last executing test programs:

14.146285074s ago: executing program 0 (id=5431):
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.stat\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x30, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000001380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)}, 0x8000)
recvmsg(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000002d00)=""/4080, 0xff0}, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'veth1_macvtap\x00', @random="4f33e363a4b1"})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0xb}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x6}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xa0}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

12.684202754s ago: executing program 0 (id=5436):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000001340)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000080000000600000001000093040000000400000000008000070000000000000061345f00"], &(0x7f0000000340)=""/4089, 0x38, 0xff9, 0x1}, 0x28)

12.618481065s ago: executing program 1 (id=5437):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f00000000c0)=""/244, 0x8b, 0xf4, 0x1, 0x10001}, 0x28)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xe4}, 0x4110, 0x6c97, 0x0, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x5)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r6}, 0x38)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={r0, 0x20, &(0x7f0000000380)={&(0x7f0000000200)=""/9, 0x9, 0x0, &(0x7f0000000280)=""/253, 0xfd}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000400)={0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9feb0100180000000000000074000000740000000a00000002000000070000060400000008000000ca000000050000040300000008000000010000000d0000000800000003000000ea0a00000c0000000600000000000000c5000000000000000000000203000000040000000000000b040000000900000000"], 0x0, 0x96}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x66137, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x4800, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e000000000000000500"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, 0x94)
syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071104200000000001d400500000000004704000001ed00000f030000000000002c440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a107464ffffff7f00000000617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce963b0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c3f000000315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b47623028271722fb515f31e0dd115a292f1e68481a62cd15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc8230"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

12.43908251s ago: executing program 0 (id=5440):
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x1, 0x1, 0x0, 0x0, 0x200000, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c230000)
r2 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180100"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32, @ANYRES16], 0x10)
socketpair(0x1e, 0xa, 0x80, &(0x7f0000000b00))

11.097213157s ago: executing program 0 (id=5445):
r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x19, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f0000000100)=0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x13, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4004010)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'gre0\x00', 0x10})
socketpair(0x1, 0x1, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={@cgroup, r2, 0x1}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x14, &(0x7f0000000040), 0x3b)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000009c0)={0x3c1e}, 0x8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[], 0x10)

6.121737793s ago: executing program 3 (id=5461):
perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x1}, 0x9000, 0x5, 0xfffffffe, 0x4, 0xed, 0x0, 0xd9}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x100)
r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)

5.169765679s ago: executing program 2 (id=5462):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'vlan0\x00', @remote})

5.11548723s ago: executing program 3 (id=5463):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x10000, @value=r0}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r1, 0x0, 0x1}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000cc0)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, 0x1b, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000bc0)={0x1, 0x0, 0x8, 0x18000000}, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000c40), 0x10, 0x37}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x10}}], 0x10}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0xa, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x1, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000a00)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000a80), 0x3}, 0x8601, 0x2000000}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x400})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_macvtap\x00', 0x200})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8922, &(0x7f0000000080))

4.890132047s ago: executing program 1 (id=5464):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000500)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x0, 0x1010000}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)

4.76707013s ago: executing program 2 (id=5465):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x200}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

4.460050958s ago: executing program 2 (id=5466):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x30}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)

4.360974761s ago: executing program 4 (id=5467):
perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x1}, 0x9000, 0x5, 0xfffffffe, 0x4, 0xed, 0x0, 0xd9}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x9)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)}, 0x100)
r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='blkio.bfq.sectors\x00', 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)

4.272541584s ago: executing program 2 (id=5468):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
r2 = socket$kcm(0xa, 0x1, 0x0)
sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
recvmsg$unix(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000003c0)=""/199, 0xc7}], 0x1}, 0x20)

3.472656105s ago: executing program 2 (id=5469):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)

3.472496635s ago: executing program 3 (id=5471):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xf0}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x56}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.471865285s ago: executing program 1 (id=5480):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
r2 = socket$kcm(0xa, 0x1, 0x0)
sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000000), &(0x7f00000000c0)=r1}, 0x20)
recvmsg$unix(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000003c0)=""/199, 0xc7}], 0x1}, 0x20)

3.266460211s ago: executing program 0 (id=5472):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000006000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd00006ed3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808b80200000000000000334d83239d1d2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cefd07e002cab5ebfcaad34732181feb215139f15eadddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a580900000000000000b4f22cdf550ef091a78098534f0d973058594119d06d5ea9a8d085734000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a1f3db9c24db65c1e00015c1d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86e0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8e34fc7eac9e8af3904ea0f3698cd9492794b82649b50d726bff873339c4cad4ead1348474250eda2c8067ab730c1d85969b95a2a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c02000000000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860a44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cddcb24ebb6eddb9e87c9ece87a42c0000abdf0100000001000000aea1b6eca5a883702b0bf3aeebb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3e0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5bf55b98d926d3c27e7945b2999600000000f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac23c3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa17bc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984aea1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a57094616020f72f1c55ee3d325c7496a7c2f10cfea516ae436751227378f00ca0f1f6c1dcf879700dd90b96a330f92bff736c83ca53e7f02b734d1a9292896f5d7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cdeac995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb7961c07b47521973cf0bb6f5530f6216b447b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d413e7b2a9e2f87f7b44949fe14c00000000000047030c09f62d444b4981db81799776eeb444000000009705fa8b56779bc876ad4f8d8c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dee145ff221159aed2768edc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982e3ddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bf4d30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def613204c2b7c1ad48b01c208f4032e93408000000000000e96db049b92fc32ee34fe7a3419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab84213bf50000000000000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba375dfa55a49b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be573f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bc850f8035040ad9e562be58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc0555d4bfcfd057980136d6e9000003b24fa300ef90bfe4ad364256937796f941c2faad94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808f109b5e36fc7fdd41def361427b6b9c118e5c9a0a1d5ca24886e33a7f81b2188ec75a5fc9302e3695bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124ba263e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3010975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df74d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf3010100007e206a758a3f02816b4e097cfa3d46e45e7949c5b10691d49b9693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000000000000000019a4e9a9c2cbc906f97fd6eb71b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea12023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6088630d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac6398c1b28bdd33b69b4b86d7c5f30cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a9f9355aea34fe55fd0d3011cb83ac03268dc66dd108a4e9944241e1d4ba69212ee0e7526e72c19346d08d3c3c82cb987f1bd2fd9ce2c88082ea23abbf23c6bd43fc9f9f8ea7656e25d3d73cd056b1f782de1fe349fc33546558366ed99940c0fda039272d277a3576d4e0469779d711e10b6bf040f7274fd9577c1c33326d2e60ee611ae226ef00e2944fb727832dc8dad36a6072aacfc4bcefb808a"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc0, 0x5, 0x0, 0x0, 0x0, 0x8, 0x401, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0, 0x1}, 0x300, 0xd1, 0x0, 0x3, 0x2, 0x0, 0xc98a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x86, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x8, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
gettid()
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xb0000}, 0x805, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0xc280, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000140)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffe00000000000}})
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, <r1=>0x0})
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, <r2=>0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB], 0x48)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, 0x0, 0x0)
socketpair(0x27, 0x6, 0x5, &(0x7f0000001000))
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000100)={0x0, <r4=>0x0})
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, 0x0, 0x0)
close(r3)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu<-0||!')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001040)=ANY=[], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)

3.184555913s ago: executing program 3 (id=5473):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0xfd, 0xfd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0xb02}, 0x0, 0xc8, 0x10003, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[], 0xfdef)

3.017588047s ago: executing program 2 (id=5474):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000680)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000380)=r4)
write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000"], 0xffdd)

2.877758611s ago: executing program 3 (id=5475):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x1, 0x0, 0xd66}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x2, &(0x7f00000000c0), 0x31}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)="246ab6c323838c21148f45c44d8061dcd5788b4670a5efbe796b372dcbd3a13e5b7eef41886d8274cb10a03d93", 0x2d}, {&(0x7f0000000940)="b9331ad46cd56d6cc7afd22247ef4dea40da3f87d9b21a93829131315632aa1639b37dea9ef8bedc214f5f88388d731c892348de4a7b6234dec8a5539f0f6a4e2339f13684230ef33a1562ef3124dfb03d22471fa0a0825882b0f8eafa9a66e6dceb6c3b9fd9c1f0cccfebc7e95ce59fab59163f560dfcbf38568f91e93e748c9dc6cb95203d618cc7cb696872489de77d1ae09bdca12973f65f2b06b112bd95bf2888e38deb29eddc40afa6887e9ae785c590378231017f0c0ac48eb53d6dc8dd718444ab76339e71e6295020e6a2457114ca24a98dea2cd7505cd4741a63f7cd0bb4d24f93b2df6ee467af4b8895eb27562772bb7cb67390c46be776198d52f1df8ff287047e8cb61570280b31a8f2c7de0c84241c0bb7df72b44887ad352aa0d70554b440bd387b3999cdcbc0315b1be9c1c9e1cd99226879b7d0f1e7aaeefe81602963a11e086521dc7fc9376dfac93c19bdfc1d288846cce01ba82f5e064c06e373e98d3728132ffb7e89f2299cbb9b8c437ae7fa8ac60fb7fbf20ffb4ebba389f0548a523aa765d76a5295db997422f0da6e84d0f972b489d202be8e9a7b163b23bc3915b31d4759f78ba84294c805b74aed1fdaab4fb385f8e4a80e674c77534fd419b75679c61d6018d0f91d32dd27d9ee3ff56fb079949185a3a5ffe3aa36387648ce4e4efcbc127bdc7080feb366ea05400c267ccfcd1fb43bbd501b51c0a4666c968013705d243c39bf76c4741c0660119a2d413811eca001f97d22f87451a502d2cc996fee0df601da5a94579b29d84162d1c7c0fde74e2c9c07d4a72f326ed08c138e9fa783a49325056deec3e896e516e919065e709787e1262ee41086926989f03718ef280af61a9ee08c8dbd250420baba456051b03308624f39852a3c38c31bda2698ef89652c84710481d36bb6bf30024cb97679bce4ffd2665875fe7d780a0ed4a4baf7e26fcbbdc336dbc33f91976316315492f28e1f7f34415624ae0fa77a3b7b6f54c947b9c063b7a95dd1d9f0ad0958069f8c5c97e4fe73471650cbbd3b1ae107d9238b2319c34513daa0bcc4ad79026e25397230a88696f4d52e2ee9662c75559d4e224216ab8842d567eca38bd7ff1262a9019ce748b9c77d93af0b146b8832d243466b91ec1d1ddf902fa91df643632759f9a865492aeabc8a21d0b52f70486fe318c45dfc19ebaf25431cd7f9871d9c31e517e4fce14bed1471ccff8a2e6aa14079a9043a6835a29e206863eb6176d54020ba76e6e042fde33c9cf354132b12e28f244c110266f8d55b2c9592f78ad734542b06d22de57589bf2452dfcc82aee7b6ae3bec2354922605bed7eff04cea55e8bbd1a0361f68fa68a4c75f94ba46bc8e4aba0b78bb3e1e39d6b731376d7f5018025c49540b34b00b80558474ab9c7a26d1b9d5d8e1cbe6493d72c4ede3c667be073a55e6024cf053d90b06718e1667cd3a3560d18314b0d97d9cec245afeabb56fba6afb5d5c8dbd656aa83717e25cc7347a0e22a70772036085a9fc0ed678432915c8259466adde7da5d908bf3f98daf75bcb332f2ac8b19da0834e24832c3433151da1805845a6568d341ec4565ca8aa8c0002415c8742b3051176cf6b9bbd9ca2788b0e37746bbad852f95777b09ab511110fb88360b4035cf03b6158afe964cb7c44713684e9e9cc3c159b1dfc39c11ac9bac4ca8b73d92bb04f640a8f0de4924b72b5be1b173dd7c617fb4204f4c9475f5d5c2389b422ea27b045ee4f1fde834036b4f4013a13fc4f21c0d2acd48a07de1cbfc2f3e00ecd0efaed678179f837124ad65e44f15812167fe4c635327bcb7030aa42de88b7f03d5a0481a5874d6f76b7f532235853b9175c7924456475d37114592f357d6a6fc2afd7a43ff3ab32ed5538f8d2303e7a66b0d531629b5dec5bdbff3422728cf6a8472df8b2c8827ef1c0095d59b218c915d9eb73a66f4adf9d6076e744e9312e8c47806d58f98ff245c87fd50c93561e8d434912b2064e88bf966a9e661d88", 0x598}], 0x2, 0x0, 0x0, 0x40000090}, 0x0)

2.580426949s ago: executing program 0 (id=5476):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f00000000c0)=""/244, 0x8b, 0xf4, 0x1, 0x10001}, 0x28)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000900)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xe4}, 0x4110, 0x6c97, 0x0, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x5)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r6}, 0x38)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={r0, 0x20, &(0x7f0000000380)={&(0x7f0000000200)=""/9, 0x9, 0x0, &(0x7f0000000280)=""/253, 0xfd}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000400)={0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9feb0100180000000000000074000000740000000a00000002000000070000060400000008000000ca000000050000040300000008000000010000000d0000000800000003000000ea0a00000c0000000600000000000000c5000000000000000000000203000000040000000000000b040000000900000000"], 0x0, 0x96}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x66137, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x4800, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e000000000000000500"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, 0x94)
syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071104200000000001d400500000000004704000001ed00000f030000000000002c440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a107464ffffff7f00000000617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce963b0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c3f000000315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b47623028271722fb515f31e0dd115a292f1e68481a62cd15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc8230"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

2.539921141s ago: executing program 1 (id=5477):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48)

2.495849252s ago: executing program 3 (id=5478):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xffffffffffffffc7)
socketpair(0x1, 0x1, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001860000000000000e9ff00000400000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x66137, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x4800, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0)

1.656575095s ago: executing program 1 (id=5479):
perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1fd, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000010000006d05000002"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r0}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0, 0x0, 0x11000000}, 0x38)

746.588509ms ago: executing program 4 (id=5481):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000001380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r0)
sendmsg(r1, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0, &(0x7f00000024c0)=ANY=[], 0x4f8}, 0x0)

516.918616ms ago: executing program 4 (id=5482):
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x2, 0x0, 0x7602, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000080), 0xbdf55c5ca5705acd}, 0x18e04, 0x80000000, 0x0, 0x4, 0x0, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

318.203371ms ago: executing program 1 (id=5483):
r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x19, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f0000000100)=0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x13, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4004010)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'gre0\x00', 0x10})
socketpair(0x1, 0x1, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={@cgroup, r2, 0x1}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x14, &(0x7f0000000040), 0x3b)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000009c0)={0x3c1e}, 0x8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[], 0x10)

318.115281ms ago: executing program 4 (id=5484):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1, r1}, 0xc)

189.322385ms ago: executing program 4 (id=5485):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)

0s ago: executing program 4 (id=5486):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)

kernel console output (not intermixed with test programs):

