4090 R08: 0000000000000000 R09: 0000000000000000
[  802.527999][T14741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  802.536079][T14741] R13: 00007fd169c16038 R14: 00007fd169c15fa0 R15: 00007fff407cec78
[  802.544265][T14741]  </TASK>
[  802.623304][T14749] netlink: 'syz.1.2873': attribute type 10 has an invalid length.
[  802.632647][T14749] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2873'.
[  807.132466][T14786] netlink: 'syz.0.2886': attribute type 10 has an invalid length.
[  807.260821][T14786] team0: Device veth1_macvtap failed to register rx_handler
[  810.078424][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  810.099324][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  814.049028][T14844] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.2909'.
[  814.194473][T14852] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2910'.
[  814.236890][T14852] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2910'.
[  814.300727][T14850] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2910'.
[  814.343734][T14852] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2910'.
[  814.621355][T14856] netlink: 'syz.0.2913': attribute type 153 has an invalid length.
[  814.632020][T14856] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.2913'.
[  814.662565][T14856] netlink: 'syz.0.2913': attribute type 27 has an invalid length.
[  814.903732][T14866] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.2922'.
[  815.065168][T14870] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.2925'.
[  816.521852][ T5782] Bluetooth: hci0: command 0x0406 tx timeout
[  816.801493][T14896] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2924'.
[  816.827504][T14896] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2924'.
[  817.012942][T14899] FAULT_INJECTION: forcing a failure.
[  817.012942][T14899] name failslab, interval 1, probability 0, space 0, times 0
[  817.059303][T14899] CPU: 1 PID: 14899 Comm: syz.2.2928 Not tainted syzkaller #0
[  817.066954][T14899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  817.077138][T14899] Call Trace:
[  817.080449][T14899]  <TASK>
[  817.083507][T14899]  dump_stack_lvl+0x18c/0x250
[  817.088260][T14899]  ? show_regs_print_info+0x20/0x20
[  817.093601][T14899]  ? load_image+0x420/0x420
[  817.098232][T14899]  ? __might_sleep+0xe0/0xe0
[  817.102863][T14899]  ? __lock_acquire+0x7d40/0x7d40
[  817.108014][T14899]  should_fail_ex+0x39d/0x4d0
[  817.112732][T14899]  should_failslab+0x9/0x20
[  817.117370][T14899]  slab_pre_alloc_hook+0x59/0x310
[  817.122434][T14899]  ? sk_prot_alloc+0xe7/0x210
[  817.127239][T14899]  ? sk_prot_alloc+0xe7/0x210
[  817.131947][T14899]  __kmem_cache_alloc_node+0x53/0x250
[  817.137713][T14899]  ? sk_prot_alloc+0xe7/0x210
[  817.142426][T14899]  __kmalloc+0xa4/0x230
[  817.146723][T14899]  sk_prot_alloc+0xe7/0x210
[  817.151417][T14899]  ? sk_alloc+0x24/0x360
[  817.155708][T14899]  sk_alloc+0x3a/0x360
[  817.159810][T14899]  ? bpf_ctx_init+0x163/0x1a0
[  817.164502][T14899]  ? bpf_prog_test_run_skb+0x273/0x12b0
[  817.170061][T14899]  bpf_prog_test_run_skb+0x3a5/0x12b0
[  817.175539][T14899]  ? __fget_files+0x28/0x4b0
[  817.180229][T14899]  ? __fget_files+0x28/0x4b0
[  817.185100][T14899]  ? __fget_files+0x43d/0x4b0
[  817.189981][T14899]  ? cpu_online+0x60/0x60
[  817.194476][T14899]  bpf_prog_test_run+0x321/0x390
[  817.200150][T14899]  __sys_bpf+0x49d/0x890
[  817.204669][T14899]  ? bpf_link_show_fdinfo+0x390/0x390
[  817.210419][T14899]  ? lock_chain_count+0x20/0x20
[  817.215378][T14899]  __x64_sys_bpf+0x7c/0x90
[  817.219811][T14899]  do_syscall_64+0x55/0xa0
[  817.224262][T14899]  ? clear_bhb_loop+0x40/0x90
[  817.229660][T14899]  ? clear_bhb_loop+0x40/0x90
[  817.234531][T14899]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  817.240526][T14899] RIP: 0033:0x7fb2a4d9c819
[  817.244956][T14899] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  817.264857][T14899] RSP: 002b:00007fb2a5cc2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  817.273513][T14899] RAX: ffffffffffffffda RBX: 00007fb2a5015fa0 RCX: 00007fb2a4d9c819
[  817.281668][T14899] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  817.289830][T14899] RBP: 00007fb2a5cc2090 R08: 0000000000000000 R09: 0000000000000000
[  817.298071][T14899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  817.306930][T14899] R13: 00007fb2a5016038 R14: 00007fb2a5015fa0 R15: 00007ffdad497c78
[  817.314929][T14899]  </TASK>
[  817.474933][T14909] netlink: 'syz.2.2932': attribute type 10 has an invalid length.
[  818.523160][T14925] FAULT_INJECTION: forcing a failure.
[  818.523160][T14925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.602613][T14925] CPU: 0 PID: 14925 Comm: syz.1.2936 Not tainted syzkaller #0
[  818.610284][T14925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  818.620640][T14925] Call Trace:
[  818.624222][T14925]  <TASK>
[  818.627375][T14925]  dump_stack_lvl+0x18c/0x250
[  818.632337][T14925]  ? show_regs_print_info+0x20/0x20
[  818.638150][T14925]  ? load_image+0x420/0x420
[  818.642899][T14925]  ? __might_fault+0xaa/0x120
[  818.647642][T14925]  ? __lock_acquire+0x7d40/0x7d40
[  818.653044][T14925]  should_fail_ex+0x39d/0x4d0
[  818.657782][T14925]  _copy_from_user+0x2f/0xe0
[  818.662616][T14925]  ___sys_sendmsg+0x1c7/0x360
[  818.667687][T14925]  ? get_pid_task+0x20/0x1e0
[  818.672502][T14925]  ? __sys_sendmsg+0x2a0/0x2a0
[  818.677324][T14925]  ? __lock_acquire+0x7d40/0x7d40
[  818.683190][T14925]  __se_sys_sendmsg+0x1c2/0x2b0
[  818.688289][T14925]  ? __x64_sys_sendmsg+0x80/0x80
[  818.693537][T14925]  ? lockdep_hardirqs_on+0x98/0x150
[  818.699040][T14925]  do_syscall_64+0x55/0xa0
[  818.703930][T14925]  ? clear_bhb_loop+0x40/0x90
[  818.708912][T14925]  ? clear_bhb_loop+0x40/0x90
[  818.713678][T14925]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  818.719783][T14925] RIP: 0033:0x7fa707b9c819
[  818.724234][T14925] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  818.744500][T14925] RSP: 002b:00007fa708a18028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  818.752992][T14925] RAX: ffffffffffffffda RBX: 00007fa707e15fa0 RCX: 00007fa707b9c819
[  818.761527][T14925] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000003
[  818.769624][T14925] RBP: 00007fa708a18090 R08: 0000000000000000 R09: 0000000000000000
[  818.777893][T14925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  818.785889][T14925] R13: 00007fa707e16038 R14: 00007fa707e15fa0 R15: 00007fff98c88818
[  818.793995][T14925]  </TASK>
[  819.463529][T14932] netlink: 'syz.1.2939': attribute type 10 has an invalid length.
[  819.734089][T14932] __nla_validate_parse: 8 callbacks suppressed
[  819.734108][T14932] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2939'.
[  820.073654][T14932] batadv0: entered promiscuous mode
[  820.088202][T14932] batadv0: entered allmulticast mode
[  820.100269][T14932] bridge0: port 3(batadv0) entered blocking state
[  820.107146][T14932] bridge0: port 3(batadv0) entered disabled state
[  820.187362][T14932] bridge0: port 3(batadv0) entered blocking state
[  820.194153][T14932] bridge0: port 3(batadv0) entered forwarding state
[  820.263425][ T1085] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  820.273386][ T1085] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  820.279772][T14940] netlink: 'syz.2.2941': attribute type 10 has an invalid length.
[  820.312603][T14940] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2941'.
[  820.455943][T14948] netlink: 65055 bytes leftover after parsing attributes in process `syz.1.2944'.
[  820.637276][T14959] netlink: 'syz.3.2946': attribute type 10 has an invalid length.
[  820.703955][T14959] team0: Device veth1_macvtap failed to register rx_handler
[  823.006569][T14982] FAULT_INJECTION: forcing a failure.
[  823.006569][T14982] name failslab, interval 1, probability 0, space 0, times 0
[  823.118134][T14982] CPU: 1 PID: 14982 Comm: syz.3.2953 Not tainted syzkaller #0
[  823.125775][T14982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  823.136510][T14982] Call Trace:
[  823.139828][T14982]  <TASK>
[  823.142891][T14982]  dump_stack_lvl+0x18c/0x250
[  823.147757][T14982]  ? show_regs_print_info+0x20/0x20
[  823.153094][T14982]  ? load_image+0x420/0x420
[  823.157661][T14982]  ? should_fail_ex+0x322/0x4d0
[  823.162860][T14982]  should_fail_ex+0x39d/0x4d0
[  823.167689][T14982]  should_failslab+0x9/0x20
[  823.172459][T14982]  slab_pre_alloc_hook+0x59/0x310
[  823.177559][T14982]  kmem_cache_alloc_node+0x60/0x320
[  823.182981][T14982]  ? __alloc_skb+0x103/0x2c0
[  823.187616][T14982]  __alloc_skb+0x103/0x2c0
[  823.192069][T14982]  netlink_ack+0x376/0x1180
[  823.196880][T14982]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  823.203146][T14982]  ? netlink_dump+0xe50/0xe50
[  823.208019][T14982]  ? sock_diag_rcv_msg+0x3f9/0x600
[  823.213292][T14982]  ? sock_diag_rcv_msg+0x402/0x600
[  823.218865][T14982]  netlink_rcv_skb+0x2c5/0x4d0
[  823.223683][T14982]  ? sock_diag_bind+0xb0/0xb0
[  823.228739][T14982]  ? netlink_ack+0x1180/0x1180
[  823.233623][T14982]  ? __lock_acquire+0x7d40/0x7d40
[  823.239027][T14982]  ? __rcu_read_unlock+0x7c/0xd0
[  823.244168][T14982]  ? netlink_deliver_tap+0x2e/0x1b0
[  823.249565][T14982]  sock_diag_rcv+0x2a/0x40
[  823.254221][T14982]  netlink_unicast+0x751/0x8d0
[  823.259049][T14982]  netlink_sendmsg+0x8d0/0xbf0
[  823.264106][T14982]  ? lockdep_hardirqs_on+0x98/0x150
[  823.269419][T14982]  ? netlink_getsockopt+0x590/0x590
[  823.274816][T14982]  ? netlink_getsockopt+0x590/0x590
[  823.280242][T14982]  ____sys_sendmsg+0x5ba/0x960
[  823.285383][T14982]  ? __asan_memset+0x22/0x40
[  823.290021][T14982]  ? __sys_sendmsg_sock+0x30/0x30
[  823.295194][T14982]  ? __import_iovec+0x5f2/0x850
[  823.300088][T14982]  ? import_iovec+0x73/0xa0
[  823.304785][T14982]  ___sys_sendmsg+0x2a6/0x360
[  823.309562][T14982]  ? __sys_sendmsg+0x2a0/0x2a0
[  823.314473][T14982]  __se_sys_sendmsg+0x1c2/0x2b0
[  823.319449][T14982]  ? __x64_sys_sendmsg+0x80/0x80
[  823.324459][T14982]  do_syscall_64+0x55/0xa0
[  823.329007][T14982]  ? clear_bhb_loop+0x40/0x90
[  823.333887][T14982]  ? clear_bhb_loop+0x40/0x90
[  823.338679][T14982]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  823.344601][T14982] RIP: 0033:0x7f9d55b9c819
[  823.349063][T14982] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  823.368779][T14982] RSP: 002b:00007f9d5699d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  823.377231][T14982] RAX: ffffffffffffffda RBX: 00007f9d55e15fa0 RCX: 00007f9d55b9c819
[  823.385748][T14982] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007
[  823.393831][T14982] RBP: 00007f9d5699d090 R08: 0000000000000000 R09: 0000000000000000
[  823.402106][T14982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  823.410092][T14982] R13: 00007f9d55e16038 R14: 00007f9d55e15fa0 R15: 00007ffcc74681f8
[  823.418621][T14982]  </TASK>
[  823.627470][T14996] netlink: 65055 bytes leftover after parsing attributes in process `syz.1.2957'.
