last executing test programs:

7.239464899s ago: executing program 1 (id=2350):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x5, 0xf, &(0x7f00000009c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000e6ff008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000005c0)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100ff}, 0x94)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
r3 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a0010000000048000001294", 0x2e}], 0x1}, 0x0)

6.979638003s ago: executing program 1 (id=2354):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x3, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c46f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000066b60d00b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a3000000005dc2ed0e0b29e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e582160ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d70c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d600234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="090000000400000006000000ff00000042000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a1bc9f21d708fe319df424ca28a03cba39b3c9"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000440), &(0x7f0000000080), 0x619, r2}, 0x38)

6.846099575s ago: executing program 1 (id=2356):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x3, 0x0, 0x0, 0x0, 0x6, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b84, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x8, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x400}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x101, 0xeca2}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000d8a7da3cab85ef4fe8b5b655e4715878fd18e939e0dbe40b331220e64985b98944e05f45c08f7499fbea7f0a4f719c05000000000000009b6ebdb196b463ba2f48645d0d28c09a78ea3e69704ad76c3d5d02589e141eb98f2d3c999d0366ce3ab41125587e85644bc0bee11fc8fd827131ec1a3c5032da8c33ee6dda1d5c2706a747365fad4760cdbed0008c0e4c486ecc4e804d10c0fb288c1fd06fded139c87aee04895305e5d7098f24ac9c1706286aade20affdeb4db2780", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
gettid()
getpid()
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000006b7080000000000007b8af8ff000000e9bea200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

6.033416541s ago: executing program 1 (id=2360):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {}, {0x280000, 0x4, 0x10009, 0x6}], 0x10, 0xfffffff6}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r5, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20)
sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20)

5.581308047s ago: executing program 1 (id=2365):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000400)=ANY=[@ANYBLOB="1808000030000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7060000000000008500000005000000bc0900000000000035090100000000009500000000000000b702000000000000db9af8fff1000000b5090000000000007b9af8ff00000000be8a00000000000007080000f8ffffffbf9400000000000007040000f0ffffffc70200000800000018260000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f1ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000f6ffffffb704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000180)=r2, 0x4)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfbfffffc, 0x0, @perf_config_ext={0x1}, 0x0, 0x5, 0x0, 0x1, 0x0, 0x10000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000600))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f1, &(0x7f0000000080))

5.176321355s ago: executing program 1 (id=2368):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0xa0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x4000000000076, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x0, 0x3, 0xfffc, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000080008759791e000000000039e75c5a2b053aba6dd44a459303ede6331b882947c76140c0c5df1367d64224a9b77a832365028bb2ace49b92b1273322a0b553e210a2f1584193d3774e2b3621f8911944845767b4de9ac5ecbf695702292935597578483f7d04ba65ef4824858d0e053b79df58febb3b5159610252fe729040604d"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0xa00, &(0x7f00000001c0)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb904021d0800fe007c05e8fe55a10a001200020014260c600e12100015007f370401a8001000200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
close(0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r3, r0}, 0xc)
r4 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r4, 0x29, 0x1a, 0x0, 0x0)

3.581293882s ago: executing program 2 (id=2377):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000500)=@generic={0x0, 0x0, 0x8}, 0x18)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x2, @perf_bp={0x0, 0x9}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x9, 0x2, 0x812, 0x0, 0x0, 0x0, 0x22009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0x9c, 0x8000000}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x8000000}, 0x90)

3.489734547s ago: executing program 2 (id=2378):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r1 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x0, 0x3, 0x0, 0x5)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='freezer.self_freezing\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f00000002c0)={r2, r0})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.freeze\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000100010818110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000308500000005000000bca900000000000035090100000000009500500000000006b702000000000000739af0ff00000000b5090200a3b00000dbaaf0fff10000002f8900000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000036080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.973515773s ago: executing program 2 (id=2379):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '})
ioctl$TUNGETVNETBE(r0, 0x800454df, &(0x7f0000000040))
socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/29], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r3=>0x0, 0x0})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000000)={r3})
close(r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)

2.802250002s ago: executing program 3 (id=2381):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {}, {0x280000, 0x4, 0x10009, 0x6}], 0x10, 0xfffffff6}, 0x94)
r0 = socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r6, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20)
sendmsg$inet(r3, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002e000b12d25a80648c2594f90324fc60100c02400a000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000040)={0x0, 0x1a5c0bf06ff69310, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d0013000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

2.345593078s ago: executing program 2 (id=2383):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.events\x00', 0x26e1, 0x0)
r3 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x2e, &(0x7f0000000640)=r2, 0x4)
recvmsg$kcm(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.344904098s ago: executing program 3 (id=2385):
r0 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000000c0), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1a, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x3ff}, [@ldst={0x0, 0x3, 0x1, 0x2, 0xc, 0xc}]}, &(0x7f0000000180)='syzkaller\x00', 0x7, 0x32, &(0x7f00000001c0)=""/50, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x4, 0xd, 0x90, 0x5f45}, 0x10, 0x0, 0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000280)=[{0x4, 0x1, 0x3, 0x8}, {0x5, 0x1, 0x1, 0x6}, {0x1, 0x1, 0x8, 0x1}, {0x2, 0x3, 0xe, 0x4}, {0x1, 0x4, 0x2, 0x5}, {0x1, 0x3, 0xc, 0xc}], 0x10, 0x9}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000003c0)={r0, 0xffffffffffffffff, 0x4, r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000000140)={'vlan1\x00', @random="021f0000002b"})

2.207390791s ago: executing program 0 (id=2386):
r0 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000440), 0x3d)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000020000850000001b000000b700000000000000180100002120732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
socket$kcm(0x11, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x5, &(0x7f0000002380)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r7 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r7, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x10000, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000008085000000700000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0x0, 0x10, 0xfffffef3, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x5562, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r7, r6})
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=0x1, 0x14, 0x0, 0xf, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000500)={r5, &(0x7f0000000440)="00c1a761a6dd2a0f19d8f47bf4701f87c248f7dd4c3c42d5e877926d4f34d44f232084003baf0b9248e3ff710673fe442df8db2ed46b26ff91a37dd2e6053f855db06dce578908220b55eb1c0c16c4af8fb68575ef0b32c4bfc01fc402970e5b6a1b621dfc096647d17ba315a064369cbc89d300bc30a0202e783e97c3e5e7eb932df37e6e325a2192b935eda7a26a1391299150247f8a97cfe42f40"}, 0x20)
socket$kcm(0x29, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2.03656848s ago: executing program 3 (id=2387):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r1 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x0, 0x3, 0x0, 0x5)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='freezer.self_freezing\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f00000002c0)={r2, r0})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.freeze\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000100010818110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000308500000005000000bca900000000000035090100000000009500500000000006b702000000000000739af0ff00000000b5090200a3b00000dbaaf0fff10000002f8900000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000036080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.799370099s ago: executing program 2 (id=2388):
r0 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x1beea, 0x4, 0x1, 0x0, 0x2, 0x2, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmsg(0xffffffffffffffff, 0x0, 0x80004141)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @multicast1}, 0x2}}, 0x80, 0x0}, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0e00009bd029ef8020ab070011000523a608463a3f"], 0xfe33)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x2800000002000000, 0x3e, 0x0, &(0x7f00000001c0)="034a35a3ad1561ba5a78fdeea42139582975ef256355853ae66d58ad53bc2db49b3cf348f90ec7e84b5727c01e3483545cbfc90a603383c646c87ee4c7ec", 0x0, 0xfff, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x100})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18550000400000000000000000a533009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000440)=[0x1, 0xffffffffffffffff, 0x1, r1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000480)=[{0x4, 0x5, 0x6, 0x2}, {0x2, 0x4, 0xf, 0x5}, {0x1, 0x2, 0x9, 0x7}], 0x10, 0xffff7fff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r6)
close(r5)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110e22fff4)
r8 = perf_event_open(&(0x7f0000000000)={0x0, 0xfffffffffffffd46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402000a}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, 0x0, 0x5}, 0x94)
r10 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r10, 0x29, 0x23, &(0x7f0000000040), 0xcf)
r11 = syz_clone(0x2800, &(0x7f0000000940)="942431cb5d70d373d12521548c96edb628f6f6bd06b5365b1989bb5f80994c44d654c3b72a9c09e74f8ae2a4e4991dae93f627a97afd9ccee2b72529cc6a62e67534bb144ce6a62bcc1994df7bfeed8d23b7c4413d417145", 0x58, &(0x7f00000009c0), &(0x7f0000000900), &(0x7f0000000c00)="d2b6ec0177e191010000fc4580aea2c10e20fdd2a0b0b152cafb4e0a34cb10937e16890b184fb49f71febeb7bae14c46f193efd642fcf3a7bdcd0b114eae8741cfd77396542a8dc0fcd560004d62935280b6c5526376c5c851ef8ffc15928bf08f839d13cb21b947db22eedb4f1cd079c961ff141a24c45209e83215bd48c05f938df733408310c8347b9ccb3dc4645eb09cfc603b1702fb7001fbd60bcc99b7ddb0babdeb7e")
r12 = syz_clone(0x880200, &(0x7f0000000a80)="f32bd2d136bb06ad10a9305b6feabbbf7f2df6298e9c2d71b74803c7709047a6a716c6309c268c1e5d4c0ff2614fcec6cff03f1290fb0875c7de884ec03b98e8acf4395dfc6413ee3ef6761f595c45ce3ba7d95cf5b6de2e1a6227f4ce2a3948e21c000000000000000000", 0xfffffffffffffed0, &(0x7f0000000b00), &(0x7f0000000b40), &(0x7f0000000b80)="07484e627602592cc4e93ad69f63ad04cc0e8676bb727156d314af55c240d08d3da51ea6ec52bd4c8364b85fed2da6e38abc3951d66f26222a1123343f0000000000000000")
sendmsg$unix(r3, &(0x7f0000000d00)={&(0x7f0000000580)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000008c0)=[{&(0x7f0000000600)="e8443dd962c7", 0x6}, {&(0x7f00000006c0)="61c6ee8ecd0beae6c960802a380028e9c57d9da0dacc0bcc9a2dd369a415c6d60fa9099f5b16d2016da819f1dffdcea1835dfa883ce1908f03e3e49072c1aed057eb0711c0e242edcb0551263427ecb198237d19c3a1b252ea4d5fc31b9f449b82093d4eefebacf7aec8db4ee9bc65280e0b517414c0e0689d6c53cb06001d8ea84c6fc0eb242eb57b45444fdb36940729", 0x91}, {&(0x7f0000000780)="aeea6718a5748b43c0de93a069d49a4bd2d2a7a529643ed3fb8a5704cba4c6a94f7c473aebec10a4df424cb42b277760d56cd24d3d8d85e0b7870f52b33654aa59b68f57c3e4cc3e903eb063e45967c532923ad09168380f5ead7b2cfb6bf42e970c0e4cf613995a6ec36de0b7a5737c947e84671cc8031f2a45b5987e9330e59c0740d294bde8d854adef6e6c0209b3eaad24a29c050b106a4713ccef31ba50e9a96f416c608771603812f224c17469f03c405258798b1262be2e648ff1494cedabc89315a84cd9c41b0a419a8440573ce948054f1340a75fa50a3158", 0xdd}, {&(0x7f0000000880)="ac73a9d0ab1899c79208ca4715779829ee7bf01e5df626396df6cdaadf2ef77f4817cd895e56152c9911839080c7", 0x2e}], 0x4, &(0x7f0000000e40)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r6, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r7, @ANYBLOB="38000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r7, @ANYRES32=r9, @ANYRESHEX=r1, @ANYRES32=r7, @ANYRES32=r8, @ANYRES32=r10, @ANYRES32=r4, @ANYRES32, @ANYRES32=r10, @ANYBLOB="18002000000000000100000001000000", @ANYRES32, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0xee00, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r11, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r12, @ANYRESOCT=r4, @ANYRES32=0xee01, @ANYBLOB='\x00\x00\x00\x00'], 0xe8, 0x4000001}, 0x2004c000)
ioctl$TUNGETVNETLE(r5, 0x40047459, &(0x7f0000000180))
r13 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r13, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r13, &(0x7f0000000280), 0x9)
r14 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r14, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x5, 0x0, 0x4, 0x0, 0x2, 0xc2dfc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x4, @perf_config_ext={0x6, 0x10}, 0x2, 0x2, 0x6, 0x7, 0x81, 0x25, 0x3, 0x0, 0xfffffffd, 0x0, 0x400000000002}, 0x0, 0xe, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f0, &(0x7f0000000f80)='-\xc2\x85\xa1\xdcQUW|J>\xf5\r\x90\xf8\x06\xc4\xdfd\x88Qyzr\x91\xdd\xc0\x90\x99\xb4\xecs\fJ\xcc\xf9\xb1\xaa:M\x83M8_ql\xa9x\xe9\xbf\xa2\xd4\x9c\x14\xcey.\xbd\x03a&Y\x03!\xca\x83[@Q\xa8\x8f\xac\xdc/\xb7\xa0\x92Qt\x18\x93a\x14*Z\xbb\x91\xba\xce\xa5\xe7\v\x1a\xd3\xd9\xeb\x8f\'\xe5\xcc\xc1>\xcd\xe8\xda\x10\xc6\x95q\x0e\xce\xbeY{J+}4\xf3z>d\x83\xfdX\xec \xbc\x11\xba\x12\x7f\xd1\xbdC\x80d\xacp\x95`2\xfaGv\x15\v\x8d:\xf8v\xc9\x86\x1d/\x19\xa9m*\xe7\xd8~\xdb\xc0\n\xdb\xe4\xdf\x15W{\xda6\xa3%\x0e>Ge\xcc\x16\x19\xb8\xf8\x85\xe6\x92\xc3\xe0;\xa0fl\xa0E\xfdS`\xa1\xe4\x96\x16$<\xdeA\\Z;\xaf\xe9%y\xfd\x91*\x02\xd3\x17e\x05Y\x1a]\x80\xe2\x93\x92jp\x19\xe1\xe4\xd8\x10\xc1\x9f| \xd4:\x93aLb7\xa8\xf9\x9e\t\x03I\xd8[\x17\xa5\x83[\'\xb2\xfb\xe6j\xfc\x02a/4\x8c\xde\xbc(\xffSZxC&\x9b\xe1X\xc3\xc5\x02:\xe6\xc7J\x92\x92\xc3')

1.525386055s ago: executing program 3 (id=2389):
r0 = socket$kcm(0xa, 0x6, 0x0)
r1 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
close(r1)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x4a, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r4 = openat$cgroup_devices(r3, &(0x7f0000000380)='devices.allow\x00', 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB='b *:4\trrw'], 0xa)

1.178805793s ago: executing program 0 (id=2390):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x5, 0xf, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000e6ff008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000005c0)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100ff}, 0x94)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
r3 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a0010000000048000001294", 0x2e}], 0x1}, 0x0)

1.011598101s ago: executing program 3 (id=2391):
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x118984, 0x0, 0x4000000, 0x7, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlink(&(0x7f0000000140)='./cgroup\x00')
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r1, &(0x7f0000000240)='cpuset.mems\x00', 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)}], 0x1}, 0x4000055)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000240)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x1ff, 0x0, 0xa8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd79, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0xa, 0x2, 0x3a)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x4e, &(0x7f0000000100)=r3, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f0006", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f00800fee0ffff00124000632f77fbac141416ac14141602089f034d2f87e5070c0cab845013f2325f1a39010702038da1880525181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)

928.659675ms ago: executing program 0 (id=2392):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '})
ioctl$TUNGETVNETBE(r0, 0x800454df, &(0x7f0000000040))
socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r3=>0x0, 0x0})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000000)={r3})
close(r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)

728.541869ms ago: executing program 2 (id=2393):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {}, {0x280000, 0x4, 0x10009, 0x6}], 0x10, 0xfffffff6}, 0x94)
r0 = socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r6, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20)
sendmsg$inet(r3, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002e000b12d25a80648c2594f90324fc60100c02400a000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000040)={0x0, 0x1a5c0bf06ff69310, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d0013000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

638.201404ms ago: executing program 0 (id=2394):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20)

487.684629ms ago: executing program 3 (id=2395):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.events\x00', 0x26e1, 0x0)
r3 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x2e, &(0x7f0000000640)=r2, 0x4)
recvmsg$kcm(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

290.542692ms ago: executing program 0 (id=2396):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40000100)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfd, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000ad710000000ba8000001201", 0x2e}], 0x1}, 0x0)

