last executing test programs:

4.856865761s ago: executing program 3 (id=3800):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000280), 0x84, r0}, 0x38)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r1, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000500)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0xe5, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x60, 0x4, 0xfd}, {0x6, 0x3}]})
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000740)='freezer.state\x00', 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x19, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7f}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x1, 0x3, 0xb, 0x9, 0xc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @map_idx={0x18, 0x2, 0x5, 0x0, 0xa}, @call={0x85, 0x0, 0x0, 0x87}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb3f}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @jmp={0x5, 0x0, 0xd, 0x3, 0xa, 0xfffffffffffffff8, 0x10}]}, &(0x7f0000000080)='syzkaller\x00', 0x7, 0x6c, &(0x7f0000000280)=""/108, 0x41100, 0x31, '\x00', r2, 0x0, r4, 0x8, &(0x7f0000000780)={0x6, 0x3}, 0x8, 0x10, &(0x7f00000007c0)={0x1, 0x2, 0x3, 0x6}, 0x10, 0x1237d, r0, 0x6, &(0x7f00000008c0)=[r0, r0, r0, r0, r0, r0, r0, r0, r0], &(0x7f0000000900)=[{0x1, 0x5, 0x1, 0x4}, {0x4, 0x4, 0x4, 0x9}, {0x5, 0x3, 0x6, 0x7}, {0x3, 0x2, 0x6, 0x6}, {0x3, 0x2, 0x9, 0xc}, {0x0, 0x2, 0xd, 0x6}], 0x10, 0x10}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)

4.298711771s ago: executing program 3 (id=3805):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffc9f, 0x0, 0x0, 0x10, 0x4}, 0x94) (async, rerun: 64)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r3) (async)
socket$kcm(0x10, 0x2, 0x10) (async)
ioctl$SIOCSIFHWADDR(r3, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x401c5820, &(0x7f0000000040)=0x7ffffffffffffffa) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9fb0307683a060000000037888e", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r5 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="d800000018007bb14513f2c532236c141c7c5e6caf29e00212ba0d8105440a601800fe0f040b067c55a1bc000900b80006990600000015000500ff800000000000000300014002000c0901ac04000bd67f6f9400230f007b32beed5769c43616277ce06bbace8017cbec4c2ee5a7cebfeaf4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c90100e6730d7a5125ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb5000000", 0xd9}], 0x1, 0x0, 0x0, 0x2663}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3, 0x30, &(0x7f0000001a40)=ANY=[@ANYBLOB="1872da002492ffff000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001834000005000000000000000000000085000000bd000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000186500000e00000000000000040000001800000002000000000000000000c000bd060c00fcffffff180000008700000000000000040000008cbbfcffffffffff180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300009e03000085000000060000000539090001000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 64)
recvmsg$unix(r4, &(0x7f0000001f00)={0xffffffffffffffff, 0x0, &(0x7f0000001a00), 0x0, &(0x7f0000000400)}, 0x1) (rerun: 64)
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, &(0x7f0000000040)) (async)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008d8dff"}) (async)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@fwd={0x6}, @var={0xffffffff, 0x0, 0x0, 0xe, 0xde}]}, {0x0, [0x61, 0x61, 0x61]}}, &(0x7f0000000280)=""/21, 0x39, 0x15, 0x1, 0x7, 0x10000}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x0, 0x1ffffffffffffca8, &(0x7f0000001bc0)=ANY=[@ANYBLOB="180200000200000000000000f031a91f18110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000010100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000b7080000000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000002a5000000850000008d00000058410600ffffffff1158ffff08000000183b000001000000000000000000000095000000000000"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r7}, 0x94) (async, rerun: 64)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xa2, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x56, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) (rerun: 64)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="1b000000000000006aa90000020000000000000015c959f715673a7706244c9576ef11cacf9d69697ae8622b2c", @ANYRES32, @ANYBLOB="000400"/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="030000000300"/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0xf, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6}, [@alu={0x7, 0x1, 0x1, 0x3, 0x3, 0xffffffffffffffff, 0xffffffffffffffee}, @cb_func={0x18, 0x2, 0x4, 0x0, 0x8}, @jmp={0x5, 0x1, 0x1, 0x2, 0x7, 0xfffffffffffffff8, 0x10}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @ringbuf_query, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}]}, &(0x7f00000011c0)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', r8, 0x0, r4, 0x8, &(0x7f0000001200)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000001240)={0x4, 0x1, 0xffffffef, 0x100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94) (async, rerun: 64)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64)
openat$cgroup_int(r9, &(0x7f0000000080)='cpu.weight.nice\x00', 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x3a) (async)
sendmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)}, 0x20040081)

4.197355687s ago: executing program 3 (id=3806):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8983, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000070000000000000e01000000010000f40b00000000000008030000000a00000001cc04"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
r1 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xc00, 0xe}, 0x80, &(0x7f0000002540)=[{&(0x7f00000006c0)='b', 0x10}], 0x1}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0xe4, 0x61, 0x11, 0x98}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r6, &(0x7f0000000140)={'a', ' *:* ', 'wm\x00'}, 0x9)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
r7 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r7, 0x29, 0x8, &(0x7f0000000100), 0x120)
r8 = socket$kcm(0x15, 0x5, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0x1, 0x1100}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000940)={&(0x7f0000000880)="dfc7dbb137", 0x0, 0x0, 0x0, 0x6, r9}, 0x38)
setsockopt$sock_attach_bpf(r8, 0x114, 0x2, 0x0, 0x0)
syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)

4.013779487s ago: executing program 1 (id=3808):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) (async)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) (async)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0x0, 0x0})
ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000000)={r2}) (async)
ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000000)={r2})
close(r2)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) (async)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[@ANYRES16=r0], 0x5f66)

3.735242283s ago: executing program 1 (id=3810):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, &(0x7f0000000100)=@framed={{}, [@cb_func={0x18, 0x0, 0x4, 0x0, 0x4}, @exit, @exit, @exit, @tail_call]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x9}, 0x94)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, 0x0, 0x0)

3.701676105s ago: executing program 1 (id=3811):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x88}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40240, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_tracing={0x1a, 0x1d, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xc5}, {}, {}, [@btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @jmp={0x5, 0x0, 0x7, 0x0, 0x2, 0xfffffffffffffff4, 0xfffffffffffffff0}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, @ldst={0x2, 0x3, 0x6, 0x8, 0x4, 0x50, 0x8}, @tail_call, @cb_func={0x18, 0x2, 0x4, 0x0, 0x4}]}, &(0x7f0000000080)='syzkaller\x00', 0xfffffe00, 0xbd, &(0x7f0000000300)=""/189, 0x40f00, 0x8, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x1, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x2952d, r0, 0x7, 0x0, &(0x7f00000003c0)=[{0x1, 0x2, 0xb, 0x7}, {0x2, 0x4, 0xb, 0x5}, {0x3, 0x5, 0x1, 0x4}, {0x0, 0x2, 0x9, 0xa}, {0x3, 0x1, 0x5}, {0x2, 0x4, 0x0, 0x1}, {0x5, 0x3, 0xa, 0x6}], 0x10, 0x2152e77d}, 0x94)
ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000500)=r2)

3.6095355s ago: executing program 0 (id=3812):
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x9)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.freeze\x00', 0x0, 0x0)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100)={@cgroup=r1, r2, 0x35, 0x4, r1, @void, @value=r1}, 0x20)
r3 = perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x0, 0x5, 0xf, 0x1, 0x0, 0x80000000, 0x2800, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000140)}, 0x1, 0x0, 0x1, 0x2, 0x3, 0xc, 0x4, 0x0, 0x4, 0x0, 0x7}, 0x0, 0xa, r1, 0x9)
openat$cgroup_freezer_state(r0, &(0x7f0000000200), 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, <r4=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x22, &(0x7f0000000300)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @exit, @exit, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @ldst={0x0, 0x1, 0x6, 0xa, 0x8, 0xffffffffffffffe0, 0xfffffffffffffffc}], &(0x7f0000000440)='syzkaller\x00', 0x5, 0x86, &(0x7f0000000480)=""/134, 0x41100, 0x22, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x3, 0x0, 0x9, 0x9}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000580)=[r1], &(0x7f00000005c0)=[{0x5, 0x3, 0xb, 0x5}, {0x0, 0x3, 0x7, 0xb}, {0x0, 0x81, 0xd, 0x1}], 0x10, 0x6}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r5)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r1, 0xe0, &(0x7f0000000900)={0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000740)=[0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000780)=[0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xad, &(0x7f0000000800)=[{}, {}], 0x10, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0xb8, 0x8, 0x8, &(0x7f00000008c0)}}, 0x10)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000a40), 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000ac0)={r1, <r9=>0xffffffffffffffff}, 0x4)
r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b40)=@generic={&(0x7f0000000b00)='./file0\x00', 0x0, 0x10}, 0x18)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x18, 0x2, &(0x7f00000006c0)=@raw=[@jmp={0x5, 0x1, 0xc, 0x2, 0x1, 0x100, 0x4}, @ldst={0x3, 0x1, 0x0, 0x2, 0x6, 0xc, 0x8}], &(0x7f0000000700)='GPL\x00', 0xb, 0x0, 0x0, 0x40f00, 0x10, '\x00', r7, 0x0, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x0, 0xb, 0x6, 0xf230}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000b80)=[r1, r1, 0xffffffffffffffff, r1, r9, r10], &(0x7f0000000bc0)=[{0x3, 0x4, 0xf, 0x2}, {0x2, 0x4, 0x6, 0x4}, {0x1, 0x4, 0x10, 0x4}, {0x3, 0x2, 0x10, 0x3}, {0x0, 0x3, 0x1, 0x6}, {0x2, 0x5, 0xc, 0x5}], 0x10, 0x8}, 0x94)
r12 = bpf$ITER_CREATE(0x21, &(0x7f0000000d00)={r1}, 0x8)
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000d40))
ioctl$TUNSETLINK(r1, 0x400454cd, 0x301)
r13 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000dc0)={r6}, 0x4)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000e00)=@generic={&(0x7f0000000d80)='./file0\x00', r13}, 0x18)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000011c0)={r1, 0x20, &(0x7f0000001180)={&(0x7f0000001000)=""/124, 0x7c, <r14=>0x0, &(0x7f0000001080)=""/235, 0xeb}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x6, 0x15, &(0x7f0000000e40)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0xa5}, [@btf_id={0x18, 0x8, 0x3, 0x0, 0x5}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @exit, @call={0x85, 0x0, 0x0, 0x96}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x3}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x2}]}, &(0x7f0000000f00)='GPL\x00', 0x20000000, 0x1e, &(0x7f0000000f40)=""/30, 0x41000, 0x4, '\x00', r7, @xdp=0x25, r12, 0x8, &(0x7f0000000f80)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000fc0)={0x5, 0xb, 0xfffffffb, 0x7}, 0x10, r14, r11, 0x0, &(0x7f0000001200)=[r4, r10, r1, r9], 0x0, 0x10, 0xffffffff}, 0x94)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000001300)={0x6, <r15=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000001340)=r15, 0x4)
ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x2)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000002400)={r12, &(0x7f0000001380)="bb9e3feb76887ea3aa4d55ebc159dc5592d636327205fbadfea603b22f7eff984b60e5d77f6b6b594309f2dc622c5ebc1390935115749454876d0877045f7e83562b28b2a6affc6a338ec1a7a8b09cf465e8fbc5658321ee88adfcb9cd", &(0x7f0000001400)=""/4096}, 0x20)
ioctl$PERF_EVENT_IOC_DISABLE(r3, 0x2401, 0x9)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002540)={@fallback=r8, 0x5, 0x0, 0x5fd, &(0x7f0000002440)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000002480)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000024c0)=[0x0], &(0x7f0000002500)=[0x0, 0x0], <r16=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000002580)={@ifindex=r7, r1, 0xe, 0x10, 0x0, @void, @value=r13, @void, @void, r16}, 0x20)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)

3.466329718s ago: executing program 1 (id=3814):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)="27031c00160014000000002f1eafacf706e105000000894f00050003ee0b80558ddbba9b37786fd808252372a31e4939884f0abc3c", 0x35}, {&(0x7f0000000540)="0276dd154baf788854043ec4d20707fd1c40c4d73f3529256502a11cc88cbb789ecbe9d5795699e36e41b37818feaa370f83fcddcf152b9636a72c6c934a7f4b4025957eb74fabbb6be45eb22344df8f1947057a54e2ebadda701e7d8d58360c741a4c51afd31ddfe5005788dabdc1e21bf6a1aeca17213c80d68fd8168abf92c9c8168d43800d91be94edee122356d8af54d21f7cac4ac38a83da026b335b59e19c0ca1aa210543851ef074f5d60366791076f43fcf26dd3b5799948eb679cc68f84e05cba5572acadcbc186df41b044c0d00020343018510e608e08630d7762a882aabac5789f97651f19e704649b8ecbba9c2d27688ad780dabd654fd7c5230ebe0d37f529743f4b03fd1d54a8e76b8103a5a5e2dc6b04e8cc8d25a2c017dd4a9ede4c93880ac1541f2b2b8d3f1a6d941080f3c79496217467f396f2df77d4d4df75718b4f955e1848a57b80206a5f9bcff836dd47d94a4d7ae8f03c48ed9c78906728b9726ed93f1f162fb7cddfd140df281e5d368a2128513f9881f6a16f688a12a5d1b856bc4738dc98d7cc87dccefa4887195be204687b0bc179acc00e2d087d2b26c4eafb8cfdaa3c9e50965f59150a95bdf1502947fe1ac85704805ef8917ba527dee5761b6bc0aa816b65f47f112f183142f795f336c519226dffbad7cd2039c07274730e0cbfc4cf0780d54cbf64f691006799b714e7479dae503686f525af14ced6e480fc769576cb22da53b0e4075e97ec4ee8b235f0348a2180ab3f2884fa01a7d19ba1c88bba29820aa84952e05e52d74ed4e4efb51cf817d127ed3e5f6511f0213e2f424125768743dfea945b50e868e7dd563abaeeb34081bd6d24a32e55cd298e39b80960ac1ab198b6045a8b4bc8bef350ebaefb6f47cc8fde26bd77eb7d7e3c6fd2bf833567a9af265714088b1bb12f0df20130cc709a3626e5bd81c512905a539d401f729e648e84bdbb49e1a281fd74d67fbfff17e8042e2007c79bffb02ec08bc6a475363fb9137e1d274ba6e2ef18fd39467a97f285d7e567191a6ed0e4d227f75e9fe8e507f9b4fafe6cab1cb0ae33630a84a59aa606ca1716e538b988be6434b7d415e14de649229172928c5e1a45520d1391b26f340d9e5cd1349a1aba391531e4def260ab6f5cc51252a64229ba2b89318c3a8d42f42868fdea3c5deedbf419b886e38bc40a55c7ffe9810bfb949218fa998601ed229974c527b3fbca738f63c62ed1856303078f995ab5f61b6f6ac9887965406702a7e2860d1cde2e8c68de05dcdbdd10d1fe421e0ce1d63ff6d59efb1a4c7924a7e263ade93409d4897231ab1c0c6a2e6db2f55b1f601b3343c9890d0f06f4f5ad672db8bae1a113948e3d9fd058c72c3c8d3e51bd18015e691dbd45e49eb9dbb95fc57e07ee2bbba1c4f5de5756fcce6f0eb2fb2ec75be09391942eae15fd7514ebcfd958381a5aead1b3a0e40eafa09c8808671e80a79376bb4938231e82b99b70f176f8adf81ec4d6cd631800c38e4c4ee1546737c0efc36b7321afa6bf80d52fdf398560b2f1fe79331a06c8e9f2399528c09791514536799279ef1dd8b1631f249ed47a8d72910b5d3bc4fd46f5e471316114106631cab8198556ca00bdf80d09377af657bea729845b8311aea35760fab9c4d201bdd3a960e5e704c91b604710424f4b1118712c5c264efa271d7ff8dadc85b68a448f7835722cd9798ed18c08c284ad99c34cb475a3be97cd095038a2e677ae328cb29ffd856c6036edd9b468bbcff977d41dec4314ef83c510ffb1eae13f26fc1dbce29176688d8dd27be0d3d59b791ae930b31432832c9aab206ecd626b55acf0daaac0db88e82cdfa86423f8173d51336a2b208f77ec2200c6c2bca869d7c6e5580b5165659de8b8e5556940355c09f8d721fb6c16a7a0747bc39c8a56460ef664f90de8b4bcdfb419408a618a104fb589ee4db86b2d0421d40491b71b2294c2d49e1efeee34215484414265fb2eca9f46fcace877b765701abd1f6bddbd1011ea205b00961064a2dbb05ed4f622c0dda1fd51e7c972c8c371383709d34b46a5ba9a26f5bc40e749b6e4cdf29081810dc3f34e5443b24c7c86612563787ab9093e163cef090efecfa132ceb00345cccef58095da61497108ec2bd2759d96396ea9acd76d6168a87d03635fc41548fb859fee9dbd82c2abeb85714be335a6ac5eb2c9c01349881248125e1778440c79417f084a91344004696ce6c5e100189bba411761052e31c7eb508c40c496858378ba5de9a8cc525c57b7a8508807814cad9a6b409972042cb5503bacf4c26090f9c82899e1e7645d7c3c11b798f231b3c670c32670d6ede69f92d58b8a6513415999a20136ffb1b27d937595b99dcc0e9e0aca2e4c8f37383a9fe9e6a4cc90af0e8b2d4a61d97002ae380470f6665768074744673105a2243be295c71b7450cdd7a117d5fbe2f336dbbae855d212f6b35bb5ed78951e547034899f989069d0296022b261b000a7a246209bfc939214f3906856767cef2a54e1500c7e11c0aebeaa9b05c3265788762875de3fe58aaf8d8afdd560ca86fc518d779e33c080df79e903286d7eab06816280b5348f1686992bd17c9da6f16b3dee1dc59285da87fca996843c5098e352c7ad3b6d7feb82a3406b5bc442264a34d8488b7debf1127a7d50ae9dc3c61cbf4d241dae085a6f517ba498f422da0443f5e06019ded643652de1a142ae6cf8eead525f8de5622c08a964eb0766c4d87aa7d2fcb5cb05a7b4d5bff63634f42fabb40e2c743ceadb8704079905ff1eb9341bfec275fb06b61ce1e5950cc26e09c40830744ce24e1923a275c006c4200447cb1d0d5e4100dd960a4862c5f05c83c48af1990b765d79e213807dc2f7c0755a8df68f70f2b662e2a58dba4e4fefa7fdd6199706416d07447944b1fb7f673ec23d1d33d0c0671bad517e3c29a47cd378e7ee9d01ac3b49d8a7ff4017768d99c622a54f7547c4e3458eac7746fef072741a09f04b202c13f6a6467df19db93160562b0d0f82c8e718433ef9094714d225ca49847eb382ad712d3720b1d74be854c19b3b95f214c3b0d073ef3a2862de6da0dca64129e7620da64552b660e034e43f399314147af594c2f74e83d3b9212022402384cd4c42454f40f08fb84920e4fbffab2136ad8bd55f2c918aed536c25703da66b683cca8c8db51c15d3b044a966edcc0eb1f59f72bd5476f6f675d271eb30b2c6fc0d1f6b90c476af453794ce5474d84dd8070c887d30daefac77d31392827775d74a2e6a39e9f4fb43e213e3d06bd0a28a922aeef5811aadde62ae0a8d156315e3c72a67633ef6d147f8ed17f277873d6b8c64aa0b5a60f0281e2fefe6bea1d3075cc873ade522f426294553c41688021bceeace81ac199449263f69d6346af28a22467206189fb39043665fad588d54ff82fc968455949f5cedcd5ad586dfbabc78adef924d11962b9390cc8b667f2c2ba1e41b943a81a34f54330c817aa7130fa71e35f01ecb90ba1dedf968bdce0f85efb6bfa5edeec455c5087e09199db37ba60ef779e820b454f1976205d0577531bb91e87e3f07ba82cc9ef1fbb66bb160de0e38e7a86bddcbdee08a44e7f68dcc93c1f51b86fabba374d348cc80e91538a39e10800636c9fe55abff1254f8728c9d57105fdee6c7595db61c2454b8c2e093c5dd64c587eecde2ba69279a73a426b15d24bfc5f4e72dcbcd78099b82fd9ae56e883a892d68c0ad78ade6762f94896a4f6e01583362e3de272b6d5b2cc96f231354034397890b77e86c770a053b6995dfa7e04242443063bc4e3e3a6a3990496b9495c47d0b1cf6a3f00024fc278f9fce3c9c099410869e07bad67bb19f483fa89a62122c2f6c80b499279e7a29dbe6bf6174e91812b58c43b842fd2c71922350e3f6c69fc6003e29ca0944af8fc83f56ef7b59125927336f484eac11716ca3b9483dc0e578aab7b0de3b9eca702c5672c120363c3f96ed0f12da786cb3ca1ed901361c16a304c469df3877a22fc2c478ed4d2181242d5a7b1c2cb8b060af5729e4d57be4ba77adf71d09e0636ac870167321dbcc8e54a054a5a9da516fb1362cfdf926754a1eb29a11ece1d95af4976ddbb90568c9d093c10b305dec06eeb7d4895806437744f7c207874e0da76b9a0218d52de175fba9827581da2ff8f2840d32d6d7138a3d2d7baec5c577c5b604e366ff06c4a5294ce69aaea1f7f38448136c21bf0dca39dbf1dbd15e8dcd6e32fe2a367bb66545abea9acd9281045c2258c57a04aca8562bdbe100c0522c048ec9e5499b65fca3dd88ff40e90f5c08762ef92c9cef4decc7ffeabebdd83d2350bf5d72bf7424dcddb44258d2b1da274a9c72dffbc6e64d84d677c09887f2a380ce8eff24d06c780d4272e8d63b1dc5d1bbf2c56de5e615c4cc80ec843df21c414f9813dd36778716afe2d365a1c448c6a8fe2b8db9885d453aa98da0581df3833b4884f3d228cef20b56a2d5f7120e82a7fdd1ffdf571f8c82d35028c068a445c824583ecdacd50b13f65c3000ee4b216766de6d0cbf58b612aa0ff58e46ba5fb8bd08dbce4155fa95854a58b302ab148d2de01c6f8542a1facd00de46816dc3b624c45521e1a850f75f36fe17ecf08186f17dde04b1ed3e1861a4d2cdea9a2bca4907bc48dd1c026a1a2b7af9e26560235fb9c6a672f347cd89244d109efbc6b2bb02c0ad65ebf472d666605d206ccbeb116faedee0a59176ebd0c30c9dc0d6ac015bf80e8c62913d1964fd1a1a160474c5459eeae0aa91c74bb79855f35d2cb1374be7c71d29750d1b2cfdf5aa95d5897d68f955d13f47f4db81ade5ce2abb87d92457cd40655c680521fa54222cdc947154aba6d6fd28c143de44f5c9d6877ff52f63140cb19a98bf9c10897fcfce2a9d904cf9355acc281de6bfaac96e51a499429aeb616fbd5bcc8451654f8cd75da1d37e25ed03f01c826723b3b79a18e0463348d6401913ad2b1afce52539325d0e2b17dc76e96a587e9d34a58376f29a5c2f5f43f06b7fa3aa3bc4cbb07e976ea1202b4685fa97b13fdf9330afe748c722667e7bdfcfd9e27c3b1c4094e70f32d47a009ad741ddc05424f43dbb536af6219d2614148c802c347e61c758b029ac2616089054a83e724dd9b7191ea8efe9ce50ab8b8ece23911834c6f46e797c15edc43b25a3d5296fbbc9053b18fb5522fc2ced2e22bef38a4dbe43780d18c72e67c4fb4e1ac53bd4389da9ed07b2fb6b839635081ee43f9baa1a0962cb9b927a3563155939d17e1b8533ca12a5b10f664e7ac6b4704c0abefb838883e380174fd016fc1338a69a66e96cdc7f58c2b82fd2a5b5a6e4df1f56bf586e35b24a4216c236029ff5ccabe70d53eb65896b0166a54ce8c4a171fd50b4beae22e0b4ee6978b92c1eacb68e29a3afca1b86102744677cee7cac80901cfb888295ebb47476b73ec5f3ce71ba96e35a71adb", 0xf25}], 0x2}, 0x24004010)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.304333817s ago: executing program 0 (id=3815):
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0), 0x4) (async)
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0), 0x4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000100)=r0, 0x4)
socket$kcm(0x10, 0x2, 0x0) (async)
r1 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r5}, 0xc)
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0x9, &(0x7f0000000380), 0x98)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000780)=@bpf_lsm={0x3, 0x5, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1124, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x7fffffff, 0x0, 0x0, 0x4000002, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1124, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x7fffffff, 0x0, 0x0, 0x4000002, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r7 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r7, 0x29, 0x23, &(0x7f0000000040), 0xcf)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1200000001000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00g\x00\x00\x00\x00\x00\x00#\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r8, &(0x7f0000000180), 0x0}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r8, &(0x7f0000000180), 0x0}, 0x20)
close(r7)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000002000000000000ee8c3676fd7409790000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x19)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x10, 0x3, 0x10) (async)
r10 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r9)