[  824.652535][T15044] veth1_macvtap: entered allmulticast mode
[  824.941276][T15052] netlink: 65055 bytes leftover after parsing attributes in process `syz.0.2976'.
[  825.009522][T15057] netlink: 'syz.2.2979': attribute type 5 has an invalid length.
[  825.292094][T15065] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2983'.
[  826.920447][T15083] netlink: 'syz.2.2988': attribute type 10 has an invalid length.
[  826.971838][T15083] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2988'.
[  827.071866][T15083] ipvlan1: entered promiscuous mode
[  827.111990][T15083] ipvlan1: entered allmulticast mode
[  827.118505][T15083] veth0_vlan: entered allmulticast mode
[  827.185586][T15083] bridge0: port 3(ipvlan1) entered blocking state
[  827.203487][T15083] bridge0: port 3(ipvlan1) entered disabled state
[  827.446851][T15083] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  827.569809][T15090] netlink: 'syz.3.2990': attribute type 10 has an invalid length.
[  827.604692][T15090] veth0_macvtap: left promiscuous mode
[  827.852461][T15103] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.2993'.
[  828.182492][T15111] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2994'.
[  828.204820][T15111] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2994'.
[  828.225758][T15099] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2994'.
[  828.264816][T15111] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2994'.
[  828.418946][T15111] netlink: 'syz.1.2994': attribute type 10 has an invalid length.
[  828.466021][T15111] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2994'.
[  828.525540][T15111] batman_adv: batadv0: Adding interface: veth1_virt_wifi
[  828.553188][T15111] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  828.589734][T15111] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[  828.607349][T15116] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.2996'.
[  828.778208][T15107] netlink: 'syz.0.2996': attribute type 10 has an invalid length.
[  828.860568][T15123] FAULT_INJECTION: forcing a failure.
[  828.860568][T15123] name failslab, interval 1, probability 0, space 0, times 0
[  828.879422][T15123] CPU: 1 PID: 15123 Comm: syz.1.3000 Not tainted syzkaller #0
[  828.887384][T15123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  828.897553][T15123] Call Trace:
[  828.900878][T15123]  <TASK>
[  828.903835][T15123]  dump_stack_lvl+0x18c/0x250
[  828.908648][T15123]  ? show_regs_print_info+0x20/0x20
[  828.913876][T15123]  ? load_image+0x420/0x420
[  828.918407][T15123]  ? verify_lock_unused+0x140/0x140
[  828.924068][T15123]  should_fail_ex+0x39d/0x4d0
[  828.928777][T15123]  should_failslab+0x9/0x20
[  828.933302][T15123]  slab_pre_alloc_hook+0x59/0x310
[  828.938353][T15123]  kmem_cache_alloc+0x5a/0x2d0
[  828.943350][T15123]  ? skb_clone+0x1eb/0x370
[  828.947786][T15123]  skb_clone+0x1eb/0x370
[  828.952046][T15123]  __netlink_deliver_tap+0x41c/0x830
[  828.957461][T15123]  ? netlink_deliver_tap+0x2e/0x1b0
[  828.962781][T15123]  netlink_deliver_tap+0x19c/0x1b0
[  828.967949][T15123]  __netlink_sendskb+0x4b/0x90
[  828.972829][T15123]  netlink_dump+0xa75/0xe50
[  828.977371][T15123]  ? netlink_lookup+0x200/0x200
[  828.982260][T15123]  ? netlink_autobind+0x300/0x300
[  828.987403][T15123]  ? netlink_lookup+0x30/0x200
[  828.992274][T15123]  ? netlink_lookup+0x30/0x200
[  828.997437][T15123]  __netlink_dump_start+0x5f1/0x810
[  829.002920][T15123]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  829.008064][T15123]  rtnetlink_rcv_msg+0xe1d/0xfa0
[  829.013535][T15123]  ? rtnl_net_getid+0xa00/0xa00
[  829.018585][T15123]  ? rtnetlink_bind+0x80/0x80
[  829.023298][T15123]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  829.029407][T15123]  ? lock_chain_count+0x20/0x20
[  829.034738][T15123]  ? __local_bh_enable_ip+0x13a/0x1c0
[  829.040143][T15123]  ? lockdep_hardirqs_on+0x98/0x150
[  829.045385][T15123]  ? __local_bh_enable_ip+0x13a/0x1c0
[  829.050771][T15123]  ? _local_bh_enable+0xa0/0xa0
[  829.055647][T15123]  ? __dev_queue_xmit+0x265/0x3660
[  829.060952][T15123]  ? __dev_queue_xmit+0x265/0x3660
[  829.066171][T15123]  ? __dev_queue_xmit+0x1b2c/0x3660
[  829.071849][T15123]  ? __dev_queue_xmit+0x265/0x3660
[  829.076994][T15123]  ? rtnl_net_getid+0xa00/0xa00
[  829.082249][T15123]  ? ref_tracker_free+0x690/0x840
[  829.087318][T15123]  netlink_rcv_skb+0x241/0x4d0
[  829.092175][T15123]  ? rtnetlink_bind+0x80/0x80
[  829.097078][T15123]  ? netlink_ack+0x1180/0x1180
[  829.102072][T15123]  ? __lock_acquire+0x7d40/0x7d40
[  829.107132][T15123]  ? netlink_deliver_tap+0x2e/0x1b0
[  829.112455][T15123]  netlink_unicast+0x751/0x8d0
[  829.117433][T15123]  netlink_sendmsg+0x8d0/0xbf0
[  829.122227][T15123]  ? netlink_getsockopt+0x590/0x590
[  829.127544][T15123]  ? aa_sock_msg_perm+0x94/0x150
[  829.132502][T15123]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  829.137898][T15123]  ? security_socket_sendmsg+0x80/0xa0
[  829.143636][T15123]  ? netlink_getsockopt+0x590/0x590
[  829.149067][T15123]  ____sys_sendmsg+0x5ba/0x960
[  829.153869][T15123]  ? __asan_memset+0x22/0x40
[  829.158479][T15123]  ? __sys_sendmsg_sock+0x30/0x30
[  829.163697][T15123]  ? __import_iovec+0x5f2/0x850
[  829.169023][T15123]  ? import_iovec+0x73/0xa0
[  829.173815][T15123]  ___sys_sendmsg+0x2a6/0x360
[  829.178506][T15123]  ? get_pid_task+0x20/0x1e0
[  829.183466][T15123]  ? __sys_sendmsg+0x2a0/0x2a0
[  829.188536][T15123]  ? __lock_acquire+0x7d40/0x7d40
[  829.193604][T15123]  __se_sys_sendmsg+0x1c2/0x2b0
[  829.198656][T15123]  ? __x64_sys_sendmsg+0x80/0x80
[  829.203885][T15123]  ? lockdep_hardirqs_on+0x98/0x150
[  829.209282][T15123]  do_syscall_64+0x55/0xa0
[  829.213883][T15123]  ? clear_bhb_loop+0x40/0x90
[  829.218669][T15123]  ? clear_bhb_loop+0x40/0x90
[  829.223544][T15123]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  829.230142][T15123] RIP: 0033:0x7fa707b9c819
[  829.234786][T15123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  829.255021][T15123] RSP: 002b:00007fa708a18028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  829.264283][T15123] RAX: ffffffffffffffda RBX: 00007fa707e15fa0 RCX: 00007fa707b9c819
[  829.272648][T15123] RDX: 0000000000000010 RSI: 00002000000003c0 RDI: 0000000000000003
[  829.281091][T15123] RBP: 00007fa708a18090 R08: 0000000000000000 R09: 0000000000000000
[  829.289443][T15123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  829.297718][T15123] R13: 00007fa707e16038 R14: 00007fa707e15fa0 R15: 00007fff98c88818
[  829.305905][T15123]  </TASK>
[  829.810542][T15135] netlink: 'syz.1.3005': attribute type 25 has an invalid length.
[  829.818524][T15135] netlink: 'syz.1.3005': attribute type 29 has an invalid length.
[  830.298325][T15146] __nla_validate_parse: 5 callbacks suppressed
[  830.298344][T15146] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.3009'.
[  830.345227][T15146] FAULT_INJECTION: forcing a failure.