0s ago: executing program 0 (id=2397):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r1 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x0, 0x3, 0x0, 0x5)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='freezer.self_freezing\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f00000002c0)={r2, r0})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r2)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.freeze\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000100010818110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000308500000005000000bca900000000000035090100000000009500500000000006b702000000000000739af0ff00000000b5090200a3b00000dbaaf0fff10000002f8900000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000036080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

kernel console output (not intermixed with test programs):

x73/0xa0
[  362.360353][T10362]  ___sys_sendmsg+0x2a6/0x360
[  362.365024][T10362]  ? __sys_sendmsg+0x2a0/0x2a0
[  362.369795][T10362]  ? __lock_acquire+0x7d40/0x7d40
[  362.374831][T10362]  __se_sys_sendmsg+0x1c2/0x2b0
[  362.379694][T10362]  ? __x64_sys_sendmsg+0x80/0x80
[  362.384658][T10362]  ? lockdep_hardirqs_on+0x98/0x150
[  362.389864][T10362]  do_syscall_64+0x55/0xa0
[  362.394275][T10362]  ? clear_bhb_loop+0x40/0x90
[  362.398952][T10362]  ? clear_bhb_loop+0x40/0x90
[  362.403627][T10362]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  362.409516][T10362] RIP: 0033:0x7f95dd39c819
[  362.413924][T10362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  362.433528][T10362] RSP: 002b:00007f95de306028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  362.441941][T10362] RAX: ffffffffffffffda RBX: 00007f95dd615fa0 RCX: 00007f95dd39c819
[  362.449904][T10362] RDX: 0000000000008091 RSI: 0000200000000140 RDI: 0000000000000003
[  362.457878][T10362] RBP: 00007f95de306090 R08: 0000000000000000 R09: 0000000000000000
[  362.465846][T10362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  362.473813][T10362] R13: 00007f95dd616038 R14: 00007f95dd615fa0 R15: 00007ffed4dbeeb8
[  362.481797][T10362]  </TASK>
[  362.716452][T10366] validate_nla: 1 callbacks suppressed
[  362.716563][T10366] netlink: 'syz.3.1467': attribute type 10 has an invalid length.
[  362.992401][T10368] netlink: 'syz.0.1468': attribute type 10 has an invalid length.
[  363.002670][T10368] veth0_vlan: left promiscuous mode
[  363.017367][T10368] veth0_vlan: entered promiscuous mode
[  363.029273][T10368] team0: Device veth0_vlan failed to register rx_handler
[  363.437864][ T3508] tipc: Subscription rejected, illegal request
[  363.707500][T10396] syz.1.1478[10396] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  363.707754][T10396] syz.1.1478[10396] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  363.895433][T10400] netlink: 'syz.2.1479': attribute type 10 has an invalid length.
[  363.935020][T10400] veth0_vlan: left promiscuous mode
[  363.941686][T10400] veth0_vlan: entered promiscuous mode
[  363.949900][T10400] team0: Device veth0_vlan failed to register rx_handler
[  364.385420][T10413] netlink: 'syz.2.1484': attribute type 10 has an invalid length.
[  364.418958][T10413] veth0_vlan: left promiscuous mode
[  364.439473][T10413] veth0_vlan: entered promiscuous mode
[  364.459848][T10413] team0: Device veth0_vlan failed to register rx_handler
[  364.784624][T10426] __nla_validate_parse: 3 callbacks suppressed
[  364.784669][T10426] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1488'.
[  364.933358][T10433] syz.2.1491[10433] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  364.934860][T10433] syz.2.1491[10433] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  365.292651][T10439] netlink: 'syz.1.1493': attribute type 10 has an invalid length.
[  365.322986][T10439] veth0_vlan: left promiscuous mode
[  365.329712][T10439] veth0_vlan: entered promiscuous mode
[  365.349615][T10439] team0: Device veth0_vlan failed to register rx_handler
[  365.836580][T10449] netlink: 'syz.3.1497': attribute type 10 has an invalid length.
[  366.160847][T10462] FAULT_INJECTION: forcing a failure.
[  366.160847][T10462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  366.347776][T10462] CPU: 0 PID: 10462 Comm: syz.1.1501 Not tainted syzkaller #0
[  366.355315][T10462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  366.365411][T10462] Call Trace:
[  366.368732][T10462]  <TASK>
[  366.371699][T10462]  dump_stack_lvl+0x18c/0x250
[  366.376440][T10462]  ? show_regs_print_info+0x20/0x20
[  366.381692][T10462]  ? load_image+0x420/0x420
[  366.386252][T10462]  ? __lock_acquire+0x7d40/0x7d40
[  366.391326][T10462]  ? snprintf+0xe9/0x140
[  366.395622][T10462]  should_fail_ex+0x39d/0x4d0
[  366.400361][T10462]  _copy_to_user+0x2f/0xa0
[  366.404821][T10462]  simple_read_from_buffer+0xe7/0x150
[  366.410255][T10462]  proc_fail_nth_read+0x1e8/0x260
[  366.415338][T10462]  ? proc_fault_inject_write+0x360/0x360
[  366.421016][T10462]  ? fsnotify_perm+0x271/0x5e0
[  366.425797][T10462]  ? proc_fault_inject_write+0x360/0x360
[  366.431438][T10462]  vfs_read+0x28b/0x970
[  366.435619][T10462]  ? kernel_read+0x1e0/0x1e0
[  366.440218][T10462]  ? __fget_files+0x28/0x4b0
[  366.444824][T10462]  ? __fget_files+0x28/0x4b0
[  366.449431][T10462]  ? __fget_files+0x43d/0x4b0
[  366.454168][T10462]  ? __fdget_pos+0x2a3/0x330
[  366.458774][T10462]  ? ksys_read+0x75/0x260
[  366.463210][T10462]  ksys_read+0x150/0x260
[  366.467471][T10462]  ? vfs_write+0x990/0x990
[  366.471903][T10462]  ? lockdep_hardirqs_on+0x98/0x150
[  366.477123][T10462]  do_syscall_64+0x55/0xa0
[  366.481545][T10462]  ? clear_bhb_loop+0x40/0x90
[  366.486226][T10462]  ? clear_bhb_loop+0x40/0x90
[  366.490912][T10462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  366.496811][T10462] RIP: 0033:0x7f2df675d04e
[  366.501235][T10462] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  366.520850][T10462] RSP: 002b:00007f2df75d1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  366.529275][T10462] RAX: ffffffffffffffda RBX: 00007f2df75d26c0 RCX: 00007f2df675d04e
[  366.537251][T10462] RDX: 000000000000000f RSI: 00007f2df75d20a0 RDI: 0000000000000005
[  366.545226][T10462] RBP: 00007f2df75d2090 R08: 0000000000000000 R09: 0000000000000000
[  366.553205][T10462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  366.561180][T10462] R13: 00007f2df6a16038 R14: 00007f2df6a15fa0 R15: 00007ffd54280da8
[  366.569186][T10462]  </TASK>
[  366.654956][T10465] syz.2.1503[10465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.655327][T10465] syz.2.1503[10465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.861070][T10472] netlink: 'syz.3.1506': attribute type 10 has an invalid length.
[  369.132893][T10477] FAULT_INJECTION: forcing a failure.
[  369.132893][T10477] name failslab, interval 1, probability 0, space 0, times 0
[  369.176200][T10477] CPU: 1 PID: 10477 Comm: syz.0.1508 Not tainted syzkaller #0
[  369.183709][T10477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  369.193784][T10477] Call Trace:
[  369.197070][T10477]  <TASK>
[  369.200006][T10477]  dump_stack_lvl+0x18c/0x250
[  369.204733][T10477]  ? show_regs_print_info+0x20/0x20
[  369.209961][T10477]  ? load_image+0x420/0x420
[  369.214478][T10477]  ? __might_sleep+0xe0/0xe0
[  369.219082][T10477]  ? __lock_acquire+0x7d40/0x7d40
[  369.224121][T10477]  should_fail_ex+0x39d/0x4d0
[  369.228822][T10477]  should_failslab+0x9/0x20
[  369.233349][T10477]  slab_pre_alloc_hook+0x59/0x310
[  369.238393][T10477]  ? _raw_spin_unlock+0x40/0x40
[  369.243261][T10477]  ? string+0x26d/0x2b0
[  369.247437][T10477]  ? __request_module+0x2d1/0x600
[  369.252475][T10477]  __kmem_cache_alloc_node+0x53/0x250
[  369.257874][T10477]  ? __request_module+0x2d1/0x600
[  369.262928][T10477]  kmalloc_trace+0x2a/0xe0
[  369.267369][T10477]  __request_module+0x2d1/0x600
[  369.272250][T10477]  ? module_enforce_rwx_sections+0x150/0x150
[  369.278269][T10477]  ? bpf_lsm_capable+0x9/0x10
[  369.282969][T10477]  ? security_capable+0x89/0xb0
[  369.287844][T10477]  ? dev_load+0x21/0x1f0
[  369.292104][T10477]  dev_load+0x18b/0x1f0
[  369.296265][T10477]  wext_ioctl_dispatch+0x110/0x600
[  369.301384][T10477]  ? wext_ioctl_dispatch+0x600/0x600
[  369.306665][T10477]  ? iw_handler_get_private+0x1f0/0x1f0
[  369.312211][T10477]  ? wext_handle_ioctl+0x1d0/0x1d0
[  369.317317][T10477]  ? __might_fault+0xaa/0x120
[  369.322001][T10477]  ? __might_fault+0xc6/0x120
[  369.326673][T10477]  ? __might_fault+0xaa/0x120
[  369.331348][T10477]  wext_handle_ioctl+0x117/0x1d0
[  369.336279][T10477]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  369.342424][T10477]  ? call_commit_handler+0xf0/0xf0
[  369.347533][T10477]  ? sock_ioctl+0x14e/0x7e0
[  369.352070][T10477]  sock_ioctl+0x15d/0x7e0
[  369.356404][T10477]  ? sock_poll+0x3e0/0x3e0
[  369.360816][T10477]  ? bpf_lsm_file_ioctl+0x9/0x10
[  369.365758][T10477]  ? security_file_ioctl+0x80/0xa0
[  369.370863][T10477]  ? sock_poll+0x3e0/0x3e0
[  369.375267][T10477]  __se_sys_ioctl+0xfd/0x170
[  369.379850][T10477]  do_syscall_64+0x55/0xa0
[  369.384256][T10477]  ? clear_bhb_loop+0x40/0x90
[  369.388920][T10477]  ? clear_bhb_loop+0x40/0x90
[  369.393587][T10477]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.399485][T10477] RIP: 0033:0x7f71bbb9c819
[  369.403886][T10477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  369.423480][T10477] RSP: 002b:00007f71bcac7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  369.431882][T10477] RAX: ffffffffffffffda RBX: 00007f71bbe15fa0 RCX: 00007f71bbb9c819
[  369.439845][T10477] RDX: 0000200000000000 RSI: 0000000000008b19 RDI: 0000000000000005
[  369.447806][T10477] RBP: 00007f71bcac7090 R08: 0000000000000000 R09: 0000000000000000
[  369.455765][T10477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.463720][T10477] R13: 00007f71bbe16038 R14: 00007f71bbe15fa0 R15: 00007ffcfb70c4d8
[  369.471697][T10477]  </TASK>
[  369.878604][T10495] syz.1.1515[10495] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.878861][T10495] syz.1.1515[10495] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  370.204298][T10504] netlink: 'syz.0.1517': attribute type 10 has an invalid length.
[  370.290909][T10504] veth0_vlan: left promiscuous mode
[  370.297590][T10504] veth0_vlan: entered promiscuous mode
[  370.332499][T10504] team0: Device veth0_vlan failed to register rx_handler
[  370.827050][T10526] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1525'.
[  370.851485][T10528] netlink: 'syz.1.1526': attribute type 1 has an invalid length.
[  370.859800][T10528] netlink: 'syz.1.1526': attribute type 4 has an invalid length.
[  370.869518][T10528] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1526'.
[  370.944760][T10531] syz.0.1527[10531] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  370.945024][T10531] syz.0.1527[10531] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  371.037590][T10537] netlink: 'syz.1.1529': attribute type 10 has an invalid length.
[  371.058304][T10537] veth0_vlan: left promiscuous mode
[  371.065369][T10537] veth0_vlan: entered promiscuous mode
[  371.077679][T10537] team0: Device veth0_vlan failed to register rx_handler
[  371.703195][T10564] netlink: 'syz.3.1539': attribute type 10 has an invalid length.
[  371.856209][T10569] syz.3.1541[10569] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  371.856404][T10569] syz.3.1541[10569] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  371.960271][T10573] FAULT_INJECTION: forcing a failure.
[  371.960271][T10573] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  371.987025][T10573] CPU: 1 PID: 10573 Comm: syz.2.1543 Not tainted syzkaller #0
[  371.994507][T10573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  372.004552][T10573] Call Trace:
[  372.007824][T10573]  <TASK>
[  372.010751][T10573]  dump_stack_lvl+0x18c/0x250
[  372.015443][T10573]  ? show_regs_print_info+0x20/0x20
[  372.020649][T10573]  ? load_image+0x420/0x420
[  372.025139][T10573]  ? __lock_acquire+0x7d40/0x7d40
[  372.030146][T10573]  ? verify_lock_unused+0x140/0x140
[  372.035331][T10573]  should_fail_ex+0x39d/0x4d0
[  372.039999][T10573]  prepare_alloc_pages+0x1e2/0x5f0
[  372.045095][T10573]  __alloc_pages+0x134/0x460
[  372.049687][T10573]  ? zone_statistics+0x170/0x170
[  372.054611][T10573]  ? mt_find+0x169/0x650
[  372.058840][T10573]  ? handle_mm_fault+0xe7/0x4c00
[  372.063779][T10573]  __folio_alloc+0x10/0x20
[  372.068194][T10573]  vma_alloc_folio+0x47a/0x8f0
[  372.072955][T10573]  handle_mm_fault+0x1b3b/0x4c00
[  372.077887][T10573]  ? handle_mm_fault+0xe7/0x4c00
[  372.082824][T10573]  ? numa_migrate_prep+0x350/0x350
[  372.087936][T10573]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  372.093211][T10573]  do_user_addr_fault+0x730/0x12c0
[  372.098323][T10573]  exc_page_fault+0x64/0x100
[  372.102908][T10573]  asm_exc_page_fault+0x26/0x30
[  372.107753][T10573] RIP: 0010:rep_movs_alternative+0x15/0x90
[  372.113552][T10573] Code: 8b 1c 24 4c 8b 64 24 08 48 83 c4 10 c3 cc cc cc cc cc cc cc cc f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 2e 0f 1f 84 00 00 00
[  372.133165][T10573] RSP: 0018:ffffc900050cfbd0 EFLAGS: 00050202
[  372.139224][T10573] RAX: ffffffff842a2200 RBX: 0000000000000004 RCX: 0000000000000004
[  372.147271][T10573] RDX: 0000000000000000 RSI: ffffc900050cfc80 RDI: 0000200000003680
[  372.155233][T10573] RBP: ffffc900050cfd40 R08: 0000000000000003 R09: 0000000000000004
[  372.163191][T10573] R10: dffffc0000000000 R11: fffff52000a19f90 R12: 0000200000003684
[  372.171169][T10573] R13: 0000000000000000 R14: 0000200000003680 R15: ffffc900050cfc80
[  372.179155][T10573]  ? _copy_to_user+0x50/0xa0
[  372.183753][T10573]  _copy_to_user+0x85/0xa0
[  372.188167][T10573]  bpf_mprog_query+0x64d/0x7b0
[  372.192931][T10573]  ? bpf_mprog_delete+0x410/0x410
[  372.197955][T10573]  ? lockdep_rtnl_is_held+0x26/0x30
[  372.203153][T10573]  tcx_prog_query+0xd9/0x140
[  372.207736][T10573]  __sys_bpf+0x7a0/0x890
[  372.211978][T10573]  ? bpf_link_show_fdinfo+0x390/0x390
[  372.217352][T10573]  ? lock_chain_count+0x20/0x20
[  372.222199][T10573]  __x64_sys_bpf+0x7c/0x90
[  372.226607][T10573]  do_syscall_64+0x55/0xa0
[  372.231015][T10573]  ? clear_bhb_loop+0x40/0x90
[  372.235697][T10573]  ? clear_bhb_loop+0x40/0x90
[  372.240385][T10573]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  372.246272][T10573] RIP: 0033:0x7fea8679c819
[  372.250686][T10573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  372.270297][T10573] RSP: 002b:00007fea87614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  372.278705][T10573] RAX: ffffffffffffffda RBX: 00007fea86a15fa0 RCX: 00007fea8679c819
[  372.286671][T10573] RDX: 0000000000000040 RSI: 0000200000000240 RDI: 0000000000000010
[  372.294631][T10573] RBP: 00007fea87614090 R08: 0000000000000000 R09: 0000000000000000
[  372.302594][T10573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.310637][T10573] R13: 00007fea86a16038 R14: 00007fea86a15fa0 R15: 00007ffe908b7f58
[  372.318610][T10573]  </TASK>
[  372.534279][T10579] netlink: 'syz.3.1545': attribute type 25 has an invalid length.
[  372.567014][T10579] netlink: 'syz.3.1545': attribute type 28 has an invalid length.
[  372.623142][T10580] netlink: 'syz.2.1546': attribute type 2 has an invalid length.
[  372.695033][T10580] netlink: 'syz.2.1546': attribute type 1 has an invalid length.
[  372.726769][T10580] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1546'.
[  372.754210][T10584] FAULT_INJECTION: forcing a failure.
[  372.754210][T10584] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.768286][T10584] CPU: 0 PID: 10584 Comm: syz.0.1548 Not tainted syzkaller #0
[  372.775778][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  372.785850][T10584] Call Trace:
[  372.787992][T10587] netlink: 'syz.2.1546': attribute type 19 has an invalid length.
[  372.789125][T10584]  <TASK>
[  372.799869][T10584]  dump_stack_lvl+0x18c/0x250
[  372.804575][T10584]  ? show_regs_print_info+0x20/0x20
[  372.809786][T10584]  ? load_image+0x420/0x420
[  372.814286][T10584]  ? __might_fault+0xaa/0x120
[  372.818953][T10584]  ? __lock_acquire+0x7d40/0x7d40
[  372.823971][T10584]  should_fail_ex+0x39d/0x4d0
[  372.828646][T10584]  _copy_from_user+0x2f/0xe0
[  372.833230][T10584]  sk_setsockopt+0x2b2/0x2bc0
[  372.837905][T10584]  ? sockopt_capable+0x60/0x60
[  372.842660][T10584]  ? aa_sk_perm+0x83c/0x970
[  372.847158][T10584]  ? __fget_files+0x28/0x4b0
[  372.851744][T10584]  ? aa_af_perm+0x330/0x330
[  372.856242][T10584]  ? __fget_files+0x28/0x4b0
[  372.860821][T10584]  ? __fget_files+0x28/0x4b0
[  372.865399][T10584]  ? aa_sock_opt_perm+0x74/0x100
[  372.870329][T10584]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  372.875869][T10584]  ? security_socket_setsockopt+0x7e/0xa0
[  372.881585][T10584]  do_sock_setsockopt+0x11b/0x1a0
[  372.886606][T10584]  __x64_sys_setsockopt+0x182/0x200
[  372.891795][T10584]  do_syscall_64+0x55/0xa0
[  372.896200][T10584]  ? clear_bhb_loop+0x40/0x90
[  372.900866][T10584]  ? clear_bhb_loop+0x40/0x90
[  372.905544][T10584]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  372.911429][T10584] RIP: 0033:0x7f71bbb9c819
[  372.915833][T10584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  372.935434][T10584] RSP: 002b:00007f71bcac7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  372.943840][T10584] RAX: ffffffffffffffda RBX: 00007f71bbe15fa0 RCX: 00007f71bbb9c819
[  372.951802][T10584] RDX: 0000000000000045 RSI: 0000000000000001 RDI: 0000000000000005
[  372.959770][T10584] RBP: 00007f71bcac7090 R08: 0000000000000004 R09: 0000000000000000
[  372.967729][T10584] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  372.975692][T10584] R13: 00007f71bbe16038 R14: 00007f71bbe15fa0 R15: 00007ffcfb70c4d8
[  372.983662][T10584]  </TASK>
[  373.023774][T10587] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1546'.
[  373.185718][T10589] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.1550'.
[  373.417765][T10593] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1552'.
[  374.015622][T10609] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1557'.
[  374.596451][T10620] veth0_vlan: left promiscuous mode
[  374.603050][T10620] veth0_vlan: entered promiscuous mode
[  374.621008][T10620] team0: Device veth0_vlan failed to register rx_handler
[  375.190422][T10638] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1569'.
[  375.308050][T10643] syz.2.1571[10643] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.308315][T10643] syz.2.1571[10643] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.459571][T10649] validate_nla: 6 callbacks suppressed
[  375.459587][T10649] netlink: 'syz.1.1574': attribute type 10 has an invalid length.