2.551536078s ago: executing program 1 (id=3817):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRES32=<r2=>0x0], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, 0x0, 0x0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r1, &(0x7f00000002c0)="468db75efeb4706248c730ad34a0b9216b4bafcd6e6eb260c830610e3d4db08b1d084dff56e4b0805a98006341bbe876a117af4a2a9e05dd9aa35d723ef2126a652ce3f663424b60e6f093fad4ff2e4df8aff6be77776a2348ec70eb4b69e4e6b894a490fb1e"}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r1}, 0x8)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x14, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r3, @ANYRES16=r2], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x1090da, 0x0, 0x0, 0x0, 0x0, 0x4, 0x749}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e64, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200088c0)
close(r5)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="1e03"], 0xffdd)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x4}, [@printk={@p, {0x3, 0x3, 0x6, 0xa, 0x1, 0xfff8, 0xa0}, {0x5}, {}, {}, {}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$kcm(0x11, 0x3, 0x300)
ioctl$TUNSETSTEERINGEBPF(r6, 0x800454e0, &(0x7f0000000800))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x20, 0x0, 0x0, 0xffff, 0xc8410, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_config_ext, 0x8018, 0x0, 0x3, 0x9, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80020, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x111a, 0x7fff, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb, 0x0, 0xfffffffffffffffc}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2141, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x29, 0x7}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x30000000, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00', 0x0, 0x8}, 0x18)
sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00140000000280", 0x2a}, {&(0x7f0000000400)="6a718e5e", 0x4}], 0x2}, 0x0)

2.493985222s ago: executing program 2 (id=3818):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) (async)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="1100000052"], 0xfe33)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x2b) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000007c0), &(0x7f0000000640)=r4}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r5}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20) (async)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r5, &(0x7f00000004c0)}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000005c0)}, 0x20) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r10 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r10, 0x84, 0x78, &(0x7f0000000040), 0x4) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000700)=@bpf_lsm={0x1d, 0x17, &(0x7f0000000840)=@raw=[@tail_call, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}, @map_fd={0x18, 0xa, 0x1, 0x0, r5}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}], &(0x7f0000000200)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x2e, '\x00', r8, 0x1b, r2, 0x8, &(0x7f00000003c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x5, 0x7, 0x1000, 0x7ff}, 0x10, r9, 0x0, 0x0, &(0x7f0000000580)=[r6], 0x0, 0x10, 0xb973}, 0x94) (async)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r12 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x10, r11}, 0x18)
ioctl$PERF_EVENT_IOC_SET_BPF(r12, 0x40042408, r11) (async)
r13 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2594f91c240685", 0x14}], 0x1}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x12, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000008500000006a03524d1ce1455", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x20}, 0x94)

2.435509695s ago: executing program 0 (id=3819):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, &(0x7f0000000100)=@framed={{}, [@cb_func={0x18, 0x0, 0x4, 0x0, 0x4}, @exit, @exit, @exit, @tail_call]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x9}, 0x94)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, 0x0, 0x0)

2.435037515s ago: executing program 3 (id=3820):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb904021d0800fe007c05e8fe55a115000200fe80000000000000080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0)
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000000)=0x1)
perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x16766f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8008, 0x401, 0x200, 0x0, 0x7, 0x0, 0x100}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x1ffc0)

2.313501152s ago: executing program 0 (id=3821):
r0 = socket$kcm(0x11, 0x2, 0x300)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x8907, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='1-2:5/', @ANYRESOCT, @ANYBLOB='E'], 0x31)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_bp={0x0, 0x2}, 0x100301, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
r5 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r5, 0x10d, 0x3, 0x0, 0x0)
recvmsg$kcm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r7 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000940)={r7, 0x0, 0x1000, 0x0, &(0x7f0000001040)="385420de62a90554f04ab5aa3c18d4985c78ab43c54125d5aa0c498e2355de20fa45402aada4332e5ad68ed1054e21df6dcc4f4b196345d3ef83b694727531bc88f4770762582592936031f5c5a8dc6cc15046d0762dd7a3a7417e4e8702c72275acffccbb844ad74152b414119c82a1f228c0589e017dfd12cfadca67de6a682e9a45737f405e5db5674c5dacad395602efc7dfa90c905e3a1a2dca23ee2d01a1d26986dee9b15740b29747762bbadc97578cca394dbb2aed5135813942daa774f7ef1c9c97f440db2b0289ed5965307e878f9a83ea004055d9f55a75b7b559b3d426342b5398ee43863df42db7dd9855bd23e1d5a94c5f6395cbe9b20fab6b6eb4813fa0a31152013c5314216452968d59b9206bcb9b572a7b6b4427cb443a32d0ced8ec610c74329cb2e29d147b5815aa0baab42ffd098af9d8a68e6ae9bd6164781f5e836f1385d3d6d6ca4a453fe56080eb4fbf9b872f1faa651b144fbfefb2403cf211beb89fef5312a884d27fff0e2e9b57e62e871be2b0da0dd0d1eefc2a074f710e09533c24d4d0dc5f5abb446a8a5b4b62f2c0e8a5026340ecead83b93565607990489790ba935564415cf0b6049e4910ffa72f5a8ab976ce53840e2144f79a8b903b76ec7ae30f6d726eae72b579649481af1ff333dd5e3c3f5a02cd9393614b44a31a3eb7d18d86d8797c3586330b7c61a81333d8b418257364911dab27c76f274e94311c440116cc91f3559ffb6a0cbe126a45cd209126ee61524294aa8c6d707efad6cd214e350733fffe4e013745fbc2436bb43578623aa4e67067d6b3f485d67f175400f7a665bddbd3963ed3127e27fdcfb8ab8c494647d94053fe29554148cd2e5c9e77defacab389af6057d18e669c5e87d766786a5cdc43f39db3f8a14895eaab4b5292eaf3fba4b7520b2b7e1f9d6f3b947460e1ce3b0bc72edb470f58521199bc80c1c58ac298263cd84de3cabcaf85930381d668a7c0a2c0568dbe73bc4a9bcbd33ee862a69a26ded7b26b715861b91160e614054852c9fd6d7a7a6cf584c91ea831d19f88ff4b8e343a413854bd1b5a006066e296a2ddf4219691e5b33cb84016d3d34cda19da5ebc9311d623b7892fd83eb143d1624769c4d950cbd51a7e6c062779f659cb3c3cd92c7185dc9a3c747cc98a9271325190b660c4d00aa74b0700e63bcff0c8be853158ca8c0fdbd5ff31e25d1ca913f780391427ae4bc2f10ac1d172bf1d74e26aaae30ac3f083e29f1b3c12adf7b0673e2668a8d190677cb1b8ae3dfba77d0eaed0a3d949e833650432012ec11a3336bd4a421ca67cdacca83918b4e014331a8c1ad4ff825a5cc7fb6dc5bdc475f69be56de4297dc9a1e0b02b50a9c6699aaa583eb9763031e7484ca8d05dc825570f2dffc8479f43a5bec6e75681d85bf1087ea38c9688e755bb0d1d66ef5558ce64ac07c472e8d90f4060be41cd6798ab311705113db1303df62f0e6a57d16e2f0164da5cce88b29e9a989d5a9d6fb696dbbbfe467860cf08f7cca845818cb3ed6ead882ddf8bb4946bba0b5542f6c807656d0d2818e813d35b532c844adcdd9be075e468a76ebd2c1fd7060e745062391f519cf73681e408f39221a032d4f1b21f6ed82b62059abdb520c4127012ac45b1ae74123aec3d449ce523e353246c1f53c293668a58614c445cbaa7befaa4a07219cfc86a1a76257648e18f509e20783143d16c1dbca0a6eb4fca6890714e2566e3c6fc5ac5cc4189572895ad861a5d286e50eff21c1add32aaef83d4597ceca90a497de7e4fe7f3a2327c924bcd4131fd3b5b2e4f89a71124bced2e1a1ed7f0b4ce9fb9f3f986ea253f284ba65384b6b97a4c394f9fbcc09c96df6dd0e6b950de92745de26fa6bbffb7ea16fe5b27084392678a36df58817900e79d50a7bff7b92d7d9562448cfee6c2a6237d9a9a5fb97039f0dcc14cc237226ffc124f6a7eaad08f63ecb16465bf805b74255b2b992d43afdb30bac6264f9b9aba68c902dfef89b49a14e9fc73231ea4ea4f1550dd6781f48f24593784b9dcb5fa343ed1a94851b6de28a24373b764f17c4681e9c30ab2df766a5dd7720481a643e7e1302e2dc36ec200e408335f67bed069821b5538d5c6fddeb2d49033205669144f318fc09123a29ea4f8fe164ac0e44ee8ca3a9e35c662454bfcb17734becb948fffe9f3aa8b5354f45626c70018c9767a879547931137958d1791ecda4ac5b140fe2a3aa411af3c6d14418a2a9cbcf02557ab30da16ed521cca932a7520089bbd6baff37c5ccf18ac3a0953506eddf3dd8e0ab73674ac23f239930acbdf7c9d074dabd00b831403e0a1afb21ec7ed12f54081cc509d77ee159a0dee952a31708ec8e75812aa35e7214943f1d3f4b286a7a0ecb87166ad555d2fb813d872d457cf8ca6ae39028210628fedb6822163c70efdd9078edc2ccafb6440e4184c36836913dfddda264795abec10951f84d3920303271baf798e1cacbf5b40a18ec0fb2dde353d7af974c0b3fca2e2715588afd6446db9f6f9c829b2683dc9c0c6b08e99efebd79abb6709a8a360408f2ac8ad9b121327096c671e5e630a236d8a1fde59d0f6d2b658be945aa6ac04763422265712841049a43270ea413eef8367e154bef0e850c7b9943d3a106dc6a6086cd5dcef69eb4eabac59c0bd5ec6407e89fbcacd42d957f067a5a9dc5ed2331686d021be07251c44d3b3c0a13d46928c97d4cc451e1340ae7fe695d19ac5d9ab288d97970c7abf9ce11440a3c243d871455a469e5a1a3506c8f1e25c167bb9fcf06ef12f4517e82adf445d24c60f267e34b2328da8a997f1c8dd2f6023c13f8d7191ae0340238cb657015bd23cac30d9ed9d95e2f2b0d0498e78191fe27ae58cddd54c0b46b632091dcdf837b57f986c89c7817f8dbf70d5226a6c2620a2bb3c0d32785dfa9eb61126c5e11ba7e2e7d312aadeca40d695cc6c4b2692c371e23ef3a2f9af09cc98b3377168ebd9cc5adf497258e7d31533ec43d668e85789b068b6ca1ef98f1d1629fedf39ec88a284729cfcd5c6e21476a1ffa1afe6855fde0af503836014d5eb8e86f5bd3ac8391cf9c7c6ce4bf8ab37cb8141c8022c67e34f7cbc2b7775f92a2e009cb128fb10e6e146e6f9468a89d68fb58e4f49f612b1b56422e85056918ee129ba2b7567e15a3699f8bc9dff509afc2dbfe50dd7e5d6139129f2b359f8470edfde783d4fb8eb71fdff5a965b52cdc19e784b9ec310a1e35f943d819b63167e9feba7d232bbedb9e4ad61f3b980b8b41a805ce5ed37a1fc3497c45b871b9b9ca01dcead0a38eef1bf7645583ad5c5fda6d2b2f2b0c667ba6515ad06e6f05024e9180b82d36400a23a20812eec83c50d74ea6d0ace4b21e38e1fb7c6a1c90ffb15f63ea6b2185061f750ba0ad02ad87e33a7839a2c18cc4d20380fe8edec80debf5d05b909f3e9fee84ed47932ca2eaa22e19b693e3e6d3e1f1ed9525c4150693c6c8206f2afcfc4a33bac13c73db2bf6b3aac1eeea21853b722d56231d83483e8754bae1037913ab12fef2b2aad81f687d39789489af7e006bbb7c3c31b946eb0ee61235369716de75d6f11c79aa7c6f575af1303286413ff949667101befaed6de1c0ee19c81e63da533979bd069df6f8148bd4eecb7dd27d6dca60aa1aa98f978a423f413b6d5ae66246c051e0c647acf7ef26e4ac55f836e79867bc68b1cff02a4ee9ee1a05458faf89fb6b73ade9c0237eefcb8f1dd77862bc7e41e8de3db6c22238a66b8abaa109f4485119f3166811c5e496e555d9470adb5a9863bff4315c22a7c14ebdef7fe024fbf83b9ed29e6f0c82beb32dda1e1fedd46cb7e651b8acc7536991eb6b17705ac688f2e9340a555da90a318858fc2343c30de67b19fa52634c07314b54f8ce9b877a87a3325985cd10eee41873e358f0300153c08eb440d60c26594bea7d507b06ffbe716af78f08d8b36b9ed2a12d4e40af1c9a862a69daa24e90aaaf9f8db21f0e7aba53c252812219252e60826f68a292ab2939a9af7af9fa82251d6e473dbf6a49ed858df867c08cb2747fea11a7e654c2dec42f30ccdab5abcc25fde04d5d9498829944aa068fe3fc4ffe9957c9302cd35d9ca44d56aa9e971d58bd979e5489dd3a86338520f5b2b63ec436f6b265f21ae3f4f352e2797375f15d3d9c8e78a6e84e2d1f60773f1e4ce50f4a504e94010a8a2063568c32d2b8e6cfd230feb610bd8f25088959ac1587cadd6683ea676788b43897f4c08f2e0040fd649cd0466095c9a58223f534d8dc034ed5e75d6a5f8863a912a5265c4f7ed2ad613aec2ce2ebf5ee987ae4b9e30a3b3dc802863f2bf652482317fe33d5bfb5c28d7259c22bcb035e20fc58b4d3d3cc1cdcf5b0df9256a941a88d43849b2cd0315f8512038aa203a6631243f4a9689290d8da737f78b124fc7b903d9e679390ea56db2e1190d122261f1060ff50f6ebb57f64515f1c8f75e08b0598104802601a51c2d18646caca45b1202235661c799ab67808386f235cd21085c47231100115267db70456c85280fcd289d715c96e3844d5f44ae158a83e476e4a6549139264aec44bba07aee45a43e23657b1e0906f229eaf40aefefb45f72ab1f01790427bd75acc3b715a9f1c4a6de9576483d987f83fe768aa108a0af1a4cbc67386cb833f0ae345a5ee5b02082f27e51f6d48f0bd4f0f58d4c94dbe8b5fde5e5bde7552be22d90f32053a5cad70b0f8655e18a1e5c13567b896d4fda094486ff61f28b4db688d2b57458902c7659e2278b3a0c38a4fc513674b20c7e7491e7a4de5431fe143d1632dea1c2c7b8478f109f6763217a52bdd2e3b575c9ff9c2bf9ffba67b3321736fc9c6e348431c37a1456662e279ba756421700463f53c2a1cc79b29e7d1f42762825cb8eada78464124a59ffb36ce641bd7259c81b1c9ad4f72d1ff6c18923388d363f1fce84dee3e5189122bcc7804789d554b98979a8cd4eedf494df6c0f3392dd9852ecb282064a64654796299c0ce56555f927f3cd75cdd65d1172486b88e50e84da96b78d3da13688605d38daef450200ece5894520a9e062d2b21bbf5200653fe5637d50be3d616abdbd6988a3087e63dd2516dffeef8a65b7d4eb607a5fd724c671195d9113c095e0eac38d2dcb3caeeaba7edc1dda15b5101fe766ca80f6d29c932cc03017489231b1267830d6970224f4479b84ea0cfb8f3b47177479831898858f8be96835c187370e40115b673188bd586a0c2de25a7b2779bcdf016351677864930c3756a2bf2b255739023b749247b0816ade4c59ff6d664d004ecf95bbba222b90e365e976ec069e1401859548d02706e2630c1a363feadfe4b4357ab0cb8c9dff2e1686a0fc5fef9525c8abb95a48f9a6174b76b8ae729ae1786b8e64c64f903fd263b9e15fd28c1a9e709268507b5de1ceda5dd34da2f37a693347a52a09eec13fb3e655fc9d10c942ef1a9f580e9d513741882733692d40b8b26f278303ac55472d23e53bd262eb1c6878d4e0bed6c5c98078c8d099f8e78bb1edce6cadfc2e14afa4c0e510dcf41715d1ba519012a5edfe9dbe13dfb76b502a3dccfb005621dacb971aec4f9d92fde7d3f2a2c9158a4b5ac10f3ebfe1f585b4f75dff173b929767ee932023caf353b46fd0db094b38eb8c87a1d4693c8a18a4fd3c4a8f3f920945af7a79bf2320e304455eba564d25909ecd9ca9043d9bb16fba197993a11b39c93a42d2e74121fbb57cba038d2d6978e1b404c03fd618baf1565861dfad0cf1714b2a2595b3", 0x0, 0x3, 0x0, 0x88, 0x0, &(0x7f0000000540)="6df2597a6b820b1a50de8f61ec2f5e43fa60fd1a9acdea7c50beedd11fd2d63daf3448c6c10bd0a2a7da420651da14e8b69d881f51cf7613a60eab971b5079792ba43f962da65b47faa0430e8b6efc77fb52e0d601ab883de98c9dd258b2cda60e768156dca462dd5a57fa3438a14e4f0657bc5b289c82c0e9b30762e3dafe46ac40836b054dc9fd", 0x0, 0x2, 0x0, 0x40}, 0x50)
recvmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xfffffd63}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f00000006c0)=""/188, 0xc9}, {&(0x7f0000000f40)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0xa}, 0x40012100)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r8, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098}, 0x94)
recvmsg$kcm(r6, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
recvmsg(r6, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x10002)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
recvmsg$kcm(r6, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000000000008100000081"], 0x48)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0xed}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.250005285s ago: executing program 2 (id=3822):
perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x7fff, 0x7fffffff, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1509, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x9, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000035000b63d25a80648c2594f90724fc60", 0x14}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x29, 0x11, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x4}, 0x0, 0x0, 0x80000001, 0x5, 0xd, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x1000000000007}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a00000080000000064242"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r4 = openat$cgroup_devices(r3, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tw\nr'], 0xa)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
close(r0)

2.027313238s ago: executing program 3 (id=3823):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00054b4944d73043c60000000000000000000000000080000400000011fa47d5dfc8af53a711e118ba8b4f1f9b44faac04dd60ade62b3fe21bdc360f12aff4b1e80160246e1f40a34c9b2cc4367b22bee945bf79e110f512c297723862f5482f9e1a8876785d8684", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e5, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x84480, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000fbffffff0000000000000000850000002c000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

