last executing test programs:

33m51.183504519s ago: executing program 1 (id=760):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x5}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x7d, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x1b}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2000000}, 0x80)

33m47.935908499s ago: executing program 1 (id=772):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@in6={0xa, 0x4e21, 0x0, @empty}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x63e752821c723e94, 0x37}], 0x10}, 0x97)
r1 = socket$kcm(0x2, 0x3, 0x106)
sendmsg$inet(r1, &(0x7f0000000340)={&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000080)="b5fa4fc5", 0x4}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f00000005c0)=ANY=[@ANYBLOB="18080000d0ff00000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000007180100002020782500000000002020207b1af8ff00000000bf9500000000000007010000f8ffffffb7024c0008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x94)

33m47.711918882s ago: executing program 1 (id=764):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000380)='%pI4   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, <r2=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000007000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

33m47.441297058s ago: executing program 1 (id=767):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

33m46.977593195s ago: executing program 1 (id=770):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xf, 0x3, 0x2)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xf1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x201}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x0, 0x0, 0x1, 0x400}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000000080000000000000000000850000001800000085000000a000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0xc7, &(0x7f0000000140)=""/199}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x110}, 0x10140)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x200}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080))
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x4c, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="791298000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916140000000000bf6700000000000066060500000000206706000002000000760300000ee60060bf050000000000002c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e80100008000000000887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d69bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527f5649bd60df638596fd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d095b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe08735d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b39437f1ea2df0000000000000000000000000022b90d93a267f3af4e02606f0ce6c2ffc4cab575a09d6e625f3248689005eb4a9c8df3c67e6b2b759cab3a7bedf1b927cd8ba6d13b3e7d7279515e3d6d20"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
setsockopt$sock_attach_bpf(r3, 0x10e, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(r3, 0x10e, 0x2, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

33m45.679847041s ago: executing program 1 (id=778):
r0 = socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x21, 0x2, 0x2)
r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x4800, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4080b000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x50205100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000240)={r0})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0300005a0600a68c450523c0cbcf00a8000000000000bed6e6005e4cda4000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r2, &(0x7f0000000040), 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f00000001c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000001d0000000c0000000c000000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20)
r3 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000a80), 0x1}, 0x0, 0xfffffffffffffffe, 0x2, 0x8, 0x2, 0xfffffffc}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r5, 0x0, &(0x7f0000001740)=""/4085}, 0x20)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$kcm(0x2, 0x3, 0x84)

33m30.599847235s ago: executing program 32 (id=778):
r0 = socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x21, 0x2, 0x2)
r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x4800, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4080b000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x50205100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000240)={r0})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0300005a0600a68c450523c0cbcf00a8000000000000bed6e6005e4cda4000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r2, &(0x7f0000000040), 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f00000001c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000001d0000000c0000000c000000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20)
r3 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000a80), 0x1}, 0x0, 0xfffffffffffffffe, 0x2, 0x8, 0x2, 0xfffffffc}, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r5, 0x0, &(0x7f0000001740)=""/4085}, 0x20)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$kcm(0x2, 0x3, 0x84)

33m30.580749655s ago: executing program 3 (id=817):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x23}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x20, &(0x7f0000000380)={&(0x7f00000001c0)=""/6, 0x6, <r0=>0x0, &(0x7f0000000680)=""/202, 0xca}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x35, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46a, 0x1, @perf_bp={0x0}, 0x81, 0x3, 0x0, 0x0, 0x1, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
r4 = socket$kcm(0xa, 0x2, 0x88)
setsockopt$sock_attach_bpf(r4, 0x1, 0x41, &(0x7f0000000040)=r3, 0x4)
r5 = perf_event_open$cgroup(&(0x7f0000000580)={0x4e5ffadc8933b939, 0x80, 0x2, 0x76, 0x10, 0x3, 0x0, 0x9, 0x10, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000540), 0x3}, 0x2, 0x497cb432, 0x81, 0xc, 0xc, 0x7, 0x3, 0x0, 0x1, 0x0, 0x2}, r3, 0x10000, r3, 0x4)
ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r3, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x3, 0xa, 0x7, 0x14010, 0xffffffffffffffff, 0x6, '\x00', r6, r3, 0x3, 0x4, 0x5, 0xd, @void, @value, @value=r3}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000003000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xe, 0x0, &(0x7f00000003c0)="7993ff01190000e5ffa53b00008f", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

33m29.426769803s ago: executing program 3 (id=820):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffe}, 0x50)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="d80000001c0081", 0x7}], 0x1, 0x0, 0x0, 0x7400}, 0x20000001)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="180000006a"], 0xfe33)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r0, r2, 0x5}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000003c0)="d80000001c0081064e81f782db44b9040a1d3100000002a1180015000600142603600e1224000f0000810401a8001600200001400300000007391bd06b3c700ab35d620c95b01e10e14ffdc8ac7c15386ce70a215813b0461f63a7f6fd95c623e3d212a042d88f3d0ac26b877e51b5dab9cad4f096912ea264237b58eef1b95990846e51dae0a584bff8450e27411e8f3e9b81f30a3709958e3b47c8daa389aef7fd27f4b3f71262a6c586fdc3d2bca9da6c9d7d9d31ddf3db50c0af86646e28d1877c10b895b5b90d66a7ba0900000000000000c2fe8561", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cpu.idle\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[], 0x6a)

33m28.859804657s ago: executing program 3 (id=823):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x34c01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x10)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x13bb711e)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000ffffff00000000000000008510000002000000850000000f0000009500000000000000"], 0x0, 0xfffffdfe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)

33m27.895612553s ago: executing program 3 (id=828):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r4, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r3}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
sendmsg$inet(r1, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)

33m26.731928201s ago: executing program 3 (id=832):
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, @perf_config_ext={0x8, 0x4}, 0x0, 0x0, 0xc29a, 0x0, 0x40000000000, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c48000000e8fe55a1180015", 0x1f}], 0x1}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="33fe00002a0053ea"], 0xfe33)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000280)='syzkaller\x00')
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x8b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x9}, 0x0, 0x0, 0x6, 0x9, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x1100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x35, 0x0, 0x3, 0xfffffffe}, {0x98}, {0x0, 0xf}, {0x0, 0x0, 0x20}, {0x6, 0x0, 0x0, 0xac}]})
r6 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r6, 0x6, 0x17, &(0x7f0000000200), 0x4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x11201, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4136}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$unix(r7, &(0x7f0000000200)={&(0x7f0000000040)=@abs={0x1, 0x2e}, 0x6e, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f00000002c0)=0x5)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x100}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800c4"], 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21308, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, @perf_config_ext={0x1000, 0xfffffffffffffff4}, 0x104101, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffff7fe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b904021d080304000000e8fe03a1180015000600142603600e1208000f0000810401a80016040a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x8008)
r8 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0xfe33)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)

33m23.15776741s ago: executing program 3 (id=836):
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0x3) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r2, &(0x7f00000001c0), 0x0}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000080)={r1, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000600000007"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4) (async)
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r8}, 0xc)

33m7.628455941s ago: executing program 33 (id=836):
r0 = perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0x3) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r2, &(0x7f00000001c0), 0x0}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000080)={r1, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000600000007"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4) (async)
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r8}, 0xc)

3.077072279s ago: executing program 0 (id=9083):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="190000000400000004000000020000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32], 0x48)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="36400000250091"], 0xfe33)

2.963844056s ago: executing program 5 (id=9085):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xac, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x9, 0x2, 0xfffff271, 0xfffd, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

2.744911569s ago: executing program 5 (id=9089):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000000000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc)

2.440121256s ago: executing program 5 (id=9095):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x4}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
close(r3)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
r7 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
close(r9)
recvmsg$unix(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r7, 0x84, 0x64, &(0x7f0000000000)=r10, 0x10)
setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r6, 0x10)
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r11=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r11, 0x10)

2.272401966s ago: executing program 5 (id=9098):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000004, 0x200000008}, 0x2, 0x0, 0x0, 0x8, 0x43fe, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0xc220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000d60000000900000005"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000001680), &(0x7f0000002300), 0x8001, r0}, 0x38)

1.086541106s ago: executing program 2 (id=9109):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))

1.083722157s ago: executing program 4 (id=9110):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x4}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
close(r3)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0}, 0x40040d4)
setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r6, 0x10)
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r9, 0x10)

1.045182509s ago: executing program 0 (id=9111):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x17}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

947.785405ms ago: executing program 6 (id=9112):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000000)=""/48}, 0x20)

915.437177ms ago: executing program 2 (id=9113):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x31, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

914.175257ms ago: executing program 4 (id=9114):
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x201, 0x4, 0x98, 0x9, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_lsm={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="8510000004000000950080000000000018000000000000000000000000000002950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000300)=[0x0, 0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)

884.604228ms ago: executing program 0 (id=9115):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000691008000000000063000eff000000009500000c00000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x2d)

779.551895ms ago: executing program 6 (id=9116):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x96)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="736d60b971309d6e3d8ff7482942", 0x0, 0x2f000000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

737.206957ms ago: executing program 2 (id=9117):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xac, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x9, 0x2, 0xfffff271, 0xfffd, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e502000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

703.230619ms ago: executing program 0 (id=9118):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc0189436, 0x2000141a)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x5452, &(0x7f0000000400)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0xbc0, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x10}}], 0x10}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$unix(r1, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc11"], 0xfdef)

631.847883ms ago: executing program 4 (id=9119):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='K\x00'], 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
close(r0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c23003f)
ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180))
close(0x3)

631.532863ms ago: executing program 6 (id=9120):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600"], 0x48)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x801c581f, 0x0)

543.123268ms ago: executing program 0 (id=9121):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d004892e822a6abc02ad2602a5ad6f7007ea60864160af365935cfaea3f49d8df1931a0e64ffc4c78029ee517d34460bc06000000938037e70e457ae2bb24ef6697070000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40000022)
recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000009c0)=""/211, 0xd3}, {&(0x7f00000063c0)=""/4081, 0xff1}, {&(0x7f0000000880)=""/139, 0x8b}, {&(0x7f00000073c0)=""/4118, 0x1016}, {&(0x7f0000001ac0)=""/232, 0xe8}, {&(0x7f0000000480)=""/181, 0xb5}], 0x6}, 0x12022)
recvmsg$kcm(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10182)

529.919599ms ago: executing program 4 (id=9122):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)}, 0x40080)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e8, 0x0, @perf_bp={0x0}, 0x1beea, 0x6, 0x98, 0x0, 0x2, 0xfffff271, 0xfff8, 0x0, 0x0, 0x0, 0x21}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
close(0x3)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x58}, 0x10)

524.93436ms ago: executing program 5 (id=9123):
ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x40)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0x3, 0xfffd, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000400006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

395.366368ms ago: executing program 6 (id=9124):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))

393.916387ms ago: executing program 2 (id=9125):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x4}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
close(r3)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0}, 0x40040d4)
setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r6, 0x10)
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r9, 0x10)

243.655216ms ago: executing program 4 (id=9126):
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0xd50, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

241.042856ms ago: executing program 6 (id=9127):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x31, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

201.772149ms ago: executing program 2 (id=9128):
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}, 0x0, 0xb29}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000600)={0x5, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5, 0x80260, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xa, 0x0, 0x0, 0xa, 0x0, 0x5, 0x44, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x80, 0xa7, 0x2, 0x5, 0xa5, 0x9b9b, 0x7000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x5, 0x80, 0x8, 0x4, 0x0, 0x6, 0x0, 0xc000000000, 0x80053, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0xffffffff8dbbfc60, 0x1}, 0x100040, 0xffffffff, 0xfffffffa, 0x6, 0xda0, 0x2, 0x5, 0x0, 0x400, 0x0, 0x8000000000000001})

170.24223ms ago: executing program 5 (id=9129):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x32efe636, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x8000, 0x0, 0x0, 0x1, 0x3f6, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0}, 0x38)

15.700309ms ago: executing program 4 (id=9130):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94)
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xb6123, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0xfff, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, 0x0, 0x40)

15.314279ms ago: executing program 0 (id=9131):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x96)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, 0x0, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="736d60b971309d6e3d8ff7482942", 0x0, 0x2f000000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.23242ms ago: executing program 2 (id=9132):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc0189436, 0x2000141a)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x5452, &(0x7f0000000400)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0xbc0, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$unix(r1, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc11"], 0xfdef)

0s ago: executing program 6 (id=9133):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='K\x00'], 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
close(r0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c23003f)
ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180))
close(0x3)

kernel console output (not intermixed with test programs):