00000000036
[  703.410048][T15684] RAX: ffffffffffffffda RBX: 00007f6baa015fa0 RCX: 00007f6ba9d9cdd9
[  703.418042][T15684] RDX: 000000000000000d RSI: 0000000000000084 RDI: 0000000000000005
[  703.426031][T15684] RBP: 00007f6baac3a090 R08: 0000000000000004 R09: 0000000000000000
[  703.434020][T15684] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  703.437994][T15694] sctp: [Deprecated]: syz.4.3863 (pid 15694) Use of int in maxseg socket option.
[  703.437994][T15694] Use struct sctp_assoc_value instead
[  703.442065][T15684] R13: 00007f6baa016038 R14: 00007f6baa015fa0 R15: 00007ffc4486ac68
[  703.442095][T15684]  </TASK>
[  703.476201][T15695] sctp: [Deprecated]: syz.1.3864 (pid 15695) Use of int in maxseg socket option.
[  703.476201][T15695] Use struct sctp_assoc_value instead
[  703.580545][T15697] netlink: 126632 bytes leftover after parsing attributes in process `syz.0.3865'.
[  703.750756][T15703] netlink: 'syz.3.3866': attribute type 21 has an invalid length.
[  703.808502][T15703] netlink: 'syz.3.3866': attribute type 6 has an invalid length.
[  703.834187][T15703] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3866'.
[  703.910433][T15703] netlink: 'syz.3.3866': attribute type 21 has an invalid length.
[  703.940045][T15703] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3866'.
[  703.984925][T15703] netlink: 'syz.3.3866': attribute type 10 has an invalid length.
[  704.005137][T15703] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3866'.
[  704.202958][T15711] netlink: 'syz.4.3870': attribute type 10 has an invalid length.
[  704.514347][T15720] netlink: 'syz.3.3872': attribute type 2 has an invalid length.
[  704.531541][T15720] netlink: 'syz.3.3872': attribute type 1 has an invalid length.
[  704.558317][T15720] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3872'.
[  704.583647][T15719] bridge0: port 3(team0) entered disabled state
[  704.604314][T15719] device bridge_slave_1 left promiscuous mode
[  704.612511][T15719] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.694205][T15726] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3874'.
[  705.769721][T15719] device bridge_slave_0 left promiscuous mode
[  705.776004][T15719] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.934098][T15726] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3874'.
[  705.996251][T15736] netlink: 'syz.4.3875': attribute type 10 has an invalid length.
[  706.019817][T15736] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  706.208417][T15745] netlink: 82792 bytes leftover after parsing attributes in process `syz.2.3877'.
[  707.122791][T15763] FAULT_INJECTION: forcing a failure.
[  707.122791][T15763] name failslab, interval 1, probability 0, space 0, times 0
[  707.175847][T15763] CPU: 0 PID: 15763 Comm: syz.0.3883 Not tainted syzkaller #0
[  707.183377][T15763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  707.193454][T15763] Call Trace:
[  707.196756][T15763]  <TASK>
[  707.199702][T15763]  dump_stack_lvl+0x188/0x24e
[  707.204402][T15763]  ? show_regs_print_info+0x12/0x12
[  707.209610][T15763]  ? load_image+0x400/0x400
[  707.214112][T15763]  ? __might_sleep+0xd0/0xd0
[  707.218704][T15763]  ? __lock_acquire+0x7d10/0x7d10
[  707.223737][T15763]  should_fail_ex+0x399/0x4d0
[  707.228418][T15763]  should_failslab+0x5/0x20
[  707.232924][T15763]  slab_pre_alloc_hook+0x59/0x310
[  707.237948][T15763]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  707.243500][T15763]  __kmem_cache_alloc_node+0x4f/0x260
[  707.248873][T15763]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  707.254417][T15763]  __kmalloc+0xa0/0x240
[  707.258578][T15763]  bpf_prog_test_run_skb+0x234/0x12a0
[  707.263953][T15763]  ? __fget_files+0x28/0x4b0
[  707.268545][T15763]  ? __fget_files+0x28/0x4b0
[  707.273133][T15763]  ? __fget_files+0x43d/0x4b0
[  707.277812][T15763]  ? cpu_online+0xa0/0xa0
[  707.282141][T15763]  bpf_prog_test_run+0x31e/0x390
[  707.287079][T15763]  __sys_bpf+0x62b/0x780
[  707.291321][T15763]  ? bpf_link_show_fdinfo+0x380/0x380
[  707.296706][T15763]  ? lock_chain_count+0x20/0x20
[  707.301567][T15763]  __x64_sys_bpf+0x78/0x90
[  707.305984][T15763]  do_syscall_64+0x4c/0xa0
[  707.310402][T15763]  ? clear_bhb_loop+0x60/0xb0
[  707.315078][T15763]  ? clear_bhb_loop+0x60/0xb0
[  707.319778][T15763]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  707.325674][T15763] RIP: 0033:0x7f772cb9cdd9
[  707.330087][T15763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  707.349689][T15763] RSP: 002b:00007f772dac9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  707.358099][T15763] RAX: ffffffffffffffda RBX: 00007f772ce15fa0 RCX: 00007f772cb9cdd9
[  707.366065][T15763] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  707.374031][T15763] RBP: 00007f772dac9090 R08: 0000000000000000 R09: 0000000000000000
[  707.381993][T15763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.389955][T15763] R13: 00007f772ce16038 R14: 00007f772ce15fa0 R15: 00007ffc8b400ed8
[  707.397932][T15763]  </TASK>
[  707.617627][T15765] device syzkaller0 entered promiscuous mode
[  707.642188][T15772] netlink: 'syz.3.3887': attribute type 10 has an invalid length.
[  707.967363][T15789] sctp: [Deprecated]: syz.0.3892 (pid 15789) Use of struct sctp_assoc_value in delayed_ack socket option.
[  707.967363][T15789] Use struct sctp_sack_info instead
[  708.699971][T15783] delete_channel: no stack
[  710.241120][T15795] netlink: 'syz.0.3895': attribute type 10 has an invalid length.
[  710.249274][T15795] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  710.261887][T15797] netlink: 'syz.3.3896': attribute type 10 has an invalid length.
[  710.275546][T15797] team0: Device ipvlan1 failed to register rx_handler
[  710.318396][T15804] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3899'.
[  710.327787][T15805] netlink: 'syz.2.3899': attribute type 39 has an invalid length.
[  710.447122][T15815] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3902'.
[  710.456851][T15815] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3902'.
[  710.519243][T15818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3902'.
[  710.537656][T15815] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3902'.
[  710.765792][T15824] netlink: 'syz.1.3904': attribute type 27 has an invalid length.
[  710.766344][T15827] netlink: 'syz.2.3907': attribute type 7 has an invalid length.
[  710.781655][T15824] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3904'.
[  710.795246][T15827] netlink: 'syz.2.3907': attribute type 7 has an invalid length.
[  710.804824][T15827] netlink: 198580 bytes leftover after parsing attributes in process `syz.2.3907'.
[  710.851415][T15830] netlink: 'syz.0.3906': attribute type 10 has an invalid length.
[  711.078660][T15841] netlink: 'syz.3.3911': attribute type 7 has an invalid length.
[  711.086890][T15841] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3911'.
[  711.112977][T15842] netlink: 'syz.2.3910': attribute type 10 has an invalid length.
[  711.131636][T15842] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  711.717363][T15855] netlink: 'syz.3.3914': attribute type 3 has an invalid length.
[  711.744263][T15855] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.3914'.
[  711.750160][T15858] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3915'.
[  712.869138][T15901] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  713.797799][T15920] FAULT_INJECTION: forcing a failure.
[  713.797799][T15920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  713.890977][T15920] CPU: 1 PID: 15920 Comm: syz.0.3937 Not tainted syzkaller #0
[  713.898504][T15920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  713.908571][T15920] Call Trace:
[  713.911871][T15920]  <TASK>
[  713.914825][T15920]  dump_stack_lvl+0x188/0x24e
[  713.919530][T15920]  ? show_regs_print_info+0x12/0x12
[  713.924750][T15920]  ? load_image+0x400/0x400
[  713.929276][T15920]  ? __lock_acquire+0x7d10/0x7d10
[  713.934311][T15920]  should_fail_ex+0x399/0x4d0
[  713.939002][T15920]  _copy_from_user+0x2c/0x170
[  713.943686][T15920]  csum_and_copy_from_iter+0x493/0x1350
[  713.949255][T15920]  ? alloc_skb_with_frags+0x674/0x710
[  713.954635][T15920]  ? iov_iter_get_pages_alloc2+0xc0/0xc0
[  713.960281][T15920]  ip_generic_getfrag+0x150/0x2e0
[  713.965306][T15920]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[  713.970164][T15920]  ? skb_put+0x117/0x210
[  713.974401][T15920]  __ip6_append_data+0x300b/0x3d40
[  713.979536][T15920]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[  713.984397][T15920]  ? ip6_mtu+0x79/0x3f0
[  713.988637][T15920]  ? ip6_setup_cork+0xfe0/0xfe0
[  713.993487][T15920]  ? ip6_setup_cork+0xa30/0xfe0
[  713.998339][T15920]  ip6_append_data+0x1ea/0x3e0
[  714.003108][T15920]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[  714.007958][T15920]  l2tp_ip6_sendmsg+0x1208/0x1670
[  714.012991][T15920]  ? l2tp_ip6_destroy_sock+0x50/0x50
[  714.018288][T15920]  ? aa_af_perm+0x340/0x340
[  714.022786][T15920]  ? tomoyo_socket_sendmsg_permission+0x212/0x2f0
[  714.029204][T15920]  ? sock_rps_record_flow+0x19/0x3f0
[  714.034488][T15920]  ? inet_sendmsg+0x78/0x2f0
[  714.039162][T15920]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  714.044460][T15920]  ? security_socket_sendmsg+0x7c/0xa0
[  714.049945][T15920]  ? inet_send_prepare+0x260/0x260
[  714.055073][T15920]  ____sys_sendmsg+0x5be/0x970
[  714.059860][T15920]  ? __sys_sendmsg_sock+0x30/0x30
[  714.064898][T15920]  ? __import_iovec+0x315/0x500
[  714.069753][T15920]  ? import_iovec+0x6f/0xa0
[  714.074253][T15920]  ___sys_sendmsg+0x2a2/0x360
[  714.078934][T15920]  ? __sys_sendmsg+0x290/0x290
[  714.083714][T15920]  ? __lock_acquire+0x7d10/0x7d10
[  714.088755][T15920]  __se_sys_sendmsg+0x1bb/0x2a0
[  714.093605][T15920]  ? ct_nmi_exit+0x145/0x1c0
[  714.098194][T15920]  ? __x64_sys_sendmsg+0x80/0x80
[  714.103140][T15920]  ? lockdep_hardirqs_on+0x94/0x140
[  714.108346][T15920]  do_syscall_64+0x4c/0xa0
[  714.112774][T15920]  ? clear_bhb_loop+0x60/0xb0
[  714.117453][T15920]  ? clear_bhb_loop+0x60/0xb0
[  714.122135][T15920]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  714.128033][T15920] RIP: 0033:0x7f772cb9cdd9
[  714.132448][T15920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  714.152058][T15920] RSP: 002b:00007f772dac9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  714.160470][T15920] RAX: ffffffffffffffda RBX: 00007f772ce15fa0 RCX: 00007f772cb9cdd9
[  714.168445][T15920] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000003
[  714.176410][T15920] RBP: 00007f772dac9090 R08: 0000000000000000 R09: 0000000000000000
[  714.184401][T15920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  714.192544][T15920] R13: 00007f772ce16038 R14: 00007f772ce15fa0 R15: 00007ffc8b400ed8
[  714.200522][T15920]  </TASK>
[  715.666504][T15947] __nla_validate_parse: 11 callbacks suppressed
[  715.666524][T15947] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3942'.
[  715.723472][T15947] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3942'.
[  715.766746][T15952] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3942'.
[  715.817622][T15955] validate_nla: 5 callbacks suppressed
[  715.817657][T15955] netlink: 'syz.1.3947': attribute type 10 has an invalid length.
[  715.882620][T15955] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  716.221718][T15969] netlink: 'syz.4.3950': attribute type 39 has an invalid length.
[  717.249130][T15985] netlink: 'syz.0.3956': attribute type 3 has an invalid length.
[  717.256933][T15985] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3956'.
[  718.106746][T15998] FAULT_INJECTION: forcing a failure.
[  718.106746][T15998] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.276026][T15998] CPU: 0 PID: 15998 Comm: syz.3.3961 Not tainted syzkaller #0
[  718.283551][T15998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  718.293634][T15998] Call Trace:
[  718.296936][T15998]  <TASK>
[  718.299890][T15998]  dump_stack_lvl+0x188/0x24e
[  718.304616][T15998]  ? show_regs_print_info+0x12/0x12
[  718.309857][T15998]  ? load_image+0x400/0x400
[  718.314399][T15998]  ? __lock_acquire+0x7d10/0x7d10
[  718.319483][T15998]  should_fail_ex+0x399/0x4d0
[  718.324191][T15998]  _copy_from_user+0x2c/0x170
[  718.328899][T15998]  vmemdup_user+0xa8/0x1d0
[  718.333350][T15998]  map_get_next_key+0x225/0x620
[  718.338230][T15998]  ? __might_fault+0xa6/0x120
[  718.342933][T15998]  ? bpf_lsm_bpf+0x5/0x10
[  718.347299][T15998]  __sys_bpf+0x466/0x780
[  718.351584][T15998]  ? bpf_link_show_fdinfo+0x380/0x380
[  718.356999][T15998]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  718.363163][T15998]  __x64_sys_bpf+0x78/0x90
[  718.367577][T15998]  do_syscall_64+0x4c/0xa0
[  718.371996][T15998]  ? clear_bhb_loop+0x60/0xb0
[  718.376670][T15998]  ? clear_bhb_loop+0x60/0xb0
[  718.381347][T15998]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  718.387234][T15998] RIP: 0033:0x7f6ba9d9cdd9
[  718.391641][T15998] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  718.411428][T15998] RSP: 002b:00007f6baac3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  718.419846][T15998] RAX: ffffffffffffffda RBX: 00007f6baa015fa0 RCX: 00007f6ba9d9cdd9
[  718.427828][T15998] RDX: 0000000000000020 RSI: 00002000000005c0 RDI: 0000000000000004
[  718.435796][T15998] RBP: 00007f6baac3a090 R08: 0000000000000000 R09: 0000000000000000
[  718.443761][T15998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  718.451725][T15998] R13: 00007f6baa016038 R14: 00007f6baa015fa0 R15: 00007ffc4486ac68
[  718.459712][T15998]  </TASK>
[  718.801390][T16005] netlink: 'syz.4.3963': attribute type 21 has an invalid length.
[  718.818312][T16005] netlink: 'syz.4.3963': attribute type 6 has an invalid length.
[  718.867629][T16005] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3963'.
[  719.166306][T16006] netlink: 'syz.4.3963': attribute type 21 has an invalid length.
[  719.188508][T16006] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3963'.
[  719.333381][T16005] netlink: 'syz.4.3963': attribute type 10 has an invalid length.
[  719.349071][T16005] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3963'.
[  719.577382][T16012] netlink: 'syz.0.3965': attribute type 10 has an invalid length.
[  719.597453][T16012] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  719.661672][T16015] device veth1_macvtap left promiscuous mode
[  719.667742][T16015] device macsec0 entered promiscuous mode
[  719.696655][T16018] IPv6: NLM_F_CREATE should be specified when creating new route
[  719.711178][T16018] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3967'.
[  720.436534][T16028] netlink: 'syz.0.3970': attribute type 3 has an invalid length.
[  720.465455][T16028] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3970'.
[  720.834816][T16037] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3976'.
[  720.947489][T16037] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3976'.
[  720.987938][T16040] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3976'.
[  721.287492][T16055] netlink: 'syz.2.3980': attribute type 10 has an invalid length.
[  721.336686][T16055] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  721.641246][T16061] netlink: 'syz.1.3983': attribute type 3 has an invalid length.
[  721.658817][T16061] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3983'.
[  721.859987][T16070] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  721.884061][T16070] batman_adv: batadv0: Removing interface: batadv_slave_0
[  721.904279][T16070] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  721.942961][T16070] batman_adv: batadv0: Removing interface: batadv_slave_1
[  722.904637][T16088] netlink: 'syz.2.3994': attribute type 4 has an invalid length.
[  722.990457][T16089] FAULT_INJECTION: forcing a failure.
[  722.990457][T16089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  723.075352][T16088] netlink: 127868 bytes leftover after parsing attributes in process `syz.2.3994'.
[  723.105251][T16089] CPU: 1 PID: 16089 Comm: syz.3.3993 Not tainted syzkaller #0
[  723.112884][T16089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  723.122978][T16089] Call Trace:
[  723.126284][T16089]  <TASK>
[  723.129255][T16089]  dump_stack_lvl+0x188/0x24e
[  723.134008][T16089]  ? show_regs_print_info+0x12/0x12
[  723.139267][T16089]  ? load_image+0x400/0x400
[  723.143832][T16089]  ? __lock_acquire+0x7d10/0x7d10
[  723.148910][T16089]  ? __virt_addr_valid+0x188/0x540
[  723.154079][T16089]  should_fail_ex+0x399/0x4d0
[  723.158814][T16089]  _copy_from_user+0x2c/0x170
[  723.163546][T16089]  btf_new_fd+0x324/0x780
[  723.167939][T16089]  __sys_bpf+0x612/0x780
[  723.172242][T16089]  ? bpf_link_show_fdinfo+0x380/0x380
[  723.177712][T16089]  ? lock_chain_count+0x20/0x20
[  723.182615][T16089]  __x64_sys_bpf+0x78/0x90
[  723.187050][T16089]  do_syscall_64+0x4c/0xa0
[  723.191482][T16089]  ? clear_bhb_loop+0x60/0xb0
[  723.196181][T16089]  ? clear_bhb_loop+0x60/0xb0