559.597029ms ago: executing program 2 (id=3824):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x3e1, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016000900014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)="8c3b8e6c29fc79", 0x7}, {&(0x7f0000000200)="54e74b316c666f7fdcdba9ef492d3d4facdd0143a26d9735b483c0d14626a29ea3cb60180e0b5e7ea6ab86cd1b4450a57c1ec5a98a14bfee32de6bd7a751eba0d3892b5d9c7c0604e591da5751300ffd15226eeb5257adc78e3b759648", 0x5d}, {&(0x7f0000000280)="a87e1c31d9679bf5897f88340022c623f6fd73671e7c2674b0a1882069b31e5c9f491afae2afdd35f504b39281d2c08ffa9b0ce30144f6d68d447b7b5271060a0490b2681a317ea2e08716cc98d2c72d8486c8a56042899a0fe0d791e47fb168312543c541faa45e42bc0646cc1259fd746ad5378194269304b54961bf144c6246d5f82b07363f9251a051987d68a0c43ca32d08d6a3929cf2b017b3943a85c187c73344658f3550c4ec0cffba6192d93a41f8bb9c3d8428787da7929e5d53ef90fe504a813c33c09313973fa8bc86ffface7b687140b301eb146fda14c41b728583d3f0885d2aa8fa9a", 0xea}, {&(0x7f0000000380)="d93a5be3ebb4f30822d5365d736ddb35a05f8110661effafa4bb80296d3cefadce1fad6f7c384e82e820", 0x2a}, {&(0x7f00000003c0)="f0cb3147ae565d5c6d495bd46d8e485218af1ab2e92158f35603fed54d5081a552ed2cd7461189cf82441d39a0b9dcd53f840f5ec8eaa9978d1176e74dcc133d439005897829e5ce744872889bc926e55a8919f726aab2b03dc2d7c1ffba1af4c86afa41c68170661faf68b59925922478b44a6b8b47a3e508668ec4282a823a7d2edc747053390d2b6150afbd50a327733493100790ca9c51cbc14a0c328d73b9fd2da3021bf1f5ececd698912c417850335ab6e4cc1f2edc2f6998a594d576e080d34ebf66", 0xc6}, {&(0x7f00000004c0)="4a89726763b6acbe152ef42c26ae0b914ef71598b9142496d778d3368f422f1d215977a1b2110663b70972f00c5e11aac16d47d97004ea3f83154f6dc378d0954659e067c6b271930b1081ed2b752306f85e1ac2a06db32ac0000653bdaa8351f27f05da32e15cfda31d3cd55b33f8bad59cca012ef4516b87cf0f487069c6c8677812ddd64b9c7243b2cbad6e26593693c598fc4b6baf05c43d3754c6f3cdaa2072b4f6f4becd87493cbad0c11c7d4a20f35e8c266a0ea0cb26517690d7554d23970d6608b299061600a4a2f4da01b28ba3d949cc307ab957b4447939b60e6193c6", 0xe2}], 0x6, &(0x7f0000000640)=[{0x80, 0x10b, 0x400, "81fc2c96e18bda1047a6182aa11759e465a92bf634270f5ee97413fc09b33fb9ee1b0e5a13ce605350b3b5b4eee14ff7dd2d655da5202350380aac71d03beab95ede9f1a30b99901145d62800baf5b2bfda1076d839b2ae73f9c4e6791f33806870ce252db214ba8d02cf472af"}], 0x80}, 0x20040015)

500.567072ms ago: executing program 3 (id=3825):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="09000000020000006d0500000300000000000000", @ANYRES32, @ANYBLOB="0900000000004d2744711ea400"/26, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1}, 0x38)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4044}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70300001a930000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00')
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
openat$cgroup_ro(r2, &(0x7f0000000240)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
openat$cgroup_procs(r2, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00006134efd25b220000001f4000e3ff0000000000000000000000000000008cbd00a840713ce86c83027299ef3b01a4f90726f4a40622da5d1d7ba76c54f80baf5246807e2de3df26bce3758df61539d5caad670684e9929d6b140ffbbaaeba570db04817e71215"], 0x50)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={0xffffffffffffffff, 0x1, 0x8}, 0xc)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r7, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20)
ioctl$SIOCSIFHWADDR(r6, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})

350.135171ms ago: executing program 0 (id=3826):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x19, 0x4, 0x6, 0x400002, 0x120, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x50)
close(0x3) (async)
socketpair(0x1d, 0x1, 0xc, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89e0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06fb040000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4) (async)
sendmsg$inet(r7, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4800) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r8}, 0x38) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) (async)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x83}, [@call={0x85, 0x0, 0x0, 0x2e}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e868000000f6e82e27ef4d", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="190000000400000004000000ffff010000000000", @ANYRES32=0x1, @ANYBLOB="008000"/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/17], 0x48)
syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socketpair(0x2b, 0xa, 0x80000001, &(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x8983, &(0x7f0000000080)) (async)
r11 = syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000005c0)=r11, 0x12)

294.338034ms ago: executing program 2 (id=3827):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9ae0f4ffbf23b747}, 0x94) (async)
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfe327, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000009800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) (async)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f93324fc60100c034002000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000185702003d030100000000009500f000000000006926000000000000bf670000000000005606020015ff07007706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad15010000000000840400000000000014000000100000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b848b00ea6553f3040000705fad86c8e1a53cb300815dcf00c3ee7b042d1937ba52037fdefeb0cff9fc56357d81b2cc1a9e37d7b75c020b070000003eb22062a1faca036d9cc7db6671573e202e0a63fe4ba12b064985cc32d1ac0b9ecc8f604dcac256621c90491726de3b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48)

215.006588ms ago: executing program 0 (id=3828):
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000100)={0x3, 0x80, 0x2d, 0xad, 0x1, 0x9, 0x0, 0x4, 0x40, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xcf, 0x2, @perf_bp={&(0x7f00000000c0), 0x4}, 0x100018, 0xffffffff, 0x9, 0x9, 0x200, 0x1, 0x153, 0x0, 0x7, 0x0, 0x10001}, 0xffffffffffffffff, 0x8, r0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000180)={0x0, 0x80, 0x8, 0x9, 0x83, 0x6, 0x0, 0x100000000, 0xc000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8d01, 0x2, @perf_config_ext={0xdcaf, 0xf}, 0xc0c4, 0x4, 0x1, 0x4, 0x8e, 0x0, 0x2, 0x0, 0x9, 0x0, 0x8})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x35, 0x5, 0x3, 0xac}]})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x94e4, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfffffffa, 0x4, @perf_bp={0x0, 0x6}, 0x19183, 0x1, 0x5, 0xb, 0xa, 0x904813a5, 0x4, 0x0, 0x0, 0x0, 0xffffffffffff0000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x2, @perf_bp={0x0, 0x9}, 0x0, 0x32, 0x43a1bd76, 0x9, 0x9, 0x2, 0x812, 0x0, 0x0, 0x0, 0x22009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0)
r5 = socket$kcm(0xa, 0x5, 0x0)
socket$kcm(0x21, 0x2, 0x2)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$kcm(0xa, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(r6, 0x29, 0x23, &(0x7f0000000040), 0xf7)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1f, 0x0, 0x0)
socket$kcm(0x29, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000001340)={0x2, 0x2, @multicast2}, 0x10, 0x0}, 0x8000)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x96, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x9}, 0x4000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94)

148.342032ms ago: executing program 2 (id=3829):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, &(0x7f0000000100)=@framed={{}, [@cb_func={0x18, 0x0, 0x4, 0x0, 0x4}, @exit, @exit, @exit, @tail_call]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x9}, 0x94)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

82.604006ms ago: executing program 2 (id=3830):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r1 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r2 = socket$kcm(0x1e, 0x4, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x10)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f0000000040), 0x4)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0xfdef)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0x2000})

0s ago: executing program 1 (id=3831):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x19, 0x2c, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@jmp={0x5, 0x1, 0x1, 0x7, 0x4, 0xfffffffffffffff8, 0x4}, @map_fd={0x18, 0x3, 0x1, 0x0, r2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x603}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2e35136df43e5d45}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x5}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x83, &(0x7f0000000100)=""/131, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x1, 0x1, 0x1ff, 0x101}, 0x10, 0x0, 0xffffffffffffffff, 0x9, &(0x7f0000000200)=[r2], &(0x7f0000000300)=[{0x0, 0x5, 0xa, 0x5}, {0x0, 0x5, 0x7, 0xc}, {0x2, 0x2, 0x9, 0x3}, {0x0, 0x1, 0x0, 0xb}, {0x5, 0x1, 0xc}, {0x5, 0x1, 0x5, 0x7}, {0x3, 0x5, 0xe, 0x8}, {0x0, 0x3, 0x1, 0x6}, {0x5, 0x5, 0x6, 0x5}], 0x10, 0x9}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r6)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@fallback=<r8=>r6, 0x10, 0x0, 0x363253ea, &(0x7f0000000040)=[0x0], 0x1, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r9=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)={@ifindex, r6, 0x2e, 0x20, 0x0, @void, @void, @void, @value=0xffffffffffffffff, r9}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
close(r11)
recvmsg$unix(r10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r12=>0xffffffffffffffff]}}], 0x31}, 0x81c0)
write$cgroup_subtree(r12, &(0x7f0000000180)=ANY=[@ANYRES8=r11], 0x9a)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000400)={0x10001, <r13=>0x0}, 0x8)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000003c0)={@cgroup=r12, r1, 0x2c, 0x2022, r5, @void, @void, @value=r13, @void, r9}, 0x20)
syz_clone(0x100080, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000b40)={r8, 0x58, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r14=>0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000c00)={0x4, <r15=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x9, 0x21, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r12}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r12}}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xe}}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x4}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x9, 0xad, &(0x7f0000000a00)=""/173, 0x41000, 0x42, '\x00', r14, @fallback=0x29, r8, 0x8, &(0x7f0000000b80)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000bc0)={0x4, 0x5, 0xa3d, 0x10000}, 0x10, r15, r1, 0x0, &(0x7f0000000c40)=[r12], 0x0, 0x10, 0x1}, 0x94)

kernel console output (not intermixed with test programs):