 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1903.566337][T28825] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1903.574988][T28825] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 1903.583014][T28825] RDX: 0000000000000006 RSI: 0000000000000006 RDI: 0000000000000004
[ 1903.591122][T28825] RBP: 00007f870a8ef090 R08: 0000000000000004 R09: 0000000000000000
[ 1903.599175][T28825] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[ 1903.607454][T28825] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 1903.615496][T28825]  </TASK>
[ 1904.869066][T28859] device syzkaller0 entered promiscuous mode
[ 1908.326208][T28893] netlink: 'syz.4.6353': attribute type 21 has an invalid length.
[ 1908.334932][T28894] netlink: 'syz.4.6353': attribute type 21 has an invalid length.
[ 1908.718352][T28900] device syzkaller0 entered promiscuous mode
[ 1908.763060][T28906] netlink: 'syz.5.6356': attribute type 6 has an invalid length.
[ 1908.771166][T28906] netlink: 'syz.5.6356': attribute type 30 has an invalid length.
[ 1909.824757][T28938] netlink: 'syz.5.6368': attribute type 2 has an invalid length.
[ 1912.796509][T28938] device 0 entered promiscuous mode
[ 1913.072821][T28945] netlink: 'syz.0.6379': attribute type 21 has an invalid length.
[ 1913.093623][T28945] netlink: 156 bytes leftover after parsing attributes in process `syz.0.6379'.
[ 1914.187598][T28974] device syzkaller0 entered promiscuous mode
[ 1914.528709][T28983] netlink: 'syz.5.6383': attribute type 16 has an invalid length.
[ 1914.547419][T28983] netlink: 132 bytes leftover after parsing attributes in process `syz.5.6383'.
[ 1918.696961][T12765] Bluetooth: hci1: command 0x0406 tx timeout
[ 1919.149600][T28987] netlink: 27419 bytes leftover after parsing attributes in process `syz.4.6384'.
[ 1919.159275][T28987] tc_dump_action: action bad kind
[ 1919.165856][T28990] netlink: 'syz.6.6385': attribute type 21 has an invalid length.
[ 1919.181961][T28990] netlink: 156 bytes leftover after parsing attributes in process `syz.6.6385'.
[ 1919.196643][T29008] netlink: 180 bytes leftover after parsing attributes in process `syz.5.6393'.
[ 1920.014072][T29031] netlink: 'syz.4.6398': attribute type 27 has an invalid length.
[ 1920.049099][T29031] netlink: 164 bytes leftover after parsing attributes in process `syz.4.6398'.
[ 1920.469666][T29046] device pim6reg1 entered promiscuous mode
[ 1920.656893][T29052] device syzkaller0 entered promiscuous mode
[ 1921.735137][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1921.741730][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1925.038460][T29061] netlink: 'syz.4.6407': attribute type 21 has an invalid length.
[ 1925.047275][T29061] netlink: 156 bytes leftover after parsing attributes in process `syz.4.6407'.
[ 1925.142602][T29068] device syzkaller0 entered promiscuous mode
[ 1929.680298][T29111] device syzkaller0 entered promiscuous mode
[ 1929.695362][T29120] netlink: 'syz.2.6424': attribute type 39 has an invalid length.
[ 1931.943416][T29175] FAULT_INJECTION: forcing a failure.
[ 1931.943416][T29175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1931.966158][T29175] CPU: 1 PID: 29175 Comm: syz.2.6443 Not tainted syzkaller #0
[ 1931.973918][T29175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1931.984126][T29175] Call Trace:
[ 1931.987457][T29175]  <TASK>
[ 1931.990432][T29175]  dump_stack_lvl+0x188/0x24e
[ 1931.995403][T29175]  ? show_regs_print_info+0x12/0x12
[ 1932.000746][T29175]  ? load_image+0x400/0x400
[ 1932.005406][T29175]  ? __lock_acquire+0x7d10/0x7d10
[ 1932.010515][T29175]  should_fail_ex+0x399/0x4d0
[ 1932.015530][T29175]  _copy_from_user+0x2c/0x170
[ 1932.020330][T29175]  __sys_bpf+0x2ea/0x780
[ 1932.024811][T29175]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1932.030531][T29175]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1932.036926][T29175]  __x64_sys_bpf+0x78/0x90
[ 1932.041491][T29175]  do_syscall_64+0x4c/0xa0
[ 1932.045976][T29175]  ? clear_bhb_loop+0x60/0xb0
[ 1932.050723][T29175]  ? clear_bhb_loop+0x60/0xb0
[ 1932.055458][T29175]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1932.061560][T29175] RIP: 0033:0x7f35a5d9aeb9
[ 1932.066022][T29175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1932.085983][T29175] RSP: 002b:00007f35a6c36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1932.094459][T29175] RAX: ffffffffffffffda RBX: 00007f35a6015fa0 RCX: 00007f35a5d9aeb9
[ 1932.102770][T29175] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000002
[ 1932.110855][T29175] RBP: 00007f35a6c36090 R08: 0000000000000000 R09: 0000000000000000
[ 1932.118984][T29175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1932.127014][T29175] R13: 00007f35a6016038 R14: 00007f35a6015fa0 R15: 00007ffcf6d0e198
[ 1932.135165][T29175]  </TASK>
[ 1932.742675][T29186] netlink: 'syz.2.6447': attribute type 11 has an invalid length.
[ 1932.789692][T29186] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.6447'.
[ 1932.874651][T29185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1936.908656][T29225] netlink: 'syz.2.6456': attribute type 3 has an invalid length.
[ 1936.938108][T29225] netlink: 'syz.2.6456': attribute type 2 has an invalid length.
[ 1936.970079][T29225] netlink: 'syz.2.6456': attribute type 9 has an invalid length.
[ 1936.992108][T29225] netlink: 201344 bytes leftover after parsing attributes in process `syz.2.6456'.
[ 1937.389681][T29235] netlink: 'syz.5.6460': attribute type 3 has an invalid length.
[ 1937.404583][T29237] device syzkaller0 entered promiscuous mode
[ 1937.428291][T29235] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.6460'.
[ 1937.460928][T29245] netlink: 'syz.5.6460': attribute type 3 has an invalid length.
[ 1937.500958][T29245] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.6460'.
[ 1937.958103][T29246] netlink: 'syz.0.6462': attribute type 39 has an invalid length.
[ 1941.525006][T29273] netlink: 14 bytes leftover after parsing attributes in process `syz.6.6470'.
[ 1944.007656][T29321] device syzkaller0 entered promiscuous mode
[ 1945.365400][T29346] FAULT_INJECTION: forcing a failure.
[ 1945.365400][T29346] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1945.435370][T29346] CPU: 1 PID: 29346 Comm: syz.6.6487 Not tainted syzkaller #0
[ 1945.443133][T29346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1945.453513][T29346] Call Trace:
[ 1945.456951][T29346]  <TASK>
[ 1945.460011][T29346]  dump_stack_lvl+0x188/0x24e
[ 1945.464903][T29346]  ? show_regs_print_info+0x12/0x12
[ 1945.470654][T29346]  ? load_image+0x400/0x400
[ 1945.475249][T29346]  ? __lock_acquire+0x7d10/0x7d10
[ 1945.480361][T29346]  ? snprintf+0xe5/0x140
[ 1945.484843][T29346]  should_fail_ex+0x399/0x4d0
[ 1945.489950][T29346]  _copy_to_user+0x2c/0x130
[ 1945.494537][T29346]  simple_read_from_buffer+0xe3/0x150
[ 1945.500186][T29346]  proc_fail_nth_read+0x1a6/0x220
[ 1945.505645][T29346]  ? proc_fault_inject_write+0x310/0x310
[ 1945.511380][T29346]  ? fsnotify_perm+0x248/0x550
[ 1945.516366][T29346]  ? proc_fault_inject_write+0x310/0x310
[ 1945.522335][T29346]  vfs_read+0x2de/0xa00
[ 1945.526860][T29346]  ? kernel_read+0x1e0/0x1e0
[ 1945.531639][T29346]  ? __fget_files+0x28/0x4b0
[ 1945.536317][T29346]  ? __fget_files+0x28/0x4b0
[ 1945.541071][T29346]  ? __fget_files+0x43d/0x4b0
[ 1945.545836][T29346]  ? __fdget_pos+0x2ae/0x360
[ 1945.550494][T29346]  ? ksys_read+0x71/0x250
[ 1945.554900][T29346]  ksys_read+0x14c/0x250
[ 1945.559391][T29346]  ? vfs_write+0xa30/0xa30
[ 1945.563978][T29346]  ? lockdep_hardirqs_on+0x94/0x140
[ 1945.569382][T29346]  do_syscall_64+0x4c/0xa0
[ 1945.574130][T29346]  ? clear_bhb_loop+0x60/0xb0
[ 1945.579047][T29346]  ? clear_bhb_loop+0x60/0xb0
[ 1945.583794][T29346]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1945.589752][T29346] RIP: 0033:0x7f90dbf5b78e
[ 1945.594339][T29346] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1945.614731][T29346] RSP: 002b:00007f90dcef5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1945.624825][T29346] RAX: ffffffffffffffda RBX: 00007f90dcef66c0 RCX: 00007f90dbf5b78e
[ 1945.633229][T29346] RDX: 000000000000000f RSI: 00007f90dcef60a0 RDI: 0000000000000008
[ 1945.641539][T29346] RBP: 00007f90dcef6090 R08: 0000000000000000 R09: 0000000000000000
[ 1945.649915][T29346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1945.658230][T29346] R13: 00007f90dc216128 R14: 00007f90dc216090 R15: 00007fffbb5195c8
[ 1945.666455][T29346]  </TASK>
[ 1949.624811][T29343] netlink: 'syz.4.6485': attribute type 39 has an invalid length.
[ 1949.997843][T29375] netlink: 'syz.2.6498': attribute type 3 has an invalid length.
[ 1950.013495][T29375] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6498'.
[ 1950.017268][T29381] netlink: 'syz.2.6498': attribute type 3 has an invalid length.
[ 1950.173014][T29381] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6498'.
[ 1951.290893][T29403] netlink: 'syz.5.6508': attribute type 10 has an invalid length.
[ 1951.322104][T29403] netlink: 55 bytes leftover after parsing attributes in process `syz.5.6508'.
[ 1951.562223][T29413] netlink: 1 bytes leftover after parsing attributes in process `syz.4.6509'.
[ 1952.039789][T29430] netlink: 'syz.6.6517': attribute type 3 has an invalid length.
[ 1952.087691][T29430] netlink: 105116 bytes leftover after parsing attributes in process `syz.6.6517'.
[ 1952.106339][T29433] netlink: 'syz.6.6517': attribute type 3 has an invalid length.
[ 1952.122032][T29433] netlink: 105116 bytes leftover after parsing attributes in process `syz.6.6517'.
[ 1952.431778][T29441] netlink: 'syz.2.6522': attribute type 16 has an invalid length.
[ 1952.452517][T29441] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6522'.
[ 1954.077515][T29481] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6536'.
[ 1956.404313][T29522] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1956.541754][T29522] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1956.672690][T29522] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1956.680352][T29522] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1964.771792][ T4281] Bluetooth: hci0: command 0x0406 tx timeout
[ 1967.241757][T29649] netlink: 'syz.0.6589': attribute type 7 has an invalid length.
[ 1968.027289][T29663] netlink: 'syz.4.6592': attribute type 29 has an invalid length.
[ 1968.130429][T29663] netlink: 'syz.4.6592': attribute type 29 has an invalid length.
[ 1968.213477][T29660] netlink: 'syz.4.6592': attribute type 29 has an invalid length.
[ 1969.764562][T29688] netlink: 180 bytes leftover after parsing attributes in process `syz.4.6602'.
[ 1971.849636][T29738] netlink: 180 bytes leftover after parsing attributes in process `syz.6.6619'.
[ 1973.087489][T29763] netlink: 'syz.6.6626': attribute type 1 has an invalid length.
[ 1973.121569][T29763] netlink: 105116 bytes leftover after parsing attributes in process `syz.6.6626'.
[ 1974.190801][T29774] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1975.463702][T29819] netlink: 9087 bytes leftover after parsing attributes in process `syz.6.6644'.
[ 1977.082684][T29862] netlink: 'syz.5.6656': attribute type 11 has an invalid length.
[ 1977.104023][T29862] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.6656'.
[ 1977.180871][T29865] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1979.167312][T29879] netlink: 6319 bytes leftover after parsing attributes in process `syz.6.6661'.
[ 1979.336538][T29887] netlink: 180 bytes leftover after parsing attributes in process `syz.4.6665'.
[ 1980.341296][T29896] netlink: 'syz.6.6668': attribute type 29 has an invalid length.
[ 1980.432910][T29896] netlink: 'syz.6.6668': attribute type 29 has an invalid length.
[ 1980.502033][T29897] netlink: 'syz.6.6668': attribute type 29 has an invalid length.
[ 1981.796003][T29928] netlink: 180 bytes leftover after parsing attributes in process `syz.0.6679'.
[ 1982.331126][T29942] netlink: 'syz.0.6683': attribute type 29 has an invalid length.
[ 1982.378238][T29942] netlink: 'syz.0.6683': attribute type 29 has an invalid length.
[ 1982.679871][T29942] netlink: 'syz.0.6683': attribute type 29 has an invalid length.
[ 1983.111943][T29958] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1983.177010][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1983.183647][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1983.623701][T29971] netlink: 6319 bytes leftover after parsing attributes in process `syz.5.6692'.
[ 1983.723269][T29974] netlink: 180 bytes leftover after parsing attributes in process `syz.6.6694'.
[ 1984.667217][T29981] netlink: 180 bytes leftover after parsing attributes in process `syz.5.6707'.
[ 1985.215070][T29997] netlink: 'syz.6.6702': attribute type 2 has an invalid length.
[ 1985.265536][T29990] delete_channel: no stack
[ 1985.298198][T29997] device 0 entered promiscuous mode
[ 1986.797669][T30035] netlink: 180 bytes leftover after parsing attributes in process `syz.0.6713'.
[ 1988.400080][T30079] netlink: 180 bytes leftover after parsing attributes in process `syz.6.6729'.
[ 1988.708480][T30086] netlink: 144 bytes leftover after parsing attributes in process `syz.4.6731'.
[ 1988.734527][T30086] netlink: 'syz.4.6731': attribute type 7 has an invalid length.
[ 1989.449771][T30112] FAULT_INJECTION: forcing a failure.
[ 1989.449771][T30112] name failslab, interval 1, probability 0, space 0, times 0
[ 1989.470385][T30112] CPU: 1 PID: 30112 Comm: syz.0.6741 Not tainted syzkaller #0
[ 1989.477957][T30112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1989.488339][T30112] Call Trace:
[ 1989.491853][T30112]  <TASK>
[ 1989.494835][T30112]  dump_stack_lvl+0x188/0x24e
[ 1989.499673][T30112]  ? show_regs_print_info+0x12/0x12
[ 1989.504916][T30112]  ? load_image+0x400/0x400
[ 1989.509522][T30112]  ? __might_sleep+0xd0/0xd0
[ 1989.514263][T30112]  ? __lock_acquire+0x7d10/0x7d10
[ 1989.519369][T30112]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1989.525398][T30112]  should_fail_ex+0x399/0x4d0
[ 1989.530220][T30112]  should_failslab+0x5/0x20
[ 1989.534998][T30112]  slab_pre_alloc_hook+0x59/0x310
[ 1989.540423][T30112]  ? lockdep_hardirqs_on+0x94/0x140
[ 1989.545915][T30112]  ? kernfs_fop_write_iter+0x155/0x520
[ 1989.551506][T30112]  __kmem_cache_alloc_node+0x4f/0x260
[ 1989.557011][T30112]  ? kernfs_fop_write_iter+0x155/0x520
[ 1989.562760][T30112]  __kmalloc+0xa0/0x240
[ 1989.567051][T30112]  kernfs_fop_write_iter+0x155/0x520
[ 1989.572385][T30112]  vfs_write+0x4b1/0xa30
[ 1989.576773][T30112]  ? file_end_write+0x250/0x250
[ 1989.581962][T30112]  ? __fget_files+0x43d/0x4b0
[ 1989.586906][T30112]  ? __fdget_pos+0x2ae/0x360
[ 1989.591549][T30112]  ? ksys_write+0x71/0x250
[ 1989.596029][T30112]  ksys_write+0x14c/0x250
[ 1989.600406][T30112]  ? __ia32_sys_read+0x80/0x80
[ 1989.605408][T30112]  ? syscall_enter_from_user_mode+0x2a/0x80
[ 1989.611444][T30112]  do_syscall_64+0x4c/0xa0
[ 1989.615899][T30112]  ? clear_bhb_loop+0x60/0xb0
[ 1989.620630][T30112]  ? clear_bhb_loop+0x60/0xb0
[ 1989.625410][T30112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1989.631446][T30112] RIP: 0033:0x7fbd6bf9aeb9
[ 1989.635987][T30112] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1989.656070][T30112] RSP: 002b:00007fbd6ce3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1989.664526][T30112] RAX: ffffffffffffffda RBX: 00007fbd6c215fa0 RCX: 00007fbd6bf9aeb9
[ 1989.672553][T30112] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000006
[ 1989.680753][T30112] RBP: 00007fbd6ce3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1989.688961][T30112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1989.697084][T30112] R13: 00007fbd6c216038 R14: 00007fbd6c215fa0 R15: 00007ffe78d4f728
[ 1989.705116][T30112]  </TASK>
[ 1989.939644][T30115] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6742'.
[ 1989.975046][T30115] device caif0 entered promiscuous mode
[ 1990.158599][T30123] netlink: 'syz.5.6746': attribute type 3 has an invalid length.
[ 1990.181777][T30123] netlink: 'syz.5.6746': attribute type 1 has an invalid length.
[ 1990.190244][T30123] netlink: 60387 bytes leftover after parsing attributes in process `syz.5.6746'.
[ 1992.309215][T30165] netlink: 'syz.5.6760': attribute type 41 has an invalid length.
[ 1992.358124][T30165] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6760'.
[ 1993.332478][T12765] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1993.345481][ T4270] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1993.354260][ T4270] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1993.373949][ T4270] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1993.383163][ T4270] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1993.395462][ T4270] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1993.500723][T30188] netlink: 'syz.0.6767': attribute type 3 has an invalid length.
[ 1993.510989][T30188] netlink: 'syz.0.6767': attribute type 1 has an invalid length.
[ 1993.520143][T30188] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.6767'.
[ 1995.190496][T18918] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1995.306921][T30186] chnl_net:caif_netlink_parms(): no params data found
[ 1995.411591][ T4281] Bluetooth: hci3: command 0x0409 tx timeout
[ 1995.599937][T18918] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1995.623931][T30219] netlink: 194236 bytes leftover after parsing attributes in process `syz.0.6778'.
[ 1995.670371][T30219] netlink: zone id is out of range
[ 1995.679894][T30219] netlink: zone id is out of range
[ 1995.691760][T30219] netlink: zone id is out of range
[ 1995.731587][T30219] netlink: zone id is out of range
[ 1995.770288][T30219] netlink: zone id is out of range
[ 1995.791558][T30219] netlink: zone id is out of range
[ 1995.796904][T30219] netlink: zone id is out of range
[ 1995.830980][T30219] netlink: zone id is out of range
[ 1995.885209][T30219] netlink: zone id is out of range
[ 1995.890439][T30219] netlink: zone id is out of range
[ 1996.011534][T18918] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1996.305237][T18918] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1996.424674][T30186] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1996.492461][T30186] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1996.539809][T30186] device bridge_slave_0 entered promiscuous mode
[ 1996.597061][T30186] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1996.632217][T30186] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1996.679193][T30186] device bridge_slave_1 entered promiscuous mode
[ 1996.927908][T30186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1996.990796][T30186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1997.260499][T30186] team0: Port device team_slave_0 added
[ 1997.320244][T30186] team0: Port device team_slave_1 added
