last executing test programs:

1m5.527740526s ago: executing program 1 (id=22):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x2400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

53.573174057s ago: executing program 1 (id=22):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x2400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

42.267884855s ago: executing program 1 (id=22):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x2400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

27.035986085s ago: executing program 1 (id=22):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x2400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

17.076166853s ago: executing program 1 (id=22):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x2400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

4.990869716s ago: executing program 2 (id=1204):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, @perf_bp={0x0, 0x1}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16493812}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014006040400010404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1, 0x0, 0x300}, 0x4000050)

4.738252337s ago: executing program 2 (id=1207):
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={<r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x1b)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x3, 0x3a)
r3 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r1, r2})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
socket$kcm(0x2, 0x5, 0x84)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000102000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.368869369s ago: executing program 0 (id=1211):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x60)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000020000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x7, 0x8, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.091143385s ago: executing program 3 (id=1215):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000020000000000000000000000850000004100000085000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000005000000095"], &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000000000000000000001"], 0x0, 0x2a}, 0x28)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x55, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x0, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x10000, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='cpuacct.usage_percpu\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x10}}], 0xe8}, 0x40002000)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dummy0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080))

3.721208591s ago: executing program 3 (id=1216):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x40002002)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d8000000180081034e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a8000100fec0ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000009fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a25ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81", 0xa2}], 0x1}, 0x20040000)
socket$kcm(0x2c, 0x3, 0x0)

3.594321423s ago: executing program 2 (id=1218):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000200"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000000440100"], 0x48)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890b, &(0x7f0000000100))

3.533047445s ago: executing program 4 (id=1219):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1509, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x8000000000000001}, 0x30d319, 0x4, 0x0, 0x5, 0x2, 0x4, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000400000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.448817216s ago: executing program 2 (id=1220):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'veth0_virt_wifi\x00', 0x7c2})
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000300)=r3, 0x4) (async)
setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000300)=r3, 0x4)
r4 = openat$cgroup_ro(r3, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xc}, 0x50) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xc}, 0x50)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xb, 0x4, 0x8, 0x2, 0x2, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r7, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1}) (async)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r5, 0x400454cd, 0x306)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000140)={'syzkaller0\x00', @random="371692e7f7ef"})
close(0x3) (async)
close(0x3)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r10, 0xc004743e, 0x110e22fff6)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) (async)
r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r11, 0x4004743d, 0x110e22fff6)
write$cgroup_pid(r4, &(0x7f0000000000), 0x2a979d) (async)
write$cgroup_pid(r4, &(0x7f0000000000), 0x2a979d)
ioctl$SIOCSIFHWADDR(r4, 0x401c5820, &(0x7f0000000080)={'macvlan1\x00', @broadcast})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x3, 0x3, 0x64, 0x9}, {0x64, 0x1, 0x0, 0x9}, {0x6, 0x6, 0x0, 0x3}]})

3.314240635s ago: executing program 0 (id=1221):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0xa4706, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x320, 0x0, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000200000000000000000000000850000008a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000180)='syzkaller\x00', 0xb, 0x0, 0x0, 0x40f00, 0x2a, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)

3.313947682s ago: executing program 2 (id=1222):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, 0x0}, 0x0)
socket$kcm(0x2, 0x1, 0x84)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x10000003, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0)
recvmsg$unix(r2, 0x0, 0x122)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f9e000000000000"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x1e00, 0x49, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r4 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r4, 0x84, 0x15, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$kcm(0x22, 0x2, 0x21)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000a000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r5, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

3.274724704s ago: executing program 3 (id=1223):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket$kcm(0xa, 0x3, 0x3a)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000700)}], 0x1}, 0x0)

3.201351065s ago: executing program 4 (id=1224):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x5}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80208, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xf}, 0x10000, 0x0, 0x8, 0x9, 0x0, 0xfffffffe, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)

3.062233809s ago: executing program 0 (id=1225):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_config_ext={0x8, 0x9}, 0x0, 0x2, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='mm_lru_activate\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000efff000000002e26f5e40008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$kcm(0xa, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x8918, &(0x7f0000000000)={r3})
r4 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x0, 0xa}, {0x10000002}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0xacf, 0x2, 0x0, 0x104, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x0, 0x2}, 0x50)
close(r6)
recvmsg$unix(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000140)={'geneve0\x00'})
setsockopt$sock_attach_bpf(r4, 0x84, 0x6e, &(0x7f0000000000), 0x10)