s `syz.0.2178'.
[  559.740635][T14112] netlink: 209588 bytes leftover after parsing attributes in process `syz.0.2180'.
[  560.348484][T14126] netlink: 'syz.0.2184': attribute type 2 has an invalid length.
[  560.375014][T14126] netlink: 17267 bytes leftover after parsing attributes in process `syz.0.2184'.
[  560.593892][T14128] netlink: 'syz.2.2185': attribute type 11 has an invalid length.
[  560.615323][T14128] netlink: 212832 bytes leftover after parsing attributes in process `syz.2.2185'.
[  560.869096][T14138] netlink: 'syz.1.2187': attribute type 39 has an invalid length.
[  561.980651][T14144] netlink: 'syz.3.2191': attribute type 21 has an invalid length.
[  562.276217][T14157] .&nr: renamed from bond_slave_1
[  562.369211][T14165] netlink: 'syz.1.2194': attribute type 2 has an invalid length.
[  562.481204][T14165] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2194'.
[  563.189171][T14181] netlink: 'syz.2.2198': attribute type 9 has an invalid length.
[  563.232141][T14185] raw_sendmsg: syz.0.2199 forgot to set AF_INET. Fix it!
[  563.264013][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  563.270539][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  563.308723][T14181] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.2198'.
[  563.563701][T14190] delete_channel: no stack
[  564.036602][T14209] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.2205'.
[  564.141260][T14211] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2206'.
[  565.030777][T14238] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2215'.
[  565.069592][T14238] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2215'.
[  565.117261][T14236] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2215'.
[  565.259013][T14237] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.2214'.
[  565.785900][T14248] netlink: 'syz.1.2217': attribute type 10 has an invalid length.
[  565.858785][T14251] netlink: 'syz.1.2217': attribute type 1 has an invalid length.
[  565.872390][T14251] netlink: 143932 bytes leftover after parsing attributes in process `syz.1.2217'.
[  565.903475][T14251] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2217'.
[  566.336002][T14265] netlink: 'syz.3.2221': attribute type 29 has an invalid length.
[  566.346656][T14265] netlink: 'syz.3.2221': attribute type 29 has an invalid length.
[  566.485374][T14268] netlink: 'syz.3.2222': attribute type 2 has an invalid length.
[  566.513358][T14268] netlink: 'syz.3.2222': attribute type 8 has an invalid length.
[  570.069235][T14323] __nla_validate_parse: 1 callbacks suppressed
[  570.069256][T14323] netlink: 15998 bytes leftover after parsing attributes in process `syz.0.2237'.
[  570.706039][T14329] netlink: 'syz.1.2238': attribute type 21 has an invalid length.
[  570.735649][T14329] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2238'.
[  571.539177][T14347] netlink: 'syz.1.2243': attribute type 21 has an invalid length.
[  571.556445][T14347] netlink: 'syz.1.2243': attribute type 1 has an invalid length.
[  571.574707][T14347] netlink: 'syz.1.2243': attribute type 2 has an invalid length.
[  571.593680][T14347] netlink: 9062 bytes leftover after parsing attributes in process `syz.1.2243'.
[  572.469261][T14366] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2249'.
[  572.864571][T14373] netlink: 'syz.2.2251': attribute type 29 has an invalid length.
[  572.902679][T14373] netlink: 'syz.2.2251': attribute type 29 has an invalid length.
[  572.944086][T14373] netlink: 'syz.2.2251': attribute type 29 has an invalid length.
[  572.971512][T14373] netlink: 'syz.2.2251': attribute type 29 has an invalid length.
[  573.006563][T14373] netlink: 'syz.2.2251': attribute type 29 has an invalid length.
[  573.065828][T14373] netlink: 'syz.2.2251': attribute type 29 has an invalid length.
[  573.128853][T14377] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.2252'.
[  573.145109][T14377] netlink: zone id is out of range
[  573.373623][T14384] sit0: left promiscuous mode
[  573.846862][T14389] sit0: entered promiscuous mode
[  576.113685][T14440] netlink: 'syz.3.2265': attribute type 64 has an invalid length.
[  576.599323][T14450] netlink: 'syz.1.2267': attribute type 4 has an invalid length.
[  576.735163][T14450] netlink: 'syz.1.2267': attribute type 3 has an invalid length.
[  576.926543][T14450] netlink: 153952 bytes leftover after parsing attributes in process `syz.1.2267'.
[  577.005764][T14449] netlink: 'syz.0.2268': attribute type 19 has an invalid length.
[  577.051673][T14449] netlink: 14524 bytes leftover after parsing attributes in process `syz.0.2268'.
[  577.207076][T14460] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.2271'.
[  577.705382][T14477] netlink: 64023 bytes leftover after parsing attributes in process `syz.1.2275'.
[  579.204262][T14504] wg2: left promiscuous mode
[  579.235049][T14504] wg2: left allmulticast mode
[  579.389757][T14510] netlink: 'syz.1.2286': attribute type 10 has an invalid length.
[  579.430435][T14510] netlink: 'syz.1.2286': attribute type 10 has an invalid length.
[  579.708296][T14520] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.2287'.
[  580.364114][T14532] netlink: 'syz.2.2291': attribute type 9 has an invalid length.
[  580.392562][T14532] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.2291'.
[  581.977408][T14574] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2299'.
[  582.777362][T14608] netlink: 65055 bytes leftover after parsing attributes in process `syz.0.2310'.
[  583.906752][T14645] netlink: 'syz.1.2319': attribute type 39 has an invalid length.
[  584.335536][T14663] netlink: 'syz.0.2323': attribute type 2 has an invalid length.
[  586.255225][T14718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2338'.
[  586.620442][T14721] netlink: 'syz.0.2339': attribute type 29 has an invalid length.
[  586.649557][T14721] netlink: 'syz.0.2339': attribute type 29 has an invalid length.
[  587.799679][T14734] netlink: 'syz.0.2339': attribute type 10 has an invalid length.
[  587.814371][T14734] netlink: 65015 bytes leftover after parsing attributes in process `syz.0.2339'.
[  588.120751][T14748] netlink: 'syz.2.2346': attribute type 7 has an invalid length.
[  588.335098][T14764] netlink: 'syz.1.2350': attribute type 10 has an invalid length.
[  589.311214][T14787] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.2356'.
[  589.433617][T14787] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.2356'.
[  589.477762][T14790] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.2356'.
[  589.675074][T14787] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.2356'.
[  590.553653][T14802] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2360'.
[  590.688016][T14802] veth0_to_bond: entered promiscuous mode
[  591.051794][T14816] netlink: 'syz.2.2363': attribute type 17 has an invalid length.
[  591.062606][T14816] netlink: 'syz.2.2363': attribute type 16 has an invalid length.
[  591.072279][T14816] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2363'.
[  591.092434][T14811] netlink: 'syz.0.2362': attribute type 10 has an invalid length.
[  591.553056][T14833] netlink: 'syz.1.2359': attribute type 4 has an invalid length.
[  591.624977][T14833] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2359'.
[  591.716554][T14833] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  592.307583][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  592.319968][ T5777] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  592.328945][ T5777] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  592.349277][ T5777] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  592.357871][ T5777] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  592.367200][ T5777] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  592.703754][T14841] chnl_net:caif_netlink_parms(): no params data found
[  592.891904][T14841] bridge0: port 1(bridge_slave_0) entered blocking state
[  592.899485][T14841] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.907193][T14841] bridge_slave_0: entered allmulticast mode
[  592.916678][T14841] bridge_slave_0: entered promiscuous mode
[  592.959328][T14841] bridge0: port 2(bridge_slave_1) entered blocking state
[  592.986190][T14841] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.013939][T14841] bridge_slave_1: entered allmulticast mode
[  593.037515][T14841] bridge_slave_1: entered promiscuous mode
[  593.123405][T14841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  593.167242][T14841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  593.273992][T14841] team0: Port device team_slave_0 added
[  593.290955][T14841] team0: Port device team_slave_1 added
[  593.337022][T14841] batman_adv: batadv0: Adding interface: batadv_slave_0
[  593.358213][T14841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.418834][T14841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  593.450171][T14841] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.461590][T14841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.525327][T14841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  593.650717][T14841] hsr_slave_0: entered promiscuous mode
[  593.680952][T14841] hsr_slave_1: entered promiscuous mode
[  593.748945][T14841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  593.756714][T14841] Cannot create hsr debugfs directory
[  593.823248][T14897] netlink: 'syz.0.2383': attribute type 21 has an invalid length.
[  593.855701][T14897] IPv6: NLM_F_CREATE should be specified when creating new route
[  593.900748][T14897] IPv6: Can't replace route, no match found
[  594.139799][T14897] netlink: 'syz.0.2383': attribute type 1 has an invalid length.
[  594.255676][T14898] netlink: 'syz.0.2383': attribute type 1 has an invalid length.
[  594.405115][T14898] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2383'.
[  594.429845][T14897] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2383'.
[  594.465639][ T5777] Bluetooth: hci2: command tx timeout
[  596.041437][T14915] netlink: 'syz.0.2388': attribute type 10 has an invalid length.
[  596.535411][ T5777] Bluetooth: hci2: command tx timeout
[  596.596752][T14841] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  596.811266][T14941] netlink: 'syz.2.2396': attribute type 25 has an invalid length.
[  596.825091][T14941] netlink: 'syz.2.2396': attribute type 3 has an invalid length.
[  596.840479][T14941] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2396'.
[  597.233733][T14841] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  597.252948][T14841] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  597.311354][T14946] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.2397'.
[  597.325192][T14841] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  597.584989][T14953] netlink: 'syz.0.2400': attribute type 10 has an invalid length.
[  597.605512][T14953] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  597.614590][T14953] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  597.658058][T14953] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  597.667592][T14953] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  597.870699][T14841] 8021q: adding VLAN 0 to HW filter on device bond0
[  597.939139][T14841] 8021q: adding VLAN 0 to HW filter on device team0
[  597.973074][   T33] bridge0: port 1(bridge_slave_0) entered blocking state
[  597.980387][   T33] bridge0: port 1(bridge_slave_0) entered forwarding state
[  598.085378][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.092660][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  598.625026][ T5777] Bluetooth: hci2: command tx timeout
[  598.675813][T14972] netlink: 'syz.0.2405': attribute type 10 has an invalid length.
[  598.704321][T14972] bond0: (slave bond_slave_0): Releasing backup interface
[  598.727954][T14972] bond_slave_0: left promiscuous mode
[  598.733966][T14972] bond_slave_0: left allmulticast mode
[  598.799937][T14841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  598.888628][T14841] veth0_vlan: entered promiscuous mode
[  598.923142][T14841] veth1_vlan: entered promiscuous mode
[  599.044321][T14841] veth0_macvtap: entered promiscuous mode
[  599.084369][T14841] veth1_macvtap: entered promiscuous mode
[  599.664308][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  599.675494][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.685503][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  599.696013][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.711107][T14841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  599.755938][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.768476][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.778796][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.789759][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.800183][T14841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.810853][T14841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.823368][T14841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  599.860170][T14841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  599.871788][T14841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  599.881518][T14841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  599.890763][T14841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  600.091298][ T9450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.108252][ T9450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.308041][ T9450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.335035][ T9450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.373286][T15006] netlink: 'syz.2.2413': attribute type 29 has an invalid length.
[  600.414719][T15006] netlink: 'syz.2.2413': attribute type 29 has an invalid length.
[  600.489448][T15007] netlink: 'syz.2.2413': attribute type 29 has an invalid length.
[  600.697418][ T5777] Bluetooth: hci2: command tx timeout
[  600.901046][T15015] bridge0: port 1(bridge_slave_0) entered disabled state
[  601.906695][T15033] IPv6: Can't replace route, no match found
[  602.106692][ T5775] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  602.127268][ T5775] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  602.155350][ T5775] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  602.190069][ T5775] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  602.213057][ T5775] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  602.222991][ T5775] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  602.474684][T15049] netlink: 'syz.3.2424': attribute type 3 has an invalid length.
[  602.482832][T15049] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2424'.
[  602.712419][T15057] netlink: 'syz.3.2427': attribute type 22 has an invalid length.
[  602.813826][T15057] mac80211_hwsim hwsim32 wlan1: entered promiscuous mode
[  602.842662][T15057] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode
[  603.469937][T15075] netlink: 'syz.2.2432': attribute type 29 has an invalid length.
[  603.515125][T15034] chnl_net:caif_netlink_parms(): no params data found
[  603.539162][T15075] netlink: 'syz.2.2432': attribute type 29 has an invalid length.
[  603.619230][T15074] netlink: 'syz.2.2432': attribute type 29 has an invalid length.
[  604.295017][ T5775] Bluetooth: hci4: command tx timeout
[  604.940506][T15034] bridge0: port 1(bridge_slave_0) entered blocking state
[  604.948932][T15034] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.956830][T15034] bridge_slave_0: entered allmulticast mode
[  604.964637][T15034] bridge_slave_0: entered promiscuous mode
[  605.292305][T15034] bridge0: port 2(bridge_slave_1) entered blocking state
[  605.310378][T15034] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.323439][T15034] bridge_slave_1: entered allmulticast mode
[  605.336738][T15034] bridge_slave_1: entered promiscuous mode
[  605.539462][T15034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  605.639050][T15034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  605.874500][T15034] team0: Port device team_slave_0 added
[  605.955391][T15034] team0: Port device team_slave_1 added
[  606.115807][T15034] batman_adv: batadv0: Adding interface: batadv_slave_0
[  606.134382][T15034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  606.194450][T15034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  606.233867][T15115] delete_channel: no stack
[  606.302277][T15034] batman_adv: batadv0: Adding interface: batadv_slave_1
[  606.311763][T15034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  606.354354][T15034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  606.383319][ T5775] Bluetooth: hci4: command tx timeout
[  606.690442][T15034] hsr_slave_0: entered promiscuous mode
[  606.768381][T15034] hsr_slave_1: entered promiscuous mode
[  606.799198][T15034] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  606.832753][T15034] Cannot create hsr debugfs directory
[  607.298734][T15148] C: renamed from team_slave_0
[  607.339530][T15148] netlink: 'syz.1.2445': attribute type 1 has an invalid length.
[  607.366591][T15148] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2445'.
[  607.397753][T15150] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2445'.
[  607.532503][T15153] netlink: 'syz.1.2445': attribute type 12 has an invalid length.
[  607.561862][T15153] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2445'.
[  608.097274][T15165] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2448'.
[  608.191995][T15172] netlink: 'syz.1.2450': attribute type 11 has an invalid length.
[  608.205114][T15172] netlink: 184116 bytes leftover after parsing attributes in process `syz.1.2450'.
[  608.491523][ T5775] Bluetooth: hci4: command tx timeout
[  608.545607][T15180] netlink: 'syz.2.2452': attribute type 30 has an invalid length.
[  609.122053][   T33] hsr_slave_0: left promiscuous mode
[  609.211618][   T33] hsr_slave_1: left promiscuous mode
[  609.221179][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  609.229001][   T33] batman_adv: batadv0: Removing interface: batadv_slave_0
[  609.237925][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  609.265239][   T33] batman_adv: batadv0: Removing interface: batadv_slave_1
[  609.306851][   T33] bond0: left allmulticast mode
[  609.311877][   T33] bond_slave_1: left allmulticast mode
[  609.510120][   T33] bridge0: port 3(bond0) entered disabled state
[  609.654237][   T33] bridge_slave_1: left allmulticast mode
[  609.666787][   T33] bridge_slave_1: left promiscuous mode
[  609.679093][   T33] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.696702][   T33] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.758505][   T33] veth1_macvtap: left promiscuous mode
[  609.772045][   T33] veth0_macvtap: left promiscuous mode
[  610.529623][   T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  610.539211][   T33] bond_slave_1 (unregistering): left promiscuous mode
[  610.546823][ T5775] Bluetooth: hci4: command tx timeout
[  610.933649][   T33] bond0 (unregistering): Released all slaves
[  611.041488][T15172] sysfs: cannot create duplicate filename '/class/ieee80211/!!�'
[  611.053468][T15172] CPU: 0 PID: 15172 Comm: syz.1.2450 Not tainted syzkaller #0
[  611.061153][T15172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  611.071211][T15172] Call Trace:
[  611.074498][T15172]  <TASK>
[  611.077433][T15172]  dump_stack_lvl+0x18c/0x250
[  611.082147][T15172]  ? show_regs_print_info+0x20/0x20
[  611.087625][T15172]  ? load_image+0x400/0x400
[  611.092157][T15172]  sysfs_warn_dup+0x8e/0xa0
[  611.096687][T15172]  sysfs_do_create_link_sd+0xc0/0x110
[  611.102287][T15172]  device_add_class_symlinks+0x1cf/0x240
[  611.108037][T15172]  device_add+0x507/0xc20
[  611.112394][T15172]  wiphy_register+0x1dad/0x2ae0
[  611.117364][T15172]  ? cfg80211_event_work+0x40/0x40
[  611.122590][T15172]  ? minstrel_ht_alloc+0x88a/0x990
[  611.127728][T15172]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  611.133991][T15172]  ieee80211_register_hw+0x3464/0x4250
[  611.139699][T15172]  ? ieee80211_tasklet_handler+0x20/0x20
[  611.145350][T15172]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  611.151260][T15172]  ? __debug_object_init+0xec/0x450
[  611.156654][T15172]  ? __asan_memset+0x22/0x40
[  611.161259][T15172]  ? __hrtimer_init+0x186/0x270
[  611.166123][T15172]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[  611.171981][T15172]  ? mac80211_hwsim_free+0x220/0x220
[  611.177370][T15172]  ? rcu_is_watching+0x15/0xb0
[  611.182157][T15172]  ? kstrndup+0xbd/0x140
[  611.186428][T15172]  hwsim_new_radio_nl+0xdc9/0x1a90
[  611.191563][T15172]  ? __nla_validate+0x50/0x50
[  611.196272][T15172]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  611.202716][T15172]  ? __nla_parse+0x40/0x50
[  611.207234][T15172]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  611.213589][T15172]  genl_family_rcv_msg_doit+0x211/0x310
[  611.219158][T15172]  ? end_current_label_crit_section+0x170/0x170
[  611.225414][T15172]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  611.231424][T15172]  ? bpf_lsm_capable+0x9/0x10
[  611.236114][T15172]  ? security_capable+0x89/0xb0
[  611.240989][T15172]  genl_rcv_msg+0x619/0x7a0
[  611.245560][T15172]  ? genl_bind+0x360/0x360
[  611.250025][T15172]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  611.256406][T15172]  ? perf_trace_lock+0xfc/0x3b0
[  611.261383][T15172]  netlink_rcv_skb+0x241/0x4d0
[  611.266190][T15172]  ? genl_bind+0x360/0x360
[  611.270620][T15172]  ? netlink_ack+0x1180/0x1180
[  611.275505][T15172]  ? __lock_acquire+0x7d40/0x7d40
[  611.280640][T15172]  ? down_read+0x1ac/0x2e0
[  611.285089][T15172]  genl_rcv+0x28/0x40
[  611.289088][T15172]  netlink_unicast+0x751/0x8d0
[  611.293878][T15172]  netlink_sendmsg+0x8d0/0xbf0
[  611.298671][T15172]  ? netlink_getsockopt+0x590/0x590
[  611.304004][T15172]  ? aa_sock_msg_perm+0x94/0x150
[  611.308962][T15172]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  611.314272][T15172]  ? security_socket_sendmsg+0x80/0xa0
[  611.319824][T15172]  ? netlink_getsockopt+0x590/0x590
[  611.325134][T15172]  ____sys_sendmsg+0x5ba/0x960
[  611.329918][T15172]  ? __asan_memset+0x22/0x40
[  611.334520][T15172]  ? __sys_sendmsg_sock+0x30/0x30
[  611.339639][T15172]  ? __import_iovec+0x5f2/0x850
[  611.344519][T15172]  ? import_iovec+0x73/0xa0
[  611.349042][T15172]  ___sys_sendmsg+0x2a6/0x360
[  611.353735][T15172]  ? __sys_sendmsg+0x2a0/0x2a0
[  611.358556][T15172]  __se_sys_sendmsg+0x1c2/0x2b0
[  611.363426][T15172]  ? __x64_sys_sendmsg+0x80/0x80
[  611.368416][T15172]  ? lockdep_hardirqs_on+0x98/0x150
[  611.373715][T15172]  do_syscall_64+0x55/0xa0
[  611.378144][T15172]  ? clear_bhb_loop+0x40/0x90
[  611.382835][T15172]  ? clear_bhb_loop+0x40/0x90
[  611.387791][T15172]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  611.393794][T15172] RIP: 0033:0x7f1755d9c799
[  611.398482][T15172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  611.418272][T15172] RSP: 002b:00007f1756cdf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  611.426710][T15172] RAX: ffffffffffffffda RBX: 00007f1756015fa0 RCX: 00007f1755d9c799
[  611.434692][T15172] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b
[  611.442953][T15172] RBP: 00007f1755e32c99 R08: 0000000000000000 R09: 0000000000000000
[  611.450954][T15172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  611.458942][T15172] R13: 00007f1756016038 R14: 00007f1756015fa0 R15: 00007ffc4a841918
[  611.466949][T15172]  </TASK>
[  611.502122][T15183] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2453'.
[  611.544383][T15183] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[  611.561203][T15183] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[  611.575907][T15183] .` (unregistering): (slave batadv0): Releasing backup interface
[  611.592341][T15183] .` (unregistering): (slave batadv_slave_0): Releasing backup interface
[  611.609336][T15183] .` (unregistering): Released all slaves
[  611.646931][T15179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  612.196090][T15200] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2457'.
[  612.270212][T15200] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2457'.
[  612.322574][T15209] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2457'.
[  612.392391][T15034] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  612.426791][T15202] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.2456'.
[  612.458320][T15200] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2457'.
[  612.484086][T15202] openvswitch: netlink: Duplicate key (type 0).
[  612.545664][T15034] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  612.597411][T15034] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  612.686414][T15034] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  613.021354][T15034] 8021q: adding VLAN 0 to HW filter on device bond0
[  613.104871][T15034] 8021q: adding VLAN 0 to HW filter on device team0
[  613.186540][ T9451] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.193939][ T9451] bridge0: port 1(bridge_slave_0) entered forwarding state
[  613.346475][ T9451] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.353733][ T9451] bridge0: port 2(bridge_slave_1) entered forwarding state
[  614.198915][T15248] netlink: 'syz.3.2466': attribute type 3 has an invalid length.
[  614.219915][T15248] netlink: 'syz.3.2466': attribute type 1 has an invalid length.
[  614.255119][T15248] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.2466'.
[  614.364218][T15034] 8021q: adding VLAN 0 to HW filter on device batadv0
[  614.524116][T15034] veth0_vlan: entered promiscuous mode
[  614.605968][T15034] veth1_vlan: entered promiscuous mode
[  614.769683][T15034] veth0_macvtap: entered promiscuous mode
[  614.860576][T15034] veth1_macvtap: entered promiscuous mode