[  723.200882][T16089]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  723.206784][T16089] RIP: 0033:0x7f6ba9d9cdd9
[  723.211214][T16089] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  723.230830][T16089] RSP: 002b:00007f6baac3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  723.239256][T16089] RAX: ffffffffffffffda RBX: 00007f6baa015fa0 RCX: 00007f6ba9d9cdd9
[  723.247236][T16089] RDX: 0000000000000028 RSI: 0000200000000240 RDI: 0000000000000012
[  723.255216][T16089] RBP: 00007f6baac3a090 R08: 0000000000000000 R09: 0000000000000000
[  723.263198][T16089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  723.271175][T16089] R13: 00007f6baa016038 R14: 00007f6baa015fa0 R15: 00007ffc4486ac68
[  723.279187][T16089]  </TASK>
[  723.424758][T16095] netlink: 'syz.1.3995': attribute type 29 has an invalid length.
[  723.467542][T16095] netlink: 'syz.1.3995': attribute type 29 has an invalid length.
[  723.586501][T16098] netlink: 4068 bytes leftover after parsing attributes in process `syz.2.3997'.
[  723.642247][T16098] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3997'.
[  723.828752][T16104] netlink: 'syz.4.3999': attribute type 10 has an invalid length.
[  723.849419][T16104] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  725.411982][T16141] netlink: 'syz.3.4012': attribute type 10 has an invalid length.
[  725.974246][T16162] netlink: 'syz.0.4018': attribute type 10 has an invalid length.
[  726.090075][T16162] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  727.030160][T16187] netlink: 'syz.4.4029': attribute type 3 has an invalid length.
[  727.053865][T16187] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4029'.
[  727.393772][T16200] netlink: 'syz.0.4033': attribute type 10 has an invalid length.
[  727.417302][T16199] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  727.441217][T16199] batman_adv: batadv0: Removing interface: batadv_slave_0
[  727.491990][T16199] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  727.531243][T16199] batman_adv: batadv0: Removing interface: batadv_slave_1
[  728.512490][T16213] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4038'.
[  728.778511][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  729.011415][T16221] netlink: 'syz.1.4041': attribute type 10 has an invalid length.
[  729.108809][T16221] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  729.349110][T16230] netlink: 'syz.0.4045': attribute type 3 has an invalid length.
[  729.380561][T16230] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4045'.
[  733.087579][T16249] netlink: 'syz.1.4049': attribute type 10 has an invalid length.
[  733.095740][T16253] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4052'.
[  733.485654][T16257] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  733.500214][T16257] batman_adv: batadv0: Removing interface: batadv_slave_0
[  733.522290][T16257] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  733.558460][T16257] batman_adv: batadv0: Removing interface: batadv_slave_1
[  733.988511][T16270] netlink: 'syz.3.4060': attribute type 10 has an invalid length.
[  733.988773][T16273] netlink: 'syz.0.4061': attribute type 29 has an invalid length.
[  734.028969][T16270] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  734.096470][T16273] netlink: 'syz.0.4061': attribute type 29 has an invalid length.
[  734.696059][T16288] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.4063'.
[  734.859400][T16296] netlink: 'syz.0.4067': attribute type 10 has an invalid length.
[  734.881409][T16291] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4068'.
[  735.399722][T16318] netlink: 'syz.4.4078': attribute type 29 has an invalid length.
[  735.408085][T16318] netlink: 'syz.4.4078': attribute type 29 has an invalid length.
[  735.851952][T16326] netlink: 'syz.0.4081': attribute type 10 has an invalid length.
[  735.872461][T16326] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  736.315601][T16334] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4083'.
[  736.590354][T16332] device syzkaller0 entered promiscuous mode
[  738.301317][T16359] netlink: 'syz.0.4091': attribute type 10 has an invalid length.
[  738.811534][T16393] netlink: 'syz.2.4101': attribute type 10 has an invalid length.
[  738.847267][T16393] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  739.045815][T16400] netlink: 'syz.3.4105': attribute type 10 has an invalid length.
[  739.556917][T16424] netlink: 'syz.1.4113': attribute type 15 has an invalid length.
[  739.566532][T16424] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.4113'.
[  740.054522][T16448] netlink: 'syz.1.4118': attribute type 10 has an invalid length.
[  740.073192][T16448] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  740.664797][T16494] netlink: 'syz.2.4120': attribute type 39 has an invalid length.
[  741.402865][T16498] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.4123'.
[  741.465559][T16513] netlink: 'syz.0.4126': attribute type 10 has an invalid length.
[  741.508470][T16513] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  741.917231][T16529] netlink: 'syz.2.4133': attribute type 10 has an invalid length.
[  741.966264][T16529] device wlan1 entered promiscuous mode
[  741.978601][T16529] team0: Port device wlan1 added
[  741.984400][T16525] netlink: 'syz.4.4132': attribute type 10 has an invalid length.
[  741.994137][T16525] netlink: 'syz.4.4132': attribute type 19 has an invalid length.
[  742.011104][T16525] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4132'.
[  742.024136][T16529] netlink: 'syz.2.4133': attribute type 11 has an invalid length.
[  742.046513][T16529] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4133'.
[  742.083606][T16528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  742.303853][T16546] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4139'.
[  743.562812][T16580] validate_nla: 2 callbacks suppressed
[  743.562849][T16580] netlink: 'syz.3.4150': attribute type 10 has an invalid length.
[  743.608666][T16580] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  743.859226][T16583] netlink: 'syz.2.4151': attribute type 1 has an invalid length.
[  743.895011][T16583] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.4151'.
[  744.722438][T16605] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4160'.
[  744.781116][T16607] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4159'.
[  744.817933][T16611] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.4162'.
[  745.286773][T16620] netlink: 'syz.3.4164': attribute type 3 has an invalid length.
[  745.310026][T16620] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4164'.
[  746.311266][T16645] netlink: 'syz.4.4172': attribute type 10 has an invalid length.
[  746.342373][T16645] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  746.685307][T16652] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4176'.
[  746.719026][T16653] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4177'.
[  746.833871][T16656] netlink: 'syz.2.4178': attribute type 10 has an invalid length.
[  747.183534][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  747.190231][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  747.420688][T16677] netlink: 'syz.3.4185': attribute type 10 has an invalid length.
[  747.441376][T16677] netlink: 'syz.3.4185': attribute type 19 has an invalid length.
[  747.463210][T16677] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4185'.
[  747.789832][T16687] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4190'.
[  747.870408][T16686] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4189'.
[  748.421220][T16704] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4197'.
[  748.515770][T16702] netlink: 'syz.0.4196': attribute type 1 has an invalid length.
[  748.584662][T16708] netlink: 'syz.1.4198': attribute type 3 has an invalid length.
[  748.893727][T16724] netlink: 'syz.1.4203': attribute type 10 has an invalid length.
[  749.258383][   T48] Bluetooth: hci1: command 0x0406 tx timeout
[  749.682469][T16748] netlink: 'syz.2.4213': attribute type 21 has an invalid length.
[  749.762128][T16748] netlink: 'syz.2.4213': attribute type 6 has an invalid length.
[  749.784614][T16748] __nla_validate_parse: 3 callbacks suppressed
[  749.784633][T16748] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4213'.
[  749.923238][T16746] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4212'.
[  749.946944][T16752] netlink: 'syz.1.4214': attribute type 3 has an invalid length.
[  749.961328][T16748] netlink: 'syz.2.4213': attribute type 21 has an invalid length.
[  749.996705][T16752] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4214'.
[  749.998803][T16748] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4213'.
[  750.099015][T16748] netlink: 'syz.2.4213': attribute type 10 has an invalid length.
[  750.151034][T16748] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4213'.
[  750.203560][T16748] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  750.257048][T16756] netlink: 'syz.3.4216': attribute type 21 has an invalid length.
[  750.273817][T16756] netlink: 'syz.3.4216': attribute type 6 has an invalid length.
[  750.287761][T16756] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4216'.
[  750.315271][T16757] netlink: 'syz.3.4216': attribute type 21 has an invalid length.
[  750.340537][T16757] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4216'.
[  750.380450][T16756] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4216'.
[  750.694040][T16769] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.4221'.
[  750.784141][T16773] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  750.791680][T16773] IPv6: NLM_F_CREATE should be set when creating new route
[  750.799271][T16773] IPv6: NLM_F_CREATE should be set when creating new route
[  750.806763][T16773] IPv6: NLM_F_CREATE should be set when creating new route
[  750.963399][T16772] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.4220'.
[  756.424223][T16848] validate_nla: 15 callbacks suppressed
[  756.424246][T16848] netlink: 'syz.2.4250': attribute type 8 has an invalid length.
[  756.444646][T16848] __nla_validate_parse: 12 callbacks suppressed
[  756.444669][T16848] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.4250'.
[  756.828353][T16861] netlink: 'syz.2.4253': attribute type 21 has an invalid length.
[  756.847517][T16861] netlink: 'syz.2.4253': attribute type 6 has an invalid length.
[  756.871887][T16861] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4253'.
[  756.925332][T16861] netlink: 'syz.2.4253': attribute type 21 has an invalid length.
[  756.949599][T16861] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4253'.
[  757.014368][T16861] netlink: 'syz.2.4253': attribute type 10 has an invalid length.
[  757.033231][T16861] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4253'.
[  757.070026][T16861] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  757.185777][T16867] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4256'.
[  757.714898][T16876] netlink: 'syz.2.4261': attribute type 8 has an invalid length.
[  757.752203][T16876] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.4261'.
[  757.997413][T16880] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4259'.
[  758.035212][T16884] netlink: 'syz.3.4263': attribute type 2 has an invalid length.
[  758.054154][T16884] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4263'.
[  759.834931][T16959] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4275'.
[  760.197942][T16966] netlink: 'syz.1.4279': attribute type 21 has an invalid length.
[  760.241274][T16966] netlink: 128 bytes leftover after parsing attributes in process `syz.1.4279'.
[  760.372716][T16971] netlink: 'syz.2.4282': attribute type 21 has an invalid length.
[  761.549033][T17000] netlink: 'syz.2.4293': attribute type 21 has an invalid length.
[  761.596270][T17000] __nla_validate_parse: 4 callbacks suppressed
[  761.596305][T17000] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4293'.
[  761.649929][T17000] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4293'.
[  761.683219][T16998] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4292'.
[  761.924792][T17012] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.4296'.
[  761.947072][T17014] netlink: 'syz.3.4297': attribute type 3 has an invalid length.
[  762.001615][T17014] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4297'.
[  762.374306][T17022] netlink: 'syz.0.4299': attribute type 21 has an invalid length.
[  762.412977][T17022] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4299'.
[  762.446640][T17022] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4299'.
[  762.550871][T17025] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4301'.
[  762.877624][T17039] netlink: 'syz.2.4307': attribute type 10 has an invalid length.
[  762.932007][T17039] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  762.975881][T17039] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  763.066850][T17039] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  763.127181][T17039] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  763.388854][T17039] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  763.512594][T17039] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  763.550185][T17039] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  763.577407][T17039] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  763.694865][T17039] device geneve1 entered promiscuous mode
[  763.719977][T17039] team0: Port device geneve1 added
[  763.784822][T17046] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4308'.
[  764.053210][T17062] netlink: 'syz.0.4314': attribute type 3 has an invalid length.
[  764.081479][T17058] netlink: 'syz.3.4312': attribute type 3 has an invalid length.
[  764.125451][T17062] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.4314'.
[  765.875788][T17098] netlink: 'syz.2.4328': attribute type 10 has an invalid length.
[  766.003109][T17104] netlink: 'syz.4.4330': attribute type 6 has an invalid length.
[  766.043981][T17104] netlink: 'syz.4.4330': attribute type 3 has an invalid length.
[  766.201446][T17110] netlink: 'syz.4.4333': attribute type 3 has an invalid length.
[  766.764908][T17115] __nla_validate_parse: 7 callbacks suppressed
[  766.764928][T17115] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4335'.
[  766.903290][T17123] netlink: 'syz.1.4346': attribute type 10 has an invalid length.
[  768.159799][T17150] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4343'.
[  768.241592][T17153] netlink: 'syz.2.4348': attribute type 3 has an invalid length.
[  768.280549][T17153] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4348'.
[  768.403399][   T48] Bluetooth: hci4: unexpected event 0x1d length: 15 > 5
[  768.603672][T17166] netlink: 'syz.4.4352': attribute type 10 has an invalid length.
[  768.637423][T17166] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  768.648963][T17166] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  768.661153][T17166] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  768.677190][T17166] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  768.752353][T17166] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  768.767140][T17166] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  768.791552][T17166] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  768.817925][T17166] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  768.957581][T17166] device geneve1 entered promiscuous mode
[  768.990838][T17166] team0: Port device geneve1 added
[  769.170385][T17176] netlink: 'syz.1.4354': attribute type 10 has an invalid length.
[  769.454414][T17184] netlink: 'syz.3.4357': attribute type 21 has an invalid length.
[  769.466087][T17184] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4357'.
[  769.503624][T17184] FAULT_INJECTION: forcing a failure.
[  769.503624][T17184] name failslab, interval 1, probability 0, space 0, times 0
[  769.528299][T17182] netlink: 'syz.0.4355': attribute type 21 has an invalid length.
[  769.530138][T17184] CPU: 1 PID: 17184 Comm: syz.3.4357 Not tainted syzkaller #0
[  769.542073][T17182] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4355'.
[  769.543619][T17184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  769.543634][T17184] Call Trace:
[  769.543641][T17184]  <TASK>
[  769.543656][T17184]  dump_stack_lvl+0x188/0x24e
[  769.543693][T17184]  ? show_regs_print_info+0x12/0x12
[  769.543719][T17184]  ? load_image+0x400/0x400
[  769.566588][T17182] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4355'.
[  769.569005][T17184]  ? __might_sleep+0xd0/0xd0
[  769.569032][T17184]  ? __lock_acquire+0x7d10/0x7d10
[  769.569058][T17184]  should_fail_ex+0x399/0x4d0
[  769.569081][T17184]  should_failslab+0x5/0x20
[  769.569098][T17184]  slab_pre_alloc_hook+0x59/0x310
[  769.569120][T17184]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  769.569144][T17184]  __kmem_cache_alloc_node+0x4f/0x260