[  830.345227][T15146] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  830.369886][T15146] CPU: 1 PID: 15146 Comm: syz.1.3009 Not tainted syzkaller #0
[  830.378407][T15146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  830.389391][T15146] Call Trace:
[  830.393310][T15146]  <TASK>
[  830.396361][T15146]  dump_stack_lvl+0x18c/0x250
[  830.401183][T15146]  ? show_regs_print_info+0x20/0x20
[  830.406523][T15146]  ? load_image+0x420/0x420
[  830.411168][T15146]  ? __might_fault+0xaa/0x120
[  830.415884][T15146]  should_fail_ex+0x39d/0x4d0
[  830.420606][T15146]  copyout+0x1a/0x90
[  830.424545][T15146]  _copy_to_iter+0x432/0x1120
[  830.429531][T15146]  ? iov_iter_init+0x1e0/0x1e0
[  830.434419][T15146]  ? __virt_addr_valid+0x18c/0x540
[  830.439575][T15146]  ? __virt_addr_valid+0x469/0x540
[  830.444738][T15146]  ? __phys_addr_symbol+0x2f/0x70
[  830.449809][T15146]  __skb_datagram_iter+0xdb/0x780
[  830.455014][T15146]  ? skb_copy_datagram_iter+0x200/0x200
[  830.460692][T15146]  skb_copy_datagram_iter+0xb1/0x200
[  830.466125][T15146]  netlink_recvmsg+0x2d4/0xe60
[  830.471064][T15146]  ? netlink_sendmsg+0xbf0/0xbf0
[  830.476222][T15146]  ? aa_af_perm+0x330/0x330
[  830.481226][T15146]  ? __lock_acquire+0x1273/0x7d40
[  830.486484][T15146]  ? verify_lock_unused+0x140/0x140
[  830.491727][T15146]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  830.497250][T15146]  ? security_socket_recvmsg+0x89/0xb0
[  830.502939][T15146]  ? netlink_sendmsg+0xbf0/0xbf0
[  830.507931][T15146]  ____sys_recvmsg+0x2ce/0x5e0
[  830.512835][T15146]  ? __sys_recvmsg_sock+0x50/0x50
[  830.518088][T15146]  ? import_iovec+0x73/0xa0
[  830.522634][T15146]  ___sys_recvmsg+0x216/0x590
[  830.527440][T15146]  ? __sys_recvmsg+0x2a0/0x2a0
[  830.532327][T15146]  ? ksys_write+0x1c4/0x260
[  830.537056][T15146]  ? __fget_files+0x43d/0x4b0
[  830.541963][T15146]  __x64_sys_recvmsg+0x20c/0x2e0
[  830.546937][T15146]  ? ___sys_recvmsg+0x590/0x590
[  830.551838][T15146]  ? lockdep_hardirqs_on+0x98/0x150
[  830.557178][T15146]  do_syscall_64+0x55/0xa0
[  830.561619][T15146]  ? clear_bhb_loop+0x40/0x90
[  830.566777][T15146]  ? clear_bhb_loop+0x40/0x90
[  830.571597][T15146]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  830.577974][T15146] RIP: 0033:0x7fa707b9c819
[  830.582516][T15146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  830.602689][T15146] RSP: 002b:00007fa708a18028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  830.611669][T15146] RAX: ffffffffffffffda RBX: 00007fa707e15fa0 RCX: 00007fa707b9c819
[  830.619934][T15146] RDX: 0000000000000000 RSI: 0000200000000c40 RDI: 0000000000000003
[  830.628306][T15146] RBP: 00007fa708a18090 R08: 0000000000000000 R09: 0000000000000000
[  830.636589][T15146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  830.644770][T15146] R13: 00007fa707e16038 R14: 00007fa707e15fa0 R15: 00007fff98c88818
[  830.652979][T15146]  </TASK>
[  831.054407][T15156] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.3013'.
[  831.525054][T15164] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3011'.
[  831.564284][T15164] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3011'.
[  831.629481][T15164] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3011'.
[  831.705194][T15151] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3011'.
[  831.817573][T15163] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.3014'.
[  831.898848][T15169] netlink: 'syz.0.3011': attribute type 10 has an invalid length.
[  831.933497][T15169] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3011'.
[  832.467034][T15174] netlink: 'syz.2.3018': attribute type 10 has an invalid length.
[  832.491229][T15174] veth0_macvtap: left promiscuous mode
[  832.728042][T15184] netlink: 65055 bytes leftover after parsing attributes in process `syz.0.3019'.
[  834.150696][T15193] FAULT_INJECTION: forcing a failure.
[  834.150696][T15193] name failslab, interval 1, probability 0, space 0, times 0
[  834.375901][T15193] CPU: 1 PID: 15193 Comm: syz.2.3022 Not tainted syzkaller #0
[  834.383710][T15193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  834.394147][T15193] Call Trace:
[  834.397442][T15193]  <TASK>
[  834.400647][T15193]  dump_stack_lvl+0x18c/0x250
[  834.405443][T15193]  ? show_regs_print_info+0x20/0x20
[  834.410752][T15193]  ? load_image+0x420/0x420
[  834.415276][T15193]  ? __might_sleep+0xe0/0xe0
[  834.419884][T15193]  ? __lock_acquire+0x7d40/0x7d40
[  834.425279][T15193]  should_fail_ex+0x39d/0x4d0
[  834.430068][T15193]  should_failslab+0x9/0x20
[  834.434862][T15193]  slab_pre_alloc_hook+0x59/0x310
[  834.440523][T15193]  ? memcg_alloc_slab_cgroups+0x87/0x130
[  834.446355][T15193]  ? memcg_alloc_slab_cgroups+0x87/0x130
[  834.452354][T15193]  __kmem_cache_alloc_node+0x53/0x250
[  834.458367][T15193]  ? memcg_alloc_slab_cgroups+0x87/0x130
[  834.464146][T15193]  __kmalloc_node+0xa4/0x230
[  834.468805][T15193]  memcg_alloc_slab_cgroups+0x87/0x130
[  834.474647][T15193]  slab_post_alloc_hook+0xf4/0x4b0
[  834.479878][T15193]  kmem_cache_alloc_node+0x14c/0x320
[  834.485205][T15193]  ? __alloc_skb+0x103/0x2c0
[  834.489818][T15193]  __alloc_skb+0x103/0x2c0
[  834.494267][T15193]  alloc_skb_with_frags+0xca/0x7b0
[  834.499409][T15193]  ? _raw_spin_unlock+0x40/0x40
[  834.504322][T15193]  ? finish_wait+0xc7/0x1d0
[  834.508928][T15193]  sock_alloc_send_pskb+0x883/0x9a0
[  834.514164][T15193]  ? sock_kzfree_s+0x50/0x50
[  834.518862][T15193]  ? do_raw_spin_lock+0x11f/0x2c0
[  834.524079][T15193]  ? wake_bit_function+0x200/0x200
[  834.529233][T15193]  ? __rwlock_init+0x150/0x150
[  834.534479][T15193]  ? do_raw_spin_unlock+0x121/0x230
[  834.539806][T15193]  unix_dgram_sendmsg+0x5a2/0x16d0
[  834.545313][T15193]  ? verify_lock_unused+0x140/0x140
[  834.550621][T15193]  ? aa_sk_perm+0x83c/0x970
[  834.555168][T15193]  ? unix_dgram_poll+0x680/0x680
[  834.560146][T15193]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  834.566595][T15193]  ? aa_sock_msg_perm+0x94/0x150
[  834.571565][T15193]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  834.576955][T15193]  ? security_socket_sendmsg+0x80/0xa0
[  834.582447][T15193]  ? unix_dgram_poll+0x680/0x680
[  834.587522][T15193]  ____sys_sendmsg+0x5ba/0x960
[  834.592725][T15193]  ? __asan_memset+0x22/0x40
[  834.597449][T15193]  ? __sys_sendmsg_sock+0x30/0x30
[  834.602691][T15193]  ? __import_iovec+0x3fa/0x850
[  834.607896][T15193]  ? import_iovec+0x73/0xa0
[  834.612432][T15193]  ___sys_sendmsg+0x2a6/0x360
[  834.617160][T15193]  ? get_pid_task+0x20/0x1e0
[  834.621779][T15193]  ? __sys_sendmsg+0x2a0/0x2a0
[  834.626678][T15193]  ? __lock_acquire+0x7d40/0x7d40
[  834.631832][T15193]  __se_sys_sendmsg+0x1c2/0x2b0
[  834.637012][T15193]  ? __x64_sys_sendmsg+0x80/0x80
[  834.642673][T15193]  ? lockdep_hardirqs_on+0x98/0x150
[  834.648236][T15193]  do_syscall_64+0x55/0xa0
[  834.652764][T15193]  ? clear_bhb_loop+0x40/0x90
[  834.657579][T15193]  ? clear_bhb_loop+0x40/0x90
[  834.662384][T15193]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  834.668748][T15193] RIP: 0033:0x7fb2a4d9c819
[  834.673463][T15193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  834.693791][T15193] RSP: 002b:00007fb2a5ca1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  834.702750][T15193] RAX: ffffffffffffffda RBX: 00007fb2a5016090 RCX: 00007fb2a4d9c819
[  834.710921][T15193] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000b
[  834.718913][T15193] RBP: 00007fb2a5ca1090 R08: 0000000000000000 R09: 0000000000000000
[  834.727260][T15193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  834.735548][T15193] R13: 00007fb2a5016128 R14: 00007fb2a5016090 R15: 00007ffdad497c78
[  834.743664][T15193]  </TASK>
[  835.143856][T15207] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3027'.
[  835.407518][T15211] netlink: 'syz.0.3027': attribute type 10 has an invalid length.
[  835.444078][T15211] __nla_validate_parse: 3 callbacks suppressed
[  835.444096][T15211] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3027'.
[  837.885090][T15224] netlink: 1772 bytes leftover after parsing attributes in process `syz.2.3032'.
[  838.625450][T15241] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3037'.
[  838.848360][T15241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  838.927229][T15241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  838.994254][T15241] bond0 (unregistering): Released all slaves
[  839.303861][T15259] netlink: 'syz.2.3042': attribute type 29 has an invalid length.
[  839.329976][T15259] netlink: 'syz.2.3042': attribute type 29 has an invalid length.
[  839.341927][T15257] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3039'.
[  839.361264][T15259] netlink: 'syz.2.3042': attribute type 29 has an invalid length.
[  839.378522][T15257] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3039'.
[  839.408532][T15259] netlink: 'syz.2.3042': attribute type 29 has an invalid length.
[  839.426313][T15263] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3043'.
[  839.438033][T15263] FAULT_INJECTION: forcing a failure.