[  614.972118][T15034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.007608][T15034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.047403][T15034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.074726][T15034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.119731][T15034] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.535952][T15034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.565074][T15034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.611167][T15034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.634159][T15034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.652179][T15034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.674376][T15034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.696709][T15034] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.782497][T15034] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.837722][T15034] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.885040][T15034] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.893995][T15034] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.931939][T15285] netlink: 'syz.1.2474': attribute type 10 has an invalid length.
[  615.960722][T15285] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2474'.
[  615.993342][T15285] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  616.442321][  T995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.480242][  T995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.002591][T15315] bridge_slave_1: left allmulticast mode
[  617.044969][T15315] bridge_slave_1: left promiscuous mode
[  617.095922][T15315] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.120013][T15315] bridge_slave_0: left allmulticast mode
[  617.172172][T15315] bridge_slave_0: left promiscuous mode
[  617.212377][T15315] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.253564][T15320] netlink: 'syz.1.2478': attribute type 2 has an invalid length.
[  617.283622][T15320] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.2478'.
[  617.666899][T15315] team0: Port device bridge0 removed
[  617.961810][ T9450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  617.969976][ T9450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.984994][T15322] pimreg0: tun_chr_ioctl cmd 1074812118
[  617.998293][T15325] pimreg0: tun_chr_ioctl cmd 35111
[  619.527105][ T5777] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  619.536685][ T5777] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  619.557341][ T5777] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  619.573466][ T5777] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  619.588060][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  619.606854][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  619.725123][T15358] netlink: 'syz.0.2484': attribute type 1 has an invalid length.
[  619.775132][T15358] netlink: 'syz.0.2484': attribute type 3 has an invalid length.
[  619.784055][T15358] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2484'.
[  619.814084][   T33] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.119141][   T33] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.182886][T15365] netlink: 'syz.3.2486': attribute type 10 has an invalid length.
[  620.263684][T15365] 8021q: adding VLAN 0 to HW filter on device batadv0
[  620.281107][T15365] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  620.406323][   T33] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.607597][   T33] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  621.540405][T15410] netlink: 'syz.0.2494': attribute type 1 has an invalid length.
[  621.551099][T15410] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2494'.
[  621.572586][T15410] netlink: 15035 bytes leftover after parsing attributes in process `syz.0.2494'.
[  621.582923][T15352] chnl_net:caif_netlink_parms(): no params data found
[  621.655525][ T5775] Bluetooth: hci0: command tx timeout
[  621.776993][T15418] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2497'.
[  621.962409][T15420] sit0: left promiscuous mode
[  622.011229][T15418] debugfs: Directory '!!�!' with parent 'ieee80211' already present!
[  622.249941][T15420] sit0: entered promiscuous mode
[  623.735822][ T5775] Bluetooth: hci0: command tx timeout
[  623.738351][T15428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  624.077257][T15352] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.237742][T15352] bridge0: port 1(bridge_slave_0) entered disabled state
[  624.267046][T15352] bridge_slave_0: entered allmulticast mode
[  624.285068][T15352] bridge_slave_0: entered promiscuous mode
[  624.587113][T15352] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.606268][T15352] bridge0: port 2(bridge_slave_1) entered disabled state
[  624.613713][T15352] bridge_slave_1: entered allmulticast mode
[  624.639894][T15352] bridge_slave_1: entered promiscuous mode
[  624.705613][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  624.712196][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  624.943192][T15352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  625.143044][T15352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  625.303640][T15461] netlink: 'syz.3.2505': attribute type 10 has an invalid length.
[  625.459661][T15461] bond0: (slave bond_slave_0): Releasing backup interface
[  625.602812][T15471] netlink: 'syz.2.2506': attribute type 2 has an invalid length.
[  625.624215][T15471] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.2506'.
[  625.789167][T15352] team0: Port device team_slave_0 added
[  625.815226][ T5775] Bluetooth: hci0: command tx timeout
[  625.868322][T15352] team0: Port device team_slave_1 added
[  625.969065][T15352] batman_adv: batadv0: Adding interface: batadv_slave_0
[  625.977909][T15352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.004554][T15352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  626.023887][T15352] batman_adv: batadv0: Adding interface: batadv_slave_1
[  626.034983][T15352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  626.099473][T15352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  627.295238][T15352] hsr_slave_0: entered promiscuous mode
[  627.303332][T15352] hsr_slave_1: entered promiscuous mode
[  627.828602][   T33] hsr_slave_0: left promiscuous mode
[  627.842096][   T33] hsr_slave_1: left promiscuous mode
[  627.896764][ T5775] Bluetooth: hci0: command tx timeout
[  627.911233][   T33] veth0_vlan: left promiscuous mode
[  631.621473][T15352] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  631.922021][T15352] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  632.169907][T15352] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  632.313436][T15352] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  632.748607][T15352] 8021q: adding VLAN 0 to HW filter on device bond0
[  632.842772][T15352] 8021q: adding VLAN 0 to HW filter on device team0
[  632.889400][T15564] netlink: 'syz.2.2515': attribute type 10 has an invalid length.
[  632.937192][ T9772] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.944397][ T9772] bridge0: port 1(bridge_slave_0) entered forwarding state
[  633.001735][ T9772] bridge0: port 2(bridge_slave_1) entered blocking state
[  633.009231][ T9772] bridge0: port 2(bridge_slave_1) entered forwarding state
[  633.479722][T15586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2521'.
[  634.521118][T15612] netlink: 'syz.2.2524': attribute type 29 has an invalid length.
[  634.549640][T15352] 8021q: adding VLAN 0 to HW filter on device batadv0
[  634.592830][T15612] netlink: 'syz.2.2524': attribute type 29 has an invalid length.
[  634.771233][T15352] veth0_vlan: entered promiscuous mode
[  634.842673][T15352] veth1_vlan: entered promiscuous mode
[  634.982485][T15352] veth0_macvtap: entered promiscuous mode
[  635.040197][T15352] veth1_macvtap: entered promiscuous mode
[  635.130861][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.190984][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.222508][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.255170][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.275038][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.297541][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.336768][T15352] batman_adv: batadv0: Interface activated: batadv_slave_0
[  635.346128][T15631] netlink: 'syz.2.2527': attribute type 4 has an invalid length.
[  635.367093][T15631] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2527'.
[  635.374601][T15640] netlink: 9055 bytes leftover after parsing attributes in process `syz.0.2528'.
[  635.458878][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.489981][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.515184][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.541315][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.575378][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.610443][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.626662][T15352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.655244][T15352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.686643][T15352] batman_adv: batadv0: Interface activated: batadv_slave_1
[  635.737861][T15352] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  635.764247][T15352] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  635.791449][T15352] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  635.825593][T15352] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  636.038047][ T9772] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  636.193530][ T9772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  636.250173][T15654] netlink: 160828 bytes leftover after parsing attributes in process `syz.2.2532'.
[  636.260776][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  636.282541][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  636.373316][T15659] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2534'.
[  639.666406][ T5777] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  639.676442][ T5777] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  639.696843][ T5777] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  639.713744][ T5777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  639.731522][ T5777] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  639.739466][ T5777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  639.984233][   T33] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.189513][   T33] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.474210][   T33] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.972811][T15722] syzkaller0: entered promiscuous mode
[  641.014963][T15722] syzkaller0: entered allmulticast mode
[  641.826000][ T5777] Bluetooth: hci1: command tx timeout
[  643.372005][T15729] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  643.380449][T15729] batman_adv: batadv0: Removing interface: batadv_slave_0
[  643.388695][T15729] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  643.396400][T15729] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.622176][T15738] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2549'.
[  643.643967][T15741] netlink: 209632 bytes leftover after parsing attributes in process `syz.3.2549'.
[  643.716007][   T33] tipc: Left network mode
[  643.886756][T15705] chnl_net:caif_netlink_parms(): no params data found
[  643.897620][ T5777] Bluetooth: hci1: command tx timeout
[  644.236051][T15750] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  644.243680][T15750] batman_adv: batadv0: Removing interface: batadv_slave_0
[  644.258361][T15750] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  644.275316][T15750] batman_adv: batadv0: Removing interface: batadv_slave_1
[  644.343805][T15750] bond0: (slave batadv0): Releasing backup interface
[  644.502384][T15749] delete_channel: no stack
[  645.022484][T15705] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.040171][T15705] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.055676][T15705] bridge_slave_0: entered allmulticast mode
[  645.063625][T15705] bridge_slave_0: entered promiscuous mode
[  645.148719][T15705] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.162653][T15705] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.170811][T15705] bridge_slave_1: entered allmulticast mode
[  645.193484][T15705] bridge_slave_1: entered promiscuous mode
[  645.338758][T15790] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2557'.
[  645.354483][T15705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  645.403145][T15705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  645.546782][T15705] team0: Port device team_slave_0 added
[  645.741877][T15705] team0: Port device team_slave_1 added
[  645.828340][T15801] netlink: 'syz.1.2560': attribute type 1 has an invalid length.
[  645.861324][T15801] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.2560'.
[  645.975304][ T5777] Bluetooth: hci1: command tx timeout
[  646.772509][T15835] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.2565'.
[  646.810207][T15833] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.2565'.
[  648.065159][ T5777] Bluetooth: hci1: command tx timeout
[  648.753236][T15820] netlink: 'syz.1.2563': attribute type 21 has an invalid length.
[  648.762372][T15820] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2563'.
[  649.006568][T15705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  649.040563][T15705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.056860][T15844] netlink: 'syz.0.2566': attribute type 1 has an invalid length.
[  649.080425][T15844] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2566'.
[  649.139085][T15705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  649.206017][T15844] lo: entered allmulticast mode
[  649.304419][T15705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  649.317087][T15843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  649.320016][T15705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.373303][T15705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  649.400752][T15848] netlink: 'syz.1.2567': attribute type 6 has an invalid length.
[  649.415584][T15848] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2567'.
[  651.083394][T15857] netlink: 'syz.0.2569': attribute type 49 has an invalid length.
[  651.106189][T15858] netlink: 'syz.1.2570': attribute type 12 has an invalid length.
[  651.125422][T15858] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2570'.
[  651.142952][T15857] netlink: 'syz.0.2569': attribute type 49 has an invalid length.
[  651.197331][T15705] hsr_slave_0: entered promiscuous mode
[  651.206396][T15705] hsr_slave_1: entered promiscuous mode
[  651.213253][T15705] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  651.231895][T15705] Cannot create hsr debugfs directory
[  651.240718][T15854] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2569'.
[  651.438876][T15868] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.2573'.
[  651.518597][T15866] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  651.920874][T15871] netlink: 'syz.1.2574': attribute type 2 has an invalid length.
[  651.933793][T15871] netlink: 'syz.1.2574': attribute type 8 has an invalid length.
[  651.947278][T15871] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2574'.
[  651.974089][T15878] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2575'.
[  652.706857][T15895] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2577'.
[  652.800209][T15899] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.2579'.
[  653.352452][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  653.372635][   T33] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.382946][   T33] batman_adv: batadv0: Interface deactivated: vlan1
[  653.389777][   T33] batman_adv: batadv0: Removing interface: vlan1
[  653.412663][   T33] veth0_vlan: left promiscuous mode
[  653.565908][   T33] team0 (unregistering): Port device geneve1 removed
[  653.621758][T15926] netlink: 'syz.3.2585': attribute type 3 has an invalid length.
[  653.650558][   T33] team0 (unregistering): Port device macvlan1 removed
[  654.049034][   T33] team0 (unregistering): Port device team_slave_1 removed
[  654.106364][   T33] team0 (unregistering): Port device C removed
[  654.887521][T15705] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  654.926306][T15705] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  654.975618][T15705] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  655.001487][T15705] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  655.065561][T15939] netlink: 'syz.1.2590': attribute type 4 has an invalid length.
[  655.073543][T15939] __nla_validate_parse: 1 callbacks suppressed
[  655.073558][T15939] netlink: 140 bytes leftover after parsing attributes in process `syz.1.2590'.
[  655.186062][T15934] netlink: 'syz.3.2588': attribute type 21 has an invalid length.
[  655.234227][T15934] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2588'.
[  655.283483][T15934] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2588'.
[  655.420444][T15941] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2588'.
[  655.471647][T15941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2588'.
[  655.954365][T15705] 8021q: adding VLAN 0 to HW filter on device bond0
[  656.050800][T15964] netlink: 22 bytes leftover after parsing attributes in process `syz.3.2594'.
[  656.109716][T15705] 8021q: adding VLAN 0 to HW filter on device team0
[  656.326628][ T9446] bridge0: port 1(bridge_slave_0) entered blocking state
[  656.333885][ T9446] bridge0: port 1(bridge_slave_0) entered forwarding state
[  656.476633][ T9772] bridge0: port 2(bridge_slave_1) entered blocking state
[  656.483840][ T9772] bridge0: port 2(bridge_slave_1) entered forwarding state
[  656.977513][T15705] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  657.013583][T15705] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  658.344415][T15991] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2599'.
[  658.381989][T15705] 8021q: adding VLAN 0 to HW filter on device batadv0
[  658.533052][T15705] veth0_vlan: entered promiscuous mode
[  658.577579][T15705] veth1_vlan: entered promiscuous mode
[  658.677311][T15705] veth0_macvtap: entered promiscuous mode
[  658.707975][T15705] veth1_macvtap: entered promiscuous mode
[  658.852248][T15705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.880764][T15705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.927275][T15705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.948255][T15705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.992308][T15705] batman_adv: batadv0: Interface activated: batadv_slave_0
[  659.031986][T15705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.063873][T15705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.084368][T15705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.095806][T15705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.126796][T15705] batman_adv: batadv0: Interface activated: batadv_slave_1
[  659.202620][T15705] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  659.225160][T15705] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  659.244740][T15705] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  659.287409][T15705] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  659.419856][T16035] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2604'.
[  659.780399][ T9772] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.814351][ T9772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  659.834180][T16044] netlink: 'syz.0.2606': attribute type 27 has an invalid length.
[  659.843491][T16044] netlink: 'syz.0.2606': attribute type 4 has an invalid length.
[  659.858695][T16044] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2606'.
[  660.071699][T16054] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2607'.
[  660.103606][ T9446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.137342][ T9446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.915810][T16087] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2614'.
[  663.203750][T16105] Q�6�`Ҙ: renamed from lo
[  664.218530][T16127] netlink: 'syz.2.2619': attribute type 9 has an invalid length.
[  664.338820][T16127] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2619'.
[  670.318555][T16149] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.2625'.
[  670.635739][T16165] sit0: entered allmulticast mode
[  670.815766][T16165] sit0: entered promiscuous mode
[  671.921247][T16175] netlink: 'syz.3.2630': attribute type 2 has an invalid length.
[  671.933952][T16175] netlink: 119 bytes leftover after parsing attributes in process `syz.3.2630'.
[  672.102711][T16195] netlink: 'syz.3.2636': attribute type 10 has an invalid length.
[  672.112535][T16195] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2636'.
[  675.630155][T16243] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2646'.
[  675.664283][T16243] openvswitch: netlink: Flow key attribute not present in set flow.
[  676.228804][ T9446] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  676.244947][ T9446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  676.264447][ T9446] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  676.285012][ T9446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  676.351640][ T9446] veth1_macvtap: left promiscuous mode
[  676.371147][ T9446] veth0_macvtap: left promiscuous mode
[  676.384035][ T9446] veth1_vlan: left promiscuous mode
[  676.391060][ T9446] veth0_vlan: left promiscuous mode
[  676.605750][T16270] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.2654'.
[  676.640832][T16270] netlink: zone id is out of range
[  676.651288][T16270] netlink: zone id is out of range
[  676.656737][T16270] netlink: zone id is out of range
[  676.662257][T16270] netlink: zone id is out of range
[  676.669262][T16270] netlink: zone id is out of range
[  676.675663][T16270] netlink: zone id is out of range
[  676.681524][T16270] netlink: zone id is out of range
[  676.688188][T16270] netlink: zone id is out of range
[  676.693542][T16270] netlink: zone id is out of range
[  677.880811][T16268] netlink: 'syz.2.2653': attribute type 10 has an invalid length.
[  677.906354][T16268] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2653'.
[  677.915879][T16268] hsr0: entered promiscuous mode
[  677.921199][T16268] bridge0: port 3(hsr0) entered blocking state
[  677.928257][T16268] bridge0: port 3(hsr0) entered disabled state
[  677.934661][T16268] hsr0: entered allmulticast mode
[  677.940306][T16268] hsr_slave_0: entered allmulticast mode
[  677.953190][T16268] hsr_slave_1: entered allmulticast mode
[  677.965317][T16268] bridge0: port 3(hsr0) entered blocking state
[  677.971671][T16268] bridge0: port 3(hsr0) entered forwarding state
[  678.148722][T16292] netlink: 'syz.2.2659': attribute type 1 has an invalid length.
[  678.161753][T16292] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.2659'.
[  678.171886][T16292] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2659'.
[  678.296657][T16290] netlink: 150456 bytes leftover after parsing attributes in process `syz.1.2658'.
[  679.271653][T16301] netlink: 'syz.2.2661': attribute type 3 has an invalid length.
[  679.907366][T16322] netlink: 'syz.1.2667': attribute type 5 has an invalid length.
[  679.928325][T16322] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2667'.
[  681.700418][T16335] netlink: 'syz.2.2665': attribute type 4 has an invalid length.
[  681.805185][T16335] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2665'.
[  681.995383][T16335] net_ratelimit: 333 callbacks suppressed
[  681.995403][T16335] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  682.086315][T16353] netlink: 'syz.3.2675': attribute type 12 has an invalid length.
[  682.094533][T16353] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2675'.
[  682.491046][T16373] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2680'.
[  682.623809][T16373] netlink: 'syz.3.2680': attribute type 4 has an invalid length.
[  682.682039][T16373] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2680'.
[  682.994091][T16374] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2678'.
[  683.101499][T16376] netlink: 16098 bytes leftover after parsing attributes in process `syz.3.2681'.
[  683.792335][T16405] netlink: 21 bytes leftover after parsing attributes in process `syz.2.2689'.
[  683.815565][T16405] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  683.916115][T16412] netlink: 'syz.0.2690': attribute type 33 has an invalid length.
[  683.933923][T16412] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2690'.
[  684.043291][T16417] netlink: 'syz.3.2692': attribute type 1 has an invalid length.
[  684.054921][T16417] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.2692'.
[  684.108405][T16419] netlink: 21 bytes leftover after parsing attributes in process `syz.2.2689'.
[  684.164577][T16419] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  685.314175][T16422] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  685.651606][T16433] netlink: 'syz.2.2695': attribute type 10 has an invalid length.
[  686.660631][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  686.667183][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  686.725915][T16433] team0: Port device geneve1 added
[  687.251144][T16452] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2701'.
[  687.305807][T16449] netlink: 'syz.0.2700': attribute type 27 has an invalid length.
[  687.313694][T16449] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2700'.
[  687.358251][T16449] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  687.396669][T16457] netlink: 'syz.1.2702': attribute type 10 has an invalid length.
[  687.802932][T16457] team0: Device wg1 is of different type
[  688.988549][T16500] netlink: 3787 bytes leftover after parsing attributes in process `syz.2.2710'.
[  692.166886][T16530] netlink: 'syz.2.2716': attribute type 3 has an invalid length.
[  692.328369][T16532] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.2719'.
[  692.338092][T16532] openvswitch: netlink: Message has 20476 unknown bytes.
[  693.111488][T16544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2723'.
[  693.137914][T16544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2723'.
[  693.185354][T16552] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2723'.
[  693.198644][T16544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2723'.
[  693.576895][T16567] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  693.869939][T16581] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  695.632160][T16610] netlink: 14556 bytes leftover after parsing attributes in process `syz.0.2740'.