[  375.499862][T10647] FAULT_INJECTION: forcing a failure.
[  375.499862][T10647] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  375.521485][T10647] CPU: 1 PID: 10647 Comm: syz.0.1573 Not tainted syzkaller #0
[  375.529009][T10647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  375.539100][T10647] Call Trace:
[  375.542411][T10647]  <TASK>
[  375.545376][T10647]  dump_stack_lvl+0x18c/0x250
[  375.550120][T10647]  ? show_regs_print_info+0x20/0x20
[  375.555370][T10647]  ? load_image+0x420/0x420
[  375.559932][T10647]  ? __lock_acquire+0x7d40/0x7d40
[  375.565008][T10647]  ? mark_lock+0x94/0x320
[  375.569395][T10647]  should_fail_ex+0x39d/0x4d0
[  375.574137][T10647]  prepare_alloc_pages+0x1e2/0x5f0
[  375.579312][T10647]  __alloc_pages+0x134/0x460
[  375.583949][T10647]  ? zone_statistics+0x170/0x170
[  375.588940][T10647]  ? do_wp_page+0x7ca/0x35f0
[  375.593559][T10647]  ? do_wp_page+0xfc5/0x35f0
[  375.598178][T10647]  __folio_alloc+0x10/0x20
[  375.602600][T10647]  vma_alloc_folio+0x47a/0x8f0
[  375.607385][T10647]  do_wp_page+0x1243/0x35f0
[  375.611923][T10647]  ? folio_put+0xd0/0xd0
[  375.616165][T10647]  ? do_raw_spin_lock+0x11f/0x2c0
[  375.621202][T10647]  ? __rwlock_init+0x150/0x150
[  375.626006][T10647]  handle_mm_fault+0x135d/0x4c00
[  375.630963][T10647]  ? handle_mm_fault+0xe7/0x4c00
[  375.635931][T10647]  ? numa_migrate_prep+0x350/0x350
[  375.641097][T10647]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  375.646843][T10647]  do_user_addr_fault+0x730/0x12c0
[  375.652352][T10647]  exc_page_fault+0x64/0x100
[  375.656956][T10647]  asm_exc_page_fault+0x26/0x30
[  375.661815][T10647] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  375.667625][T10647] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  375.687241][T10647] RSP: 0018:ffffc9000355f5d8 EFLAGS: 00050206
[  375.693319][T10647] RAX: ffffffff8427bb01 RBX: 1ffff920006abfc7 RCX: 00000000000006c0
[  375.701292][T10647] RDX: 0000000000000000 RSI: ffff888058fce940 RDI: 000020000000f000
[  375.709271][T10647] RBP: ffffc9000355f730 R08: ffff888058fcefff R09: 1ffff1100b1f9dff
[  375.717246][T10647] R10: dffffc0000000000 R11: ffffed100b1f9e00 R12: ffff888058fce000
[  375.725225][T10647] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9000355fe48
[  375.733234][T10647]  ? _copy_to_iter+0x1c1/0x1120
[  375.738115][T10647]  _copy_to_iter+0x24f/0x1120
[  375.742808][T10647]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  375.748801][T10647]  ? lock_chain_count+0x20/0x20
[  375.753661][T10647]  ? iov_iter_init+0x1e0/0x1e0
[  375.758440][T10647]  ? __local_bh_enable_ip+0x13a/0x1c0
[  375.763823][T10647]  ? lockdep_hardirqs_on+0x98/0x150
[  375.769043][T10647]  ? page_copy_sane+0x16a/0x270
[  375.773912][T10647]  copy_page_to_iter+0xa7/0x150
[  375.778782][T10647]  __sk_msg_recvmsg+0x341/0xe60
[  375.783669][T10647]  ? _raw_spin_unlock+0x40/0x40
[  375.788548][T10647]  unix_bpf_recvmsg+0x5b2/0xde0
[  375.793440][T10647]  ? unix_stream_bpf_update_proto+0x2f0/0x2f0
[  375.799520][T10647]  ? wait_woken+0x180/0x180
[  375.804034][T10647]  ? verify_lock_unused+0x140/0x140
[  375.809237][T10647]  ? aa_sock_msg_perm+0x94/0x150
[  375.814188][T10647]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  375.819482][T10647]  ? security_socket_recvmsg+0x89/0xb0
[  375.825036][T10647]  ? unix_dgram_recvmsg+0x71/0xd0
[  375.830067][T10647]  ? unix_dgram_sendmsg+0x16d0/0x16d0
[  375.835452][T10647]  ____sys_recvmsg+0x2ce/0x5e0
[  375.840252][T10647]  ? __sys_recvmsg_sock+0x50/0x50
[  375.845316][T10647]  ? import_iovec+0x73/0xa0
[  375.849831][T10647]  ___sys_recvmsg+0x216/0x590
[  375.854526][T10647]  ? __sys_recvmsg+0x2a0/0x2a0
[  375.859307][T10647]  ? ksys_write+0x1c4/0x260
[  375.863843][T10647]  ? __fget_files+0x43d/0x4b0
[  375.868561][T10647]  __x64_sys_recvmsg+0x20c/0x2e0
[  375.873509][T10647]  ? ___sys_recvmsg+0x590/0x590
[  375.878409][T10647]  ? lockdep_hardirqs_on+0x98/0x150
[  375.883628][T10647]  do_syscall_64+0x55/0xa0
[  375.888046][T10647]  ? clear_bhb_loop+0x40/0x90
[  375.892726][T10647]  ? clear_bhb_loop+0x40/0x90
[  375.897414][T10647]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  375.903311][T10647] RIP: 0033:0x7f71bbb9c819
[  375.907733][T10647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  375.927348][T10647] RSP: 002b:00007f71bcac7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  375.935773][T10647] RAX: ffffffffffffffda RBX: 00007f71bbe15fa0 RCX: 00007f71bbb9c819
[  375.943833][T10647] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000004
[  375.951806][T10647] RBP: 00007f71bcac7090 R08: 0000000000000000 R09: 0000000000000000
[  375.959782][T10647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  375.967754][T10647] R13: 00007f71bbe16038 R14: 00007f71bbe15fa0 R15: 00007ffcfb70c4d8
[  375.975768][T10647]  </TASK>
[  376.147508][T10658] FAULT_INJECTION: forcing a failure.
[  376.147508][T10658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.162179][T10658] CPU: 1 PID: 10658 Comm: syz.3.1576 Not tainted syzkaller #0
[  376.169683][T10658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  376.179764][T10658] Call Trace:
[  376.183070][T10658]  <TASK>
[  376.186020][T10658]  dump_stack_lvl+0x18c/0x250
[  376.190739][T10658]  ? show_regs_print_info+0x20/0x20
[  376.195968][T10658]  ? load_image+0x420/0x420
[  376.200521][T10658]  ? __lock_acquire+0x7d40/0x7d40
[  376.205587][T10658]  ? snprintf+0xe9/0x140
[  376.209863][T10658]  should_fail_ex+0x39d/0x4d0
[  376.214564][T10658]  _copy_to_user+0x2f/0xa0
[  376.218995][T10658]  simple_read_from_buffer+0xe7/0x150
[  376.224384][T10658]  proc_fail_nth_read+0x1e8/0x260
[  376.229417][T10658]  ? proc_fault_inject_write+0x360/0x360
[  376.235061][T10658]  ? fsnotify_perm+0x271/0x5e0
[  376.239917][T10658]  ? proc_fault_inject_write+0x360/0x360
[  376.245557][T10658]  vfs_read+0x28b/0x970
[  376.249724][T10658]  ? kernel_read+0x1e0/0x1e0
[  376.254317][T10658]  ? __fget_files+0x28/0x4b0
[  376.258905][T10658]  ? __fget_files+0x28/0x4b0
[  376.263494][T10658]  ? __fget_files+0x43d/0x4b0
[  376.268195][T10658]  ? __fdget_pos+0x2a3/0x330
[  376.272784][T10658]  ? ksys_read+0x75/0x260
[  376.277116][T10658]  ksys_read+0x150/0x260
[  376.281363][T10658]  ? vfs_write+0x990/0x990
[  376.285785][T10658]  ? lockdep_hardirqs_on+0x98/0x150
[  376.290989][T10658]  do_syscall_64+0x55/0xa0
[  376.295401][T10658]  ? clear_bhb_loop+0x40/0x90
[  376.300108][T10658]  ? clear_bhb_loop+0x40/0x90
[  376.304802][T10658]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  376.310705][T10658] RIP: 0033:0x7f95dd35d04e
[  376.315125][T10658] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  376.334774][T10658] RSP: 002b:00007f95de305fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  376.343195][T10658] RAX: ffffffffffffffda RBX: 00007f95de3066c0 RCX: 00007f95dd35d04e
[  376.351166][T10658] RDX: 000000000000000f RSI: 00007f95de3060a0 RDI: 0000000000000004
[  376.359139][T10658] RBP: 00007f95de306090 R08: 0000000000000000 R09: 0000000000000000
[  376.367110][T10658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.375084][T10658] R13: 00007f95dd616038 R14: 00007f95dd615fa0 R15: 00007ffed4dbeeb8
[  376.383072][T10658]  </TASK>
[  376.591328][T10663] netlink: 'syz.3.1579': attribute type 9 has an invalid length.
[  376.612770][T10663] netlink: 61951 bytes leftover after parsing attributes in process `syz.3.1579'.
[  376.629553][T10666] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1580'.
[  376.842579][T10675] syz.0.1583[10675] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.843042][T10675] syz.0.1583[10675] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.166022][T10681] netlink: 135856 bytes leftover after parsing attributes in process `syz.1.1585'.
[  377.225449][T10681] netlink: 8442 bytes leftover after parsing attributes in process `syz.1.1585'.
[  377.519288][ T5089] Bluetooth: hci3: unexpected event for opcode 0x0000
[  377.602549][T10695] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.1591'.
[  377.619024][T10695] bridge_slave_1: default FDB implementation only supports local addresses
[  377.629727][T10692] netlink: 'syz.3.1590': attribute type 10 has an invalid length.
[  377.924233][T10705] FAULT_INJECTION: forcing a failure.
[  377.924233][T10705] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.937615][T10705] CPU: 0 PID: 10705 Comm: syz.2.1597 Not tainted syzkaller #0
[  377.945094][T10705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  377.955187][T10705] Call Trace:
[  377.958482][T10705]  <TASK>
[  377.961423][T10705]  dump_stack_lvl+0x18c/0x250
[  377.966128][T10705]  ? show_regs_print_info+0x20/0x20
[  377.971343][T10705]  ? load_image+0x420/0x420
[  377.975862][T10705]  ? __lock_acquire+0x7d40/0x7d40
[  377.980910][T10705]  should_fail_ex+0x39d/0x4d0
[  377.985608][T10705]  _copy_from_user+0x2f/0xe0
[  377.990211][T10705]  __copy_msghdr+0x3bb/0x580
[  377.994817][T10705]  ___sys_sendmsg+0x214/0x360
[  377.999511][T10705]  ? __sys_sendmsg+0x2a0/0x2a0
[  378.004309][T10705]  ? __lock_acquire+0x7d40/0x7d40
[  378.009369][T10705]  __se_sys_sendmsg+0x1c2/0x2b0
[  378.014232][T10705]  ? __x64_sys_sendmsg+0x80/0x80
[  378.019196][T10705]  ? lockdep_hardirqs_on+0x98/0x150
[  378.024406][T10705]  do_syscall_64+0x55/0xa0
[  378.028829][T10705]  ? clear_bhb_loop+0x40/0x90
[  378.033610][T10705]  ? clear_bhb_loop+0x40/0x90
[  378.038307][T10705]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  378.044210][T10705] RIP: 0033:0x7fea8679c819
[  378.048633][T10705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  378.068251][T10705] RSP: 002b:00007fea87614028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  378.076680][T10705] RAX: ffffffffffffffda RBX: 00007fea86a15fa0 RCX: 00007fea8679c819
[  378.084658][T10705] RDX: 0000000000000080 RSI: 0000200000000380 RDI: 0000000000000005
[  378.092633][T10705] RBP: 00007fea87614090 R08: 0000000000000000 R09: 0000000000000000
[  378.100609][T10705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.108587][T10705] R13: 00007fea86a16038 R14: 00007fea86a15fa0 R15: 00007ffe908b7f58
[  378.116580][T10705]  </TASK>
[  378.249002][T10707] syz.3.1596[10707] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.249261][T10707] syz.3.1596[10707] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.649176][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  378.668306][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  379.251313][T10730] netlink: 'syz.2.1604': attribute type 10 has an invalid length.
[  379.294498][T10730] veth0_vlan: left promiscuous mode
[  379.314967][T10730] veth0_vlan: entered promiscuous mode
[  379.345258][T10730] team0: Device veth0_vlan failed to register rx_handler
[  379.483537][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1605'.
[  379.538244][T10727] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1603'.
[  379.883513][T10744] syz.1.1609[10744] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  379.885310][T10744] syz.1.1609[10744] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  380.181629][T10750] netlink: 'syz.3.1611': attribute type 1 has an invalid length.
[  380.212533][T10750] netlink: 'syz.3.1611': attribute type 4 has an invalid length.
[  380.222797][T10750] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1611'.
[  380.286260][T10754] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1612'.
[  380.424477][T10761] netlink: 'syz.3.1616': attribute type 10 has an invalid length.
[  380.490682][T10763] FAULT_INJECTION: forcing a failure.
[  380.490682][T10763] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  380.523869][T10763] CPU: 0 PID: 10763 Comm: syz.2.1617 Not tainted syzkaller #0
[  380.531380][T10763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  380.541451][T10763] Call Trace:
[  380.544745][T10763]  <TASK>
[  380.547688][T10763]  dump_stack_lvl+0x18c/0x250
[  380.552386][T10763]  ? show_regs_print_info+0x20/0x20
[  380.557603][T10763]  ? load_image+0x420/0x420
[  380.562125][T10763]  ? __might_fault+0xaa/0x120
[  380.566823][T10763]  ? __lock_acquire+0x7d40/0x7d40
[  380.571886][T10763]  should_fail_ex+0x39d/0x4d0
[  380.576587][T10763]  _copy_from_user+0x2f/0xe0
[  380.581194][T10763]  bpf_prog_test_run_skb+0x266/0x12b0
[  380.586579][T10763]  ? __fget_files+0x28/0x4b0
[  380.591203][T10763]  ? __fget_files+0x28/0x4b0
[  380.595821][T10763]  ? __fget_files+0x43d/0x4b0
[  380.600534][T10763]  ? cpu_online+0x60/0x60
[  380.604884][T10763]  bpf_prog_test_run+0x321/0x390
[  380.609843][T10763]  __sys_bpf+0x49d/0x890
[  380.614104][T10763]  ? bpf_link_show_fdinfo+0x390/0x390
[  380.619514][T10763]  ? lock_chain_count+0x20/0x20
[  380.624378][T10763]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  380.630378][T10763]  __x64_sys_bpf+0x7c/0x90
[  380.634816][T10763]  do_syscall_64+0x55/0xa0
[  380.639243][T10763]  ? clear_bhb_loop+0x40/0x90
[  380.643930][T10763]  ? clear_bhb_loop+0x40/0x90
[  380.648623][T10763]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  380.654531][T10763] RIP: 0033:0x7fea8679c819
[  380.658954][T10763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  380.678575][T10763] RSP: 002b:00007fea87614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  380.687011][T10763] RAX: ffffffffffffffda RBX: 00007fea86a15fa0 RCX: 00007fea8679c819
[  380.694998][T10763] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  380.703000][T10763] RBP: 00007fea87614090 R08: 0000000000000000 R09: 0000000000000000
[  380.710971][T10763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.718961][T10763] R13: 00007fea86a16038 R14: 00007fea86a15fa0 R15: 00007ffe908b7f58
[  380.726971][T10763]  </TASK>
[  381.262972][T10779] netlink: 'syz.2.1624': attribute type 1 has an invalid length.
[  381.273956][T10779] netlink: 'syz.2.1624': attribute type 4 has an invalid length.
[  381.281769][T10779] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1624'.
[  381.535944][ T5089] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  381.545182][ T5089] Bluetooth: hci3: Injecting HCI hardware error event
[  381.553355][ T5089] Bluetooth: hci3: hardware error 0x00
[  382.024343][T10790] netlink: 'syz.3.1627': attribute type 10 has an invalid length.
[  382.517612][T10792] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1629'.
[  382.830824][T10808] netlink: 'syz.0.1635': attribute type 39 has an invalid length.
[  382.852097][T10808] netlink: 'syz.0.1635': attribute type 4 has an invalid length.
[  382.870875][T10809] netlink: 'syz.2.1634': attribute type 1 has an invalid length.
[  382.879258][T10808] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1635'.
[  382.896170][T10809] netlink: 'syz.2.1634': attribute type 4 has an invalid length.
[  382.917449][T10809] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1634'.
[  383.242707][T10820] netlink: 'syz.3.1639': attribute type 10 has an invalid length.
[  383.269514][T10822] netlink: 'syz.0.1640': attribute type 21 has an invalid length.
[  383.608478][ T5089] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  384.327562][T10839] netlink: 'syz.3.1647': attribute type 1 has an invalid length.
[  384.349533][T10839] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1647'.
[  384.420467][T10842] veth0_vlan: left promiscuous mode
[  384.431707][T10842] veth0_vlan: entered promiscuous mode
[  384.452556][T10842] team0: Device veth0_vlan failed to register rx_handler
[  384.746551][T10854] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1652'.
[  385.130712][T10856] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1651'.
[  385.661299][T10877] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1660'.
[  385.910221][T10890] syz.3.1664[10890] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  385.910480][T10890] syz.3.1664[10890] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  385.969321][T10892] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.1665'.
[  386.393519][T10903] validate_nla: 7 callbacks suppressed
[  386.399995][T10903] netlink: 'syz.2.1669': attribute type 2 has an invalid length.
[  386.410223][T10903] netlink: 'syz.2.1669': attribute type 1 has an invalid length.
[  386.419764][T10903] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1669'.
[  386.644911][T10923] syz.3.1675[10923] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  386.645183][T10923] syz.3.1675[10923] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  386.703256][T10927] netlink: 'syz.2.1677': attribute type 39 has an invalid length.
[  386.799766][T10927] netlink: 'syz.2.1677': attribute type 4 has an invalid length.
[  386.816831][T10927] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.1677'.
[  386.873926][T10931] netlink: 'syz.1.1678': attribute type 3 has an invalid length.
[  387.165409][T10938] netlink: 'syz.2.1681': attribute type 10 has an invalid length.
[  387.281853][T10938] macvlan0: entered promiscuous mode
[  387.307135][T10938] macvlan0: entered allmulticast mode
[  387.326269][T10938] veth1_vlan: entered allmulticast mode
[  387.344930][T10938] team0: Port device macvlan0 added
[  387.553432][T10947] netlink: 'syz.0.1685': attribute type 2 has an invalid length.
[  387.613239][T10947] __nla_validate_parse: 1 callbacks suppressed
[  387.613281][T10947] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1685'.
[  387.855534][T10951] netlink: 'syz.2.1686': attribute type 2 has an invalid length.
[  387.993775][T10951] netlink: 'syz.2.1686': attribute type 1 has an invalid length.
[  388.001556][T10951] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1686'.
[  388.075780][T10956] syz.1.1687[10956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.075998][T10956] syz.1.1687[10956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.598024][T10962] FAULT_INJECTION: forcing a failure.
[  388.598024][T10962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.624418][T10961] netlink: 'syz.1.1690': attribute type 1 has an invalid length.
[  388.632881][T10961] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1690'.
[  388.647088][T10962] CPU: 0 PID: 10962 Comm: syz.3.1689 Not tainted syzkaller #0
[  388.654575][T10962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  388.664622][T10962] Call Trace:
[  388.667892][T10962]  <TASK>
[  388.670815][T10962]  dump_stack_lvl+0x18c/0x250
[  388.675502][T10962]  ? show_regs_print_info+0x20/0x20
[  388.680696][T10962]  ? load_image+0x420/0x420
[  388.685197][T10962]  ? __might_fault+0xaa/0x120
[  388.689866][T10962]  ? __lock_acquire+0x7d40/0x7d40
[  388.694886][T10962]  should_fail_ex+0x39d/0x4d0
[  388.699564][T10962]  _copy_from_user+0x2f/0xe0
[  388.704162][T10962]  generic_map_update_batch+0x59a/0x810