[ 1997.399764][T18918] device 0 left promiscuous mode
[ 1997.445128][T30186] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1997.488207][T30186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1997.521724][ T4281] Bluetooth: hci3: command 0x041b tx timeout
[ 1997.686223][T30186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1998.092500][T30186] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1998.104235][T30186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1998.208776][T30186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1998.301960][T30259] netlink: 'syz.4.6792': attribute type 2 has an invalid length.
[ 1998.342271][T30259] netlink: 'syz.4.6792': attribute type 1 has an invalid length.
[ 1999.426808][T30186] device hsr_slave_0 entered promiscuous mode
[ 1999.489755][T30186] device hsr_slave_1 entered promiscuous mode
[ 1999.558376][T30186] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1999.571493][ T4281] Bluetooth: hci3: command 0x040f tx timeout
[ 1999.577891][T30186] Cannot create hsr debugfs directory
[ 2001.669289][ T4270] Bluetooth: hci3: command 0x0419 tx timeout
[ 2003.358089][T18918] syzkaller: port 1(erspan0) entered disabled state
[ 2003.495495][T18918] device erspan0 left promiscuous mode
[ 2003.523745][T18918] syzkaller: port 1(erspan0) entered disabled state
[ 2007.068890][T18918] device veth1_macvtap left promiscuous mode
[ 2007.111784][T18918] device veth0_macvtap left promiscuous mode
[ 2007.118321][T18918] device veth1_vlan left promiscuous mode
[ 2007.218853][T30376] FAULT_INJECTION: forcing a failure.
[ 2007.218853][T30376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2007.291882][T30376] CPU: 1 PID: 30376 Comm: syz.0.6819 Not tainted syzkaller #0
[ 2007.299632][T30376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2007.309845][T30376] Call Trace:
[ 2007.313291][T30376]  <TASK>
[ 2007.316296][T30376]  dump_stack_lvl+0x188/0x24e
[ 2007.321273][T30376]  ? show_regs_print_info+0x12/0x12
[ 2007.326646][T30376]  ? load_image+0x400/0x400
[ 2007.331384][T30376]  ? __lock_acquire+0x7d10/0x7d10
[ 2007.336571][T30376]  should_fail_ex+0x399/0x4d0
[ 2007.341322][T30376]  _copy_from_user+0x2c/0x170
[ 2007.346150][T30376]  bpf_prog_test_run_skb+0x262/0x12a0
[ 2007.351768][T30376]  ? __fget_files+0x28/0x4b0
[ 2007.356611][T30376]  ? __fget_files+0x28/0x4b0
[ 2007.361278][T30376]  ? __fget_files+0x43d/0x4b0
[ 2007.366136][T30376]  ? cpu_online+0xa0/0xa0
[ 2007.370611][T30376]  bpf_prog_test_run+0x31e/0x390
[ 2007.375739][T30376]  __sys_bpf+0x62b/0x780
[ 2007.380340][T30376]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2007.385783][T30376]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2007.392011][T30376]  __x64_sys_bpf+0x78/0x90
[ 2007.396500][T30376]  do_syscall_64+0x4c/0xa0
[ 2007.400963][T30376]  ? clear_bhb_loop+0x60/0xb0
[ 2007.405685][T30376]  ? clear_bhb_loop+0x60/0xb0
[ 2007.410404][T30376]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2007.416345][T30376] RIP: 0033:0x7fbd6bf9aeb9
[ 2007.420804][T30376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2007.441006][T30376] RSP: 002b:00007fbd6ce3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2007.449566][T30376] RAX: ffffffffffffffda RBX: 00007fbd6c215fa0 RCX: 00007fbd6bf9aeb9
[ 2007.457818][T30376] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 000000000000000a
[ 2007.466029][T30376] RBP: 00007fbd6ce3d090 R08: 0000000000000000 R09: 0000000000000000
[ 2007.474240][T30376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2007.482353][T30376] R13: 00007fbd6c216038 R14: 00007fbd6c215fa0 R15: 00007ffe78d4f728
[ 2007.491104][T30376]  </TASK>
[ 2007.703664][T30381] TCP: TCP_TX_DELAY enabled
[ 2008.523218][T18918] team0 (unregistering): Port device geneve1 removed
[ 2009.469799][T18918] team0 (unregistering): Port device vlan0 removed
[ 2010.161709][T18918] team0 (unregistering): Port device team_slave_1 removed
[ 2010.448114][T18918] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2010.461027][T18918] device bond_slave_1 left promiscuous mode
[ 2010.564026][T18918] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2010.579248][T18918] device bond_slave_0 left promiscuous mode
[ 2011.236211][T18918] bond0 (unregistering): Released all slaves
[ 2011.360839][T30387] netlink: 160 bytes leftover after parsing attributes in process `syz.0.6823'.
[ 2011.433632][T30387] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 2011.464797][T30388] netlink: 160 bytes leftover after parsing attributes in process `syz.0.6823'.
[ 2011.482626][T30388] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 2011.636181][T30186] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2011.846288][T30186] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2011.912340][T30186] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2011.954230][T30186] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2012.732124][T30186] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2012.834081][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2012.872723][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2012.923263][T30186] 8021q: adding VLAN 0 to HW filter on device team0
[ 2013.012086][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2013.036053][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2013.088996][T18916] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2013.096680][T18916] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2013.137504][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2013.222735][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2013.233494][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2013.263313][T18919] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2013.270628][T18919] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2013.331666][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 2013.372424][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 2013.415291][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 2013.445368][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2013.496815][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 2013.555726][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2013.604863][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 2013.669946][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 2013.707601][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 2013.724085][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 2013.739442][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 2013.782477][T30186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 2013.858062][T30441] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6836'.
[ 2013.936245][T30444] netlink: 14207 bytes leftover after parsing attributes in process `syz.4.6836'.
[ 2013.995480][T30439] delete_channel: no stack
[ 2017.312604][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 2017.320575][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 2017.373072][T30186] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2018.383773][T30501] netlink: 'syz.5.6846': attribute type 5 has an invalid length.
[ 2018.580675][T30500] netlink: 'syz.0.6848': attribute type 10 has an invalid length.
[ 2020.109697][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 2020.172153][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 2020.374416][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 2020.413724][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 2020.477561][T30186] device veth0_vlan entered promiscuous mode
[ 2020.509560][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 2020.548465][T18916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 2020.613545][T30186] device veth1_vlan entered promiscuous mode
[ 2020.984637][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 2021.033666][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 2021.123138][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 2021.202749][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 2021.247877][T30186] device veth0_macvtap entered promiscuous mode
[ 2021.329676][T30186] device veth1_macvtap entered promiscuous mode
[ 2021.471955][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 2021.510713][T18919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 2021.767177][T30533] device syzkaller0 entered promiscuous mode
[ 2021.962321][T30186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2021.992454][T30186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2022.031745][T30186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2022.062943][T30186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2022.104723][T30186] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2027.105350][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 2027.114736][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 2027.130755][T30186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2027.142160][T30186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2027.153933][T30186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2027.164792][T30186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2027.175479][T30186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2027.187441][T30186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2027.201254][T30186] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2027.256302][T30561] netlink: 'syz.4.6859': attribute type 10 has an invalid length.
[ 2027.292168][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 2027.312603][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 2027.622782][T30186] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.651671][T30186] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.672158][T30186] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.681079][T30186] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2027.871848][T18906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2027.879937][T18906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2027.931246][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 2028.069412][T18906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2028.152036][T18906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2028.192972][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 2028.584064][T30589] FAULT_INJECTION: forcing a failure.
[ 2028.584064][T30589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2028.647455][T30589] CPU: 0 PID: 30589 Comm: syz.6.6756 Not tainted syzkaller #0
[ 2028.655114][T30589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2028.665318][T30589] Call Trace:
[ 2028.668660][T30589]  <TASK>
[ 2028.671658][T30589]  dump_stack_lvl+0x188/0x24e
[ 2028.676417][T30589]  ? show_regs_print_info+0x12/0x12
[ 2028.681769][T30589]  ? load_image+0x400/0x400
[ 2028.686335][T30589]  ? __lock_acquire+0x7d10/0x7d10
[ 2028.691613][T30589]  should_fail_ex+0x399/0x4d0
[ 2028.696561][T30589]  _copy_from_iter+0x1c0/0x1130
[ 2028.701496][T30589]  ? __lock_acquire+0x7d10/0x7d10
[ 2028.706599][T30589]  ? copyout_mc+0x110/0x110
[ 2028.711187][T30589]  ? __virt_addr_valid+0x188/0x540
[ 2028.716379][T30589]  ? __virt_addr_valid+0x188/0x540
[ 2028.721651][T30589]  ? __virt_addr_valid+0x465/0x540
[ 2028.726832][T30589]  ? __check_object_size+0x500/0xa40
[ 2028.732213][T30589]  kernfs_fop_write_iter+0x1a0/0x520
[ 2028.737574][T30589]  vfs_write+0x4b1/0xa30
[ 2028.741900][T30589]  ? file_end_write+0x250/0x250
[ 2028.746972][T30589]  ? __fget_files+0x43d/0x4b0
[ 2028.751735][T30589]  ? __fdget_pos+0x2ae/0x360
[ 2028.756395][T30589]  ? ksys_write+0x71/0x250
[ 2028.760887][T30589]  ksys_write+0x14c/0x250
[ 2028.765393][T30589]  ? __ia32_sys_read+0x80/0x80
[ 2028.770343][T30589]  do_syscall_64+0x4c/0xa0
[ 2028.775005][T30589]  ? clear_bhb_loop+0x60/0xb0
[ 2028.779743][T30589]  ? clear_bhb_loop+0x60/0xb0
[ 2028.784570][T30589]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2028.790533][T30589] RIP: 0033:0x7fe5ee59aeb9
[ 2028.795013][T30589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2028.814862][T30589] RSP: 002b:00007fe5ef36e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2028.823345][T30589] RAX: ffffffffffffffda RBX: 00007fe5ee815fa0 RCX: 00007fe5ee59aeb9
[ 2028.831366][T30589] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000006
[ 2028.839388][T30589] RBP: 00007fe5ef36e090 R08: 0000000000000000 R09: 0000000000000000
[ 2028.847412][T30589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2028.855445][T30589] R13: 00007fe5ee816038 R14: 00007fe5ee815fa0 R15: 00007ffe35188698
[ 2028.863522][T30589]  </TASK>
[ 2029.467259][T30606] netlink: 'syz.2.6870': attribute type 1 has an invalid length.
[ 2029.714715][T30606] netlink: 'syz.2.6870': attribute type 1 has an invalid length.
[ 2029.845018][T30606] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.6870'.
[ 2029.889706][T30607] netlink: 'syz.6.6872': attribute type 10 has an invalid length.
[ 2033.346893][T30645] FAULT_INJECTION: forcing a failure.
[ 2033.346893][T30645] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2033.467561][T30645] CPU: 1 PID: 30645 Comm: syz.4.6884 Not tainted syzkaller #0
[ 2033.475130][T30645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2033.485320][T30645] Call Trace:
[ 2033.488666][T30645]  <TASK>
[ 2033.491749][T30645]  dump_stack_lvl+0x188/0x24e
[ 2033.496588][T30645]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2033.503088][T30645]  ? show_regs_print_info+0x12/0x12
[ 2033.508453][T30645]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2033.514697][T30645]  should_fail_ex+0x399/0x4d0
[ 2033.519557][T30645]  _copy_to_user+0x2c/0x130
[ 2033.524302][T30645]  simple_read_from_buffer+0xe3/0x150
[ 2033.529864][T30645]  proc_fail_nth_read+0x1a6/0x220
[ 2033.535047][T30645]  ? proc_fault_inject_write+0x310/0x310
[ 2033.540723][T30645]  ? fsnotify_perm+0x248/0x550
[ 2033.545531][T30645]  ? proc_fault_inject_write+0x310/0x310
[ 2033.551210][T30645]  vfs_read+0x2de/0xa00
[ 2033.555936][T30645]  ? kernel_read+0x1e0/0x1e0
[ 2033.560597][T30645]  ? __fget_files+0x28/0x4b0
[ 2033.565221][T30645]  ? __fget_files+0x28/0x4b0
[ 2033.569849][T30645]  ? __fget_files+0x43d/0x4b0
[ 2033.574620][T30645]  ? __fdget_pos+0x2ae/0x360
[ 2033.579255][T30645]  ? ksys_read+0x71/0x250
[ 2033.583710][T30645]  ksys_read+0x14c/0x250
[ 2033.588001][T30645]  ? vfs_write+0xa30/0xa30
[ 2033.592623][T30645]  do_syscall_64+0x4c/0xa0
[ 2033.597079][T30645]  ? clear_bhb_loop+0x60/0xb0
[ 2033.601920][T30645]  ? clear_bhb_loop+0x60/0xb0
[ 2033.606648][T30645]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2033.612658][T30645] RIP: 0033:0x7f870995b78e
[ 2033.617111][T30645] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2033.636926][T30645] RSP: 002b:00007f870a8eefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2033.645371][T30645] RAX: ffffffffffffffda RBX: 00007f870a8ef6c0 RCX: 00007f870995b78e
[ 2033.653467][T30645] RDX: 000000000000000f RSI: 00007f870a8ef0a0 RDI: 0000000000000007
[ 2033.661558][T30645] RBP: 00007f870a8ef090 R08: 0000000000000000 R09: 0000000000000000
[ 2033.669553][T30645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2033.677547][T30645] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2033.685562][T30645]  </TASK>
[ 2034.420476][T30657] netlink: 'syz.5.6886': attribute type 10 has an invalid length.
[ 2034.449881][T30657] device bond0 left promiscuous mode
[ 2034.456394][T30657] device bond_slave_0 left promiscuous mode
[ 2034.482266][T30657] device bond_slave_1 left promiscuous mode
[ 2034.855352][T30670] netlink: 'syz.4.6888': attribute type 13 has an invalid length.
[ 2034.907104][T30670] netlink: 160 bytes leftover after parsing attributes in process `syz.4.6888'.
[ 2035.352825][T30674] netlink: 'syz.5.6891': attribute type 9 has an invalid length.
[ 2035.381637][T30674] netlink: 61951 bytes leftover after parsing attributes in process `syz.5.6891'.
[ 2035.441260][T30679] FAULT_INJECTION: forcing a failure.
[ 2035.441260][T30679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2035.491981][T30679] CPU: 0 PID: 30679 Comm: syz.0.6893 Not tainted syzkaller #0
[ 2035.499541][T30679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2035.509731][T30679] Call Trace:
[ 2035.513061][T30679]  <TASK>
[ 2035.516132][T30679]  dump_stack_lvl+0x188/0x24e
[ 2035.521053][T30679]  ? show_regs_print_info+0x12/0x12
[ 2035.526348][T30679]  ? load_image+0x400/0x400
[ 2035.530914][T30679]  ? __lock_acquire+0x7d10/0x7d10
[ 2035.536041][T30679]  ? __rwlock_init+0x140/0x140
[ 2035.540916][T30679]  should_fail_ex+0x399/0x4d0
[ 2035.545667][T30679]  _copy_from_user+0x2c/0x170
[ 2035.550508][T30679]  ___sys_sendmsg+0x1c3/0x360
[ 2035.555430][T30679]  ? __sys_sendmsg+0x290/0x290
[ 2035.560301][T30679]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2035.565296][T30679]  ? __x64_sys_sendmsg+0x80/0x80
[ 2035.570311][T30679]  ? lockdep_hardirqs_on+0x94/0x140
[ 2035.575571][T30679]  do_syscall_64+0x4c/0xa0
[ 2035.580064][T30679]  ? clear_bhb_loop+0x60/0xb0
[ 2035.584793][T30679]  ? clear_bhb_loop+0x60/0xb0
[ 2035.589612][T30679]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2035.595799][T30679] RIP: 0033:0x7fbd6bf9aeb9
[ 2035.600355][T30679] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2035.620100][T30679] RSP: 002b:00007fbd6ce3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2035.628748][T30679] RAX: ffffffffffffffda RBX: 00007fbd6c215fa0 RCX: 00007fbd6bf9aeb9
[ 2035.636943][T30679] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000006
[ 2035.644982][T30679] RBP: 00007fbd6ce3d090 R08: 0000000000000000 R09: 0000000000000000
[ 2035.653349][T30679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2035.661522][T30679] R13: 00007fbd6c216038 R14: 00007fbd6c215fa0 R15: 00007ffe78d4f728
[ 2035.669778][T30679]  </TASK>
[ 2035.717555][T30683] netlink: 'syz.6.6895': attribute type 10 has an invalid length.
[ 2035.750041][T30683] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6895'.
[ 2035.786910][T30683] bridge0: port 3(veth0_vlan) entered blocking state
[ 2035.809979][T30683] bridge0: port 3(veth0_vlan) entered disabled state
[ 2035.853698][T30683] net_ratelimit: 1 callbacks suppressed
[ 2035.853728][T30683] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[ 2036.247771][T30698] netlink: 'syz.6.6901': attribute type 19 has an invalid length.
[ 2036.416907][T30698] netlink: 'syz.6.6901': attribute type 3 has an invalid length.
[ 2036.437922][T30698] netlink: 'syz.6.6901': attribute type 1 has an invalid length.
[ 2036.479106][T30698] netlink: 198452 bytes leftover after parsing attributes in process `syz.6.6901'.
[ 2037.615940][T30730] FAULT_INJECTION: forcing a failure.
[ 2037.615940][T30730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2037.699555][T30730] CPU: 0 PID: 30730 Comm: syz.5.6911 Not tainted syzkaller #0