[  696.757060][T16628] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2744'.
[  697.372232][T16632] netlink: 'syz.0.2746': attribute type 27 has an invalid length.
[  697.417544][T16632] netlink: 'syz.0.2746': attribute type 4 has an invalid length.
[  697.459735][T16632] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2746'.
[  698.040664][T16639] netpci0: tun_chr_ioctl cmd 2147767517
[  698.765649][T16656] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.2759'.
[  699.683496][T16682] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.2756'.
[  699.951122][T16691] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.2760'.
[  700.053869][T16691] bridge_slave_1: default FDB implementation only supports local addresses
[  701.132486][T16710] delete_channel: no stack
[  701.400592][T16727] netlink: 'syz.2.2769': attribute type 1 has an invalid length.
[  701.430656][T16727] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.2769'.
[  701.441693][T16727] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2769'.
[  701.659404][T16733] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2772'.
[  701.675174][T16733] openvswitch: netlink: Tunnel attr 0 has unexpected len 60 expected 8
[  703.159100][T16736] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2773'.
[  703.596167][T16770] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2780'.
[  705.813709][T16766] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2779'.
[  705.849343][T16772] netlink: 'syz.0.2777': attribute type 6 has an invalid length.
[  705.859328][T16772] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2777'.
[  705.872140][T16771] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2779'.
[  705.918020][T16770] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2780'.
[  705.952929][T16773] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2780'.
[  706.682862][T16810] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2790'.
[  707.054429][T16810] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  707.097442][T16810] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  707.143809][T16810] bond0 (unregistering): Released all slaves
[  708.335201][T16842] netlink: 'syz.0.2798': attribute type 9 has an invalid length.
[  708.378237][T16842] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2798'.
[  709.089961][T16848] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2800'.
[  709.658702][T16873] netlink: 'syz.1.2806': attribute type 10 has an invalid length.
[  709.671708][T16873] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2806'.
[  709.682854][T16873] batman_adv: batadv0: Adding interface: vlan1
[  709.694413][T16873] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  709.726135][T16873] batman_adv: batadv0: Interface activated: vlan1
[  710.443227][T16887] netlink: 'syz.1.2810': attribute type 10 has an invalid length.
[  710.457380][T16887] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2810'.
[  710.473932][T16887] hsr0: entered promiscuous mode
[  710.480199][T16887] bridge0: port 3(hsr0) entered blocking state
[  710.491400][T16887] bridge0: port 3(hsr0) entered disabled state
[  710.499689][T16887] hsr0: entered allmulticast mode
[  710.505253][T16887] hsr_slave_0: entered allmulticast mode
[  710.511994][T16887] hsr_slave_1: entered allmulticast mode
[  710.522804][T16887] bridge0: port 3(hsr0) entered blocking state
[  710.529622][T16887] bridge0: port 3(hsr0) entered forwarding state
[  711.159072][T16908] delete_channel: no stack
[  711.175662][T16908] delete_channel: no stack
[  714.384297][T16928] netlink: 'syz.0.2821': attribute type 10 has an invalid length.
[  714.451936][T16928] team0: Port device geneve1 added
[  714.620894][T16943] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2825'.
[  714.731163][T16945] netlink: 'syz.2.2824': attribute type 13 has an invalid length.
[  714.781559][T16945] netlink: 'syz.2.2824': attribute type 29 has an invalid length.
[  714.891309][T16945] netlink: 'syz.2.2824': attribute type 29 has an invalid length.
[  714.936664][T16947] netlink: 'syz.2.2824': attribute type 29 has an invalid length.
[  715.028942][T16950] netlink: 'syz.2.2824': attribute type 29 has an invalid length.
[  715.787238][T16962] netlink: 'syz.0.2828': attribute type 27 has an invalid length.
[  715.806631][T16962] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2828'.
[  715.828892][T16962] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  717.094581][T16993] netlink: 'syz.1.2836': attribute type 9 has an invalid length.
[  717.175214][T16993] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2836'.
[  717.917416][T17003] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2838'.
[  717.948703][T17003] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  717.973001][T17002] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.2837'.
[  717.993402][T17002] netlink: 6332 bytes leftover after parsing attributes in process `syz.2.2837'.
[  718.076979][T17010] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2840'.
[  718.090872][T17001] netlink: 'syz.3.2838': attribute type 9 has an invalid length.
[  718.099883][T17001] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2838'.
[  718.149431][T17007] netlink: 'syz.0.2839': attribute type 10 has an invalid length.
[  718.168359][T17007] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2839'.
[  718.226164][T17007] hsr0: entered promiscuous mode
[  718.268082][T17007] bridge0: port 3(hsr0) entered blocking state
[  718.317285][T17007] bridge0: port 3(hsr0) entered disabled state
[  718.376953][T17007] hsr0: entered allmulticast mode
[  718.457650][T17007] hsr_slave_0: entered allmulticast mode
[  718.463705][T17007] hsr_slave_1: entered allmulticast mode
[  718.575134][T17007] bridge0: port 3(hsr0) entered blocking state
[  718.586490][T17007] bridge0: port 3(hsr0) entered forwarding state
[  718.901510][T17030] sock: sock_set_timeout: `syz.2.2846' (pid 17030) tries to set negative timeout
[  718.937650][ T5775] Bluetooth: hci2: command 0x0406 tx timeout
[  719.365227][T17053] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2850'.
[  719.608037][T17060] netlink: 'syz.3.2853': attribute type 10 has an invalid length.
[  721.341034][T17107] netlink: 'syz.2.2869': attribute type 10 has an invalid length.
[  721.373407][T17107] team0: Port device macvlan0 added
[  722.294086][T17124] __nla_validate_parse: 1 callbacks suppressed
[  722.294107][T17124] netlink: 4068 bytes leftover after parsing attributes in process `syz.3.2875'.
[  723.254126][T17123] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  724.395150][T17165] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2886'.
[  724.428729][T17165] debugfs: Directory '!!�' with parent 'ieee80211' already present!
[  724.930738][ T9450] tipc: Subscription rejected, illegal request
[  726.703882][T17167] syzkaller0: entered promiscuous mode
[  726.716553][T17167] syzkaller0: entered allmulticast mode
[  726.813820][T17202] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2893'.
[  726.890128][T17202] netlink: 'syz.1.2893': attribute type 29 has an invalid length.
[  729.816684][ T5777] Bluetooth: hci4: command 0x0406 tx timeout
[  730.770272][T17202] netlink: 'syz.1.2893': attribute type 29 has an invalid length.
[  731.514429][T17232] netlink: 'syz.3.2901': attribute type 10 has an invalid length.
[  731.556422][T17232] team0: Device ipvlan1 failed to register rx_handler
[  731.723715][T17243] netlink: 'syz.3.2901': attribute type 10 has an invalid length.
[  731.753427][T17243] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2901'.
[  731.789362][T17243] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  732.272674][T17252] netlink: 'syz.2.2905': attribute type 10 has an invalid length.
[  732.376046][T17252] team0: Device ipvlan1 failed to register rx_handler
[  732.832085][T17282] netlink: 'syz.0.2913': attribute type 1 has an invalid length.
[  732.841817][T17283] netlink: 17279 bytes leftover after parsing attributes in process `syz.3.2911'.
[  732.863665][T17282] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.2913'.
[  732.880708][T17285] netlink: 'syz.2.2910': attribute type 3 has an invalid length.
[  732.891228][T17285] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2910'.
[  733.663227][T17304] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.2919'.
[  734.128160][T17313] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2922'.
[  734.175225][T17313] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2922'.
[  734.185873][T17314] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2922'.
[  734.197551][T17313] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2922'.
[  735.808495][T17327] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2924'.
[  736.313443][T17336] netlink: 'syz.1.2927': attribute type 40 has an invalid length.
[  736.934398][T17338] sysfs: cannot create duplicate filename '/class/ieee80211/!!�!'
[  736.954113][T17338] CPU: 0 PID: 17338 Comm: syz.3.2925 Not tainted syzkaller #0
[  736.961660][T17338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  736.972045][T17338] Call Trace:
[  736.975378][T17338]  <TASK>
[  736.978356][T17338]  dump_stack_lvl+0x18c/0x250
[  736.983109][T17338]  ? show_regs_print_info+0x20/0x20
[  736.988362][T17338]  ? load_image+0x400/0x400
[  736.992930][T17338]  sysfs_warn_dup+0x8e/0xa0
[  736.997499][T17338]  sysfs_do_create_link_sd+0xc0/0x110
[  737.002918][T17338]  device_add_class_symlinks+0x1cf/0x240
[  737.008722][T17338]  device_add+0x507/0xc20
[  737.013103][T17338]  wiphy_register+0x1dad/0x2ae0
[  737.017986][T17338]  ? cfg80211_event_work+0x40/0x40
[  737.023332][T17338]  ? minstrel_ht_alloc+0x88a/0x990
[  737.028463][T17338]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  737.034543][T17338]  ieee80211_register_hw+0x3464/0x4250
[  737.040062][T17338]  ? ieee80211_tasklet_handler+0x20/0x20
[  737.045706][T17338]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  737.051606][T17338]  ? __debug_object_init+0xec/0x450
[  737.057016][T17338]  ? __asan_memset+0x22/0x40
[  737.061687][T17338]  ? __hrtimer_init+0x186/0x270
[  737.066669][T17338]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[  737.072521][T17338]  ? mac80211_hwsim_free+0x220/0x220
[  737.077859][T17338]  ? rcu_is_watching+0x15/0xb0
[  737.082825][T17338]  ? kstrndup+0xbd/0x140
[  737.087103][T17338]  hwsim_new_radio_nl+0xdc9/0x1a90
[  737.092357][T17338]  ? __nla_validate+0x50/0x50
[  737.097053][T17338]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  737.103510][T17338]  ? __nla_parse+0x40/0x50
[  737.108031][T17338]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  737.114365][T17338]  genl_family_rcv_msg_doit+0x211/0x310
[  737.120008][T17338]  ? end_current_label_crit_section+0x170/0x170
[  737.126259][T17338]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  737.132160][T17338]  ? bpf_lsm_capable+0x9/0x10
[  737.136864][T17338]  ? security_capable+0x89/0xb0
[  737.141741][T17338]  genl_rcv_msg+0x619/0x7a0
[  737.146287][T17338]  ? genl_bind+0x360/0x360
[  737.150715][T17338]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  737.157328][T17338]  ? perf_trace_lock+0xfc/0x3b0
[  737.162194][T17338]  netlink_rcv_skb+0x241/0x4d0
[  737.166983][T17338]  ? genl_bind+0x360/0x360
[  737.171585][T17338]  ? netlink_ack+0x1180/0x1180
[  737.176359][T17338]  ? __lock_acquire+0x7d40/0x7d40
[  737.181422][T17338]  ? down_read+0x1ac/0x2e0
[  737.185840][T17338]  genl_rcv+0x28/0x40
[  737.189952][T17338]  netlink_unicast+0x751/0x8d0
[  737.194844][T17338]  netlink_sendmsg+0x8d0/0xbf0
[  737.199717][T17338]  ? netlink_getsockopt+0x590/0x590
[  737.204949][T17338]  ? aa_sock_msg_perm+0x94/0x150
[  737.209918][T17338]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  737.215220][T17338]  ? security_socket_sendmsg+0x80/0xa0
[  737.220703][T17338]  ? netlink_getsockopt+0x590/0x590
[  737.225928][T17338]  ____sys_sendmsg+0x5ba/0x960
[  737.230872][T17338]  ? __asan_memset+0x22/0x40
[  737.235470][T17338]  ? __sys_sendmsg_sock+0x30/0x30
[  737.240511][T17338]  ? __import_iovec+0x5f2/0x850
[  737.245395][T17338]  ? import_iovec+0x73/0xa0
[  737.249958][T17338]  ___sys_sendmsg+0x2a6/0x360
[  737.254737][T17338]  ? __lock_acquire+0x7d40/0x7d40
[  737.259810][T17338]  ? __sys_sendmsg+0x2a0/0x2a0
[  737.264724][T17338]  __se_sys_sendmsg+0x1c2/0x2b0
[  737.269615][T17338]  ? __x64_sys_sendmsg+0x80/0x80
[  737.274569][T17338]  ? lockdep_hardirqs_on+0x98/0x150
[  737.279779][T17338]  do_syscall_64+0x55/0xa0
[  737.284394][T17338]  ? clear_bhb_loop+0x40/0x90
[  737.289182][T17338]  ? clear_bhb_loop+0x40/0x90
[  737.293887][T17338]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  737.299796][T17338] RIP: 0033:0x7f019199c799
[  737.304236][T17338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  737.324123][T17338] RSP: 002b:00007f018fbd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  737.332548][T17338] RAX: ffffffffffffffda RBX: 00007f0191c16180 RCX: 00007f019199c799
[  737.340541][T17338] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a
[  737.348545][T17338] RBP: 00007f0191a32c99 R08: 0000000000000000 R09: 0000000000000000
[  737.356547][T17338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  737.364639][T17338] R13: 00007f0191c16218 R14: 00007f0191c16180 R15: 00007ffea8af5c78
[  737.374074][T17338]  </TASK>
[  737.568404][T17355] __nla_validate_parse: 1 callbacks suppressed
[  737.568426][T17355] netlink: 207508 bytes leftover after parsing attributes in process `syz.0.2930'.
[  737.790917][T17367] netlink: 'syz.0.2934': attribute type 10 has an invalid length.
[  737.811222][T17367] team0: Device ipvlan1 failed to register rx_handler
[  737.827212][T17370] netlink: 'syz.3.2936': attribute type 1 has an invalid length.
[  738.002105][T17372] netlink: 'syz.0.2934': attribute type 10 has an invalid length.
[  738.015908][T17372] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2934'.
[  738.057506][T17372] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  738.561943][T17405] netlink: 'syz.3.2943': attribute type 10 has an invalid length.
[  738.656105][T17405] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  738.685400][T17398] netlink: 'syz.0.2941': attribute type 7 has an invalid length.
[  738.724700][T17398] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2941'.
[  738.748339][T17406] netlink: 'syz.0.2941': attribute type 10 has an invalid length.
[  738.792933][T17406] veth0_macvtap: left promiscuous mode
[  739.190362][T17418] delete_channel: no stack
[  739.205511][T17418] delete_channel: no stack
[  739.996706][T17441] netlink: 144316 bytes leftover after parsing attributes in process `syz.3.2956'.
[  741.539572][T17473] netlink: 'syz.2.2964': attribute type 29 has an invalid length.
[  741.560283][T17473] netlink: 'syz.2.2964': attribute type 29 has an invalid length.
[  741.582391][T17473] netlink: 'syz.2.2964': attribute type 29 has an invalid length.
[  743.048438][T17506] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2974'.
[  743.062395][T17500] pimreg0: tun_chr_ioctl cmd 1074812118
[  743.089047][T17500] pimreg0: tun_chr_ioctl cmd 35111
[  743.375255][T17520] netpci0: tun_chr_ioctl cmd 2147767517
[  743.419496][T17522] pim6reg1: entered allmulticast mode
[  743.701316][T17532] netlink: 'syz.3.2986': attribute type 10 has an invalid length.
[  743.737200][T17532] 8021q: adding VLAN 0 to HW filter on device team0
[  743.758194][T17532] bond0: (slave team0): Enslaving as an active interface with an up link
[  744.411878][T17548] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  744.420652][T17548] IPv6: NLM_F_CREATE should be set when creating new route
[  744.430219][T17548] IPv6: NLM_F_CREATE should be set when creating new route
[  744.440144][T17548] IPv6: NLM_F_CREATE should be set when creating new route
[  744.535072][ T5775] Bluetooth: hci0: command 0x0406 tx timeout
[  744.577217][T17571] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2995'.
[  744.588123][T17571] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2995'.
[  744.603068][T17571] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2995'.
[  744.833796][T17578] Dead loop on virtual device ip6_vti0, fix it urgently!
[  745.649421][T17615] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3008'.
[  746.414568][T17621] netlink: 'syz.0.3009': attribute type 3 has an invalid length.
[  746.430773][T17621] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.3009'.
[  746.441685][T17628] netlink: 'syz.1.3012': attribute type 1 has an invalid length.
[  746.957486][T17647] netlink: 'syz.2.3017': attribute type 10 has an invalid length.
[  747.342053][T17647] team0: Device wg1 is of different type
[  747.805506][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  747.811983][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  747.879991][T17660] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.3020'.
[  748.325383][T17663] netlink: 'syz.3.3019': attribute type 39 has an invalid length.
[  748.640161][T17674] netlink: 'syz.2.3022': attribute type 39 has an invalid length.
[  749.761101][T17692] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3026'.
[  749.780076][T17692] openvswitch: netlink: Key type 29 is not supported
[  750.250067][T17696] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3027'.
[  750.339764][T17697] netlink: 'syz.1.3027': attribute type 2 has an invalid length.
[  750.395157][T17697] netlink: 'syz.1.3027': attribute type 3 has an invalid length.
[  750.403674][T17697] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3027'.
[  750.795265][T17696] team0: Port device team_slave_0 removed
[  750.820989][T17696] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  750.884633][T17703] netlink: 'syz.3.3029': attribute type 46 has an invalid length.
[  752.944054][T17728] netlink: 'syz.0.3037': attribute type 21 has an invalid length.
[  752.962479][T17728] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3037'.
[  752.987736][T17728] netlink: 'syz.0.3037': attribute type 4 has an invalid length.
[  753.003696][T17728] netlink: 'syz.0.3037': attribute type 5 has an invalid length.
[  753.065166][T17728] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3037'.
[  754.845933][T17744] pim6reg1: entered promiscuous mode
[  754.863464][T17744] pim6reg1: entered allmulticast mode
[  755.408971][T17761] netlink: 'syz.1.3048': attribute type 10 has an invalid length.
[  755.455956][T17761] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3048'.
[  755.577192][T17761] bond0: entered promiscuous mode
[  755.688355][T17761] bond_slave_0: entered promiscuous mode
[  755.694351][T17761] bond_slave_1: entered promiscuous mode
[  755.835937][T17761] bridge0: port 4(bond0) entered blocking state
[  755.872101][T17761] bridge0: port 4(bond0) entered disabled state
[  755.958859][T17761] bond0: entered allmulticast mode
[  756.036424][T17761] bond_slave_0: entered allmulticast mode
[  756.068574][T17761] bond_slave_1: entered allmulticast mode
[  756.122869][T17761] bridge0: port 4(bond0) entered blocking state
[  756.129422][T17761] bridge0: port 4(bond0) entered forwarding state
[  756.432683][T17785] syzkaller0: entered promiscuous mode
[  756.450825][T17785] syzkaller0: entered allmulticast mode
[  756.748900][T17795] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3055'.
[  756.981499][T17798] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3056'.
[  763.575676][T17799] netlink: 56537 bytes leftover after parsing attributes in process `syz.0.3057'.
[  764.342684][T17837] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.3064'.
[  765.023480][ T5775] Bluetooth: hci1: command 0x0406 tx timeout
[  765.803463][T17882] netlink: 'syz.2.3070': attribute type 29 has an invalid length.
[  765.942566][T17882] netlink: 'syz.2.3070': attribute type 29 has an invalid length.
[  767.062081][T17891] netlink: 'syz.3.3073': attribute type 33 has an invalid length.
[  767.095822][T17891] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3073'.
[  768.453392][T17938] netlink: 6 bytes leftover after parsing attributes in process `syz.0.3086'.
[  768.473449][T17938] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  768.491581][T17934] netlink: 6 bytes leftover after parsing attributes in process `syz.0.3086'.
[  768.541285][T17934] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  768.970179][T17954] netlink: 822 bytes leftover after parsing attributes in process `syz.3.3089'.
[  769.010102][T17954] veth0_to_bond: invalid flags given to default FDB implementation
[  769.107657][T17959] netlink: 'syz.1.3091': attribute type 1 has an invalid length.
[  769.126553][T17959] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.3091'.
[  769.161433][T17959] netlink: 212912 bytes leftover after parsing attributes in process `syz.1.3091'.
[  769.171481][T17959] openvswitch: netlink: IP tunnel dst address not specified
[  769.817901][T17989] netlink: 'syz.2.3101': attribute type 21 has an invalid length.
[  770.361723][T18004] netlink: 'syz.3.3107': attribute type 3 has an invalid length.
[  770.374582][T18004] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.3107'.
[  771.330572][T18033] mac80211_hwsim hwsim32 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  772.204078][T18054] netlink: 'syz.1.3118': attribute type 2 has an invalid length.
[  772.334083][T18059] netlink: 'syz.0.3120': attribute type 21 has an invalid length.
[  772.342500][T18059] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3120'.
[  772.360772][T18059] netlink: 'syz.0.3120': attribute type 4 has an invalid length.
[  772.633578][T18069] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.3125'.
[  772.772288][T18082] netlink: 'syz.3.3129': attribute type 10 has an invalid length.
[  772.789384][T18082] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3129'.
[  772.824000][T18079] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.3128'.
[  775.259970][   T68] wlan1: Trigger new scan to find an IBSS to join
[  775.483782][T18160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3148'.
[  775.535439][T18162] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.3149'.
[  775.553519][T18162] netlink: 'syz.1.3149': attribute type 21 has an invalid length.
[  775.562266][T18162] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3149'.
[  775.661923][T18163] delete_channel: no stack
[  775.668282][T18168] netlink: 'syz.3.3148': attribute type 10 has an invalid length.
[  775.722099][T18168] bond0: (slave team0): Releasing backup interface
[  775.956043][T18168] team0 (unregistering): Port device team_slave_0 removed
[  776.049433][T18168] team0 (unregistering): Port device team_slave_1 removed
[  776.348156][T18178] netlink: 'syz.1.3153': attribute type 10 has an invalid length.
[  776.370076][T18178] team0: Port device wlan1 added
[  776.867025][T18213] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3160'.
[  777.112905][T18220] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.3164'.
[  777.141849][T18222] netlink: 61959 bytes leftover after parsing attributes in process `syz.3.3165'.
[  777.188380][T18218] netlink: 'syz.1.3163': attribute type 12 has an invalid length.
[  777.201660][T18218] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3163'.
[  778.828941][T18253] netlink: 3076 bytes leftover after parsing attributes in process `syz.0.3173'.
[  778.838488][T18253] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.3173'.
[  779.198359][T18270] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.3177'.
[  780.217023][ T9446] wlan1: Trigger new scan to find an IBSS to join
[  780.641710][T18313] netlink: 'syz.3.3185': attribute type 9 has an invalid length.
[  780.654126][T18313] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.3185'.
[  780.762263][T18318] netlink: 'syz.3.3185': attribute type 1 has an invalid length.
[  781.125333][  T995] wlan1: Creating new IBSS network, BSSID e2:3e:35:3d:87:d1
[  781.476178][T18325] netlink: 'syz.0.3190': attribute type 10 has an invalid length.
[  781.495248][T18325] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.3190'.
[  781.675158][T18333] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3192'.
[  781.730502][T18337] netlink: 202920 bytes leftover after parsing attributes in process `syz.0.3194'.
[  783.725334][T18373] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.3205'.
[  784.413704][T18386] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.3207'.
[  784.574215][T18385] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3208'.
[  784.915723][T18393] netlink: 'syz.1.3209': attribute type 10 has an invalid length.
[  784.923699][T18393] netlink: 209216 bytes leftover after parsing attributes in process `syz.1.3209'.
[  784.934306][T18393] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  785.643961][T18380] netlink: 'syz.0.3206': attribute type 10 has an invalid length.
[  787.015643][T18380] bridge0: port 3(hsr0) entered disabled state
[  787.022836][T18380] bridge0: port 2(bridge_slave_1) entered disabled state
[  787.032102][T18380] bridge0: port 1(bridge_slave_0) entered disabled state
[  788.110545][T18429] netlink: 'syz.2.3225': attribute type 21 has an invalid length.
[  788.133755][T18432] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.3217'.
[  788.134954][T18429] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3225'.
[  788.195053][T18429] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3225'.
[  789.579479][T18448] syzkaller0: entered promiscuous mode
[  789.587769][T18448] syzkaller0: entered allmulticast mode
[  793.753471][T18473] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.3229'.
[  794.187032][T18492] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3235'.
[  794.683519][T18492] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3235'.
[  794.818899][T18499] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3235'.
[  794.848279][T18501] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3235'.
[  795.128545][T18517] netlink: 'syz.1.3240': attribute type 10 has an invalid length.
[  795.138170][T18517] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3240'.
[  795.352607][T18521] netlink: 'syz.3.3242': attribute type 10 has an invalid length.
[  795.429076][T18526] sock: sock_timestamping_bind_phc: sock not bind to device