[  388.709727][T10962]  ? rcu_read_unlock+0xa0/0xa0
[  388.714496][T10962]  ? __fdget+0x180/0x210
[  388.718742][T10962]  ? rcu_read_unlock+0xa0/0xa0
[  388.723496][T10962]  bpf_map_do_batch+0x3d7/0x610
[  388.728375][T10962]  __sys_bpf+0x381/0x890
[  388.732610][T10962]  ? bpf_link_show_fdinfo+0x390/0x390
[  388.737982][T10962]  ? lock_chain_count+0x20/0x20
[  388.742831][T10962]  __x64_sys_bpf+0x7c/0x90
[  388.747240][T10962]  do_syscall_64+0x55/0xa0
[  388.751651][T10962]  ? clear_bhb_loop+0x40/0x90
[  388.756322][T10962]  ? clear_bhb_loop+0x40/0x90
[  388.760994][T10962]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  388.766880][T10962] RIP: 0033:0x7f95dd39c819
[  388.771287][T10962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  388.790885][T10962] RSP: 002b:00007f95de306028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  388.799292][T10962] RAX: ffffffffffffffda RBX: 00007f95dd615fa0 RCX: 00007f95dd39c819
[  388.807261][T10962] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a
[  388.815224][T10962] RBP: 00007f95de306090 R08: 0000000000000000 R09: 0000000000000000
[  388.823189][T10962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  388.831152][T10962] R13: 00007f95dd616038 R14: 00007f95dd615fa0 R15: 00007ffed4dbeeb8
[  388.839125][T10962]  </TASK>
[  389.126951][T10969] veth0_vlan: left promiscuous mode
[  389.155121][T10969] veth0_vlan: entered promiscuous mode
[  389.163118][T10969] team0: Device veth0_vlan failed to register rx_handler
[  389.656550][T10991] syz.2.1699[10991] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.656773][T10991] syz.2.1699[10991] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  390.374876][T11000] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1702'.
[  390.587320][T11007] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1704'.
[  391.674142][T11022] validate_nla: 6 callbacks suppressed
[  391.674157][T11022] netlink: 'syz.1.1708': attribute type 10 has an invalid length.
[  391.713824][T11022] veth0_vlan: left promiscuous mode
[  391.720926][T11022] veth0_vlan: entered promiscuous mode
[  391.728832][T11022] team0: Device veth0_vlan failed to register rx_handler
[  391.905613][T11023] netlink: 'syz.0.1709': attribute type 2 has an invalid length.
[  391.913392][T11023] netlink: 'syz.0.1709': attribute type 1 has an invalid length.
[  392.074275][T11023] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1709'.
[  392.150454][T11030] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1712'.
[  392.174369][T11030] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1712'.
[  392.382707][T11036] netlink: 'syz.3.1714': attribute type 1 has an invalid length.
[  392.398494][T11036] netlink: 'syz.3.1714': attribute type 4 has an invalid length.
[  392.406916][T11036] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1714'.
[  392.656540][T11040] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1716'.
[  392.738631][T11043] netlink: 'syz.3.1718': attribute type 1 has an invalid length.
[  392.753652][T11043] netlink: 'syz.3.1718': attribute type 4 has an invalid length.
[  392.761524][T11043] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1718'.
[  392.951890][T11049] netlink: 'syz.0.1717': attribute type 2 has an invalid length.
[  393.029596][T11049] netlink: 'syz.0.1717': attribute type 1 has an invalid length.
[  393.089062][T11049] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1717'.
[  393.947453][T11054] netlink: 'syz.0.1721': attribute type 10 has an invalid length.
[  393.956036][T11054] veth0_vlan: left promiscuous mode
[  393.962858][T11054] veth0_vlan: entered promiscuous mode
[  393.978678][T11054] team0: Device veth0_vlan failed to register rx_handler
[  394.183282][T11068] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1725'.
[  394.355960][T11072] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1726'.
[  395.401376][T11092] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  395.467661][T11093] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1731'.
[  395.836908][T11099] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1736'.
[  396.190412][T11108] veth0_vlan: left promiscuous mode
[  396.207442][T11108] veth0_vlan: entered promiscuous mode
[  396.223044][T11108] team0: Device veth0_vlan failed to register rx_handler
[  396.291969][T11109] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1741'.
[  396.616667][T11124] veth0_vlan: left promiscuous mode
[  396.625852][T11125] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1742'.
[  396.648473][T11124] veth0_vlan: entered promiscuous mode
[  396.688672][T11124] team0: Device veth0_vlan failed to register rx_handler
[  396.989303][T11130] validate_nla: 12 callbacks suppressed
[  396.989322][T11130] netlink: 'syz.3.1748': attribute type 2 has an invalid length.
[  397.074957][T11130] netlink: 'syz.3.1748': attribute type 1 has an invalid length.
[  397.159229][T11130] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1748'.
[  397.678373][T11136] netlink: 121460 bytes leftover after parsing attributes in process `syz.1.1759'.
[  397.718745][T11136] netlink: 21096 bytes leftover after parsing attributes in process `syz.1.1759'.
[  397.752741][T11138] netlink: 'syz.2.1751': attribute type 10 has an invalid length.
[  397.784172][T11138] veth0_vlan: left promiscuous mode
[  397.790701][T11138] veth0_vlan: entered promiscuous mode
[  397.824050][T11138] team0: Device veth0_vlan failed to register rx_handler
[  398.101015][T11155] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1760'.
[  398.329302][T11153] netlink: 'syz.3.1758': attribute type 10 has an invalid length.
[  398.753007][T11178] netlink: 'syz.0.1763': attribute type 2 has an invalid length.
[  398.846554][T11178] netlink: 'syz.0.1763': attribute type 1 has an invalid length.
[  398.924005][T11178] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1763'.
[  399.437502][T11184] netlink: 'syz.3.1767': attribute type 10 has an invalid length.
[  399.463121][T11184] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1767'.
[  399.502510][T11184] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1767'.
[  399.553874][T11184] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1767'.
[  399.602510][T11187] netlink: 'syz.2.1768': attribute type 10 has an invalid length.
[  399.701151][T11188] netlink: 'syz.2.1768': attribute type 9 has an invalid length.
[  399.724100][T11188] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1768'.
[  399.891130][T11190] netlink: 'syz.0.1770': attribute type 1 has an invalid length.
[  399.913834][T11190] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1770'.
[  399.988266][T11193] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1768'.
[  400.211101][T11215] veth0_vlan: left promiscuous mode
[  400.217758][T11215] veth0_vlan: entered promiscuous mode
[  400.229849][T11215] team0: Device veth0_vlan failed to register rx_handler
[  401.438532][T11245] veth0_vlan: left promiscuous mode
[  401.456200][T11245] veth0_vlan: entered promiscuous mode
[  401.472401][T11245] team0: Device veth0_vlan failed to register rx_handler
[  401.562014][T11247] 8021q: adding VLAN 0 to HW filter on device batadv0
[  402.269090][T11243] syz.1.1786 (11243) used greatest stack depth: 18280 bytes left
[  402.387665][T11256] ip6_vti0: entered allmulticast mode
[  402.424213][T11258] validate_nla: 9 callbacks suppressed
[  402.424222][T11258] netlink: 'syz.2.1792': attribute type 1 has an invalid length.
[  402.437957][T11258] netlink: 'syz.2.1792': attribute type 4 has an invalid length.
[  402.618537][T11260] syzkaller0: entered promiscuous mode
[  402.624377][T11260] syzkaller0: entered allmulticast mode
[  405.107765][T11274] netlink: 'syz.1.1799': attribute type 10 has an invalid length.
[  405.115859][T11274] veth0_vlan: left promiscuous mode
[  405.121713][T11274] veth0_vlan: entered promiscuous mode
[  405.128924][T11274] team0: Device veth0_vlan failed to register rx_handler
[  405.151568][T11282] netlink: 'syz.0.1800': attribute type 19 has an invalid length.
[  405.176391][T11282] __nla_validate_parse: 4 callbacks suppressed
[  405.176405][T11282] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1800'.
[  405.876089][T11306] netlink: 'syz.1.1809': attribute type 9 has an invalid length.
[  405.886658][T11306] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1809'.
[  406.183784][T11311] netlink: 'syz.0.1810': attribute type 19 has an invalid length.
[  406.191677][T11311] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1810'.
[  406.223977][T11313] netlink: 'syz.1.1812': attribute type 10 has an invalid length.
[  406.236835][T11313] veth0_vlan: left promiscuous mode
[  406.243345][T11313] veth0_vlan: entered promiscuous mode
[  406.252298][T11313] team0: Device veth0_vlan failed to register rx_handler
[  406.495558][T11317] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1814'.
[  407.070850][T11330] netlink: 'syz.0.1817': attribute type 1 has an invalid length.
[  407.084586][T11330] netlink: 'syz.0.1817': attribute type 4 has an invalid length.
[  407.092541][T11330] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1817'.
[  407.214745][T11337] netlink: 'syz.1.1822': attribute type 10 has an invalid length.
[  407.225393][T11337] veth0_vlan: left promiscuous mode
[  407.232614][T11337] veth0_vlan: entered promiscuous mode
[  407.251834][T11337] team0: Device veth0_vlan failed to register rx_handler
[  407.363099][T11339] syz.0.1821[11339] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.363352][T11339] syz.0.1821[11339] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.931194][T11345] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1825'.
[  408.114982][T11349] netlink: 'syz.1.1826': attribute type 19 has an invalid length.
[  408.167174][T11349] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1826'.
[  408.531452][T11358] 8021q: adding VLAN 0 to HW filter on device batadv0
[  408.566477][T11360] netlink: 'syz.0.1830': attribute type 1 has an invalid length.
[  408.594099][T11360] netlink: 'syz.0.1830': attribute type 4 has an invalid length.
[  408.618149][T11360] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1830'.
[  408.656155][T11358] netlink: 'syz.2.1829': attribute type 10 has an invalid length.
[  409.118586][T11366] netlink: 'syz.1.1832': attribute type 10 has an invalid length.
[  409.138858][T11368] syz.3.1833[11368] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  409.139106][T11368] syz.3.1833[11368] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  409.151307][T11366] veth0_vlan: left promiscuous mode
[  409.214950][T11366] veth0_vlan: entered promiscuous mode
[  409.244166][T11366] team0: Device veth0_vlan failed to register rx_handler
[  409.342263][T11372] netlink: 'syz.0.1835': attribute type 5 has an invalid length.
[  409.350384][T11372] FAULT_INJECTION: forcing a failure.
[  409.350384][T11372] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  409.363829][T11372] CPU: 1 PID: 11372 Comm: syz.0.1835 Not tainted syzkaller #0
[  409.371306][T11372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  409.381349][T11372] Call Trace:
[  409.384618][T11372]  <TASK>
[  409.387531][T11372]  dump_stack_lvl+0x18c/0x250
[  409.392201][T11372]  ? show_regs_print_info+0x20/0x20
[  409.397388][T11372]  ? load_image+0x420/0x420
[  409.401876][T11372]  ? __lock_acquire+0x7d40/0x7d40
[  409.406883][T11372]  ? snprintf+0xe9/0x140
[  409.411108][T11372]  should_fail_ex+0x39d/0x4d0
[  409.415774][T11372]  _copy_to_user+0x2f/0xa0
[  409.420174][T11372]  simple_read_from_buffer+0xe7/0x150
[  409.425540][T11372]  proc_fail_nth_read+0x1e8/0x260
[  409.430557][T11372]  ? proc_fault_inject_write+0x360/0x360
[  409.436178][T11372]  ? fsnotify_perm+0x271/0x5e0
[  409.440927][T11372]  ? proc_fault_inject_write+0x360/0x360
[  409.446542][T11372]  vfs_read+0x28b/0x970
[  409.450683][T11372]  ? kernel_read+0x1e0/0x1e0
[  409.455253][T11372]  ? __fget_files+0x28/0x4b0
[  409.459823][T11372]  ? __fget_files+0x28/0x4b0
[  409.464398][T11372]  ? __fget_files+0x43d/0x4b0
[  409.469061][T11372]  ? __fdget_pos+0x2a3/0x330
[  409.473636][T11372]  ? ksys_read+0x75/0x260
[  409.477986][T11372]  ksys_read+0x150/0x260
[  409.482234][T11372]  ? vfs_write+0x990/0x990
[  409.486640][T11372]  ? lockdep_hardirqs_on+0x98/0x150
[  409.491825][T11372]  do_syscall_64+0x55/0xa0
[  409.496239][T11372]  ? clear_bhb_loop+0x40/0x90
[  409.500901][T11372]  ? clear_bhb_loop+0x40/0x90
[  409.505577][T11372]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  409.511461][T11372] RIP: 0033:0x7f71bbb5d04e
[  409.515859][T11372] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  409.535456][T11372] RSP: 002b:00007f71bcac6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  409.543861][T11372] RAX: ffffffffffffffda RBX: 00007f71bcac76c0 RCX: 00007f71bbb5d04e
[  409.551826][T11372] RDX: 000000000000000f RSI: 00007f71bcac70a0 RDI: 0000000000000004
[  409.559784][T11372] RBP: 00007f71bcac7090 R08: 0000000000000000 R09: 0000000000000000
[  409.567738][T11372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  409.575708][T11372] R13: 00007f71bbe16038 R14: 00007f71bbe15fa0 R15: 00007ffcfb70c4d8
[  409.583680][T11372]  </TASK>
[  409.833084][T11374] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1836'.
[  409.844161][T11374] openvswitch: netlink: Flow key attribute not present in set flow.
[  409.904658][T11378] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1838'.
[  409.976642][T11380] netlink: 'syz.2.1837': attribute type 19 has an invalid length.
[  410.048445][T11382] netlink: 'syz.3.1839': attribute type 1 has an invalid length.
[  410.076619][T11382] netlink: 'syz.3.1839': attribute type 4 has an invalid length.
[  410.638327][T11395] netlink: 'syz.3.1841': attribute type 19 has an invalid length.
[  410.747368][T11395] __nla_validate_parse: 2 callbacks suppressed
[  410.747385][T11395] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1841'.
[  410.845478][T11397] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1844'.
[  410.893476][T11397] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1844'.
[  410.934319][T11398] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1844'.
[  410.985480][T11398] erspan0: refused to change device tx_queue_len
[  411.010249][T11398] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  411.118748][T11403] veth0_vlan: left promiscuous mode
[  411.148381][T11403] veth0_vlan: entered promiscuous mode
[  411.198102][T11403] team0: Device veth0_vlan failed to register rx_handler
[  411.548558][T11407] syz.1.1847[11407] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.548862][T11407] syz.1.1847[11407] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.627319][T11411] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1849'.
[  411.671374][T11413] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1850'.
[  411.694173][T11416] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1851'.
[  411.795606][T11419] bridge0: port 3(team0) entered disabled state
[  411.802295][T11419] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.809700][T11419] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.125523][T11434] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1857'.
[  412.619138][T11437] veth0_vlan: left promiscuous mode
[  412.626242][T11437] veth0_vlan: entered promiscuous mode
[  412.634525][T11437] team0: Device veth0_vlan failed to register rx_handler
[  413.943187][T11446] syz.3.1862[11446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  413.943433][T11446] syz.3.1862[11446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.106298][T11453] validate_nla: 9 callbacks suppressed
[  414.106316][T11453] netlink: 'syz.0.1865': attribute type 1 has an invalid length.
[  414.203853][T11453] netlink: 'syz.0.1865': attribute type 4 has an invalid length.
[  414.229410][T11453] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1865'.
[  414.307837][T11455] netlink: 'syz.2.1866': attribute type 10 has an invalid length.
[  414.334226][T11455] veth0_vlan: left promiscuous mode
[  414.341063][T11455] veth0_vlan: entered promiscuous mode
[  414.395084][T11455] team0: Device veth0_vlan failed to register rx_handler
[  414.828967][T11471] netlink: 'syz.2.1872': attribute type 10 has an invalid length.
[  414.849653][T11471] veth0_vlan: left promiscuous mode
[  414.865089][T11471] veth0_vlan: entered promiscuous mode
[  414.889719][T11471] team0: Device veth0_vlan failed to register rx_handler
[  415.149140][T11480] syz.1.1875[11480] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  415.149292][T11480] syz.1.1875[11480] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  415.279144][T11485] netlink: 'syz.2.1874': attribute type 2 has an invalid length.
[  415.320268][T11485] netlink: 'syz.2.1874': attribute type 1 has an invalid length.
[  415.351276][T11484] netlink: 'syz.1.1876': attribute type 1 has an invalid length.
[  415.354010][T11485] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1874'.
[  415.375453][T11484] netlink: 'syz.1.1876': attribute type 4 has an invalid length.
[  415.412523][T11486] netlink: 'syz.2.1874': attribute type 19 has an invalid length.
[  415.485980][T11488] netlink: 'syz.0.1877': attribute type 9 has an invalid length.
[  416.824901][T11509] veth0_vlan: left promiscuous mode
[  416.895475][T11509] veth0_vlan: entered promiscuous mode
[  416.926205][T11509] team0: Device veth0_vlan failed to register rx_handler
[  417.213815][T11511] syz.2.1885[11511] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.214078][T11511] syz.2.1885[11511] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  418.066019][T11516] __nla_validate_parse: 4 callbacks suppressed
[  418.066035][T11516] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1886'.
[  418.219615][T11520] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1889'.
[  418.227586][T11521] IPv6: NLM_F_CREATE should be specified when creating new route
[  418.314423][T11522] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1889'.
[  419.345654][T11528] validate_nla: 8 callbacks suppressed
[  419.345700][T11528] netlink: 'syz.3.1891': attribute type 8 has an invalid length.
[  419.394465][T11535] netlink: 'syz.0.1893': attribute type 10 has an invalid length.
[  419.402657][T11535] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1893'.
[  420.431157][T11552] netlink: 'syz.3.1898': attribute type 2 has an invalid length.
[  420.488065][T11551] netlink: 'syz.1.1899': attribute type 10 has an invalid length.
[  420.553379][T11552] netlink: 'syz.3.1898': attribute type 1 has an invalid length.
[  420.618789][T11551] veth0_vlan: left promiscuous mode
[  420.686641][T11551] veth0_vlan: entered promiscuous mode