[  769.569168][T17184]  ? bpf_prog_test_run_skb+0x234/0x12a0
[  769.569189][T17184]  __kmalloc+0xa0/0x240
[  769.569218][T17184]  bpf_prog_test_run_skb+0x234/0x12a0
[  769.569238][T17184]  ? lockdep_hardirqs_on+0x94/0x140
[  769.569260][T17184]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  769.569295][T17184]  ? cpu_online+0xa0/0xa0
[  769.569316][T17184]  bpf_prog_test_run+0x31e/0x390
[  769.569344][T17184]  __sys_bpf+0x62b/0x780
[  769.569370][T17184]  ? bpf_link_show_fdinfo+0x380/0x380
[  769.672555][T17184]  __x64_sys_bpf+0x78/0x90
[  769.677006][T17184]  do_syscall_64+0x4c/0xa0
[  769.681454][T17184]  ? clear_bhb_loop+0x60/0xb0
[  769.686158][T17184]  ? clear_bhb_loop+0x60/0xb0
[  769.690873][T17184]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  769.696790][T17184] RIP: 0033:0x7f6ba9d9cdd9
[  769.701221][T17184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  769.720933][T17184] RSP: 002b:00007f6baac19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  769.729457][T17184] RAX: ffffffffffffffda RBX: 00007f6baa016090 RCX: 00007f6ba9d9cdd9
[  769.737454][T17184] RDX: 0000000000000050 RSI: 0000200000000500 RDI: 000000000000000a
[  769.745446][T17184] RBP: 00007f6baac19090 R08: 0000000000000000 R09: 0000000000000000
[  769.753445][T17184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.761445][T17184] R13: 00007f6baa016128 R14: 00007f6baa016090 R15: 00007ffc4486ac68
[  769.769457][T17184]  </TASK>
[  770.160104][T17197] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4361'.
[  770.309760][   T48] Bluetooth: hci0: unexpected event 0x1d length: 15 > 5
[  770.869549][   T48] Bluetooth: hci0: unexpected event 0x1c length: 15 > 5
[  771.156399][T17222] netlink: 'syz.3.4370': attribute type 10 has an invalid length.
[  771.266098][T17222] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  771.292058][T17222] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  771.318374][T17222] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  771.327561][T17222] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  771.417620][T17222] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  771.442089][T17222] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  771.455294][T17222] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  771.466358][T17222] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  771.580384][T17237] FAULT_INJECTION: forcing a failure.
[  771.580384][T17237] name failslab, interval 1, probability 0, space 0, times 0
[  771.588838][T17222] device geneve1 entered promiscuous mode
[  771.595554][T17237] CPU: 0 PID: 17237 Comm: syz.0.4374 Not tainted syzkaller #0
[  771.606846][T17237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  771.616924][T17237] Call Trace:
[  771.620230][T17237]  <TASK>
[  771.623173][T17237]  dump_stack_lvl+0x188/0x24e
[  771.627856][T17237]  ? sctp_sendmsg+0x15b0/0x2940
[  771.632709][T17237]  ? ___sys_sendmsg+0x2a2/0x360
[  771.637562][T17237]  ? show_regs_print_info+0x12/0x12
[  771.642763][T17237]  ? load_image+0x400/0x400
[  771.647273][T17237]  should_fail_ex+0x399/0x4d0
[  771.651949][T17237]  should_failslab+0x5/0x20
[  771.656453][T17237]  slab_pre_alloc_hook+0x59/0x310
[  771.661477][T17237]  ? sctp_add_bind_addr+0x89/0x350
[  771.666586][T17237]  __kmem_cache_alloc_node+0x4f/0x260
[  771.671961][T17237]  ? sctp_add_bind_addr+0x89/0x350
[  771.677072][T17237]  kmalloc_trace+0x26/0xe0
[  771.681489][T17237]  sctp_add_bind_addr+0x89/0x350
[  771.686435][T17237]  sctp_copy_local_addr_list+0x311/0x4e0
[  771.692073][T17237]  ? sctp_copy_local_addr_list+0xa1/0x4e0
[  771.697794][T17237]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  771.703864][T17237]  ? sctp_v6_is_any+0x60/0x70
[  771.708538][T17237]  ? sctp_copy_one_addr+0x93/0x660
[  771.713653][T17237]  sctp_bind_addr_copy+0xaf/0x3c0
[  771.718681][T17237]  ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190
[  771.725006][T17237]  sctp_connect_new_asoc+0x2f5/0x6a0
[  771.730285][T17237]  ? __sctp_connect+0xd80/0xd80
[  771.735126][T17237]  ? __local_bh_enable_ip+0x136/0x1c0
[  771.740509][T17237]  ? bpf_lsm_sctp_bind_connect+0x5/0x10
[  771.746051][T17237]  ? security_sctp_bind_connect+0x85/0xb0
[  771.751767][T17237]  sctp_sendmsg+0x15b0/0x2940
[  771.756456][T17237]  ? sctp_getsockopt+0x8a0/0x8a0
[  771.761439][T17237]  ? __lock_acquire+0x7d10/0x7d10
[  771.766460][T17237]  ? aa_af_perm+0x340/0x340
[  771.770961][T17237]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  771.777381][T17237]  ? inet_sendmsg+0xe5/0x2f0
[  771.781973][T17237]  ? inet_send_prepare+0x260/0x260
[  771.787073][T17237]  ____sys_sendmsg+0x5be/0x970
[  771.791846][T17237]  ? __sys_sendmsg_sock+0x30/0x30
[  771.796872][T17237]  ? __import_iovec+0x315/0x500
[  771.801725][T17237]  ? import_iovec+0x6f/0xa0
[  771.806226][T17237]  ___sys_sendmsg+0x2a2/0x360
[  771.810908][T17237]  ? __sys_sendmsg+0x290/0x290
[  771.815687][T17237]  ? trace_call_bpf+0xbf/0x6b0
[  771.820468][T17237]  __se_sys_sendmsg+0x1bb/0x2a0
[  771.825317][T17237]  ? ct_nmi_exit+0x145/0x1c0
[  771.829905][T17237]  ? __x64_sys_sendmsg+0x80/0x80
[  771.834864][T17237]  ? lockdep_hardirqs_on+0x94/0x140
[  771.840058][T17237]  do_syscall_64+0x4c/0xa0
[  771.844472][T17237]  ? clear_bhb_loop+0x60/0xb0
[  771.849157][T17237]  ? clear_bhb_loop+0x60/0xb0
[  771.853842][T17237]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  771.859732][T17237] RIP: 0033:0x7f772cb9cdd9
[  771.864164][T17237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  771.883766][T17237] RSP: 002b:00007f772dac9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  771.892189][T17237] RAX: ffffffffffffffda RBX: 00007f772ce15fa0 RCX: 00007f772cb9cdd9
[  771.900158][T17237] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 0000000000000003
[  771.908127][T17237] RBP: 00007f772dac9090 R08: 0000000000000000 R09: 0000000000000000
[  771.916095][T17237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  771.924061][T17237] R13: 00007f772ce16038 R14: 00007f772ce15fa0 R15: 00007ffc8b400ed8
[  771.932040][T17237]  </TASK>
[  771.949423][T17222] team0: Port device geneve1 added
[  771.972183][T17226] netlink: 'syz.4.4371': attribute type 10 has an invalid length.
[  772.163156][T17239] netlink: 'syz.2.4375': attribute type 1 has an invalid length.
[  772.235024][T17239] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.4375'.
[  772.494797][T17248] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4378'.
[  772.771677][   T48] Bluetooth: hci1: unexpected event 0x1d length: 15 > 5
[  773.245518][T17272] bridge0: port 4(ip6gretap0) entered blocking state
[  773.260015][T17272] bridge0: port 4(ip6gretap0) entered disabled state
[  773.270283][T17272] device ip6gretap0 entered promiscuous mode
[  773.315561][T17272] device ip6gretap0 left promiscuous mode
[  773.331065][T17272] bridge0: port 4(ip6gretap0) entered disabled state
[  773.359210][T17277] netlink: 'syz.3.4390': attribute type 10 has an invalid length.
[  773.409769][T17280] netlink: 'syz.0.4392': attribute type 10 has an invalid length.
[  773.433370][T17280] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.454418][T17280] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.478421][T17280] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.534888][T17280] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.706637][T17280] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  773.728705][T17280] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  773.769498][T17280] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  773.813421][T17280] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  773.882326][T17280] device geneve1 entered promiscuous mode
[  773.893920][T17280] team0: Port device geneve1 added
[  774.385277][T17293] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4393'.
[  774.515127][T17299] netlink: 'syz.3.4396': attribute type 1 has an invalid length.
[  774.542514][T17299] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.4396'.
[  775.498791][T17318] netlink: 'syz.3.4412': attribute type 1 has an invalid length.
[  775.551507][T17318] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.4412'.
[  775.805407][   T48] Bluetooth: hci3: unexpected event 0x1c length: 15 > 5
[  776.105472][T17336] netlink: 'syz.2.4406': attribute type 10 has an invalid length.
[  776.352944][T17345] netlink: 'syz.0.4410': attribute type 21 has an invalid length.
[  776.402410][T17345] netlink: 'syz.0.4410': attribute type 6 has an invalid length.
[  776.432254][T17345] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4410'.
[  776.554764][T17347] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4409'.
[  776.592583][T17345] netlink: 'syz.0.4410': attribute type 21 has an invalid length.
[  776.625759][T17345] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4410'.
[  776.809594][T17348] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4410'.
[  776.857094][T17348] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  777.162597][T17351] validate_nla: 1 callbacks suppressed
[  777.162630][T17351] netlink: 'syz.1.4413': attribute type 21 has an invalid length.
[  777.196258][T17351] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4413'.
[  777.305619][T17359] netlink: 'syz.2.4414': attribute type 3 has an invalid length.
[  777.346962][T17359] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4414'.
[  778.151924][T17370] netlink: 'syz.4.4421': attribute type 1 has an invalid length.
[  778.198513][T17370] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.4421'.
[  778.962016][T17380] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4423'.
[  778.991326][T17387] netlink: 'syz.0.4425': attribute type 10 has an invalid length.
[  779.076228][T17391] netlink: 'syz.1.4427': attribute type 21 has an invalid length.
[  779.084488][T17391] netlink: 'syz.1.4427': attribute type 6 has an invalid length.
[  779.092783][T17391] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4427'.
[  779.113098][T17391] netlink: 'syz.1.4427': attribute type 21 has an invalid length.
[  779.121399][T17391] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4427'.
[  779.146852][T17392] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4428'.
[  779.211074][T17391] netlink: 'syz.1.4427': attribute type 10 has an invalid length.
[  779.221883][T17391] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4427'.
[  779.243699][T17391] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  779.857229][   T48] Bluetooth: hci4: unexpected event 0x1c length: 15 > 5
[  779.912283][T17409] netlink: 'syz.2.4442': attribute type 1 has an invalid length.
[  779.933005][T17412] netlink: 'syz.1.4433': attribute type 3 has an invalid length.
[  779.950266][T17412] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4433'.
[  780.024421][T17409] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.4442'.
[  780.126510][T17416] device syzkaller0 entered promiscuous mode
[  781.129041][T17430] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4440'.
[  781.381406][T17431] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  781.911490][T17445] IPv6: NLM_F_CREATE should be specified when creating new route
[  782.331561][T17459] validate_nla: 7 callbacks suppressed
[  782.331581][T17459] netlink: 'syz.4.4450': attribute type 3 has an invalid length.
[  782.363795][T17459] __nla_validate_parse: 10 callbacks suppressed
[  782.363815][T17459] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4450'.
[  782.681796][T17462] netlink: 188 bytes leftover after parsing attributes in process `syz.3.4452'.
[  783.103155][T17467] netlink: 'syz.0.4454': attribute type 1 has an invalid length.
[  783.127006][T17467] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.4454'.
[  783.346095][T17472] netlink: 'syz.3.4453': attribute type 2 has an invalid length.
[  783.361631][T17472] netlink: 'syz.3.4453': attribute type 3 has an invalid length.
[  783.412444][T17472] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4453'.
[  784.821034][T17481] netlink: 'syz.1.4456': attribute type 21 has an invalid length.
[  784.870231][T17481] netlink: 'syz.1.4456': attribute type 6 has an invalid length.
[  784.946541][T17481] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4456'.
[  785.241609][T17490] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4460'.
[  785.263896][T17481] netlink: 'syz.1.4456': attribute type 21 has an invalid length.
[  785.285018][T17481] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4456'.
[  785.326217][T17484] netlink: 'syz.1.4456': attribute type 10 has an invalid length.
[  785.372012][T17484] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4456'.
[  785.396469][T17484] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  785.422187][T17482] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4459'.
[  785.445614][T17490] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4460'.
[  785.993059][T17497] netlink: 'syz.0.4462': attribute type 1 has an invalid length.
[  786.511723][T17512] netlink: 'syz.3.4466': attribute type 10 has an invalid length.
[  787.516930][T17528] __nla_validate_parse: 6 callbacks suppressed
[  787.516951][T17528] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4471'.
[  787.693780][T17535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4474'.
[  787.703296][T17535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4474'.
[  787.714415][T17535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4474'.
[  787.731808][T17535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4474'.
[  788.000034][T17539] validate_nla: 2 callbacks suppressed
[  788.000055][T17539] netlink: 'syz.3.4475': attribute type 21 has an invalid length.
[  788.046007][T17539] netlink: 'syz.3.4475': attribute type 6 has an invalid length.
[  788.054159][T17539] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4475'.
[  788.166872][T17541] netlink: 'syz.3.4475': attribute type 21 has an invalid length.
[  788.200846][T17541] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4475'.
[  788.215262][T17539] netlink: 'syz.3.4475': attribute type 10 has an invalid length.
[  788.225103][T17539] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4475'.
[  788.848068][T17557] netlink: 'syz.2.4481': attribute type 10 has an invalid length.
[  788.986737][T17561] netlink: 'syz.4.4482': attribute type 10 has an invalid length.
[  789.267089][T17568] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4483'.
[  789.396655][T17569] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4484'.
[  789.932244][T17581] netlink: 'syz.1.4487': attribute type 3 has an invalid length.
[  790.022886][T17583] netlink: 'syz.4.4489': attribute type 21 has an invalid length.
[  790.035270][T17583] netlink: 'syz.4.4489': attribute type 6 has an invalid length.
[  790.106177][T17586] netlink: 'syz.4.4489': attribute type 21 has an invalid length.
[  791.211558][T17605] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  792.666768][T17642] __nla_validate_parse: 15 callbacks suppressed
[  792.666791][T17642] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4508'.
[  792.720590][T17644] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4511'.
[  792.994480][T17644] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4511'.
[  793.021974][T17645] validate_nla: 16 callbacks suppressed
[  793.022094][T17645] netlink: 'syz.0.4511': attribute type 10 has an invalid length.
[  793.092338][T17645] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4511'.
[  793.152779][T17645] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  793.678399][T17654] netlink: 'syz.2.4513': attribute type 21 has an invalid length.
[  793.686309][T17654] netlink: 'syz.2.4513': attribute type 6 has an invalid length.
[  793.697174][T17656] netlink: 'syz.1.4523': attribute type 3 has an invalid length.
[  793.709918][T17654] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4513'.
[  793.723722][T17656] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4523'.
[  793.812664][T17654] netlink: 'syz.2.4513': attribute type 21 has an invalid length.
[  793.859218][T17654] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4513'.
[  793.915048][T17658] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4514'.
[  793.930957][T17654] netlink: 'syz.2.4513': attribute type 10 has an invalid length.
[  793.943668][T17654] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4513'.
[  794.015920][T17654] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  794.052669][T17662] netlink: 'syz.0.4516': attribute type 21 has an invalid length.
[  794.640641][T17671] netlink: 'syz.0.4519': attribute type 10 has an invalid length.
[  794.893028][T17683] device syzkaller0 entered promiscuous mode
[  796.376257][T17707] netlink: 'syz.2.4532': attribute type 3 has an invalid length.
[  796.386911][T17707] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4532'.
[  797.377226][T17691] netlink: 'syz.3.4527': attribute type 21 has an invalid length.