[  795.442153][T18521] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.461116][T18527] sock: sock_timestamping_bind_phc: sock not bind to device
[  795.815328][T18531] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3246'.
[  795.866835][T18531] netlink: 'syz.3.3246': attribute type 5 has an invalid length.
[  796.518665][T18549] netlink: 'syz.2.3253': attribute type 29 has an invalid length.
[  796.557509][T18549] netlink: 'syz.2.3253': attribute type 3 has an invalid length.
[  796.615079][T18549] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3253'.
[  796.657371][T18558] pimreg: tun_chr_ioctl cmd 1074025677
[  796.673519][T18558] pimreg: linktype set to 780
[  796.805135][T18545] netlink: 'syz.1.3251': attribute type 10 has an invalid length.
[  796.816722][T18545] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3251'.
[  796.873536][T18545] batman_adv: batadv0: Adding interface: veth1_virt_wifi
[  796.902725][T18545] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  796.966780][T18545] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[  797.112014][T18565] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.3255'.
[  798.292455][T18600] netlink: 'syz.0.3265': attribute type 3 has an invalid length.
[  798.405084][T18603] netlink: 'syz.1.3267': attribute type 12 has an invalid length.
[  798.490507][T18603] netlink: 'syz.1.3267': attribute type 3 has an invalid length.
[  798.519653][T18601] can: request_module (can-proto-0) failed.
[  799.467040][T18633] netlink: 'syz.1.3274': attribute type 10 has an invalid length.
[  800.277367][T18646] IPv6: Can't replace route, no match found
[  800.283745][T18648] mac80211_hwsim hwsim31 wlan0: entered promiscuous mode
[  800.293340][T18648] mac80211_hwsim hwsim31 wlan0: entered allmulticast mode
[  801.054039][T18674] __nla_validate_parse: 7 callbacks suppressed
[  801.054060][T18674] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3287'.
[  801.423256][T18688] netlink: 'syz.1.3291': attribute type 17 has an invalid length.
[  801.797480][T18701] netlink: 'syz.0.3295': attribute type 19 has an invalid length.
[  801.811719][T18701] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3295'.
[  802.114156][T18705] netlink: 164 bytes leftover after parsing attributes in process `syz.0.3295'.
[  802.758309][T18719] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3299'.
[  804.549454][T18738] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  804.595364][T18738] batman_adv: batadv0: Removing interface: batadv_slave_0
[  804.646536][T18738] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  804.715233][T18738] batman_adv: batadv0: Removing interface: batadv_slave_1
[  805.099691][T18747] netlink: 'syz.1.3305': attribute type 19 has an invalid length.
[  805.112868][T18747] netlink: 14524 bytes leftover after parsing attributes in process `syz.1.3305'.
[  805.126444][T18754] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3308'.
[  805.797986][T18776] netlink: 'syz.0.3313': attribute type 25 has an invalid length.
[  805.826759][T18776] netlink: 'syz.0.3313': attribute type 9 has an invalid length.
[  805.888949][T18780] netlink: 'syz.2.3314': attribute type 10 has an invalid length.
[  805.938425][T18780] bridge0: port 3(hsr0) entered disabled state
[  805.971710][T18780] bridge0: port 3(hsr0) entered blocking state
[  805.978528][T18780] bridge0: port 3(hsr0) entered forwarding state
[  805.987881][T18780] team0: Device hsr_slave_0 failed to register rx_handler
[  806.053873][T18784] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3315'.
[  806.085171][T18780] bridge0: port 3(hsr0) entered disabled state
[  806.138543][T18775] netlink: 'syz.2.3314': attribute type 3 has an invalid length.
[  806.161373][T18775] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.3314'.
[  806.460379][T18796] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3319'.
[  806.496302][T18798] netlink: 'syz.1.3320': attribute type 5 has an invalid length.
[  807.775435][T18837] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3329'.
[  807.822090][T18840] netlink: 'syz.3.3330': attribute type 1 has an invalid length.
[  807.830799][T18840] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.3330'.
[  807.858443][T18840] netlink: 'syz.3.3330': attribute type 9 has an invalid length.
[  807.876076][T18840] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.3330'.
[  808.710055][T18874] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3339'.
[  809.044646][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  809.061508][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  809.604098][T18899] netlink: 'syz.2.3344': attribute type 10 has an invalid length.
[  809.624842][T18899] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3344'.
[  809.645394][T18899] ipvlan1: entered promiscuous mode
[  809.651155][T18899] ipvlan1: entered allmulticast mode
[  809.675015][T18899] veth0_vlan: entered allmulticast mode
[  809.689981][T18899] bridge0: port 4(ipvlan1) entered blocking state
[  809.714637][T18899] bridge0: port 4(ipvlan1) entered disabled state
[  809.735826][T18899] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  810.167486][T18911] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3350'.
[  810.685957][T18918] veth1_to_bond: entered allmulticast mode
[  810.970997][T18939] netlink: 'syz.3.3357': attribute type 16 has an invalid length.
[  810.985089][T18939] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3357'.
[  810.994317][T18939] veth1_macvtap: entered allmulticast mode
[  811.031079][T18948] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3360'.
[  811.167841][ T9450] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  815.949759][T18994] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3371'.
[  816.127891][T19000] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3374'.
[  816.331737][T19006] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3376'.
[  817.573436][T19038] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3384'.
[  818.495856][T19082] netlink: 'syz.1.3393': attribute type 2 has an invalid length.
[  818.591772][T19081] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3396'.
[  818.626099][T19082] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3393'.
[  818.810065][T19086] netlink: 64527 bytes leftover after parsing attributes in process `syz.2.3398'.
[  818.913748][T19087] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.3397'.
[  819.660477][T19094] Q�6�`Ҙ: renamed from lo (while UP)
[  820.031297][T19104] mac80211_hwsim hwsim37 wlan0: entered promiscuous mode
[  820.083904][T19104] mac80211_hwsim hwsim37 wlan0: entered allmulticast mode
[  820.767275][T19124] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3407'.
[  821.722131][T19149] netlink: 'syz.1.3414': attribute type 16 has an invalid length.
[  821.754791][T19149] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3414'.
[  822.223824][T19156] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3417'.
[  823.180119][T19184] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3424'.
[  823.202110][T19185] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.3419'.
[  823.519406][T19197] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3427'.
[  823.597186][ T5777] Bluetooth: hci1: ISO packet for unknown connection handle 50
[  824.267243][T19228] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.3435'.
[  824.340299][T19228] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  824.488732][T19228] openvswitch: netlink: Message has 1 unknown bytes.
[  824.576079][T19237] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3437'.
[  824.629263][T19237] openvswitch: netlink: Key type 4112 is out of range max 32
[  824.996987][T19247] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3439'.
[  825.316678][T19261] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.3443'.
[  825.335449][T19259] netlink: 'syz.0.3442': attribute type 10 has an invalid length.
[  825.346048][T19259] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3442'.
[  825.364910][T19259] team0: entered promiscuous mode
[  825.370118][T19259] team_slave_0: entered promiscuous mode
[  825.394978][T19259] team_slave_1: entered promiscuous mode
[  825.405398][T19259] geneve1: entered promiscuous mode
[  825.415696][T19259] team0: entered allmulticast mode
[  825.441113][T19259] team_slave_0: entered allmulticast mode
[  825.452212][T19259] team_slave_1: entered allmulticast mode
[  825.460668][T19259] geneve1: entered allmulticast mode
[  825.475875][T19259] bridge0: port 4(team0) entered blocking state
[  825.482905][T19259] bridge0: port 4(team0) entered disabled state
[  826.750309][T19296] netlink: 'syz.3.3454': attribute type 1 has an invalid length.
[  828.442503][T19325] __nla_validate_parse: 1 callbacks suppressed
[  828.442524][T19325] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.3459'.
[  829.312188][T19339] netlink: 'syz.2.3465': attribute type 29 has an invalid length.
[  831.153941][T19339] netlink: 'syz.2.3465': attribute type 29 has an invalid length.
[  831.338128][T19347] netlink: 'syz.0.3466': attribute type 15 has an invalid length.
[  831.346774][T19347] netlink: 'syz.0.3466': attribute type 5 has an invalid length.
[  831.354648][T19347] netlink: 144 bytes leftover after parsing attributes in process `syz.0.3466'.
[  831.568717][T19356] netlink: 'syz.0.3471': attribute type 11 has an invalid length.
[  831.586819][T19356] netlink: 212832 bytes leftover after parsing attributes in process `syz.0.3471'.
[  831.849069][T19362] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  831.882647][T19362] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.3474'.
[  832.068836][T19370] netlink: 'syz.0.3476': attribute type 4 has an invalid length.
[  832.090846][T19370] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3476'.
[  832.193416][T19370] netlink: 17279 bytes leftover after parsing attributes in process `syz.0.3476'.
[  832.397177][T19370] syzkaller0: entered promiscuous mode
[  832.402849][T19370] syzkaller0: entered allmulticast mode
[  835.124658][T19394] netlink: 'syz.0.3480': attribute type 10 has an invalid length.
[  835.146759][T19395] netlink: 'syz.0.3480': attribute type 1 has an invalid length.
[  835.184809][T19395] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.3480'.
[  839.278280][T19422] netlink: 'syz.2.3488': attribute type 41 has an invalid length.
[  839.307497][T19423] netlink: 'syz.2.3488': attribute type 41 has an invalid length.
[  839.914871][T19440] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3493'.
[  840.036818][T19440] syzkaller0: entered allmulticast mode
[  840.106464][T19440] syzkaller0: mtu greater than device maximum
[  840.302209][T19448] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.3494'.
[  841.094410][T19463] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3498'.
[  843.550672][T19463] debugfs: Directory '!!�' with parent 'ieee80211' already present!
[  843.577002][T19474] netlink: 'syz.2.3501': attribute type 10 has an invalid length.
[  843.604579][T19474] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  844.370147][T19496] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3507'.
[  844.399146][T19502] pim6reg1: entered allmulticast mode
[  844.746311][T19507] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.3509'.
[  845.370981][T18821] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  846.218215][T19531] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.3513'.
[  846.373250][T19533] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3513'.
[  846.386423][T19521] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3514'.
[  846.454408][T19533] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3513'.
[  846.496538][T19523] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3513'.
[  846.623899][T19537] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.3513'.
[  847.064271][T19552] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3520'.
[  847.207303][T19554] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3522'.
[  847.234077][T19554] netlink: get zone limit has 4 unknown bytes
[  847.809345][T19574] netlink: 'syz.3.3526': attribute type 3 has an invalid length.
[  847.833435][T19574] netlink: 16094 bytes leftover after parsing attributes in process `syz.3.3526'.
[  848.328044][T19589] netlink: 'syz.2.3531': attribute type 1 has an invalid length.
[  849.203963][T19607] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3537'.
[  849.273278][T19607] bridge0: port 4(bond0) entered disabled state
[  849.354059][T19613] netlink: 'syz.0.3539': attribute type 8 has an invalid length.
[  849.431888][T19607] bond0 (unregistering): left allmulticast mode
[  849.438889][T19607] bond_slave_0: left allmulticast mode
[  849.445435][T19607] bond_slave_1: left allmulticast mode
[  849.451352][T19607] bridge0: port 4(bond0) entered disabled state
[  849.491150][T19607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  849.524501][T19607] bond_slave_0: left promiscuous mode
[  849.583508][T19607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  849.618160][T19607] bond_slave_1: left promiscuous mode
[  849.636644][T19607] bond0 (unregistering): Released all slaves
[  849.732225][T19620] netlink: 'syz.2.3541': attribute type 21 has an invalid length.
[  849.863331][T19613] sysfs: cannot create duplicate filename '/class/ieee80211/!!�'
[  849.884733][T19613] CPU: 1 PID: 19613 Comm: syz.0.3539 Not tainted syzkaller #0
[  849.892263][T19613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  849.902635][T19613] Call Trace:
[  849.905993][T19613]  <TASK>
[  849.908973][T19613]  dump_stack_lvl+0x18c/0x250
[  849.913898][T19613]  ? show_regs_print_info+0x20/0x20
[  849.919254][T19613]  ? load_image+0x400/0x400
[  849.923842][T19613]  sysfs_warn_dup+0x8e/0xa0
[  849.928477][T19613]  sysfs_do_create_link_sd+0xc0/0x110
[  849.933936][T19613]  device_add_class_symlinks+0x1cf/0x240
[  849.939626][T19613]  device_add+0x507/0xc20
[  849.944115][T19613]  wiphy_register+0x1dad/0x2ae0
[  849.949044][T19613]  ? cfg80211_event_work+0x40/0x40
[  849.954251][T19613]  ? minstrel_ht_alloc+0x88a/0x990
[  849.959427][T19613]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  849.965550][T19613]  ieee80211_register_hw+0x3464/0x4250
[  849.971101][T19613]  ? ieee80211_tasklet_handler+0x20/0x20
[  849.976784][T19613]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  849.982726][T19613]  ? __debug_object_init+0xec/0x450
[  849.988153][T19613]  ? __asan_memset+0x22/0x40
[  849.993062][T19613]  ? __hrtimer_init+0x186/0x270
[  849.997961][T19613]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[  850.003763][T19613]  ? mac80211_hwsim_free+0x220/0x220
[  850.009187][T19613]  ? rcu_is_watching+0x15/0xb0
[  850.014001][T19613]  ? kstrndup+0xbd/0x140
[  850.018299][T19613]  hwsim_new_radio_nl+0xdc9/0x1a90
[  850.023553][T19613]  ? __nla_validate+0x50/0x50
[  850.028370][T19613]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  850.034772][T19613]  ? __nla_parse+0x40/0x50
[  850.039224][T19613]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  850.045758][T19613]  genl_family_rcv_msg_doit+0x211/0x310
[  850.051317][T19613]  ? end_current_label_crit_section+0x170/0x170
[  850.057582][T19613]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  850.063584][T19613]  ? bpf_lsm_capable+0x9/0x10
[  850.068367][T19613]  ? security_capable+0x89/0xb0
[  850.073762][T19613]  genl_rcv_msg+0x619/0x7a0
[  850.078296][T19613]  ? genl_bind+0x360/0x360
[  850.082847][T19613]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  850.089284][T19613]  ? ref_tracker_free+0x690/0x840
[  850.094857][T19613]  netlink_rcv_skb+0x241/0x4d0
[  850.099639][T19613]  ? genl_bind+0x360/0x360
[  850.104588][T19613]  ? netlink_ack+0x1180/0x1180
[  850.109422][T19613]  ? __lock_acquire+0x7d40/0x7d40
[  850.114927][T19613]  ? down_read+0x1ac/0x2e0
[  850.119589][T19613]  genl_rcv+0x28/0x40
[  850.123623][T19613]  netlink_unicast+0x751/0x8d0
[  850.128441][T19613]  netlink_sendmsg+0x8d0/0xbf0
[  850.133363][T19613]  ? netlink_getsockopt+0x590/0x590
[  850.138691][T19613]  ? aa_sock_msg_perm+0x94/0x150
[  850.144475][T19613]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  850.150189][T19613]  ? security_socket_sendmsg+0x80/0xa0
[  850.156149][T19613]  ? netlink_getsockopt+0x590/0x590
[  850.161377][T19613]  ____sys_sendmsg+0x5ba/0x960
[  850.166353][T19613]  ? __asan_memset+0x22/0x40
[  850.171048][T19613]  ? __sys_sendmsg_sock+0x30/0x30
[  850.176270][T19613]  ? __import_iovec+0x5f2/0x850
[  850.181417][T19613]  ? import_iovec+0x73/0xa0
[  850.185950][T19613]  ___sys_sendmsg+0x2a6/0x360
[  850.190676][T19613]  ? __sys_sendmsg+0x2a0/0x2a0
[  850.195526][T19613]  __se_sys_sendmsg+0x1c2/0x2b0
[  850.200405][T19613]  ? __x64_sys_sendmsg+0x80/0x80
[  850.205480][T19613]  ? lockdep_hardirqs_on+0x98/0x150
[  850.210701][T19613]  do_syscall_64+0x55/0xa0
[  850.215244][T19613]  ? clear_bhb_loop+0x40/0x90
[  850.219961][T19613]  ? clear_bhb_loop+0x40/0x90
[  850.224665][T19613]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  850.230581][T19613] RIP: 0033:0x7efd1819c799
[  850.235274][T19613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  850.254985][T19613] RSP: 002b:00007efd1900b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  850.263507][T19613] RAX: ffffffffffffffda RBX: 00007efd18415fa0 RCX: 00007efd1819c799
[  850.271512][T19613] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007
[  850.279672][T19613] RBP: 00007efd18232c99 R08: 0000000000000000 R09: 0000000000000000
[  850.287857][T19613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  850.296042][T19613] R13: 00007efd18416038 R14: 00007efd18415fa0 R15: 00007ffc8eff9c98
[  850.304049][T19613]  </TASK>
[  851.332984][T19644] netlink: 'syz.1.3545': attribute type 10 has an invalid length.
[  852.032961][T19665] __nla_validate_parse: 1 callbacks suppressed
[  852.032984][T19665] netlink: 16358 bytes leftover after parsing attributes in process `syz.0.3552'.
[  852.421399][T19684] netlink: 'syz.2.3555': attribute type 3 has an invalid length.
[  852.459927][T19684] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.3555'.
[  852.831527][T19691] netlink: 'syz.3.3558': attribute type 2 has an invalid length.
[  852.871663][T19691] netlink: 'syz.3.3558': attribute type 8 has an invalid length.
[  852.901743][T19691] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3558'.
[  853.062460][T19704] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3561'.
[  854.165934][T19733] netlink: 'syz.2.3570': attribute type 10 has an invalid length.
[  854.174839][T19733] netlink: 3819 bytes leftover after parsing attributes in process `syz.2.3570'.
[  854.576791][T19738] netlink: 'syz.2.3572': attribute type 1 has an invalid length.
[  854.595026][T19738] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.3572'.
[  854.639931][T19738] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.3572'.
[  855.768815][T19766] syzkaller0: entered promiscuous mode
[  855.798079][T19766] syzkaller0: entered allmulticast mode
[  856.959669][T19775] netlink: 'syz.1.3581': attribute type 2 has an invalid length.
[  856.992069][T19775] netlink: 51 bytes leftover after parsing attributes in process `syz.1.3581'.
[  857.253568][T19782] netlink: 'syz.1.3584': attribute type 27 has an invalid length.
[  857.277736][T19782] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3584'.
[  859.156691][T19796] netlink: 'syz.2.3588': attribute type 10 has an invalid length.
[  859.175169][T19796] netlink: 'syz.2.3588': attribute type 10 has an invalid length.
[  859.188118][T19796] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.3588'.
[  859.209625][T19796] openvswitch: netlink: Message has 4 unknown bytes.
[  860.155710][T19795] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  864.291919][T19841] netlink: 'syz.1.3600': attribute type 1 has an invalid length.
[  864.325605][T19841] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.3600'.
[  864.355149][T19841] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3600'.
[  864.775334][T19858] netlink: 'syz.0.3604': attribute type 10 has an invalid length.
[  864.804879][T19858] team0: Device bridge0 is already an upper device of the team interface
[  864.969767][T19864] netlink: 3076 bytes leftover after parsing attributes in process `syz.3.3605'.
[  864.986016][T19864] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.3605'.
[  865.143956][T19870] netlink: 'syz.0.3606': attribute type 2 has an invalid length.
[  865.173589][T19870] netlink: 'syz.0.3606': attribute type 8 has an invalid length.
[  865.197577][T19870] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3606'.
[  866.026097][T19889] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3610'.
[  866.649226][T19902] netlink: 'syz.0.3613': attribute type 10 has an invalid length.
[  867.954879][T19902] netlink: 55 bytes leftover after parsing attributes in process `syz.0.3613'.
[  869.442103][T19931] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3620'.
[  870.277470][T19934] netlink: 'syz.1.3622': attribute type 21 has an invalid length.
[  870.296316][T19934] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3622'.
[  870.321146][T19934] netlink: 'syz.1.3622': attribute type 5 has an invalid length.
[  870.350294][T19934] netlink: 'syz.1.3622': attribute type 6 has an invalid length.
[  870.380469][T19934] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3622'.
[  870.486830][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  870.493443][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  873.337036][T19968] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3630'.
[  874.742516][T19981] netlink: 'syz.0.3632': attribute type 10 has an invalid length.
[  875.761248][T20001] netlink: 'syz.0.3638': attribute type 3 has an invalid length.
[  875.795945][T20001] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.3638'.
[  876.599603][T18819] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  879.022028][T20022] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3645'.
[  879.354229][T20026] mac80211_hwsim hwsim37 wlan0: left promiscuous mode
[  879.376837][T20026] mac80211_hwsim hwsim37 wlan0: left allmulticast mode
[  880.268812][T20061] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3655'.
[  881.990487][T20097] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3666'.
[  883.345826][T20132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3674'.
[  883.375229][T20132] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3674'.
[  883.477409][T20136] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3676'.
[  883.569085][T20134] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.3675'.
[  883.581482][T20138] netlink: 'syz.0.3677': attribute type 19 has an invalid length.
[  884.906805][T20158] netlink: 15743 bytes leftover after parsing attributes in process `syz.3.3683'.
[  885.112852][T20170] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3688'.
[  885.136706][T20161] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3684'.
[  885.185775][T20172] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3689'.
[  886.369001][T20195] netlink: 3890 bytes leftover after parsing attributes in process `syz.0.3695'.
[  886.969611][T20210] mac80211_hwsim hwsim42 wlan0: entered promiscuous mode
[  886.976860][T20210] mac80211_hwsim hwsim42 wlan0: entered allmulticast mode
[  887.005427][T20212] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3698'.
[  888.084087][T20231] netlink: 'syz.2.3702': attribute type 3 has an invalid length.
[  888.238749][T20231] netlink: 'syz.2.3702': attribute type 7 has an invalid length.
[  888.252241][T20231] netlink: 'syz.2.3702': attribute type 8 has an invalid length.
[  888.333195][T20231] netlink: 'syz.2.3702': attribute type 7 has an invalid length.
[  888.364855][T20230] IPv6: Can't replace route, no match found
[  888.385843][T20231] netlink: 198048 bytes leftover after parsing attributes in process `syz.2.3702'.
[  888.791240][T20250] netlink: 'syz.1.3703': attribute type 153 has an invalid length.
[  888.913510][T20250] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.3703'.
[  889.542098][T20263] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3709'.
[  890.174305][T20280] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.3716'.
[  890.434370][T20291] netlink: 3752 bytes leftover after parsing attributes in process `syz.3.3718'.
[  890.448123][T20292] netlink: 'syz.3.3718': attribute type 10 has an invalid length.
[  890.496477][T20292] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  890.711726][T20301] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3721'.
[  890.726974][T20302] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3721'.
[  890.742781][T20308] netlink: 'syz.1.3723': attribute type 2 has an invalid length.
[  890.753845][T20308] netlink: 'syz.1.3723': attribute type 1 has an invalid length.
[  890.762258][T20306] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3722'.
[  890.785301][T20308] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3723'.
[  890.923350][T20312] netlink: 'syz.1.3723': attribute type 21 has an invalid length.
[  890.965349][T20312] netlink: 'syz.1.3723': attribute type 5 has an invalid length.
[  890.983457][T20312] netlink: 'syz.1.3723': attribute type 6 has an invalid length.
[  891.557930][T20323] sysfs: cannot create duplicate filename '/class/ieee80211/!!�!'
[  891.604308][T20323] CPU: 1 PID: 20323 Comm: syz.0.3727 Not tainted syzkaller #0
[  891.611967][T20323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  891.622269][T20323] Call Trace:
[  891.625598][T20323]  <TASK>
[  891.628559][T20323]  dump_stack_lvl+0x18c/0x250
[  891.633294][T20323]  ? show_regs_print_info+0x20/0x20
[  891.638539][T20323]  ? load_image+0x400/0x400
[  891.643123][T20323]  sysfs_warn_dup+0x8e/0xa0
[  891.647754][T20323]  sysfs_do_create_link_sd+0xc0/0x110
[  891.653198][T20323]  device_add_class_symlinks+0x1cf/0x240
[  891.658925][T20323]  device_add+0x507/0xc20
[  891.663322][T20323]  wiphy_register+0x1dad/0x2ae0
[  891.668267][T20323]  ? cfg80211_event_work+0x40/0x40
[  891.673492][T20323]  ? minstrel_ht_alloc+0x88a/0x990