[  839.438033][T15263] name failslab, interval 1, probability 0, space 0, times 0
[  839.467882][T15263] CPU: 0 PID: 15263 Comm: syz.0.3043 Not tainted syzkaller #0
[  839.475691][T15263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  839.485840][T15263] Call Trace:
[  839.489123][T15263]  <TASK>
[  839.492072][T15263]  dump_stack_lvl+0x18c/0x250
[  839.496871][T15263]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  839.503134][T15263]  ? show_regs_print_info+0x20/0x20
[  839.508445][T15263]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  839.514654][T15263]  ? dump_stack+0x9/0x20
[  839.519048][T15263]  should_fail_ex+0x39d/0x4d0
[  839.524095][T15263]  should_failslab+0x9/0x20
[  839.528628][T15263]  slab_pre_alloc_hook+0x59/0x310
[  839.533701][T15263]  kmem_cache_alloc_node+0x60/0x320
[  839.539027][T15263]  ? __alloc_skb+0x103/0x2c0
[  839.543657][T15263]  __alloc_skb+0x103/0x2c0
[  839.548101][T15263]  rtmsg_ifinfo_build_skb+0x8c/0x260
[  839.553415][T15263]  rtnetlink_event+0x1b7/0x260
[  839.558301][T15263]  notifier_call_chain+0x197/0x380
[  839.563459][T15263]  call_netdevice_notifiers+0x91/0xd0
[  839.569056][T15263]  ? netdev_adjacent_rename_links+0x500/0x500
[  839.575420][T15263]  ? nla_memcpy+0x59/0xb0
[  839.580027][T15263]  do_setlink+0xb2a/0x4130
[  839.584592][T15263]  ? load_image+0x420/0x420
[  839.589383][T15263]  ? nlmsg_parse_deprecated_strict+0x110/0x110
[  839.595719][T15263]  ? rcu_is_watching+0x15/0xb0
[  839.600514][T15263]  ? do_trace_netlink_extack+0x7e/0x1a0
[  839.606374][T15263]  ? __nla_validate_parse+0x262c/0x2ea0
[  839.611995][T15263]  ? mark_lock+0x94/0x320
[  839.616454][T15263]  ? __nla_validate+0x50/0x50
[  839.621157][T15263]  ? mark_lock+0x94/0x320
[  839.625509][T15263]  ? __lock_acquire+0x1347/0x7d40
[  839.630569][T15263]  ? validate_linkmsg+0x719/0x910
[  839.635646][T15263]  rtnl_setlink+0x3d9/0x4e0
[  839.640175][T15263]  ? verify_lock_unused+0x140/0x140
[  839.645401][T15263]  ? rtnl_dump_ifinfo+0x13c0/0x13c0
[  839.650808][T15263]  ? __schedule+0x155b/0x45a0
[  839.655607][T15263]  ? mark_lock+0x94/0x320
[  839.660185][T15263]  ? mutex_lock_nested+0x20/0x20
[  839.665324][T15263]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  839.670453][T15263]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  839.675576][T15263]  ? rtnl_dump_ifinfo+0x13c0/0x13c0
[  839.680792][T15263]  rtnetlink_rcv_msg+0x869/0xfa0
[  839.685944][T15263]  ? rtnetlink_bind+0x80/0x80
[  839.690814][T15263]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  839.696997][T15263]  ? lock_chain_count+0x20/0x20
[  839.701874][T15263]  ? __local_bh_enable_ip+0x13a/0x1c0
[  839.707350][T15263]  ? lockdep_hardirqs_on+0x98/0x150
[  839.712659][T15263]  ? perf_trace_run_bpf_submit+0xf4/0x1c0
[  839.718486][T15263]  ? perf_trace_preemptirq_template+0x269/0x330
[  839.724839][T15263]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  839.731019][T15263]  ? lock_chain_count+0x20/0x20
[  839.735897][T15263]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  839.742591][T15263]  ? lockdep_hardirqs_on+0x98/0x150
[  839.747894][T15263]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  839.754703][T15263]  ? netlink_rcv_skb+0x1a8/0x4d0
[  839.759688][T15263]  netlink_rcv_skb+0x241/0x4d0
[  839.764659][T15263]  ? rtnetlink_bind+0x80/0x80
[  839.769560][T15263]  ? netlink_ack+0x1180/0x1180
[  839.774706][T15263]  ? __lock_acquire+0x7d40/0x7d40
[  839.779933][T15263]  ? netlink_deliver_tap+0x2e/0x1b0
[  839.785172][T15263]  netlink_unicast+0x751/0x8d0
[  839.789985][T15263]  netlink_sendmsg+0x8d0/0xbf0
[  839.794809][T15263]  ? netlink_getsockopt+0x590/0x590
[  839.800474][T15263]  ? aa_sock_msg_perm+0x94/0x150
[  839.805602][T15263]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  839.810992][T15263]  ? security_socket_sendmsg+0x80/0xa0
[  839.816929][T15263]  ? netlink_getsockopt+0x590/0x590
[  839.822598][T15263]  ____sys_sendmsg+0x5ba/0x960
[  839.827387][T15263]  ? __asan_memset+0x22/0x40
[  839.832000][T15263]  ? __sys_sendmsg_sock+0x30/0x30
[  839.837035][T15263]  ? __import_iovec+0x5f2/0x850
[  839.841998][T15263]  ? import_iovec+0x73/0xa0
[  839.846549][T15263]  ___sys_sendmsg+0x2a6/0x360
[  839.851279][T15263]  ? perf_trace_run_bpf_submit+0xf4/0x1c0
[  839.857334][T15263]  ? __sys_sendmsg+0x2a0/0x2a0
[  839.862154][T15263]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  839.868416][T15263]  __se_sys_sendmsg+0x1c2/0x2b0
[  839.873294][T15263]  ? __x64_sys_sendmsg+0x80/0x80
[  839.878347][T15263]  ? lockdep_hardirqs_on+0x98/0x150
[  839.883660][T15263]  do_syscall_64+0x55/0xa0
[  839.888097][T15263]  ? clear_bhb_loop+0x40/0x90
[  839.892794][T15263]  ? clear_bhb_loop+0x40/0x90
[  839.897488][T15263]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  839.903408][T15263] RIP: 0033:0x7fd16999c819
[  839.907944][T15263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  839.927678][T15263] RSP: 002b:00007fd16a8f4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  839.936319][T15263] RAX: ffffffffffffffda RBX: 00007fd169c15fa0 RCX: 00007fd16999c819
[  839.944487][T15263] RDX: 0000000024040110 RSI: 00002000000000c0 RDI: 0000000000000005
[  839.952657][T15263] RBP: 00007fd16a8f4090 R08: 0000000000000000 R09: 0000000000000000
[  839.960728][T15263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  839.968985][T15263] R13: 00007fd169c16038 R14: 00007fd169c15fa0 R15: 00007fff407cec78
[  839.977287][T15263]  </TASK>
[  840.078581][T15247] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3039'.
[  840.112364][T15264] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3039'.
[  840.139592][T15259] netlink: 'syz.2.3042': attribute type 29 has an invalid length.
[  840.158189][T15247] netlink: 'syz.3.3039': attribute type 10 has an invalid length.
[  840.211737][T15247] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3039'.
[  840.294794][T15247] batman_adv: batadv0: Adding interface: veth1_virt_wifi
[  840.303105][T15247] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.331410][T15247] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[  840.345008][T15270] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3047'.
[  842.120552][ T5782] Bluetooth: hci1: command 0x0406 tx timeout
[  844.207003][T15290] netlink: 'syz.1.3054': attribute type 10 has an invalid length.
[  844.284850][T15290] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3054'.
[  844.437402][T15290] ipvlan1: entered promiscuous mode
[  844.499649][T15290] ipvlan1: entered allmulticast mode
[  844.511472][T15290] veth0_vlan: entered allmulticast mode
[  844.808811][T15290] bridge0: port 4(ipvlan1) entered blocking state
[  844.836938][T15290] bridge0: port 4(ipvlan1) entered disabled state
[  844.862822][T15290] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  844.893402][T15302] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3058'.
[  844.905526][T15300] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3059'.
[  844.962322][T15302] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3058'.
[  844.990742][T15298] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3058'.
[  845.064374][T15304] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3058'.
[  845.328750][T15298] netlink: 'syz.2.3058': attribute type 10 has an invalid length.
[  845.420218][T15298] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3058'.
[  845.586882][T15298] batman_adv: batadv0: Adding interface: veth1_virt_wifi
[  845.649133][T15298] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.739571][T15298] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[  846.254810][T15313] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3061'.
[  846.291900][T15313] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3061'.
[  846.304850][T15313] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3061'.
[  846.523090][T15310] netlink: 'syz.0.3061': attribute type 10 has an invalid length.
[  848.060782][T15334] netlink: 'syz.1.3070': attribute type 10 has an invalid length.
[  848.264945][T15334] bridge0: port 4(ipvlan1) entered blocking state
[  848.300051][T15334] bridge0: port 4(ipvlan1) entered disabled state
[  848.707193][T15334] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  849.040517][T15341] netlink: 'syz.2.3071': attribute type 10 has an invalid length.
[  849.551257][T15364] netlink: 'syz.3.3081': attribute type 7 has an invalid length.
[  849.616282][T15366] __nla_validate_parse: 9 callbacks suppressed
[  849.616305][T15366] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3080'.
[  849.659820][T15366] veth0_to_bond: entered promiscuous mode
[  850.102454][T15377] netlink: 'syz.0.3084': attribute type 10 has an invalid length.
[  850.142860][T15377] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3084'.
[  850.164282][T15377] ipvlan1: entered promiscuous mode
[  850.188573][T15377] ipvlan1: entered allmulticast mode
[  850.199617][T15377] veth0_vlan: entered allmulticast mode
[  850.240793][T15377] bridge0: port 3(ipvlan1) entered blocking state
[  850.262966][T15377] bridge0: port 3(ipvlan1) entered disabled state
[  850.297860][T15377] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  850.770500][T15395] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3088'.
[  850.781276][T15395] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3088'.
[  850.811294][T15390] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3088'.
[  850.825161][T15395] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3088'.
[  850.978733][T15390] netlink: 'syz.2.3088': attribute type 10 has an invalid length.
[  850.988581][T15390] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3088'.
[  851.325901][T15409] netlink: 'syz.3.3095': attribute type 13 has an invalid length.
[  851.359506][T15409] netlink: 24859 bytes leftover after parsing attributes in process `syz.3.3095'.
[  851.547260][T15415] netlink: 'syz.2.3098': attribute type 10 has an invalid length.
[  851.562313][T15415] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3098'.
[  851.796494][T15415] bridge0: port 3(ipvlan1) entered blocking state
[  851.832804][T15415] bridge0: port 3(ipvlan1) entered disabled state
[  852.216490][T15415] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  852.389565][T15425] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3100'.
[  852.830180][T15434] netlink: 'syz.2.3104': attribute type 1 has an invalid length.
[  853.064047][T15423] netlink: 'syz.3.3099': attribute type 10 has an invalid length.
[  853.175348][T15431] netlink: 'syz.1.3102': attribute type 10 has an invalid length.
[  853.832415][T15458] netlink: 'syz.3.3110': attribute type 10 has an invalid length.
[  853.876507][T15458] ipvlan1: entered promiscuous mode
[  853.902834][T15460] FAULT_INJECTION: forcing a failure.