3.060010888s ago: executing program 4 (id=1226):
r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f0000000800)=@ethernet={0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}}, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000240)="2c292d5bd7d42de4a3d3eb39082be2d982695e61802ddc5a1a07e1c270fd5391392a466f7e", 0x25}, {&(0x7f0000000880)="f8ec026d15b93cf3ea098d54d9560d5ed9777461b87bd39361fb970c4af2aa243111081e7d658352e5937bfcd3e33da2cc24a4c97766412700574677124ac2c31cc0ed4ca3e5a2333bc1147e3af12039f01ce2d2c74d535c9a58a3f939ec6d0f18d0a3ade49a9d961cb9cd862e8961d22c80035f41dc3d95ed3975db", 0x7c}, {&(0x7f0000000900)="557c7053db98b6d4520f2bcd42db299d9481b70fc5d9af78eed87b787d6bf075fd90767c314782578d11e5aa34b5e1fd50faa40d3c7ffc16fd2b8a7041ff25e6b2b96f3ddd5005953e803d285db8253ba8832ee960a1c512745fe941d6bc203147bc3539ed246db5fe2b7be537317b9f66fd9c81c9ea3bcf3f426324793a0c5067e7c46e4b8386175f9e49f45bd8030a3d86b9ec5ca5e3e9724d5b0e1ab6a31faec335c7bba67d979d690902f97cf795f62a163aecc0dec98a0e8756ef379aa55b00265b", 0xc4}, {&(0x7f0000000a00)="e4b2a6883af2e6709c6a14bcd4b82bbd0881200b2e2141530db7ad635feeeb07e93f4bd985590219090e27e2f553f363486d1507291ae9822c5e98d5a0b52a70dbd6055609029aeff5798bd1bebbd357d8eeaa2377e22bef17301a9a149b7f0e0e6d023526cc65c2562813d13fcd96a3d71e43fc0bccc30095bc537fb098ed5344f67d456921e517a4de0be7d77f768d0dcbf67f926af93e1e9baf05a9aaad630c13f9364d84a15d", 0xa8}, {&(0x7f0000000ac0)="febec2a9a7e2192f6ace40e4ea1a337f9c2969aef01b67543f977af3fb05503a1089d9c6f044e0e8ed11bd5a773e592e11e0eae4f46407011ab827c285b6f3f5734f278379a3c3c79665dacea9db38c916504317a3b74cf36de9d71c13f5c062e2e9cc842a3a1eddedf7b9a895ec94571629e97167b1f38bae6008774eb1e62f21c51769bf", 0x85}, {&(0x7f0000000b80)="e3e6cf4bac3d3a20300073b876b62e019003fdfd2725f8823d9f171c6b97db2d4ccd1b4c5db21139791e61a1758a14b0bfa2b1d44c29084cfc6cdc", 0x3b}], 0x6, &(0x7f0000001fc0)=ANY=[@ANYBLOB="10100000000000008400000008000000b67f2467343af4d71182395524d3c23c57dff1752ae8322ff3209792a96c214f5ec370354be01df6c4c26d9497d29f52becb83592651e58e72b3b874165bd8e1012f05450035f4feda9f8422e23a15d88dd8a865c5ed47f2c480979fdaadbfbf77eedadf5b2ec41d104bcae29520c187187182b0f768c3f142f07448f3cc72292e6073943977ce3facce96566e10d8d54ae03a7ee7e2faaf18e623e36d7bdd84d12d6c529c8ad868d248d0bcb3d2734e4372cecd5bd9fe4e9ac817ab97fd751cf7dc6b95015c04543edd63c7e0a268515b1cc1528201c5b658803b97a383251fdec476bf001d3d64683eb48be9c7c6cd0d31491fa9f7aa1fdfe0e305e103d76babeb58e3d212b7824b003179c3e1fa50ee0a7288b0a250fb002b6cbc81826c97dc0d09625100ee8938f6bb868723f8f30d1997c80e3a8b406ea6ee5dacc7ed39675a4a926893541ab53f197bca3f6ea921cfc6a91c1e78f00aa66284b79f8e958826c5fcaabb6b8c5ce666af44b8b9a797f76568ec262444af7b44090130cfc731c21fe5bc0a62fa3ec792d28f5f5271e7f1091b7752a7380eedb38070a29075ffb48f2b9a4e36394792da1fe9bdb5ee0eabf35c977c72c6798fa348fa0c00852f2d57c33163db1907c18a9c628af2e86c1e60e538c5249bb919ab0da2196c7fa19e33640acff5329f2f9d4e8d63e60708ab49a0fa1efb2b5c21e749787e1eddf7f7a3b1d09d825880e75831b6c832f831c354177f1d4d9a681b4cdeb7fd012a5162c3e93edea3e0fffd2994e17a05a936f42974fa2d2e3a5654431839995d71116fbb0d5222ea4be3207a3a87b414eaa643431cfe115afb4914f8ec4e393725294537fae311f5897344fc86577adbe674799bf0e4ddeb5eadf379101b6608176a082db1480a1de8061d0fdcdca0838e93b51c4537a199d4aef73ba82e674054a0ed370a506b5181d7920f95bb867a1e4da7195418e141fbb9de32b4cda87d2ddce88a4f8b5b9a831144713868bc9418f7b1dd4f2cf5551e097b097e69d5b42049e0b39a5d0604d069506f1a1e7befb660dc1d1a46047e0d19c2120ac96ae8b83474fee62ad386cd732dde9a1beccd6250c6c4ff8bcfec1d219793ef2e2be52ad59c59557484728c78cce22d81204e5c4612b446ea0394fb613a95cd17069ae36eacb42a92389197790be02ce000676ba25b8f6504fd42c92bc6255c3d5e20c0d5ff27162fb593a6fb7a8ebbcd488a262f9bcde79d330cf6b5df007e09c311b8f37ddbecf1d3662455687901331359153101d03bebd44b8c8ff47bbca4c9daeae8dd4884d98cbc4e13c77206e89d11622367975429c95c5b283a17c734491b024413a4c410836e9de1208d776d8650152442507775b09f49fe554e73693884c6da16969a598fef94e59c4e99ddbc469b1253fb2bed043f12bd1cd0e0bcaff0ee6bf007b7697c3ec59ff4e1fcc77f58f76328d195639d99005c1675d9a71c71fc8fa78af66266e8f3deac34f579201452483681911a981f2ca523d98546eda0f0fa7a77bf15df36332bfe892231fe0ea28eb84dae488d63eeb8605458abfedd5f62450c60028756c2b083f8db25705751842a17a6337d50fcc2475945b9ce72dc88f2840cc641140cf4df74e2f90e6d48ad1df2d619200dbd789880b29a90846b85ec0e225ed51f2eac092e0270b8b4812e2cfa4696338705630cb3c0401fc23aa85a617a651f52cfa024c06f41102f8f7ce00488a1fbe21b905a30a9dd759dba1d52f399829398a6670e322a13edc6177bf75cce3cf3639d8b21457d011e10e689495d4c963e8517a5cdb18b6636cd3d9685442099aa77f8a4d2a9aea545ac35e0ee775cf0fd20aa45ce4fde963c3468ad6df6b6ebb885f26fe82b9dca2e415e32fcd1de981f69887c143df70035a400cc1895bdc493ec50f63e08528c19b643178c9f7881cf5bd61b97fb704578612d252744982feea4775a447226070b9a2ceedd808b2aa509c8c8a574da65072bb9ef3d386f105b3c76468aac8ce993f1dbf56147850eabb787c858c560b202fb27c615511320a09e4af4d1666c6191798a81554229fc29d98280f1c88009ca46f2d67542ffae711507afa0a3ca3353c9230d58cdf55b081f3783095b63bd378bcebced8ede6dcd1f289be3cad6f4eed8aff5c37c365af8417765fe282d1a1281334e209d8715f29aad51bd94e6d5823811513a4955a30748581831491734f55ad1773066ed0c90471e009341b9171a020f7f43085046db4c6a8ebe81095911c954b12e27bee2d73227a44df5faa6f1240ff0d3d0ff3902598c44d73ad0d2e511196be82202151ad0b7ed9170a38cb674f0d5b01da7fe18e283238e3aec471c5de3636f6f9b244ad1afeca22abbc705f7263466fc4e4f478f6874cfaddd8af73680934210901371996fe81db1705f90615e6dd275549a76634fceecad8bddb8e3feb498fc75a64d269ccad937814f7ca7cee55b820840c37d0ae723839cd8a09b7640ff2ee71569c598d004bcf6f442a211bbcb10ecb38dfbcb31cae53b8fa97006dbf00a1269e1fea48419be684ddc4d298eb09b02a668c23ad2122cd5f70412b5f255c2eb508623d8b349db278cd2b077236acae880a537af2d32bd55a6dd327d07db124443aa78d88cd43b822769f8539d0f7bbefd68efd7f456d95b30732fba9435f469a9b1fbfd5fee86df157e1af108e345130035c515853d7006dfc11f215ecc67095f840a516b4e2c051a897a8fe0344e08ba8ed24dc42a992bf16c06c43ec923c0e23b9785a67c223af7403a4d0d33bb915f6e47b407e38ef6e9c0bd8786b16ba5433fedbe944113b59678e5d1dc3524271bb016ef413fb39d897b35960b1eca93637d39c49493af6c30ca7c91d888843c92cdf08ef195656ff9f06969260dde308d52d8ef9d983647cd0933f15c1d19063c43647e954d9ac83393cf239fd1af4a74bc7071db75dc6028c1281f0dbf4a1ef370bda6e20fac985f18a16c65b24838b59fcdd292f809b2437e8c274183116c3d8521ded6b4015595a99d46733a9691b198164094883caede698580f4de8a9771f10a142fa905bad46f5091216ed051a34854c5a8c6f68721e1d19e65671dade4abee990fed578516e4dd2cbe08f331e0edb5779bb924401d157bf7980ec85dc33bc8dc5ce04df51f085aa6362f35d0ac2f25354677871bad5db19337a4586abd25c3114cce2d5ad1f35c48414cd04971ec5f02916bfa7ba381a16afc086c19daf2e5ae9441713a63664a10d4e81898ad2c3cd8aba206c5ff5a4ed63b9b6179a6f0a2a6dc4a2314ffb107e8895992c05362df2e58cccfe944da62b47f21d9ef0df2c657945e12b400c338691f3ba76088b9088eaa9e06a1da012a5c38769efcc5b06bff9c7834985bb48567174b957b4e3b29a6f7951d4e32e3d22cf60e3d3df973d2e852c15d34b3f01e78d5b7c9db1e94cabd5d0ad0928d84e774fbec5650f7dbf781f7661b9c64535fd87a77ab60575d837b6d4a707fef0e377a3b39c6f099cfc5a9cd741555b44ccf102c8c78720ebf3928cae3bf627439f963897c4236057144aa72b67e66dccc7f105f9eadb8eec8762e6078d348e44c833c7d8f548bd7443a232d2a97ebe7a945df3320c94e5572788b2bb77c687b9eb458438f7a7706f5e144bc3998ef86bde2d488a741a4b994af37e7efffba8de482e31dae80ae706951216d0c69586579706dd249b43d6c47b65bea44cb427f7d5510f1a4783a2d7948fa23100eff91436a506a17a62b4f9da00897d3bf01a28ea6e2843152d1bfb3babff4915d50e2010671fda558b1f969e5ae5e2e2185f5db102b3820d6bd4bdb3baccc0aa22faa2ef14c2644240cf0c4ae8a7a01185f1bf17aa05b8ce4e8e5793c592f6f9f06288d54aab5d2cb7888af105a320a22f3be39cdc4eeb724ea6418d368d1cf9e94d2c4ca1bd159cee67f5936ed71693d9f48ae6be4777c4b9263dd62861cb7feea2cc178424470c035798cbbd6dc526bb40163a0deeefc7d8d891e4ed56c78ac9b70d644eb87795f27a72b2a27bb4455454c38501a78e011fec97ca5fb05154ad1ade92dc42feef7f29ad06ce38c68880cda06e46d763f638f3051f54a9d5b7f2ea9c98e29f9093c25666a52f39c29d50e5ae01aa6eccb904d1cf2447d53bbe8beb2a977303b17f1a5339fe2128bc37ba12b44b68592d79466a3bfc07a0d71e322492d452f67df815e76546ae64bd3ab7c31d58a29c2c541eabd5bc44b02ae9a7414a15892ecf00733240f1f33ef4cbdd2e9fbb94ab9f30fc4ec5b98621b8f3ed6e4ddb2a37bb792427e2ed63073a2612b19b939c60728aac5c177db2e538c05a2f2a886e55c23dda2f0e758cfd08d37eef8643cb47c0b605a043e36884af2a81f00d173cd6a666e8c4cc34619b82cdb20d56a39ce67cab06599ecd69dde39ab3112cc48b0b82699ffc740ab0574d95d2e1d3126ab53847ace37d5f49a0e23546fb620e6178d408db801a8dd200219c4facc5d22d1b87481421b48ae0f2d35195bcb3db5a24d2d704ae2cb292c6d537575a335e239debcc5620f85c04f1ef51ce01b9cb289cf471401ad5a1babbed8b3629f9e3e36d3df19afd8be4e8df659d23dc09c26f44069f091885e645b1ec1b03c02ba83ddc33ec2c6e7dece13c44c9d9fd3f06cb7f011a5082dd10af6913d1534b2f409eac45274de1ebadba33a15d20c590a055f0b2c359a8a6f01562f6cec21936d49e271410cc31c2c41883e7093607b4c0ff2864784e909159868936de56659cd9562858e50d3a41f2c18e856c0ade4a0850b2835b02fbfd0d947061bd9f3e07eb1c02d04b9fddc29c6c8bd73c38af096746a1b14b9f35bf2abd1ed79d855d357fed5140bcd17d7507d4a98aeb435d01148a94b189b296d45706a53827b66931c572e835e2c3ac688c72f41b824235ed0f9bd83d5af60337c694cb8a602f6e6ff0a28c832d74553a3a5b8073d075c2c2ec73840100580192ab2ebb7cc682c1eda4312c0d1b70d83ccdbb717077f63e579eabef5b5e4f665c9f05ad73fedc9e38976ff8e857849c8ee4b1767755f5f62f72370c945b0eb3388a02776e69204e1e434c7244c17f2f64fba0304c9e000c2ec0035d3797530d23b5f30d5fc427d5b3597c8e5950b7044a277b4f8d143c9430b71111917d0cf027b4f9fba4a82d9661e668d34d2fb72a69bfe2dd40cbdcc9c67640ee40aa7a9e435f99755f561bcef2c4af0767c6ebe31917bf5c39598d8274724693b829719da1e69367674ce8a9f09e0af74fb7d341543e34ea4feb48d32dccc10551c5ef37a728e3b089fe74254847c4d41fda4e636271677700c16b917cd17976856ebd8ed31c3a7d2cb37d4ba4eff80acc15220c9c839e020d0273369d47c9140311c99d8acf9490a8c7c2399730ec87abb18f37c26190f50f320096696124547a38625a3e39a0af01bd8fffea02df750e3f488aa82169780482352a007d9753115dd9f515aaad9c4b506e3ba46c9c47495405c0fa04f247d729c166dc8ec87da8a9d39424e9809f10d06f5bd4cf535638ef6ef8add1e8ab58d56dbe46b7d72ba696d85e2a7f12e99c02e513ae549d64ff0cdc3d626bd3807e956dc09fe1ed038fa6578d3c9fa0e63a8fbf1a6bda9a9f78c563c390737518c3721b32a251508e5252b3c04ee8bea6a7df2940ce39df9150e193a1d413a4caecc29d7d8c9ef9861fbf0ffd9e1f804f04862ea1015a22ba3366dc3286b7b5c55870008e502f84b9848ebc06639328c639b36bb50c102ff40000000000000001901000008000000afdbf49230919e2a1b4b6fe572d1b553e9060870bedb781ee8dac8489ca147f778042dc6d96d0755640eb35d6dcd6300800000000000000010010000ff0100002c12c2e14419ec5da504be79588ca625fffa26646a3c80a0e3c77b0c52d366288d66007e506d68ece1bdbf7a147a29772b049470489138c01833a2bfd15c63d49dabf6f87ac1f13d3a1a1d4fc521a0ff365792344a66b112a0c70465446baa1a4b7df2e0a6723ffc17cec3c100000000c80000000000000084000000f04c000049dae098d1d8031c5ff6274a8efc70f18104bcb8fe6f16d88f410f88190423b96614d0b9229154d7bb9988218a31357edeae3a5048e191a1f1d02411a012c5b26d46157c00044987d78a182968971dd1581c4e61e654afdbe4d9e871046070e0728e42105172865ce3decc0c01d41f07273164f6d60b8cf06e6c7fcb32532d46852f59752dd6ec3e8d9e8b1cdf16a9755bca6381fb0d65751d4e5d68b25f6b6d7f7a924b08cc3e0e4b1a8474a216b3290e1f930000000000800000000000000001000000070000000919d80da36f9d25ac8dc285dd949b3240998e65b79d70adbe7f7770abfe5d7c3706fe8fb38f2230404f5ad404d161d379ff28a18e037dadf8b3546fffe69b2f8cf24d3252b8b7e736d5145c7ff3eaf5f34f036db247667a79c932b61f2478847345464172d2808f242c4e0000000000580000000000000002010000ff0700008dec8b633a64957ac847dadf766b0477894f18e32e28f1d83bc527ce9792715281ef8f33f1547cad354c3517e66735897e278efb8ab003bf4acd4f08416d7f42e9336b8a4c2c41b65800000000000000020100000400000086e946f56d88b1354c78dfce1a1adc670979a129d4466da019a965c83646a39ae9a0774cfd395c4490fd0ca995ddbbed3f10c49e048b7c12d58ea22c076d40bfe66300000000000078000000000000000101000006000000077d5082195a256e52d6c8165b33d54ddafeddd9d04158b4c4ebba213cc578e73f3547303b76bf3f415201b7417a34f46269a63b5eb3d3c06d4e87114ab2c747cce12e123a6a84a4102bab0e27f2c23e0eab3b1825bf2b30e016b6be8e6396069372800000000000e1d6d476e0169ea03ec85d2e13f60a7f3d3979aacc7870a8782a432b850bee2a199f0ba9a63db61ba31f33f894001e3d9a391cc36d87b51d1227a1d33e0b2624d54dcbe7529554f9e5aee70ab1e377b96b060d9a77e7b9bff54a1b1e25ee"], 0x1340}, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae58e99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472ad529cefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc979ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa09acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b183940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x8, &(0x7f0000000000)={0x8000000}, 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0xff25}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="11000000040000000400000001"], 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xe, 0x0, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0x800, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001200)='syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r3, &(0x7f0000001240)='tasks\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22401, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x9}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x2c, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000001c0)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r1, &(0x7f0000000200)}, 0x20)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
sendmsg$kcm(r6, &(0x7f00000011c0)={&(0x7f0000000180)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x80, &(0x7f0000001140)=[{&(0x7f0000000d40)="5fafbb69bb8f956b298e5c4dbcbd1d162528c4b2d0204fc4548cb2c2fe5a80b65cb3791d162dd97d2a7c0561692d49f058f6af930427528a72282f6dfacfe622f0dea4bdf4b7c20e4f92237eeeec7e29ed23af5825e2e196d587cb34e6617916985bb58d5ea1468ab94f1512c2310bc0fe5c3837239412a0ab4342d3c1467f4b3048cc0aad59e0358066898a13a158d8fb3da7442a4f007e7e1f09cfe8d5676f0a90a41bbbcd964f2f", 0xa9}, {&(0x7f0000001280)="d6e8c55b5f2f4320ffb6f64a3de8ccfdfb245736d254b59c5eb662d1", 0x1c}, {&(0x7f0000000e00)="d2061cf17e347f7270f5e3c63a8def79bbda239b65d5e8ee354197032594ce2ff63e43847ca135ad9999ccb30364858e0a3a29cabb5db43574a717fa2f9aef0858c77772d9845e8d953afce74a3015497e8a823604555b70f4ee46df8e05a68e6a03798f7418c65ab47cca0199ea780417ab1bf490bd3a25c1ce6facf79a9ed33d94ec9225319c19bde2b4e2f2ee6548e20d518285bd5fa474d4e4660c751e86fe130ebaafe2bdbe8ef7dce527608ec5f52961d14a885b8b4b2e2d1450d925ee0e4c31eef775737351169c83fad58b0f2fc7cabdfbf82f363c45488c9bb89be377569ef37997ac63e226e2f16b9dfb2f19b12ae1ab094739", 0xf8}, {&(0x7f0000000f00)="7061514b8244e4b4e34d81ed73db8b3fb91c240bd5824477e1a5a8511ac5e6c35d26f98f8846e1ddafea20bd39317e648695cf9a2ecc103b038ca07fae7a49ed9d121d2c353a83a3e10595920972354e10abbaccdc7ae47e76aba8596ad0e5288c9d67a75f6f0d46c240389d5df73375d72242e80f424c", 0x77}, {&(0x7f0000000f80)="e1f179c388319a2ba9c3d0a60103702c74afc8e1958eb6c536dd0a18da2096f2d5ec05d44c77200c814bb3059f2b68a8ae8112749424a8ba9928e1845993c417635cdbd5bcd0590fa466ef2f2372512a4137ee907381b8", 0x57}, {&(0x7f0000001000)="92e8de3254dfd61a31", 0x9}, {&(0x7f0000001040)="aad38cf80afe1c46f4ab1fa8875b1f26df612284cfc9d8d0b58bd44c39c2846d6caabab30ef24abdebdf07427f5c8916171ba5931e448a640014954ef821346b753a83ad95e9249d50dde250964414e742db45025f711b484cb97ac4d8f4fe15b3b6dc97b604b4d59662bbe39fad304038dafaea29305edbd9b4594a2f6828981fdea2b39ee396d5fcaa2a1ac960b3ab631a8de0633a93a8ab972927d29f8e379a6cf171df4d85d1d0b48d8e8b138f3b35ffb138cd0bd0ccbfcee1a92370f990be50b53e35d2904cfa1a50628140d134c15021cac93d87d5", 0xd8}], 0x7, &(0x7f0000003380)=[{0x100, 0x1, 0xa8, "e808dcddbd11579fbd694388a97d9b4a17020f6566f8bcff1f7852254c4626d57058857befd7131ceccb9838d5da17509fccb10bc41c5c408533557fa882e2d8927f984993da309e6a95cd3880a837531c08733b938ead8a9d66f14194a26a76795c7688089f0fbdb8664ac593dd5db4e198490c188cdb8da182fb772879b5100ec1e366a0aaf5d8a324a1a289257d2e0e02000000a2cd25baa7e1b444ea7835e35b787ba5fc45e0b02411d25caa152644174293cc546358510315cc6a06203eef88895d70343b09d4012c4e532ce67351aeb1d15460ea1b59be093b781d92b91a5006f8a274bb3266695ed228f881"}, {0xd8, 0x10e, 0x4, "779296f597716adf381040eace5780c8b63ae91306594f7f9fbb4477be2d488e4bb6e5af2f2f6421476b632d7281c4248a3cf94d97a017f5a5679e10df9807614b8fe4ecdb7942b8487a331e38b180e940cd7d612cdb769ca9e2f424689600f77a393328afccaaa54749aa292370a9e7678bf342cf92faa4a88db8f19474ab026c02a47f46f25285c59a96309fa12b6c439a3b03bffefb251a7688e2295261ba3cbd481c52da745d67e91670043efbb08b44c1b873e500"/197}, {0x1018, 0x10c, 0x8, "f280625a80ab555df5928af49767ed175f0987418c64fc0d902d575766b7cba901bc24f3c51fec1954d4e93a153907493d5517d12d88662b9f8f5244f1dee7de2bbc754ff04db122bd3d1ce612cc795f085bbbcd802fe2408f2d01a5e211fe886776bef0b108c5ce78596a10d5bd399a4cd464204b5e892521e29d411e09079aee6502f56e4186b38ff4c296584b8d1b17ae29634f72764c99a91ff3253397a1f410462ac47f79879f067b07536a3b02e2b1c3fae4adb4acb0a3e62221a795492b41fa52f1f550d42268cc8c95b300c4c81de7e2997059987c0ef0b53036c2824c0129cae4055de3290acf3f960110d3bcacf752182d8db11b70d7ddfe202efedcbeaf3731cf5bdec649aaab138c67e1cbcfdd163c19f56276816e17961a62643fd9bf97504e4862ec372c2e47e6087db5b223538a46bf960f2c770ddbb7c22dc66b64fc1455e308f8c44afa25a622d257619fd0c86bf2ad689dee41f8e42923742fa0d31013fb36a3e87e05baaf7b04a8a56547790e79f909822e6b3d23116581bf2612d21db3ea0f3d3b5c4b5982242ca78052fb66e4fa6fc25b2bf42a74869c5286adad65dbd1afb0549686bc282f125ef07f3a056948de209f04413d7e425b323163b5282573daf93132d80657c579906241be5423c256e78d56c98f00e5b0a396299be2eb8cb6b5bf709f70033fe479dd9f668ee7520791a0d037103b44fb6b78a2f85f7638db3f72062023ff28d25a3f4c028a02ec9736f292129f7fa9b05dc981bfc9d2e7f7eb2d708499bfe1ab312b445ceae478018e639872e1220b3db4ad496d00cfa1bf618d314a98ffdf728824d7e16a138ca3e61f701641dd1552b9bc207c1dc9e740f29286a8e5fc892cfb712c370c218c64fb3fe4bc86587dc1cd992b666528cdcdf2bc43a5456c4ebb9890539b3848527a62812d3b3337aee0a2f770a0ac89a2378ba96df86d8a7de2582006dc8fa56afeb15636a885448fa5d14fa187ffd3e1a1493174c27bd8ca17c0527cc13f4d4655783b4f3cdfa1462b7b85d0834408b3b6187de5a257aa1893da06e69c122e8436d6a8e4a33712f8502aa3a11ee01687588399f43b73121ef5bf665c4fac0c27dbc16193aeb56c2b6accac3142525e245564c38845136348c6983f63f219624ef5e7a05da6461b0ce2d4fc104abace0d83d1cef99a82b5deb83407c676fbb2ea12963e8c527896dc9e21bf55a63d49d9d54d9232fd7d23a9e42fd0f83a71804069ae0a28a00a4a3b62eb93c17b7f6f0ec3902986cbc4030e2fe520237126fb37f9440097fb677232b91f95a5a87e404117c45ca7d35e058f107f72bfdc925af14026cca1522291ffac822b301ad8c649527cb611e5248aed350b18c8b001f8dc63d0b46e98d3e159893dd3249a75295d8391d486a8be04ceeeabce8136683e77751144711017dd466a1987b44b78e3de358b6c2fa0cc66255641a9dea68728f4a8f888db32b9b66e5026221c84741fe6200df43a9a057be5bbcc0e6a856514b40be2ba8c1746f814ec5dc1db45dda51804b55840cea986ff85bf74639f310dd69f24a20609d5c6b04a31d7ff26ed348d2a849c5fb052a16936de6dc1e0a82ae10fc8dfa5d17d27d406aeb190c20c59772b961e8ec160ecf56d8e30f0ac5ff8719c27289c68edd040c3dd2e8e2341c8bb9887764a30fa47e4baddf6770fbc0ae328363573e9b1735749cca0eedda67a9ae4d3ac75874eabbefb1daf633d3b642a44926173973ea14bbace367f2dd8cec6cf201459b304219cf21a906e5ce2c7a3bf05be0fb9e06de470e51c6e2dc00b76031f7f3cdf9b94bf9f8b206443f1e2e18f8bc115b4e55b0bf6a5e331de7969ca3dd96d4a560a83cd2ea3a3e45bd2bb755e5b5c301a3b4ba661419d92af8d18cbcd89c85de4c15e8beff3435eed7462dceead9afc77e1a1d72a29619343b5b966593818dd791cf3bc70b08e27ac32140f4f8c174a141c7d0b35e30faf143ecd7f45d25025b835c6ee6c4512a4a9245b4f5eccf4c5d5dd6ccfca699f7baa7a6d7b426a20c31e1dcc8875caa3a48ad52bda51d714c9c3c7d7e6057a339cb45995e031ba6932f10c5a58871ac5da605de6e449eefb4c80d28a0eaa8ede2ae3ac4928ba6e182c379b4cd030dbf1a8a62910c80bd0b80fc12637dbbc87bf39ec9d24de681cac926ebf707d64e2a5f90188b14b9cd0c0d25f719a4042cabb3a3c0a3a355e459ca7393ed390160f6e9332d656cd9af247051e38630d0a01c83d5a842f3f0633e205ee1e0939522fc2d4fbed058edd11fbd974c108c9a577a88fd6d15298675bdc3ac8de06f818d307071a6caa615fe1134a972f8a44e393cc139bcc19351c43c7b250900239d8444d941529f3d962005f686bb04ab34b2e2158814f3d5f05b70dc36f5cddf28f3ecd3facb8500c9fe4702a98e5ce16ba4ccac992be63565eee36c41b64300dc4733c1345de3aa5a810603bb018e0600739aa87e7bad4127b677dbdac6cc7f89dda7e8b8adb1de54fe30a811a08db0fad5e6a15e96ee4a850811be809090bf1b9b2fecff5f7814c159d8f9544e117b94904d1829f7c23951e484548210a2f955ef12ef975a1347fc7bfb834e5da898e5f4d8f9c6c019c25eeaf4cfb0a40d555279b6f25202128ef44c5439ce65b037a1f6e9ef094066408ad5c4eda740981a754c6dbec81b9b2e2232970902024e9fc9efb05e5818436e83bcc2c6a551bfcb8e7867828e5574177917973e1ee9c36647b75d6fd222ef4c0622a5d442ac93c3aa68f8d0fcce42c2c0c9fb384a41133081bf0d110f5661eaa44b8c2e9468ca13fc7487376fca6ceb2e276394be1997066f0d3235052125e7f78f935187076064ca619dd54ac430933df6f2d539b193b92623d552905f757605070a7289fe69151da5003f4eb15483680644bdeb0e0ef116ced4fb3288bd7b2077fd081a19e3a9ed30fdf31e086606c841a95c51aab19d9233d1b11a6bfc9efede0ecf0cf31aaba6950f535c57cc9a7f6a6be0e22411c91dde6d45bc24400900bf057b15b56d9675cc567a078455101d86e2ead4b0e4ac3720f0018f6bcee1127c0d0aacff3b5000b0d8e37bcd752d1da83d24ba2b82807b9b0c4d2ac149648aa737e6200f8d688943d49d1eb27bcd1d15d04d2053392e2b14f1f63e01f7c9387e9da7c62aa094bdb23f8ec7c9fc87e8c58035919d0d184d2935b0f4215dcebf5a92889dce4d348aa3e68387a45ebc080d862a0c8bb29527bc8715fa3eaa20eeaec329caf790bcad02f7c02e15603f645c09a400e6efd4b9ea41a95b24e6ba724b7296643e0eeb384a8009592633080c367ba809982ff41d77e97c6ebb599dbe701d84232e2a3b6b4a2c8a5edc3a519d3f76107f8ab415819d466dea3a9251929118fc7172d33d544dcb6ca524391152e9b869b937210226b2d48071c9cdb70491eb750b77ba4a8b4a10976b92b3bb6d1e0f4b5845982144d9aa9fb3859fd4080267edc8b770e4fa228d5e4f4d503da0dee1065bd0372f6f7322dddd84f306a2e203878dc87dae6a88d3ba01d9301a0bcf879faa04ca7a846e0097971b387034ab8c258751689b90b4bbb4066848d6d64688b162512484ebe813b8a666f064eebde1c8c6a04f5d0e208d73e43cf16afad9e71d6ade28127baa23f7169000048af07aae1ccafadc493121b173c81004d1d5d030a00b346de87a8f953a8f0e3a979f9802bf7a0cfa65bb5d24309f5e8784b0155735c6d7406f40acbce9d4424f58a7a2001ee89fc1ca81dc851f4ebe0a57e74f03fa8063e9fc2938fdf552af69995fe1c273acd11e3324a5f288e7d08608bdfe4d1fbd154c8e5d0b2af36831a2896bed0c4e72f13eb6443d06e770201f3e63e35a11da808ec3677849729f4660fcb659f6cbb966bcebb5fd2a6232a5009d95dcd8487264a4df6a9a5315c0ca429608da248ee564cb3b6d518c650c38561861d0465119d1d4369cf1d6857fdcc38e1e3ca8c0ffc9bdc8b075326b22340d8abefb022bffde6a61f016cb75ec0639e98871bd381b72d5d4ab38fbc11317e8ca1b261c4b29d348058ef215d2c196cf6f746e7dfeed3fcf11defe0749893b16381db9a48e620f34a6ecd14752dac04d3647d9d04ed67374535700cad24a03b69b625ba2e6febd59ac1c3b37ba05f92045da7db342097bac348c329214286aab9014f7fb6aa3a0ee862c9114add2758dc62632216b49f88086aad76a073db9dee1ff7c5c96f29872dc0cb2273189c1b2b0576064cce507d4cc8ed42d7dbbb0a94aa510033dfcbb9d6fc0367ef42ff9a9a2890ad85ff2bceffee00205f5c97c2760a554227a2706a9a4e5fd051204e04058805f990dc1fedc06c3eb4113e59d8d926f148889081f2930fb9e52b76e38d6ff8e3678da99ae38f335aa2894a60601f971282bb202860743e542c00709835c945630bd7da3b5740cb133088e2b986d15f825d0cf23621ba72597a47e39fe29c419d68044ddbf1d553450b5845445cb271d6544be66e8ef2e874e276ae25e9eb71610687de1cb069acdcdaeffca1adb06161b2dbe76776426b4216d112263023b2827a765679e0699e340c1b40c69fa4ddb7d77e8329a57c12367c14e597d127683ff8b4536c45304a881c165ff84299a0f6b5af530df040e058cc9801d2559f93c7793b00f0afeb215b2cf56c4b5f257a0c62a95653f4b4d0a1af56e377c05834db192a56b55ccfdd1ece48532142eb44bda61738e50c2338f0d6dd06a468a33ec65d041ffb4fadf3e2600855c6ed67ccc567efb3f4e8da38d98cfe96ee8ac1ad3a5b70116ddb1649561b7dc4f5fabbe649c81c74f87fc010e97c8586aef168b52a0e6c098e13adc1c67f2d6b24778d8cf2bf2701348210d7bffc6a19a8e2f5398ca9d60214ccd9a57731f3a72db28a9ed325b925139d0858ce3a07086997a4f64840a0aee45893314cb6af65c489b1ff4dca60974ac44e36b2aa3ac8449904227bbbc4e6bb6edbed1fe4a0b52101874c226d689f290706f3fd04bd76f2fda0417c2ad5460ed03803097a0f1eab8c56ee137d23750fd912b433a50a1cc527c1899c221649de5c5e62474222328065df50f9a58953dde21c9a0091e7e46f4d47614b0a7568b532d4117ac7b299103913f43ff93cd0d9d14bb15ad1a308f06115f77a4a671b82f4d6da5938e99658659417ef61fde17c0729751aa73bcbc8fb83c1e0d9a552903c61b9ebfec4fbbade5e881859feb29eedfb212267a7f1f610f9936f71f47f69c2e5c4b66b794947cb79c87a07bc48cafe62890a2dd277a28cddf7f7eea9aafff57c53681c89571cc18f3af727545533d7d09ecbecac94994e4761cb4f6751183c881f1794420bef7f24f60bda77c6a23374ae5750cf9593c69e0c72e853aa4c845092b4a3ceed015e24a25f01f357113cbc503b7a1adb8c354fce3fd8698ad39d55787747c14ee6d0bb690579601ba63fef5a6f95de5b27ba03a8ce1f49aef8f5990e2da5b716f0e02709ee3d17fa5d8258f6132cdd12c984eeb0cdda6e7bf92d80c5f3a7de4f3dee6716db215923a1bb0f36c5788aaf1c6056b099703119b8b33d4be5474462fb5d0db3404168f8118b4885f1dbd5a2015f4701c7deb702d29a3da81405c7b047bdfd606035d9e3335eaabffc8ff778df35553b75b4622d5a37da79d361484f3b988799de41b7c61ff8743c6352980eddcbb3f7f02135c05fc1eb7d60916cd9ffbdc6d4edbe0f8f534dbf99f6d690ad249862193097844dc9b7ff4e54ce81c33dc17829aa460d0ccf5f2258eb"}], 0x11f0}, 0x404c000)
r7 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="2703025701f328000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000003c21880b", 0xfdef}], 0x1}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r5, 0x58, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0}}, 0x10)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETTXFILTER(r9, 0x400454d1, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000280)=""/176, 0xb0}], 0x1, &(0x7f0000000480)}, 0x10000)
bpf$MAP_CREATE(0x0, &(0x7f0000001340)=@bloom_filter={0x1e, 0xee, 0x8, 0x10001, 0x910, 0x1, 0x8, '\x00', r8, r6, 0x5, 0x2, 0x0, 0x4}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001600)=@bpf_lsm={0x1d, 0xb, &(0x7f00000013c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x563f, 0x0, 0x0, 0x0, 0x4}, [@alu={0x4, 0x1, 0x7, 0xa, 0x5, 0x0, 0x10}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000001440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x1, '\x00', r8, 0x1b, r3, 0x8, &(0x7f0000001480)={0x0, 0x2}, 0x8, 0x10, &(0x7f00000014c0)={0x0, 0x10, 0x1c0, 0x1}, 0x10, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000001500)=[r6, r1], &(0x7f0000001540)=[{0x5, 0x1, 0xf, 0x4}, {0x4, 0x1, 0xe, 0x4}, {0x4, 0x3, 0x1, 0x1}, {0x2, 0x1, 0x8, 0x4}, {0x3, 0x3, 0xf, 0xc}, {0x5, 0x2, 0xe, 0x8}, {0x0, 0x4, 0x0, 0x2}, {0x2, 0x3, 0xb, 0xa}, {0x2, 0x2, 0x1, 0x8}, {0x4, 0x1, 0x3, 0xc}], 0x10, 0xae9}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000014000000140000000b00000000000000010000060400000008000000000000000000000000000061611400"], 0x0, 0x37}, 0x20)