[ 2037.707407][T30730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2037.718071][T30730] Call Trace:
[ 2037.721550][T30730]  <TASK>
[ 2037.724791][T30730]  dump_stack_lvl+0x188/0x24e
[ 2037.729894][T30730]  ? show_regs_print_info+0x12/0x12
[ 2037.735387][T30730]  ? load_image+0x400/0x400
[ 2037.740312][T30730]  ? __lock_acquire+0x7d10/0x7d10
[ 2037.745791][T30730]  ? lockdep_hardirqs_on+0x94/0x140
[ 2037.751525][T30730]  should_fail_ex+0x399/0x4d0
[ 2037.756584][T30730]  _copy_from_user+0x2c/0x170
[ 2037.761571][T30730]  __copy_msghdr+0x3b7/0x580
[ 2037.766603][T30730]  ___sys_sendmsg+0x210/0x360
[ 2037.771401][T30730]  ? perf_trace_run_bpf_submit+0x124/0x1c0
[ 2037.777588][T30730]  ? __sys_sendmsg+0x290/0x290
[ 2037.783072][T30730]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2037.789550][T30730]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2037.796703][T30730]  ? lockdep_hardirqs_on+0x94/0x140
[ 2037.802336][T30730]  ? __se_sys_sendmsg+0xf4/0x2a0
[ 2037.807602][T30730]  ? kasan_check_range+0x84/0x290
[ 2037.813426][T30730]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2037.818697][T30730]  ? __x64_sys_sendmsg+0x80/0x80
[ 2037.824017][T30730]  ? syscall_enter_from_user_mode+0x2a/0x80
[ 2037.830148][T30730]  do_syscall_64+0x4c/0xa0
[ 2037.834779][T30730]  ? clear_bhb_loop+0x60/0xb0
[ 2037.839822][T30730]  ? clear_bhb_loop+0x60/0xb0
[ 2037.844879][T30730]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2037.851184][T30730] RIP: 0033:0x7f833759aeb9
[ 2037.856208][T30730] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2037.876767][T30730] RSP: 002b:00007f83383ab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2037.885502][T30730] RAX: ffffffffffffffda RBX: 00007f8337815fa0 RCX: 00007f833759aeb9
[ 2037.893698][T30730] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000006
[ 2037.901978][T30730] RBP: 00007f83383ab090 R08: 0000000000000000 R09: 0000000000000000
[ 2037.910100][T30730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2037.918524][T30730] R13: 00007f8337816038 R14: 00007f8337815fa0 R15: 00007ffc1c272338
[ 2037.927170][T30730]  </TASK>
[ 2038.653148][T30735] syzkaller1: tun_chr_ioctl cmd 1074025677
[ 2038.697084][T30735] syzkaller1: linktype set to 823
[ 2039.345945][T30754] netlink: 'syz.2.6916': attribute type 10 has an invalid length.
[ 2040.860823][T30794] FAULT_INJECTION: forcing a failure.
[ 2040.860823][T30794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2040.929085][T30794] CPU: 1 PID: 30794 Comm: syz.4.6928 Not tainted syzkaller #0
[ 2040.936749][T30794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2040.947130][T30794] Call Trace:
[ 2040.950654][T30794]  <TASK>
[ 2040.953739][T30794]  dump_stack_lvl+0x188/0x24e
[ 2040.958498][T30794]  ? show_regs_print_info+0x12/0x12
[ 2040.963940][T30794]  ? load_image+0x400/0x400
[ 2040.968513][T30794]  ? __lock_acquire+0x7d10/0x7d10
[ 2040.973710][T30794]  should_fail_ex+0x399/0x4d0
[ 2040.978540][T30794]  _copy_from_user+0x2c/0x170
[ 2040.983274][T30794]  iovec_from_user+0x143/0x360
[ 2040.988099][T30794]  __import_iovec+0x6d/0x500
[ 2040.992824][T30794]  ? __might_fault+0xc2/0x120
[ 2040.997674][T30794]  import_iovec+0x6f/0xa0
[ 2041.002086][T30794]  ___sys_sendmsg+0x252/0x360
[ 2041.006838][T30794]  ? migrate_enable+0x148/0x220
[ 2041.011844][T30794]  ? __sys_sendmsg+0x290/0x290
[ 2041.016730][T30794]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2041.022081][T30794]  ? __x64_sys_sendmsg+0x80/0x80
[ 2041.027091][T30794]  ? syscall_enter_from_user_mode+0x2a/0x80
[ 2041.033169][T30794]  do_syscall_64+0x4c/0xa0
[ 2041.037658][T30794]  ? clear_bhb_loop+0x60/0xb0
[ 2041.042584][T30794]  ? clear_bhb_loop+0x60/0xb0
[ 2041.047421][T30794]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2041.053469][T30794] RIP: 0033:0x7f870999aeb9
[ 2041.057935][T30794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2041.077784][T30794] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2041.086439][T30794] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 2041.094481][T30794] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000006
[ 2041.102678][T30794] RBP: 00007f870a8ef090 R08: 0000000000000000 R09: 0000000000000000
[ 2041.110888][T30794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2041.119092][T30794] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2041.127149][T30794]  </TASK>
[ 2041.676437][T30801] device syzkaller0 entered promiscuous mode
[ 2042.116703][T30818] netlink: 180 bytes leftover after parsing attributes in process `syz.4.6934'.
[ 2042.161555][T30820] netlink: 188 bytes leftover after parsing attributes in process `syz.6.6936'.
[ 2044.634639][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2044.641062][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2048.042669][T30895] netlink: 'syz.2.6952': attribute type 10 has an invalid length.
[ 2048.097360][T30895] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6952'.
[ 2048.136838][T30895] netlink: 'syz.2.6952': attribute type 10 has an invalid length.
[ 2048.151509][T30895] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6952'.
[ 2049.100019][T30905] syzkaller1: tun_chr_ioctl cmd 1074025677
[ 2049.186807][T30905] syzkaller1: linktype set to 823
[ 2050.396054][T30933] device syzkaller0 entered promiscuous mode
[ 2054.543579][T30971] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2054.551275][T30971] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2054.559970][T30971] device bridge0 entered promiscuous mode
[ 2054.576711][T30984] syzkaller1: tun_chr_ioctl cmd 1074025677
[ 2054.601748][T30984] syzkaller1: linktype set to 823
[ 2055.653001][T31019] FAULT_INJECTION: forcing a failure.
[ 2055.653001][T31019] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2055.691730][T31019] CPU: 1 PID: 31019 Comm: syz.5.6990 Not tainted syzkaller #0
[ 2055.699696][T31019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2055.710020][T31019] Call Trace:
[ 2055.713361][T31019]  <TASK>
[ 2055.716425][T31019]  dump_stack_lvl+0x188/0x24e
[ 2055.721289][T31019]  ? show_regs_print_info+0x12/0x12
[ 2055.726571][T31019]  ? load_image+0x400/0x400
[ 2055.731141][T31019]  ? __lock_acquire+0x7d10/0x7d10
[ 2055.736237][T31019]  ? __virt_addr_valid+0x188/0x540
[ 2055.741615][T31019]  should_fail_ex+0x399/0x4d0
[ 2055.746380][T31019]  _copy_from_user+0x2c/0x170
[ 2055.751153][T31019]  vmemdup_user+0xa8/0x1d0
[ 2055.755741][T31019]  map_lookup_and_delete_elem+0x3c5/0x840
[ 2055.761712][T31019]  __sys_bpf+0x5cc/0x780
[ 2055.766057][T31019]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2055.771520][T31019]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2055.777819][T31019]  __x64_sys_bpf+0x78/0x90
[ 2055.782285][T31019]  do_syscall_64+0x4c/0xa0
[ 2055.786752][T31019]  ? clear_bhb_loop+0x60/0xb0
[ 2055.791559][T31019]  ? clear_bhb_loop+0x60/0xb0
[ 2055.796381][T31019]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2055.802333][T31019] RIP: 0033:0x7f833759aeb9
[ 2055.806824][T31019] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2055.826800][T31019] RSP: 002b:00007f83383ab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2055.835367][T31019] RAX: ffffffffffffffda RBX: 00007f8337815fa0 RCX: 00007f833759aeb9
[ 2055.843465][T31019] RDX: 0000000000000020 RSI: 0000200000000640 RDI: 0000000000000015
[ 2055.851651][T31019] RBP: 00007f83383ab090 R08: 0000000000000000 R09: 0000000000000000
[ 2055.859776][T31019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2055.868041][T31019] R13: 00007f8337816038 R14: 00007f8337815fa0 R15: 00007ffc1c272338
[ 2055.876167][T31019]  </TASK>
[ 2055.924245][T31021] device syzkaller0 entered promiscuous mode
[ 2056.726953][T31044] netlink: 'syz.4.7000': attribute type 3 has an invalid length.
[ 2056.797913][T31044] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7000'.
[ 2057.286988][T31065] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.7005'.
[ 2060.610630][T31079] netlink: 122896 bytes leftover after parsing attributes in process `syz.5.7010'.
[ 2060.611802][T31064] netlink: 'syz.0.7005': attribute type 21 has an invalid length.
[ 2060.640651][T31065] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.7005'.
[ 2060.681840][T31073] netlink: 'syz.0.7005': attribute type 2 has an invalid length.
[ 2060.689676][T31073] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7005'.
[ 2061.161929][T31098] netlink: 14 bytes leftover after parsing attributes in process `syz.2.7016'.
[ 2061.254342][T31098] device hsr_slave_0 left promiscuous mode
[ 2061.299189][T31098] device hsr_slave_1 left promiscuous mode
[ 2061.355820][T31107] FAULT_INJECTION: forcing a failure.
[ 2061.355820][T31107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2061.409761][T31107] CPU: 1 PID: 31107 Comm: syz.0.7019 Not tainted syzkaller #0
[ 2061.417502][T31107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2061.427709][T31107] Call Trace:
[ 2061.431020][T31107]  <TASK>
[ 2061.434555][T31107]  dump_stack_lvl+0x188/0x24e
[ 2061.439546][T31107]  ? show_regs_print_info+0x12/0x12
[ 2061.445012][T31107]  ? load_image+0x400/0x400
[ 2061.449700][T31107]  ? __lock_acquire+0x7d10/0x7d10
[ 2061.454878][T31107]  ? __virt_addr_valid+0x188/0x540
[ 2061.460162][T31107]  should_fail_ex+0x399/0x4d0
[ 2061.464939][T31107]  _copy_to_user+0x2c/0x130
[ 2061.469510][T31107]  map_lookup_and_delete_elem+0x705/0x840
[ 2061.475295][T31107]  __sys_bpf+0x5cc/0x780
[ 2061.479578][T31107]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2061.485071][T31107]  ? lock_chain_count+0x20/0x20
[ 2061.489962][T31107]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2061.496006][T31107]  __x64_sys_bpf+0x78/0x90
[ 2061.500461][T31107]  do_syscall_64+0x4c/0xa0
[ 2061.504951][T31107]  ? clear_bhb_loop+0x60/0xb0
[ 2061.509719][T31107]  ? clear_bhb_loop+0x60/0xb0
[ 2061.514575][T31107]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2061.520686][T31107] RIP: 0033:0x7fbd6bf9aeb9
[ 2061.525251][T31107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2061.544920][T31107] RSP: 002b:00007fbd6ce3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2061.553567][T31107] RAX: ffffffffffffffda RBX: 00007fbd6c215fa0 RCX: 00007fbd6bf9aeb9
[ 2061.561567][T31107] RDX: 0000000000000020 RSI: 0000200000000640 RDI: 0000000000000015
[ 2061.569652][T31107] RBP: 00007fbd6ce3d090 R08: 0000000000000000 R09: 0000000000000000
[ 2061.577648][T31107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2061.585654][T31107] R13: 00007fbd6c216038 R14: 00007fbd6c215fa0 R15: 00007ffe78d4f728
[ 2061.593671][T31107]  </TASK>
[ 2061.749430][T31115] netlink: 830 bytes leftover after parsing attributes in process `syz.6.7020'.
[ 2061.965791][T31117] netlink: 146340 bytes leftover after parsing attributes in process `syz.5.7022'.
[ 2062.019384][T31117] openvswitch: netlink: Key type 386 is out of range max 32
[ 2062.769872][T31153] FAULT_INJECTION: forcing a failure.
[ 2062.769872][T31153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2062.805059][T31153] CPU: 0 PID: 31153 Comm: syz.5.7034 Not tainted syzkaller #0
[ 2062.812628][T31153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2062.822840][T31153] Call Trace:
[ 2062.826196][T31153]  <TASK>
[ 2062.829166][T31153]  dump_stack_lvl+0x188/0x24e
[ 2062.833931][T31153]  ? show_regs_print_info+0x12/0x12
[ 2062.841289][T31153]  ? load_image+0x400/0x400
[ 2062.845860][T31153]  ? __lock_acquire+0x7d10/0x7d10
[ 2062.851063][T31153]  ? snprintf+0xe5/0x140
[ 2062.855375][T31153]  should_fail_ex+0x399/0x4d0
[ 2062.860154][T31153]  _copy_to_user+0x2c/0x130
[ 2062.864836][T31153]  simple_read_from_buffer+0xe3/0x150
[ 2062.870456][T31153]  proc_fail_nth_read+0x1a6/0x220
[ 2062.875796][T31153]  ? proc_fault_inject_write+0x310/0x310
[ 2062.881637][T31153]  ? fsnotify_perm+0x248/0x550
[ 2062.886467][T31153]  ? proc_fault_inject_write+0x310/0x310
[ 2062.892231][T31153]  vfs_read+0x2de/0xa00
[ 2062.896492][T31153]  ? kernel_read+0x1e0/0x1e0
[ 2062.901356][T31153]  ? __fget_files+0x28/0x4b0
[ 2062.906022][T31153]  ? __fget_files+0x28/0x4b0
[ 2062.910682][T31153]  ? __fget_files+0x43d/0x4b0
[ 2062.915604][T31153]  ? __fdget_pos+0x2ae/0x360
[ 2062.920434][T31153]  ? ksys_read+0x71/0x250
[ 2062.925116][T31153]  ksys_read+0x14c/0x250
[ 2062.929522][T31153]  ? vfs_write+0xa30/0xa30
[ 2062.934116][T31153]  ? lockdep_hardirqs_on+0x94/0x140
[ 2062.939567][T31153]  do_syscall_64+0x4c/0xa0
[ 2062.944156][T31153]  ? clear_bhb_loop+0x60/0xb0
[ 2062.948887][T31153]  ? clear_bhb_loop+0x60/0xb0
[ 2062.953808][T31153]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2062.960129][T31153] RIP: 0033:0x7f833755b78e
[ 2062.964601][T31153] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2062.984533][T31153] RSP: 002b:00007f8338389fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2062.993186][T31153] RAX: ffffffffffffffda RBX: 00007f833838a6c0 RCX: 00007f833755b78e
[ 2063.001237][T31153] RDX: 000000000000000f RSI: 00007f833838a0a0 RDI: 0000000000000043
[ 2063.009367][T31153] RBP: 00007f833838a090 R08: 0000000000000000 R09: 0000000000000000
[ 2063.017498][T31153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2063.025977][T31153] R13: 00007f8337816128 R14: 00007f8337816090 R15: 00007ffc1c272338
[ 2063.034197][T31153]  </TASK>
[ 2063.431489][T31163] netlink: 'syz.6.7037': attribute type 2 has an invalid length.
[ 2063.483392][T31163] netlink: 'syz.6.7037': attribute type 21 has an invalid length.
[ 2063.847523][T31173] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7040'.
[ 2064.027424][T31167] netlink: 'syz.2.7039': attribute type 10 has an invalid length.
[ 2064.089600][T31167] device bond0 left promiscuous mode
[ 2064.191470][T31167] device bond_slave_0 left promiscuous mode
[ 2064.243570][T31167] device bond_slave_1 left promiscuous mode
[ 2064.306585][T31167] device batadv_slave_0 left promiscuous mode
[ 2064.449195][T31167] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2064.563082][T31167] team0: Port device bond0 added
[ 2065.390168][T31192] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7046'.
[ 2065.430788][T31192] device caif0 entered promiscuous mode
[ 2066.500521][T31224] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.7058'.
[ 2066.938394][T31242] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7064'.
[ 2068.322521][ T4281] Bluetooth: hci3: ACL packet for unknown connection handle 0
[ 2069.154722][T31301] netlink: 14 bytes leftover after parsing attributes in process `syz.6.7086'.
[ 2069.941502][T31308] netlink: 160 bytes leftover after parsing attributes in process `syz.4.7088'.
[ 2070.243339][T31331] netlink: 'syz.0.7095': attribute type 2 has an invalid length.
[ 2070.303021][T31338] netlink: 'syz.0.7095': attribute type 21 has an invalid length.
[ 2071.546542][T31370] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.7106'.
[ 2071.567138][T31365] netlink: 152 bytes leftover after parsing attributes in process `syz.5.7105'.
[ 2071.647871][T31365] netlink: 'syz.5.7105': attribute type 10 has an invalid length.
[ 2071.691755][T31365] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7105'.
[ 2071.778821][T31374] netlink: 'syz.4.7108': attribute type 10 has an invalid length.
[ 2071.791945][T31374] netlink: 55 bytes leftover after parsing attributes in process `syz.4.7108'.
[ 2073.371539][T31396] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.7116'.
[ 2074.573640][T31436] FAULT_INJECTION: forcing a failure.
[ 2074.573640][T31436] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2074.670127][T31436] CPU: 0 PID: 31436 Comm: syz.5.7130 Not tainted syzkaller #0
[ 2074.678051][T31436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2074.688328][T31436] Call Trace:
[ 2074.691747][T31436]  <TASK>
[ 2074.694737][T31436]  dump_stack_lvl+0x188/0x24e
[ 2074.699505][T31436]  ? show_regs_print_info+0x12/0x12
[ 2074.704951][T31436]  ? load_image+0x400/0x400
[ 2074.709519][T31436]  ? __lock_acquire+0x7d10/0x7d10
[ 2074.714600][T31436]  ? snprintf+0xe5/0x140
[ 2074.718895][T31436]  should_fail_ex+0x399/0x4d0
[ 2074.723649][T31436]  _copy_to_user+0x2c/0x130
[ 2074.728776][T31436]  simple_read_from_buffer+0xe3/0x150
[ 2074.734621][T31436]  proc_fail_nth_read+0x1a6/0x220
[ 2074.739725][T31436]  ? proc_fault_inject_write+0x310/0x310
[ 2074.745429][T31436]  ? fsnotify_perm+0x248/0x550
[ 2074.750252][T31436]  ? proc_fault_inject_write+0x310/0x310
[ 2074.755935][T31436]  vfs_read+0x2de/0xa00
[ 2074.760200][T31436]  ? kernel_read+0x1e0/0x1e0
[ 2074.764866][T31436]  ? __fget_files+0x28/0x4b0
[ 2074.769533][T31436]  ? __fget_files+0x28/0x4b0
[ 2074.774823][T31436]  ? __fget_files+0x43d/0x4b0
[ 2074.779777][T31436]  ? __fdget_pos+0x2ae/0x360
[ 2074.784444][T31436]  ? ksys_read+0x71/0x250
[ 2074.788937][T31436]  ksys_read+0x14c/0x250
[ 2074.793263][T31436]  ? vfs_write+0xa30/0xa30
[ 2074.797761][T31436]  ? lockdep_hardirqs_on+0x94/0x140
[ 2074.803032][T31436]  do_syscall_64+0x4c/0xa0
[ 2074.807521][T31436]  ? clear_bhb_loop+0x60/0xb0
[ 2074.812273][T31436]  ? clear_bhb_loop+0x60/0xb0
[ 2074.817021][T31436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2074.822978][T31436] RIP: 0033:0x7f833755b78e
[ 2074.827537][T31436] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2074.847377][T31436] RSP: 002b:00007f8338389fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2074.855858][T31436] RAX: ffffffffffffffda RBX: 00007f833838a6c0 RCX: 00007f833755b78e
[ 2074.864148][T31436] RDX: 000000000000000f RSI: 00007f833838a0a0 RDI: 0000000000000004
[ 2074.872204][T31436] RBP: 00007f833838a090 R08: 0000000000000000 R09: 0000000000000000
[ 2074.880240][T31436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2074.888284][T31436] R13: 00007f8337816128 R14: 00007f8337816090 R15: 00007ffc1c272338
[ 2074.896691][T31436]  </TASK>
[ 2076.875923][T31481] netlink: 'syz.0.7143': attribute type 21 has an invalid length.
[ 2079.858276][T31509] device syzkaller0 entered promiscuous mode
[ 2084.794054][T31530] netlink: 'syz.6.7156': attribute type 2 has an invalid length.
[ 2084.806669][T31530] netlink: 132 bytes leftover after parsing attributes in process `syz.6.7156'.
[ 2086.162268][T31568] netlink: 16098 bytes leftover after parsing attributes in process `syz.4.7168'.
[ 2086.470363][T31576] device syzkaller0 entered promiscuous mode
[ 2092.191065][T31629] netlink: 'syz.4.7184': attribute type 10 has an invalid length.
[ 2092.200979][T31629] device netdevsim0 entered promiscuous mode
[ 2093.725950][T31678] netlink: 'syz.4.7197': attribute type 21 has an invalid length.
[ 2094.386945][T31697] netlink: 144 bytes leftover after parsing attributes in process `syz.2.7204'.
[ 2094.511092][T31700] device syzkaller0 entered promiscuous mode