[  797.417412][T17702] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  797.448579][T17702] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  798.027538][T17731] FAULT_INJECTION: forcing a failure.
[  798.027538][T17731] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  798.041990][T17731] CPU: 1 PID: 17731 Comm: syz.0.4541 Not tainted syzkaller #0
[  798.049486][T17731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  798.059567][T17731] Call Trace:
[  798.062862][T17731]  <TASK>
[  798.065811][T17731]  dump_stack_lvl+0x188/0x24e
[  798.070522][T17731]  ? show_regs_print_info+0x12/0x12
[  798.075756][T17731]  ? load_image+0x400/0x400
[  798.080286][T17731]  ? __lock_acquire+0x7d10/0x7d10
[  798.085340][T17731]  ? snprintf+0xe5/0x140
[  798.089609][T17731]  should_fail_ex+0x399/0x4d0
[  798.094317][T17731]  _copy_to_user+0x2c/0x130
[  798.098853][T17731]  simple_read_from_buffer+0xe3/0x150
[  798.104250][T17731]  proc_fail_nth_read+0x1a6/0x220
[  798.109294][T17731]  ? proc_fault_inject_write+0x310/0x310
[  798.114948][T17731]  ? fsnotify_perm+0x248/0x550
[  798.119734][T17731]  ? proc_fault_inject_write+0x310/0x310
[  798.125388][T17731]  vfs_read+0x2de/0xa00
[  798.129583][T17731]  ? kernel_read+0x1e0/0x1e0
[  798.134190][T17731]  ? __fget_files+0x28/0x4b0
[  798.138796][T17731]  ? __fget_files+0x28/0x4b0
[  798.143408][T17731]  ? __fget_files+0x43d/0x4b0
[  798.148109][T17731]  ? __fdget_pos+0x2ae/0x360
[  798.152727][T17731]  ? ksys_read+0x71/0x250
[  798.157087][T17731]  ksys_read+0x14c/0x250
[  798.161354][T17731]  ? vfs_write+0xa30/0xa30
[  798.165795][T17731]  ? lockdep_hardirqs_on+0x94/0x140
[  798.171014][T17731]  do_syscall_64+0x4c/0xa0
[  798.175453][T17731]  ? clear_bhb_loop+0x60/0xb0
[  798.180153][T17731]  ? clear_bhb_loop+0x60/0xb0
[  798.184846][T17731]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  798.190752][T17731] RIP: 0033:0x7f772cb5d60e
[  798.195181][T17731] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  798.214890][T17731] RSP: 002b:00007f772dac8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  798.223314][T17731] RAX: ffffffffffffffda RBX: 00007f772dac96c0 RCX: 00007f772cb5d60e
[  798.231300][T17731] RDX: 000000000000000f RSI: 00007f772dac90a0 RDI: 0000000000000004
[  798.239272][T17731] RBP: 00007f772dac9090 R08: 0000000000000000 R09: 0000000000000000
[  798.247256][T17731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  798.255231][T17731] R13: 00007f772ce16038 R14: 00007f772ce15fa0 R15: 00007ffc8b400ed8
[  798.263310][T17731]  </TASK>
[  798.446354][T17735] device syzkaller0 entered promiscuous mode
[  798.455656][T17738] validate_nla: 3 callbacks suppressed
[  798.455694][T17738] netlink: 'syz.0.4543': attribute type 3 has an invalid length.
[  798.493293][T17738] __nla_validate_parse: 5 callbacks suppressed
[  798.493313][T17738] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4543'.
[  800.669626][T17744] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4544'.
[  801.056728][T17765] netlink: 'syz.3.4552': attribute type 3 has an invalid length.
[  801.065993][T17765] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4552'.
[  801.264709][T17778] FAULT_INJECTION: forcing a failure.
[  801.264709][T17778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  801.278527][T17778] CPU: 0 PID: 17778 Comm: syz.2.4557 Not tainted syzkaller #0
[  801.286018][T17778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  801.296091][T17778] Call Trace:
[  801.299389][T17778]  <TASK>
[  801.302386][T17778]  dump_stack_lvl+0x188/0x24e
[  801.307099][T17778]  ? show_regs_print_info+0x12/0x12
[  801.312320][T17778]  ? load_image+0x400/0x400
[  801.316831][T17778]  ? __might_fault+0xa6/0x120
[  801.321518][T17778]  should_fail_ex+0x399/0x4d0
[  801.326214][T17778]  copyin+0x1b/0x120
[  801.330112][T17778]  _copy_from_iter+0x447/0x1130
[  801.334974][T17778]  ? copyout_mc+0x110/0x110
[  801.339484][T17778]  ? dev_get_by_index+0x1e/0x2d0
[  801.344438][T17778]  ? dev_get_by_index+0x1e/0x2d0
[  801.349383][T17778]  packet_sendmsg+0x3099/0x4e60
[  801.354241][T17778]  ? aa_sk_perm+0x950/0x950
[  801.358755][T17778]  ? __might_sleep+0xd0/0xd0
[  801.363342][T17778]  ? verify_lock_unused+0x140/0x140
[  801.368549][T17778]  ? aa_sk_perm+0x81f/0x950
[  801.373054][T17778]  ? packet_getsockopt+0x9a0/0x9a0
[  801.378171][T17778]  ? aa_sock_msg_perm+0x94/0x150
[  801.383107][T17778]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  801.388391][T17778]  ? security_socket_sendmsg+0x7c/0xa0
[  801.393857][T17778]  ? packet_getsockopt+0x9a0/0x9a0
[  801.398961][T17778]  ____sys_sendmsg+0x5be/0x970
[  801.403734][T17778]  ? __sys_sendmsg_sock+0x30/0x30
[  801.408755][T17778]  ? __import_iovec+0x315/0x500
[  801.413693][T17778]  ? import_iovec+0x6f/0xa0
[  801.418196][T17778]  ___sys_sendmsg+0x2a2/0x360
[  801.422891][T17778]  ? __sys_sendmsg+0x290/0x290
[  801.427672][T17778]  ? trace_call_bpf+0xbf/0x6b0
[  801.432537][T17778]  __se_sys_sendmsg+0x1bb/0x2a0
[  801.437475][T17778]  ? __x64_sys_sendmsg+0x80/0x80
[  801.442426][T17778]  ? lockdep_hardirqs_on+0x94/0x140
[  801.447623][T17778]  do_syscall_64+0x4c/0xa0
[  801.452041][T17778]  ? clear_bhb_loop+0x60/0xb0
[  801.456717][T17778]  ? clear_bhb_loop+0x60/0xb0
[  801.461398][T17778]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  801.467285][T17778] RIP: 0033:0x7f732c99cdd9
[  801.471694][T17778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  801.491294][T17778] RSP: 002b:00007f732d894028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  801.499706][T17778] RAX: ffffffffffffffda RBX: 00007f732cc15fa0 RCX: 00007f732c99cdd9
[  801.507671][T17778] RDX: 0000000000000811 RSI: 00002000000001c0 RDI: 0000000000000003
[  801.515637][T17778] RBP: 00007f732d894090 R08: 0000000000000000 R09: 0000000000000000
[  801.523603][T17778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  801.531568][T17778] R13: 00007f732cc16038 R14: 00007f732cc15fa0 R15: 00007ffc8e88a238
[  801.539546][T17778]  </TASK>
[  801.639216][T17780] netlink: 'syz.2.4558': attribute type 3 has an invalid length.
[  801.647216][T17780] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.4558'.
[  801.665614][T17780] netlink: 'syz.2.4558': attribute type 3 has an invalid length.
[  801.676085][T17780] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.4558'.
[  801.797956][T17785] netlink: 'syz.1.4559': attribute type 3 has an invalid length.
[  801.860049][T17785] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4559'.
[  802.056674][T17789] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4561'.
[  802.173524][T17791] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.4562'.
[  802.236250][T17791] netlink: 'syz.0.4562': attribute type 21 has an invalid length.
[  802.337861][T17791] netlink: 'syz.0.4562': attribute type 21 has an invalid length.
[  802.402696][T17791] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4562'.
[  802.457103][T17791] openvswitch: netlink: Flow key attr not present in new flow.
[  802.556945][T17800] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.4565'.
[  804.095793][T17841] __nla_validate_parse: 2 callbacks suppressed
[  804.095812][T17841] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4576'.
[  804.216249][T17844] netlink: 'syz.4.4579': attribute type 3 has an invalid length.
[  804.249364][T17844] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4579'.
[  804.283418][T17846] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4580'.
[  804.325180][T17846] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4580'.
[  804.392640][T17846] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4580'.
[  804.486702][T17853] netlink: 'syz.1.4583': attribute type 1 has an invalid length.
[  804.495212][T17846] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4580'.
[  804.606162][T17853] netlink: 'syz.1.4583': attribute type 3 has an invalid length.
[  804.680049][T17853] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4583'.
[  805.266030][T17873] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4590'.
[  805.284115][T17871] netlink: 'syz.4.4589': attribute type 21 has an invalid length.
[  805.296978][T17871] netlink: 'syz.4.4589': attribute type 6 has an invalid length.
[  805.306927][T17871] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4589'.
[  805.453902][T17873] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4590'.
[  805.483898][T17871] netlink: 'syz.4.4589': attribute type 21 has an invalid length.
[  805.515477][T17875] netlink: 'syz.4.4589': attribute type 10 has an invalid length.
[  806.187088][T17896] netlink: 'syz.1.4593': attribute type 1 has an invalid length.
[  806.279881][T17889] netlink: 'syz.2.4596': attribute type 10 has an invalid length.
[  806.296815][T17889] device ipvlan1 entered promiscuous mode
[  806.328502][T17889] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  806.598758][T17908] netlink: 'syz.4.4600': attribute type 3 has an invalid length.
[  807.464031][T17927] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  808.672713][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  808.679107][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  808.805983][T17942] openvswitch: netlink: Flow key attr not present in new flow.
[  809.341178][T17968] validate_nla: 9 callbacks suppressed
[  809.341328][T17968] netlink: 'syz.2.4620': attribute type 3 has an invalid length.
[  809.359218][T17968] __nla_validate_parse: 33 callbacks suppressed
[  809.359310][T17968] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4620'.
[  809.504453][T17975] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.4619'.
[  809.644473][T17975] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.4619'.
[  809.875069][T17966] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.4619'.
[  810.649487][T17981] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4622'.
[  810.974531][T17986] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4624'.
[  811.082879][T17993] netlink: 'syz.2.4625': attribute type 21 has an invalid length.
[  811.134022][T17993] netlink: 'syz.2.4625': attribute type 6 has an invalid length.
[  811.148577][T17993] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4625'.
[  811.208260][T17994] netlink: 'syz.2.4625': attribute type 21 has an invalid length.
[  811.216511][T17994] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4625'.
[  811.304406][T17993] netlink: 'syz.2.4625': attribute type 10 has an invalid length.
[  811.326110][T17993] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4625'.
[  811.332056][T17998] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4628'.
[  811.343662][T17993] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  812.112791][T18011] netlink: 'syz.0.4633': attribute type 3 has an invalid length.
[  814.422164][T18049] netlink: 'syz.3.4647': attribute type 3 has an invalid length.
[  814.463799][T18049] __nla_validate_parse: 9 callbacks suppressed
[  814.463988][T18049] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4647'.
[  814.547806][T18050] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4646'.
[  814.910646][T18059] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4652'.
[  814.938898][T18059] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4652'.
[  814.956750][T18059] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4652'.
[  814.998930][T18059] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4652'.
[  815.421516][T18063] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4653'.
[  817.055798][T18085] netlink: 'syz.2.4658': attribute type 1 has an invalid length.
[  817.151567][T18085] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.4658'.
[  817.541456][T18132] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4664'.
[  817.563165][T18132] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4664'.
[  817.775481][T18129] netlink: 'syz.0.4663': attribute type 10 has an invalid length.
[  817.873103][T18129] team0: Device ipvlan1 failed to register rx_handler
[  818.040737][T18142] netlink: 'syz.1.4677': attribute type 3 has an invalid length.
[  820.297812][T18188] netlink: 'syz.0.4682': attribute type 3 has an invalid length.
[  820.338088][T18188] __nla_validate_parse: 6 callbacks suppressed
[  820.338106][T18188] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4682'.
[  820.577148][T18193] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4683'.
[  820.979937][T18203] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4687'.
[  821.426491][T18213] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4692'.
[  821.511627][T18213] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4692'.
[  821.523700][T18215] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4692'.
[  821.534795][T18217] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4692'.
[  821.717478][T18214] netlink: 'syz.4.4693': attribute type 1 has an invalid length.
[  821.764855][T18214] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.4693'.
[  822.634193][T18234] netlink: 'syz.4.4698': attribute type 10 has an invalid length.
[  822.708012][T18234] team0: Device ipvlan1 failed to register rx_handler
[  823.260085][T18243] tipc: Started in network mode
[  823.267017][T18243] tipc: Node identity 9215a268, cluster identity 4711
[  823.275591][T18243] tipc: Node number set to 2450891368
[  823.540263][T18265] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4704'.
[  823.598258][T18265] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4704'.
[  823.670878][T18270] netlink: 'syz.4.4705': attribute type 10 has an invalid length.
[  823.715516][T18270] team0: Device bridge0 is already an upper device of the team interface
[  824.122454][T18283] netlink: 'syz.1.4709': attribute type 1 has an invalid length.
[  827.492172][T18311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  827.510821][T18311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  827.530474][T18311] bond0 (unregistering): Released all slaves
[  827.563015][T18318] __nla_validate_parse: 4 callbacks suppressed
[  827.563031][T18318] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4715'.
[  827.604674][T18320] netlink: 'syz.1.4716': attribute type 21 has an invalid length.
[  827.624400][T18320] netlink: 'syz.1.4716': attribute type 6 has an invalid length.
[  827.644350][T18320] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4716'.
[  827.713360][T18321] netlink: 'syz.1.4716': attribute type 21 has an invalid length.
[  827.745924][T18321] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4716'.
[  827.800250][T18316] netlink: 'syz.0.4714': attribute type 1 has an invalid length.
[  827.846872][T18320] netlink: 'syz.1.4716': attribute type 10 has an invalid length.
[  827.875155][T18320] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4716'.
[  827.877032][T18316] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.4714'.
[  827.916703][T18320] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  828.502874][T18331] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4719'.
[  828.525304][T18333] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4720'.
[  828.538724][T18333] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4720'.
[  828.606910][T18333] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4720'.
[  828.653724][T18337] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4720'.
[  829.006573][T18343] netlink: 'syz.2.4724': attribute type 10 has an invalid length.
[  829.520327][T18356] netlink: 'syz.1.4726': attribute type 1 has an invalid length.
[  830.152689][T18369] netlink: 'syz.3.4731': attribute type 3 has an invalid length.
[  830.279464][T18377] netlink: 'syz.4.4733': attribute type 21 has an invalid length.
[  830.297677][T18377] netlink: 'syz.4.4733': attribute type 6 has an invalid length.
[  831.405130][T18402] bridge0: port 3(team0) entered disabled state
[  831.411967][T18402] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.419523][T18402] bridge0: port 1(bridge_slave_0) entered disabled state
[  831.487051][T18402] team0: Device bridge0 is already an upper device of the team interface
[  832.691366][T18419] __nla_validate_parse: 11 callbacks suppressed
[  832.691386][T18419] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4744'.
[  832.693969][T18416] validate_nla: 4 callbacks suppressed
[  832.694011][T18416] netlink: 'syz.4.4742': attribute type 1 has an invalid length.
[  832.794458][T18416] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.4742'.
[  833.400931][T18438] netlink: 'syz.3.4749': attribute type 21 has an invalid length.
[  833.436176][T18438] netlink: 'syz.3.4749': attribute type 6 has an invalid length.
[  833.465816][T18438] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4749'.
[  833.639988][T18438] netlink: 'syz.3.4749': attribute type 21 has an invalid length.
[  833.695157][T18438] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4749'.
[  833.751425][T18440] netlink: 'syz.3.4749': attribute type 10 has an invalid length.
[  833.798450][T18440] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4749'.