[  853.902834][T15460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  853.906685][T15458] ipvlan1: entered allmulticast mode
[  853.929372][T15458] veth0_vlan: entered allmulticast mode
[  853.933121][T15460] CPU: 0 PID: 15460 Comm: syz.0.3111 Not tainted syzkaller #0
[  853.937714][T15458] bridge0: port 3(ipvlan1) entered blocking state
[  853.942644][T15460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  853.942662][T15460] Call Trace:
[  853.942672][T15460]  <TASK>
[  853.942680][T15460]  dump_stack_lvl+0x18c/0x250
[  853.942720][T15460]  ? show_regs_print_info+0x20/0x20
[  853.942748][T15460]  ? load_image+0x420/0x420
[  853.942776][T15460]  ? __might_fault+0xaa/0x120
[  853.942798][T15460]  ? __lock_acquire+0x7d40/0x7d40
[  853.942827][T15460]  should_fail_ex+0x39d/0x4d0
[  853.942860][T15460]  _copy_from_user+0x2f/0xe0
[  853.942887][T15460]  ___sys_sendmsg+0x1c7/0x360
[  853.942907][T15460]  ? get_pid_task+0x20/0x1e0
[  853.942937][T15460]  ? __sys_sendmsg+0x2a0/0x2a0
[  853.942980][T15460]  ? __lock_acquire+0x7d40/0x7d40
[  853.943030][T15460]  __se_sys_sendmsg+0x1c2/0x2b0
[  853.943054][T15460]  ? __x64_sys_sendmsg+0x80/0x80
[  853.943092][T15460]  ? lockdep_hardirqs_on+0x98/0x150
[  853.943119][T15460]  do_syscall_64+0x55/0xa0
[  853.943137][T15460]  ? clear_bhb_loop+0x40/0x90
[  853.943161][T15460]  ? clear_bhb_loop+0x40/0x90
[  853.943188][T15460]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  853.943222][T15460] RIP: 0033:0x7fd16999c819
[  853.943242][T15460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  853.943260][T15460] RSP: 002b:00007fd16a8f4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  853.943284][T15460] RAX: ffffffffffffffda RBX: 00007fd169c15fa0 RCX: 00007fd16999c819
[  853.943299][T15460] RDX: 0000000004000050 RSI: 0000200000000540 RDI: 0000000000000003
[  853.943313][T15460] RBP: 00007fd16a8f4090 R08: 0000000000000000 R09: 0000000000000000
[  853.943326][T15460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  853.943338][T15460] R13: 00007fd169c16038 R14: 00007fd169c15fa0 R15: 00007fff407cec78
[  853.943370][T15460]  </TASK>
[  854.145663][T15458] bridge0: port 3(ipvlan1) entered disabled state
[  854.155907][T15458] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  854.690849][T15473] __nla_validate_parse: 12 callbacks suppressed
[  854.690871][T15473] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3115'.
[  854.761320][T15473] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3115'.
[  854.904080][T15464] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3115'.
[  855.012251][T15477] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3115'.
[  855.254481][T15464] netlink: 'syz.2.3115': attribute type 10 has an invalid length.
[  855.312828][T15464] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3115'.
[  855.538791][T15485] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3117'.
[  855.555216][T15485] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3117'.
[  855.601379][T15488] netlink: 'syz.1.3119': attribute type 10 has an invalid length.
[  855.632788][T15488] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3119'.
[  855.658088][T15488] batman_adv: batadv0: Adding interface: vlan1
[  855.675802][T15488] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.782922][T15488] batman_adv: batadv0: Interface activated: vlan1
[  855.820478][T15480] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3117'.
[  855.835261][T15493] netlink: 'syz.0.3117': attribute type 10 has an invalid length.
[  855.844268][T15493] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3117'.
[  856.857765][T15511] validate_nla: 1 callbacks suppressed
[  856.857787][T15511] netlink: 'syz.0.3125': attribute type 10 has an invalid length.
[  856.910741][T15511] bridge0: port 3(ipvlan1) entered blocking state
[  856.919955][T15511] bridge0: port 3(ipvlan1) entered disabled state
[  856.931296][T15511] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  858.791766][T15524] netlink: 'syz.3.3128': attribute type 10 has an invalid length.
[  858.818687][T15524] bridge0: port 3(ipvlan1) entered blocking state
[  858.864877][T15524] bridge0: port 3(ipvlan1) entered disabled state
[  858.948953][T15524] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  859.156870][T15528] netlink: 'syz.1.3130': attribute type 13 has an invalid length.
[  859.528656][T15532] netlink: 'syz.3.3131': attribute type 10 has an invalid length.
[  859.538238][T15532] bridge0: port 3(ipvlan1) entered blocking state
[  859.564318][T15532] bridge0: port 3(ipvlan1) entered disabled state
[  859.581872][T15532] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  859.762677][T15539] netlink: 'syz.2.3132': attribute type 28 has an invalid length.
[  859.818082][T15539] netlink: 'syz.2.3132': attribute type 29 has an invalid length.
[  859.936677][T15539] __nla_validate_parse: 10 callbacks suppressed
[  859.936696][T15539] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3132'.
[  863.087214][T15548] netlink: 'syz.1.3134': attribute type 10 has an invalid length.
[  863.107438][T15548] netlink: 65003 bytes leftover after parsing attributes in process `syz.1.3134'.
[  863.118578][T15557] netlink: 'syz.0.3138': attribute type 17 has an invalid length.
[  863.136285][T15557] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3138'.
[  863.146414][T15557] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  863.734349][T15573] netlink: 'syz.1.3140': attribute type 10 has an invalid length.
[  863.796143][T15573] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3140'.
[  863.850288][T15573] bridge0: port 4(ipvlan1) entered blocking state
[  863.898611][T15573] bridge0: port 4(ipvlan1) entered disabled state
[  864.049548][T15579] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3141'.
[  864.376031][T15573] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  864.412881][T15579] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3141'.
[  864.448029][T15575] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3141'.
[  864.472436][T15579] netlink: 'syz.0.3141': attribute type 10 has an invalid length.
[  864.482946][T15579] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3141'.
[  864.496126][T15584] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3141'.
[  864.840347][T15592] netlink: 'syz.1.3144': attribute type 13 has an invalid length.
[  864.869979][T15592] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.3144'.
[  864.966874][T15596] netlink: 'syz.0.3145': attribute type 10 has an invalid length.
[  865.071247][T15596] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3145'.
[  865.087804][T15596] bridge0: port 3(ipvlan1) entered blocking state
[  865.095979][T15599] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3143'.
[  865.109633][T15596] bridge0: port 3(ipvlan1) entered disabled state
[  865.203605][T15596] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  865.290795][T15599] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3143'.
[  865.356676][T15590] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3143'.
[  865.409823][T15608] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3147'.
[  866.535343][ T7221] wlan1: Trigger new scan to find an IBSS to join
[  868.478571][T15627] netlink: 'syz.0.3154': attribute type 10 has an invalid length.
[  868.504272][T15627] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3154'.
[  868.514503][T15627] bridge0: port 3(ipvlan1) entered blocking state
[  868.528872][T15627] bridge0: port 3(ipvlan1) entered disabled state
[  868.544853][T15627] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  868.873128][T15642] FAULT_INJECTION: forcing a failure.
[  868.873128][T15642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  869.030985][T15642] CPU: 0 PID: 15642 Comm: syz.1.3158 Not tainted syzkaller #0
[  869.038715][T15642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  869.048902][T15642] Call Trace:
[  869.052224][T15642]  <TASK>
[  869.055198][T15642]  dump_stack_lvl+0x18c/0x250
[  869.060902][T15642]  ? show_regs_print_info+0x20/0x20
[  869.066151][T15642]  ? load_image+0x420/0x420
[  869.070701][T15642]  ? __might_fault+0xaa/0x120
[  869.075596][T15642]  ? __lock_acquire+0x7d40/0x7d40
[  869.080759][T15642]  should_fail_ex+0x39d/0x4d0
[  869.085597][T15642]  _copy_from_user+0x2f/0xe0
[  869.090447][T15642]  br_dev_siocdevprivate+0x119/0x1540
[  869.096163][T15642]  ? rcu_is_watching+0x15/0xb0
[  869.101085][T15642]  ? br_handle_local_finish+0x20/0x20
[  869.106687][T15642]  ? trace_contention_end+0x39/0xe0
[  869.112371][T15642]  ? __mutex_lock+0x315/0xcc0
[  869.117133][T15642]  ? dev_load+0x21/0x1f0
[  869.121685][T15642]  ? dev_ioctl+0x83c/0x1140
[  869.126226][T15642]  ? __lock_acquire+0x7d40/0x7d40
[  869.131295][T15642]  ? mutex_lock_nested+0x20/0x20
[  869.136359][T15642]  ? full_name_hash+0x92/0xe0
[  869.141185][T15642]  ? dev_ifsioc+0x958/0xc40
[  869.145740][T15642]  dev_ioctl+0x84c/0x1140
[  869.150130][T15642]  sock_ioctl+0x74c/0x7e0
[  869.154502][T15642]  ? sock_poll+0x3e0/0x3e0
[  869.159138][T15642]  ? bpf_lsm_file_ioctl+0x9/0x10
[  869.164284][T15642]  ? security_file_ioctl+0x80/0xa0
[  869.169529][T15642]  ? sock_poll+0x3e0/0x3e0
[  869.174098][T15642]  __se_sys_ioctl+0xfd/0x170
[  869.178732][T15642]  do_syscall_64+0x55/0xa0
[  869.183184][T15642]  ? clear_bhb_loop+0x40/0x90
[  869.187916][T15642]  ? clear_bhb_loop+0x40/0x90
[  869.192638][T15642]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  869.198726][T15642] RIP: 0033:0x7fa707b9c819
[  869.203251][T15642] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  869.223499][T15642] RSP: 002b:00007fa708a18028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  869.232020][T15642] RAX: ffffffffffffffda RBX: 00007fa707e15fa0 RCX: 00007fa707b9c819
[  869.240419][T15642] RDX: 0000200000000080 RSI: 00000000000089f0 RDI: 0000000000000004
[  869.248584][T15642] RBP: 00007fa708a18090 R08: 0000000000000000 R09: 0000000000000000
[  869.256752][T15642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  869.264911][T15642] R13: 00007fa707e16038 R14: 00007fa707e15fa0 R15: 00007fff98c88818
[  869.273007][T15642]  </TASK>
[  869.299574][T15643] netlink: 'syz.3.3160': attribute type 10 has an invalid length.
[  869.336234][T15643] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3160'.
[  869.379666][T15643] bridge0: port 3(ipvlan1) entered blocking state
[  869.413597][T15643] bridge0: port 3(ipvlan1) entered disabled state
[  869.450811][T15643] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  869.485477][T15638] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3159'.
[  869.500520][T15638] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3159'.
[  869.505296][T15651] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3162'.
[  870.533843][   T12] wlan1: Trigger new scan to find an IBSS to join
[  870.579554][T15661] __nla_validate_parse: 2 callbacks suppressed
[  870.579603][T15661] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3165'.
[  871.169511][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  871.176008][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  873.149811][ T1098] wlan1: Creating new IBSS network, BSSID b6:91:8d:d3:82:00
[  874.181701][T15696] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3173'.
[  874.237121][T15696] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3173'.
[  874.276266][T15699] netlink: 'syz.1.3174': attribute type 28 has an invalid length.
[  874.285858][T15699] netlink: 'syz.1.3174': attribute type 29 has an invalid length.
[  874.294799][T15699] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3174'.
[  874.419425][T15687] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3173'.
[  874.438213][T15700] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3173'.
[  875.172411][T15720] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3181'.
[  878.193524][T15723] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3182'.
[  878.264920][T12649] Bluetooth: hci0: unexpected event 0x04 length: 151 > 10
[  879.419507][T15750] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3186'.
[  879.482140][T15750] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3186'.
[  879.515878][T15739] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3186'.