[  420.798576][T11551] team0: Device veth0_vlan failed to register rx_handler
[  420.871330][T11552] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1898'.
[  421.996236][T11553] netlink: 'syz.3.1898': attribute type 19 has an invalid length.
[  422.023760][T11553] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1898'.
[  422.269886][T11556] netlink: 'syz.1.1902': attribute type 21 has an invalid length.
[  422.280118][T11556] IPv6: NLM_F_CREATE should be specified when creating new route
[  422.470367][T11569] netlink: 'syz.2.1905': attribute type 9 has an invalid length.
[  422.534128][T11569] netlink: 61951 bytes leftover after parsing attributes in process `syz.2.1905'.
[  422.794075][T11572] netlink: 'syz.1.1906': attribute type 10 has an invalid length.
[  422.802024][T11572] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1906'.
[  422.882243][T11572] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[  423.336241][T11590] netlink: 'syz.2.1911': attribute type 2 has an invalid length.
[  423.362278][T11590] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1911'.
[  423.376844][T11590] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1911'.
[  424.284724][T11601] pim6reg1: entered promiscuous mode
[  424.290273][T11601] pim6reg1: entered allmulticast mode
[  424.487292][T11598] validate_nla: 2 callbacks suppressed
[  424.487313][T11598] netlink: 'syz.2.1915': attribute type 21 has an invalid length.
[  424.506724][T11598] IPv6: NLM_F_CREATE should be specified when creating new route
[  424.650576][T11606] FAULT_INJECTION: forcing a failure.
[  424.650576][T11606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.675272][T11606] CPU: 1 PID: 11606 Comm: syz.3.1917 Not tainted syzkaller #0
[  424.682784][T11606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  424.692851][T11606] Call Trace:
[  424.696140][T11606]  <TASK>
[  424.699083][T11606]  dump_stack_lvl+0x18c/0x250
[  424.703794][T11606]  ? show_regs_print_info+0x20/0x20
[  424.709017][T11606]  ? load_image+0x420/0x420
[  424.713542][T11606]  ? __lock_acquire+0x7d40/0x7d40
[  424.718585][T11606]  ? snprintf+0xe9/0x140
[  424.722856][T11606]  should_fail_ex+0x39d/0x4d0
[  424.727558][T11606]  _copy_to_user+0x2f/0xa0
[  424.731990][T11606]  simple_read_from_buffer+0xe7/0x150
[  424.737388][T11606]  proc_fail_nth_read+0x1e8/0x260
[  424.742429][T11606]  ? proc_fault_inject_write+0x360/0x360
[  424.748086][T11606]  ? fsnotify_perm+0x271/0x5e0
[  424.752881][T11606]  ? proc_fault_inject_write+0x360/0x360
[  424.758531][T11606]  vfs_read+0x28b/0x970
[  424.762716][T11606]  ? kernel_read+0x1e0/0x1e0
[  424.767324][T11606]  ? __fget_files+0x28/0x4b0
[  424.771927][T11606]  ? __fget_files+0x28/0x4b0
[  424.776531][T11606]  ? __fget_files+0x43d/0x4b0
[  424.781229][T11606]  ? __fdget_pos+0x2a3/0x330
[  424.785831][T11606]  ? ksys_read+0x75/0x260
[  424.790177][T11606]  ksys_read+0x150/0x260
[  424.794439][T11606]  ? vfs_write+0x990/0x990
[  424.798872][T11606]  ? lockdep_hardirqs_on+0x98/0x150
[  424.804089][T11606]  do_syscall_64+0x55/0xa0
[  424.808512][T11606]  ? clear_bhb_loop+0x40/0x90
[  424.813200][T11606]  ? clear_bhb_loop+0x40/0x90
[  424.817894][T11606]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  424.823799][T11606] RIP: 0033:0x7f95dd35d04e
[  424.828224][T11606] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  424.847848][T11606] RSP: 002b:00007f95de2c3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  424.856276][T11606] RAX: ffffffffffffffda RBX: 00007f95de2c46c0 RCX: 00007f95dd35d04e
[  424.864262][T11606] RDX: 000000000000000f RSI: 00007f95de2c40a0 RDI: 0000000000000013
[  424.872243][T11606] RBP: 00007f95de2c4090 R08: 0000000000000000 R09: 0000000000000000
[  424.880227][T11606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.888212][T11606] R13: 00007f95dd616218 R14: 00007f95dd616180 R15: 00007ffed4dbeeb8
[  424.896216][T11606]  </TASK>
[  425.647685][T11626] netlink: 'syz.2.1923': attribute type 2 has an invalid length.
[  425.758905][T11626] netlink: 'syz.2.1923': attribute type 1 has an invalid length.
[  425.842416][T11626] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1923'.
[  426.431559][T11611] syzkaller0: entered promiscuous mode
[  426.437931][T11611] syzkaller0: entered allmulticast mode
[  426.448749][T11631] netlink: 'syz.2.1923': attribute type 19 has an invalid length.
[  426.456891][T11631] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1923'.
[  426.798584][T11643] netlink: 'syz.1.1926': attribute type 2 has an invalid length.
[  426.823790][T11643] netlink: 'syz.1.1926': attribute type 1 has an invalid length.
[  426.858357][T11643] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1926'.
[  428.575582][T11643] netlink: 'syz.1.1926': attribute type 19 has an invalid length.
[  428.583486][T11643] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1926'.
[  428.715847][T11660] syz.3.1931[11660] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  428.715979][T11660] syz.3.1931[11660] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  429.140585][T11671] netlink: 'syz.0.1934': attribute type 2 has an invalid length.
[  429.238740][T11671] netlink: 'syz.0.1934': attribute type 1 has an invalid length.
[  429.279763][T11671] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1934'.
[  429.319652][T11672] netlink: 'syz.0.1934': attribute type 19 has an invalid length.
[  429.357746][T11672] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1934'.
[  429.945987][T11685] netlink: 'syz.0.1938': attribute type 1 has an invalid length.
[  429.963982][T11685] netlink: 'syz.0.1938': attribute type 4 has an invalid length.
[  429.985826][T11685] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1938'.
[  430.048995][T11689] netlink: 'syz.2.1940': attribute type 10 has an invalid length.
[  430.072089][T11689] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1940'.
[  430.121722][T11692] netlink: 'syz.3.1939': attribute type 2 has an invalid length.
[  430.151166][T11692] netlink: 'syz.3.1939': attribute type 1 has an invalid length.
[  430.277261][T11692] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1939'.
[  430.540073][T11691] syzkaller0: entered promiscuous mode
[  430.559784][T11691] syzkaller0: entered allmulticast mode
[  430.570152][T11697] netlink: 'syz.3.1939': attribute type 19 has an invalid length.
[  430.578705][T11697] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1939'.
[  430.593818][T11700] netlink: 'syz.0.1943': attribute type 5 has an invalid length.
[  431.144062][T11702] syz.2.1944[11702] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  431.144205][T11702] syz.2.1944[11702] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  431.526819][T11709] netlink: 'syz.2.1947': attribute type 2 has an invalid length.
[  431.558921][T11709] netlink: 'syz.2.1947': attribute type 1 has an invalid length.
[  431.577394][T11709] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1947'.
[  432.908310][T11704] netlink: 'syz.3.1945': attribute type 10 has an invalid length.
[  432.919102][T11709] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1947'.
[  433.020474][T11712] FAULT_INJECTION: forcing a failure.
[  433.020474][T11712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.064085][T11712] CPU: 1 PID: 11712 Comm: syz.3.1948 Not tainted syzkaller #0
[  433.071609][T11712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  433.081678][T11712] Call Trace:
[  433.084966][T11712]  <TASK>
[  433.087899][T11712]  dump_stack_lvl+0x18c/0x250
[  433.092596][T11712]  ? show_regs_print_info+0x20/0x20
[  433.097813][T11712]  ? load_image+0x420/0x420
[  433.102330][T11712]  ? __might_fault+0xaa/0x120
[  433.107003][T11712]  ? __lock_acquire+0x7d40/0x7d40
[  433.112027][T11712]  should_fail_ex+0x39d/0x4d0
[  433.116715][T11712]  _copy_from_user+0x2f/0xe0
[  433.121298][T11712]  __sys_bpf+0x23e/0x890
[  433.125534][T11712]  ? bpf_link_show_fdinfo+0x390/0x390
[  433.130904][T11712]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  433.137058][T11712]  __x64_sys_bpf+0x7c/0x90
[  433.141467][T11712]  do_syscall_64+0x55/0xa0
[  433.145870][T11712]  ? clear_bhb_loop+0x40/0x90
[  433.150552][T11712]  ? clear_bhb_loop+0x40/0x90
[  433.155237][T11712]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  433.161140][T11712] RIP: 0033:0x7f95dd39c819
[  433.165555][T11712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  433.185160][T11712] RSP: 002b:00007f95de306028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  433.193565][T11712] RAX: ffffffffffffffda RBX: 00007f95dd615fa0 RCX: 00007f95dd39c819
[  433.201524][T11712] RDX: 0000000000000094 RSI: 0000200000000700 RDI: 0000000000000005
[  433.209481][T11712] RBP: 00007f95de306090 R08: 0000000000000000 R09: 0000000000000000
[  433.217455][T11712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.225415][T11712] R13: 00007f95dd616038 R14: 00007f95dd615fa0 R15: 00007ffed4dbeeb8
[  433.233388][T11712]  </TASK>
[  433.671828][T11720] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1951'.
[  433.825586][T11726] syz.0.1954[11726] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  433.825725][T11726] syz.0.1954[11726] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  434.467547][T11737] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1958'.
[  434.518818][T11741] veth0_vlan: left promiscuous mode
[  434.526236][T11741] veth0_vlan: entered promiscuous mode
[  434.555571][T11741] team0: Device veth0_vlan failed to register rx_handler
[  435.002914][T11748] validate_nla: 6 callbacks suppressed
[  435.002933][T11748] netlink: 'syz.2.1962': attribute type 5 has an invalid length.
[  435.064464][T11750] netlink: 'syz.1.1963': attribute type 1 has an invalid length.
[  435.116405][T11750] netlink: 'syz.1.1963': attribute type 4 has an invalid length.
[  435.145064][T11750] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1963'.
[  435.234557][T11752] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1964'.
[  435.691996][T11764] FAULT_INJECTION: forcing a failure.
[  435.691996][T11764] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  435.733303][T11764] CPU: 1 PID: 11764 Comm: syz.0.1968 Not tainted syzkaller #0
[  435.740820][T11764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  435.750893][T11764] Call Trace:
[  435.754183][T11764]  <TASK>
[  435.757121][T11764]  dump_stack_lvl+0x18c/0x250
[  435.761829][T11764]  ? show_regs_print_info+0x20/0x20
[  435.767051][T11764]  ? load_image+0x420/0x420
[  435.771576][T11764]  ? __lock_acquire+0x7d40/0x7d40
[  435.776621][T11764]  ? snprintf+0xe9/0x140
[  435.780882][T11764]  should_fail_ex+0x39d/0x4d0
[  435.785584][T11764]  _copy_to_user+0x2f/0xa0
[  435.790191][T11764]  simple_read_from_buffer+0xe7/0x150
[  435.795588][T11764]  proc_fail_nth_read+0x1e8/0x260
[  435.800632][T11764]  ? proc_fault_inject_write+0x360/0x360
[  435.806287][T11764]  ? fsnotify_perm+0x271/0x5e0
[  435.811070][T11764]  ? proc_fault_inject_write+0x360/0x360
[  435.816726][T11764]  vfs_read+0x28b/0x970
[  435.820907][T11764]  ? kernel_read+0x1e0/0x1e0
[  435.825510][T11764]  ? __fget_files+0x28/0x4b0
[  435.830115][T11764]  ? __fget_files+0x28/0x4b0
[  435.834725][T11764]  ? __fget_files+0x43d/0x4b0
[  435.839427][T11764]  ? __fdget_pos+0x2a3/0x330
[  435.844029][T11764]  ? ksys_read+0x75/0x260
[  435.848374][T11764]  ksys_read+0x150/0x260
[  435.852636][T11764]  ? vfs_write+0x990/0x990
[  435.857076][T11764]  ? lockdep_hardirqs_on+0x98/0x150
[  435.862296][T11764]  do_syscall_64+0x55/0xa0
[  435.866720][T11764]  ? clear_bhb_loop+0x40/0x90
[  435.871419][T11764]  ? clear_bhb_loop+0x40/0x90
[  435.876109][T11764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  435.882024][T11764] RIP: 0033:0x7f71bbb5d04e
[  435.886446][T11764] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  435.906065][T11764] RSP: 002b:00007f71bcac6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  435.914492][T11764] RAX: ffffffffffffffda RBX: 00007f71bcac76c0 RCX: 00007f71bbb5d04e
[  435.922478][T11764] RDX: 000000000000000f RSI: 00007f71bcac70a0 RDI: 0000000000000004
[  435.930552][T11764] RBP: 00007f71bcac7090 R08: 0000000000000000 R09: 0000000000000000
[  435.938537][T11764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.946521][T11764] R13: 00007f71bbe16038 R14: 00007f71bbe15fa0 R15: 00007ffcfb70c4d8
[  435.954524][T11764]  </TASK>
[  436.190037][T11780] netlink: 'syz.2.1972': attribute type 10 has an invalid length.
[  436.199425][T11780] veth0_vlan: left promiscuous mode
[  436.206109][T11780] veth0_vlan: entered promiscuous mode
[  436.213819][T11780] team0: Device veth0_vlan failed to register rx_handler
[  436.373189][T11786] netlink: 'syz.3.1975': attribute type 1 has an invalid length.
[  436.424497][T11786] netlink: 'syz.3.1975': attribute type 4 has an invalid length.
[  436.432309][T11786] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1975'.
[  436.619398][T11791] netlink: 'syz.1.1974': attribute type 2 has an invalid length.
[  436.683741][T11791] netlink: 'syz.1.1974': attribute type 1 has an invalid length.
[  436.692544][T11791] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1974'.
[  437.110491][T11793] netlink: 'syz.1.1974': attribute type 19 has an invalid length.
[  437.128226][T11793] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1974'.
[  437.517468][T11806] netlink: 'syz.3.1982': attribute type 5 has an invalid length.
[  437.928105][T11816] veth0_vlan: left promiscuous mode
[  437.993250][T11816] veth0_vlan: entered promiscuous mode
[  438.024373][T11816] team0: Device veth0_vlan failed to register rx_handler
[  438.113401][T11818] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1987'.
[  438.371240][T11825] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1988'.
[  438.426602][T11825] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1988'.
[  438.797761][T11837] FAULT_INJECTION: forcing a failure.
[  438.797761][T11837] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  438.811347][T11837] CPU: 0 PID: 11837 Comm: syz.0.1994 Not tainted syzkaller #0
[  438.818837][T11837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  438.828914][T11837] Call Trace:
[  438.832198][T11837]  <TASK>
[  438.835126][T11837]  dump_stack_lvl+0x18c/0x250
[  438.839819][T11837]  ? show_regs_print_info+0x20/0x20
[  438.845026][T11837]  ? load_image+0x420/0x420
[  438.849533][T11837]  ? __might_fault+0xaa/0x120
[  438.854206][T11837]  ? __lock_acquire+0x7d40/0x7d40
[  438.859234][T11837]  should_fail_ex+0x39d/0x4d0
[  438.863914][T11837]  _copy_from_user+0x2f/0xe0
[  438.868506][T11837]  ___sys_sendmsg+0x1c7/0x360
[  438.873164][T11837]  ? get_pid_task+0x20/0x1e0
[  438.877741][T11837]  ? __sys_sendmsg+0x2a0/0x2a0
[  438.882498][T11837]  ? __lock_acquire+0x7d40/0x7d40
[  438.887543][T11837]  __se_sys_sendmsg+0x1c2/0x2b0
[  438.892391][T11837]  ? __x64_sys_sendmsg+0x80/0x80
[  438.897335][T11837]  ? lockdep_hardirqs_on+0x98/0x150
[  438.902527][T11837]  do_syscall_64+0x55/0xa0
[  438.906931][T11837]  ? clear_bhb_loop+0x40/0x90
[  438.911594][T11837]  ? clear_bhb_loop+0x40/0x90
[  438.916255][T11837]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  438.922129][T11837] RIP: 0033:0x7f71bbb9c819
[  438.926529][T11837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  438.946132][T11837] RSP: 002b:00007f71bcac7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  438.954550][T11837] RAX: ffffffffffffffda RBX: 00007f71bbe15fa0 RCX: 00007f71bbb9c819
[  438.962509][T11837] RDX: 0000000000008054 RSI: 0000200000000ac0 RDI: 0000000000000003
[  438.970469][T11837] RBP: 00007f71bcac7090 R08: 0000000000000000 R09: 0000000000000000
[  438.978426][T11837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.986382][T11837] R13: 00007f71bbe16038 R14: 00007f71bbe15fa0 R15: 00007ffcfb70c4d8
[  438.994348][T11837]  </TASK>
[  439.295857][T11848] veth0_vlan: left promiscuous mode
[  439.301897][T11848] veth0_vlan: entered promiscuous mode
[  439.309917][T11848] team0: Device veth0_vlan failed to register rx_handler
[  439.459215][T11849] __nla_validate_parse: 1 callbacks suppressed
[  439.459230][T11849] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1997'.
[  439.566357][T11844] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1997'.
[  439.589383][T11851] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2000'.
[  439.920838][T11858] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2002'.
[  439.966974][T11858] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[  440.095416][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  440.101829][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  440.326713][T11863] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2005'.
[  440.427393][T11869] delete_channel: no stack
[  440.432014][T11869] delete_channel: no stack
[  440.445226][T11867] validate_nla: 14 callbacks suppressed
[  440.445240][T11867] netlink: 'syz.0.2006': attribute type 2 has an invalid length.
[  440.486284][T11869] netlink: 'syz.2.2007': attribute type 21 has an invalid length.
[  440.497985][T11869] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2007'.
[  440.510223][T11867] netlink: 'syz.0.2006': attribute type 1 has an invalid length.
[  440.532484][T11869] delete_channel: no stack
[  440.538430][T11870] netlink: 'syz.0.2006': attribute type 19 has an invalid length.
[  440.593292][T11867] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2006'.
[  440.613422][T11870] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2006'.
[  440.851144][T11876] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2010'.
[  440.861938][T11880] netlink: 'syz.2.2012': attribute type 1 has an invalid length.
[  440.874288][T11880] netlink: 'syz.2.2012': attribute type 4 has an invalid length.
[  440.882075][T11880] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2012'.
[  440.973995][T11882] netlink: 'syz.1.2013': attribute type 10 has an invalid length.
[  440.982163][T11882] veth0_vlan: left promiscuous mode
[  440.988861][T11882] veth0_vlan: entered promiscuous mode
[  441.001823][T11882] team0: Device veth0_vlan failed to register rx_handler
[  441.056144][T11886] netlink: 'syz.2.2015': attribute type 29 has an invalid length.
[  441.067023][T11886] netlink: 'syz.2.2015': attribute type 29 has an invalid length.
[  441.511122][T11890] netlink: 'syz.1.2017': attribute type 5 has an invalid length.
[  443.246472][T11940] veth0_vlan: left promiscuous mode
[  443.267734][T11940] veth0_vlan: entered promiscuous mode
[  443.277796][T11940] team0: Device veth0_vlan failed to register rx_handler
[  443.951936][T11958] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[  444.895489][T11970] __nla_validate_parse: 9 callbacks suppressed