[  833.962725][T18448] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4751'.
[  834.018724][T18448] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4751'.
[  834.028017][T18450] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4751'.
[  834.075914][T18452] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4751'.
[  834.139073][T18451] netlink: 'syz.4.4752': attribute type 1 has an invalid length.
[  834.191066][T18451] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.4752'.
[  834.966576][T18468] netlink: 'syz.4.4757': attribute type 3 has an invalid length.
[  835.516580][T18473] netlink: 'syz.4.4760': attribute type 1 has an invalid length.
[  835.565400][T18472] netlink: 'syz.0.4758': attribute type 10 has an invalid length.
[  837.646828][T18504] netlink: 'syz.2.4769': attribute type 1 has an invalid length.
[  837.722131][T18504] __nla_validate_parse: 7 callbacks suppressed
[  837.722166][T18504] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.4769'.
[  837.794264][T18510] netlink: 'syz.3.4770': attribute type 29 has an invalid length.
[  837.835026][T18508] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.4770'.
[  837.907168][T18510] netlink: 'syz.3.4770': attribute type 29 has an invalid length.
[  838.184552][T18512] netlink: 'syz.3.4770': attribute type 29 has an invalid length.
[  838.211684][T18513] netlink: 'syz.3.4770': attribute type 29 has an invalid length.
[  838.309066][T18510] netlink: 'syz.3.4770': attribute type 29 has an invalid length.
[  839.536765][T18541] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4779'.
[  839.608250][T18542] netlink: 'syz.3.4780': attribute type 1 has an invalid length.
[  839.624486][T18541] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4779'.
[  839.642428][T18542] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.4780'.
[  839.754890][T18543] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4779'.
[  839.776134][T18545] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4779'.
[  840.646748][T18563] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4785'.
[  841.375454][T18582] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4790'.
[  841.443601][T18582] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4790'.
[  844.167014][T18581] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  844.214576][T18581] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  844.263427][T18594] netlink: 'syz.3.4795': attribute type 7 has an invalid length.
[  844.275070][T18581] bond0 (unregistering): Released all slaves
[  844.440336][T18594] netlink: 'syz.3.4795': attribute type 9 has an invalid length.
[  844.462005][T18596] netlink: 'syz.4.4796': attribute type 1 has an invalid length.
[  844.472233][T18594] __nla_validate_parse: 3 callbacks suppressed
[  844.472270][T18594] netlink: 399 bytes leftover after parsing attributes in process `syz.3.4795'.
[  844.502482][T18600] netlink: 'syz.0.4798': attribute type 4 has an invalid length.
[  844.514614][T18596] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.4796'.
[  844.529895][T18593] delete_channel: no stack
[  844.914680][T18610] netlink: 'syz.3.4800': attribute type 2 has an invalid length.
[  845.720585][T18619] netlink: 'syz.0.4802': attribute type 1 has an invalid length.
[  845.751975][T18619] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.4802'.
[  846.300605][T18628] netlink: 'syz.4.4806': attribute type 10 has an invalid length.
[  846.313090][T18628] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  846.901821][T18640] netlink: 'syz.0.4818': attribute type 29 has an invalid length.
[  847.028642][T18640] netlink: 'syz.0.4818': attribute type 29 has an invalid length.
[  847.048307][T18642] netlink: 'syz.0.4818': attribute type 29 has an invalid length.
[  847.201486][T18643] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4809'.
[  847.394876][T18658] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.4812'.
[  849.887947][T18643] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  849.910785][T18643] bond0 (unregistering): Released all slaves
[  849.922680][T18655] validate_nla: 2 callbacks suppressed
[  849.922695][T18655] netlink: 'syz.2.4813': attribute type 29 has an invalid length.
[  850.319291][T18678] netlink: 'syz.3.4819': attribute type 10 has an invalid length.
[  850.907034][T18689] netlink: 'syz.0.4825': attribute type 10 has an invalid length.
[  850.916423][T18689] netlink: 140 bytes leftover after parsing attributes in process `syz.0.4825'.
[  850.931744][T18690] netlink: 'syz.0.4825': attribute type 29 has an invalid length.
[  850.938613][T18689] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  851.040262][T18690] netlink: 'syz.0.4825': attribute type 29 has an invalid length.
[  851.069866][T18689] netlink: 'syz.0.4825': attribute type 29 has an invalid length.
[  851.207948][T18696] netlink: 'syz.3.4827': attribute type 2 has an invalid length.
[  851.381419][T18692] netlink: 'syz.0.4825': attribute type 29 has an invalid length.
[  852.132317][T18707] netlink: 'syz.1.4832': attribute type 21 has an invalid length.
[  852.150206][T18707] netlink: 'syz.1.4832': attribute type 6 has an invalid length.
[  852.222072][T18707] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4832'.
[  852.254072][T18710] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4832'.
[  852.321145][T18713] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4832'.
[  852.350738][T18713] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  852.857951][T18727] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  853.107467][T18734] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.4839'.
[  853.321779][T18736] netlink: 140 bytes leftover after parsing attributes in process `syz.3.4841'.
[  853.350992][T18736] bridge0: port 3(team0) entered disabled state
[  853.361920][T18736] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  854.746285][T18765] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.4853'.
[  854.970912][T18778] validate_nla: 13 callbacks suppressed
[  854.970946][T18778] netlink: 'syz.4.4856': attribute type 10 has an invalid length.
[  854.985897][T18778] netlink: 140 bytes leftover after parsing attributes in process `syz.4.4856'.
[  855.013786][T18778] bridge0: port 3(team0) entered disabled state
[  855.024089][T18779] netlink: 'syz.4.4856': attribute type 29 has an invalid length.
[  855.047064][T18778] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  855.064545][T18779] netlink: 'syz.4.4856': attribute type 29 has an invalid length.
[  855.100418][T18778] netlink: 'syz.4.4856': attribute type 29 has an invalid length.
[  855.113495][T18778] netlink: 'syz.4.4856': attribute type 29 has an invalid length.
[  855.291632][T18784] netlink: 'syz.3.4858': attribute type 10 has an invalid length.
[  855.587975][T18797] netlink: 'syz.4.4863': attribute type 29 has an invalid length.
[  855.599182][T18797] netlink: 'syz.4.4863': attribute type 29 has an invalid length.
[  855.610343][T18797] netlink: 'syz.4.4863': attribute type 29 has an invalid length.
[  856.313564][T18803] netlink: 'syz.4.4865': attribute type 21 has an invalid length.
[  856.348007][T18803] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4865'.
[  856.399654][T18805] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4865'.
[  856.415402][T18806] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4865'.
[  856.429606][T18806] bridge0: port 3(team0) entered blocking state
[  856.443423][T18806] bridge0: port 3(team0) entered disabled state
[  857.213434][T18819] netlink: 140 bytes leftover after parsing attributes in process `syz.2.4871'.
[  857.299350][T18819] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  857.346059][T18815] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.4868'.
[  857.361590][T18821] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4872'.
[  857.940565][T18842] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4879'.
[  857.961356][T18845] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  857.987568][T18842] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4879'.
[  858.046969][T18842] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4879'.
[  858.070246][T18842] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  858.893784][T18858] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4882'.
[  860.084298][T18896] validate_nla: 15 callbacks suppressed
[  860.084324][T18896] netlink: 'syz.0.4895': attribute type 10 has an invalid length.
[  861.562042][T18932] __nla_validate_parse: 12 callbacks suppressed
[  861.562065][T18932] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4908'.
[  861.728343][T18934] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4911'.
[  861.787669][T18934] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4911'.
[  861.840566][T18936] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4911'.
[  861.879875][T18940] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4911'.
[  862.021147][T18944] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4913'.
[  862.481158][T18954] netlink: 'syz.1.4916': attribute type 2 has an invalid length.
[  862.561081][T18954] device 0 entered promiscuous mode
[  862.777290][T18965] netlink: 'syz.4.4918': attribute type 10 has an invalid length.
[  862.787740][T18965] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  862.805995][   T48] Bluetooth: hci0: ISO packet for unknown connection handle 28
[  862.815973][T18963] netlink: 'syz.3.4920': attribute type 6 has an invalid length.
[  862.825236][T18963] netlink: 'syz.3.4920': attribute type 3 has an invalid length.
[  862.833482][T18963] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4920'.
[  863.515374][T18976] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4925'.
[  863.530628][T18976] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4925'.
[  863.560977][T18977] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4925'.
[  864.643587][T19002] netlink: 'syz.3.4934': attribute type 21 has an invalid length.
[  864.651793][T19002] netlink: 'syz.3.4934': attribute type 6 has an invalid length.
[  864.677804][T19004] netlink: 'syz.1.4935': attribute type 21 has an invalid length.
[  864.719473][T19004] netlink: 'syz.1.4935': attribute type 6 has an invalid length.
[  864.748859][T19002] netlink: 'syz.3.4934': attribute type 21 has an invalid length.
[  864.828653][T19002] bridge0: port 3(team0) entered blocking state
[  864.854187][T19002] bridge0: port 3(team0) entered disabled state
[  864.925072][T19004] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  865.592396][T19019] validate_nla: 3 callbacks suppressed
[  865.592436][T19019] netlink: 'syz.3.4939': attribute type 10 has an invalid length.
[  867.056755][   T48] Bluetooth: hci1: ISO packet for unknown connection handle 28
[  867.201689][T19044] netlink: 'syz.2.4949': attribute type 21 has an invalid length.
[  867.235984][T19044] netlink: 'syz.2.4949': attribute type 6 has an invalid length.
[  867.257242][T19044] __nla_validate_parse: 9 callbacks suppressed
[  867.257265][T19044] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4949'.
[  867.303501][T19054] netlink: 'syz.2.4949': attribute type 21 has an invalid length.
[  867.313158][T19054] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4949'.
[  867.326135][T19056] netlink: 'syz.2.4949': attribute type 10 has an invalid length.
[  867.342085][T19056] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4949'.
[  867.361615][T19056] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  867.520481][T19061] netlink: 'syz.3.4952': attribute type 21 has an invalid length.
[  867.546379][T19061] netlink: 'syz.3.4952': attribute type 6 has an invalid length.
[  867.568486][T19061] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4952'.
[  867.599972][T19062] netlink: 'syz.3.4952': attribute type 21 has an invalid length.
[  867.613493][T19062] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4952'.
[  867.626753][T19063] netlink: 'syz.3.4952': attribute type 10 has an invalid length.
[  867.679138][T19063] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4952'.
[  868.006230][T19069] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4954'.
[  868.062170][T19069] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4954'.
[  868.182074][T19069] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4954'.
[  868.875833][T19086] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4958'.
[  869.031427][T19090] netlink: 'syz.1.4960': attribute type 10 has an invalid length.
[  869.969162][T19109] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  870.065320][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  870.071798][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  871.924994][   T48] Bluetooth: hci3: ISO packet for unknown connection handle 28
[  872.064702][T19150] validate_nla: 7 callbacks suppressed
[  872.064739][T19150] netlink: 'syz.1.4977': attribute type 10 has an invalid length.
[  872.793998][T19160] netlink: 'syz.2.4980': attribute type 21 has an invalid length.
[  872.812396][T19160] netlink: 'syz.2.4980': attribute type 6 has an invalid length.
[  872.858110][T19160] __nla_validate_parse: 8 callbacks suppressed
[  872.858125][T19160] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4980'.
[  872.917126][T19169] netlink: 'syz.4.4981': attribute type 10 has an invalid length.
[  873.751195][T19169] team0: Device veth1_macvtap failed to register rx_handler
[  873.787795][T19163] netlink: 'syz.2.4980': attribute type 21 has an invalid length.
[  873.806307][T19163] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4980'.
[  873.815749][T19160] netlink: 'syz.2.4980': attribute type 10 has an invalid length.
[  873.825164][T19160] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4980'.
[  873.843501][T19160] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  874.054699][T19181] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.4988'.
[  874.098452][T19181] bridge_slave_1: default FDB implementation only supports local addresses
[  874.997856][T19204] netlink: 'syz.3.4996': attribute type 16 has an invalid length.
[  875.016238][T19204] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4996'.
[  875.824425][T19220] netlink: 'syz.2.5001': attribute type 21 has an invalid length.
[  875.847189][T19220] netlink: 'syz.2.5001': attribute type 6 has an invalid length.
[  875.868232][T19220] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5001'.
[  875.964047][T19221] netlink: 'syz.2.5001': attribute type 21 has an invalid length.
[  875.983327][T19221] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5001'.
[  876.020526][T19221] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5001'.
[  876.062304][T19221] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  876.559185][T19234] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5005'.
[  876.632577][T19234] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.5005'.
[  877.123896][T19254] validate_nla: 3 callbacks suppressed
[  877.123919][T19254] netlink: 'syz.4.5011': attribute type 16 has an invalid length.
[  878.496594][T19279] netlink: 'syz.2.5021': attribute type 21 has an invalid length.
[  878.526472][T19279] netlink: 'syz.2.5021': attribute type 6 has an invalid length.
[  878.539619][T19279] __nla_validate_parse: 2 callbacks suppressed
[  878.539636][T19279] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5021'.
[  878.584402][T19279] netlink: 'syz.2.5021': attribute type 21 has an invalid length.
[  878.612440][T19279] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5021'.
[  878.714171][T19289] netlink: 'syz.1.5024': attribute type 10 has an invalid length.
[  878.727982][T19286] netlink: 'syz.2.5021': attribute type 10 has an invalid length.
[  878.736647][T19286] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5021'.
[  878.755037][T19286] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  878.870787][T19293] FAULT_INJECTION: forcing a failure.
[  878.870787][T19293] name failslab, interval 1, probability 0, space 0, times 0
[  878.888605][T19293] CPU: 1 PID: 19293 Comm: syz.4.5025 Not tainted syzkaller #0
[  878.896148][T19293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  878.906242][T19293] Call Trace:
[  878.909543][T19293]  <TASK>
[  878.912487][T19293]  dump_stack_lvl+0x188/0x24e
[  878.917200][T19293]  ? show_regs_print_info+0x12/0x12
[  878.922421][T19293]  ? load_image+0x400/0x400
[  878.926952][T19293]  ? __might_sleep+0xd0/0xd0
[  878.931556][T19293]  ? __lock_acquire+0x7d10/0x7d10
[  878.936604][T19293]  should_fail_ex+0x399/0x4d0
[  878.941304][T19293]  should_failslab+0x5/0x20
[  878.945817][T19293]  slab_pre_alloc_hook+0x59/0x310
[  878.950847][T19293]  ? trace_call_bpf+0x5d6/0x6b0
[  878.955717][T19293]  ? tomoyo_realpath_from_path+0xdf/0x5d0
[  878.961459][T19293]  __kmem_cache_alloc_node+0x4f/0x260
[  878.966849][T19293]  ? tomoyo_realpath_from_path+0xdf/0x5d0
[  878.972587][T19293]  __kmalloc+0xa0/0x240