2.892667892s ago: executing program 3 (id=1227):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="0d00000000ff"})

2.608475366s ago: executing program 3 (id=1228):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x4008744b, &(0x7f0000000180))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x82042, 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[], 0x58}, 0x20004014)
setsockopt$sock_attach_bpf(r3, 0x6, 0x12, &(0x7f0000000200)=r4, 0x4)
close(r0)
socket$kcm(0x2b, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'macsec0\x00', @random})

2.522353677s ago: executing program 0 (id=1229):
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x5, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000001c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}})

2.490867825s ago: executing program 1 (id=22):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xe}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x5, 0x5, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x2400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

2.462058164s ago: executing program 4 (id=1230):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000200"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000000440100"], 0x48)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890b, &(0x7f0000000100))

385.241245ms ago: executing program 0 (id=1231):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x8, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c00}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000600)='GPL\x00', 0x6, 0x66, &(0x7f00000006c0)=""/102, 0x41100, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)

384.118717ms ago: executing program 2 (id=1232):
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000200)=""/166}, 0x20)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x5, 0x4, 0x9, 0x8}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r2}, 0x10)

382.455079ms ago: executing program 3 (id=1233):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x40002002)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d8000000180081034e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a8000100fec0ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000009fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a25ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca39", 0xbd}], 0x1}, 0x20040000)
socket$kcm(0x2c, 0x3, 0x0)

381.948136ms ago: executing program 4 (id=1234):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x8, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c00}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000600)='GPL\x00', 0x6, 0x66, &(0x7f00000006c0)=""/102, 0x41100, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94) (fail_nth: 1)

51.39374ms ago: executing program 0 (id=1235):
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000740)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0xb}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000f40)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x3, 0x8081, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_config_ext={0x27, 0x3}, 0x14905, 0x32, 0xfffffbff, 0x3, 0x2, 0x800, 0xfffa, 0x0, 0xffff8000, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x7, 0x80, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000020000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r1 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x42, &(0x7f0000000040), 0xcf)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, @perf_bp={0x0, 0x8}, 0x390, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0, 0x20}, 0x30004001)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000800000850000007d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000ec0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0600000010000000", @ANYRES32, @ANYBLOB="b8b189b06d67578aed5757ebc9f1550f3b20997ab4ae4e3d173ac7971ea0e427866121f848a1e40b06901736bbc195088af3f57b2a100af43204", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
r8 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000002600)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c000140060404000b0400009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x41, &(0x7f0000000100)=r5, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x14, 0x4, 0x4, 0x2}, 0x48)
setsockopt$sock_attach_bpf(r3, 0x1, 0x25, &(0x7f0000000100)=r2, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000e80)={&(0x7f0000000080)="a619a6c2e4d8bc565a99813434d66e655c09b6844a60cc8c192327595e93c7e1fe4499ce07dd7112f49a49b58072dc18e210f850423619c0ebf8fb5bddd3e56ff6587a354d77bd8ca35f39a8eb2d9fdf078d5b4a662c0df12dc2077717efac01a3a22e1de5d2da5a4d2c18ce822032fa1bdf85051a91de2cce1033c4f81f959044a907ad207ca6bac512fa6c828b5a9a9bae7a0aa6cba6aadd7ba5bfe72d733e5831f25dfb68e6704fe1082dde7116616ed262167e97e9531cccf237fa4b1206fa22440df02fb174788449900b44df78d83dcf83d70f72d92ab64cf41d3cfee0d20080f101ea5d509ecd9a7029d9df4bef1ea297", &(0x7f0000000c40)=""/113, &(0x7f0000000cc0)="65e84c03db615be695cb5c57648921f63e4ca18bf303ab5ff91cedd3c9b65cbefda80566c4c783115b3ad9ff95cb0bf3095a288e2d25e52871d57effc2a798be4a9da2d57b690c87766d42d7682d86b6674f7be53114e068fff0b91ef190fe44b6fd04bac6a8e1cf3f740674669b21fb6e20765687080edc7dfdc3ac18b438aa890a9905be4632be035d64d9fb3c2ebe6ad137459da03f75c536874f322e567375ada0718c96f257b00d654a9d2ad062f7d0d5ac7b7e3a2b29c2c48e7c0180461031bdbf4029318c77b1daaca4b593b5af59dc96c0cfb025bf468dcf166a7a0dd37b6224dbfa53f7f12dcb0894501b92dc31bbf9f8e2c6", &(0x7f0000000dc0)="7c9a4f3d41311d7b54c0dcbc43a4b4c929c2e9f3ed1c538276f3b7c6ea1d4ade66d423f6f203880181286c09c0c465e832951e6db08bc7e52f18b0fcd2170926e5fd8cc72512c76694db5f5970e6a7144ea86acff01f744b4af6dcafe0fce83df7a3fcbb38b16ad6ae90d9d72e872be3c875754c298079ebd3731f23b1975389d4d201", 0x2, r2, 0x4}, 0x38)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/ipc\x00')
unlink(&(0x7f0000000040)='./file0\x00')
syz_clone(0xa49a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)

0s ago: executing program 4 (id=1236):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x5}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80208, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xf}, 0x10000, 0x0, 0x8, 0x9, 0x0, 0xfffffffe, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)

kernel console output (not intermixed with test programs):