[  891.678714][T20323]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  891.684924][T20323]  ieee80211_register_hw+0x3464/0x4250
[  891.690575][T20323]  ? ieee80211_tasklet_handler+0x20/0x20
[  891.696245][T20323]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  891.702268][T20323]  ? __debug_object_init+0xec/0x450
[  891.707701][T20323]  ? __asan_memset+0x22/0x40
[  891.712332][T20323]  ? __hrtimer_init+0x186/0x270
[  891.717231][T20323]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[  891.723061][T20323]  ? mac80211_hwsim_free+0x220/0x220
[  891.728385][T20323]  ? rcu_is_watching+0x15/0xb0
[  891.733196][T20323]  ? kstrndup+0xbd/0x140
[  891.737509][T20323]  hwsim_new_radio_nl+0xdc9/0x1a90
[  891.742682][T20323]  ? __nla_validate+0x50/0x50
[  891.747528][T20323]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  891.754020][T20323]  ? __nla_parse+0x40/0x50
[  891.758482][T20323]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  891.764877][T20323]  genl_family_rcv_msg_doit+0x211/0x310
[  891.770549][T20323]  ? end_current_label_crit_section+0x170/0x170
[  891.776847][T20323]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  891.782797][T20323]  ? bpf_lsm_capable+0x9/0x10
[  891.787519][T20323]  ? security_capable+0x89/0xb0
[  891.792428][T20323]  genl_rcv_msg+0x619/0x7a0
[  891.796984][T20323]  ? genl_bind+0x360/0x360
[  891.801521][T20323]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  891.807903][T20323]  ? lockdep_hardirqs_on+0x98/0x150
[  891.813248][T20323]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  891.819475][T20323]  netlink_rcv_skb+0x241/0x4d0
[  891.824284][T20323]  ? genl_bind+0x360/0x360
[  891.828883][T20323]  ? netlink_ack+0x1180/0x1180
[  891.833919][T20323]  ? __lock_acquire+0x7d40/0x7d40
[  891.839010][T20323]  ? down_read+0x1ac/0x2e0
[  891.843473][T20323]  genl_rcv+0x28/0x40
[  891.847490][T20323]  netlink_unicast+0x751/0x8d0
[  891.852334][T20323]  netlink_sendmsg+0x8d0/0xbf0
[  891.857167][T20323]  ? netlink_getsockopt+0x590/0x590
[  891.862414][T20323]  ? aa_sock_msg_perm+0x94/0x150
[  891.867395][T20323]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  891.872802][T20323]  ? security_socket_sendmsg+0x80/0xa0
[  891.878301][T20323]  ? netlink_getsockopt+0x590/0x590
[  891.883547][T20323]  ____sys_sendmsg+0x5ba/0x960
[  891.888343][T20323]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  891.894558][T20323]  ? __asan_memset+0x22/0x40
[  891.899191][T20323]  ? __sys_sendmsg_sock+0x30/0x30
[  891.904599][T20323]  ? __import_iovec+0x5f2/0x850
[  891.909522][T20323]  ? import_iovec+0x73/0xa0
[  891.914162][T20323]  ___sys_sendmsg+0x2a6/0x360
[  891.919063][T20323]  ? __sys_sendmsg+0x2a0/0x2a0
[  891.923934][T20323]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[  891.930285][T20323]  __se_sys_sendmsg+0x1c2/0x2b0
[  891.935184][T20323]  ? __x64_sys_sendmsg+0x80/0x80
[  891.940206][T20323]  ? syscall_enter_from_user_mode+0x2e/0x80
[  891.946149][T20323]  do_syscall_64+0x55/0xa0
[  891.950606][T20323]  ? clear_bhb_loop+0x40/0x90
[  891.955319][T20323]  ? clear_bhb_loop+0x40/0x90
[  891.960036][T20323]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  891.965966][T20323] RIP: 0033:0x7efd1819c799
[  891.970470][T20323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  891.990307][T20323] RSP: 002b:00007efd1900b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  891.998853][T20323] RAX: ffffffffffffffda RBX: 00007efd18415fa0 RCX: 00007efd1819c799
[  892.007034][T20323] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  892.015039][T20323] RBP: 00007efd18232c99 R08: 0000000000000000 R09: 0000000000000000
[  892.023039][T20323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  892.031085][T20323] R13: 00007efd18416038 R14: 00007efd18415fa0 R15: 00007ffc8eff9c98
[  892.039148][T20323]  </TASK>
[  892.621325][T20346] __nla_validate_parse: 3 callbacks suppressed
[  892.621345][T20346] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3733'.
[  892.936497][T20354] pim6reg0: tun_chr_ioctl cmd 1074025672
[  892.951503][T20354] pim6reg0: ignored: set checksum disabled
[  892.967824][T20354] pim6reg0: tun_chr_ioctl cmd 2148553947
[  893.169510][T20369] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3742'.
[  893.354489][T20377] netlink: 'syz.1.3745': attribute type 3 has an invalid length.
[  893.363097][T20377] netlink: 'syz.1.3745': attribute type 6 has an invalid length.
[  893.372090][T20377] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.3745'.
[  893.737631][T20391] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3748'.
[  894.211921][T20403] netlink: 'syz.0.3751': attribute type 1 has an invalid length.
[  894.232215][T20403] netlink: 'syz.0.3751': attribute type 4 has an invalid length.
[  894.265327][T20403] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.3751'.
[  894.307888][T20406] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3752'.
[  894.458566][T20413] netlink: 'syz.1.3754': attribute type 17 has an invalid length.
[  894.482395][T20413] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3754'.
[  894.502837][T20413] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3754'.
[  894.530452][T20413] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3754'.
[  894.551849][T20413] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3754'.
[  894.737878][T20415] netlink: 'syz.0.3755': attribute type 33 has an invalid length.
[  897.151006][T20450] netlink: 'syz.3.3766': attribute type 1 has an invalid length.
[  897.197575][T20450] netlink: 'syz.3.3766': attribute type 1 has an invalid length.
[  897.539186][T20460] netlink: 'syz.1.3769': attribute type 10 has an invalid length.
[  897.702807][T20460] team0 (unregistering): Port device team_slave_1 removed
[  897.769094][T20460] team0 (unregistering): Port device wlan1 removed
[  898.188689][T20476] __nla_validate_parse: 3 callbacks suppressed
[  898.188711][T20476] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3772'.
[  898.437244][T20481] netlink: 'syz.3.3773': attribute type 46 has an invalid length.
[  901.051497][T20496] C: renamed from team_slave_0
[  901.088530][T20496] netlink: 'syz.3.3777': attribute type 3 has an invalid length.
[  901.156668][T20496] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3777'.
[  901.201081][T20496] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  901.255688][T20509] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3782'.
[  901.265445][T20507] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.3781'.
[  901.315361][T20507] netlink: 'syz.1.3781': attribute type 29 has an invalid length.
[  901.369936][T20507] netlink: 'syz.1.3781': attribute type 29 has an invalid length.
[  901.755935][T20535] netlink: 'syz.3.3788': attribute type 39 has an invalid length.
[  902.132217][T20551] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3792'.
[  903.216224][T20566] netlink: 'syz.2.3795': attribute type 10 has an invalid length.
[  903.298085][T20566] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3795'.
[  903.887049][T20566] bridge0: port 4(ipvlan1) entered blocking state
[  903.893745][T20566] bridge0: port 4(ipvlan1) entered disabled state
[  904.011311][T20566] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  904.259056][T20575] netlink: 'syz.0.3798': attribute type 10 has an invalid length.
[  904.267216][T20575] netlink: 55 bytes leftover after parsing attributes in process `syz.0.3798'.
[  905.017895][T20599] sock: sock_set_timeout: `syz.0.3804' (pid 20599) tries to set negative timeout
[  905.059878][T20602] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3805'.
[  905.101892][T20599] netlink: 'syz.0.3804': attribute type 4 has an invalid length.
[  905.113846][T20599] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3804'.
[  905.475525][T20614] netlink: 'syz.0.3809': attribute type 10 has an invalid length.
[  906.968308][T20647] netlink: 'syz.3.3820': attribute type 2 has an invalid length.
[  906.990050][T20647] netlink: 'syz.3.3820': attribute type 3 has an invalid length.
[  907.064960][T20647] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3820'.
[  907.110545][T20651] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  907.207142][T20653] netlink: 'syz.0.3821': attribute type 29 has an invalid length.
[  907.237488][T20653] netlink: 'syz.0.3821': attribute type 29 has an invalid length.
[  907.286163][T20651] netlink: 'syz.0.3821': attribute type 29 has an invalid length.
[  907.360163][T20651] netlink: 'syz.0.3821': attribute type 29 has an invalid length.
[  907.419356][T20653] netlink: 'syz.0.3821': attribute type 29 has an invalid length.
[  907.513035][T20651] netlink: 'syz.0.3821': attribute type 29 has an invalid length.
[  908.681670][T20659] netlink: 'syz.1.3817': attribute type 10 has an invalid length.
[  908.709051][T20659] batman_adv: batadv0: Adding interface: netdevsim0
[  908.744849][T20659] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  908.814956][T20659] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  908.855908][T18819] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  908.890825][T20661] netlink: 'syz.2.3824': attribute type 21 has an invalid length.
[  908.908713][T20661] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3824'.
[  908.976961][T20663] bridge0: entered allmulticast mode
[  909.183894][T20663] bridge_slave_1: left allmulticast mode
[  909.190048][T20663] bridge_slave_1: left promiscuous mode
[  909.198836][T20663] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.209734][T20663] bridge_slave_0: left allmulticast mode
[  909.216104][T20663] bridge_slave_0: left promiscuous mode
[  909.222813][T20663] bridge0: port 1(bridge_slave_0) entered disabled state
[  909.382754][    C0] ==================================================================
[  909.390883][    C0] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900
[  909.398820][    C0] Write of size 64 at addr ffff8880243bf390 by task syz.1.3831/20681
[  909.407080][    C0] 
[  909.409436][    C0] CPU: 0 PID: 20681 Comm: syz.1.3831 Not tainted syzkaller #0
[  909.417019][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  909.427187][    C0] Call Trace:
[  909.430476][    C0]  <IRQ>
[  909.433512][    C0]  dump_stack_lvl+0x18c/0x250
[  909.438378][    C0]  ? read_lock_is_recursive+0x20/0x20
[  909.443936][    C0]  ? show_regs_print_info+0x20/0x20
[  909.449233][    C0]  ? load_image+0x400/0x400
[  909.453830][    C0]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  909.459470][    C0]  ? __virt_addr_valid+0x18c/0x540
[  909.464700][    C0]  ? __virt_addr_valid+0x469/0x540
[  909.469822][    C0]  print_report+0xa8/0x210
[  909.474246][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  909.479460][    C0]  kasan_report+0x117/0x150
[  909.484173][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  909.489326][    C0]  kasan_check_range+0x241/0x290
[  909.494295][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  909.500030][    C0]  __asan_memcpy+0x40/0x70
[  909.504455][    C0]  __bpf_get_stackid+0x6bf/0x900
[  909.509408][    C0]  bpf_get_stackid_pe+0x343/0x410
[  909.514460][    C0]  bpf_prog_2720e47ac028c133+0x29/0x3e
[  909.520109][    C0]  bpf_overflow_handler+0x1fc/0x510
[  909.525320][    C0]  ? verify_lock_unused+0x140/0x140
[  909.530525][    C0]  ? bpf_overflow_handler+0xde/0x510
[  909.535924][    C0]  ? tp_perf_event_destroy+0x20/0x20
[  909.541224][    C0]  ? __perf_event_account_interrupt+0x187/0x280
[  909.547472][    C0]  __perf_event_overflow+0x447/0x630
[  909.552778][    C0]  perf_swevent_hrtimer+0x4aa/0x570
[  909.557982][    C0]  ? cpu_clock_event_read+0x40/0x40
[  909.563290][    C0]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  909.569192][    C0]  ? _raw_spin_unlock+0x40/0x40
[  909.574055][    C0]  __hrtimer_run_queues+0x4e1/0xc40
[  909.579286][    C0]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  909.585279][    C0]  ? cpu_clock_event_read+0x40/0x40
[  909.590547][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  909.595676][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  909.601758][    C0]  hrtimer_interrupt+0x3c9/0x9c0
[  909.606807][    C0]  __sysvec_apic_timer_interrupt+0xfb/0x3b0
[  909.612892][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  909.618709][    C0]  </IRQ>
[  909.621645][    C0]  <TASK>
[  909.624605][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  909.630689][    C0] RIP: 0010:kasan_check_range+0x8f/0x290
[  909.636420][    C0] Code: 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 3d 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 0f 85 8d 01 00 00 <49> ff c3 48 ff c3 75 ee e9 1d 01 00 00 44 89 dd 83 e5 07 0f 84 b5
[  909.656127][    C0] RSP: 0018:ffffc900037d7bc8 EFLAGS: 00000246
[  909.662204][    C0] RAX: ffffffff817bc101 RBX: fffffffffffffffe RCX: ffffffff817bc16d
[  909.670188][    C0] RDX: 0000000000000001 RSI: 0000000000000018 RDI: ffffc900037d7c80
[  909.678172][    C0] RBP: 0000000000000000 R08: ffffc900037d7c97 R09: 1ffff920006faf92
[  909.686154][    C0] R10: dffffc0000000000 R11: fffff520006faf91 R12: 0000000000000003
[  909.694136][    C0] R13: 00007f4018e15fac R14: fffff520006faf93 R15: 1ffff920006faf90
[  909.702120][    C0]  ? futex_wake+0x41/0x4f0
[  909.706655][    C0]  ? futex_wake+0xad/0x4f0
[  909.711192][    C0]  __asan_memset+0x22/0x40
[  909.715622][    C0]  futex_wake+0xad/0x4f0
[  909.720132][    C0]  ? futex_wake_mark+0x150/0x150
[  909.725364][    C0]  ? ktime_get+0x7f/0x280
[  909.729906][    C0]  ? ktime_get+0x7f/0x280
[  909.734256][    C0]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[  909.740558][    C0]  ? ktime_get_real_ts64+0x440/0x440
[  909.745856][    C0]  do_futex+0x35d/0x3e0
[  909.750031][    C0]  ? __ia32_sys_get_robust_list+0x110/0x110
[  909.755926][    C0]  ? clockevents_program_event+0x230/0x310
[  909.761745][    C0]  __se_sys_futex+0x3a9/0x440
[  909.766439][    C0]  ? __x64_sys_futex+0xf0/0xf0
[  909.771204][    C0]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  909.777281][    C0]  ? __x64_sys_futex+0x21/0xf0
[  909.782061][    C0]  do_syscall_64+0x55/0xa0
[  909.786491][    C0]  ? clear_bhb_loop+0x40/0x90
[  909.791286][    C0]  ? clear_bhb_loop+0x40/0x90
[  909.795990][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  909.801905][    C0] RIP: 0033:0x7f4018b9c799
[  909.806418][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  909.826388][    C0] RSP: 002b:00007f4019afe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  909.834903][    C0] RAX: ffffffffffffffda RBX: 00007f4018e15fa8 RCX: 00007f4018b9c799
[  909.842964][    C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4018e15fac
[  909.851115][    C0] RBP: 00007f4018e15fa0 R08: 0000000000745d1e R09: 0000000000000000
[  909.859180][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  909.867161][    C0] R13: 00007f4018e16038 R14: 00007ffc04861ff0 R15: 00007ffc048620d8
[  909.875148][    C0]  </TASK>
[  909.878168][    C0] 
[  909.880492][    C0] Allocated by task 20681:
[  909.884927][    C0]  kasan_set_track+0x4e/0x70
[  909.889541][    C0]  __kasan_kmalloc+0x8f/0xa0
[  909.894160][    C0]  __kmalloc_node+0xb4/0x230
[  909.898953][    C0]  bpf_map_area_alloc+0x5e/0x110
[  909.903907][    C0]  prealloc_elems_and_freelist+0x86/0x1c0
[  909.909635][    C0]  stack_map_alloc+0x33a/0x4c0
[  909.914404][    C0]  map_create+0x877/0x12f0
[  909.918829][    C0]  __sys_bpf+0x651/0x890
[  909.923073][    C0]  __x64_sys_bpf+0x7c/0x90
[  909.927617][    C0]  do_syscall_64+0x55/0xa0
[  909.932047][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  909.938039][    C0] 
[  909.940360][    C0] Last potentially related work creation:
[  909.946070][    C0]  kasan_save_stack+0x3e/0x60
[  909.950837][    C0]  __kasan_record_aux_stack+0xaf/0xc0
[  909.956238][    C0]  call_rcu+0x153/0x950
[  909.960402][    C0]  nf_unregister_net_hooks+0xcb/0x130
[  909.965869][    C0]  nf_defrag_ipv6_disable+0x95/0xe0
[  909.971162][    C0]  nf_ct_netns_put+0x375/0x520
[  909.976019][    C0]  nf_conncount_destroy+0x41/0x150
[  909.981487][    C0]  ovs_ct_exit+0x9c/0x200
[  909.986183][    C0]  ovs_exit_net+0xed/0x7a0
[  909.990646][    C0]  cleanup_net+0x70a/0xbb0
[  909.995151][    C0]  process_scheduled_works+0xa5d/0x15d0
[  910.000882][    C0]  worker_thread+0xa55/0xfc0
[  910.005996][    C0]  kthread+0x2fa/0x390
[  910.010062][    C0]  ret_from_fork+0x48/0x80
[  910.014479][    C0]  ret_from_fork_asm+0x11/0x20
[  910.019332][    C0] 
[  910.021657][    C0] Second to last potentially related work creation:
[  910.028239][    C0]  kasan_save_stack+0x3e/0x60
[  910.033004][    C0]  __kasan_record_aux_stack+0xaf/0xc0
[  910.038381][    C0]  call_rcu+0x153/0x950
[  910.042625][    C0]  __nf_register_net_hook+0x788/0x910
[  910.048002][    C0]  nf_register_net_hook+0xb2/0x190
[  910.053147][    C0]  nf_register_net_hooks+0x44/0x1b0
[  910.058362][    C0]  ip6t_register_table+0x543/0x7e0
[  910.063477][    C0]  ip6table_mangle_table_init+0x41/0x60
[  910.069031][    C0]  xt_find_table_lock+0x306/0x3e0
[  910.074235][    C0]  xt_request_find_table_lock+0x26/0x100
[  910.079961][    C0]  do_ip6t_get_ctl+0x717/0x1210
[  910.084827][    C0]  nf_getsockopt+0x262/0x280
[  910.089433][    C0]  ipv6_getsockopt+0x226/0x2e0
[  910.094292][    C0]  do_sock_getsockopt+0x379/0x450
[  910.099414][    C0]  __x64_sys_getsockopt+0x1d6/0x280
[  910.104616][    C0]  do_syscall_64+0x55/0xa0
[  910.109047][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  910.114945][    C0] 
[  910.117268][    C0] The buggy address belongs to the object at ffff8880243bf380
[  910.117268][    C0]  which belongs to the cache kmalloc-cg-64 of size 64
[  910.131497][    C0] The buggy address is located 16 bytes inside of
[  910.131497][    C0]  allocated 40-byte region [ffff8880243bf380, ffff8880243bf3a8)
[  910.145511][    C0] 
[  910.147836][    C0] The buggy address belongs to the physical page:
[  910.154351][    C0] page:ffffea000090efc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880243bfe80 pfn:0x243bf
[  910.166102][    C0] memcg:ffff8880252e8801
[  910.170518][    C0] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[  910.178061][    C0] page_type: 0xffffffff()
[  910.182481][    C0] raw: 00fff00000000800 ffff888017c4da00 ffffea0001897f00 dead000000000004
[  910.191157][    C0] raw: ffff8880243bfe80 0000000080200019 00000001ffffffff ffff8880252e8801
[  910.199759][    C0] page dumped because: kasan: bad access detected
[  910.206417][    C0] page_owner tracks the page as allocated
[  910.212156][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5773, tgid 5773 (syz-executor), ts 84181550986, free_ts 83766354630
[  910.230418][    C0]  post_alloc_hook+0x1c1/0x200
[  910.235242][    C0]  get_page_from_freelist+0x1951/0x19e0
[  910.240904][    C0]  __alloc_pages+0x1f0/0x460
[  910.245676][    C0]  alloc_slab_page+0x5d/0x160
[  910.250472][    C0]  new_slab+0x87/0x2d0
[  910.254646][    C0]  ___slab_alloc+0xc5d/0x12f0
[  910.259390][    C0]  __kmem_cache_alloc_node+0x19e/0x250
[  910.264857][    C0]  __kmalloc_node+0xa4/0x230
[  910.269453][    C0]  kvmalloc_node+0x70/0x180
[  910.273978][    C0]  nf_hook_entries_grow+0x27d/0x6d0
[  910.279202][    C0]  __nf_register_net_hook+0x2c9/0x910
[  910.284681][    C0]  nf_register_net_hook+0xb2/0x190
[  910.289803][    C0]  nf_register_net_hooks+0x44/0x1b0
[  910.295095][    C0]  arpt_register_table+0x5f4/0x720
[  910.300212][    C0]  arptable_filter_table_init+0x41/0x60
[  910.305765][    C0]  xt_find_table_lock+0x306/0x3e0
[  910.310882][    C0] page last free stack trace:
[  910.315552][    C0]  free_unref_page_prepare+0x7b2/0x8c0
[  910.321102][    C0]  free_unref_page+0x32/0x2e0
[  910.325791][    C0]  __unfreeze_partials+0x1cf/0x210
[  910.331011][    C0]  put_cpu_partial+0x17c/0x250
[  910.335863][    C0]  __slab_free+0x319/0x400
[  910.340277][    C0]  qlist_free_all+0x75/0xd0
[  910.344786][    C0]  kasan_quarantine_reduce+0x143/0x160
[  910.350341][    C0]  __kasan_slab_alloc+0x22/0x80
[  910.355193][    C0]  slab_post_alloc_hook+0x6e/0x4b0
[  910.360310][    C0]  kmem_cache_alloc+0x11a/0x2d0
[  910.365601][    C0]  __anon_vma_prepare+0x68/0x430
[  910.370552][    C0]  handle_mm_fault+0x401d/0x4c00
[  910.375491][    C0]  do_user_addr_fault+0x730/0x12c0
[  910.380619][    C0]  exc_page_fault+0x64/0x100
[  910.385400][    C0]  asm_exc_page_fault+0x26/0x30
[  910.390253][    C0] 
[  910.392576][    C0] Memory state around the buggy address:
[  910.398209][    C0]  ffff8880243bf280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  910.406359][    C0]  ffff8880243bf300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  910.414426][    C0] >ffff8880243bf380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  910.422622][    C0]                                   ^
[  910.428077][    C0]  ffff8880243bf400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  910.436150][    C0]  ffff8880243bf480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  910.444317][    C0] ==================================================================
[  910.452692][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  910.460203][    C0] CPU: 0 PID: 20681 Comm: syz.1.3831 Not tainted syzkaller #0
[  910.467934][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  910.478182][    C0] Call Trace:
[  910.481563][    C0]  <IRQ>
[  910.484418][    C0]  dump_stack_lvl+0x18c/0x250
[  910.489112][    C0]  ? show_regs_print_info+0x20/0x20
[  910.494423][    C0]  ? load_image+0x400/0x400
[  910.499039][    C0]  panic+0x2dc/0x730
[  910.502941][    C0]  ? __lock_acquire+0x7d40/0x7d40
[  910.507998][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  910.512535][    C0]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  910.518468][    C0]  ? _raw_spin_unlock+0x40/0x40
[  910.523346][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  910.528817][    C0]  check_panic_on_warn+0x84/0xa0
[  910.533770][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  910.539154][    C0]  end_report+0x6f/0x130
[  910.543403][    C0]  kasan_report+0x128/0x150
[  910.547943][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  910.553085][    C0]  kasan_check_range+0x241/0x290
[  910.558062][    C0]  ? __bpf_get_stackid+0x6bf/0x900
[  910.563206][    C0]  __asan_memcpy+0x40/0x70
[  910.567650][    C0]  __bpf_get_stackid+0x6bf/0x900
[  910.572607][    C0]  bpf_get_stackid_pe+0x343/0x410
[  910.577741][    C0]  bpf_prog_2720e47ac028c133+0x29/0x3e
[  910.583206][    C0]  bpf_overflow_handler+0x1fc/0x510
[  910.588418][    C0]  ? verify_lock_unused+0x140/0x140
[  910.593634][    C0]  ? bpf_overflow_handler+0xde/0x510
[  910.599020][    C0]  ? tp_perf_event_destroy+0x20/0x20
[  910.604403][    C0]  ? __perf_event_account_interrupt+0x187/0x280
[  910.610737][    C0]  __perf_event_overflow+0x447/0x630
[  910.616033][    C0]  perf_swevent_hrtimer+0x4aa/0x570
[  910.621327][    C0]  ? cpu_clock_event_read+0x40/0x40
[  910.626646][    C0]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  910.632546][    C0]  ? _raw_spin_unlock+0x40/0x40
[  910.637401][    C0]  __hrtimer_run_queues+0x4e1/0xc40
[  910.642603][    C0]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  910.648858][    C0]  ? cpu_clock_event_read+0x40/0x40
[  910.654062][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  910.659180][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  910.665342][    C0]  hrtimer_interrupt+0x3c9/0x9c0
[  910.670328][    C0]  __sysvec_apic_timer_interrupt+0xfb/0x3b0
[  910.676229][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  910.681873][    C0]  </IRQ>
[  910.684895][    C0]  <TASK>
[  910.687916][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  910.693902][    C0] RIP: 0010:kasan_check_range+0x8f/0x290
[  910.699547][    C0] Code: 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 3d 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 0f 85 8d 01 00 00 <49> ff c3 48 ff c3 75 ee e9 1d 01 00 00 44 89 dd 83 e5 07 0f 84 b5
[  910.719165][    C0] RSP: 0018:ffffc900037d7bc8 EFLAGS: 00000246
[  910.725342][    C0] RAX: ffffffff817bc101 RBX: fffffffffffffffe RCX: ffffffff817bc16d
[  910.733559][    C0] RDX: 0000000000000001 RSI: 0000000000000018 RDI: ffffc900037d7c80
[  910.741535][    C0] RBP: 0000000000000000 R08: ffffc900037d7c97 R09: 1ffff920006faf92
[  910.749511][    C0] R10: dffffc0000000000 R11: fffff520006faf91 R12: 0000000000000003
[  910.757497][    C0] R13: 00007f4018e15fac R14: fffff520006faf93 R15: 1ffff920006faf90
[  910.765565][    C0]  ? futex_wake+0x41/0x4f0
[  910.770075][    C0]  ? futex_wake+0xad/0x4f0
[  910.774501][    C0]  __asan_memset+0x22/0x40
[  910.779014][    C0]  futex_wake+0xad/0x4f0
[  910.783264][    C0]  ? futex_wake_mark+0x150/0x150
[  910.788221][    C0]  ? ktime_get+0x7f/0x280
[  910.792640][    C0]  ? ktime_get+0x7f/0x280
[  910.796969][    C0]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[  910.803216][    C0]  ? ktime_get_real_ts64+0x440/0x440
[  910.808512][    C0]  do_futex+0x35d/0x3e0
[  910.812675][    C0]  ? __ia32_sys_get_robust_list+0x110/0x110
[  910.818570][    C0]  ? clockevents_program_event+0x230/0x310
[  910.824471][    C0]  __se_sys_futex+0x3a9/0x440
[  910.829154][    C0]  ? __x64_sys_futex+0xf0/0xf0
[  910.834011][    C0]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  910.839999][    C0]  ? __x64_sys_futex+0x21/0xf0
[  910.844852][    C0]  do_syscall_64+0x55/0xa0
[  910.849272][    C0]  ? clear_bhb_loop+0x40/0x90
[  910.853948][    C0]  ? clear_bhb_loop+0x40/0x90
[  910.858888][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  910.864873][    C0] RIP: 0033:0x7f4018b9c799
[  910.869301][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  910.889007][    C0] RSP: 002b:00007f4019afe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  910.897603][    C0] RAX: ffffffffffffffda RBX: 00007f4018e15fa8 RCX: 00007f4018b9c799
[  910.905679][    C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4018e15fac
[  910.913677][    C0] RBP: 00007f4018e15fa0 R08: 0000000000745d1e R09: 0000000000000000
[  910.921683][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  910.929767][    C0] R13: 00007f4018e16038 R14: 00007ffc04861ff0 R15: 00007ffc048620d8
[  910.937929][    C0]  </TASK>
[  910.941419][    C0] Kernel Offset: disabled
[  910.945826][    C0] Rebooting in 86400 seconds..