[ 2096.168691][ T4270] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2096.184883][ T4270] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2096.195014][ T4270] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2096.203484][ T4270] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2096.211583][ T4270] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2096.219329][ T4270] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2098.297850][ T4270] Bluetooth: hci4: command 0x0409 tx timeout
[ 2099.642404][T31724] netlink: 'syz.2.7214': attribute type 21 has an invalid length.
[ 2099.918149][T23558] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2100.057768][T31755] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7217'.
[ 2100.082167][T23558] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2100.297022][T23558] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2100.381484][ T4270] Bluetooth: hci4: command 0x041b tx timeout
[ 2100.418188][T23558] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2100.575684][T31727] chnl_net:caif_netlink_parms(): no params data found
[ 2100.908102][T31778] device syzkaller0 entered promiscuous mode
[ 2101.513016][T31772] delete_channel: no stack
[ 2102.460974][ T4270] Bluetooth: hci4: command 0x040f tx timeout
[ 2104.539531][ T4270] Bluetooth: hci4: command 0x0419 tx timeout
[ 2104.740609][T31727] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2104.759774][T31727] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2104.800312][T31727] device bridge_slave_0 entered promiscuous mode
[ 2104.841032][T31727] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2104.887059][T31727] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2104.935784][T31727] device bridge_slave_1 entered promiscuous mode
[ 2105.043858][T23558] device 0 left promiscuous mode
[ 2105.185212][T31727] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2105.226534][T31727] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2105.895604][T31833] delete_channel: no stack
[ 2105.896949][T31727] team0: Port device team_slave_0 added
[ 2105.967356][T31828] device syzkaller0 entered promiscuous mode
[ 2106.055076][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2106.061821][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2106.448633][T31727] team0: Port device team_slave_1 added
[ 2106.899692][T31883] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 2112.309326][T31893] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2112.332126][T31893] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2112.379713][T31893] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2112.414411][T31893] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2112.573566][T31727] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2112.580778][T31727] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2112.646626][T31727] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2112.753697][T31727] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2112.779791][T31727] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2112.847693][T31727] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2113.510693][T31727] device hsr_slave_0 entered promiscuous mode
[ 2113.560335][T31727] device hsr_slave_1 entered promiscuous mode
[ 2113.610276][T31727] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2113.634624][T31919] netlink: 'syz.0.7266': attribute type 2 has an invalid length.
[ 2113.647391][T31727] Cannot create hsr debugfs directory
[ 2113.833247][T31919] device 0 entered promiscuous mode
[ 2113.912554][T31931] netlink: 'syz.2.7270': attribute type 27 has an invalid length.
[ 2113.942210][T31929] netlink: 'syz.4.7269': attribute type 2 has an invalid length.
[ 2113.986543][T31929] netlink: 199848 bytes leftover after parsing attributes in process `syz.4.7269'.
[ 2114.483298][T31939] device syzkaller0 entered promiscuous mode
[ 2116.278193][T31968] netlink: 'syz.0.7284': attribute type 2 has an invalid length.
[ 2116.323255][T31968] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.7284'.
[ 2118.381600][ T4281] Bluetooth: hci3: command 0x0406 tx timeout
[ 2122.657450][T32012] netlink: 'syz.4.7282': attribute type 2 has an invalid length.
[ 2123.013918][T32006] netlink: 40227 bytes leftover after parsing attributes in process `syz.0.7283'.
[ 2123.082051][T32012] device 0 entered promiscuous mode
[ 2123.371644][T23558] device hsr_slave_0 left promiscuous mode
[ 2123.396023][T23558] device hsr_slave_1 left promiscuous mode
[ 2123.408445][T23558] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2123.433132][T23558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2123.448252][T23558] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2123.467674][T23558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2123.496695][T23558] bridge0: port 3(dummy0) entered disabled state
[ 2123.522435][T23558] device bridge_slave_1 left promiscuous mode
[ 2123.536279][T23558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2123.558253][T23558] device bridge_slave_0 left promiscuous mode
[ 2123.584769][T23558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2125.365441][T23558] device veth1_macvtap left promiscuous mode
[ 2125.376033][T23558] device veth0_macvtap left promiscuous mode
[ 2125.392012][T23558] device veth1_vlan left promiscuous mode
[ 2125.397924][T23558] device veth0_vlan left promiscuous mode
[ 2125.670500][T23558] team0 (unregistering): Port device geneve1 removed
[ 2125.862591][T32061] netlink: 'syz.2.7297': attribute type 2 has an invalid length.
[ 2125.870880][T32061] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.7297'.
[ 2128.090676][ T4281] Bluetooth: hci1: unexpected event 0x14 length: 151 > 6
[ 2128.226681][T32068] netlink: 'syz.2.7298': attribute type 2 has an invalid length.
[ 2128.602662][T23558] team0 (unregistering): Port device team_slave_1 removed
[ 2128.748912][T23558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2128.818039][T23558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2129.308629][T23558] bond0 (unregistering): Released all slaves
[ 2129.426396][T32038] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2129.441635][T32038] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2129.461914][T32038] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2129.469563][T32038] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2129.567188][T32034] device syzkaller0 entered promiscuous mode
[ 2129.584903][T32068] device 0 entered promiscuous mode
[ 2133.324404][T32093] netlink: 14463 bytes leftover after parsing attributes in process `syz.6.7301'.
[ 2133.509191][T31727] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2133.596506][T31727] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2133.652974][T31727] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2133.668658][T31727] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2133.691630][T32108] netlink: 'syz.4.7312': attribute type 5 has an invalid length.
[ 2133.908550][T32115] netlink: 'syz.2.7311': attribute type 1 has an invalid length.
[ 2133.992541][T32115] netlink: 176 bytes leftover after parsing attributes in process `syz.2.7311'.
[ 2134.490069][T31727] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2134.553252][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2134.578031][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2134.605771][T31727] 8021q: adding VLAN 0 to HW filter on device team0
[ 2134.632645][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2134.672431][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2134.695900][T23559] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2134.703724][T23559] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2134.755441][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2134.777351][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2134.803312][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2134.838914][T23559] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2134.846316][T23559] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2134.888954][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 2135.125845][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 2135.146196][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 2135.202638][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2135.250787][T32142] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 2135.258248][T32142] IPv6: NLM_F_CREATE should be set when creating new route
[ 2135.265685][T32142] IPv6: NLM_F_CREATE should be set when creating new route
[ 2135.273352][T32142] IPv6: NLM_F_CREATE should be set when creating new route
[ 2135.347625][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 2135.356730][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 2135.366841][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2135.466050][T32159] device syzkaller0 entered promiscuous mode
[ 2135.508012][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 2135.522558][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 2135.543824][T32162] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.7323'.
[ 2135.720018][T31727] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2135.743347][T31727] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 2135.806832][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 2135.824910][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 2138.264354][T32200] delete_channel: no stack
[ 2140.303563][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 2140.311188][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 2140.368163][T31727] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2140.389975][T32237] delete_channel: no stack
[ 2140.592918][T32241] device syzkaller0 entered promiscuous mode
[ 2140.980047][T32270] FAULT_INJECTION: forcing a failure.
[ 2140.980047][T32270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2141.042121][T32270] CPU: 1 PID: 32270 Comm: syz.2.7352 Not tainted syzkaller #0
[ 2141.049688][T32270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2141.059895][T32270] Call Trace:
[ 2141.063317][T32270]  <TASK>
[ 2141.066289][T32270]  dump_stack_lvl+0x188/0x24e
[ 2141.071050][T32270]  ? show_regs_print_info+0x12/0x12
[ 2141.076312][T32270]  ? load_image+0x400/0x400
[ 2141.081257][T32270]  ? __lock_acquire+0x7d10/0x7d10
[ 2141.086685][T32270]  should_fail_ex+0x399/0x4d0
[ 2141.091501][T32270]  strncpy_from_user+0x32/0x350
[ 2141.096549][T32270]  bpf_prog_load+0x1f3/0x1560
[ 2141.101386][T32270]  ? map_freeze+0x390/0x390
[ 2141.105948][T32270]  ? __might_fault+0xa6/0x120
[ 2141.110668][T32270]  ? __might_fault+0xa6/0x120
[ 2141.115381][T32270]  ? __might_fault+0xc2/0x120
[ 2141.120183][T32270]  ? __might_fault+0xa6/0x120
[ 2141.124899][T32270]  ? bpf_lsm_bpf+0x5/0x10
[ 2141.129389][T32270]  ? security_bpf+0x7a/0xa0
[ 2141.133932][T32270]  __sys_bpf+0x5b8/0x780
[ 2141.138236][T32270]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2141.143759][T32270]  __x64_sys_bpf+0x78/0x90
[ 2141.148233][T32270]  do_syscall_64+0x4c/0xa0
[ 2141.152906][T32270]  ? clear_bhb_loop+0x60/0xb0
[ 2141.157843][T32270]  ? clear_bhb_loop+0x60/0xb0
[ 2141.162577][T32270]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2141.168605][T32270] RIP: 0033:0x7f35a5d9aeb9
[ 2141.173142][T32270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2141.193692][T32270] RSP: 002b:00007f35a6c36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2141.202142][T32270] RAX: ffffffffffffffda RBX: 00007f35a6015fa0 RCX: 00007f35a5d9aeb9
[ 2141.210796][T32270] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005
[ 2141.219084][T32270] RBP: 00007f35a6c36090 R08: 0000000000000000 R09: 0000000000000000
[ 2141.227710][T32270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2141.236184][T32270] R13: 00007f35a6016038 R14: 00007f35a6015fa0 R15: 00007ffcf6d0e198
[ 2141.245102][T32270]  </TASK>
[ 2143.371197][T32289] delete_channel: no stack
[ 2148.061162][T32276] netlink: 'syz.0.7354': attribute type 12 has an invalid length.
[ 2148.069670][T32276] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7354'.
[ 2148.438884][T32327] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7373'.
[ 2148.492682][T32331] FAULT_INJECTION: forcing a failure.
[ 2148.492682][T32331] name failslab, interval 1, probability 0, space 0, times 0
[ 2148.601556][T32331] CPU: 0 PID: 32331 Comm: syz.4.7365 Not tainted syzkaller #0
[ 2148.609304][T32331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2148.619504][T32331] Call Trace:
[ 2148.622978][T32331]  <TASK>
[ 2148.626099][T32331]  dump_stack_lvl+0x188/0x24e
[ 2148.630948][T32331]  ? show_regs_print_info+0x12/0x12
[ 2148.636529][T32331]  ? load_image+0x400/0x400
[ 2148.641112][T32331]  ? __might_sleep+0xd0/0xd0
[ 2148.645767][T32331]  ? __lock_acquire+0x7d10/0x7d10
[ 2148.650899][T32331]  ? irqentry_enter+0x33/0x50
[ 2148.655639][T32331]  should_fail_ex+0x399/0x4d0
[ 2148.660482][T32331]  should_failslab+0x5/0x20
[ 2148.665218][T32331]  slab_pre_alloc_hook+0x59/0x310
[ 2148.670299][T32331]  ? rcu_is_watching+0x11/0xa0
[ 2148.675313][T32331]  ? __get_vm_area_node+0x122/0x330
[ 2148.680722][T32331]  __kmem_cache_alloc_node+0x4f/0x260
[ 2148.686262][T32331]  ? lockdep_hardirqs_on+0x94/0x140
[ 2148.691532][T32331]  ? __get_vm_area_node+0x122/0x330
[ 2148.696811][T32331]  kmalloc_node_trace+0x22/0xe0
[ 2148.701749][T32331]  __get_vm_area_node+0x122/0x330
[ 2148.706956][T32331]  ? __get_vm_area_node+0x1/0x330
[ 2148.712143][T32331]  __vmalloc_node_range+0x357/0x13b0
[ 2148.717573][T32331]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2148.723288][T32331]  ? perf_trace_preemptirq_template+0x268/0x320
[ 2148.729697][T32331]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2148.735850][T32331]  ? free_vm_area+0x50/0x50
[ 2148.740424][T32331]  ? end_current_label_crit_section+0x170/0x170
[ 2148.746859][T32331]  ? lockdep_hardirqs_on+0x94/0x140
[ 2148.752302][T32331]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2148.757945][T32331]  __vmalloc+0x76/0x80
[ 2148.762111][T32331]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2148.767925][T32331]  bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2148.773392][T32331]  ? bpf_lsm_capable+0x5/0x10
[ 2148.778147][T32331]  bpf_prog_alloc+0x1c/0x1b0
[ 2148.782821][T32331]  bpf_prog_load+0x7c9/0x1560
[ 2148.787580][T32331]  ? map_freeze+0x390/0x390
[ 2148.792152][T32331]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2148.798369][T32331]  ? lockdep_hardirqs_on+0x94/0x140
[ 2148.803650][T32331]  ? copy_user_enhanced_fast_string+0xa/0x40
[ 2148.809887][T32331]  ? bpf_lsm_bpf+0x5/0x10
[ 2148.814346][T32331]  ? security_bpf+0x7a/0xa0
[ 2148.818943][T32331]  __sys_bpf+0x5b8/0x780
[ 2148.823255][T32331]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2148.828709][T32331]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2148.834974][T32331]  __x64_sys_bpf+0x78/0x90
[ 2148.839458][T32331]  do_syscall_64+0x4c/0xa0
[ 2148.843941][T32331]  ? clear_bhb_loop+0x60/0xb0
[ 2148.848677][T32331]  ? clear_bhb_loop+0x60/0xb0
[ 2148.853418][T32331]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2148.859376][T32331] RIP: 0033:0x7f870999aeb9
[ 2148.863861][T32331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2148.883934][T32331] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2148.892501][T32331] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 2148.900637][T32331] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005
[ 2148.908783][T32331] RBP: 00007f870a8ef090 R08: 0000000000000000 R09: 0000000000000000
[ 2148.916934][T32331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2148.925231][T32331] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2148.933288][T32331]  </TASK>
[ 2149.024459][T32338] netlink: 'syz.6.7364': attribute type 1 has an invalid length.
[ 2149.039168][T32338] netlink: 176 bytes leftover after parsing attributes in process `syz.6.7364'.
[ 2149.381611][T32331] syz.4.7365: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz4,mems_allowed=0-1
[ 2149.411355][T32331] CPU: 1 PID: 32331 Comm: syz.4.7365 Not tainted syzkaller #0
[ 2149.418988][T32331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2149.429393][T32331] Call Trace:
[ 2149.432909][T32331]  <TASK>
[ 2149.436044][T32331]  dump_stack_lvl+0x188/0x24e
[ 2149.440786][T32331]  ? cpuset_print_current_mems_allowed+0x1b/0x360
[ 2149.447359][T32331]  ? show_regs_print_info+0x12/0x12
[ 2149.452631][T32331]  ? load_image+0x400/0x400
[ 2149.457357][T32331]  ? cpuset_print_current_mems_allowed+0x1b/0x360
[ 2149.463809][T32331]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[ 2149.470459][T32331]  warn_alloc+0x242/0x330
[ 2149.474845][T32331]  ? __get_vm_area_node+0x122/0x330
[ 2149.480101][T32331]  ? zone_watermark_ok_safe+0x270/0x270
[ 2149.485794][T32331]  ? rcu_is_watching+0x11/0xa0
[ 2149.490617][T32331]  ? __get_vm_area_node+0x318/0x330
[ 2149.495854][T32331]  ? __get_vm_area_node+0x1/0x330
[ 2149.500912][T32331]  __vmalloc_node_range+0x37c/0x13b0
[ 2149.506240][T32331]  ? perf_trace_preemptirq_template+0x268/0x320
[ 2149.512879][T32331]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2149.519007][T32331]  ? free_vm_area+0x50/0x50
[ 2149.523546][T32331]  ? end_current_label_crit_section+0x170/0x170
[ 2149.529909][T32331]  ? lockdep_hardirqs_on+0x94/0x140
[ 2149.535159][T32331]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2149.540831][T32331]  __vmalloc+0x76/0x80
[ 2149.544983][T32331]  ? bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2149.550788][T32331]  bpf_prog_alloc_no_stats+0x3a/0x3a0
[ 2149.556221][T32331]  ? bpf_lsm_capable+0x5/0x10
[ 2149.561037][T32331]  bpf_prog_alloc+0x1c/0x1b0
[ 2149.565678][T32331]  bpf_prog_load+0x7c9/0x1560
[ 2149.570413][T32331]  ? map_freeze+0x390/0x390
[ 2149.574949][T32331]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2149.581147][T32331]  ? lockdep_hardirqs_on+0x94/0x140
[ 2149.586386][T32331]  ? copy_user_enhanced_fast_string+0xa/0x40
[ 2149.592488][T32331]  ? bpf_lsm_bpf+0x5/0x10
[ 2149.597022][T32331]  ? security_bpf+0x7a/0xa0
[ 2149.601573][T32331]  __sys_bpf+0x5b8/0x780
[ 2149.605939][T32331]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2149.611437][T32331]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2149.617778][T32331]  __x64_sys_bpf+0x78/0x90
[ 2149.622230][T32331]  do_syscall_64+0x4c/0xa0
[ 2149.626678][T32331]  ? clear_bhb_loop+0x60/0xb0
[ 2149.631383][T32331]  ? clear_bhb_loop+0x60/0xb0
[ 2149.636096][T32331]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2149.642114][T32331] RIP: 0033:0x7f870999aeb9
[ 2149.646648][T32331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2149.666629][T32331] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2149.675106][T32331] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 2149.683222][T32331] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005