ing new IBSS network, BSSID 50:50:50:50:50:50
[  104.037014][ T6359] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  104.096695][ T6364] netlink: 'syz.0.117': attribute type 9 has an invalid length.
[  104.141623][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.182675][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.759720][ T6378] FAULT_INJECTION: forcing a failure.
[  104.759720][ T6378] name failslab, interval 1, probability 0, space 0, times 0
[  104.805610][ T6378] CPU: 1 UID: 0 PID: 6378 Comm: syz.0.120 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  104.805635][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.805645][ T6378] Call Trace:
[  104.805652][ T6378]  <TASK>
[  104.805660][ T6378]  dump_stack_lvl+0x189/0x250
[  104.805690][ T6378]  ? __pfx____ratelimit+0x10/0x10
[  104.805708][ T6378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.805732][ T6378]  ? __pfx__printk+0x10/0x10
[  104.805754][ T6378]  ? __pfx___might_resched+0x10/0x10
[  104.805778][ T6378]  ? fs_reclaim_acquire+0x7d/0x100
[  104.805806][ T6378]  should_fail_ex+0x414/0x560
[  104.805835][ T6378]  should_failslab+0xa8/0x100
[  104.805856][ T6378]  kmem_cache_alloc_noprof+0x73/0x3c0
[  104.805874][ T6378]  ? sk_prot_alloc+0x57/0x220
[  104.805900][ T6378]  sk_prot_alloc+0x57/0x220
[  104.805934][ T6378]  ? sk_alloc+0x24/0x370
[  104.805957][ T6378]  sk_alloc+0x3a/0x370
[  104.805982][ T6378]  inet6_create+0x7fd/0x12a0
[  104.805999][ T6378]  ? inet6_create+0x71/0x12a0
[  104.806025][ T6378]  __sock_create+0x4b0/0x9f0
[  104.806053][ T6378]  mptcp_subflow_create_socket+0xfd/0xb40
[  104.806077][ T6378]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  104.806106][ T6378]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  104.806124][ T6378]  ? perf_trace_preemptirq_template+0xa3/0x340
[  104.806145][ T6378]  ? __local_bh_enable_ip+0x12d/0x1c0
[  104.806169][ T6378]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  104.806195][ T6378]  __mptcp_nmpc_sk+0x148/0x750
[  104.806229][ T6378]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  104.806246][ T6378]  ? __local_bh_enable_ip+0x12d/0x1c0
[  104.806269][ T6378]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.806287][ T6378]  ? __local_bh_enable_ip+0x12d/0x1c0
[  104.806319][ T6378]  mptcp_sendmsg_fastopen+0xd4/0x580
[  104.806347][ T6378]  mptcp_sendmsg+0x176c/0x1970
[  104.806365][ T6378]  ? __pfx___might_resched+0x10/0x10
[  104.806387][ T6378]  ? __lock_acquire+0xab9/0xd20
[  104.806426][ T6378]  ? aa_sk_perm+0x81e/0x950
[  104.806448][ T6378]  ? is_bpf_text_address+0x26/0x2b0
[  104.806474][ T6378]  ? __pfx_aa_sk_perm+0x10/0x10
[  104.806494][ T6378]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  104.806521][ T6378]  ? inet6_sendmsg+0x101/0x120
[  104.806542][ T6378]  __sock_sendmsg+0xe5/0x270
[  104.806562][ T6378]  ____sys_sendmsg+0x505/0x830
[  104.806591][ T6378]  ? __pfx_____sys_sendmsg+0x10/0x10
[  104.806623][ T6378]  ? import_iovec+0x74/0xa0
[  104.806646][ T6378]  ___sys_sendmsg+0x21f/0x2a0
[  104.806671][ T6378]  ? __pfx____sys_sendmsg+0x10/0x10
[  104.806732][ T6378]  ? __fget_files+0x2a/0x420
[  104.806751][ T6378]  ? __fget_files+0x3a0/0x420
[  104.806783][ T6378]  __x64_sys_sendmsg+0x19b/0x260
[  104.806803][ T6378]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  104.806827][ T6378]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  104.806847][ T6378]  ? perf_trace_preemptirq_template+0xa3/0x340
[  104.806878][ T6378]  ? __pfx_ksys_write+0x10/0x10
[  104.806894][ T6378]  ? rcu_is_watching+0x15/0xb0
[  104.806924][ T6378]  ? do_syscall_64+0xbe/0x3b0
[  104.806945][ T6378]  do_syscall_64+0xfa/0x3b0
[  104.806961][ T6378]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.806977][ T6378]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.806994][ T6378]  ? clear_bhb_loop+0x60/0xb0
[  104.807012][ T6378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.807027][ T6378] RIP: 0033:0x7efd3378e929
[  104.807043][ T6378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.807056][ T6378] RSP: 002b:00007efd346c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.807075][ T6378] RAX: ffffffffffffffda RBX: 00007efd339b5fa0 RCX: 00007efd3378e929
[  104.807087][ T6378] RDX: e07e872420dfefca RSI: 0000200000000780 RDI: 0000000000000003
[  104.807098][ T6378] RBP: 00007efd346c1090 R08: 0000000000000000 R09: 0000000000000000
[  104.807107][ T6378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.807117][ T6378] R13: 0000000000000000 R14: 00007efd339b5fa0 R15: 00007ffc1d2e7668
[  104.807144][ T6378]  </TASK>
[  105.531983][ T6380] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.121'.
[  105.642631][ T6386] delete_channel: no stack
[  105.970776][ T2986] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.321789][ T6401] sctp: [Deprecated]: syz.0.125 (pid 6401) Use of struct sctp_assoc_value in delayed_ack socket option.
[  106.321789][ T6401] Use struct sctp_sack_info instead
[  106.326826][ T2986] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.796572][ T2986] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.226510][ T2986] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.885846][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  107.897893][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  107.910865][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  107.920058][ T2986] bridge_slave_1: left allmulticast mode
[  107.933845][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  107.946121][ T2986] bridge_slave_1: left promiscuous mode
[  107.951989][ T2986] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.982244][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  108.043061][ T2986] bridge_slave_0: left allmulticast mode
[  108.048758][ T2986] bridge_slave_0: left promiscuous mode
[  108.099310][ T2986] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.509781][ T6450] netlink: 'syz.0.139': attribute type 9 has an invalid length.
[  108.520668][ T6449] netlink: 'syz.4.138': attribute type 21 has an invalid length.
[  108.559444][ T6449] IPv6: Can't replace route, no match found
[  109.549310][ T6471] netlink: 168 bytes leftover after parsing attributes in process `syz.3.143'.
[  109.922360][ T2986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.968835][ T2986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  110.013901][ T5832] Bluetooth: hci4: command tx timeout
[  110.032153][ T2986] bond0 (unregistering): Released all slaves
[  110.522091][ T5832] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  110.780459][ T6499] netlink: 'syz.0.150': attribute type 1 has an invalid length.
[  110.801101][ T6499] netlink: 157116 bytes leftover after parsing attributes in process `syz.0.150'.
[  111.114089][ T6502] netlink: 168 bytes leftover after parsing attributes in process `syz.4.149'.
[  111.374602][ T5832] Bluetooth: hci1: Unable to find connection for big 0x00
[  112.054756][ T2986] hsr_slave_0: left promiscuous mode
[  112.093290][ T5832] Bluetooth: hci4: command tx timeout
[  112.120235][ T2986] hsr_slave_1: left promiscuous mode
[  112.162366][ T2986] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.211918][ T2986] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.311918][ T2986] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  112.326676][ T2986] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.419592][ T2986] veth1_macvtap: left promiscuous mode
[  112.429046][ T2986] veth0_macvtap: left promiscuous mode
[  112.434910][ T2986] veth1_vlan: left promiscuous mode
[  112.440279][ T2986] veth0_vlan: left promiscuous mode
[  112.751147][ T6546] FAULT_INJECTION: forcing a failure.
[  112.751147][ T6546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  112.798546][ T6546] CPU: 1 UID: 0 PID: 6546 Comm: syz.0.160 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  112.798571][ T6546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  112.798581][ T6546] Call Trace:
[  112.798588][ T6546]  <TASK>
[  112.798596][ T6546]  dump_stack_lvl+0x189/0x250
[  112.798627][ T6546]  ? __pfx____ratelimit+0x10/0x10
[  112.798645][ T6546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.798669][ T6546]  ? __pfx__printk+0x10/0x10
[  112.798689][ T6546]  ? __might_fault+0xb0/0x130
[  112.798719][ T6546]  should_fail_ex+0x414/0x560
[  112.798748][ T6546]  _copy_from_user+0x2d/0xb0
[  112.798768][ T6546]  generic_map_update_batch+0x572/0x7f0
[  112.798800][ T6546]  ? __pfx_generic_map_update_batch+0x10/0x10
[  112.798819][ T6546]  ? __fget_files+0x2a/0x420
[  112.798846][ T6546]  ? __pfx_generic_map_update_batch+0x10/0x10
[  112.798864][ T6546]  bpf_map_do_batch+0x369/0x5f0
[  112.798893][ T6546]  __sys_bpf+0x384/0x860
[  112.798917][ T6546]  ? __pfx___sys_bpf+0x10/0x10
[  112.798936][ T6546]  ? sched_clock_cpu+0x74/0x430
[  112.798974][ T6546]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  112.799009][ T6546]  __x64_sys_bpf+0x7c/0x90
[  112.799029][ T6546]  do_syscall_64+0xfa/0x3b0
[  112.799049][ T6546]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.799065][ T6546]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  112.799082][ T6546]  ? clear_bhb_loop+0x60/0xb0
[  112.799103][ T6546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.799120][ T6546] RIP: 0033:0x7efd3378e929
[  112.799135][ T6546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.799149][ T6546] RSP: 002b:00007efd346a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  112.799168][ T6546] RAX: ffffffffffffffda RBX: 00007efd339b6080 RCX: 00007efd3378e929
[  112.799181][ T6546] RDX: 0000000000000038 RSI: 00002000000002c0 RDI: 000000000000001a
[  112.799192][ T6546] RBP: 00007efd346a0090 R08: 0000000000000000 R09: 0000000000000000
[  112.799202][ T6546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  112.799212][ T6546] R13: 0000000000000000 R14: 00007efd339b6080 R15: 00007ffc1d2e7668
[  112.799240][ T6546]  </TASK>
[  113.909785][ T6560] netlink: 'syz.3.163': attribute type 10 has an invalid length.
[  114.137529][ T2986] team0 (unregistering): Port device team_slave_1 removed
[  114.173985][ T5832] Bluetooth: hci4: command tx timeout
[  114.190437][ T2986] team0 (unregistering): Port device team_slave_0 removed
[  114.431216][ T6554] delete_channel: no stack
[  114.875829][ T6560] team0: Device ip6_vti0 is of different type
[  115.167477][ T6575] netlink: 'syz.3.169': attribute type 9 has an invalid length.
[  115.366422][ T6430] chnl_net:caif_netlink_parms(): no params data found
[  115.783924][ T6608] FAULT_INJECTION: forcing a failure.
[  115.783924][ T6608] name failslab, interval 1, probability 0, space 0, times 0
[  115.802821][ T6608] CPU: 0 UID: 0 PID: 6608 Comm: syz.2.174 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  115.802847][ T6608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  115.802856][ T6608] Call Trace:
[  115.802864][ T6608]  <TASK>
[  115.802872][ T6608]  dump_stack_lvl+0x189/0x250
[  115.802901][ T6608]  ? __pfx____ratelimit+0x10/0x10
[  115.802917][ T6608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.802940][ T6608]  ? __pfx__printk+0x10/0x10
[  115.802964][ T6608]  ? __pfx___might_resched+0x10/0x10
[  115.803001][ T6608]  should_fail_ex+0x414/0x560
[  115.803030][ T6608]  should_failslab+0xa8/0x100
[  115.803052][ T6608]  __kmalloc_noprof+0xcb/0x4f0
[  115.803070][ T6608]  ? security_sk_alloc+0x52/0x390
[  115.803093][ T6608]  security_sk_alloc+0x52/0x390
[  115.803115][ T6608]  sk_prot_alloc+0x101/0x220
[  115.803140][ T6608]  sk_alloc+0x3a/0x370
[  115.803166][ T6608]  inet6_create+0x7fd/0x12a0
[  115.803185][ T6608]  ? inet6_create+0x71/0x12a0
[  115.803211][ T6608]  __sock_create+0x4b0/0x9f0
[  115.803239][ T6608]  mptcp_subflow_create_socket+0xfd/0xb40
[  115.803260][ T6608]  ? look_up_lock_class+0x74/0x170
[  115.803280][ T6608]  ? register_lock_class+0x51/0x320
[  115.803305][ T6608]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  115.803327][ T6608]  ? __lock_acquire+0xab9/0xd20
[  115.803355][ T6608]  __mptcp_nmpc_sk+0x148/0x750
[  115.803380][ T6608]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  115.803398][ T6608]  ? __local_bh_enable_ip+0x12d/0x1c0
[  115.803422][ T6608]  ? lockdep_hardirqs_on+0x9c/0x150
[  115.803440][ T6608]  ? __local_bh_enable_ip+0x12d/0x1c0
[  115.803466][ T6608]  mptcp_sendmsg_fastopen+0xd4/0x580
[  115.803493][ T6608]  mptcp_sendmsg+0x176c/0x1970
[  115.803511][ T6608]  ? __pfx___might_resched+0x10/0x10
[  115.803533][ T6608]  ? __lock_acquire+0xab9/0xd20
[  115.803571][ T6608]  ? aa_sk_perm+0x81e/0x950
[  115.803593][ T6608]  ? is_bpf_text_address+0x26/0x2b0
[  115.803619][ T6608]  ? __pfx_aa_sk_perm+0x10/0x10
[  115.803640][ T6608]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  115.803666][ T6608]  ? inet6_sendmsg+0x101/0x120
[  115.803687][ T6608]  __sock_sendmsg+0xe5/0x270
[  115.803708][ T6608]  ____sys_sendmsg+0x505/0x830
[  115.803737][ T6608]  ? __pfx_____sys_sendmsg+0x10/0x10
[  115.803769][ T6608]  ? import_iovec+0x74/0xa0
[  115.803792][ T6608]  ___sys_sendmsg+0x21f/0x2a0
[  115.803820][ T6608]  ? __pfx____sys_sendmsg+0x10/0x10
[  115.803879][ T6608]  ? __fget_files+0x2a/0x420
[  115.803899][ T6608]  ? __fget_files+0x3a0/0x420
[  115.803930][ T6608]  __x64_sys_sendmsg+0x19b/0x260
[  115.803955][ T6608]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  115.803995][ T6608]  ? __pfx_ksys_write+0x10/0x10
[  115.804011][ T6608]  ? rcu_is_watching+0x15/0xb0
[  115.804041][ T6608]  ? do_syscall_64+0xbe/0x3b0
[  115.804063][ T6608]  do_syscall_64+0xfa/0x3b0
[  115.804079][ T6608]  ? lockdep_hardirqs_on+0x9c/0x150
[  115.804095][ T6608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.804111][ T6608]  ? clear_bhb_loop+0x60/0xb0
[  115.804132][ T6608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.804149][ T6608] RIP: 0033:0x7fe24c78e929
[  115.804164][ T6608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.804177][ T6608] RSP: 002b:00007fe24d60b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  115.804196][ T6608] RAX: ffffffffffffffda RBX: 00007fe24c9b5fa0 RCX: 00007fe24c78e929
[  115.804208][ T6608] RDX: e07e872420dfefca RSI: 0000200000000780 RDI: 0000000000000003
[  115.804220][ T6608] RBP: 00007fe24d60b090 R08: 0000000000000000 R09: 0000000000000000
[  115.804230][ T6608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.804240][ T6608] R13: 0000000000000000 R14: 00007fe24c9b5fa0 R15: 00007ffff938b328
[  115.804269][ T6608]  </TASK>
[  116.302247][ T5832] Bluetooth: hci4: command tx timeout
[  116.895990][ T6430] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.903359][ T6430] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.910555][ T6430] bridge_slave_0: entered allmulticast mode
[  116.974475][ T6430] bridge_slave_0: entered promiscuous mode
[  116.999993][ T6430] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.032794][ T6430] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.040027][ T6430] bridge_slave_1: entered allmulticast mode
[  117.093048][ T6430] bridge_slave_1: entered promiscuous mode
[  117.608626][ T6430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.646055][ T6430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  117.934736][ T6430] team0: Port device team_slave_0 added
[  117.986535][ T6430] team0: Port device team_slave_1 added
[  118.043275][ T6656] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.184'.
[  118.110823][ T6669] netlink: 'syz.3.188': attribute type 11 has an invalid length.
[  118.372899][ T6673] netlink: 'syz.0.187': attribute type 33 has an invalid length.
[  118.380776][ T6673] netlink: 152 bytes leftover after parsing attributes in process `syz.0.187'.
[  119.147279][ T6430] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.161272][ T6430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.198724][ T6430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.211103][ T6687] netlink: 60 bytes leftover after parsing attributes in process `syz.3.190'.
[  119.253431][ T6689] netlink: 60 bytes leftover after parsing attributes in process `syz.3.190'.
[  119.299154][ T6430] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.361413][ T6430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.396390][ T6695] netlink: 'syz.0.192': attribute type 39 has an invalid length.
[  119.434043][ T6430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.801256][ T6696] : renamed from bond0 (while UP)
[  120.869649][ T6430] hsr_slave_0: entered promiscuous mode
[  120.885419][ T6430] hsr_slave_1: entered promiscuous mode
[  120.899218][ T6430] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.917647][ T6430] Cannot create hsr debugfs directory
[  121.101633][ T6721] netlink: 'syz.0.201': attribute type 9 has an invalid length.
[  124.705702][ T6802] pim6reg1: entered promiscuous mode
[  124.711230][ T6802] pim6reg1: entered allmulticast mode
[  126.260678][ T6830] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.231'.
[  126.271546][ T6835] bridge_slave_1: left allmulticast mode
[  126.277349][ T6835] bridge_slave_1: left promiscuous mode
[  126.303701][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.428916][ T6835] bridge_slave_0: left allmulticast mode
[  126.435476][ T6835] bridge_slave_0: left promiscuous mode
[  126.442302][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.986792][ T6430] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  127.043957][ T6856] netlink: 17 bytes leftover after parsing attributes in process `syz.2.238'.
[  127.121948][ T6430] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  127.153859][ T6856] netlink: zone id is out of range
[  127.203196][ T6856] netlink: zone id is out of range
[  127.218332][ T6430] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  127.295912][ T6856] netlink: zone id is out of range
[  127.312928][ T6856] netlink: zone id is out of range
[  127.333894][ T6856] netlink: zone id is out of range
[  127.375079][ T6430] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  127.401000][ T6856] netlink: zone id is out of range
[  127.462500][ T6856] netlink: zone id is out of range
[  127.529180][ T6856] netlink: zone id is out of range
[  127.556946][ T6856] netlink: zone id is out of range
[  127.595167][ T6856] netlink: zone id is out of range
[  127.765554][ T6430] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.844516][ T6430] 8021q: adding VLAN 0 to HW filter on device team0
[  127.882501][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.889722][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.961014][ T4488] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.968257][ T4488] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.146255][ T6430] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.286929][ T6911] netlink: 10 bytes leftover after parsing attributes in process `syz.0.249'.
[  129.546554][ T6430] veth0_vlan: entered promiscuous mode
[  129.733880][ T6430] veth1_vlan: entered promiscuous mode
[  129.875928][ T6430] veth0_macvtap: entered promiscuous mode
[  129.920576][ T6430] veth1_macvtap: entered promiscuous mode
[  129.961495][ T6430] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.974219][ T6930] netlink: 'syz.2.252': attribute type 21 has an invalid length.
[  130.003561][ T6930] IPv6: NLM_F_CREATE should be specified when creating new route
[  130.011405][ T6930] IPv6: Can't replace route, no match found
[  130.054501][ T6430] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.091092][ T6430] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.104750][ T6430] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.122805][ T6430] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.135104][ T6430] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.505158][ T6038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.536898][ T6038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.721797][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.747373][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.869589][ T6956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.257'.
[  130.910909][ T6955] netlink: 60 bytes leftover after parsing attributes in process `syz.3.257'.
[  131.011572][ T6957] netlink: 60 bytes leftover after parsing attributes in process `syz.3.257'.
[  131.287240][ T6939] delete_channel: no stack
[  131.339369][ T6973] : renamed from bond0 (while UP)
[  131.881344][ T6983] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.265'.
[  132.538139][ T3548] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.739501][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.749186][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.404641][ T3548] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.643176][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  133.651623][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  133.660091][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  133.668489][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  133.676831][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  133.856761][ T7015] netlink: 60 bytes leftover after parsing attributes in process `syz.4.267'.
[  134.436506][ T7029] delete_channel: no stack