[  879.558320][T15749] netlink: 'syz.1.3191': attribute type 10 has an invalid length.
[  879.576695][T15749] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3191'.
[  879.614145][T15749] bridge0: port 4(ipvlan1) entered blocking state
[  879.621939][T15749] bridge0: port 4(ipvlan1) entered disabled state
[  879.644470][T15749] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  879.688264][T15755] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3186'.
[  879.980756][T15766] netlink: 'syz.0.3201': attribute type 10 has an invalid length.
[  879.988752][T15766] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3201'.
[  880.029540][T15766] bridge0: port 3(ipvlan1) entered blocking state
[  880.036967][T15766] bridge0: port 3(ipvlan1) entered disabled state
[  880.048203][T15766] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  880.383937][T12649] Bluetooth: hci0: command 0x0406 tx timeout
[  881.064740][T15772] netlink: 'syz.2.3204': attribute type 10 has an invalid length.
[  881.119396][T15772] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3204'.
[  881.243150][T15775] netlink: 'syz.3.3195': attribute type 28 has an invalid length.
[  881.253587][T15775] netlink: 'syz.3.3195': attribute type 29 has an invalid length.
[  881.261891][T15775] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3195'.
[  881.263709][T15772] bridge0: port 3(ipvlan1) entered blocking state
[  881.286769][T15772] bridge0: port 3(ipvlan1) entered disabled state
[  881.308272][T15772] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  881.483442][ T7221] wlan1: Trigger new scan to find an IBSS to join
[  882.904346][T15797] netlink: 'syz.2.3203': attribute type 10 has an invalid length.
[  882.921484][T15797] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3203'.
[  882.939705][T15797] bridge0: port 3(ipvlan1) entered blocking state
[  882.946432][T15797] bridge0: port 3(ipvlan1) entered disabled state
[  882.972749][T15797] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  883.420063][T15810] netlink: 'syz.2.3207': attribute type 10 has an invalid length.
[  883.439467][T15810] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3207'.
[  883.451198][T15810] bridge0: port 3(ipvlan1) entered blocking state
[  883.458835][T15810] bridge0: port 3(ipvlan1) entered disabled state
[  883.469860][T15810] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  884.388357][T15819] netlink: 'syz.0.3212': attribute type 10 has an invalid length.
[  884.404157][T15819] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3212'.
[  884.417860][T15819] bridge0: port 3(ipvlan1) entered blocking state
[  884.427636][T15819] bridge0: port 3(ipvlan1) entered disabled state
[  884.531595][T15819] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  884.972430][T15828] FAULT_INJECTION: forcing a failure.
[  884.972430][T15828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  884.986011][T15828] CPU: 0 PID: 15828 Comm: syz.1.3215 Not tainted syzkaller #0
[  884.993786][T15828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  885.003973][T15828] Call Trace:
[  885.007286][T15828]  <TASK>
[  885.010436][T15828]  dump_stack_lvl+0x18c/0x250
[  885.015181][T15828]  ? show_regs_print_info+0x20/0x20
[  885.020528][T15828]  ? load_image+0x420/0x420
[  885.025180][T15828]  ? __might_fault+0xaa/0x120
[  885.029916][T15828]  ? __lock_acquire+0x7d40/0x7d40
[  885.035089][T15828]  should_fail_ex+0x39d/0x4d0
[  885.039834][T15828]  _copy_from_user+0x2f/0xe0
[  885.044652][T15828]  bpf_prog_test_run_skb+0x266/0x12b0
[  885.050081][T15828]  ? __fget_files+0x28/0x4b0
[  885.054804][T15828]  ? __fget_files+0x28/0x4b0
[  885.059416][T15828]  ? __fget_files+0x43d/0x4b0
[  885.064211][T15828]  ? cpu_online+0x60/0x60
[  885.068642][T15828]  bpf_prog_test_run+0x321/0x390
[  885.073687][T15828]  __sys_bpf+0x49d/0x890
[  885.077987][T15828]  ? bpf_link_show_fdinfo+0x390/0x390
[  885.083481][T15828]  ? lock_chain_count+0x20/0x20
[  885.088618][T15828]  __x64_sys_bpf+0x7c/0x90
[  885.093054][T15828]  do_syscall_64+0x55/0xa0
[  885.097490][T15828]  ? clear_bhb_loop+0x40/0x90
[  885.102271][T15828]  ? clear_bhb_loop+0x40/0x90
[  885.107143][T15828]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  885.113139][T15828] RIP: 0033:0x7fa707b9c819
[  885.117566][T15828] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  885.137822][T15828] RSP: 002b:00007fa708a18028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  885.146441][T15828] RAX: ffffffffffffffda RBX: 00007fa707e15fa0 RCX: 00007fa707b9c819
[  885.154518][T15828] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  885.162501][T15828] RBP: 00007fa708a18090 R08: 0000000000000000 R09: 0000000000000000
[  885.170483][T15828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  885.178472][T15828] R13: 00007fa707e16038 R14: 00007fa707e15fa0 R15: 00007fff98c88818
[  885.186557][T15828]  </TASK>
[  885.236123][T15833] netlink: 'syz.0.3218': attribute type 29 has an invalid length.
[  885.259682][T15833] netlink: 'syz.0.3218': attribute type 29 has an invalid length.
[  885.352746][T15833] netlink: 'syz.0.3218': attribute type 29 has an invalid length.
[  885.485528][T13761] wlan1: Trigger new scan to find an IBSS to join
[  885.720851][T15845] netlink: 'syz.3.3221': attribute type 10 has an invalid length.
[  885.775173][T15845] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3221'.
[  885.825986][T15845] bridge0: port 3(ipvlan1) entered blocking state
[  885.882725][T15845] bridge0: port 3(ipvlan1) entered disabled state
[  885.912960][T15843] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3217'.
[  885.965007][T15845] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  886.032545][T15843] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3217'.
[  886.140437][T15832] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3217'.
[  886.250145][T15849] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3217'.
[  887.498560][ T1098] wlan1: Trigger new scan to find an IBSS to join
[  887.677296][T15864] netlink: 'syz.2.3229': attribute type 29 has an invalid length.
[  887.695828][T15864] netlink: 'syz.2.3229': attribute type 29 has an invalid length.
[  887.936536][T15864] netlink: 'syz.2.3229': attribute type 29 has an invalid length.
[  888.105732][T15872] netlink: 'syz.0.3227': attribute type 28 has an invalid length.
[  888.172618][T15872] netlink: 'syz.0.3227': attribute type 29 has an invalid length.
[  888.224382][T15872] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3227'.
[  888.767199][T15865] netlink: 'syz.1.3228': attribute type 10 has an invalid length.
[  888.787851][T15865] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3228'.
[  888.809886][T15865] bridge0: port 4(ipvlan1) entered blocking state
[  888.816555][T15865] bridge0: port 4(ipvlan1) entered disabled state
[  888.826077][T15865] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  889.011122][T15883] syzkaller0: entered promiscuous mode
[  889.027569][T15883] syzkaller0: entered allmulticast mode
[  889.445033][T15898] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3234'.
[  889.570328][ T1098] wlan1: Trigger new scan to find an IBSS to join
[  890.531727][T13761] wlan1: Trigger new scan to find an IBSS to join
[  892.343835][T15898] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3234'.
[  892.710479][T15918] netlink: 'syz.3.3241': attribute type 10 has an invalid length.
[  892.729744][T15918] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3241'.
[  892.794602][T15918] bridge0: port 3(ipvlan1) entered blocking state
[  892.814831][T15918] bridge0: port 3(ipvlan1) entered disabled state
[  893.073266][T15918] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  893.933194][T15948] netlink: 'syz.1.3246': attribute type 10 has an invalid length.
[  893.979506][T15948] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3246'.
[  894.025779][T15948] bridge0: port 4(ipvlan1) entered blocking state
[  894.059146][T15948] bridge0: port 4(ipvlan1) entered disabled state
[  894.071076][T15948] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  894.098656][T15947] netlink: 'syz.0.3247': attribute type 10 has an invalid length.
[  894.107476][T15947] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3247'.
[  894.123550][T15947] bridge0: port 3(ipvlan1) entered blocking state
[  894.143052][T15947] bridge0: port 3(ipvlan1) entered disabled state
[  894.186678][T15947] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  895.567297][ T7221] wlan1: Trigger new scan to find an IBSS to join
[  895.758311][T15972] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3254'.
[  895.823368][T15972] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3254'.
[  895.870184][T15976] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3254'.
[  896.126783][T15993] netlink: 'syz.3.3259': attribute type 10 has an invalid length.
[  896.186379][T15993] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3259'.
[  896.243948][T15993] bridge0: port 3(ipvlan1) entered blocking state
[  896.296726][T15993] bridge0: port 3(ipvlan1) entered disabled state
[  896.442877][T15993] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  896.476940][T16000] netlink: 'syz.1.3261': attribute type 10 has an invalid length.
[  896.490496][T16000] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3261'.
[  896.510913][T16000] bridge0: port 4(ipvlan1) entered blocking state
[  896.518067][T16000] bridge0: port 4(ipvlan1) entered disabled state
[  896.528319][ T1098] wlan1: Trigger new scan to find an IBSS to join
[  896.652178][T16000] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  897.214092][T16014] netlink: 'syz.2.3264': attribute type 10 has an invalid length.
[  897.234040][T16014] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3264'.
[  897.268326][T16014] bridge0: port 3(ipvlan1) entered blocking state
[  897.315235][T16014] bridge0: port 3(ipvlan1) entered disabled state
[  897.402891][T16014] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  898.872797][T16053] netlink: 'syz.0.3277': attribute type 10 has an invalid length.
[  898.887175][T16053] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3277'.
[  898.906495][T16053] bridge0: port 3(ipvlan1) entered blocking state
[  898.925194][T16053] bridge0: port 3(ipvlan1) entered disabled state
[  898.994590][T16053] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  899.403159][T16071] netlink: 'syz.3.3279': attribute type 10 has an invalid length.
[  899.423110][T16071] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3279'.
[  899.443311][T16071] bridge0: port 3(ipvlan1) entered blocking state
[  899.459613][T16071] bridge0: port 3(ipvlan1) entered disabled state
[  899.486608][T16071] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  899.564702][T16074] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3282'.
[  899.567893][T15564] wlan1: Trigger new scan to find an IBSS to join
[  900.530695][   T12] wlan1: Trigger new scan to find an IBSS to join
[  900.554186][ T1098] wlan1: Trigger new scan to find an IBSS to join
[  900.720681][T16099] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3290'.
[  901.658018][T12682] wlan1: Trigger new scan to find an IBSS to join
[  901.826114][T16123] netlink: 'syz.0.3294': attribute type 10 has an invalid length.
[  901.899345][T16123] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3294'.
[  901.997789][T16123] bridge0: port 3(ipvlan1) entered blocking state
[  902.046809][ T7221] wlan1: Creating new IBSS network, BSSID 2e:74:7d:25:10:a5
[  902.162863][T16123] bridge0: port 3(ipvlan1) entered disabled state
[  902.174526][T16123] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  902.639727][T16144] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3300'.