[ 2149.691269][T32331] RBP: 00007f870a8ef090 R08: 0000000000000000 R09: 0000000000000000
[ 2149.699302][T32331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2149.707329][T32331] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2149.715366][T32331]  </TASK>
[ 2149.818915][T32331] Mem-Info:
[ 2149.823205][T32331] active_anon:7388 inactive_anon:0 isolated_anon:0
[ 2149.823205][T32331]  active_file:21573 inactive_file:40695 isolated_file:0
[ 2149.823205][T32331]  unevictable:768 dirty:129 writeback:0
[ 2149.823205][T32331]  slab_reclaimable:21461 slab_unreclaimable:110014
[ 2149.823205][T32331]  mapped:29786 shmem:1385 pagetables:753
[ 2149.823205][T32331]  sec_pagetables:0 bounce:0
[ 2149.823205][T32331]  kernel_misc_reclaimable:0
[ 2149.823205][T32331]  free:1305695 free_pcp:6037 free_cma:0
[ 2149.853365][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 2149.885489][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 2149.921730][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 2149.943257][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 2149.960268][T31727] device veth0_vlan entered promiscuous mode
[ 2149.967546][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 2149.980873][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 2149.996904][T31727] device veth1_vlan entered promiscuous mode
[ 2150.040421][T32331] Node 0 active_anon:29872kB inactive_anon:0kB active_file:86292kB inactive_file:162576kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127244kB dirty:536kB writeback:0kB shmem:4004kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11348kB pagetables:3116kB sec_pagetables:0kB all_unreclaimable? no
[ 2150.080884][T32331] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 2150.134612][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 2150.154497][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 2150.169183][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 2150.181094][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 2150.197907][T31727] device veth0_macvtap entered promiscuous mode
[ 2150.218118][T31727] device veth1_macvtap entered promiscuous mode
[ 2150.224810][T32331] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2150.287941][T31727] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2150.295796][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 2150.309840][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 2150.319890][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 2150.332229][T32331] lowmem_reserve[]: 0 2527 2528 2528 2528
[ 2150.338238][T32331] Node 0 DMA32 free:1294508kB boost:0kB min:34692kB low:43364kB high:52036kB reserved_highatomic:0KB active_anon:29572kB inactive_anon:0kB active_file:86292kB inactive_file:162576kB unevictable:1536kB writepending:536kB present:3129332kB managed:2592980kB mlocked:0kB bounce:0kB free_pcp:21820kB local_pcp:16028kB free_cma:0kB
[ 2150.380709][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 2150.393160][T31727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2150.408202][T31727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2150.424602][T31727] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2150.432809][T32331] lowmem_reserve[]: 0 0 1 1 1
[ 2150.437669][T32331] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:1424kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:4kB free_cma:0kB
[ 2150.472198][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 2150.493667][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 2150.510255][T31727] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2150.524927][T31727] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2150.535528][T31727] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2150.550979][T32331] lowmem_reserve[]: 0 0 0 0 0
[ 2150.556962][T32331] Node 1 Normal free:3912892kB boost:0kB min:55192kB low:68988kB high:82784kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:6976kB local_pcp:6976kB free_cma:0kB
[ 2150.616551][T31727] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2150.708676][T32331] lowmem_reserve[]: 0 0 0 0 0
[ 2150.736016][T32331] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2150.785107][T32331] Node 0 DMA32: 1433*4kB (UME) 1421*8kB (M) 1224*16kB (UME) 933*32kB (UME) 1179*64kB (UME) 578*128kB (UME) 167*256kB (UME) 87*512kB (UME) 42*1024kB (UME) 15*2048kB (UM) 224*4096kB (M) = 1294508kB
[ 2150.829839][T23558] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2150.855985][T23558] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2150.871708][T18918] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 2150.891946][T32331] Node 0 Normal: 5*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2150.944837][T32331] Node 1 Normal: 255*4kB (UME) 54*8kB (UME) 29*16kB (UME) 220*32kB (UME) 71*64kB (UME) 26*128kB (UME) 11*256kB (U) 2*512kB (UM) 1*1024kB (U) 0*2048kB 950*4096kB (ME) = 3912892kB
[ 2150.963823][T18918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2150.979458][T18918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2151.017962][T18239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 2151.058939][T32331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2151.101812][T32331] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2151.123839][T32331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2151.156498][T32331] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2151.197099][T32331] 63656 total pagecache pages
[ 2151.211437][T32331] 0 pages in swap cache
[ 2151.215730][T32331] Free swap  = 124996kB
[ 2151.247157][T32377] device syzkaller0 entered promiscuous mode
[ 2151.258999][T32331] Total swap = 124996kB
[ 2151.267470][T32331] 2097051 pages RAM
[ 2151.285172][T32331] 0 pages HighMem/MovableOnly
[ 2151.310476][T32331] 415205 pages reserved
[ 2151.328514][T32331] 0 pages cma reserved
[ 2151.582559][T32386] FAULT_INJECTION: forcing a failure.
[ 2151.582559][T32386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2151.614460][T32371] delete_channel: no stack
[ 2151.669484][T32386] CPU: 0 PID: 32386 Comm: syz.4.7378 Not tainted syzkaller #0
[ 2151.677150][T32386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2151.687449][T32386] Call Trace:
[ 2151.690793][T32386]  <TASK>
[ 2151.693784][T32386]  dump_stack_lvl+0x188/0x24e
[ 2151.698546][T32386]  ? show_regs_print_info+0x12/0x12
[ 2151.703828][T32386]  ? load_image+0x400/0x400
[ 2151.708552][T32386]  ? __lock_acquire+0x7d10/0x7d10
[ 2151.713740][T32386]  ? lockdep_hardirqs_on+0x94/0x140
[ 2151.719019][T32386]  should_fail_ex+0x399/0x4d0
[ 2151.723788][T32386]  _copy_from_user+0x2c/0x170
[ 2151.728532][T32386]  __sys_bpf+0x2ea/0x780
[ 2151.732849][T32386]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2151.738306][T32386]  ? lock_chain_count+0x20/0x20
[ 2151.743511][T32386]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2151.749661][T32386]  __x64_sys_bpf+0x78/0x90
[ 2151.754177][T32386]  do_syscall_64+0x4c/0xa0
[ 2151.758703][T32386]  ? clear_bhb_loop+0x60/0xb0
[ 2151.763450][T32386]  ? clear_bhb_loop+0x60/0xb0
[ 2151.768325][T32386]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2151.774308][T32386] RIP: 0033:0x7f870999aeb9
[ 2151.778810][T32386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2151.798825][T32386] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2151.807372][T32386] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 2151.815589][T32386] RDX: 0000000000000020 RSI: 0000200000000640 RDI: 0000000000000015
[ 2151.823617][T32386] RBP: 00007f870a8ef090 R08: 0000000000000000 R09: 0000000000000000
[ 2151.831646][T32386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2151.839757][T32386] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2151.847967][T32386]  </TASK>
[ 2152.216539][T32403] netlink: 'syz.4.7382': attribute type 3 has an invalid length.
[ 2152.224993][T32403] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7382'.
[ 2152.644935][T32417] netlink: 'syz.5.7386': attribute type 27 has an invalid length.
[ 2152.667913][T32417] netlink: 164 bytes leftover after parsing attributes in process `syz.5.7386'.
[ 2155.689573][T32440] netlink: 17279 bytes leftover after parsing attributes in process `syz.6.7395'.
[ 2156.495476][T32464] netlink: 'syz.4.7406': attribute type 10 has an invalid length.
[ 2156.917140][T32464] team0: Port device geneve1 added
[ 2157.326500][T32477] device syzkaller0 entered promiscuous mode
[ 2159.687288][T32470] delete_channel: no stack
[ 2159.945531][T32488] FAULT_INJECTION: forcing a failure.
[ 2159.945531][T32488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2160.044798][T32488] CPU: 1 PID: 32488 Comm: syz.5.7411 Not tainted syzkaller #0
[ 2160.052377][T32488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2160.063144][T32488] Call Trace:
[ 2160.066779][T32488]  <TASK>
[ 2160.069907][T32488]  dump_stack_lvl+0x188/0x24e
[ 2160.074914][T32488]  ? show_regs_print_info+0x12/0x12
[ 2160.080201][T32488]  ? load_image+0x400/0x400
[ 2160.084781][T32488]  ? __lock_acquire+0x7d10/0x7d10
[ 2160.090133][T32488]  ? __virt_addr_valid+0x188/0x540
[ 2160.095457][T32488]  should_fail_ex+0x399/0x4d0
[ 2160.100380][T32488]  _copy_from_user+0x2c/0x170
[ 2160.105133][T32488]  vmemdup_user+0xa8/0x1d0
[ 2160.110117][T32488]  map_lookup_and_delete_elem+0x3c5/0x840
[ 2160.115969][T32488]  __sys_bpf+0x5cc/0x780
[ 2160.120285][T32488]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2160.125849][T32488]  ? lock_chain_count+0x20/0x20
[ 2160.130810][T32488]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2160.136890][T32488]  __x64_sys_bpf+0x78/0x90
[ 2160.141387][T32488]  do_syscall_64+0x4c/0xa0
[ 2160.145890][T32488]  ? clear_bhb_loop+0x60/0xb0
[ 2160.150915][T32488]  ? clear_bhb_loop+0x60/0xb0
[ 2160.155680][T32488]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2160.161655][T32488] RIP: 0033:0x7f062979aeb9
[ 2160.166329][T32488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2160.186476][T32488] RSP: 002b:00007f062a5de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2160.195117][T32488] RAX: ffffffffffffffda RBX: 00007f0629a15fa0 RCX: 00007f062979aeb9
[ 2160.203241][T32488] RDX: 0000000000000020 RSI: 0000200000000640 RDI: 0000000000000015
[ 2160.211353][T32488] RBP: 00007f062a5de090 R08: 0000000000000000 R09: 0000000000000000
[ 2160.219388][T32488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2160.227599][T32488] R13: 00007f0629a16038 R14: 00007f0629a15fa0 R15: 00007ffc170eb728
[ 2160.235696][T32488]  </TASK>
[ 2163.403982][T32499] netlink: 'syz.2.7416': attribute type 46 has an invalid length.
[ 2163.738126][T32511] netlink: 'syz.2.7421': attribute type 10 has an invalid length.
[ 2164.099769][T32510] delete_channel: no stack
[ 2164.599976][T32511] team0: Port device geneve1 added
[ 2164.885960][T32530] device syzkaller0 entered promiscuous mode
[ 2166.071887][T32561] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7435'.
[ 2166.283193][T32564] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7435'.
[ 2167.504605][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2167.511098][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2168.903048][T32548] netlink: 'syz.0.7431': attribute type 21 has an invalid length.
[ 2168.911987][T32552] netlink: 40115 bytes leftover after parsing attributes in process `syz.0.7431'.
[ 2168.931739][T32561] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7435'.
[ 2169.109113][T32568] FAULT_INJECTION: forcing a failure.
[ 2169.109113][T32568] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2169.177828][T32571] netlink: 188 bytes leftover after parsing attributes in process `syz.6.7439'.
[ 2169.194715][T32568] CPU: 0 PID: 32568 Comm: syz.0.7436 Not tainted syzkaller #0
[ 2169.202356][T32568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2169.212720][T32568] Call Trace:
[ 2169.216085][T32568]  <TASK>
[ 2169.219056][T32568]  dump_stack_lvl+0x188/0x24e
[ 2169.223850][T32568]  ? show_regs_print_info+0x12/0x12
[ 2169.229176][T32568]  ? load_image+0x400/0x400
[ 2169.234011][T32568]  ? __lock_acquire+0x7d10/0x7d10
[ 2169.239111][T32568]  should_fail_ex+0x399/0x4d0
[ 2169.243931][T32568]  _copy_from_user+0x2c/0x170
[ 2169.248685][T32568]  __sys_bpf+0x2ea/0x780
[ 2169.253002][T32568]  ? bpf_link_show_fdinfo+0x380/0x380
[ 2169.258545][T32568]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2169.264792][T32568]  __x64_sys_bpf+0x78/0x90
[ 2169.269297][T32568]  do_syscall_64+0x4c/0xa0
[ 2169.273830][T32568]  ? clear_bhb_loop+0x60/0xb0
[ 2169.278551][T32568]  ? clear_bhb_loop+0x60/0xb0
[ 2169.283349][T32568]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2169.289304][T32568] RIP: 0033:0x7fbd6bf9aeb9
[ 2169.293841][T32568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2169.313498][T32568] RSP: 002b:00007fbd6ce3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2169.322041][T32568] RAX: ffffffffffffffda RBX: 00007fbd6c215fa0 RCX: 00007fbd6bf9aeb9
[ 2169.330225][T32568] RDX: 0000000000000050 RSI: 0000200000000c80 RDI: 000000000000000a
[ 2169.338233][T32568] RBP: 00007fbd6ce3d090 R08: 0000000000000000 R09: 0000000000000000
[ 2169.346407][T32568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2169.354423][T32568] R13: 00007fbd6c216038 R14: 00007fbd6c215fa0 R15: 00007ffe78d4f728
[ 2169.362613][T32568]  </TASK>
[ 2169.617496][T32578] netlink: 'syz.0.7440': attribute type 10 has an invalid length.
[ 2169.988573][T32566] delete_channel: no stack
[ 2170.237163][T32578] team0: Port device geneve1 added
[ 2171.122806][T32615] FAULT_INJECTION: forcing a failure.
[ 2171.122806][T32615] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2171.203028][T32615] CPU: 0 PID: 32615 Comm: syz.6.7450 Not tainted syzkaller #0
[ 2171.210781][T32615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2171.221245][T32615] Call Trace:
[ 2171.224672][T32615]  <TASK>
[ 2171.227731][T32615]  dump_stack_lvl+0x188/0x24e
[ 2171.232482][T32615]  ? show_regs_print_info+0x12/0x12
[ 2171.237784][T32615]  ? load_image+0x400/0x400
[ 2171.242355][T32615]  ? __lock_acquire+0x7d10/0x7d10
[ 2171.247704][T32615]  ? snprintf+0xe5/0x140
[ 2171.252006][T32615]  should_fail_ex+0x399/0x4d0
[ 2171.256752][T32615]  _copy_to_user+0x2c/0x130
[ 2171.261484][T32615]  simple_read_from_buffer+0xe3/0x150
[ 2171.267203][T32615]  proc_fail_nth_read+0x1a6/0x220
[ 2171.272509][T32615]  ? proc_fault_inject_write+0x310/0x310
[ 2171.278481][T32615]  ? fsnotify_perm+0x248/0x550
[ 2171.283410][T32615]  ? proc_fault_inject_write+0x310/0x310
[ 2171.289131][T32615]  vfs_read+0x2de/0xa00
[ 2171.293430][T32615]  ? kernel_read+0x1e0/0x1e0
[ 2171.298234][T32615]  ? __fget_files+0x28/0x4b0
[ 2171.303015][T32615]  ? __fget_files+0x28/0x4b0
[ 2171.307784][T32615]  ? __fget_files+0x43d/0x4b0
[ 2171.312549][T32615]  ? __fdget_pos+0x2ae/0x360
[ 2171.317491][T32615]  ? ksys_read+0x71/0x250
[ 2171.322728][T32615]  ksys_read+0x14c/0x250
[ 2171.327151][T32615]  ? vfs_write+0xa30/0xa30
[ 2171.331943][T32615]  ? lockdep_hardirqs_on+0x94/0x140
[ 2171.337549][T32615]  do_syscall_64+0x4c/0xa0
[ 2171.342498][T32615]  ? clear_bhb_loop+0x60/0xb0
[ 2171.347611][T32615]  ? clear_bhb_loop+0x60/0xb0
[ 2171.352725][T32615]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2171.358785][T32615] RIP: 0033:0x7fe5ee55b78e
[ 2171.363453][T32615] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2171.383843][T32615] RSP: 002b:00007fe5ec7f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2171.392609][T32615] RAX: ffffffffffffffda RBX: 00007fe5ec7f66c0 RCX: 00007fe5ee55b78e
[ 2171.400955][T32615] RDX: 000000000000000f RSI: 00007fe5ec7f60a0 RDI: 0000000000000005
[ 2171.409005][T32615] RBP: 00007fe5ec7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2171.417136][T32615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2171.425317][T32615] R13: 00007fe5ee816128 R14: 00007fe5ee816090 R15: 00007ffe35188698
[ 2171.433765][T32615]  </TASK>
[ 2172.958292][T32610] device syzkaller0 entered promiscuous mode
[ 2176.095923][T32626] delete_channel: no stack
[ 2181.480594][T32635] netlink: 'syz.4.7455': attribute type 10 has an invalid length.
[ 2181.513367][T32635] team0: Device hsr_slave_0 failed to register rx_handler
[ 2181.706581][T32696] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2181.715953][T32696] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2181.747258][ T4281] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[ 2181.821797][T32703] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2181.836433][T32703] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2181.844161][T32703] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2181.851654][T32703] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2181.939834][T32703] device bridge0 entered promiscuous mode
[ 2182.122357][ T4270] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[ 2183.100013][ T4281] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10
[ 2183.821613][ T4281] Bluetooth: hci2: command 0x0409 tx timeout
[ 2184.131970][ T4281] Bluetooth: hci1: command 0x0409 tx timeout
[ 2185.179989][ T4281] Bluetooth: hci3: command 0x0409 tx timeout
[ 2188.683976][  T344] device syzkaller0 entered promiscuous mode
[ 2189.561664][ T4270] Bluetooth: hci1: unexpected event 0x06 length: 151 > 3
[ 2194.313202][  T393] device syzkaller0 entered promiscuous mode
[ 2195.925053][ T4270] Bluetooth: hci4: Malformed HCI Event: 0x22
[ 2198.427598][  T432] device wg2 entered promiscuous mode
[ 2200.086258][ T4270] Bluetooth: hci4: unexpected event 0x2c length: 151 > 17
[ 2200.086330][ T4270] Bluetooth: hci4: Ignoring connect complete event for invalid link type
[ 2201.136388][ T4270] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[ 2204.313341][  T495] device wg2 left promiscuous mode
[ 2204.330897][  T496] device wg2 entered promiscuous mode
[ 2205.387082][  T524] device syzkaller0 entered promiscuous mode
[ 2205.473378][ T4270] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4
[ 2205.837074][ T4270] Bluetooth: hci2: Dropping invalid advertising data
[ 2205.865283][ T4270] Bluetooth: hci2: Malformed LE Event: 0x02
[ 2210.348725][  T618] syzkaller1: tun_chr_ioctl cmd 1074025677
[ 2210.372189][  T618] syzkaller1: linktype set to 805
[ 2211.158492][ T4270] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[ 2211.895514][ T4270] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4
[ 2214.681028][  T771] device syzkaller0 entered promiscuous mode
[ 2215.026550][  T787] device wlan1 entered promiscuous mode
[ 2220.412068][  T875] ref_ctr_offset mismatch. inode: 0x1c4 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x7602
[ 2220.771578][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[ 2224.521725][ T1034] device pim6reg1 entered promiscuous mode