[  878.976766][T19293]  tomoyo_realpath_from_path+0xdf/0x5d0
[  878.982348][T19293]  ? tomoyo_path_number_perm+0x205/0x650
[  878.987998][T19293]  tomoyo_path_number_perm+0x22f/0x650
[  878.993480][T19293]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  878.998959][T19293]  ? common_file_perm+0x171/0x1c0
[  879.004069][T19293]  ? __fget_files+0x28/0x4b0
[  879.008672][T19293]  ? __fget_files+0x28/0x4b0
[  879.013307][T19293]  security_file_ioctl+0x6c/0xa0
[  879.018272][T19293]  __se_sys_ioctl+0x48/0x170
[  879.022885][T19293]  do_syscall_64+0x4c/0xa0
[  879.027318][T19293]  ? clear_bhb_loop+0x60/0xb0
[  879.032030][T19293]  ? clear_bhb_loop+0x60/0xb0
[  879.036753][T19293]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  879.042693][T19293] RIP: 0033:0x7f516519cdd9
[  879.047129][T19293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  879.066856][T19293] RSP: 002b:00007f51660c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  879.075290][T19293] RAX: ffffffffffffffda RBX: 00007f5165415fa0 RCX: 00007f516519cdd9
[  879.083272][T19293] RDX: 0000200000000000 RSI: 0000000000008923 RDI: 000000000000000b
[  879.091273][T19293] RBP: 00007f51660c9090 R08: 0000000000000000 R09: 0000000000000000
[  879.099264][T19293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  879.107253][T19293] R13: 00007f5165416038 R14: 00007f5165415fa0 R15: 00007ffef9ad9f78
[  879.115340][T19293]  </TASK>
[  879.134378][T19293] ERROR: Out of memory at tomoyo_realpath_from_path.
[  879.234987][T19295] netlink: 830 bytes leftover after parsing attributes in process `syz.0.5026'.
[  879.555322][T19316] netlink: 'syz.1.5031': attribute type 16 has an invalid length.
[  879.628594][T19316] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5031'.
[  880.521490][T19329] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.5036'.
[  880.544506][T19329] bridge_slave_1: default FDB implementation only supports local addresses
[  880.851838][T19346] netlink: 'syz.3.5041': attribute type 21 has an invalid length.
[  880.860385][T19346] netlink: 'syz.3.5041': attribute type 6 has an invalid length.
[  880.869297][T19346] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5041'.
[  880.919043][T19347] netlink: 'syz.0.5042': attribute type 10 has an invalid length.
[  880.975099][T19346] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5041'.
[  880.998417][T19341] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5039'.
[  881.133289][T19350] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5041'.
[  881.733139][T19365] tipc: Started in network mode
[  881.738941][T19365] tipc: Node identity 9215a268, cluster identity 4711
[  881.746623][T19365] tipc: Node number set to 2450891368
[  885.174065][T19383] validate_nla: 4 callbacks suppressed
[  885.174081][T19383] netlink: 'syz.0.5052': attribute type 21 has an invalid length.
[  885.190627][T19383] netlink: 'syz.0.5052': attribute type 6 has an invalid length.
[  885.198491][T19383] __nla_validate_parse: 3 callbacks suppressed
[  885.198501][T19383] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5052'.
[  885.214038][T19385] netlink: 'syz.0.5052': attribute type 21 has an invalid length.
[  885.228197][T19385] netlink: 156 bytes leftover after parsing attributes in process `syz.0.5052'.
[  885.252148][T19386] netlink: 'syz.0.5052': attribute type 10 has an invalid length.
[  885.279969][T19386] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5052'.
[  885.290725][T19386] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  885.315285][T19402] netlink: 'syz.2.5058': attribute type 21 has an invalid length.
[  885.324617][T19402] netlink: 'syz.2.5058': attribute type 6 has an invalid length.
[  885.332556][T19402] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5058'.
[  885.343208][T19403] netlink: 'syz.2.5058': attribute type 21 has an invalid length.
[  885.358666][T19403] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5058'.
[  885.367828][T19404] netlink: 'syz.2.5058': attribute type 10 has an invalid length.
[  885.382633][T19404] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5058'.
[  885.400888][T19404] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  885.446329][T19408] netlink: 'syz.4.5059': attribute type 10 has an invalid length.
[  885.520904][T19408] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  885.553435][T19415] netlink: 830 bytes leftover after parsing attributes in process `syz.1.5060'.
[  886.646834][T19429] netlink: 'syz.2.5065': attribute type 21 has an invalid length.
[  886.664441][T19429] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5065'.
[  886.706933][T19430] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.5065'.
[  887.726422][T19448] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5070'.
[  888.133762][T19452] device wg2 entered promiscuous mode
[  888.316192][T19463] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  889.082376][T19471] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  891.152883][T19499] __nla_validate_parse: 5 callbacks suppressed
[  891.152905][T19499] netlink: 830 bytes leftover after parsing attributes in process `syz.0.5084'.
[  891.326469][T19509] validate_nla: 6 callbacks suppressed
[  891.326485][T19509] netlink: 'syz.0.5090': attribute type 21 has an invalid length.
[  891.343394][T19509] netlink: 'syz.0.5090': attribute type 6 has an invalid length.
[  891.351647][T19509] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5090'.
[  891.372422][T19497] netlink: 'syz.4.5083': attribute type 1 has an invalid length.
[  891.388178][T19497] netlink: 112865 bytes leftover after parsing attributes in process `syz.4.5083'.
[  891.414390][T19509] netlink: 'syz.0.5090': attribute type 21 has an invalid length.
[  891.448227][T19509] netlink: 156 bytes leftover after parsing attributes in process `syz.0.5090'.
[  891.520146][T19509] netlink: 'syz.0.5090': attribute type 10 has an invalid length.
[  891.535829][T19509] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5090'.
[  891.568349][T19509] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  893.090940][T19545] netlink: 830 bytes leftover after parsing attributes in process `syz.3.5102'.
[  893.203016][T19548] netlink: 'syz.2.5104': attribute type 1 has an invalid length.
[  893.222858][T19548] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.5104'.
[  893.462538][T19559] netlink: 'syz.1.5109': attribute type 21 has an invalid length.
[  893.471706][T19559] netlink: 'syz.1.5109': attribute type 6 has an invalid length.
[  893.480457][T19559] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5109'.
[  893.499414][T19558] netlink: 'syz.3.5108': attribute type 21 has an invalid length.
[  893.524657][T19559] netlink: 'syz.1.5109': attribute type 21 has an invalid length.
[  893.552471][T19559] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5109'.
[  893.602285][T19559] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5109'.
[  893.648001][T19559] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  896.181267][T19632] device team0 left promiscuous mode
[  896.186948][T19632] device team_slave_0 left promiscuous mode
[  896.217187][T19632] device team_slave_1 left promiscuous mode
[  896.241556][T19632] device geneve1 left promiscuous mode
[  896.250889][T19632] bridge0: port 3(team0) entered disabled state
[  896.304156][T19632] 8021q: adding VLAN 0 to HW filter on device team0
[  896.369919][T19632] bond0: (slave team0): Enslaving as an active interface with an up link
[  896.583909][T19647] __nla_validate_parse: 5 callbacks suppressed
[  896.583926][T19647] netlink: 830 bytes leftover after parsing attributes in process `syz.1.5141'.
[  896.772744][T19655] validate_nla: 6 callbacks suppressed
[  896.772763][T19655] netlink: 'syz.4.5146': attribute type 21 has an invalid length.
[  896.815242][T19655] netlink: 'syz.4.5146': attribute type 6 has an invalid length.
[  896.854466][T19655] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5146'.
[  896.984770][T19655] netlink: 'syz.4.5146': attribute type 21 has an invalid length.
[  897.008639][T19655] netlink: 156 bytes leftover after parsing attributes in process `syz.4.5146'.
[  897.385940][T19658] netlink: 'syz.4.5146': attribute type 10 has an invalid length.
[  897.412582][T19658] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5146'.
[  897.458873][T19658] device team0 entered promiscuous mode
[  897.465552][T19658] device team_slave_0 entered promiscuous mode
[  897.527549][T19658] device team_slave_1 entered promiscuous mode
[  897.553763][T19658] device geneve1 entered promiscuous mode
[  897.605514][T19658] bond0: (slave team0): Releasing backup interface
[  897.642848][T19658] bridge0: port 3(team0) entered blocking state
[  897.666703][T19658] bridge0: port 3(team0) entered disabled state
[  898.589947][T19694] netlink: 830 bytes leftover after parsing attributes in process `syz.3.5160'.
[  898.801520][T19702] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5165'.
[  899.081637][T19714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5170'.
[  899.442790][T19725] netlink: 'syz.4.5175': attribute type 10 has an invalid length.
[  899.527183][T19730] netlink: 'syz.0.5177': attribute type 10 has an invalid length.
[  899.632296][T19731] netlink: 'syz.1.5176': attribute type 1 has an invalid length.
[  899.695695][T19731] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.5176'.
[  899.781005][T19738] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5179'.
[  900.288988][T19751] netlink: 'syz.0.5184': attribute type 21 has an invalid length.
[  900.296936][T19751] netlink: 'syz.0.5184': attribute type 6 has an invalid length.
[  900.322255][T19751] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5184'.
[  900.444490][T19759] netlink: 'syz.0.5189': attribute type 21 has an invalid length.
[  901.675299][T19781] __nla_validate_parse: 2 callbacks suppressed
[  901.675343][T19781] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.5195'.
[  902.036629][T19786] validate_nla: 2 callbacks suppressed
[  902.036665][T19786] netlink: 'syz.4.5198': attribute type 1 has an invalid length.
[  902.055914][T19786] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.5198'.
[  902.082184][T19792] netlink: 'syz.1.5199': attribute type 1 has an invalid length.
[  902.093469][T19792] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.5199'.
[  903.668572][T19823] netlink: 830 bytes leftover after parsing attributes in process `syz.4.5207'.
[  904.881213][T19842] netlink: 'syz.3.5215': attribute type 21 has an invalid length.
[  904.889676][T19842] netlink: 'syz.3.5215': attribute type 6 has an invalid length.
[  904.897575][T19842] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5215'.
[  905.021779][T19842] netlink: 'syz.3.5215': attribute type 21 has an invalid length.
[  905.037302][T19842] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5215'.
[  905.057884][T19848] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.5216'.
[  905.128023][T19842] netlink: 'syz.3.5215': attribute type 10 has an invalid length.
[  905.165579][T19842] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5215'.
[  905.235659][T19848] debugfs: Directory '!!!' with parent 'ieee80211' already present!
[  905.637746][T19856] netlink: 'syz.4.5219': attribute type 1 has an invalid length.
[  905.830952][T19856] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.5219'.
[  906.209710][T19873] netlink: 830 bytes leftover after parsing attributes in process `syz.3.5222'.
[  906.246635][T19872] netlink: 'syz.1.5226': attribute type 10 has an invalid length.
[  908.304206][T19901] netlink: 'syz.0.5234': attribute type 21 has an invalid length.
[  908.327996][T19901] netlink: 'syz.0.5234': attribute type 6 has an invalid length.
[  908.343534][T19901] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5234'.
[  908.397523][T19901] netlink: 'syz.0.5234': attribute type 21 has an invalid length.
[  908.443472][T19901] netlink: 156 bytes leftover after parsing attributes in process `syz.0.5234'.
[  908.564527][T19901] netlink: 'syz.0.5234': attribute type 10 has an invalid length.
[  908.598360][T19901] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5234'.
[  908.622737][T19901] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  909.214038][T19918] netlink: 'syz.3.5240': attribute type 1 has an invalid length.
[  909.240202][T19918] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.5240'.
[  909.256130][T19919] netlink: 830 bytes leftover after parsing attributes in process `syz.4.5239'.
[  909.364399][T19923] netlink: 'syz.4.5241': attribute type 10 has an invalid length.
[  910.551591][T19951] netlink: 830 bytes leftover after parsing attributes in process `syz.4.5252'.
[  911.389591][T19961] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.5256'.
[  911.404508][T19963] netlink: 'syz.4.5257': attribute type 11 has an invalid length.
[  911.440547][T19972] netlink: 'syz.0.5259': attribute type 1 has an invalid length.
[  911.463868][T19972] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.5259'.
[  911.654984][T19982] netlink: 'syz.1.5262': attribute type 10 has an invalid length.
[  912.411111][T19982] device team0 left promiscuous mode
[  912.416625][T19982] device team_slave_0 left promiscuous mode
[  912.496742][T19982] device team_slave_1 left promiscuous mode
[  912.558661][T19987] netlink: 830 bytes leftover after parsing attributes in process `syz.4.5264'.
[  912.795429][   T48] Bluetooth: hci0: ISO packet for unknown connection handle 2097
[  912.987537][T20003] FAULT_INJECTION: forcing a failure.
[  912.987537][T20003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  913.053759][T20003] CPU: 1 PID: 20003 Comm: syz.3.5271 Not tainted syzkaller #0
[  913.061278][T20003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  913.071360][T20003] Call Trace:
[  913.074673][T20003]  <TASK>
[  913.077624][T20003]  dump_stack_lvl+0x188/0x24e
[  913.082349][T20003]  ? show_regs_print_info+0x12/0x12
[  913.087579][T20003]  ? load_image+0x400/0x400
[  913.092111][T20003]  ? __lock_acquire+0x7d10/0x7d10
[  913.097160][T20003]  ? trace_call_bpf+0x5d6/0x6b0
[  913.102043][T20003]  should_fail_ex+0x399/0x4d0
[  913.106749][T20003]  _copy_from_user+0x2c/0x170
[  913.111453][T20003]  __sys_bpf+0x2ea/0x780
[  913.115732][T20003]  ? bpf_link_show_fdinfo+0x380/0x380
[  913.121140][T20003]  ? lock_chain_count+0x20/0x20
[  913.126025][T20003]  __x64_sys_bpf+0x78/0x90
[  913.130472][T20003]  do_syscall_64+0x4c/0xa0
[  913.134913][T20003]  ? clear_bhb_loop+0x60/0xb0
[  913.139620][T20003]  ? clear_bhb_loop+0x60/0xb0
[  913.144332][T20003]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  913.150251][T20003] RIP: 0033:0x7f6ba9d9cdd9
[  913.154694][T20003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  913.174323][T20003] RSP: 002b:00007f6baac3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  913.182849][T20003] RAX: ffffffffffffffda RBX: 00007f6baa015fa0 RCX: 00007f6ba9d9cdd9
[  913.190851][T20003] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[  913.198842][T20003] RBP: 00007f6baac3a090 R08: 0000000000000000 R09: 0000000000000000
[  913.206841][T20003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  913.214987][T20003] R13: 00007f6baa016038 R14: 00007f6baa015fa0 R15: 00007ffc4486ac68
[  913.223002][T20003]  </TASK>
[  913.447358][T20004] netlink: 'syz.4.5269': attribute type 1 has an invalid length.
[  913.487717][T20004] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.5269'.
[  913.649504][T20019] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5275'.
[  913.687185][T20018] netlink: 'syz.3.5277': attribute type 10 has an invalid length.
[  913.741849][T20018] device wlan1 entered promiscuous mode
[  913.773353][T20018] team0: Port device wlan1 added
[  914.524589][T20030] netlink: 'syz.1.5279': attribute type 1 has an invalid length.
[  914.533967][T20030] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.5279'.
[  914.555950][T20032] netlink: 'syz.1.5279': attribute type 1 has an invalid length.
[  914.578766][T20032] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.5279'.
[  914.609260][T20035] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5280'.
[  915.063631][T20053] netlink: 'syz.1.5286': attribute type 3 has an invalid length.
[  915.071736][T20053] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.5286'.
[  915.296421][T20060] FAULT_INJECTION: forcing a failure.
[  915.296421][T20060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  915.335537][T20060] CPU: 0 PID: 20060 Comm: syz.2.5289 Not tainted syzkaller #0
[  915.343059][T20060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  915.353130][T20060] Call Trace:
[  915.356411][T20060]  <TASK>
[  915.359339][T20060]  dump_stack_lvl+0x188/0x24e
[  915.364024][T20060]  ? show_regs_print_info+0x12/0x12
[  915.369222][T20060]  ? load_image+0x400/0x400
[  915.373723][T20060]  ? __lock_acquire+0x7d10/0x7d10
[  915.378753][T20060]  should_fail_ex+0x399/0x4d0
[  915.383426][T20060]  _copy_from_user+0x2c/0x170