[  135.041327][ T7070] netlink: 'syz.3.280': attribute type 21 has an invalid length.
[  135.052695][ T7070] IPv6: Can't replace route, no match found
[  135.347306][ T7082] netlink: 14 bytes leftover after parsing attributes in process `syz.3.282'.
[  135.785275][ T5832] Bluetooth: hci4: command tx timeout
[  136.089506][ T3548] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.105866][ T7008] netlink: 60 bytes leftover after parsing attributes in process `syz.4.267'.
[  136.319966][ T3548] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.161709][ T7112] netlink: 'syz.2.292': attribute type 21 has an invalid length.
[  137.266033][ T7112] IPv6: Can't replace route, no match found
[  137.488038][ T7032] chnl_net:caif_netlink_parms(): no params data found
[  137.561831][ T3548] bridge_slave_1: left allmulticast mode
[  137.585201][ T3548] bridge_slave_1: left promiscuous mode
[  137.615705][ T3548] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.734367][ T3548] bridge_slave_0: left allmulticast mode
[  137.740065][ T3548] bridge_slave_0: left promiscuous mode
[  137.775456][ T3548] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.854043][ T5832] Bluetooth: hci4: command tx timeout
[  138.961872][ T3548] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  139.006722][ T3548] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  139.034369][ T3548] bond0 (unregistering): Released all slaves
[  139.215371][ T7155] netlink: 168 bytes leftover after parsing attributes in process `syz.3.304'.
[  139.539518][ T7168] netlink: 'syz.4.307': attribute type 21 has an invalid length.
[  139.584587][ T7168] IPv6: Can't replace route, no match found
[  139.749818][ T7032] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.777476][ T7032] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.804543][ T7032] bridge_slave_0: entered allmulticast mode
[  139.824477][ T7032] bridge_slave_0: entered promiscuous mode
[  139.934026][ T5843] Bluetooth: hci4: command tx timeout
[  140.100489][ T7032] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.138306][ T7032] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.167014][ T7032] bridge_slave_1: entered allmulticast mode
[  140.188903][ T7032] bridge_slave_1: entered promiscuous mode
[  140.621790][ T7186] netlink: 10 bytes leftover after parsing attributes in process `syz.4.313'.
[  140.992594][ T3548] hsr_slave_0: left promiscuous mode
[  141.023361][ T3548] hsr_slave_1: left promiscuous mode
[  141.029398][ T3548] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.047408][ T3548] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.060966][ T3548] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.087169][ T3548] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.119466][ T3548] veth1_macvtap: left promiscuous mode
[  141.190051][ T7225] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  141.200245][ T3548] veth0_macvtap: left promiscuous mode
[  141.205448][ T7225] netlink: 'syz.3.322': attribute type 10 has an invalid length.
[  141.209412][ T3548] veth1_vlan: left promiscuous mode
[  141.225335][ T3548] veth0_vlan: left promiscuous mode
[  141.667447][ T3548] team0 (unregistering): Port device team_slave_1 removed
[  141.700675][ T3548] team0 (unregistering): Port device team_slave_0 removed
[  141.946146][ T7233] netlink: 14 bytes leftover after parsing attributes in process `syz.2.326'.
[  142.022811][ T5843] Bluetooth: hci4: command tx timeout
[  142.146977][ T7221] netlink: 'syz.3.322': attribute type 10 has an invalid length.
[  142.168092][ T7221] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.322'.
[  142.261340][ T7225] team0: Port device wlan1 added
[  142.297991][ T7032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.357406][ T7032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.540778][ T7032] team0: Port device team_slave_0 added
[  142.565181][ T7032] team0: Port device team_slave_1 added
[  142.690120][ T7246] netlink: 10 bytes leftover after parsing attributes in process `syz.2.331'.
[  142.840826][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.867943][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.942354][ T7032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.994215][ T7262] netlink: 'syz.0.336': attribute type 10 has an invalid length.
[  142.995262][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.016782][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.073933][ T7032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.208146][ T7262] net_ratelimit: 72 callbacks suppressed
[  143.208178][ T7262] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  143.426372][ T7032] hsr_slave_0: entered promiscuous mode
[  143.457090][ T7032] hsr_slave_1: entered promiscuous mode
[  143.473337][ T7032] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  143.502632][ T7032] Cannot create hsr debugfs directory
[  144.116787][ T7288] pim6reg: tun_chr_ioctl cmd 1074812117
[  145.516415][ T7346] netlink: 'syz.4.362': attribute type 21 has an invalid length.
[  145.535620][ T7346] IPv6: Can't replace route, no match found
[  145.583470][ T7344] netlink: 'syz.0.361': attribute type 29 has an invalid length.
[  145.620808][ T7352] netlink: 'syz.3.363': attribute type 21 has an invalid length.
[  146.099824][ T7032] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  146.203699][ T7032] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  146.313256][ T7032] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  146.357497][ T7032] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  146.943363][ T7387] FAULT_INJECTION: forcing a failure.
[  146.943363][ T7387] name failslab, interval 1, probability 0, space 0, times 0
[  146.956229][ T7387] CPU: 1 UID: 0 PID: 7387 Comm: syz.2.371 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  146.956251][ T7387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.956261][ T7387] Call Trace:
[  146.956268][ T7387]  <TASK>
[  146.956276][ T7387]  dump_stack_lvl+0x189/0x250
[  146.956304][ T7387]  ? __pfx____ratelimit+0x10/0x10
[  146.956322][ T7387]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.956346][ T7387]  ? __pfx__printk+0x10/0x10
[  146.956373][ T7387]  ? __ip_dev_find+0x444/0x4e0
[  146.956399][ T7387]  should_fail_ex+0x414/0x560
[  146.956428][ T7387]  should_failslab+0xa8/0x100
[  146.956450][ T7387]  kmem_cache_alloc_noprof+0x73/0x3c0
[  146.956468][ T7387]  ? dst_alloc+0x105/0x170
[  146.956496][ T7387]  dst_alloc+0x105/0x170
[  146.956517][ T7387]  ? ip_check_mc_rcu+0x4c7/0x680
[  146.956543][ T7387]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[  146.956579][ T7387]  ? ip_route_output_key_hash+0xde/0x2e0
[  146.956606][ T7387]  ip_route_output_key_hash+0x1b9/0x2e0
[  146.956634][ T7387]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  146.956669][ T7387]  ? __asan_memset+0x22/0x50
[  146.956698][ T7387]  ip_route_output_flow+0x2a/0x150
[  146.956725][ T7387]  ip_tunnel_xmit+0x96b/0x2380
[  146.956768][ T7387]  ? __pfx_ip_tunnel_xmit+0x10/0x10
[  146.956783][ T7387]  ? gre_build_header+0x31c/0xa40
[  146.956817][ T7387]  ? __pfx_gre_build_header+0x10/0x10
[  146.956838][ T7387]  ? skb_network_protocol+0x508/0x760
[  146.956861][ T7387]  ? iptunnel_handle_offloads+0x2fd/0x630
[  146.956890][ T7387]  ipgre_xmit+0x89e/0xc50
[  146.956917][ T7387]  ? __pfx_ipgre_xmit+0x10/0x10
[  146.956952][ T7387]  dev_hard_start_xmit+0x2d4/0x830
[  146.956991][ T7387]  __dev_queue_xmit+0x1adf/0x3a70
[  146.957012][ T7387]  ? do_syscall_64+0xfa/0x3b0
[  146.957028][ T7387]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.957054][ T7387]  ? __dev_queue_xmit+0x27e/0x3a70
[  146.957092][ T7387]  ? __pfx___dev_queue_xmit+0x10/0x10
[  146.957128][ T7387]  ? rcu_is_watching+0x15/0xb0
[  146.957156][ T7387]  ? skb_release_data+0x2b6/0x7c0
[  146.957187][ T7387]  ? pskb_expand_head+0xb10/0x1150
[  146.957217][ T7387]  ? __bpf_redirect+0x56d/0xe40
[  146.957239][ T7387]  __bpf_tx_skb+0x18e/0x260
[  146.957265][ T7387]  bpf_clone_redirect+0x272/0x3d0
[  146.957290][ T7387]  bpf_prog_da1e0ee5f8d5c8f5+0x5e/0x67
[  146.957311][ T7387]  ? preempt_schedule+0xae/0xc0
[  146.957332][ T7387]  ? bpf_test_run+0x205/0x830
[  146.957350][ T7387]  ? preempt_schedule_common+0x83/0xd0
[  146.957374][ T7387]  ? preempt_schedule+0xae/0xc0
[  146.957396][ T7387]  ? __pfx_preempt_schedule+0x10/0x10
[  146.957421][ T7387]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  146.957453][ T7387]  ? __local_bh_disable_ip+0xf1/0x190
[  146.957477][ T7387]  ? __pfx___cant_migrate+0x10/0x10
[  146.957500][ T7387]  ? __local_bh_enable_ip+0x12d/0x1c0
[  146.957522][ T7387]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.957549][ T7387]  ? bpf_test_timer_continue+0x136/0x350
[  146.957576][ T7387]  bpf_test_run+0x38e/0x830
[  146.957607][ T7387]  ? bpf_test_run+0x205/0x830
[  146.957635][ T7387]  ? __pfx_bpf_test_run+0x10/0x10
[  146.957682][ T7387]  ? bpf_prog_test_run_skb+0x6ac/0x1560
[  146.957701][ T7387]  ? convert___skb_to_skb+0x3d/0x590
[  146.957725][ T7387]  bpf_prog_test_run_skb+0xb30/0x1560
[  146.957763][ T7387]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  146.957784][ T7387]  bpf_prog_test_run+0x2c4/0x340
[  146.957812][ T7387]  __sys_bpf+0x4a4/0x860
[  146.957835][ T7387]  ? __pfx___sys_bpf+0x10/0x10
[  146.957870][ T7387]  ? ksys_write+0x22a/0x250
[  146.957891][ T7387]  ? __pfx_ksys_write+0x10/0x10
[  146.957906][ T7387]  ? rcu_is_watching+0x15/0xb0
[  146.957944][ T7387]  __x64_sys_bpf+0x7c/0x90
[  146.957965][ T7387]  do_syscall_64+0xfa/0x3b0
[  146.957982][ T7387]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.957998][ T7387]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.958014][ T7387]  ? clear_bhb_loop+0x60/0xb0
[  146.958036][ T7387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.958052][ T7387] RIP: 0033:0x7fe24c78e929
[  146.958067][ T7387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.958080][ T7387] RSP: 002b:00007fe24d60b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  146.958099][ T7387] RAX: ffffffffffffffda RBX: 00007fe24c9b5fa0 RCX: 00007fe24c78e929
[  146.958111][ T7387] RDX: 0000000000000028 RSI: 00002000000000c0 RDI: 000000000000000a
[  146.958122][ T7387] RBP: 00007fe24d60b090 R08: 0000000000000000 R09: 0000000000000000
[  146.958133][ T7387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  146.958143][ T7387] R13: 0000000000000000 R14: 00007fe24c9b5fa0 R15: 00007ffff938b328
[  146.958172][ T7387]  </TASK>
[  147.472137][ T7032] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.533397][ T7032] 8021q: adding VLAN 0 to HW filter on device team0
[  147.550579][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.557763][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.627475][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.634671][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.671974][ T7402] netlink: 'syz.2.377': attribute type 21 has an invalid length.
[  147.714810][ T7396] netlink: 'syz.0.376': attribute type 21 has an invalid length.
[  147.742836][ T7396] IPv6: NLM_F_CREATE should be specified when creating new route
[  147.751048][ T7396] IPv6: Can't replace route, no match found
[  147.942751][ T7032] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  148.682645][ T7032] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.951785][ T7449] netlink: 'syz.4.391': attribute type 21 has an invalid length.
[  149.132353][ T7032] veth0_vlan: entered promiscuous mode
[  149.194849][ T7032] veth1_vlan: entered promiscuous mode
[  149.320902][ T7453] IPv6: Can't replace route, no match found
[  149.513218][ T7463] netlink: 'syz.4.394': attribute type 21 has an invalid length.
[  149.535373][ T7032] veth0_macvtap: entered promiscuous mode
[  149.572787][ T7463] IPv6: Can't replace route, no match found
[  149.805278][ T7032] veth1_macvtap: entered promiscuous mode
[  150.065018][ T7032] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.180685][ T7032] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.229448][ T7032] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.287053][ T7032] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.321263][ T7032] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.351709][ T7032] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.928914][ T7494] netlink: 'syz.4.404': attribute type 21 has an invalid length.
[  150.950265][ T2986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.992792][ T2986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.048851][ T2986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.063555][ T2986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.756011][ T5843] Bluetooth: hci3: ISO packet for unknown connection handle 5
[  151.921710][ T7524] netlink: 'syz.2.411': attribute type 21 has an invalid length.
[  151.963194][ T7524] IPv6: Can't replace route, no match found
[  152.088666][ T7517] 
@ÿ: renamed from bond_slave_0 (while UP)
[  152.339441][   T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.460157][ T7533] GPL: port 1(erspan0) entered blocking state
[  152.466738][ T7533] GPL: port 1(erspan0) entered disabled state
[  152.473226][ T7533] erspan0: entered allmulticast mode
[  152.481707][ T7533] erspan0: entered promiscuous mode
[  152.600558][   T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.770966][   T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.851459][   T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.001327][   T65] bridge_slave_1: left allmulticast mode
[  153.010540][   T65] bridge_slave_1: left promiscuous mode
[  153.017047][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.026981][   T65] bridge_slave_0: left allmulticast mode
[  153.038537][   T65] bridge_slave_0: left promiscuous mode
[  153.046570][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.340685][ T7561] netlink: 'syz.4.417': attribute type 10 has an invalid length.
[  153.411321][ T7557] Driver unsupported XDP return value 0 on prog  (id 239) dev N/A, expect packet loss!
[  153.733063][ T7568] netlink: 'syz.3.418': attribute type 21 has an invalid length.
[  154.351885][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.365996][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  154.379369][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  154.390814][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  154.400174][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  154.410300][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  154.418264][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.447440][   T65] bond0 (unregistering): Released all slaves
[  154.538124][ T7565] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  154.788710][ T7576] delete_channel: no stack
[  154.939814][ T7595] 
: renamed from bond_slave_0 (while UP)
[  155.310579][ T7616] netlink: 'syz.3.426': attribute type 21 has an invalid length.
[  155.332849][ T7616] IPv6: Can't replace route, no match found
[  155.452985][   T65] hsr_slave_0: left promiscuous mode
[  155.462971][   T65] hsr_slave_1: left promiscuous mode
[  155.476122][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  155.484818][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.520393][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.593523][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.689237][   T65] veth1_macvtap: left promiscuous mode
[  155.708553][   T65] veth0_macvtap: left promiscuous mode
[  155.715557][   T65] veth1_vlan: left promiscuous mode
[  155.721610][   T65] veth0_vlan: left promiscuous mode
[  156.040048][ T7640] delete_channel: no stack
[  156.098527][ T7644] netlink: 'syz.2.434': attribute type 21 has an invalid length.
[  156.495607][ T5843] Bluetooth: hci4: command tx timeout
[  157.064416][   T65] team0 (unregistering): Port device team_slave_1 removed
[  157.109463][   T65] team0 (unregistering): Port device team_slave_0 removed
[  157.210984][ T7674] netlink: 'syz.4.442': attribute type 1 has an invalid length.
[  157.228162][ T7674] netlink: 144 bytes leftover after parsing attributes in process `syz.4.442'.
[  157.584933][ T7627] netlink: 13951 bytes leftover after parsing attributes in process `syz.0.430'.
[  157.851432][ T7690] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  158.509973][ T7588] chnl_net:caif_netlink_parms(): no params data found
[  158.574043][ T5843] Bluetooth: hci4: command tx timeout
[  159.088801][ T7728] netlink: 'syz.3.456': attribute type 21 has an invalid length.
[  159.113463][ T7728] IPv6: Can't replace route, no match found
[  159.185673][ T7730] netlink: 'syz.4.457': attribute type 21 has an invalid length.
[  159.251546][ T7588] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.261137][ T7588] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.276177][ T7588] bridge_slave_0: entered allmulticast mode
[  159.301468][ T7588] bridge_slave_0: entered promiscuous mode
[  159.334549][ T7588] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.350967][ T7588] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.362195][ T7588] bridge_slave_1: entered allmulticast mode
[  159.414643][ T7588] bridge_slave_1: entered promiscuous mode
[  159.797578][ T7588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.865403][ T7588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.949319][ T7759] netlink: 'syz.0.464': attribute type 46 has an invalid length.
[  160.059011][ T7588] team0: Port device team_slave_0 added
[  160.137902][ T7760] delete_channel: no stack
[  160.200298][ T7588] team0: Port device team_slave_1 added
[  160.378626][ T7588] batman_adv: batadv0: Adding interface: batadv_slave_0
[  160.385966][ T7588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.416434][ T7588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  160.468746][ T7588] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.476120][ T7588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.503340][ T7588] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.654465][ T5843] Bluetooth: hci4: command tx timeout
[  160.755781][ T7775] netlink: 'syz.3.470': attribute type 21 has an invalid length.
[  160.816359][ T7777] netlink: 'syz.0.472': attribute type 21 has an invalid length.
[  160.841338][ T7777] IPv6: Can't replace route, no match found
[  161.032100][ T7588] hsr_slave_0: entered promiscuous mode
[  161.042490][ T7588] hsr_slave_1: entered promiscuous mode
[  161.058238][ T7588] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.075946][ T7588] Cannot create hsr debugfs directory
[  162.321223][ T7824] netlink: 'syz.4.485': attribute type 21 has an invalid length.
[  162.732860][ T5843] Bluetooth: hci4: command tx timeout
[  162.896130][ T7588] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  162.992111][ T7588] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  163.024889][ T7588] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  163.122033][ T7588] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  163.295458][ T7870] netlink: 'syz.4.497': attribute type 10 has an invalid length.
[  163.376304][ T7588] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.423392][ T7874] netlink: 'syz.2.498': attribute type 21 has an invalid length.
[  163.446411][ T7588] 8021q: adding VLAN 0 to HW filter on device team0
[  163.477817][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.485076][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.526679][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.533904][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.067594][ T7894] netlink: 'syz.2.503': attribute type 39 has an invalid length.
[  164.470313][ T7588] 8021q: adding VLAN 0 to HW filter on device batadv0
[  164.477595][ T7906] IPv6: Can't replace route, no match found
[  164.606543][ T7911] netlink: 168 bytes leftover after parsing attributes in process `syz.2.507'.
[  164.681200][ T7588] veth0_vlan: entered promiscuous mode
[  164.763431][ T7588] veth1_vlan: entered promiscuous mode
[  164.886532][ T7588] veth0_macvtap: entered promiscuous mode
[  164.928842][ T7588] veth1_macvtap: entered promiscuous mode
[  164.936901][ T7889] delete_channel: no stack
[  165.107224][ T7588] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.157439][ T7588] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.176355][ T7588] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.195378][ T7588] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.223338][ T7588] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.254990][ T7588] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.538094][ T7933] netlink: 'syz.4.511': attribute type 21 has an invalid length.
[  166.012324][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.053774][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.168605][ T2986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.205968][ T2986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.501959][ T7958] IPv6: Can't replace route, no match found
[  166.895667][ T7970] netlink: 'syz.2.525': attribute type 21 has an invalid length.
[  167.226656][ T7969] raw_sendmsg: syz.4.524 forgot to set AF_INET. Fix it!
[  167.330374][ T7959] delete_channel: no stack