[ 2227.157136][ T1095] device syzkaller0 entered promiscuous mode
[ 2228.938020][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2228.945896][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2232.001743][ T1159] device syzkaller0 entered promiscuous mode
[ 2232.215549][ T4281] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4
[ 2237.201403][ T4281] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[ 2238.427238][ T1248] device syzkaller0 entered promiscuous mode
[ 2246.131151][ T1374] device syzkaller0 entered promiscuous mode
[ 2248.335581][ T4270] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 2248.346524][ T4270] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 2248.356580][ T4270] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 2248.385756][ T4270] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 2248.409576][ T4270] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 2248.428491][ T4270] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 2250.533444][ T4270] Bluetooth: hci5: command 0x0409 tx timeout
[ 2250.990208][ T1404] chnl_net:caif_netlink_parms(): no params data found
[ 2251.109558][T18919] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2251.281418][ T1434] bridge0: port 3(ip6gretap0) entered blocking state
[ 2251.310624][ T1434] bridge0: port 3(ip6gretap0) entered disabled state
[ 2251.329514][ T1434] device ip6gretap0 entered promiscuous mode
[ 2251.357182][ T1434] bridge0: port 3(ip6gretap0) entered blocking state
[ 2251.364834][ T1434] bridge0: port 3(ip6gretap0) entered forwarding state
[ 2251.486443][T18919] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2251.640079][T18919] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2251.715616][ T1404] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2251.723952][ T1404] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2251.744372][ T1404] device bridge_slave_0 entered promiscuous mode
[ 2251.827054][ T1451] syz.5.7938 (1451) used obsolete PPPIOCDETACH ioctl
[ 2251.889444][T18919] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2251.948234][ T1404] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2251.956883][ T1404] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2251.975927][ T1404] device bridge_slave_1 entered promiscuous mode
[ 2252.138578][ T1442] device syzkaller0 entered promiscuous mode
[ 2252.152666][ T1454] device sit0 entered promiscuous mode
[ 2252.183689][ T1404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2252.213159][ T1404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2252.622259][ T4270] Bluetooth: hci5: command 0x041b tx timeout
[ 2254.697104][ T4270] Bluetooth: hci5: command 0x040f tx timeout
[ 2255.753606][ T1459] device syzkaller0 entered promiscuous mode
[ 2255.799547][ T1404] team0: Port device team_slave_0 added
[ 2256.772716][ T4270] Bluetooth: hci5: command 0x0419 tx timeout
[ 2259.134194][ T1404] team0: Port device team_slave_1 added
[ 2259.281550][T18919] device 0 left promiscuous mode
[ 2259.335176][ T1404] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2259.351334][ T1404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2259.448186][ T1404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2259.514857][ T1404] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2259.554992][ T1404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2259.713928][ T1404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2260.247438][ T1404] device hsr_slave_0 entered promiscuous mode
[ 2260.292130][ T1404] device hsr_slave_1 entered promiscuous mode
[ 2260.340736][ T1404] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2260.379157][ T1404] Cannot create hsr debugfs directory
[ 2260.969521][ T1510] device syzkaller0 entered promiscuous mode
[ 2266.220105][ T1585] device sit0 entered promiscuous mode
[ 2266.995898][ T1606] device syzkaller0 entered promiscuous mode
[ 2267.512309][T18919] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2267.527136][T18919] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2267.553305][T18919] batman_adv: batadv0: Interface deactivated: vlan1
[ 2267.562862][T18919] batman_adv: batadv0: Removing interface: vlan1
[ 2267.584047][T18919] device bridge_slave_1 left promiscuous mode
[ 2267.600599][T18919] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2267.687328][T18919] device veth1_macvtap left promiscuous mode
[ 2267.697170][T18919] device veth0_macvtap left promiscuous mode
[ 2267.716064][T18919] device veth1_vlan left promiscuous mode
[ 2268.059542][T18919] team0 (unregistering): Port device geneve1 removed
[ 2268.789806][T18919] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 2268.864331][T18919] team0 (unregistering): Port device team_slave_1 removed
[ 2268.926650][T18919] team0 (unregistering): Port device team_slave_0 removed
[ 2268.995546][T18919] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2269.066569][T18919] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2269.447438][T18919] team0 (unregistering): Port device bond0 removed
[ 2269.493520][T18919] bond0 (unregistering): Released all slaves
[ 2272.715659][ T1404] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2272.806790][ T1404] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2272.830211][ T1404] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2272.896610][ T1404] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2273.239510][ T1404] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2273.314910][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2273.341900][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2273.370750][ T1404] 8021q: adding VLAN 0 to HW filter on device team0
[ 2273.413980][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2273.442380][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2273.472026][T18917] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2273.479495][T18917] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2273.562986][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2273.578406][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2273.612564][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2273.643336][T18917] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2273.650941][T18917] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2273.677880][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 2273.723815][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 2273.746005][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 2273.776497][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2273.811815][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 2273.860574][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 2273.883788][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2273.923716][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 2273.962799][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 2274.026896][ T1404] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2274.047360][ T1404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 2274.075873][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 2274.094799][T18914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 2274.250953][ T4281] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[ 2274.904988][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 2274.938874][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 2274.986396][ T1404] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2275.073059][ T4281] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[ 2275.109788][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 2275.152771][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 2275.215662][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 2275.235004][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 2275.274688][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 2275.357977][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 2275.380990][ T1404] device veth0_vlan entered promiscuous mode
[ 2275.434871][ T1404] device veth1_vlan entered promiscuous mode
[ 2275.555340][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 2275.585467][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 2275.632466][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 2275.664108][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 2275.714164][ T1404] device veth0_macvtap entered promiscuous mode
[ 2275.749127][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 2275.788095][ T1404] device veth1_macvtap entered promiscuous mode
[ 2275.811397][ T4281] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4
[ 2275.885269][ T1404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2275.945147][ T1404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2275.985966][ T1404] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2276.024265][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 2276.062430][T23558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 2276.084453][ T1404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2276.126850][ T1404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2276.174004][ T1404] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2276.254957][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 2276.273028][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 2276.300134][ T1404] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2276.320412][ T1404] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2276.346944][ T1404] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2276.398257][ T1404] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2276.556967][ T1799] pimreg: tun_chr_ioctl cmd 21731
[ 2276.711200][T18917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2276.719245][T18917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2276.766458][T23559] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 2276.869666][T23558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2276.884064][T23558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2276.921787][T18917] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 2278.596524][ T1872] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8078'.
[ 2279.197209][ T4281] Bluetooth: hci1: Received unexpected HCI Event 0x00
[ 2279.700054][ T1914] netlink: 'syz.6.8097': attribute type 19 has an invalid length.
[ 2279.850338][ T1916] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.8098'.
[ 2281.203162][ T1965] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.8118'.
[ 2281.237081][ T1965] bridge_slave_1: default FDB implementation only supports local addresses
[ 2281.949288][ T1998] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8130'.
[ 2281.992305][ T1998] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8130'.
[ 2282.032590][ T1998] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8130'.
[ 2282.059811][ T1998] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8130'.
[ 2282.206790][ T2004] delete_channel: no stack
[ 2283.686536][ T2056] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.8153'.
[ 2284.660754][ T2085] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8167'.
[ 2284.670398][ T2085] bridge_slave_1: default FDB implementation only supports local addresses
[ 2285.435579][ T2122] netlink: 60 bytes leftover after parsing attributes in process `syz.4.8181'.
[ 2285.461574][ T2122] netlink: 60 bytes leftover after parsing attributes in process `syz.4.8181'.
[ 2285.513794][ T2125] netlink: 60 bytes leftover after parsing attributes in process `syz.4.8181'.
[ 2285.592544][ T2122] netlink: 60 bytes leftover after parsing attributes in process `syz.4.8181'.
[ 2285.817696][ T2131] netlink: 1047 bytes leftover after parsing attributes in process `syz.6.8185'.
[ 2285.860214][ T2131] bridge_slave_1: default FDB implementation only supports local addresses
[ 2286.618251][ T2177] netlink: 1047 bytes leftover after parsing attributes in process `syz.6.8207'.
[ 2286.627668][ T2177] bridge_slave_1: default FDB implementation only supports local addresses
[ 2287.311624][ T2205] netlink: 1047 bytes leftover after parsing attributes in process `syz.6.8221'.
[ 2287.321125][ T2205] bridge_slave_1: default FDB implementation only supports local addresses
[ 2288.082311][ T2235] netlink: 1047 bytes leftover after parsing attributes in process `syz.6.8235'.
[ 2288.101469][ T2235] bridge_slave_1: default FDB implementation only supports local addresses
[ 2288.880609][ T2276] netlink: 'syz.5.8248': attribute type 10 has an invalid length.
[ 2288.954686][ T2276] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 2289.821011][ T2319] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.8271'.
[ 2290.376896][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2290.383461][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2291.048748][ T2372] netlink: 'syz.2.8294': attribute type 5 has an invalid length.
[ 2291.190885][ T2382] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8297'.
[ 2291.201742][ T2382] bridge_slave_1: default FDB implementation only supports local addresses
[ 2292.253665][ T2422] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8310'.
[ 2292.293449][ T2422] bridge_slave_1: default FDB implementation only supports local addresses
[ 2295.772708][ T2557] delete_channel: no stack
[ 2296.458176][ T2577] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8361'.
[ 2297.192584][ T2609] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.8373'.
[ 2297.986515][ T2643] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.8385'.
[ 2298.634960][ T2679] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.8399'.
[ 2299.910598][ T2721] netlink: 'syz.6.8413': attribute type 10 has an invalid length.
[ 2299.921566][ T2721] netlink: 168 bytes leftover after parsing attributes in process `syz.6.8413'.
[ 2300.272254][ T2746] netlink: 10 bytes leftover after parsing attributes in process `syz.0.8424'.
[ 2300.570635][ T2760] device syzkaller0 entered promiscuous mode
[ 2302.338615][ T4281] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4
[ 2303.170288][ T4281] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[ 2304.202229][ T4281] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4
[ 2305.856715][ T2920] delete_channel: no stack
[ 2306.173314][ T4281] Bluetooth: hci5: unexpected event 0x05 length: 15 > 4
[ 2308.387392][ T2824] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8453'.
[ 2308.404681][ T2907] netlink: 1047 bytes leftover after parsing attributes in process `syz.5.8489'.
[ 2308.431546][ T2907] bridge_slave_1: default FDB implementation only supports local addresses
[ 2309.014873][ T2976] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8519'.
[ 2309.137093][ T2982] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8521'.
[ 2309.147531][ T2982] bridge_slave_1: default FDB implementation only supports local addresses
[ 2309.319390][ T2991] netlink: 156 bytes leftover after parsing attributes in process `syz.4.8526'.
[ 2309.839340][ T3011] netlink: 1047 bytes leftover after parsing attributes in process `syz.6.8537'.
[ 2309.851793][ T3011] bridge_slave_1: default FDB implementation only supports local addresses
[ 2312.015776][ T3111] netlink: 'syz.5.8577': attribute type 10 has an invalid length.
[ 2312.403402][ T3137] netlink: 60 bytes leftover after parsing attributes in process `syz.5.8586'.
[ 2312.431561][ T3137] netlink: 60 bytes leftover after parsing attributes in process `syz.5.8586'.
[ 2312.464213][ T3139] netlink: 60 bytes leftover after parsing attributes in process `syz.5.8586'.
[ 2313.178427][ T3175] netlink: 60 bytes leftover after parsing attributes in process `syz.4.8601'.
[ 2313.405548][ T3187] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 2313.802397][ T3204] __nla_validate_parse: 3 callbacks suppressed
[ 2313.802422][ T3204] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.8614'.
[ 2314.463655][ T3236] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.8628'.
[ 2314.677693][ T3246] net veth1_virt_wifi ªªªªª: renamed from virt_wifi0
[ 2315.179646][ T3267] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8644'.
[ 2316.075209][ T3308] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.8662'.
[ 2316.307238][ T3319] netlink: 10 bytes leftover after parsing attributes in process `syz.4.8667'.
[ 2317.766861][ T3346] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8676'.
[ 2318.373026][ T3388] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8690'.
[ 2319.110699][ T3423] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.8706'.
[ 2319.558502][ T3450] netlink: 60 bytes leftover after parsing attributes in process `syz.6.8716'.
[ 2319.584135][ T3450] netlink: 60 bytes leftover after parsing attributes in process `syz.6.8716'.
[ 2319.623495][ T3452] netlink: 60 bytes leftover after parsing attributes in process `syz.6.8716'.
[ 2319.675114][ T3450] netlink: 60 bytes leftover after parsing attributes in process `syz.6.8716'.
[ 2319.842587][ T3463] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.8723'.
[ 2320.644846][ T3492] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.8736'.
[ 2321.786931][ T3531] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.8749'.
[ 2322.762201][ T3564] syz.5.8766[3564] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2322.762323][ T3564] syz.5.8766[3564] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2323.606621][ T4281] Bluetooth: hci4: unexpected subevent 0x04 length: 150 > 11
[ 2323.628884][ T3595] syz.4.8780[3595] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2323.629000][ T3595] syz.4.8780[3595] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2324.230984][ T3633] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.8795'.
[ 2324.880918][ T3662] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8808'.
[ 2325.142566][ T3670] netlink: 56 bytes leftover after parsing attributes in process `syz.0.8813'.
[ 2325.587549][ T3694] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.8823'.
[ 2326.424768][ T3717] netlink: 1047 bytes leftover after parsing attributes in process `syz.5.8833'.
[ 2326.485284][ T3717] bridge_slave_1: default FDB implementation only supports local addresses
[ 2326.860101][ T3747] syz.5.8847[3747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2326.860222][ T3747] syz.5.8847[3747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2327.699188][ T3782] syz.2.8862[3782] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2327.780750][ T3782] syz.2.8862[3782] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2327.959287][ T4281] Bluetooth: hci5: unexpected event 0x04 length: 15 > 10