[  915.388105][T20060]  ___sys_sendmsg+0x1c3/0x360
[  915.392795][T20060]  ? __sys_sendmsg+0x290/0x290
[  915.397584][T20060]  ? trace_call_bpf+0xbf/0x6b0
[  915.402367][T20060]  __se_sys_sendmsg+0x1bb/0x2a0
[  915.407219][T20060]  ? __x64_sys_sendmsg+0x80/0x80
[  915.412168][T20060]  ? lockdep_hardirqs_on+0x94/0x140
[  915.417364][T20060]  do_syscall_64+0x4c/0xa0
[  915.421779][T20060]  ? clear_bhb_loop+0x60/0xb0
[  915.426454][T20060]  ? clear_bhb_loop+0x60/0xb0
[  915.431128][T20060]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  915.437018][T20060] RIP: 0033:0x7f732c99cdd9
[  915.441428][T20060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  915.461119][T20060] RSP: 002b:00007f732d894028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  915.469529][T20060] RAX: ffffffffffffffda RBX: 00007f732cc15fa0 RCX: 00007f732c99cdd9
[  915.477529][T20060] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  915.485499][T20060] RBP: 00007f732d894090 R08: 0000000000000000 R09: 0000000000000000
[  915.493465][T20060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  915.501439][T20060] R13: 00007f732cc16038 R14: 00007f732cc15fa0 R15: 00007ffc8e88a238
[  915.509433][T20060]  </TASK>
[  915.753201][T20057] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.5287'.
[  915.887244][T20073] netlink: 'syz.4.5292': attribute type 1 has an invalid length.
[  915.899596][T20073] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.5292'.
[  917.936903][T20098] FAULT_INJECTION: forcing a failure.
[  917.936903][T20098] name failslab, interval 1, probability 0, space 0, times 0
[  918.068360][T20098] CPU: 1 PID: 20098 Comm: syz.3.5299 Not tainted syzkaller #0
[  918.075903][T20098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  918.085992][T20098] Call Trace:
[  918.089295][T20098]  <TASK>
[  918.092254][T20098]  dump_stack_lvl+0x188/0x24e
[  918.096983][T20098]  ? show_regs_print_info+0x12/0x12
[  918.102225][T20098]  ? load_image+0x400/0x400
[  918.106769][T20098]  ? __lock_acquire+0x7d10/0x7d10
[  918.111832][T20098]  should_fail_ex+0x399/0x4d0
[  918.116522][T20098]  should_failslab+0x5/0x20
[  918.121033][T20098]  slab_pre_alloc_hook+0x59/0x310
[  918.126069][T20098]  ? rxrpc_alloc_call+0x354/0xbf0
[  918.131102][T20098]  __kmem_cache_alloc_node+0x4f/0x260
[  918.136489][T20098]  ? rxrpc_alloc_call+0x354/0xbf0
[  918.141517][T20098]  kmalloc_trace+0x26/0xe0
[  918.145948][T20098]  rxrpc_alloc_call+0x354/0xbf0
[  918.150813][T20098]  rxrpc_new_client_call+0xf3/0xd30
[  918.156016][T20098]  ? rxrpc_do_sendmsg+0xab9/0x10c0
[  918.161135][T20098]  ? do_raw_read_unlock+0x39/0x70
[  918.166183][T20098]  rxrpc_do_sendmsg+0xab9/0x10c0
[  918.171134][T20098]  ? lock_chain_count+0x20/0x20
[  918.176007][T20098]  ? rxrpc_look_up_server_security+0x530/0x530
[  918.182165][T20098]  ? __local_bh_enable_ip+0x136/0x1c0
[  918.187574][T20098]  ? rxrpc_sendmsg+0x467/0x890
[  918.192360][T20098]  ? rxrpc_getsockopt+0x150/0x150
[  918.197394][T20098]  ____sys_sendmsg+0x5be/0x970
[  918.202196][T20098]  ? __sys_sendmsg_sock+0x30/0x30
[  918.207227][T20098]  ? __import_iovec+0x315/0x500
[  918.212098][T20098]  ? import_iovec+0x6f/0xa0
[  918.216613][T20098]  ___sys_sendmsg+0x2a2/0x360
[  918.221313][T20098]  ? __sys_sendmsg+0x290/0x290
[  918.226120][T20098]  ? __lock_acquire+0x7d10/0x7d10
[  918.231287][T20098]  __se_sys_sendmsg+0x1bb/0x2a0
[  918.236149][T20098]  ? ct_nmi_exit+0x145/0x1c0
[  918.240750][T20098]  ? __x64_sys_sendmsg+0x80/0x80
[  918.245728][T20098]  ? lockdep_hardirqs_on+0x94/0x140
[  918.250935][T20098]  do_syscall_64+0x4c/0xa0
[  918.255362][T20098]  ? clear_bhb_loop+0x60/0xb0
[  918.260064][T20098]  ? clear_bhb_loop+0x60/0xb0
[  918.264840][T20098]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  918.270736][T20098] RIP: 0033:0x7f6ba9d9cdd9
[  918.275155][T20098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  918.294853][T20098] RSP: 002b:00007f6baac3a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  918.303273][T20098] RAX: ffffffffffffffda RBX: 00007f6baa015fa0 RCX: 00007f6ba9d9cdd9
[  918.311251][T20098] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  918.319224][T20098] RBP: 00007f6baac3a090 R08: 0000000000000000 R09: 0000000000000000
[  918.327197][T20098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  918.335172][T20098] R13: 00007f6baa016038 R14: 00007f6baa015fa0 R15: 00007ffc4486ac68
[  918.343185][T20098]  </TASK>
[  918.774215][T20107] FAULT_INJECTION: forcing a failure.
[  918.774215][T20107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  918.807989][T20107] CPU: 0 PID: 20107 Comm: syz.0.5303 Not tainted syzkaller #0
[  918.815517][T20107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  918.825677][T20107] Call Trace:
[  918.828971][T20107]  <TASK>
[  918.831926][T20107]  dump_stack_lvl+0x188/0x24e
[  918.836634][T20107]  ? show_regs_print_info+0x12/0x12
[  918.841858][T20107]  ? load_image+0x400/0x400
[  918.846388][T20107]  ? __lock_acquire+0x7d10/0x7d10
[  918.851444][T20107]  should_fail_ex+0x399/0x4d0
[  918.856148][T20107]  _copy_from_user+0x2c/0x170
[  918.860852][T20107]  ___sys_sendmsg+0x1c3/0x360
[  918.865557][T20107]  ? __sys_sendmsg+0x290/0x290
[  918.870365][T20107]  ? __lock_acquire+0x7d10/0x7d10
[  918.875434][T20107]  __se_sys_sendmsg+0x1bb/0x2a0
[  918.880311][T20107]  ? ct_nmi_exit+0x145/0x1c0
[  918.884923][T20107]  ? __x64_sys_sendmsg+0x80/0x80
[  918.889909][T20107]  ? lockdep_hardirqs_on+0x94/0x140
[  918.895136][T20107]  do_syscall_64+0x4c/0xa0
[  918.899573][T20107]  ? clear_bhb_loop+0x60/0xb0
[  918.904273][T20107]  ? clear_bhb_loop+0x60/0xb0
[  918.908990][T20107]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  918.914918][T20107] RIP: 0033:0x7f772cb9cdd9
[  918.919360][T20107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  918.938989][T20107] RSP: 002b:00007f772dac9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  918.947429][T20107] RAX: ffffffffffffffda RBX: 00007f772ce15fa0 RCX: 00007f772cb9cdd9
[  918.955432][T20107] RDX: 0000000000040004 RSI: 00002000000000c0 RDI: 0000000000000003
[  918.963432][T20107] RBP: 00007f772dac9090 R08: 0000000000000000 R09: 0000000000000000
[  918.971424][T20107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  918.979425][T20107] R13: 00007f772ce16038 R14: 00007f772ce15fa0 R15: 00007ffc8b400ed8
[  918.987431][T20107]  </TASK>
[  919.597599][T20113] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.5305'.
[  919.632409][T20116] netlink: 'syz.1.5306': attribute type 10 has an invalid length.
[  919.726034][T20116] team0: Device veth1_macvtap failed to register rx_handler
[  919.731494][T20122] netlink: 'syz.2.5309': attribute type 3 has an invalid length.
[  919.802549][T20122] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.5309'.
[  920.205957][T20132] netlink: 'syz.4.5310': attribute type 10 has an invalid length.
[  920.296275][T20132] device wlan1 entered promiscuous mode
[  920.345092][T20132] team0: Port device wlan1 added
[  920.411814][T20134] netlink: 'syz.3.5314': attribute type 1 has an invalid length.
[  920.441440][T20134] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.5314'.
[  920.518452][T20142] netlink: 148 bytes leftover after parsing attributes in process `syz.2.5316'.
[  920.674135][T20148] FAULT_INJECTION: forcing a failure.
[  920.674135][T20148] name failslab, interval 1, probability 0, space 0, times 0
[  920.690854][T20148] CPU: 1 PID: 20148 Comm: syz.2.5318 Not tainted syzkaller #0
[  920.698378][T20148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  920.708458][T20148] Call Trace:
[  920.711752][T20148]  <TASK>
[  920.714683][T20148]  dump_stack_lvl+0x188/0x24e
[  920.719370][T20148]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  920.725529][T20148]  ? show_regs_print_info+0x12/0x12
[  920.730931][T20148]  ? load_image+0x400/0x400
[  920.735443][T20148]  should_fail_ex+0x399/0x4d0
[  920.740122][T20148]  should_failslab+0x5/0x20
[  920.744622][T20148]  slab_pre_alloc_hook+0x59/0x310
[  920.749646][T20148]  ? tomoyo_encode+0x27e/0x540
[  920.754414][T20148]  __kmem_cache_alloc_node+0x4f/0x260
[  920.759800][T20148]  ? tomoyo_encode+0x27e/0x540
[  920.764569][T20148]  __kmalloc+0xa0/0x240
[  920.768731][T20148]  tomoyo_encode+0x27e/0x540
[  920.773327][T20148]  tomoyo_realpath_from_path+0x58e/0x5d0
[  920.779003][T20148]  ? tomoyo_path_number_perm+0x205/0x650
[  920.784639][T20148]  tomoyo_path_number_perm+0x22f/0x650
[  920.790100][T20148]  ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0
[  920.796696][T20148]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  920.802187][T20148]  ? __fget_files+0x28/0x4b0
[  920.806776][T20148]  ? __fget_files+0x28/0x4b0
[  920.811385][T20148]  security_file_ioctl+0x6c/0xa0
[  920.816328][T20148]  __se_sys_ioctl+0x48/0x170
[  920.820925][T20148]  do_syscall_64+0x4c/0xa0
[  920.825345][T20148]  ? clear_bhb_loop+0x60/0xb0
[  920.830027][T20148]  ? clear_bhb_loop+0x60/0xb0
[  920.834718][T20148]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  920.840615][T20148] RIP: 0033:0x7f732c99cdd9
[  920.845026][T20148] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  920.864631][T20148] RSP: 002b:00007f732d894028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  920.873082][T20148] RAX: ffffffffffffffda RBX: 00007f732cc15fa0 RCX: 00007f732c99cdd9
[  920.881053][T20148] RDX: 0000200000000100 RSI: 000000000000890b RDI: 0000000000000004
[  920.889038][T20148] RBP: 00007f732d894090 R08: 0000000000000000 R09: 0000000000000000
[  920.897438][T20148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  920.905415][T20148] R13: 00007f732cc16038 R14: 00007f732cc15fa0 R15: 00007ffc8e88a238
[  920.913420][T20148]  </TASK>
[  921.038744][T20148] ERROR: Out of memory at tomoyo_realpath_from_path.
[  921.493628][T20160] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.5322'.
[  921.715714][T20165] netlink: 'syz.3.5323': attribute type 3 has an invalid length.
[  921.780344][T20165] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.5323'.
[  922.645603][T20174] FAULT_INJECTION: forcing a failure.
[  922.645603][T20174] name failslab, interval 1, probability 0, space 0, times 0
[  922.713631][T20174] CPU: 1 PID: 20174 Comm: syz.3.5325 Not tainted syzkaller #0
[  922.721165][T20174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  922.731247][T20174] Call Trace:
[  922.734540][T20174]  <TASK>
[  922.737479][T20174]  dump_stack_lvl+0x188/0x24e
[  922.742181][T20174]  ? show_regs_print_info+0x12/0x12
[  922.747401][T20174]  ? load_image+0x400/0x400
[  922.751922][T20174]  ? __lock_acquire+0x7d10/0x7d10
[  922.756988][T20174]  should_fail_ex+0x399/0x4d0
[  922.761730][T20174]  should_failslab+0x5/0x20
[  922.766245][T20174]  slab_pre_alloc_hook+0x59/0x310
[  922.771283][T20174]  ? __lock_acquire+0x7d10/0x7d10
[  922.776338][T20174]  ? kvmalloc_node+0x6c/0x180
[  922.781050][T20174]  __kmem_cache_alloc_node+0x4f/0x260
[  922.786450][T20174]  ? kvmalloc_node+0x6c/0x180
[  922.791162][T20174]  __kmalloc_node+0xa0/0x240
[  922.795782][T20174]  kvmalloc_node+0x6c/0x180
[  922.800338][T20174]  map_get_next_key+0x292/0x620
[  922.805220][T20174]  ? __might_fault+0xa6/0x120
[  922.809945][T20174]  __sys_bpf+0x466/0x780
[  922.814221][T20174]  ? bpf_link_show_fdinfo+0x380/0x380
[  922.819629][T20174]  ? lock_chain_count+0x20/0x20
[  922.824477][T20174]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  922.830462][T20174]  __x64_sys_bpf+0x78/0x90
[  922.834878][T20174]  do_syscall_64+0x4c/0xa0
[  922.839292][T20174]  ? clear_bhb_loop+0x60/0xb0
[  922.843969][T20174]  ? clear_bhb_loop+0x60/0xb0
[  922.848646][T20174]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  922.854540][T20174] RIP: 0033:0x7f6ba9d9cdd9
[  922.858967][T20174] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  922.878585][T20174] RSP: 002b:00007f6baac3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  922.886995][T20174] RAX: ffffffffffffffda RBX: 00007f6baa015fa0 RCX: 00007f6ba9d9cdd9
[  922.894965][T20174] RDX: 0000000000000020 RSI: 00002000000005c0 RDI: 0000000000000004
[  922.902937][T20174] RBP: 00007f6baac3a090 R08: 0000000000000000 R09: 0000000000000000
[  922.910924][T20174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  922.918889][T20174] R13: 00007f6baa016038 R14: 00007f6baa015fa0 R15: 00007ffc4486ac68
[  922.926898][T20174]  </TASK>
[  923.692600][T20181] netlink: 830 bytes leftover after parsing attributes in process `syz.1.5327'.
[  923.795537][T20195] netlink: 'syz.2.5330': attribute type 10 has an invalid length.
[  923.898166][T20200] netlink: 830 bytes leftover after parsing attributes in process `syz.0.5332'.
[  924.894278][T20243] sctp: [Deprecated]: syz.2.5351 (pid 20243) Use of struct sctp_assoc_value in delayed_ack socket option.
[  924.894278][T20243] Use struct sctp_sack_info instead
[  925.195104][T20261] sctp: [Deprecated]: syz.3.5359 (pid 20261) Use of struct sctp_assoc_value in delayed_ack socket option.
[  925.195104][T20261] Use struct sctp_sack_info instead
[  925.810550][T20299] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5378'.
[  925.863449][T20299] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5378'.
[  925.902269][T20302] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5378'.
[  926.800664][T20315] device syzkaller0 entered promiscuous mode
[  931.503926][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  931.511579][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  931.591061][T20323] device syzkaller0 entered promiscuous mode
[  935.128120][T20375] device sit0 entered promiscuous mode
[  946.678860][T20491] device sit0 entered promiscuous mode
[  956.811651][T20616] device syzkaller0 entered promiscuous mode
[  959.524493][T20644] 
[  959.527143][T20644] =============================
[  959.532325][T20644] WARNING: suspicious RCU usage
[  959.537199][T20644] syzkaller #0 Not tainted
[  959.541753][T20644] -----------------------------
[  959.546609][T20644] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage!
[  959.555178][T20644] 
[  959.555178][T20644] other info that might help us debug this:
[  959.555178][T20644] 
[  959.565458][T20644] 
[  959.565458][T20644] rcu_scheduler_active = 2, debug_locks = 1
[  959.573611][T20644] 1 lock held by syz.4.5486/20644:
[  959.578831][T20644]  #0: ffffffff8cb2d760 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70
[  959.589202][T20644] 
[  959.589202][T20644] stack backtrace:
[  959.595563][T20644] CPU: 0 PID: 20644 Comm: syz.4.5486 Not tainted syzkaller #0
[  959.603045][T20644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  959.613111][T20644] Call Trace:
[  959.616399][T20644]  <TASK>
[  959.619341][T20644]  dump_stack_lvl+0x188/0x24e
[  959.624048][T20644]  ? show_regs_print_info+0x12/0x12
[  959.629305][T20644]  ? load_image+0x400/0x400
[  959.633840][T20644]  lockdep_rcu_suspicious+0x1dd/0x300
[  959.639246][T20644]  get_callchain_entry+0x2a5/0x3b0
[  959.644381][T20644]  get_perf_callchain+0xc4/0x490
[  959.649346][T20644]  ? put_callchain_entry+0xb0/0xb0
[  959.654492][T20644]  ? preempt_schedule+0xbc/0xd0
[  959.659381][T20644]  ? preempt_schedule_common+0xa5/0xd0
[  959.664871][T20644]  ? verify_lock_unused+0x140/0x140
[  959.670098][T20644]  ? preempt_schedule+0xbc/0xd0
[  959.675154][T20644]  __bpf_get_stack+0x2de/0x520
[  959.679949][T20644]  ? stack_map_get_build_id_offset+0x970/0x970
[  959.686127][T20644]  ? __cant_sleep+0x220/0x220
[  959.690822][T20644]  ? bpf_prog_14d9fb3786f83342+0x3d/0x41
[  959.696477][T20644]  bpf_get_stack_raw_tp+0x189/0x1c0
[  959.701708][T20644]  bpf_prog_14d9fb3786f83342+0x3d/0x41
[  959.707191][T20644]  bpf_prog_run_pin_on_cpu+0x64/0x150
[  959.712595][T20644]  bpf_prog_test_run_syscall+0x313/0x4a0
[  959.718255][T20644]  ? sock_gen_cookie+0x60/0x60
[  959.723046][T20644]  ? sock_gen_cookie+0x60/0x60
[  959.727839][T20644]  bpf_prog_test_run+0x31e/0x390
[  959.732809][T20644]  __sys_bpf+0x62b/0x780
[  959.737078][T20644]  ? bpf_link_show_fdinfo+0x380/0x380
[  959.742905][T20644]  ? _raw_spin_unlock_irqrestore+0x82/0x120
[  959.748829][T20644]  ? lock_chain_count+0x20/0x20
[  959.753718][T20644]  __x64_sys_bpf+0x78/0x90
[  959.758162][T20644]  do_syscall_64+0x4c/0xa0
[  959.762607][T20644]  ? clear_bhb_loop+0x60/0xb0
[  959.767396][T20644]  ? clear_bhb_loop+0x60/0xb0
[  959.772105][T20644]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  959.778020][T20644] RIP: 0033:0x7f516519cdd9
[  959.782461][T20644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  959.802185][T20644] RSP: 002b:00007f51660c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  959.810708][T20644] RAX: ffffffffffffffda RBX: 00007f5165415fa0 RCX: 00007f516519cdd9
[  959.818707][T20644] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a
[  959.826871][T20644] RBP: 00007f5165232d69 R08: 0000000000000000 R09: 0000000000000000
[  959.834863][T20644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  959.842854][T20644] R13: 00007f5165416038 R14: 00007f5165415fa0 R15: 00007ffef9ad9f78
[  959.850866][T20644]  </TASK>