[  167.346315][ T7972] 
€Â: renamed from hsr0 (while UP)
[  167.370646][ T7978] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.527'.
[  167.636307][ T3548] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.865912][ T3548] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.978363][ T3548] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.086623][ T3548] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.288222][ T3548] bridge_slave_1: left allmulticast mode
[  168.303508][ T3548] bridge_slave_1: left promiscuous mode
[  168.309378][ T3548] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.331281][ T3548] bridge_slave_0: left allmulticast mode
[  168.352646][ T3548] bridge_slave_0: left promiscuous mode
[  168.358419][ T3548] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.759155][ T7999] netlink: 'syz.3.532': attribute type 7 has an invalid length.
[  168.792942][ T7999] netlink: 148 bytes leftover after parsing attributes in process `syz.3.532'.
[  169.051709][ T8006] netlink: 'syz.4.533': attribute type 10 has an invalid length.
[  169.208230][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  169.224890][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  169.232440][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  169.246711][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  169.261838][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  169.407091][ T3548] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.435944][ T3548] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.465469][ T3548] bond0 (unregistering): Released all slaves
[  169.506718][ T7987] bridge_slave_1: left allmulticast mode
[  169.512792][ T7987] bridge_slave_1: left promiscuous mode
[  169.524380][ T7987] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.542072][ T7987] bridge_slave_0: left allmulticast mode
[  169.562571][ T7987] bridge_slave_0: left promiscuous mode
[  169.568460][ T7987] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.683276][ T8012] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  170.011945][ T8023] netlink: 'syz.4.536': attribute type 21 has an invalid length.
[  170.213025][ T3548] hsr_slave_0: left promiscuous mode
[  170.219336][ T3548] hsr_slave_1: left promiscuous mode
[  170.229616][ T3548] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  170.237557][ T3548] batman_adv: batadv0: Removing interface: batadv_slave_0
[  170.263192][ T3548] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  170.281453][ T3548] batman_adv: batadv0: Removing interface: batadv_slave_1
[  170.345857][ T3548] veth1_macvtap: left promiscuous mode
[  170.373624][ T3548] veth0_macvtap: left promiscuous mode
[  170.379344][ T3548] veth1_vlan: left promiscuous mode
[  170.414467][ T3548] veth0_vlan: left promiscuous mode
[  171.292979][ T5843] Bluetooth: hci4: command tx timeout
[  171.760290][ T8041] delete_channel: no stack
[  172.025509][ T3548] team0 (unregistering): Port device team_slave_1 removed
[  172.083731][ T3548] team0 (unregistering): Port device team_slave_0 removed
[  172.148925][ T8061] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.545'.
[  173.125519][ T8009] chnl_net:caif_netlink_parms(): no params data found
[  173.385293][ T5843] Bluetooth: hci4: command tx timeout
[  173.608891][ T8009] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.618441][ T8009] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.644756][ T8009] bridge_slave_0: entered allmulticast mode
[  173.688749][ T8009] bridge_slave_0: entered promiscuous mode
[  173.747210][ T8009] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.781190][ T8009] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.808170][ T8009] bridge_slave_1: entered allmulticast mode
[  173.838028][ T8009] bridge_slave_1: entered promiscuous mode
[  173.851271][ T8091] IPv6: Can't replace route, no match found
[  173.877415][ T8096] netlink: 'syz.0.554': attribute type 2 has an invalid length.
[  173.893314][ T8096] netlink: 'syz.0.554': attribute type 8 has an invalid length.
[  173.928403][ T8096] netlink: 132 bytes leftover after parsing attributes in process `syz.0.554'.
[  174.180325][ T8009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.216053][ T8009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.385186][ T8109] netlink: 'syz.2.556': attribute type 21 has an invalid length.
[  174.537973][ T8009] team0: Port device team_slave_0 added
[  174.696987][ T8009] team0: Port device team_slave_1 added
[  174.998019][ T8102] delete_channel: no stack
[  175.085069][ T8009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.092042][ T8009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.126010][ T8009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.146376][ T8009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.154252][ T8009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.186358][ T8009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.441603][ T8131] netlink: 'syz.2.561': attribute type 21 has an invalid length.
[  175.479998][ T5843] Bluetooth: hci4: command tx timeout
[  175.544561][ T8009] hsr_slave_0: entered promiscuous mode
[  175.592399][ T8009] hsr_slave_1: entered promiscuous mode
[  175.633354][ T8009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.662075][ T8009] Cannot create hsr debugfs directory
[  176.350020][ T8152] netlink: 830 bytes leftover after parsing attributes in process `syz.0.566'.
[  176.413506][ T8152] 
@ÿ: entered promiscuous mode
[  176.418655][ T8152] bond_slave_1: entered promiscuous mode
[  176.631357][ T8166] netlink: 'syz.0.571': attribute type 21 has an invalid length.
[  177.536620][ T5843] Bluetooth: hci4: command tx timeout
[  177.911794][ T8207] netlink: 'syz.4.583': attribute type 11 has an invalid length.
[  177.954725][ T8209] netlink: 'syz.2.585': attribute type 21 has an invalid length.
[  177.993989][ T8207] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.583'.
[  178.008756][ T8180] delete_channel: no stack
[  178.041083][ T8210] netlink: 'syz.4.583': attribute type 10 has an invalid length.
[  178.226828][ T8210] : (slave wlan1): Enslaving as an active interface with an up link
[  178.249420][ T8204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  178.303067][ T8218] netlink: 'syz.2.587': attribute type 10 has an invalid length.
[  178.321681][ T8009] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  178.324372][ T8218] netlink: 55 bytes leftover after parsing attributes in process `syz.2.587'.
[  178.404935][ T8009] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  178.512771][ T8227] FAULT_INJECTION: forcing a failure.
[  178.512771][ T8227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.539110][ T8227] CPU: 1 UID: 0 PID: 8227 Comm: syz.4.589 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  178.539133][ T8227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.539143][ T8227] Call Trace:
[  178.539150][ T8227]  <TASK>
[  178.539157][ T8227]  dump_stack_lvl+0x189/0x250
[  178.539186][ T8227]  ? __pfx____ratelimit+0x10/0x10
[  178.539204][ T8227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.539227][ T8227]  ? __pfx__printk+0x10/0x10
[  178.539245][ T8227]  ? __might_fault+0xb0/0x130
[  178.539274][ T8227]  should_fail_ex+0x414/0x560
[  178.539301][ T8227]  _copy_from_user+0x2d/0xb0
[  178.539321][ T8227]  generic_map_update_batch+0x572/0x7f0
[  178.539350][ T8227]  ? __pfx_generic_map_update_batch+0x10/0x10
[  178.539367][ T8227]  ? __fget_files+0x2a/0x420
[  178.539394][ T8227]  ? __pfx_generic_map_update_batch+0x10/0x10
[  178.539411][ T8227]  bpf_map_do_batch+0x369/0x5f0
[  178.539440][ T8227]  __sys_bpf+0x384/0x860
[  178.539463][ T8227]  ? __pfx___sys_bpf+0x10/0x10
[  178.539500][ T8227]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  178.539535][ T8227]  __x64_sys_bpf+0x7c/0x90
[  178.539555][ T8227]  do_syscall_64+0xfa/0x3b0
[  178.539574][ T8227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.539590][ T8227]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  178.539606][ T8227]  ? clear_bhb_loop+0x60/0xb0
[  178.539627][ T8227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.539644][ T8227] RIP: 0033:0x7fada078e929
[  178.539659][ T8227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.539671][ T8227] RSP: 002b:00007fada16ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  178.539687][ T8227] RAX: ffffffffffffffda RBX: 00007fada09b5fa0 RCX: 00007fada078e929
[  178.539697][ T8227] RDX: 0000000000000038 RSI: 00002000000002c0 RDI: 000000000000001a
[  178.539706][ T8227] RBP: 00007fada16ab090 R08: 0000000000000000 R09: 0000000000000000
[  178.539714][ T8227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  178.539722][ T8227] R13: 0000000000000000 R14: 00007fada09b5fa0 R15: 00007fff9ec70738
[  178.539747][ T8227]  </TASK>
[  178.936955][ T8240] IPv6: Can't replace route, no match found
[  178.994024][ T8218] vlan0 (unregistering): left allmulticast mode
[  179.053357][ T8218] veth0_vlan (unregistering): left allmulticast mode
[  179.060305][ T8218] vlan0 (unregistering): left promiscuous mode
[  179.078612][ T8218] À: port 1(vlan0) entered disabled state
[  179.321456][ T8009] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  179.351286][ T8009] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  179.605822][ T8009] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.669371][ T8261] netlink: 'syz.0.597': attribute type 21 has an invalid length.
[  179.679023][ T8009] 8021q: adding VLAN 0 to HW filter on device team0
[  179.799849][ T3548] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.807079][ T3548] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.834772][ T3548] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.841984][ T3548] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.977010][ T8276] delete_channel: no stack
[  181.433336][ T8009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  181.559828][ T8009] veth0_vlan: entered promiscuous mode
[  181.664941][ T8009] veth1_vlan: entered promiscuous mode
[  181.817027][ T8009] veth0_macvtap: entered promiscuous mode
[  181.870897][ T8319] netlink: 'syz.0.611': attribute type 10 has an invalid length.
[  181.894761][ T8322] netlink: 'syz.2.612': attribute type 21 has an invalid length.
[  181.928967][ T8313] syzkaller0: entered promiscuous mode
[  181.948752][ T8313] syzkaller0: entered allmulticast mode
[  181.978838][ T8328] syzkaller0: tun_chr_ioctl cmd 2147767520
[  181.995835][ T8009] veth1_macvtap: entered promiscuous mode
[  182.034435][ T8330] netlink: 10 bytes leftover after parsing attributes in process `syz.4.609'.
[  182.139310][ T6042] syzkaller0: tun_net_xmit 48
[  182.297552][ T8333] delete_channel: no stack
[  182.445282][ T8345] netlink: 168 bytes leftover after parsing attributes in process `syz.0.616'.
[  183.269464][ T8371] netlink: 'syz.2.622': attribute type 11 has an invalid length.
[  183.280721][ T8371] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.622'.
[  183.326369][ T8371] netlink: 'syz.2.622': attribute type 10 has an invalid length.
[  183.873262][ T8385] FAULT_INJECTION: forcing a failure.
[  183.873262][ T8385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.902911][ T8385] CPU: 0 UID: 0 PID: 8385 Comm: syz.0.623 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  183.902937][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.902947][ T8385] Call Trace:
[  183.902954][ T8385]  <TASK>
[  183.902962][ T8385]  dump_stack_lvl+0x189/0x250
[  183.903003][ T8385]  ? __pfx____ratelimit+0x10/0x10
[  183.903021][ T8385]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.903046][ T8385]  ? __pfx__printk+0x10/0x10
[  183.903065][ T8385]  ? __might_fault+0xb0/0x130
[  183.903087][ T8385]  ? __might_fault+0xb0/0x130
[  183.903113][ T8385]  should_fail_ex+0x414/0x560
[  183.903141][ T8385]  _copy_from_user+0x2d/0xb0
[  183.903161][ T8385]  generic_map_update_batch+0x51b/0x7f0
[  183.903196][ T8385]  ? __pfx_generic_map_update_batch+0x10/0x10
[  183.903214][ T8385]  ? __fget_files+0x2a/0x420
[  183.903242][ T8385]  ? __pfx_generic_map_update_batch+0x10/0x10
[  183.903260][ T8385]  bpf_map_do_batch+0x369/0x5f0
[  183.903290][ T8385]  __sys_bpf+0x384/0x860
[  183.903315][ T8385]  ? __pfx___sys_bpf+0x10/0x10
[  183.903363][ T8385]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  183.903399][ T8385]  __x64_sys_bpf+0x7c/0x90
[  183.903420][ T8385]  do_syscall_64+0xfa/0x3b0
[  183.903440][ T8385]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.903456][ T8385]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  183.903473][ T8385]  ? clear_bhb_loop+0x60/0xb0
[  183.903493][ T8385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.903509][ T8385] RIP: 0033:0x7efd3378e929
[  183.903532][ T8385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.903545][ T8385] RSP: 002b:00007efd346c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  183.903566][ T8385] RAX: ffffffffffffffda RBX: 00007efd339b5fa0 RCX: 00007efd3378e929
[  183.903577][ T8385] RDX: 0000000000000038 RSI: 00002000000002c0 RDI: 000000000000001a
[  183.903588][ T8385] RBP: 00007efd346c1090 R08: 0000000000000000 R09: 0000000000000000
[  183.903598][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  183.903608][ T8385] R13: 0000000000000000 R14: 00007efd339b5fa0 R15: 00007ffc1d2e7668
[  183.903640][ T8385]  </TASK>
[  184.134445][ T8370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.285203][ T8389] netlink: 'syz.0.624': attribute type 21 has an invalid length.
[  184.614743][ T8371] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  184.658985][ T8009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.718152][ T8009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.751140][ T8009] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.792594][ T8009] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.801319][ T8009] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.843021][ T8009] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.160913][ T6042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.186248][ T6042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.209680][ T8418] netlink: 'syz.4.631': attribute type 39 has an invalid length.
[  185.315394][ T8428] netlink: 'syz.0.635': attribute type 10 has an invalid length.
[  185.322344][ T2986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.323621][ T8424] mac80211_hwsim hwsim12 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  185.331907][ T2986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.379670][ T8428] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.390027][ T8428] batadv0: entered promiscuous mode
[  185.404144][ T8428] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  185.451207][ T8424] netlink: 'syz.3.633': attribute type 10 has an invalid length.
[  185.581447][ T8424] team0: Port device wlan1 removed
[  185.655815][ T8424] : (slave wlan1): Enslaving as an active interface with an up link
[  185.918547][ T8435] delete_channel: no stack
[  186.141858][ T8425] delete_channel: no stack
[  186.239205][ T6038] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.374318][ T6038] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.491597][ T6038] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.579558][ T6038] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.698009][ T6038] bridge_slave_1: left allmulticast mode
[  186.704473][ T6038] bridge_slave_1: left promiscuous mode
[  186.710170][ T6038] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.720997][ T6038] bridge_slave_0: left allmulticast mode
[  186.728205][ T6038] bridge_slave_0: left promiscuous mode
[  186.734562][ T6038] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.988891][ T6038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  186.999152][ T6038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.008873][ T6038] bond0 (unregistering): Released all slaves
[  187.201588][ T8457] netlink: 168 bytes leftover after parsing attributes in process `syz.0.643'.
[  187.436324][ T6038] hsr_slave_0: left promiscuous mode
[  187.458093][ T6038] hsr_slave_1: left promiscuous mode
[  187.477199][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.511580][ T6038] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.563831][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.577199][ T6038] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.639432][ T6038] veth1_macvtap: left promiscuous mode
[  187.651221][ T6038] veth0_macvtap: left promiscuous mode
[  187.664096][ T6038] veth1_vlan: left promiscuous mode
[  187.675399][ T6038] veth0_vlan: left promiscuous mode
[  187.774183][ T6042] wlan1: Trigger new scan to find an IBSS to join
[  188.109977][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  188.126196][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  188.135449][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  188.147893][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  188.163606][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  188.809856][ T6038] team0 (unregistering): Port device team_slave_1 removed
[  189.089684][ T6038] team0 (unregistering): Port device team_slave_0 removed
[  189.202370][ T8481] delete_channel: no stack
[  189.621415][ T8489] FAULT_INJECTION: forcing a failure.
[  189.621415][ T8489] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.634891][ T8489] CPU: 1 UID: 0 PID: 8489 Comm: syz.0.657 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  189.634917][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.634927][ T8489] Call Trace:
[  189.634934][ T8489]  <TASK>
[  189.634941][ T8489]  dump_stack_lvl+0x189/0x250
[  189.634971][ T8489]  ? __pfx____ratelimit+0x10/0x10
[  189.634989][ T8489]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.635020][ T8489]  ? __pfx__printk+0x10/0x10
[  189.635038][ T8489]  ? __might_fault+0xb0/0x130
[  189.635066][ T8489]  should_fail_ex+0x414/0x560
[  189.635094][ T8489]  _copy_from_user+0x2d/0xb0
[  189.635114][ T8489]  generic_map_update_batch+0x572/0x7f0
[  189.635146][ T8489]  ? __pfx_generic_map_update_batch+0x10/0x10
[  189.635165][ T8489]  ? __fget_files+0x2a/0x420
[  189.635192][ T8489]  ? __pfx_generic_map_update_batch+0x10/0x10
[  189.635210][ T8489]  bpf_map_do_batch+0x369/0x5f0
[  189.635239][ T8489]  __sys_bpf+0x384/0x860
[  189.635262][ T8489]  ? __pfx___sys_bpf+0x10/0x10
[  189.635299][ T8489]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  189.635322][ T8489]  ? __pfx_ksys_write+0x10/0x10
[  189.635348][ T8489]  __x64_sys_bpf+0x7c/0x90
[  189.635369][ T8489]  do_syscall_64+0xfa/0x3b0
[  189.635387][ T8489]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.635403][ T8489]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  189.635419][ T8489]  ? clear_bhb_loop+0x60/0xb0
[  189.635439][ T8489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.635454][ T8489] RIP: 0033:0x7efd3378e929
[  189.635470][ T8489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.635483][ T8489] RSP: 002b:00007efd346c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  189.635501][ T8489] RAX: ffffffffffffffda RBX: 00007efd339b5fa0 RCX: 00007efd3378e929
[  189.635513][ T8489] RDX: 0000000000000038 RSI: 00002000000002c0 RDI: 000000000000001a
[  189.635523][ T8489] RBP: 00007efd346c1090 R08: 0000000000000000 R09: 0000000000000000
[  189.635533][ T8489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  189.635543][ T8489] R13: 0000000000000000 R14: 00007efd339b5fa0 R15: 00007ffc1d2e7668
[  189.635570][ T8489]  </TASK>
[  190.265022][ T5843] Bluetooth: hci4: command tx timeout
[  191.063404][ T8480] netlink: 28 bytes leftover after parsing attributes in process `syz.4.653'.
[  191.241167][ T8498] netlink: 'syz.4.660': attribute type 5 has an invalid length.
[  191.249036][ T8498] netlink: 176 bytes leftover after parsing attributes in process `syz.4.660'.
[  192.446947][ T3548] wlan1: Trigger new scan to find an IBSS to join
[  192.462667][ T5843] Bluetooth: hci4: command tx timeout
[  192.671665][ T2986] wlan1: Creating new IBSS network, BSSID 42:8d:c0:73:35:f6
[  193.019748][ T8470] chnl_net:caif_netlink_parms(): no params data found
[  193.366711][ T8545] netlink: 'syz.4.673': attribute type 7 has an invalid length.
[  193.390264][ T8544] netlink: 'syz.4.673': attribute type 7 has an invalid length.
[  193.412437][ T8545] netlink: 'syz.4.673': attribute type 2 has an invalid length.
[  193.422683][ T8545] netlink: 132 bytes leftover after parsing attributes in process `syz.4.673'.
[  193.440079][ T8470] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.447549][ T8470] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.454966][ T8470] bridge_slave_0: entered allmulticast mode
[  193.463749][ T8470] bridge_slave_0: entered promiscuous mode
[  193.492914][ T8470] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.520396][ T8470] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.533948][ T8470] bridge_slave_1: entered allmulticast mode
[  193.556223][ T8470] bridge_slave_1: entered promiscuous mode
[  193.581669][ T8515] delete_channel: no stack