[ 2328.921961][ T3816] syz.6.8877[3816] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2328.929373][ T3816] syz.6.8877[3816] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2329.175176][ T4281] Bluetooth: hci4: unexpected event 0x04 length: 15 > 10
[ 2330.052238][ T4281] Bluetooth: hci5: command 0x0409 tx timeout
[ 2330.543489][ T3857] device syzkaller0 entered promiscuous mode
[ 2331.255260][ T4281] Bluetooth: hci4: command 0x0409 tx timeout
[ 2334.329426][ T3885] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8905'.
[ 2334.339712][ T3888] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8906'.
[ 2334.353888][ T3888] bridge_slave_1: default FDB implementation only supports local addresses
[ 2334.364620][ T3898] netlink: 55631 bytes leftover after parsing attributes in process `syz.5.8909'.
[ 2334.923798][ T3939] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8926'.
[ 2334.942537][ T3939] bridge_slave_1: default FDB implementation only supports local addresses
[ 2334.977731][ T3942] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.8927'.
[ 2335.169950][ T3946] device syzkaller0 entered promiscuous mode
[ 2335.240083][ T3955] syz.6.8933[3955] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2335.240196][ T3955] syz.6.8933[3955] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2336.295132][ T3990] syz.6.8948[3990] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2336.307635][ T3990] syz.6.8948[3990] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2337.650163][ T4027] syz.6.8962[4027] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2337.678367][ T4027] syz.6.8962[4027] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2340.393046][ T3974] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8941'.
[ 2340.414626][ T3973] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.8942'.
[ 2340.427639][ T3973] bridge_slave_1: default FDB implementation only supports local addresses
[ 2340.983761][ T4117] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.9000'.
[ 2341.215259][ T4119] device syzkaller0 entered promiscuous mode
[ 2341.226119][ T4121] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.9002'.
[ 2341.246420][ T4121] bridge_slave_1: default FDB implementation only supports local addresses
[ 2347.144041][ T4157] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9017'.
[ 2347.153947][ T4161] netlink: 1047 bytes leftover after parsing attributes in process `syz.5.9019'.
[ 2347.166045][ T4161] bridge_slave_1: default FDB implementation only supports local addresses
[ 2347.363992][ T4199] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 2347.373600][ T4199] device syzkaller0 entered promiscuous mode
[ 2347.945503][ T4229] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9045'.
[ 2348.011892][ T4227] netlink: 1047 bytes leftover after parsing attributes in process `syz.5.9046'.
[ 2348.026534][ T4227] bridge_slave_1: default FDB implementation only supports local addresses
[ 2351.085470][ T4312] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9083'.
[ 2351.816452][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 2351.823034][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 2352.337819][ T4355] netlink: 14 bytes leftover after parsing attributes in process `syz.2.9104'.
[ 2353.568654][ T4398] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9121'.
[ 2353.629873][ T4398] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9121'.
[ 2353.671412][ T4397] netlink: 1047 bytes leftover after parsing attributes in process `syz.5.9123'.
[ 2353.680726][ T4397] bridge_slave_1: default FDB implementation only supports local addresses
[ 2353.709460][ T4401] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9121'.
[ 2353.748677][ T4398] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9121'.
[ 2353.821570][ T4404] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9121'.
[ 2354.088411][ T4416] ==================================================================
[ 2354.096653][ T4416] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6c9/0x920
[ 2354.104817][ T4416] Write of size 56 at addr ffff88801abe7310 by task syz.4.9130/4416
[ 2354.112937][ T4416] 
[ 2354.115429][ T4416] CPU: 0 PID: 4416 Comm: syz.4.9130 Not tainted syzkaller #0
[ 2354.123335][ T4416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2354.133528][ T4416] Call Trace:
[ 2354.136846][ T4416]  <TASK>
[ 2354.139818][ T4416]  dump_stack_lvl+0x188/0x24e
[ 2354.144880][ T4416]  ? __lock_acquire+0x7d10/0x7d10
[ 2354.150007][ T4416]  ? show_regs_print_info+0x12/0x12
[ 2354.155295][ T4416]  ? load_image+0x400/0x400
[ 2354.159953][ T4416]  ? _raw_spin_lock_irqsave+0xbc/0x100
[ 2354.165557][ T4416]  ? __virt_addr_valid+0x188/0x540
[ 2354.170766][ T4416]  ? __virt_addr_valid+0x465/0x540
[ 2354.176051][ T4416]  ? __bpf_get_stackid+0x6c9/0x920
[ 2354.181235][ T4416]  print_report+0xa8/0x210
[ 2354.185866][ T4416]  kasan_report+0x10b/0x140
[ 2354.190552][ T4416]  ? __bpf_get_stackid+0x6c9/0x920
[ 2354.196224][ T4416]  kasan_check_range+0x235/0x290
[ 2354.201247][ T4416]  ? __bpf_get_stackid+0x6c9/0x920
[ 2354.206517][ T4416]  memcpy+0x3c/0x60
[ 2354.210471][ T4416]  __bpf_get_stackid+0x6c9/0x920
[ 2354.215526][ T4416]  bpf_get_stackid_pe+0x33f/0x400
[ 2354.220739][ T4416]  bpf_prog_16fa1569821187d5+0x21/0x31
[ 2354.226524][ T4416]  bpf_overflow_handler+0x522/0x7c0
[ 2354.232009][ T4416]  ? bpf_overflow_handler+0xd9/0x7c0
[ 2354.237837][ T4416]  ? perf_event_switch_output+0x760/0x760
[ 2354.243635][ T4416]  ? __perf_event_account_interrupt+0x187/0x280
[ 2354.250405][ T4416]  __perf_event_overflow+0x448/0x610
[ 2354.255874][ T4416]  ___perf_sw_event+0x49e/0x6e0
[ 2354.260803][ T4416]  ? ___perf_sw_event+0x180/0x6e0
[ 2354.265996][ T4416]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[ 2354.272487][ T4416]  ? __lock_acquire+0x13cf/0x7d10
[ 2354.277600][ T4416]  ? lockdep_hardirqs_on+0x94/0x140
[ 2354.282869][ T4416]  ? verify_lock_unused+0x140/0x140
[ 2354.288289][ T4416]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2354.294348][ T4416]  ? lock_chain_count+0x20/0x20
[ 2354.299275][ T4416]  __perf_sw_event+0x135/0x260
[ 2354.304121][ T4416]  do_user_addr_fault+0xaea/0xb10
[ 2354.309228][ T4416]  ? trace_hardirqs_off_finish+0x86/0x180
[ 2354.315028][ T4416]  exc_page_fault+0x60/0x100
[ 2354.319829][ T4416]  asm_exc_page_fault+0x22/0x30
[ 2354.324923][ T4416] RIP: 0010:copy_user_short_string+0xa/0x40
[ 2354.331127][ T4416] Code: 83 f8 12 74 0a 89 d1 f3 a4 89 c8 0f 01 ca c3 89 d0 0f 01 ca c3 01 ca eb e7 90 90 90 90 90 90 90 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10
[ 2354.350895][ T4416] RSP: 0018:ffffc900034a7ba8 EFLAGS: 00050202
[ 2354.357024][ T4416] RAX: ffffffff8410e701 RBX: 0000000000000038 RCX: 0000000000000007
[ 2354.365062][ T4416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900034a7c40
[ 2354.373105][ T4416] RBP: 0000000000000000 R08: ffffc900034a7c77 R09: 1ffff92000694f8e
[ 2354.381146][ T4416] R10: dffffc0000000000 R11: fffff52000694f8f R12: 00007fffffffefc8
[ 2354.389364][ T4416] R13: dffffc0000000000 R14: ffffc900034a7c40 R15: 0000000000000000
[ 2354.397653][ T4416]  ? refcount_dec_and_lock_irqsave+0xd1/0xf0
[ 2354.403715][ T4416]  _copy_from_user+0xf4/0x170
[ 2354.408560][ T4416]  ___sys_recvmsg+0x172/0x590
[ 2354.413430][ T4416]  ? __sys_recvmsg+0x290/0x290
[ 2354.418377][ T4416]  ? __fget_files+0x43d/0x4b0
[ 2354.423215][ T4416]  __x64_sys_recvmsg+0x205/0x2e0
[ 2354.428232][ T4416]  ? ___sys_recvmsg+0x590/0x590
[ 2354.433154][ T4416]  ? lockdep_hardirqs_on+0x94/0x140
[ 2354.438416][ T4416]  do_syscall_64+0x4c/0xa0
[ 2354.442895][ T4416]  ? clear_bhb_loop+0x60/0xb0
[ 2354.447638][ T4416]  ? clear_bhb_loop+0x60/0xb0
[ 2354.452545][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2354.458498][ T4416] RIP: 0033:0x7f870999aeb9
[ 2354.462971][ T4416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2354.482634][ T4416] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 2354.491119][ T4416] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 2354.499231][ T4416] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006
[ 2354.507442][ T4416] RBP: 00007f8709a08c1f R08: 0000000000000000 R09: 0000000000000000
[ 2354.515832][ T4416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2354.523950][ T4416] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2354.531988][ T4416]  </TASK>
[ 2354.535059][ T4416] 
[ 2354.537492][ T4416] Allocated by task 4416:
[ 2354.541973][ T4416]  kasan_set_track+0x4b/0x70
[ 2354.546633][ T4416]  __kasan_kmalloc+0x8e/0xa0
[ 2354.551287][ T4416]  __kmalloc_node+0xb0/0x240
[ 2354.556003][ T4416]  bpf_map_area_alloc+0x47/0xe0
[ 2354.560907][ T4416]  prealloc_elems_and_freelist+0x86/0x1c0
[ 2354.566864][ T4416]  stack_map_alloc+0x390/0x520
[ 2354.571746][ T4416]  map_create+0x534/0x1000
[ 2354.576235][ T4416]  __sys_bpf+0x38b/0x780
[ 2354.580550][ T4416]  __x64_sys_bpf+0x78/0x90
[ 2354.585036][ T4416]  do_syscall_64+0x4c/0xa0
[ 2354.589618][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2354.595768][ T4416] 
[ 2354.598155][ T4416] Last potentially related work creation:
[ 2354.603917][ T4416]  kasan_save_stack+0x3a/0x60
[ 2354.608757][ T4416]  __kasan_record_aux_stack+0xb2/0xc0
[ 2354.614189][ T4416]  call_rcu+0x14f/0x990
[ 2354.618540][ T4416]  nf_unregister_net_hooks+0xc7/0x130
[ 2354.624129][ T4416]  setup_net+0x91b/0xbd0
[ 2354.628504][ T4416]  copy_net_ns+0x348/0x5b0
[ 2354.633161][ T4416]  create_new_namespaces+0x3d3/0x6f0
[ 2354.638577][ T4416]  copy_namespaces+0x3b0/0x410
[ 2354.643403][ T4416]  copy_process+0x19c2/0x4030
[ 2354.648261][ T4416]  kernel_clone+0x24b/0x900
[ 2354.652873][ T4416]  __x64_sys_clone+0x1a7/0x220
[ 2354.657712][ T4416]  do_syscall_64+0x4c/0xa0
[ 2354.662299][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2354.668333][ T4416] 
[ 2354.670811][ T4416] Second to last potentially related work creation:
[ 2354.677561][ T4416]  kasan_save_stack+0x3a/0x60
[ 2354.682320][ T4416]  __kasan_record_aux_stack+0xb2/0xc0
[ 2354.688060][ T4416]  call_rcu+0x14f/0x990
[ 2354.692298][ T4416]  __nf_register_net_hook+0x788/0x910
[ 2354.698232][ T4416]  nf_register_net_hook+0xae/0x190
[ 2354.703428][ T4416]  nf_register_net_hooks+0x40/0x1a0
[ 2354.708723][ T4416]  nf_ct_netns_do_get+0x3bc/0x5b0
[ 2354.713815][ T4416]  nf_ct_netns_inet_get+0x1f/0x150
[ 2354.718987][ T4416]  nf_conncount_init+0x123/0x380
[ 2354.724191][ T4416]  ovs_ct_init+0x312/0x480
[ 2354.728946][ T4416]  ovs_init_net+0x1e2/0x240
[ 2354.733521][ T4416]  ops_init+0x355/0x5f0
[ 2354.737750][ T4416]  setup_net+0x4f2/0xbd0
[ 2354.742102][ T4416]  copy_net_ns+0x348/0x5b0
[ 2354.746575][ T4416]  create_new_namespaces+0x3d3/0x6f0
[ 2354.752034][ T4416]  copy_namespaces+0x3b0/0x410
[ 2354.756932][ T4416]  copy_process+0x19c2/0x4030
[ 2354.761691][ T4416]  kernel_clone+0x24b/0x900
[ 2354.766254][ T4416]  __x64_sys_clone+0x1a7/0x220
[ 2354.771175][ T4416]  do_syscall_64+0x4c/0xa0
[ 2354.775660][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2354.781887][ T4416] 
[ 2354.784331][ T4416] The buggy address belongs to the object at ffff88801abe7300
[ 2354.784331][ T4416]  which belongs to the cache kmalloc-cg-64 of size 64
[ 2354.798773][ T4416] The buggy address is located 16 bytes inside of
[ 2354.798773][ T4416]  64-byte region [ffff88801abe7300, ffff88801abe7340)
[ 2354.812085][ T4416] 
[ 2354.814432][ T4416] The buggy address belongs to the physical page:
[ 2354.820955][ T4416] page:ffffea00006af9c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801abe7b00 pfn:0x1abe7
[ 2354.832489][ T4416] memcg:ffff88802fa1e001
[ 2354.836757][ T4416] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 2354.844427][ T4416] raw: 00fff00000000200 ffffea00010fa100 dead000000000006 ffff888017442780
[ 2354.853133][ T4416] raw: ffff88801abe7b00 000000008020001f 00000001ffffffff ffff88802fa1e001
[ 2354.861749][ T4416] page dumped because: kasan: bad access detected
[ 2354.868246][ T4416] page_owner tracks the page as allocated
[ 2354.874021][ T4416] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 7207, tgid 7207 (syz-executor), ts 526820693966, free_ts 526820190467
[ 2354.892475][ T4416]  post_alloc_hook+0x173/0x1a0
[ 2354.897416][ T4416]  get_page_from_freelist+0x1a1e/0x1ab0
[ 2354.902996][ T4416]  __alloc_pages+0x1ec/0x4f0
[ 2354.907707][ T4416]  alloc_slab_page+0x5d/0x160
[ 2354.912422][ T4416]  new_slab+0x87/0x2c0
[ 2354.916692][ T4416]  ___slab_alloc+0xbc6/0x1240
[ 2354.921483][ T4416]  __kmem_cache_alloc_node+0x1a0/0x260
[ 2354.926991][ T4416]  kmalloc_trace+0x26/0xe0
[ 2354.931552][ T4416]  alloc_fdtable+0xca/0x2c0
[ 2354.936123][ T4416]  dup_fd+0x782/0xa50
[ 2354.940228][ T4416]  copy_files+0x72/0xe0
[ 2354.944512][ T4416]  copy_process+0x1835/0x4030
[ 2354.949310][ T4416]  kernel_clone+0x24b/0x900
[ 2354.954187][ T4416]  __x64_sys_clone+0x1a7/0x220
[ 2354.959116][ T4416]  do_syscall_64+0x4c/0xa0
[ 2354.963661][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2354.969719][ T4416] page last free stack trace:
[ 2354.974516][ T4416]  free_unref_page_prepare+0x8b4/0x9a0
[ 2354.980323][ T4416]  free_unref_page+0x2e/0x3f0
[ 2354.985119][ T4416]  __vunmap+0x856/0xa00
[ 2354.989329][ T4416]  __do_replace+0x86d/0x980
[ 2354.994078][ T4416]  do_ip6t_set_ctl+0xb44/0xe10
[ 2354.998871][ T4416]  nf_setsockopt+0x25f/0x280
[ 2355.003664][ T4416]  __sys_setsockopt+0x2bf/0x3d0
[ 2355.008756][ T4416]  __x64_sys_setsockopt+0xb1/0xc0
[ 2355.013812][ T4416]  do_syscall_64+0x4c/0xa0
[ 2355.018354][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2355.024284][ T4416] 
[ 2355.026631][ T4416] Memory state around the buggy address:
[ 2355.032287][ T4416]  ffff88801abe7200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2355.040377][ T4416]  ffff88801abe7280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2355.048468][ T4416] >ffff88801abe7300: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 2355.056556][ T4416]                                   ^
[ 2355.062149][ T4416]  ffff88801abe7380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2355.070421][ T4416]  ffff88801abe7400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2355.078685][ T4416] ==================================================================
[ 2355.087977][ T4416] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 2355.095244][ T4416] CPU: 0 PID: 4416 Comm: syz.4.9130 Not tainted syzkaller #0
[ 2355.102742][ T4416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 2355.112846][ T4416] Call Trace:
[ 2355.116254][ T4416]  <TASK>
[ 2355.119221][ T4416]  dump_stack_lvl+0x188/0x24e
[ 2355.123975][ T4416]  ? memcpy+0x3c/0x60
[ 2355.128002][ T4416]  ? show_regs_print_info+0x12/0x12
[ 2355.133315][ T4416]  ? load_image+0x400/0x400
[ 2355.137971][ T4416]  panic+0x2e5/0x730
[ 2355.141930][ T4416]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 2355.148143][ T4416]  ? bpf_jit_dump+0xd0/0xd0
[ 2355.152809][ T4416]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 2355.158874][ T4416]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2355.164841][ T4416]  ? _raw_spin_unlock+0x40/0x40
[ 2355.169751][ T4416]  check_panic_on_warn+0x80/0xa0
[ 2355.174768][ T4416]  ? __bpf_get_stackid+0x6c9/0x920
[ 2355.180036][ T4416]  end_report+0x66/0x110
[ 2355.184349][ T4416]  kasan_report+0x118/0x140
[ 2355.188916][ T4416]  ? __bpf_get_stackid+0x6c9/0x920
[ 2355.194249][ T4416]  kasan_check_range+0x235/0x290
[ 2355.199432][ T4416]  ? __bpf_get_stackid+0x6c9/0x920
[ 2355.204610][ T4416]  memcpy+0x3c/0x60
[ 2355.208489][ T4416]  __bpf_get_stackid+0x6c9/0x920
[ 2355.213588][ T4416]  bpf_get_stackid_pe+0x33f/0x400
[ 2355.218825][ T4416]  bpf_prog_16fa1569821187d5+0x21/0x31
[ 2355.224319][ T4416]  bpf_overflow_handler+0x522/0x7c0
[ 2355.229579][ T4416]  ? bpf_overflow_handler+0xd9/0x7c0
[ 2355.234915][ T4416]  ? perf_event_switch_output+0x760/0x760
[ 2355.240779][ T4416]  ? __perf_event_account_interrupt+0x187/0x280
[ 2355.247344][ T4416]  __perf_event_overflow+0x448/0x610
[ 2355.252787][ T4416]  ___perf_sw_event+0x49e/0x6e0
[ 2355.257707][ T4416]  ? ___perf_sw_event+0x180/0x6e0
[ 2355.262782][ T4416]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[ 2355.269264][ T4416]  ? __lock_acquire+0x13cf/0x7d10
[ 2355.274364][ T4416]  ? lockdep_hardirqs_on+0x94/0x140
[ 2355.279620][ T4416]  ? verify_lock_unused+0x140/0x140
[ 2355.284896][ T4416]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 2355.290957][ T4416]  ? lock_chain_count+0x20/0x20
[ 2355.295880][ T4416]  __perf_sw_event+0x135/0x260
[ 2355.300748][ T4416]  do_user_addr_fault+0xaea/0xb10
[ 2355.305947][ T4416]  ? trace_hardirqs_off_finish+0x86/0x180
[ 2355.311906][ T4416]  exc_page_fault+0x60/0x100
[ 2355.316647][ T4416]  asm_exc_page_fault+0x22/0x30
[ 2355.321642][ T4416] RIP: 0010:copy_user_short_string+0xa/0x40
[ 2355.327951][ T4416] Code: 83 f8 12 74 0a 89 d1 f3 a4 89 c8 0f 01 ca c3 89 d0 0f 01 ca c3 01 ca eb e7 90 90 90 90 90 90 90 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10
[ 2355.347609][ T4416] RSP: 0018:ffffc900034a7ba8 EFLAGS: 00050202
[ 2355.353751][ T4416] RAX: ffffffff8410e701 RBX: 0000000000000038 RCX: 0000000000000007
[ 2355.361801][ T4416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900034a7c40
[ 2355.370226][ T4416] RBP: 0000000000000000 R08: ffffc900034a7c77 R09: 1ffff92000694f8e
[ 2355.378314][ T4416] R10: dffffc0000000000 R11: fffff52000694f8f R12: 00007fffffffefc8
[ 2355.386313][ T4416] R13: dffffc0000000000 R14: ffffc900034a7c40 R15: 0000000000000000
[ 2355.394319][ T4416]  ? refcount_dec_and_lock_irqsave+0xd1/0xf0
[ 2355.400347][ T4416]  _copy_from_user+0xf4/0x170
[ 2355.405171][ T4416]  ___sys_recvmsg+0x172/0x590
[ 2355.409990][ T4416]  ? __sys_recvmsg+0x290/0x290
[ 2355.414794][ T4416]  ? __fget_files+0x43d/0x4b0
[ 2355.419509][ T4416]  __x64_sys_recvmsg+0x205/0x2e0
[ 2355.424483][ T4416]  ? ___sys_recvmsg+0x590/0x590
[ 2355.429380][ T4416]  ? lockdep_hardirqs_on+0x94/0x140
[ 2355.434609][ T4416]  do_syscall_64+0x4c/0xa0
[ 2355.439156][ T4416]  ? clear_bhb_loop+0x60/0xb0
[ 2355.443877][ T4416]  ? clear_bhb_loop+0x60/0xb0
[ 2355.448582][ T4416]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2355.454765][ T4416] RIP: 0033:0x7f870999aeb9
[ 2355.459288][ T4416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2355.479197][ T4416] RSP: 002b:00007f870a8ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 2355.487660][ T4416] RAX: ffffffffffffffda RBX: 00007f8709c15fa0 RCX: 00007f870999aeb9
[ 2355.495743][ T4416] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006
[ 2355.504099][ T4416] RBP: 00007f8709a08c1f R08: 0000000000000000 R09: 0000000000000000
[ 2355.512177][ T4416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2355.520268][ T4416] R13: 00007f8709c16038 R14: 00007f8709c15fa0 R15: 00007ffef6152ad8
[ 2355.528289][ T4416]  </TASK>
[ 2355.532199][ T4416] Kernel Offset: disabled
[ 2355.536552][ T4416] Rebooting in 86400 seconds..