[  444.895770][T11970] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.2044'.
[  444.900408][T11972] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2045'.
[  444.999449][T11977] veth0_vlan: left promiscuous mode
[  445.006305][T11977] veth0_vlan: entered promiscuous mode
[  445.014552][T11977] team0: Device veth0_vlan failed to register rx_handler
[  445.207824][T11988] netlink: 120 bytes leftover after parsing attributes in process `syz.2.2048'.
[  445.884354][T12007] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2058'.
[  445.923818][T12007] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[  446.027319][T12006] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2059'.
[  446.114118][T12013] validate_nla: 18 callbacks suppressed
[  446.114134][T12013] netlink: 'syz.2.2061': attribute type 10 has an invalid length.
[  446.144571][T12013] veth0_vlan: left promiscuous mode
[  446.174647][T12013] veth0_vlan: entered promiscuous mode
[  446.186464][T12013] team0: Device veth0_vlan failed to register rx_handler
[  446.682618][T12036] netlink: 'syz.2.2066': attribute type 2 has an invalid length.
[  446.696361][T12036] netlink: 'syz.2.2066': attribute type 1 has an invalid length.
[  446.729466][T12036] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2066'.
[  446.749281][T12039] netlink: 'syz.2.2066': attribute type 19 has an invalid length.
[  446.760470][T12039] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2066'.
[  447.335410][T12055] netlink: 'syz.1.2075': attribute type 10 has an invalid length.
[  447.347742][T12055] veth0_vlan: left promiscuous mode
[  447.359835][T12055] veth0_vlan: entered promiscuous mode
[  447.375527][T12055] team0: Device veth0_vlan failed to register rx_handler
[  447.429668][T12051] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2072'.
[  447.562798][T12060] netlink: 'syz.2.2076': attribute type 2 has an invalid length.
[  447.581488][T12060] netlink: 'syz.2.2076': attribute type 1 has an invalid length.
[  447.663624][T12060] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2076'.
[  447.685415][T12060] netlink: 'syz.2.2076': attribute type 19 has an invalid length.
[  447.693299][T12060] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2076'.
[  447.708620][T12064] netlink: 'syz.1.2077': attribute type 2 has an invalid length.
[  447.717357][T12064] netlink: 'syz.1.2077': attribute type 1 has an invalid length.
[  448.703585][T12080] veth1_macvtap: left promiscuous mode
[  448.711903][T12080] macsec0: entered allmulticast mode
[  448.847865][T12085] veth0_vlan: left promiscuous mode
[  448.854536][T12085] veth0_vlan: entered promiscuous mode
[  448.861182][T12085] team0: Device veth0_vlan failed to register rx_handler
[  449.999137][T12114] veth0_vlan: left promiscuous mode
[  450.012985][T12114] veth0_vlan: entered promiscuous mode
[  450.028066][T12114] team0: Device veth0_vlan failed to register rx_handler
[  451.406269][T12134] validate_nla: 9 callbacks suppressed
[  451.408958][T12134] netlink: 'syz.0.2104': attribute type 2 has an invalid length.
[  451.447083][T12134] netlink: 'syz.0.2104': attribute type 1 has an invalid length.
[  451.465665][T12134] __nla_validate_parse: 8 callbacks suppressed
[  451.465684][T12134] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2104'.
[  451.488964][T12135] netlink: 'syz.0.2104': attribute type 19 has an invalid length.
[  451.498701][T12135] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2104'.
[  451.775301][T12141] netlink: 'syz.2.2105': attribute type 2 has an invalid length.
[  451.785910][T12141] netlink: 'syz.2.2105': attribute type 1 has an invalid length.
[  451.796451][T12141] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2105'.
[  451.812549][T12141] netlink: 'syz.2.2105': attribute type 19 has an invalid length.
[  451.825392][T12141] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2105'.
[  452.604646][T12154] macsec0: entered allmulticast mode
[  452.807137][T12161] FAULT_INJECTION: forcing a failure.
[  452.807137][T12161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  452.824757][T12161] CPU: 0 PID: 12161 Comm: syz.2.2115 Not tainted syzkaller #0
[  452.832269][T12161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  452.842341][T12161] Call Trace:
[  452.845636][T12161]  <TASK>
[  452.848584][T12161]  dump_stack_lvl+0x18c/0x250
[  452.853288][T12161]  ? show_regs_print_info+0x20/0x20
[  452.858508][T12161]  ? load_image+0x420/0x420
[  452.863036][T12161]  ? __might_fault+0xaa/0x120
[  452.867732][T12161]  ? __lock_acquire+0x7d40/0x7d40
[  452.872786][T12161]  should_fail_ex+0x39d/0x4d0
[  452.877501][T12161]  _copy_from_iter+0x1d9/0x12e0
[  452.882380][T12161]  ? rep_movs_alternative+0x4a/0x90
[  452.887604][T12161]  ? _copy_from_iter+0x24e/0x12e0
[  452.892651][T12161]  ? __virt_addr_valid+0x18c/0x540
[  452.897797][T12161]  ? __lock_acquire+0x7d40/0x7d40
[  452.902856][T12161]  ? copyout_mc+0x70/0x70
[  452.907220][T12161]  ? copyout_mc+0x70/0x70
[  452.911576][T12161]  ? __virt_addr_valid+0x18c/0x540
[  452.916711][T12161]  ? page_copy_sane+0x16a/0x270
[  452.921587][T12161]  copy_page_from_iter+0x7b/0x100
[  452.926643][T12161]  skb_copy_datagram_from_iter+0x2e4/0x6e0
[  452.932486][T12161]  tun_get_user+0x15db/0x3ca0
[  452.937201][T12161]  ? aa_file_perm+0x11b/0xee0
[  452.941916][T12161]  ? rcu_read_unlock+0xa0/0xa0
[  452.946717][T12161]  ? tun_get+0x1c/0x2e0
[  452.950901][T12161]  ? __lock_acquire+0x7d40/0x7d40
[  452.955951][T12161]  ? tun_get+0x1c/0x2e0
[  452.960137][T12161]  tun_chr_write_iter+0x119/0x200
[  452.965187][T12161]  vfs_write+0x46c/0x990
[  452.969458][T12161]  ? file_end_write+0x250/0x250
[  452.974343][T12161]  ? __fget_files+0x43d/0x4b0
[  452.979055][T12161]  ? __fdget_pos+0x1d8/0x330
[  452.983664][T12161]  ? ksys_write+0x75/0x260
[  452.988103][T12161]  ksys_write+0x150/0x260
[  452.992460][T12161]  ? __ia32_sys_read+0x90/0x90
[  452.997260][T12161]  ? lockdep_hardirqs_on+0x98/0x150
[  453.002487][T12161]  do_syscall_64+0x55/0xa0
[  453.006925][T12161]  ? clear_bhb_loop+0x40/0x90
[  453.011627][T12161]  ? clear_bhb_loop+0x40/0x90
[  453.016334][T12161]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  453.022255][T12161] RIP: 0033:0x7fea8679c819
[  453.022539][T12165] netlink: 'syz.3.2118': attribute type 6 has an invalid length.
[  453.026670][T12161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  453.026688][T12161] RSP: 002b:00007fea87614028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  453.026706][T12161] RAX: ffffffffffffffda RBX: 00007fea86a15fa0 RCX: 00007fea8679c819
[  453.026717][T12161] RDX: 000000000000fdef RSI: 0000200000000200 RDI: 00000000000000c8
[  453.026728][T12161] RBP: 00007fea87614090 R08: 0000000000000000 R09: 0000000000000000
[  453.026738][T12161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  453.043710][T12165] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2118'.
[  453.054020][T12161] R13: 00007fea86a16038 R14: 00007fea86a15fa0 R15: 00007ffe908b7f58
[  453.054051][T12161]  </TASK>
[  454.009738][T12178] netlink: 'syz.2.2119': attribute type 2 has an invalid length.
[  454.059391][T12178] netlink: 'syz.2.2119': attribute type 1 has an invalid length.
[  454.074658][T12180] netlink: 'syz.2.2119': attribute type 19 has an invalid length.
[  454.082525][T12180] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2119'.
[  454.087526][T12178] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2119'.
[  454.133705][T12182] veth0_vlan: left promiscuous mode
[  454.141562][T12182] veth0_vlan: entered promiscuous mode
[  454.152430][T12182] team0: Device veth0_vlan failed to register rx_handler
[  454.336170][T12190] netlink: 21 bytes leftover after parsing attributes in process `syz.1.2122'.
[  454.391827][T12190] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  455.916667][T12216] veth0_vlan: left promiscuous mode
[  455.930833][T12216] veth0_vlan: entered promiscuous mode
[  455.939513][T12216] team0: Device veth0_vlan failed to register rx_handler
[  456.022543][T12221] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2136'.
[  456.117266][T12222] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.2135'.
[  457.395577][T12238] __nla_validate_parse: 1 callbacks suppressed
[  457.395594][T12238] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2142'.
[  457.429785][T12240] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2142'.
[  458.765772][T12250] validate_nla: 5 callbacks suppressed
[  458.765788][T12250] netlink: 'syz.0.2146': attribute type 10 has an invalid length.
[  458.786358][T12250] veth0_vlan: left promiscuous mode
[  458.803030][T12250] veth0_vlan: entered promiscuous mode
[  458.811563][T12250] team0: Device veth0_vlan failed to register rx_handler
[  459.067736][T12263] netlink: 'syz.2.2149': attribute type 2 has an invalid length.
[  459.086555][T12263] netlink: 'syz.2.2149': attribute type 1 has an invalid length.
[  459.107284][T12263] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2149'.
[  459.188963][T12263] netlink: 'syz.2.2149': attribute type 19 has an invalid length.
[  459.227729][T12263] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2149'.
[  460.257900][T12292] netlink: 'syz.2.2162': attribute type 1 has an invalid length.
[  460.267040][T12292] netlink: 'syz.2.2162': attribute type 4 has an invalid length.
[  460.275777][T12292] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2162'.
[  460.296683][T12293] netlink: 'syz.3.2163': attribute type 9 has an invalid length.
[  460.304843][T12293] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2163'.
[  460.374611][T12296] netlink: 'syz.3.2163': attribute type 9 has an invalid length.
[  460.394577][T12296] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2163'.
[  460.593229][T12280] delete_channel: no stack
[  461.411034][T12310] netlink: 'syz.3.2170': attribute type 2 has an invalid length.
[  461.427045][T12310] netlink: 'syz.3.2170': attribute type 1 has an invalid length.
[  461.436622][T12310] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.2170'.
[  461.453544][T12310] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2170'.
[  461.974841][T12323] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2175'.
[  462.396558][T12336] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  463.594354][T12344] __nla_validate_parse: 3 callbacks suppressed
[  463.594372][T12344] netlink: 21 bytes leftover after parsing attributes in process `syz.3.2189'.
[  463.684292][T12344] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  464.205003][T12353] validate_nla: 6 callbacks suppressed
[  464.205016][T12353] netlink: 'syz.1.2184': attribute type 10 has an invalid length.
[  464.225289][T12353] veth0_vlan: left promiscuous mode
[  464.238473][T12353] veth0_vlan: entered promiscuous mode
[  464.259517][T12353] team0: Device veth0_vlan failed to register rx_handler
[  464.978108][T12358] netlink: 'syz.3.2186': attribute type 1 has an invalid length.
[  464.999085][T12358] netlink: 'syz.3.2186': attribute type 4 has an invalid length.
[  465.009324][T12358] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2186'.
[  465.196749][T12368] netlink: 'syz.2.2190': attribute type 2 has an invalid length.
[  465.217928][T12368] netlink: 'syz.2.2190': attribute type 1 has an invalid length.
[  465.228265][T12368] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2190'.
[  465.247017][T12370] FAULT_INJECTION: forcing a failure.
[  465.247017][T12370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  465.262228][T12370] CPU: 0 PID: 12370 Comm: syz.3.2192 Not tainted syzkaller #0
[  465.269743][T12370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  465.279827][T12370] Call Trace:
[  465.283135][T12370]  <TASK>
[  465.286090][T12370]  dump_stack_lvl+0x18c/0x250
[  465.290818][T12370]  ? show_regs_print_info+0x20/0x20
[  465.296055][T12370]  ? load_image+0x420/0x420
[  465.300603][T12370]  ? __might_fault+0xaa/0x120
[  465.305315][T12370]  ? __lock_acquire+0x7d40/0x7d40
[  465.310375][T12370]  should_fail_ex+0x39d/0x4d0
[  465.315110][T12370]  _copy_from_user+0x2f/0xe0
[  465.319746][T12370]  __sys_bpf+0x23e/0x890
[  465.324026][T12370]  ? bpf_link_show_fdinfo+0x390/0x390
[  465.329462][T12370]  ? lock_chain_count+0x20/0x20
[  465.334370][T12370]  __x64_sys_bpf+0x7c/0x90
[  465.338829][T12370]  do_syscall_64+0x55/0xa0
[  465.343284][T12370]  ? clear_bhb_loop+0x40/0x90
[  465.348004][T12370]  ? clear_bhb_loop+0x40/0x90
[  465.352727][T12370]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  465.358655][T12370] RIP: 0033:0x7f95dd39c819
[  465.363104][T12370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  465.382751][T12370] RSP: 002b:00007f95de306028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  465.391206][T12370] RAX: ffffffffffffffda RBX: 00007f95dd615fa0 RCX: 00007f95dd39c819
[  465.399213][T12370] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  465.407219][T12370] RBP: 00007f95de306090 R08: 0000000000000000 R09: 0000000000000000
[  465.415224][T12370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.423228][T12370] R13: 00007f95dd616038 R14: 00007f95dd615fa0 R15: 00007ffed4dbeeb8
[  465.431256][T12370]  </TASK>
[  466.683900][T12385] netlink: 'syz.1.2198': attribute type 10 has an invalid length.
[  466.692094][T12385] veth0_vlan: left promiscuous mode
[  466.719871][T12385] veth0_vlan: entered promiscuous mode
[  466.732643][T12385] team0: Device veth0_vlan failed to register rx_handler
[  467.509949][T12389] netlink: 'syz.2.2200': attribute type 1 has an invalid length.
[  467.521146][T12389] netlink: 'syz.2.2200': attribute type 4 has an invalid length.
[  467.530196][T12389] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2200'.
[  467.670717][T12393] À: port 1(vlan0) entered blocking state
[  467.680119][T12393] À: port 1(vlan0) entered disabled state
[  467.687978][T12393] vlan0: entered allmulticast mode
[  467.696062][T12393] veth0_vlan: entered allmulticast mode
[  467.708837][T12393] vlan0: entered promiscuous mode
[  468.396983][T12418] netlink: 'syz.1.2210': attribute type 10 has an invalid length.
[  468.433872][T12418] veth0_vlan: left promiscuous mode
[  468.442337][T12418] veth0_vlan: entered promiscuous mode
[  468.458447][T12418] team0: Device veth0_vlan failed to register rx_handler
[  469.036623][T12423] netlink: 'syz.1.2212': attribute type 1 has an invalid length.
[  469.139960][T12423] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2212'.
[  470.128773][T12442] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2220'.
[  470.278715][T12444] validate_nla: 1 callbacks suppressed
[  470.278733][T12444] netlink: 'syz.3.2221': attribute type 10 has an invalid length.
[  471.256612][T12446] netlink: 'syz.3.2223': attribute type 1 has an invalid length.
[  471.282201][T12446] netlink: 'syz.3.2223': attribute type 4 has an invalid length.
[  471.316066][T12446] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2223'.
[  472.205683][T12467] netlink: 'syz.3.2228': attribute type 2 has an invalid length.
[  472.271885][T12467] netlink: 'syz.3.2228': attribute type 1 has an invalid length.
[  472.337308][T12469] netlink: 'syz.3.2228': attribute type 19 has an invalid length.
[  472.385548][T12467] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.2228'.
[  472.430090][T12469] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2228'.
[  473.367710][T12483] netlink: 'syz.1.2234': attribute type 1 has an invalid length.
[  473.439741][T12483] netlink: 'syz.1.2234': attribute type 4 has an invalid length.
[  473.481229][T12483] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2234'.
[  473.557801][T12485] netlink: 'syz.3.2235': attribute type 10 has an invalid length.
[  473.586936][T12484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  473.811085][T12496] netlink: 'syz.1.2237': attribute type 21 has an invalid length.
[  473.833951][T12496] netlink: 12226 bytes leftover after parsing attributes in process `syz.1.2237'.
[  474.745573][T12506] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2242'.
[  474.813795][T12506] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2242'.
[  475.555220][T12515] validate_nla: 12 callbacks suppressed
[  475.555236][T12515] netlink: 'syz.3.2245': attribute type 10 has an invalid length.
[  475.799041][T12523] netlink: 'syz.3.2248': attribute type 10 has an invalid length.
[  476.008637][T12529] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.2252'.
[  476.751908][T12545] netlink: 'syz.3.2256': attribute type 2 has an invalid length.
[  476.800318][T12545] netlink: 'syz.3.2256': attribute type 1 has an invalid length.
[  476.920652][T12545] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.2256'.
[  476.930283][T12546] netlink: 'syz.3.2256': attribute type 19 has an invalid length.
[  476.930301][T12546] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2256'.
[  479.326439][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  479.345302][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  479.354050][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  479.372740][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  479.453781][   T51] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  479.461609][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  480.176325][T12578] netlink: 'syz.3.2268': attribute type 2 has an invalid length.
[  480.220049][T12578] netlink: 'syz.3.2268': attribute type 1 has an invalid length.
[  480.262871][T12578] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.2268'.
[  480.281420][ T3443] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.348947][T12557] chnl_net:caif_netlink_parms(): no params data found
[  480.373326][T12579] netlink: 'syz.3.2268': attribute type 19 has an invalid length.
[  480.395125][T12579] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2268'.
[  480.584049][ T3443] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.710603][ T3443] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.889971][ T3443] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.057941][T12557] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.065461][T12557] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.072714][T12557] bridge_slave_0: entered allmulticast mode
[  481.091047][T12557] bridge_slave_0: entered promiscuous mode
[  481.102050][T12557] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.131881][T12557] bridge0: port 2(bridge_slave_1) entered disabled state
[  481.146332][T12557] bridge_slave_1: entered allmulticast mode
[  481.162981][T12557] bridge_slave_1: entered promiscuous mode