[  903.411682][ T7221] wlan1: Creating new IBSS network, BSSID d2:56:3f:ef:cb:dd
[  904.580512][   T12] wlan1: Trigger new scan to find an IBSS to join
[  904.681340][T16191] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3314'.
[  905.588093][T16212] netlink: 'syz.0.3320': attribute type 29 has an invalid length.
[  905.679471][T16212] netlink: 'syz.0.3320': attribute type 29 has an invalid length.
[  905.688292][T12682] wlan1: Creating new IBSS network, BSSID 7a:ce:e7:10:98:67
[  905.726831][T16212] netlink: 'syz.0.3320': attribute type 29 has an invalid length.
[  905.757915][T16215] netlink: 'syz.0.3320': attribute type 29 has an invalid length.
[  905.778115][T16212] FAULT_INJECTION: forcing a failure.
[  905.778115][T16212] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  905.815245][T16212] CPU: 1 PID: 16212 Comm: syz.0.3320 Not tainted syzkaller #0
[  905.823064][T16212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  905.833169][T16212] Call Trace:
[  905.836473][T16212]  <TASK>
[  905.839420][T16212]  dump_stack_lvl+0x18c/0x250
[  905.844141][T16212]  ? show_regs_print_info+0x20/0x20
[  905.849361][T16212]  ? load_image+0x420/0x420
[  905.853895][T16212]  ? __lock_acquire+0x7d40/0x7d40
[  905.859117][T16212]  ? mark_lock+0x94/0x320
[  905.863643][T16212]  should_fail_ex+0x39d/0x4d0
[  905.868444][T16212]  prepare_alloc_pages+0x1e2/0x5f0
[  905.874316][T16212]  __alloc_pages+0x134/0x460
[  905.879279][T16212]  ? zone_statistics+0x170/0x170
[  905.884418][T16212]  ? do_wp_page+0x7ca/0x35f0
[  905.889121][T16212]  ? do_wp_page+0xfc5/0x35f0
[  905.893847][T16212]  __folio_alloc+0x10/0x20
[  905.898326][T16212]  vma_alloc_folio+0x47a/0x8f0
[  905.903474][T16212]  do_wp_page+0x1243/0x35f0
[  905.908201][T16212]  ? folio_put+0xd0/0xd0
[  905.912658][T16212]  ? do_raw_spin_lock+0x11f/0x2c0
[  905.917932][T16212]  ? __rwlock_init+0x150/0x150
[  905.922732][T16212]  handle_mm_fault+0x135d/0x4c00
[  905.927787][T16212]  ? handle_mm_fault+0xe7/0x4c00
[  905.932929][T16212]  ? numa_migrate_prep+0x350/0x350
[  905.938241][T16212]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  905.943810][T16212]  do_user_addr_fault+0x730/0x12c0
[  905.949303][T16212]  exc_page_fault+0x64/0x100
[  905.954094][T16212]  asm_exc_page_fault+0x26/0x30
[  905.958959][T16212] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  905.964867][T16212] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  905.985289][T16212] RSP: 0018:ffffc9000ed6f630 EFLAGS: 00050206
[  905.991551][T16212] RAX: ffffffff8427ca01 RBX: 0000000000000d88 RCX: 0000000000000d88
[  905.999627][T16212] RDX: 0000000000000000 RSI: ffff88804d9940e0 RDI: 0000200000003940
[  906.007884][T16212] RBP: ffffc9000ed6f7c0 R08: ffff88804d994e67 R09: 1ffff11009b329cc
[  906.016049][T16212] R10: dffffc0000000000 R11: ffffed1009b329cd R12: 00002000000046c8
[  906.024212][T16212] R13: ffffc9000ed6fe40 R14: 0000200000003940 R15: ffff88804d9940e0
[  906.032788][T16212]  ? _copy_to_iter+0x10c1/0x1120
[  906.038274][T16212]  copyout+0x70/0x90
[  906.042230][T16212]  _copy_to_iter+0x432/0x1120
[  906.047294][T16212]  ? iov_iter_init+0x1e0/0x1e0
[  906.052163][T16212]  ? __virt_addr_valid+0x18c/0x540
[  906.057469][T16212]  ? __virt_addr_valid+0x469/0x540
[  906.062599][T16212]  ? __phys_addr_symbol+0x2f/0x70
[  906.067651][T16212]  __skb_datagram_iter+0xdb/0x780
[  906.072719][T16212]  ? skb_copy_datagram_iter+0x200/0x200
[  906.078390][T16212]  skb_copy_datagram_iter+0xb1/0x200
[  906.083793][T16212]  netlink_recvmsg+0x2d4/0xe60
[  906.088675][T16212]  ? netlink_sendmsg+0xbf0/0xbf0
[  906.093820][T16212]  ? aa_af_perm+0x330/0x330
[  906.098580][T16212]  ? __lock_acquire+0x1273/0x7d40
[  906.103630][T16212]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  906.108935][T16212]  ? security_socket_recvmsg+0x89/0xb0
[  906.114585][T16212]  ? netlink_sendmsg+0xbf0/0xbf0
[  906.119814][T16212]  ____sys_recvmsg+0x2ce/0x5e0
[  906.124907][T16212]  ? __sys_recvmsg_sock+0x50/0x50
[  906.130255][T16212]  ? import_iovec+0x73/0xa0
[  906.134873][T16212]  ___sys_recvmsg+0x216/0x590
[  906.139678][T16212]  ? __sys_recvmsg+0x2a0/0x2a0
[  906.144555][T16212]  ? trace_call_bpf+0xc3/0x6c0
[  906.149348][T16212]  ? trace_call_bpf+0x5e9/0x6c0
[  906.154418][T16212]  ? __fget_files+0x43d/0x4b0
[  906.159259][T16212]  __x64_sys_recvmsg+0x20c/0x2e0
[  906.164475][T16212]  ? ___sys_recvmsg+0x590/0x590
[  906.169379][T16212]  ? lockdep_hardirqs_on+0x98/0x150
[  906.174793][T16212]  do_syscall_64+0x55/0xa0
[  906.179606][T16212]  ? clear_bhb_loop+0x40/0x90
[  906.184422][T16212]  ? clear_bhb_loop+0x40/0x90
[  906.189135][T16212]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  906.195250][T16212] RIP: 0033:0x7fd16999c819
[  906.199690][T16212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  906.219906][T16212] RSP: 002b:00007fd16a8f4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  906.228385][T16212] RAX: ffffffffffffffda RBX: 00007fd169c15fa0 RCX: 00007fd16999c819
[  906.236465][T16212] RDX: 0000000000000002 RSI: 0000200000001c80 RDI: 0000000000000003
[  906.244625][T16212] RBP: 00007fd16a8f4090 R08: 0000000000000000 R09: 0000000000000000
[  906.252612][T16212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.260595][T16212] R13: 00007fd169c16038 R14: 00007fd169c15fa0 R15: 00007fff407cec78
[  906.268779][T16212]  </TASK>
[  906.276259][T16212] netlink: 'syz.0.3320': attribute type 29 has an invalid length.
[  906.571568][T12682] wlan1: Trigger new scan to find an IBSS to join
[  906.908292][T16231] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3325'.
[  907.567412][T13761] wlan1: Trigger new scan to find an IBSS to join
[  908.049571][T16250] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3328'.
[  908.059034][T16250] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3328'.
[  908.090599][T16249] netlink: 'syz.0.3331': attribute type 10 has an invalid length.
[  908.116816][T16249] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3331'.
[  908.171522][T16249] bridge0: port 3(ipvlan1) entered blocking state
[  908.192322][T16249] bridge0: port 3(ipvlan1) entered disabled state
[  908.237020][T16255] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3330'.
[  908.265624][T16249] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  908.284129][T16241] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3328'.
[  908.299801][T16250] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3328'.
[  908.362587][T16255] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3330'.
[  908.390896][T16245] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.3330'.
[  908.801484][T16271] netlink: 'syz.0.3337': attribute type 29 has an invalid length.
[  908.826303][T16271] netlink: 'syz.0.3337': attribute type 29 has an invalid length.
[  908.855138][T16274] netlink: 'syz.0.3337': attribute type 29 has an invalid length.
[  908.899139][T16271] netlink: 'syz.0.3337': attribute type 29 has an invalid length.
[  909.584174][T16292] bridge0: port 3(ipvlan1) entered blocking state
[  909.642476][T16292] bridge0: port 3(ipvlan1) entered disabled state
[  909.693161][T16292] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  909.961538][T16301] __nla_validate_parse: 11 callbacks suppressed
[  909.961557][T16301] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3347'.
[  910.054213][T16304] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3347'.
[  910.159781][T16302] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3346'.
[  910.181587][T16302] bridge_slave_1: default FDB implementation only supports local addresses
[  910.412881][T16318] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3351'.
[  910.452535][T16318] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3351'.
[  910.492614][T16317] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3351'.
[  911.010453][T16329] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3352'.
[  911.030593][T16329] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3352'.
[  911.062378][T16324] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3352'.
[  911.090904][T16329] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.3352'.
[  911.265546][T16332] validate_nla: 4 callbacks suppressed
[  911.265656][T16332] netlink: 'syz.2.3354': attribute type 10 has an invalid length.
[  911.307627][T16332] bridge0: port 3(ipvlan1) entered blocking state
[  911.332372][T16332] bridge0: port 3(ipvlan1) entered disabled state
[  911.564690][T16332] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  912.040922][T16351] FAULT_INJECTION: forcing a failure.