[  193.687486][ T8470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.717464][ T8470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.928423][ T8470] team0: Port device team_slave_0 added
[  193.930394][ T8560] delete_channel: no stack
[  193.937194][ T8470] team0: Port device team_slave_1 added
[  194.016502][ T8470] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.038712][ T8470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.099563][ T8470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  194.117880][ T8470] batman_adv: batadv0: Adding interface: batadv_slave_1
[  194.139207][ T8470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.169969][ T8470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  194.194723][ T8564] netlink: 60 bytes leftover after parsing attributes in process `syz.4.681'.
[  194.208478][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.213684][ T8565] netlink: 60 bytes leftover after parsing attributes in process `syz.4.681'.
[  194.216736][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.292152][ T8571] netlink: 60 bytes leftover after parsing attributes in process `syz.4.681'.
[  194.330145][ T8470] hsr_slave_0: entered promiscuous mode
[  194.337906][ T8470] hsr_slave_1: entered promiscuous mode
[  194.345179][ T8470] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  194.353007][ T8470] Cannot create hsr debugfs directory
[  194.492978][ T5843] Bluetooth: hci4: command tx timeout
[  194.556043][ T8589] syzkaller1: tun_chr_ioctl cmd 1074025673
[  194.562259][ T8588] syzkaller1: tun_chr_ioctl cmd 1074025678
[  194.581829][ T8588] syzkaller1: group set to 0
[  194.587875][ T8591] netlink: 'syz.0.687': attribute type 2 has an invalid length.
[  194.599723][ T8591] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.687'.
[  194.616994][ T8591] nbd: must specify a device to reconfigure
[  194.628663][ T8589] syzkaller1: tun_chr_ioctl cmd 1074025678
[  194.634780][ T8589] syzkaller1: group set to 0
[  194.639509][ T8587] syzkaller1: tun_chr_ioctl cmd 1074025675
[  194.646094][ T8587] syzkaller1: persist enabled
[  194.915692][ T8601] netlink: 'syz.4.692': attribute type 10 has an invalid length.
[  194.930434][ T8601] geneve0: entered promiscuous mode
[  194.997435][ T8601] : (slave geneve0): Enslaving as an active interface with an up link
[  195.114713][ T8470] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  195.167723][ T8470] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  195.205227][ T8470] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  195.246687][ T8470] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  195.620770][ T8470] 8021q: adding VLAN 0 to HW filter on device bond0
[  195.710997][ T8470] 8021q: adding VLAN 0 to HW filter on device team0
[  195.743798][ T6038] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.750975][ T6038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.777090][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.784291][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.801574][ T8601] syz.4.692 (8601) used greatest stack depth: 19960 bytes left
[  196.575492][ T5843] Bluetooth: hci4: command tx timeout
[  196.791369][ T8470] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.820816][ T8668] netlink: 'syz.2.713': attribute type 39 has an invalid length.
[  196.880624][ T8672] netlink: 'syz.3.715': attribute type 5 has an invalid length.
[  196.892212][ T8470] veth0_vlan: entered promiscuous mode
[  196.902458][ T8672] netlink: 176 bytes leftover after parsing attributes in process `syz.3.715'.
[  196.916394][ T8470] veth1_vlan: entered promiscuous mode
[  196.978732][ T8470] veth0_macvtap: entered promiscuous mode
[  197.008979][ T8470] veth1_macvtap: entered promiscuous mode
[  197.236907][ T8470] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.294793][ T8470] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.307461][ T8470] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.320504][ T8470] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.334102][ T8470] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.343103][ T8470] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.621194][ T3548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.634206][ T3548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.748697][ T8697] syzkaller0: entered promiscuous mode
[  197.754392][ T8697] syzkaller0: entered allmulticast mode
[  197.763352][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.780369][ T6038] syzkaller0: tun_net_xmit 48
[  197.786917][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.799050][ T8697] syzkaller0: tun_chr_ioctl cmd 2147767520
[  197.817434][ T8697] syzkaller0: tun_net_xmit 1280
[  197.818100][ T8705] netlink: 'syz.4.728': attribute type 21 has an invalid length.
[  197.832267][ T8697] syzkaller0: create flow: hash 2294076624 index 2
[  197.842775][ T8705] netlink: 100 bytes leftover after parsing attributes in process `syz.4.728'.
[  197.901523][ T8705] netlink: 'syz.4.728': attribute type 10 has an invalid length.
[  197.923408][ T8705] netlink: 168 bytes leftover after parsing attributes in process `syz.4.728'.
[  198.035990][ T8696] syzkaller0: delete flow: hash 2294076624 index 2
[  199.216953][ T8721] IPv6: Can't replace route, no match found
[  200.300946][ T8736] netlink: 10 bytes leftover after parsing attributes in process `syz.0.738'.
[  200.463267][ T6042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.815879][ T6042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.885841][ T6042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.942317][ T6042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.049306][ T6042] bridge_slave_1: left allmulticast mode
[  201.057468][ T6042] bridge_slave_1: left promiscuous mode
[  201.064989][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.074714][ T6042] bridge_slave_0: left allmulticast mode
[  201.080366][ T6042] bridge_slave_0: left promiscuous mode
[  201.086245][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.343458][ T6042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.373969][ T5148] Bluetooth: hci2: command 0x0406 tx timeout
[  201.380009][ T5148] Bluetooth: hci3: command 0x0406 tx timeout
[  201.386090][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  201.392096][ T5845] Bluetooth: hci1: command 0x0406 tx timeout
[  201.421081][ T6042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.442652][ T6042] bond0 (unregistering): Released all slaves
[  202.396140][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  202.416038][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  202.424912][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  202.443298][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  202.463364][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  202.706433][ T8777] netlink: 'syz.3.750': attribute type 21 has an invalid length.
[  202.721659][ T6042] hsr_slave_0: left promiscuous mode
[  202.743516][ T8777] IPv6: Can't replace route, no match found
[  202.752712][ T6042] hsr_slave_1: left promiscuous mode
[  202.758752][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.785788][ T6042] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.817049][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.836324][ T6042] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.859670][ T6042] veth1_macvtap: left promiscuous mode
[  202.865405][ T6042] veth0_macvtap: left promiscuous mode
[  202.871957][ T6042] veth1_vlan: left promiscuous mode
[  202.884581][ T6042] veth0_vlan: left promiscuous mode
[  203.940931][ T6042] team0 (unregistering): Port device team_slave_1 removed
[  203.975974][ T6042] team0 (unregistering): Port device team_slave_0 removed
[  204.279328][ T8797] netlink: 'syz.0.758': attribute type 1 has an invalid length.
[  204.301363][ T8797] netlink: 144 bytes leftover after parsing attributes in process `syz.0.758'.
[  204.493934][ T5832] Bluetooth: hci4: command tx timeout
[  204.862203][ T8815] netlink: 'syz.0.762': attribute type 1 has an invalid length.
[  204.958238][ T8815] netlink: 17 bytes leftover after parsing attributes in process `syz.0.762'.
[  205.018630][ T8818] netlink: 10 bytes leftover after parsing attributes in process `syz.2.763'.
[  205.447936][ T8768] chnl_net:caif_netlink_parms(): no params data found
[  206.169802][ T8768] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.192410][ T8768] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.201865][ T8768] bridge_slave_0: entered allmulticast mode
[  206.213775][ T8768] bridge_slave_0: entered promiscuous mode
[  206.222007][ T8837] tc_dump_action: action bad kind
[  206.227542][ T8768] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.236920][ T8768] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.249174][ T8768] bridge_slave_1: entered allmulticast mode
[  206.259362][ T8768] bridge_slave_1: entered promiscuous mode
[  206.288510][ T8835] IPv6: Can't replace route, no match found
[  206.468390][ T8768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.526336][ T8837] netlink: 'syz.2.769': attribute type 29 has an invalid length.
[  206.569827][ T8768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.583106][ T5832] Bluetooth: hci4: command tx timeout
[  206.849867][ T8768] team0: Port device team_slave_0 added
[  206.948309][ T8768] team0: Port device team_slave_1 added
[  207.097494][ T8838] delete_channel: no stack
[  207.151263][ T8768] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.162390][ T8768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.212725][ T8768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.241420][ T8768] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.249505][ T8768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.293355][ T8768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.922314][ T8768] hsr_slave_0: entered promiscuous mode
[  207.932184][ T8768] hsr_slave_1: entered promiscuous mode
[  207.938664][ T8768] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  207.947180][ T8768] Cannot create hsr debugfs directory
[  208.535460][ T8768] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  208.548719][ T8768] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  208.564885][ T8768] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  208.593211][ T8768] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  208.652929][ T5832] Bluetooth: hci4: command tx timeout
[  208.790191][ T8768] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.841684][ T8768] 8021q: adding VLAN 0 to HW filter on device team0
[  208.878384][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.885626][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.909589][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.916797][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.067258][ T8768] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  209.077758][ T8768] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  209.338574][ T8891] delete_channel: no stack
[  209.636391][ T8768] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.739152][ T8768] veth0_vlan: entered promiscuous mode
[  209.771452][ T8768] veth1_vlan: entered promiscuous mode
[  209.871929][ T8768] veth0_macvtap: entered promiscuous mode
[  209.898219][ T8768] veth1_macvtap: entered promiscuous mode
[  209.943388][ T8768] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.983020][ T8768] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.007805][ T8768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.041977][ T8768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.059434][ T8768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.084838][ T8768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.734760][ T5832] Bluetooth: hci4: command tx timeout
[  211.035772][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.047737][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.150921][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.184070][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.646332][ T8966] delete_channel: no stack
[  211.841351][ T8971] netlink: 18187 bytes leftover after parsing attributes in process `syz.2.815'.
[  212.116702][ T8954] delete_channel: no stack
[  212.479821][ T6042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.005611][ T6042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.068251][ T6042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.147264][ T6042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.239575][ T6042] bridge_slave_1: left allmulticast mode
[  213.246907][ T6042] bridge_slave_1: left promiscuous mode
[  213.253449][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.262196][ T6042] bridge_slave_0: left allmulticast mode
[  213.268089][ T6042] bridge_slave_0: left promiscuous mode
[  213.273929][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.548778][ T6042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  213.560147][ T6042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.570102][ T6042] bond0 (unregistering): Released all slaves
[  213.766752][ T6042] hsr_slave_0: left promiscuous mode
[  213.773229][ T6042] hsr_slave_1: left promiscuous mode
[  213.779450][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  213.787185][ T6042] batman_adv: batadv0: Removing interface: batadv_slave_0
[  213.795105][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  213.802753][ T6042] batman_adv: batadv0: Removing interface: batadv_slave_1
[  213.834751][ T6042] veth1_macvtap: left promiscuous mode
[  213.840317][ T6042] veth0_macvtap: left promiscuous mode
[  213.866958][ T6042] veth1_vlan: left promiscuous mode
[  213.872313][ T6042] veth0_vlan: left promiscuous mode
[  214.337325][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  214.346812][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  214.357018][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  214.369917][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  214.386710][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  214.499375][ T6042] team0 (unregistering): Port device team_slave_1 removed
[  214.537472][ T6042] team0 (unregistering): Port device team_slave_0 removed
[  214.862776][ T9001] netlink: 'syz.4.826': attribute type 10 has an invalid length.
[  214.888124][ T9001] netlink: 65015 bytes leftover after parsing attributes in process `syz.4.826'.
[  216.046436][ T9002] chnl_net:caif_netlink_parms(): no params data found
[  216.379032][ T9002] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.413168][ T5846] Bluetooth: hci4: command tx timeout
[  216.421820][ T9002] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.462862][ T9002] bridge_slave_0: entered allmulticast mode
[  216.481431][ T9002] bridge_slave_0: entered promiscuous mode
[  216.501809][ T9002] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.527584][ T9002] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.552279][ T9042] netlink: 'syz.4.837': attribute type 7 has an invalid length.
[  216.570585][ T9002] bridge_slave_1: entered allmulticast mode
[  216.581399][ T9002] bridge_slave_1: entered promiscuous mode
[  216.749552][ T9026] delete_channel: no stack
[  216.770493][ T9002] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.788667][ T9002] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.861768][ T9002] team0: Port device team_slave_0 added
[  216.870586][ T9002] team0: Port device team_slave_1 added
[  217.034174][ T9002] batman_adv: batadv0: Adding interface: batadv_slave_0
[  217.057281][ T9002] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.122250][ T9002] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  217.144555][ T9002] batman_adv: batadv0: Adding interface: batadv_slave_1
[  217.151515][ T9002] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.242675][ T9002] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  217.349598][ T9002] hsr_slave_0: entered promiscuous mode
[  217.358557][ T9002] hsr_slave_1: entered promiscuous mode
[  217.366645][ T9002] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  217.377533][ T9002] Cannot create hsr debugfs directory
[  217.409605][ T9063] IPv6: Can't replace route, no match found
[  217.661008][ T9080] netlink: 'syz.2.853': attribute type 10 has an invalid length.
[  217.671795][ T9079] netlink: 'syz.3.851': attribute type 10 has an invalid length.
[  217.819744][ T9083] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  218.492777][ T5846] Bluetooth: hci4: command tx timeout
[  218.752112][ T9002] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  218.793752][ T9002] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  218.835637][ T9092] delete_channel: no stack
[  218.846865][ T9002] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  218.869708][ T9002] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  218.970660][ T9116] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.865'.
[  218.998182][ T9116] netlink: zone id is out of range
[  219.021673][ T9116] netlink: get zone limit has 8 unknown bytes
[  219.303439][ T9120] netlink: 'syz.4.867': attribute type 11 has an invalid length.
[  219.311222][ T9120] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.867'.
[  219.327566][ T9002] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.425965][ T9002] 8021q: adding VLAN 0 to HW filter on device team0
[  219.434669][ T9119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  219.534434][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.541587][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.572262][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.579436][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.663114][ T9002] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  220.322087][ T9002] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.442130][ T9002] veth0_vlan: entered promiscuous mode
[  220.573666][ T5846] Bluetooth: hci4: command tx timeout
[  220.641560][ T9002] veth1_vlan: entered promiscuous mode
[  220.738423][ T9002] veth0_macvtap: entered promiscuous mode
[  220.956947][ T9002] veth1_macvtap: entered promiscuous mode
[  220.996773][ T9002] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.014887][ T9167] delete_channel: no stack
[  221.048716][ T9002] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.090821][ T9002] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.108112][ T9002] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.126034][ T9002] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.152168][ T9002] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.356475][ T9155] delete_channel: no stack
[  221.495621][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.525807][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.638660][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.648773][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.649085][ T9192] netlink: 60 bytes leftover after parsing attributes in process `syz.3.891'.
[  221.743145][ T9186] netlink: 60 bytes leftover after parsing attributes in process `syz.3.891'.
[  221.777329][ T9193] netlink: 60 bytes leftover after parsing attributes in process `syz.3.891'.
[  222.223996][ T9215] netlink: 'syz.3.902': attribute type 10 has an invalid length.
[  222.231789][ T9215] netlink: 40 bytes leftover after parsing attributes in process `syz.3.902'.
[  223.650419][ T9216] netlink: 'syz.3.902': attribute type 10 has an invalid length.
[  223.663379][ T9216] netlink: 168 bytes leftover after parsing attributes in process `syz.3.902'.
[  223.703770][   T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.780414][ T9219] syzkaller0: entered promiscuous mode
[  223.786260][ T9219] syzkaller0: entered allmulticast mode
[  223.811043][   T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.267714][   T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.316329][   T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.399228][   T49] bridge_slave_1: left allmulticast mode
[  224.404926][   T49] bridge_slave_1: left promiscuous mode
[  224.411407][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.420469][   T49] bridge_slave_0: left allmulticast mode
[  224.426284][   T49] bridge_slave_0: left promiscuous mode
[  224.431975][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.660927][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  224.671568][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  224.681190][   T49] bond0 (unregistering): Released all slaves
[  224.896848][ T9225] netlink: 168 bytes leftover after parsing attributes in process `syz.2.905'.
[  225.239704][ T9241] netlink: 'syz.4.911': attribute type 11 has an invalid length.
[  225.247672][ T9241] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.911'.
[  225.270050][ T9240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  225.360119][   T49] hsr_slave_0: left promiscuous mode
[  225.376556][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  225.385116][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  225.385366][   T49] hsr_slave_1: left promiscuous mode