[  481.305325][T12557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  481.338336][T12557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  481.497336][T12557] team0: Port device team_slave_0 added
[  481.523895][   T51] Bluetooth: hci4: command tx timeout
[  481.565201][T12557] team0: Port device team_slave_1 added
[  481.649390][T12557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  481.667361][T12557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.719887][T12557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.752873][T12557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.777415][T12557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.857872][T12557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.957555][ T3443] tipc: Left network mode
[  482.005841][T12557] hsr_slave_0: entered promiscuous mode
[  482.045445][T12557] hsr_slave_1: entered promiscuous mode
[  482.350342][T12613] FAULT_INJECTION: forcing a failure.
[  482.350342][T12613] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  482.365168][T12613] CPU: 1 PID: 12613 Comm: syz.1.2277 Not tainted syzkaller #0
[  482.372671][T12613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  482.382756][T12613] Call Trace:
[  482.386051][T12613]  <TASK>
[  482.388994][T12613]  dump_stack_lvl+0x18c/0x250
[  482.393699][T12613]  ? show_regs_print_info+0x20/0x20
[  482.398931][T12613]  ? load_image+0x420/0x420
[  482.403455][T12613]  ? __might_fault+0xaa/0x120
[  482.408163][T12613]  ? __lock_acquire+0x7d40/0x7d40
[  482.413212][T12613]  should_fail_ex+0x39d/0x4d0
[  482.417918][T12613]  _copy_from_user+0x2f/0xe0
[  482.422535][T12613]  csum_and_copy_from_iter+0x476/0x14a0
[  482.428116][T12613]  ? iov_iter_get_pages_alloc2+0xc0/0xc0
[  482.433774][T12613]  ? __kmem_cache_alloc_node+0x13a/0x250
[  482.439436][T12613]  ? __alloc_skb+0x138/0x2c0
[  482.444043][T12613]  ? rcu_is_watching+0x15/0xb0
[  482.448834][T12613]  ip_generic_getfrag+0x163/0x2f0
[  482.453886][T12613]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[  482.458763][T12613]  ? skb_put+0x11b/0x210
[  482.463027][T12613]  __ip_append_data+0x2f11/0x3d40
[  482.468096][T12613]  ? raw_send_hdrinc+0x1170/0x1170
[  482.473231][T12613]  ? mark_lock+0x94/0x320
[  482.477599][T12613]  ? ip_setup_cork+0x860/0x860
[  482.482387][T12613]  ? ip_setup_cork+0x530/0x860
[  482.487172][T12613]  ip_append_data+0x10d/0x180
[  482.491866][T12613]  ? raw_send_hdrinc+0x1170/0x1170
[  482.496996][T12613]  raw_sendmsg+0x15c1/0x1c00
[  482.501623][T12613]  ? compat_raw_ioctl+0x70/0x70
[  482.506513][T12613]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  482.512688][T12613]  ? lockdep_hardirqs_on+0x98/0x150
[  482.517916][T12613]  ? sock_rps_record_flow+0x19/0x3f0
[  482.523224][T12613]  ? inet_sendmsg+0x7c/0x2f0
[  482.527830][T12613]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  482.533132][T12613]  ? security_socket_sendmsg+0x80/0xa0
[  482.538611][T12613]  ? inet_send_prepare+0x260/0x260
[  482.543750][T12613]  ____sys_sendmsg+0x5ba/0x960
[  482.548531][T12613]  ? __lock_acquire+0x7d40/0x7d40
[  482.553575][T12613]  ? __asan_memset+0x22/0x40
[  482.558194][T12613]  ? __sys_sendmsg_sock+0x30/0x30
[  482.563234][T12613]  ? __import_iovec+0x3fa/0x850
[  482.568108][T12613]  ? import_iovec+0x73/0xa0
[  482.572631][T12613]  ___sys_sendmsg+0x2a6/0x360
[  482.577336][T12613]  ? get_pid_task+0x20/0x1e0
[  482.581955][T12613]  ? __sys_sendmsg+0x2a0/0x2a0
[  482.586769][T12613]  ? __lock_acquire+0x7d40/0x7d40
[  482.591820][T12613]  __se_sys_sendmsg+0x1c2/0x2b0
[  482.596672][T12613]  ? __x64_sys_sendmsg+0x80/0x80
[  482.601619][T12613]  do_syscall_64+0x55/0xa0
[  482.606026][T12613]  ? clear_bhb_loop+0x40/0x90
[  482.610699][T12613]  ? clear_bhb_loop+0x40/0x90
[  482.615376][T12613]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  482.621288][T12613] RIP: 0033:0x7f2df679c819
[  482.625698][T12613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  482.645327][T12613] RSP: 002b:00007f2df75d2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  482.653743][T12613] RAX: ffffffffffffffda RBX: 00007f2df6a15fa0 RCX: 00007f2df679c819
[  482.661806][T12613] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007
[  482.669794][T12613] RBP: 00007f2df75d2090 R08: 0000000000000000 R09: 0000000000000000
[  482.677766][T12613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  482.685730][T12613] R13: 00007f2df6a16038 R14: 00007f2df6a15fa0 R15: 00007ffd54280da8
[  482.693716][T12613]  </TASK>
[  482.973308][T12621] netlink: 'syz.1.2278': attribute type 2 has an invalid length.
[  483.000379][T12621] netlink: 'syz.1.2278': attribute type 1 has an invalid length.
[  483.016961][T12621] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.2278'.
[  483.125277][T12624] netlink: 'syz.1.2278': attribute type 19 has an invalid length.
[  483.133204][T12624] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2278'.
[  483.509002][T12629] netlink: 'syz.0.2280': attribute type 2 has an invalid length.
[  483.565013][T12629] netlink: 'syz.0.2280': attribute type 1 has an invalid length.
[  483.572861][T12629] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2280'.
[  483.604068][   T51] Bluetooth: hci4: command tx timeout
[  483.655023][T12629] netlink: 'syz.0.2280': attribute type 19 has an invalid length.
[  483.663441][T12629] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2280'.
[  484.899729][T12657] FAULT_INJECTION: forcing a failure.
[  484.899729][T12657] name failslab, interval 1, probability 0, space 0, times 0
[  484.940472][T12657] CPU: 1 PID: 12657 Comm: syz.1.2286 Not tainted syzkaller #0
[  484.947987][T12657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  484.958066][T12657] Call Trace:
[  484.961351][T12657]  <TASK>
[  484.964290][T12657]  dump_stack_lvl+0x18c/0x250
[  484.968995][T12657]  ? show_regs_print_info+0x20/0x20
[  484.974227][T12657]  ? load_image+0x420/0x420
[  484.978758][T12657]  ? __might_sleep+0xe0/0xe0
[  484.983367][T12657]  ? __lock_acquire+0x7d40/0x7d40
[  484.988407][T12657]  ? __se_sys_sendmsg+0x1c2/0x2b0
[  484.993450][T12657]  should_fail_ex+0x39d/0x4d0
[  484.998152][T12657]  should_failslab+0x9/0x20
[  485.002671][T12657]  slab_pre_alloc_hook+0x59/0x310
[  485.007715][T12657]  ? sctp_datamsg_from_user+0x88/0xee0
[  485.013195][T12657]  __kmem_cache_alloc_node+0x53/0x250
[  485.018595][T12657]  ? sctp_datamsg_from_user+0x88/0xee0
[  485.024072][T12657]  kmalloc_trace+0x2a/0xe0
[  485.028507][T12657]  sctp_datamsg_from_user+0x88/0xee0
[  485.033811][T12657]  ? __sk_mem_raise_allocated+0xa29/0x1340
[  485.039632][T12657]  ? sctp_primitive_ASSOCIATE+0x95/0xc0
[  485.045176][T12657]  sctp_sendmsg_to_asoc+0x107f/0x1830
[  485.050555][T12657]  ? __asan_memcpy+0x40/0x70
[  485.055141][T12657]  ? sctp_assoc_add_peer+0xcf3/0x1390
[  485.060513][T12657]  ? sctp_sendmsg_check_sflags+0x2d0/0x2d0
[  485.066311][T12657]  ? __sctp_connect+0xd80/0xd80
[  485.071146][T12657]  ? __local_bh_enable_ip+0x13a/0x1c0
[  485.076509][T12657]  ? _local_bh_enable+0xa0/0xa0
[  485.081347][T12657]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  485.087141][T12657]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  485.092935][T12657]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  485.098470][T12657]  ? security_sctp_bind_connect+0x89/0xb0
[  485.104182][T12657]  sctp_sendmsg+0x1b83/0x28c0
[  485.108859][T12657]  ? sctp_getsockopt+0xb60/0xb60
[  485.113785][T12657]  ? aa_sk_perm+0x83c/0x970
[  485.118282][T12657]  ? aa_af_perm+0x330/0x330
[  485.122774][T12657]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  485.129181][T12657]  ? sock_rps_record_flow+0x19/0x3f0
[  485.134457][T12657]  ? inet_sendmsg+0x7c/0x2f0
[  485.139037][T12657]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  485.144311][T12657]  ? security_socket_sendmsg+0x80/0xa0
[  485.149755][T12657]  ? inet_send_prepare+0x260/0x260
[  485.154860][T12657]  ____sys_sendmsg+0x5ba/0x960
[  485.159614][T12657]  ? __lock_acquire+0x7d40/0x7d40
[  485.164632][T12657]  ? __asan_memset+0x22/0x40
[  485.169214][T12657]  ? __sys_sendmsg_sock+0x30/0x30
[  485.174228][T12657]  ? __import_iovec+0x5f2/0x850
[  485.179079][T12657]  ? import_iovec+0x73/0xa0
[  485.183574][T12657]  ___sys_sendmsg+0x2a6/0x360
[  485.188250][T12657]  ? get_pid_task+0x20/0x1e0
[  485.192834][T12657]  ? __sys_sendmsg+0x2a0/0x2a0
[  485.197600][T12657]  ? __lock_acquire+0x7d40/0x7d40
[  485.202632][T12657]  __se_sys_sendmsg+0x1c2/0x2b0
[  485.207474][T12657]  ? __x64_sys_sendmsg+0x80/0x80
[  485.212411][T12657]  ? lockdep_hardirqs_on+0x98/0x150
[  485.217603][T12657]  do_syscall_64+0x55/0xa0
[  485.222006][T12657]  ? clear_bhb_loop+0x40/0x90
[  485.226672][T12657]  ? clear_bhb_loop+0x40/0x90
[  485.231339][T12657]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  485.237223][T12657] RIP: 0033:0x7f2df679c819
[  485.241633][T12657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  485.262447][T12657] RSP: 002b:00007f2df75d2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  485.270864][T12657] RAX: ffffffffffffffda RBX: 00007f2df6a15fa0 RCX: 00007f2df679c819
[  485.278822][T12657] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000005
[  485.286780][T12657] RBP: 00007f2df75d2090 R08: 0000000000000000 R09: 0000000000000000
[  485.294737][T12657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  485.302693][T12657] R13: 00007f2df6a16038 R14: 00007f2df6a15fa0 R15: 00007ffd54280da8
[  485.310676][T12657]  </TASK>
[  485.570059][T12664] netlink: 'syz.3.2289': attribute type 10 has an invalid length.
[  485.693766][   T51] Bluetooth: hci4: command tx timeout
[  486.174481][T12557] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  486.214998][T12557] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  486.258708][T12557] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  486.269890][T12673] netlink: 'syz.0.2291': attribute type 2 has an invalid length.
[  486.316061][T12673] netlink: 'syz.0.2291': attribute type 1 has an invalid length.
[  486.353001][T12673] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2291'.
[  486.464448][T12557] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  486.569825][T12676] netlink: 'syz.0.2291': attribute type 19 has an invalid length.
[  486.615263][T12676] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2291'.
[  487.203331][ T3443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  487.226157][ T3443] batman_adv: batadv0: Removing interface: batadv_slave_0
[  487.277474][ T3443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  487.303737][ T3443] batman_adv: batadv0: Removing interface: batadv_slave_1
[  487.311798][ T3443] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  487.333755][ T3443] batman_adv: batadv0: Removing interface: virt_wifi0
[  487.350399][ T3443] bridge0: port 4(team0) entered disabled state
[  487.428036][ T3443] bond0: left allmulticast mode
[  487.432950][ T3443] bond_slave_0: left allmulticast mode
[  487.438699][ T3443] bond_slave_1: left allmulticast mode
[  487.463607][ T3443] batadv0: left allmulticast mode
[  487.469104][ T3443] bridge0: port 3(bond0) entered disabled state
[  487.516850][ T3443] bridge_slave_1: left allmulticast mode
[  487.522542][ T3443] bridge_slave_1: left promiscuous mode
[  487.543860][ T3443] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.574417][ T3443] bridge_slave_0: left allmulticast mode
[  487.580117][ T3443] bridge_slave_0: left promiscuous mode
[  487.593702][ T3443] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.682778][ T3443] veth1_macvtap: left promiscuous mode
[  487.689217][ T3443] veth1_vlan: left allmulticast mode
[  487.703777][ T3443] veth1_vlan: left promiscuous mode
[  487.764194][   T51] Bluetooth: hci4: command tx timeout
[  488.681781][ T3443] macvlan0 (unregistering): left promiscuous mode
[  488.693058][ T3443] macvlan0 (unregistering): left allmulticast mode
[  488.716138][ T3443] team0 (unregistering): Port device macvlan0 removed
[  489.282589][ T3443] team_slave_1 (unregistering): left promiscuous mode
[  489.293213][ T3443] team_slave_1 (unregistering): left allmulticast mode
[  489.318495][ T3443] team0 (unregistering): Port device team_slave_1 removed
[  489.967235][ T3443] C (unregistering): left promiscuous mode
[  489.974179][ T3443] C (unregistering): left allmulticast mode
[  489.986762][ T3443] team0 (unregistering): Port device C removed
[  490.038530][ T3443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  490.048148][ T3443] bond_slave_1 (unregistering): left promiscuous mode
[  490.088469][ T3443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  490.097328][ T3443] bond_slave_0 (unregistering): left promiscuous mode
[  490.362990][ T3443] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  490.377219][ T3443] batadv0 (unregistering): left promiscuous mode
[  490.418291][ T3443] dummy0 (unregistering): left promiscuous mode
[  490.424688][ T3443] dummy0 (unregistering): left allmulticast mode
[  490.432486][ T3443] team0 (unregistering): Port device dummy0 removed
[  490.487261][ T3443] bond0 (unregistering): Released all slaves
[  490.566686][T12695] netlink: 'syz.0.2299': attribute type 10 has an invalid length.
[  490.579536][T12695] team0: Device veth0_vlan failed to register rx_handler
[  490.679831][T12557] 8021q: adding VLAN 0 to HW filter on device bond0
[  490.728317][T12557] 8021q: adding VLAN 0 to HW filter on device team0
[  490.805627][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.813465][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.865628][   T79] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.872784][   T79] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.917663][T12717] netlink: 'syz.1.2297': attribute type 10 has an invalid length.
[  490.922099][T12715] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.2296'.
[  490.927362][T12717] veth0_vlan: left promiscuous mode
[  490.951351][T12717] veth0_vlan: entered promiscuous mode
[  490.959025][T12717] team0: Device veth0_vlan failed to register rx_handler
[  490.995859][T12715] netlink: 'syz.3.2296': attribute type 2 has an invalid length.
[  491.108098][T12715] pim6reg1: entered promiscuous mode
[  491.132775][T12715] pim6reg1: entered allmulticast mode
[  491.527132][T12729] netlink: 'syz.1.2300': attribute type 10 has an invalid length.
[  491.540915][T12729] veth0_vlan: left promiscuous mode
[  491.547814][T12729] veth0_vlan: entered promiscuous mode
[  491.558526][T12729] team0: Device veth0_vlan failed to register rx_handler
[  491.909677][T12557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  492.004676][T12557] veth0_vlan: entered promiscuous mode
[  492.041226][T12557] veth1_vlan: entered promiscuous mode
[  492.107277][T12557] veth0_macvtap: entered promiscuous mode
[  492.129127][T12557] veth1_macvtap: entered promiscuous mode
[  492.172683][T12557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.203557][T12557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.224992][T12557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.245092][T12557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.265504][T12557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.292923][T12557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  492.312705][T12557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  492.333589][T12557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  492.352734][T12557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  492.362673][T12557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  492.602212][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.643723][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.747437][ T3443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.764117][ T3443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.780480][T12766] netlink: 'syz.3.2302': attribute type 2 has an invalid length.
[  492.868155][T12766] netlink: 'syz.3.2302': attribute type 1 has an invalid length.
[  492.919604][T12766] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.2302'.
[  493.726606][T12775] netlink: 'syz.2.2304': attribute type 10 has an invalid length.
[  493.922683][T12775] veth0_vlan: left promiscuous mode
[  493.985307][T12775] veth0_vlan: entered promiscuous mode
[  494.028918][T12775] team0: Device veth0_vlan failed to register rx_handler
[  494.647216][T12788] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.2309'.
[  495.124192][T12794] netlink: 'syz.2.2312': attribute type 2 has an invalid length.
[  495.155176][T12794] netlink: 'syz.2.2312': attribute type 1 has an invalid length.
[  495.164854][T12794] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2312'.
[  495.204881][T12794] netlink: 'syz.2.2312': attribute type 19 has an invalid length.
[  495.237600][T12794] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2312'.
[  495.723828][T12805] netlink: 'syz.2.2316': attribute type 4 has an invalid length.
[  495.751327][T12805] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2316'.
[  496.655076][T12813] netlink: 'syz.2.2318': attribute type 10 has an invalid length.
[  496.663263][T12813] veth0_vlan: left promiscuous mode
[  496.697193][T12813] veth0_vlan: entered promiscuous mode
[  496.707045][T12813] team0: Device veth0_vlan failed to register rx_handler
[  496.970783][T12817] netlink: 'syz.1.2320': attribute type 10 has an invalid length.
[  497.056114][T12817] wg1: entered promiscuous mode
[  497.061651][T12817] wg1: entered allmulticast mode
[  497.069364][T12817] team0: Device wg1 is of different type
[  497.279922][T12826] netlink: 'syz.3.2323': attribute type 1 has an invalid length.
[  497.305166][T12826] netlink: 'syz.3.2323': attribute type 4 has an invalid length.
[  497.313489][T12826] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2323'.
[  497.434488][T12829] netlink: 'syz.2.2324': attribute type 2 has an invalid length.
[  497.442268][T12829] netlink: 'syz.2.2324': attribute type 1 has an invalid length.
[  497.505013][T12829] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2324'.
[  497.580405][T12834] netlink: 'syz.2.2324': attribute type 19 has an invalid length.
[  497.619897][T12834] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2324'.
[  497.869590][T12835] netlink: 'syz.3.2325': attribute type 19 has an invalid length.
[  497.904373][T12835] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2325'.
[  498.508061][T12847] netlink: 'syz.1.2329': attribute type 10 has an invalid length.
[  498.536356][T12847] veth0_vlan: left promiscuous mode
[  498.559603][T12847] veth0_vlan: entered promiscuous mode
[  498.571351][T12847] team0: Device veth0_vlan failed to register rx_handler
[  498.871488][T12857] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2333'.