[  912.040922][T16351] name failslab, interval 1, probability 0, space 0, times 0
[  912.080949][T16351] CPU: 1 PID: 16351 Comm: syz.2.3360 Not tainted syzkaller #0
[  912.088597][T16351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  912.098863][T16351] Call Trace:
[  912.102166][T16351]  <TASK>
[  912.105116][T16351]  dump_stack_lvl+0x18c/0x250
[  912.109833][T16351]  ? verify_lock_unused+0x140/0x140
[  912.115055][T16351]  ? show_regs_print_info+0x20/0x20
[  912.120302][T16351]  ? load_image+0x420/0x420
[  912.124859][T16351]  ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0
[  912.131489][T16351]  ? crng_make_state+0x350/0x700
[  912.136619][T16351]  ? lockdep_hardirqs_on+0x98/0x150
[  912.142019][T16351]  should_fail_ex+0x39d/0x4d0
[  912.146832][T16351]  should_failslab+0x9/0x20
[  912.151384][T16351]  slab_pre_alloc_hook+0x59/0x310
[  912.156549][T16351]  ? sctp_add_bind_addr+0x8c/0x360
[  912.161698][T16351]  __kmem_cache_alloc_node+0x53/0x250
[  912.167311][T16351]  ? sctp_add_bind_addr+0x8c/0x360
[  912.172448][T16351]  kmalloc_trace+0x2a/0xe0
[  912.177000][T16351]  sctp_add_bind_addr+0x8c/0x360
[  912.181965][T16351]  sctp_copy_local_addr_list+0x315/0x4f0
[  912.187970][T16351]  ? sctp_copy_local_addr_list+0xa5/0x4f0
[  912.193707][T16351]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  912.199797][T16351]  ? sctp_v4_is_any+0x35/0x60
[  912.204491][T16351]  ? sctp_copy_one_addr+0x8c/0x350
[  912.209633][T16351]  sctp_bind_addr_copy+0xb3/0x3c0
[  912.214942][T16351]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  912.221732][T16351]  sctp_connect_new_asoc+0x2f9/0x6a0
[  912.227133][T16351]  ? __sctp_connect+0xd80/0xd80
[  912.232371][T16351]  ? __local_bh_enable_ip+0x13a/0x1c0
[  912.237855][T16351]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  912.243603][T16351]  ? security_sctp_bind_connect+0x89/0xb0
[  912.249351][T16351]  sctp_sendmsg+0x1575/0x28c0
[  912.254147][T16351]  ? sctp_getsockopt+0xb60/0xb60
[  912.259128][T16351]  ? aa_sk_perm+0x83c/0x970
[  912.263669][T16351]  ? aa_af_perm+0x330/0x330
[  912.268279][T16351]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  912.274804][T16351]  ? sock_rps_record_flow+0x19/0x3f0
[  912.280213][T16351]  ? inet_sendmsg+0xe9/0x2f0
[  912.284995][T16351]  ? inet_send_prepare+0x260/0x260
[  912.290221][T16351]  ____sys_sendmsg+0x5ba/0x960
[  912.295003][T16351]  ? __lock_acquire+0x7d40/0x7d40
[  912.300226][T16351]  ? __asan_memset+0x22/0x40
[  912.304839][T16351]  ? __sys_sendmsg_sock+0x30/0x30
[  912.310011][T16351]  ? __import_iovec+0x5f2/0x850
[  912.314900][T16351]  ? import_iovec+0x73/0xa0
[  912.319522][T16351]  ___sys_sendmsg+0x2a6/0x360
[  912.324307][T16351]  ? __sys_sendmsg+0x2a0/0x2a0
[  912.329216][T16351]  ? __lock_acquire+0x7d40/0x7d40
[  912.334478][T16351]  __se_sys_sendmsg+0x1c2/0x2b0
[  912.339529][T16351]  ? __x64_sys_sendmsg+0x80/0x80
[  912.344501][T16351]  ? lockdep_hardirqs_on+0x98/0x150
[  912.349815][T16351]  do_syscall_64+0x55/0xa0
[  912.354419][T16351]  ? clear_bhb_loop+0x40/0x90
[  912.359113][T16351]  ? clear_bhb_loop+0x40/0x90
[  912.363816][T16351]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  912.369740][T16351] RIP: 0033:0x7fb2a4d9c819
[  912.374522][T16351] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  912.394671][T16351] RSP: 002b:00007fb2a5ca1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  912.403454][T16351] RAX: ffffffffffffffda RBX: 00007fb2a5016090 RCX: 00007fb2a4d9c819
[  912.411534][T16351] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000006
[  912.419784][T16351] RBP: 00007fb2a5ca1090 R08: 0000000000000000 R09: 0000000000000000
[  912.427771][T16351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  912.436103][T16351] R13: 00007fb2a5016128 R14: 00007fb2a5016090 R15: 00007ffdad497c78
[  912.444199][T16351]  </TASK>
[  912.521286][T13761] wlan1: Trigger new scan to find an IBSS to join
[  912.549415][T13761] wlan1: Trigger new scan to find an IBSS to join
[  912.596489][T13761] wlan1: Trigger new scan to find an IBSS to join
[  913.320057][T16365] sctp: [Deprecated]: syz.2.3366 (pid 16365) Use of struct sctp_assoc_value in delayed_ack socket option.
[  913.320057][T16365] Use struct sctp_sack_info instead
[  913.710787][T16367] syzkaller0: entered promiscuous mode
[  913.839330][T16367] syzkaller0: entered allmulticast mode
[  913.850031][ T7231] wlan1: Creating new IBSS network, BSSID ce:4d:e0:e2:0c:cd
[  913.976493][T13761] ------------[ cut here ]------------
[  913.982578][T13761] WARNING: CPU: 1 PID: 13761 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440
[  913.992714][T13761] Modules linked in:
[  913.996759][T13761] CPU: 1 PID: 13761 Comm: kworker/u4:2 Not tainted syzkaller #0
[  914.004835][T13761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  914.014990][T13761] Workqueue: cfg80211 cfg80211_event_work
[  914.020858][T13761] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[  914.027069][T13761] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 57 a4 a0 f7 0f 0b eb bb e8 4e a4 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 40 a4 a0 f7 0f 0b e9 e0 fd ff ff e8
[  914.047919][T13761] RSP: 0018:ffffc90004f7fa20 EFLAGS: 00010293
[  914.055615][T13761] RAX: ffffffff89e67db2 RBX: dffffc0000000000 RCX: ffff88802b471e00
[  914.063798][T13761] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60
[  914.071971][T13761] RBP: ffffc90004f7faf8 R08: ffffffff911c556f R09: 1ffffffff2238aad
[  914.080185][T13761] R10: dffffc0000000000 R11: fffffbfff2238aae R12: ffff88804d008c90
[  914.088390][T13761] R13: 1ffff920009eff4c R14: ffff888023c835b8 R15: 000000000000001e
[  914.096459][T13761] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  914.105954][T13761] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  914.112817][T13761] CR2: 0000001b30321ff8 CR3: 000000007a3a6000 CR4: 00000000003506e0
[  914.121054][T13761] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  914.129469][T13761] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  914.138336][T13761] Call Trace:
[  914.141781][T13761]  <TASK>
[  914.144771][T13761]  ? mutex_lock_nested+0x20/0x20
[  914.150050][T13761]  ? trace_rdev_return_void+0x1c0/0x1c0
[  914.156611][T13761]  cfg80211_process_wdev_events+0x3bc/0x550
[  914.163169][T13761]  cfg80211_process_rdev_events+0xa1/0x110
[  914.169282][T13761]  cfg80211_event_work+0x2f/0x40
[  914.174374][T13761]  ? process_scheduled_works+0x96f/0x15d0
[  914.180387][T13761]  process_scheduled_works+0xa5d/0x15d0
[  914.186229][T13761]  ? worker_attach_to_pool+0x380/0x380
[  914.192043][T13761]  ? assign_work+0x3d2/0x5d0
[  914.196797][T13761]  worker_thread+0xa55/0xfc0
[  914.201810][T13761]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  914.208033][T13761]  ? _raw_spin_unlock+0x40/0x40
[  914.213234][T13761]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  914.219382][T13761]  kthread+0x2fa/0x390
[  914.223508][T13761]  ? pr_cont_work+0x560/0x560
[  914.228264][T13761]  ? kthread_blkcg+0xd0/0xd0
[  914.233058][T13761]  ret_from_fork+0x48/0x80
[  914.237531][T13761]  ? kthread_blkcg+0xd0/0xd0
[  914.242439][T13761]  ret_from_fork_asm+0x11/0x20
[  914.247298][T13761]  </TASK>
[  914.250542][T13761] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  914.257978][T13761] CPU: 1 PID: 13761 Comm: kworker/u4:2 Not tainted syzkaller #0
[  914.265770][T13761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  914.275888][T13761] Workqueue: cfg80211 cfg80211_event_work
[  914.281870][T13761] Call Trace:
[  914.285227][T13761]  <TASK>
[  914.288287][T13761]  dump_stack_lvl+0x18c/0x250
[  914.293036][T13761]  ? show_regs_print_info+0x20/0x20
[  914.298555][T13761]  ? load_image+0x420/0x420
[  914.303237][T13761]  panic+0x2dc/0x730
[  914.307286][T13761]  ? bpf_jit_dump+0xd0/0xd0
[  914.311945][T13761]  ? ret_from_fork_asm+0x11/0x20
[  914.317117][T13761]  __warn+0x2e0/0x470
[  914.321143][T13761]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  914.326829][T13761]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  914.332491][T13761]  report_bug+0x2be/0x4f0
[  914.336836][T13761]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  914.342489][T13761]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  914.348053][T13761]  ? __cfg80211_ibss_joined+0x3d4/0x440
[  914.353797][T13761]  handle_bug+0xcf/0x120
[  914.358060][T13761]  exc_invalid_op+0x1a/0x50
[  914.362846][T13761]  asm_exc_invalid_op+0x1a/0x20
[  914.367802][T13761] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[  914.374240][T13761] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 57 a4 a0 f7 0f 0b eb bb e8 4e a4 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 40 a4 a0 f7 0f 0b e9 e0 fd ff ff e8
[  914.394396][T13761] RSP: 0018:ffffc90004f7fa20 EFLAGS: 00010293
[  914.400745][T13761] RAX: ffffffff89e67db2 RBX: dffffc0000000000 RCX: ffff88802b471e00
[  914.408911][T13761] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60
[  914.417005][T13761] RBP: ffffc90004f7faf8 R08: ffffffff911c556f R09: 1ffffffff2238aad
[  914.425274][T13761] R10: dffffc0000000000 R11: fffffbfff2238aae R12: ffff88804d008c90
[  914.433348][T13761] R13: 1ffff920009eff4c R14: ffff888023c835b8 R15: 000000000000001e
[  914.441462][T13761]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  914.447047][T13761]  ? mutex_lock_nested+0x20/0x20
[  914.452026][T13761]  ? trace_rdev_return_void+0x1c0/0x1c0
[  914.457692][T13761]  cfg80211_process_wdev_events+0x3bc/0x550
[  914.463963][T13761]  cfg80211_process_rdev_events+0xa1/0x110
[  914.470126][T13761]  cfg80211_event_work+0x2f/0x40
[  914.475186][T13761]  ? process_scheduled_works+0x96f/0x15d0
[  914.481275][T13761]  process_scheduled_works+0xa5d/0x15d0
[  914.486955][T13761]  ? worker_attach_to_pool+0x380/0x380
[  914.492620][T13761]  ? assign_work+0x3d2/0x5d0
[  914.497324][T13761]  worker_thread+0xa55/0xfc0
[  914.502128][T13761]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  914.508051][T13761]  ? _raw_spin_unlock+0x40/0x40
[  914.513108][T13761]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  914.519123][T13761]  kthread+0x2fa/0x390
[  914.523394][T13761]  ? pr_cont_work+0x560/0x560
[  914.528193][T13761]  ? kthread_blkcg+0xd0/0xd0
[  914.532976][T13761]  ret_from_fork+0x48/0x80
[  914.537496][T13761]  ? kthread_blkcg+0xd0/0xd0
[  914.542374][T13761]  ret_from_fork_asm+0x11/0x20
[  914.547269][T13761]  </TASK>
[  914.550892][T13761] Kernel Offset: disabled
[  914.555471][T13761] Rebooting in 86400 seconds..