[  499.234566][T12864] netlink: 160 bytes leftover after parsing attributes in process `syz.2.2336'.
[  499.340797][T12864] erspan0: refused to change device tx_queue_len
[  499.389500][T12864] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  499.428273][T12872] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2335'.
[  499.449171][T12870] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2338'.
[  499.506324][T12863] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2335'.
[  500.244684][T12887] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2344'.
[  500.419215][T12892] syzkaller0: entered promiscuous mode
[  500.441250][T12892] syzkaller0: entered allmulticast mode
[  500.558344][T12899] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.2349'.
[  500.593098][T12899] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2349'.
[  500.964162][T12901] validate_nla: 13 callbacks suppressed
[  500.964173][T12901] netlink: 'syz.1.2350': attribute type 10 has an invalid length.
[  500.979784][T12901] veth0_vlan: left promiscuous mode
[  500.988260][T12901] veth0_vlan: entered promiscuous mode
[  500.995563][T12901] team0: Device veth0_vlan failed to register rx_handler
[  501.205302][T12908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2353'.
[  501.550837][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  501.557591][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  501.875828][T12919] netlink: 'syz.0.2357': attribute type 1 has an invalid length.
[  501.897824][T12919] netlink: 'syz.0.2357': attribute type 4 has an invalid length.
[  501.913958][T12919] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2357'.
[  502.307550][T12931] netlink: 'syz.2.2363': attribute type 10 has an invalid length.
[  502.333812][T12931] veth0_vlan: left promiscuous mode
[  502.340195][T12931] veth0_vlan: entered promiscuous mode
[  502.394166][T12931] team0: Device veth0_vlan failed to register rx_handler
[  503.002172][T12941] netlink: 'syz.1.2368': attribute type 21 has an invalid length.
[  503.066005][T12946] netlink: 'syz.0.2369': attribute type 1 has an invalid length.
[  503.102610][T12946] netlink: 'syz.0.2369': attribute type 4 has an invalid length.
[  503.411536][T12951] netlink: 'syz.3.2370': attribute type 2 has an invalid length.
[  503.469862][T12951] netlink: 'syz.3.2370': attribute type 1 has an invalid length.
[  503.505667][T12955] netlink: 'syz.0.2372': attribute type 10 has an invalid length.
[  503.707225][T12955] wg1: entered promiscuous mode
[  503.781177][T12955] wg1: entered allmulticast mode
[  503.806255][T12955] team0: Device wg1 is of different type
[  503.874712][T12954] __nla_validate_parse: 4 callbacks suppressed
[  503.874729][T12954] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2370'.
[  504.167657][ T5089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  504.179577][ T5089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  504.196992][ T5089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  504.209385][ T5089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  504.220401][ T5089] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  504.228905][ T5089] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  505.042979][ T3443] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.073354][T12968] team0: Device veth0_vlan failed to register rx_handler
[  505.175837][ T3443] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.220437][T12977] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2379'.
[  505.458404][ T3443] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.478436][T12988] netlink: 49779 bytes leftover after parsing attributes in process `syz.0.2382'.
[  505.537252][T12989] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2381'.
[  505.547022][T12981] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.2381'.
[  505.592284][ T3443] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.770914][T12959] chnl_net:caif_netlink_parms(): no params data found
[  505.821626][T12995] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2385'.
[  505.924333][ T3443] tipc: Left network mode
[  506.323882][ T5089] Bluetooth: hci1: command tx timeout
[  506.454688][T13014] validate_nla: 8 callbacks suppressed
[  506.454699][T13014] netlink: 'syz.2.2388': attribute type 2 has an invalid length.
[  506.468964][T12959] bridge0: port 1(bridge_slave_0) entered blocking state
[  506.478907][T12959] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.510082][T12959] bridge_slave_0: entered allmulticast mode
[  506.525115][T12959] bridge_slave_0: entered promiscuous mode
[  506.604224][T12959] bridge0: port 2(bridge_slave_1) entered blocking state
[  506.619700][T12959] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.629467][T13021] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2389'.
[  506.634112][T12959] bridge_slave_1: entered allmulticast mode
[  506.661943][T12959] bridge_slave_1: entered promiscuous mode
[  506.790712][T12959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  506.827324][T12959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  507.000886][T12959] team0: Port device team_slave_0 added
[  507.050059][T13029] netlink: 'syz.0.2390': attribute type 10 has an invalid length.
[  507.065477][T13029] team0: Device veth0_vlan failed to register rx_handler
[  507.102330][T12959] team0: Port device team_slave_1 added
[  507.191057][T12959] batman_adv: batadv0: Adding interface: batadv_slave_0
[  507.198169][T12959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.230468][T12959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  507.293340][T13034] netlink: 'syz.0.2392': attribute type 1 has an invalid length.
[  507.301371][T13034] netlink: 'syz.0.2392': attribute type 4 has an invalid length.
[  507.313398][T13034] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2392'.
[  507.327511][T12959] batman_adv: batadv0: Adding interface: batadv_slave_1
[  507.336909][T12959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.363063][T12959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  507.666549][T13041] netlink: 'syz.2.2393': attribute type 2 has an invalid length.
[  507.692831][T13041] netlink: 'syz.2.2393': attribute type 1 has an invalid length.
[  507.717775][T13041] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.2393'.
[  507.739992][T12959] hsr_slave_0: entered promiscuous mode
[  507.757375][T12959] hsr_slave_1: entered promiscuous mode
[  507.778460][T12959] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  507.799087][T12959] Cannot create hsr debugfs directory
[  507.840918][T13041] netlink: 'syz.2.2393': attribute type 19 has an invalid length.
[  507.866617][T13041] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2393'.
[  508.135391][ T3443] 
[  508.137762][ T3443] ======================================================
[  508.144787][ T3443] WARNING: possible circular locking dependency detected
[  508.151811][ T3443] syzkaller #0 Not tainted
[  508.156225][ T3443] ------------------------------------------------------
[  508.163240][ T3443] kworker/u4:10/3443 is trying to acquire lock:
[  508.169478][ T3443] ffff888030bc0d00 (team->team_lock_key){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[  508.178907][ T3443] 
[  508.178907][ T3443] but task is already holding lock:
[  508.186270][ T3443] ffff888021298768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  508.196635][ T3443] 
[  508.196635][ T3443] which lock already depends on the new lock.
[  508.196635][ T3443] 
[  508.207037][ T3443] 
[  508.207037][ T3443] the existing dependency chain (in reverse order) is:
[  508.216048][ T3443] 
[  508.216048][ T3443] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[  508.223808][ T3443]        __mutex_lock+0x136/0xcc0
[  508.228853][ T3443]        ieee80211_open+0x144/0x200
[  508.234067][ T3443]        __dev_open+0x2cb/0x430
[  508.238930][ T3443]        dev_open+0xab/0x190
[  508.243553][ T3443]        team_add_slave+0x75f/0x29a0
[  508.248853][ T3443]        do_setlink+0xdfe/0x4130
[  508.253797][ T3443]        rtnl_newlink+0x17da/0x20a0
[  508.258999][ T3443]        rtnetlink_rcv_msg+0x869/0xfa0
[  508.264463][ T3443]        netlink_rcv_skb+0x241/0x4d0
[  508.269758][ T3443]        netlink_unicast+0x751/0x8d0
[  508.275056][ T3443]        netlink_sendmsg+0x8d0/0xbf0
[  508.280350][ T3443]        ____sys_sendmsg+0x5ba/0x960
[  508.285641][ T3443]        ___sys_sendmsg+0x2a6/0x360
[  508.290841][ T3443]        __se_sys_sendmsg+0x1c2/0x2b0
[  508.296214][ T3443]        do_syscall_64+0x55/0xa0
[  508.301157][ T3443]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  508.307579][ T3443] 
[  508.307579][ T3443] -> #0 (team->team_lock_key){+.+.}-{3:3}:
[  508.315587][ T3443]        __lock_acquire+0x2df1/0x7d40
[  508.320972][ T3443]        lock_acquire+0x19e/0x420
[  508.326001][ T3443]        __mutex_lock+0x136/0xcc0
[  508.331032][ T3443]        team_del_slave+0x32/0x1c0
[  508.336145][ T3443]        team_device_event+0x28d/0xa20
[  508.341614][ T3443]        notifier_call_chain+0x197/0x380
[  508.347255][ T3443]        unregister_netdevice_many_notify+0x100d/0x1900
[  508.354211][ T3443]        unregister_netdevice_queue+0x32c/0x370
[  508.360476][ T3443]        _cfg80211_unregister_wdev+0x16b/0x580
[  508.366643][ T3443]        ieee80211_remove_interfaces+0x49e/0x690
[  508.372978][ T3443]        ieee80211_unregister_hw+0x5d/0x2a0
[  508.378875][ T3443]        mac80211_hwsim_del_radio+0x289/0x480
[  508.384945][ T3443]        hwsim_exit_net+0x58d/0x650
[  508.390146][ T3443]        cleanup_net+0x70a/0xbb0
[  508.395106][ T3443]        process_scheduled_works+0xa5d/0x15d0
[  508.401196][ T3443]        worker_thread+0xa55/0xfc0
[  508.406312][ T3443]        kthread+0x2fa/0x390
[  508.410902][ T3443]        ret_from_fork+0x48/0x80
[  508.415845][ T3443]        ret_from_fork_asm+0x11/0x20
[  508.421140][ T3443] 
[  508.421140][ T3443] other info that might help us debug this:
[  508.421140][ T3443] 
[  508.421289][ T5089] Bluetooth: hci1: command tx timeout
[  508.431352][ T3443]  Possible unsafe locking scenario:
[  508.431352][ T3443] 
[  508.431357][ T3443]        CPU0                    CPU1
[  508.431361][ T3443]        ----                    ----
[  508.431364][ T3443]   lock(&rdev->wiphy.mtx);
[  508.431376][ T3443]                                lock(team->team_lock_key);
[  508.431387][ T3443]                                lock(&rdev->wiphy.mtx);
[  508.431398][ T3443]   lock(team->team_lock_key);
[  508.478452][ T3443] 
[  508.478452][ T3443]  *** DEADLOCK ***
[  508.478452][ T3443] 
[  508.486606][ T3443] 5 locks held by kworker/u4:10/3443:
[  508.491975][ T3443]  #0: ffff888140044938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  508.502876][ T3443]  #1: ffffc9000cf27d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  508.513421][ T3443]  #2: ffffffff8e3b5710 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0
[  508.522836][ T3443]  #3: ffffffff8e3c2748 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[  508.532681][ T3443]  #4: ffff888021298768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  508.543510][ T3443] 
[  508.543510][ T3443] stack backtrace:
[  508.549399][ T3443] CPU: 1 PID: 3443 Comm: kworker/u4:10 Not tainted syzkaller #0
[  508.557035][ T3443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  508.567100][ T3443] Workqueue: netns cleanup_net
[  508.571887][ T3443] Call Trace:
[  508.575168][ T3443]  <TASK>
[  508.578103][ T3443]  dump_stack_lvl+0x18c/0x250
[  508.582794][ T3443]  ? load_image+0x420/0x420
[  508.587316][ T3443]  ? show_regs_print_info+0x20/0x20
[  508.592530][ T3443]  ? print_circular_bug+0x12b/0x1a0
[  508.597739][ T3443]  check_noncircular+0x2fc/0x400
[  508.602700][ T3443]  ? print_deadlock_bug+0x5d0/0x5d0
[  508.607919][ T3443]  ? lockdep_lock+0xf5/0x230
[  508.612516][ T3443]  ? __lock_acquire+0x1273/0x7d40
[  508.617545][ T3443]  ? _find_first_zero_bit+0xd3/0x100
[  508.622836][ T3443]  __lock_acquire+0x2df1/0x7d40
[  508.627711][ T3443]  ? verify_lock_unused+0x140/0x140
[  508.632922][ T3443]  ? verify_lock_unused+0x140/0x140
[  508.638138][ T3443]  lock_acquire+0x19e/0x420
[  508.642648][ T3443]  ? team_del_slave+0x32/0x1c0
[  508.647480][ T3443]  ? __might_sleep+0xe0/0xe0
[  508.652080][ T3443]  ? read_lock_is_recursive+0x20/0x20
[  508.657465][ T3443]  __mutex_lock+0x136/0xcc0
[  508.661983][ T3443]  ? team_del_slave+0x32/0x1c0
[  508.666760][ T3443]  ? __lock_acquire+0x7d40/0x7d40
[  508.671791][ T3443]  ? rcu_is_watching+0x15/0xb0
[  508.676570][ T3443]  ? trace_contention_end+0x39/0xe0
[  508.681772][ T3443]  ? __mutex_lock+0x315/0xcc0
[  508.686453][ T3443]  ? team_del_slave+0x32/0x1c0
[  508.691224][ T3443]  ? mutex_lock_nested+0x20/0x20
[  508.696165][ T3443]  ? bond_netdev_event+0xeb/0xf20
[  508.701201][ T3443]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  508.706844][ T3443]  team_del_slave+0x32/0x1c0
[  508.711439][ T3443]  team_device_event+0x28d/0xa20
[  508.716386][ T3443]  notifier_call_chain+0x197/0x380
[  508.721511][ T3443]  unregister_netdevice_many_notify+0x100d/0x1900
[  508.727936][ T3443]  ? lock_chain_count+0x20/0x20
[  508.732803][ T3443]  ? unregister_netdevice_many+0x20/0x20
[  508.738450][ T3443]  ? kernfs_remove_by_name_ns+0x117/0x150
[  508.744186][ T3443]  ? __lock_acquire+0x7d40/0x7d40
[  508.749221][ T3443]  unregister_netdevice_queue+0x32c/0x370
[  508.754952][ T3443]  ? list_netdevice+0x730/0x730
[  508.759807][ T3443]  ? kernfs_remove_by_name_ns+0x117/0x150
[  508.765540][ T3443]  _cfg80211_unregister_wdev+0x16b/0x580
[  508.771187][ T3443]  ieee80211_remove_interfaces+0x49e/0x690
[  508.777007][ T3443]  ? ieee80211_do_stop+0x1e20/0x1e20
[  508.782309][ T3443]  ? rcu_is_watching+0x15/0xb0
[  508.787086][ T3443]  ieee80211_unregister_hw+0x5d/0x2a0
[  508.792472][ T3443]  mac80211_hwsim_del_radio+0x289/0x480
[  508.798028][ T3443]  ? rhashtable_remove_fast+0xc00/0xc00
[  508.803585][ T3443]  hwsim_exit_net+0x58d/0x650
[  508.808272][ T3443]  ? hwsim_init_net+0x90/0x90
[  508.812960][ T3443]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[  508.818776][ T3443]  cleanup_net+0x70a/0xbb0
[  508.823205][ T3443]  ? ops_free_list+0x3b0/0x3b0
[  508.827983][ T3443]  ? _raw_spin_unlock_irq+0x23/0x50
[  508.833184][ T3443]  ? process_scheduled_works+0x96f/0x15d0
[  508.838910][ T3443]  ? process_scheduled_works+0x96f/0x15d0
[  508.844636][ T3443]  process_scheduled_works+0xa5d/0x15d0
[  508.850199][ T3443]  ? worker_attach_to_pool+0x380/0x380
[  508.855667][ T3443]  ? assign_work+0x3d2/0x5d0
[  508.860267][ T3443]  worker_thread+0xa55/0xfc0
[  508.864877][ T3443]  kthread+0x2fa/0x390
[  508.868948][ T3443]  ? pr_cont_work+0x560/0x560
[  508.873628][ T3443]  ? kthread_blkcg+0xd0/0xd0
[  508.878223][ T3443]  ret_from_fork+0x48/0x80
[  508.882654][ T3443]  ? kthread_blkcg+0xd0/0xd0
[  508.887251][ T3443]  ret_from_fork_asm+0x11/0x20
[  508.892030][ T3443]  </TASK>
[  508.924850][ T3443] mac80211_hwsim hwsim5 wlan1 (unregistering): left promiscuous mode
[  508.932978][ T3443] mac80211_hwsim hwsim5 wlan1 (unregistering): left allmulticast mode
[  508.984249][ T3443] team0: Port device wlan1 removed
[  509.201719][ T3443] bridge0: port 4(team0) entered disabled state
[  509.214185][ T3443] bridge_slave_1: left allmulticast mode
[  509.219923][ T3443] bridge_slave_1: left promiscuous mode
[  509.227018][ T3443] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.235932][ T3443] bridge_slave_0: left promiscuous mode
[  509.241701][ T3443] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.254513][ T3443] veth0_macvtap: left promiscuous mode
[  509.260165][ T3443] veth1_vlan: left promiscuous mode
[  509.479339][ T3443] team_slave_1 (unregistering): left promiscuous mode
[  509.486341][ T3443] team_slave_1 (unregistering): left allmulticast mode
[  509.496876][ T3443] team0 (unregistering): Port device team_slave_1 removed
[  509.520164][ T3443] C (unregistering): left promiscuous mode
[  509.526038][ T3443] C (unregistering): left allmulticast mode
[  509.532627][ T3443] team0 (unregistering): Port device C removed
[  510.070404][T12959] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  510.081180][T12959] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  510.091285][T12959] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  510.100687][T12959] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  510.160102][T12959] 8021q: adding VLAN 0 to HW filter on device bond0
[  510.180414][T12959] 8021q: adding VLAN 0 to HW filter on device team0
[  510.191862][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  510.199021][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  510.211828][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  510.218982][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  510.385445][T12959] 8021q: adding VLAN 0 to HW filter on device batadv0
[  510.425972][T12959] veth0_vlan: entered promiscuous mode
[  510.438696][T12959] veth1_vlan: entered promiscuous mode
[  510.468808][T12959] veth0_macvtap: entered promiscuous mode
[  510.480411][T12959] veth1_macvtap: entered promiscuous mode
[  510.487075][ T5089] Bluetooth: hci1: command tx timeout
[  510.506252][T12959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  510.516808][T12959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.526747][T12959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  510.537719][T12959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.548890][T12959] batman_adv: batadv0: Interface activated: batadv_slave_0
[  510.563993][T12959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.574822][T12959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.586301][T12959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.596882][T12959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.608170][T12959] batman_adv: batadv0: Interface activated: batadv_slave_1
[  510.620285][T12959] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  510.629998][T12959] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  510.639393][T12959] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  510.651918][T12959] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  510.688628][T12959] ieee80211 phy23: Selected rate control algorithm 'minstrel_ht'
[  510.711919][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  510.713379][T12959] ieee80211 phy24: Selected rate control algorithm 'minstrel_ht'
[  510.735922][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  510.759542][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  510.769006][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.563675][ T5089] Bluetooth: hci1: command tx timeout