[  225.402103][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  225.415666][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  225.423393][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  225.428626][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  225.460239][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  225.468544][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  225.476148][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  225.496030][   T49] veth1_macvtap: left promiscuous mode
[  225.501611][   T49] veth0_macvtap: left promiscuous mode
[  225.507671][   T49] veth1_vlan: left promiscuous mode
[  225.513170][   T49] veth0_vlan: left promiscuous mode
[  225.689515][ T9256] IPv6: Can't replace route, no match found
[  226.445167][   T49] team0 (unregistering): Port device team_slave_1 removed
[  226.531687][   T49] team0 (unregistering): Port device team_slave_0 removed
[  226.789924][ T9280] netlink: 'syz.3.923': attribute type 10 has an invalid length.
[  227.035204][ T9280] team0: Device ipvlan1 failed to register rx_handler
[  227.166424][ T9285] delete_channel: no stack
[  227.453472][ T5832] Bluetooth: hci4: command tx timeout
[  228.866064][ T9320] netlink: 'syz.3.938': attribute type 21 has an invalid length.
[  228.894314][ T9320] netlink: 156 bytes leftover after parsing attributes in process `syz.3.938'.
[  229.012693][ T9323] netlink: 10 bytes leftover after parsing attributes in process `syz.4.936'.
[  229.198780][ T9246] chnl_net:caif_netlink_parms(): no params data found
[  229.398898][ T9335] IPv6: Can't replace route, no match found
[  229.533049][ T5832] Bluetooth: hci4: command tx timeout
[  229.541131][ T9348] IPv6: Can't replace route, no match found
[  229.655449][ T9350] netlink: 'syz.3.947': attribute type 21 has an invalid length.
[  229.687166][ T9246] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.703138][ T9350] netlink: 'syz.3.947': attribute type 15 has an invalid length.
[  229.725352][ T9246] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.756217][ T9246] bridge_slave_0: entered allmulticast mode
[  229.778465][ T9246] bridge_slave_0: entered promiscuous mode
[  229.787483][ T9246] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.794921][ T9246] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.802154][ T9246] bridge_slave_1: entered allmulticast mode
[  229.811295][ T9246] bridge_slave_1: entered promiscuous mode
[  230.009922][ T9246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.048122][ T9246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  230.182391][ T9372] netlink: 14 bytes leftover after parsing attributes in process `syz.0.955'.
[  230.244557][ T9373] netlink: 'syz.2.953': attribute type 2 has an invalid length.
[  230.286841][ T9373] netlink: 51 bytes leftover after parsing attributes in process `syz.2.953'.
[  230.671234][ T9385] netlink: 'syz.3.959': attribute type 11 has an invalid length.
[  230.681873][ T9385] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.959'.
[  230.697969][ T9384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  230.868077][ T9246] team0: Port device team_slave_0 added
[  230.922299][ T9246] team0: Port device team_slave_1 added
[  231.035970][ T9246] batman_adv: batadv0: Adding interface: batadv_slave_0
[  231.043325][ T9246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.070900][ T9246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  231.084357][ T9246] batman_adv: batadv0: Adding interface: batadv_slave_1
[  231.091338][ T9246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.118859][ T9246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  231.241720][ T9390] netlink: 60 bytes leftover after parsing attributes in process `syz.0.961'.
[  231.288431][ T9390] caif0: entered promiscuous mode
[  231.301680][ T9390] caif0: entered allmulticast mode
[  231.346786][ T9399] syzkaller0: entered promiscuous mode
[  231.352430][ T9399] syzkaller0: entered allmulticast mode
[  231.359555][   T49] syzkaller0: tun_net_xmit 48
[  231.458004][ T9246] hsr_slave_0: entered promiscuous mode
[  231.465349][ T9246] hsr_slave_1: entered promiscuous mode
[  231.471638][ T9246] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  231.479886][ T9246] Cannot create hsr debugfs directory
[  231.492120][ T9400] syzkaller0: tun_chr_ioctl cmd 2147767520
[  231.612698][ T5832] Bluetooth: hci4: command tx timeout
[  231.715398][ T5832] Bluetooth: hci3: unexpected event 0x16 length: 15 > 6
[  232.053951][ T9415] netlink: 'syz.2.969': attribute type 21 has an invalid length.
[  232.427201][ T9421] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.972'.
[  233.661389][ T9445] syzkaller0: entered promiscuous mode
[  233.669342][ T9445] syzkaller0: entered allmulticast mode
[  233.679210][ T6042] syzkaller0: tun_net_xmit 48
[  233.692815][ T5832] Bluetooth: hci4: command tx timeout
[  233.709040][ T9445] syzkaller0: tun_chr_ioctl cmd 2147767520
[  235.697307][ T9246] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  235.727606][ T9246] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  235.760108][ T9246] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  235.821187][ T9246] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  235.881303][ T9486] netlink: 'syz.2.994': attribute type 11 has an invalid length.
[  235.889558][ T9486] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.994'.
[  235.932808][ T9479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  236.234448][ T9246] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.350646][ T9246] 8021q: adding VLAN 0 to HW filter on device team0
[  236.404921][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.412363][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.422638][ T9497] netlink: 168 bytes leftover after parsing attributes in process `syz.2.997'.
[  236.484736][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.492235][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.832121][ T9502] netlink: 'syz.3.999': attribute type 21 has an invalid length.
[  236.931570][ T9501] delete_channel: no stack
[  237.172919][ T9517] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1005'.
[  237.182184][ T9517] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  237.202802][ T9520] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1005'.
[  237.220133][ T9520] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  237.263382][ T9246] 8021q: adding VLAN 0 to HW filter on device batadv0
[  237.361331][ T9524] netlink: 'syz.0.1006': attribute type 10 has an invalid length.
[  237.384713][ T9246] veth0_vlan: entered promiscuous mode
[  237.433826][ T9246] veth1_vlan: entered promiscuous mode
[  237.480200][ T9529] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  237.508895][ T9246] veth0_macvtap: entered promiscuous mode
[  237.522074][ T9246] veth1_macvtap: entered promiscuous mode
[  237.628529][ T9532] netlink: 'syz.4.1009': attribute type 21 has an invalid length.
[  237.636892][ T9532] netlink: 'syz.4.1009': attribute type 4 has an invalid length.
[  237.650223][ T9246] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.676091][ T9246] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.680474][ T9532] netlink: 'syz.4.1009': attribute type 21 has an invalid length.
[  237.688672][ T9246] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.701734][ T9246] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.722151][ T9246] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.726438][ T9532] netlink: 'syz.4.1009': attribute type 4 has an invalid length.
[  237.731521][ T9246] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.862839][ T9510] delete_channel: no stack
[  237.983970][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.002013][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.074780][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.084482][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.102036][ T9543] netlink: 'syz.3.1013': attribute type 10 has an invalid length.
[  238.209668][ T9546] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  238.348489][ T9552] netlink: 'syz.0.1016': attribute type 10 has an invalid length.
[  238.389930][ T9552] team0: Device geneve1 is up. Set it down before adding it as a team port
[  238.638621][ T9565] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1023'.
[  238.720593][ T9565] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.1023'.
[  238.758781][ T9565] netlink: 54775 bytes leftover after parsing attributes in process `syz.4.1023'.
[  238.940294][   T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.516179][   T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.625024][ T9570] delete_channel: no stack
[  239.905500][   T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.034305][   T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.115315][   T65] bridge_slave_1: left allmulticast mode
[  240.120959][   T65] bridge_slave_1: left promiscuous mode
[  240.126968][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.135674][   T65] bridge_slave_0: left allmulticast mode
[  240.141302][   T65] bridge_slave_0: left promiscuous mode
[  240.147161][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.284050][ T9583] netlink: 'syz.2.1028': attribute type 11 has an invalid length.
[  240.318315][ T9583] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1028'.
[  240.354578][ T9580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  240.405661][ T9589] IPv6: Can't replace route, no match found
[  240.634782][ T9601] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1034'.
[  240.771534][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  240.780528][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  240.794198][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  240.801572][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  240.811743][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  240.820431][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  240.821640][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  240.849318][   T65] bond0 (unregistering): Released all slaves
[  241.122812][ T9614] netlink: 'syz.4.1038': attribute type 2 has an invalid length.
[  241.141360][ T9614] netlink: 'syz.4.1038': attribute type 8 has an invalid length.
[  241.150260][ T9614] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1038'.
[  241.647693][   T65] hsr_slave_0: left promiscuous mode
[  241.683089][   T65] hsr_slave_1: left promiscuous mode
[  241.695227][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  241.719846][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  241.747824][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  241.778212][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  241.854242][   T65] veth1_macvtap: left promiscuous mode
[  241.865982][   T65] veth0_macvtap: left promiscuous mode
[  241.871655][   T65] veth1_vlan: left promiscuous mode
[  241.893857][   T65] veth0_vlan: left promiscuous mode
[  241.953798][ T9609] delete_channel: no stack
[  242.566311][   T65] team0 (unregistering): Port device team_slave_1 removed
[  242.598090][   T65] team0 (unregistering): Port device team_slave_0 removed
[  242.641031][ T9657] IPv6: Can't replace route, no match found
[  242.896132][ T5846] Bluetooth: hci4: command tx timeout
[  242.955228][ T9640] validate_nla: 1 callbacks suppressed
[  242.955245][ T9640] netlink: 'syz.4.1048': attribute type 1 has an invalid length.
[  242.972616][ T9640] netlink: 16098 bytes leftover after parsing attributes in process `syz.4.1048'.
[  243.012000][ T9603] chnl_net:caif_netlink_parms(): no params data found
[  243.246787][ T9603] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.254730][ T9603] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.267454][ T9603] bridge_slave_0: entered allmulticast mode
[  243.278731][ T9603] bridge_slave_0: entered promiscuous mode
[  243.299021][ T9603] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.318917][ T9603] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.333565][ T9603] bridge_slave_1: entered allmulticast mode
[  243.341265][ T9603] bridge_slave_1: entered promiscuous mode
[  243.483939][ T9603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.526139][ T9603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.665122][ T9603] team0: Port device team_slave_0 added
[  243.687217][ T9676] netlink: 'syz.2.1061': attribute type 39 has an invalid length.
[  243.827250][ T9603] team0: Port device team_slave_1 added
[  243.951300][ T9686] netlink: 'syz.4.1065': attribute type 21 has an invalid length.
[  244.106607][ T9603] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.115089][ T9603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.162181][ T9603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.196756][ T9603] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.212539][ T9603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.250837][ T9603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.309686][ T9700] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.1069'.
[  244.321265][ T9700] netlink: 2451 bytes leftover after parsing attributes in process `syz.0.1069'.
[  244.355966][ T9603] hsr_slave_0: entered promiscuous mode
[  244.363603][ T9603] hsr_slave_1: entered promiscuous mode
[  244.369984][ T9603] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  244.378219][ T9603] Cannot create hsr debugfs directory
[  244.417134][ T9708] netlink: 'syz.3.1071': attribute type 10 has an invalid length.
[  244.554038][ T9708] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  244.562100][ T9714] netlink: 'syz.4.1075': attribute type 11 has an invalid length.
[  244.610781][ T9714] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1075'.
[  244.668194][ T9713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  244.972971][ T5846] Bluetooth: hci4: command tx timeout
[  245.041840][ T9603] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  245.055891][ T9603] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  245.070000][ T9603] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  245.095216][ T9603] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  245.226014][ T9748] netlink: 'syz.2.1085': attribute type 39 has an invalid length.
[  245.284532][ T9603] 8021q: adding VLAN 0 to HW filter on device bond0
[  245.325980][ T9603] 8021q: adding VLAN 0 to HW filter on device team0
[  245.352165][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.359360][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  245.375705][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.382894][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  245.439987][ T9758] : renamed from bond0 (while UP)
[  246.088331][ T9603] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.166772][ T9751] delete_channel: no stack
[  246.240313][ T9603] veth0_vlan: entered promiscuous mode
[  246.276800][ T9603] veth1_vlan: entered promiscuous mode
[  246.299671][ T9779] netlink: 'syz.0.1097': attribute type 2 has an invalid length.
[  246.308036][ T9779] netlink: 'syz.0.1097': attribute type 8 has an invalid length.
[  246.310446][ T9603] veth0_macvtap: entered promiscuous mode
[  246.321630][ T9779] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1097'.
[  246.369162][ T9603] veth1_macvtap: entered promiscuous mode
[  246.421525][ T9603] batman_adv: batadv0: Interface activated: batadv_slave_0
[  246.463743][ T9603] batman_adv: batadv0: Interface activated: batadv_slave_1
[  246.496729][ T9603] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  246.562628][ T9603] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  246.571358][ T9603] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  246.601254][ T9603] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  246.917142][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.939954][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.053281][ T5846] Bluetooth: hci4: command tx timeout
[  247.098546][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.114712][ T9809] IPv6: Can't replace route, no match found
[  247.157016][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  248.277425][ T9839] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  248.285635][ T9839] batman_adv: batadv0: Removing interface: batadv_slave_0
[  248.295952][ T9839] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  248.304736][ T9839] batman_adv: batadv0: Removing interface: batadv_slave_1
[  248.400960][ T9820] delete_channel: no stack
[  248.836792][ T9848] netlink: 'syz.3.1122': attribute type 11 has an invalid length.
[  248.918378][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.665078][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.738403][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.816606][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.917030][   T36] bridge_slave_1: left allmulticast mode
[  249.922876][   T36] bridge_slave_1: left promiscuous mode
[  249.928656][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.937681][   T36] bridge_slave_0: left allmulticast mode
[  249.943533][   T36] bridge_slave_0: left promiscuous mode
[  249.949262][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.186097][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  250.196744][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  250.210175][   T36] bond0 (unregistering): Released all slaves
[  250.366231][ T9858] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1126'.
[  250.404518][ T9854] netlink: 54775 bytes leftover after parsing attributes in process `syz.3.1125'.
[  250.435839][ T9858] hsr_slave_0: left promiscuous mode
[  250.482614][ T9858] hsr_slave_1: left promiscuous mode
[  250.808917][   T36] hsr_slave_0: left promiscuous mode
[  250.832312][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  250.843394][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  250.851596][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  250.858847][   T36] hsr_slave_1: left promiscuous mode
[  250.871595][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  250.880901][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  250.909760][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  250.952789][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.974738][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.999900][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.078050][   T36] veth1_macvtap: left promiscuous mode
[  251.087092][   T36] veth0_macvtap: left promiscuous mode
[  251.103043][   T36] veth1_vlan: left promiscuous mode
[  251.115528][   T36] veth0_vlan: left promiscuous mode
[  251.819645][ T9897] netlink: 'syz.3.1140': attribute type 10 has an invalid length.
[  251.997345][ T9903] netlink: 'syz.4.1142': attribute type 2 has an invalid length.
[  252.471275][   T36] team0 (unregistering): Port device team_slave_1 removed
[  252.507231][   T36] team0 (unregistering): Port device team_slave_0 removed
[  252.817173][ T9897] veth0_vlan: left promiscuous mode
[  252.827363][ T9897] veth0_vlan: entered promiscuous mode
[  252.837359][ T9897] team0: Device veth0_vlan failed to register rx_handler
[  252.972827][ T5832] Bluetooth: hci4: command tx timeout
[  253.263030][ T9929] IPv6: Can't replace route, no match found
[  253.408447][ T9927] IPv6: Can't replace route, no match found
[  253.993232][ T9877] chnl_net:caif_netlink_parms(): no params data found
[  254.484414][ T9877] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.512727][ T9877] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.520232][ T9877] bridge_slave_0: entered allmulticast mode
[  254.551636][ T9877] bridge_slave_0: entered promiscuous mode
[  254.586504][ T9877] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.618071][ T9877] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.638958][ T9877] bridge_slave_1: entered allmulticast mode
[  254.660247][ T9877] bridge_slave_1: entered promiscuous mode
[  254.724090][ T9961] syzkaller0: entered promiscuous mode
[  254.730598][ T9961] syzkaller0: entered allmulticast mode
[  254.895101][ T2986] syzkaller0: tun_net_xmit 48
[  254.955612][ T9943] delete_channel: no stack
[  255.052963][ T5832] Bluetooth: hci4: command tx timeout
[  255.619171][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.625925][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  256.315463][ T9877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  256.330032][ T9877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.443587][ T9877] team0: Port device team_slave_0 added
[  256.460191][ T9877] team0: Port device team_slave_1 added
[  256.534859][ T9877] batman_adv: batadv0: Adding interface: batadv_slave_0
[  256.541871][ T9877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.584225][ T9877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  256.603015][ T9877] batman_adv: batadv0: Adding interface: batadv_slave_1
[  256.620222][ T9877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.651036][ T9877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  256.816128][ T9877] hsr_slave_0: entered promiscuous mode
[  256.833097][ T9877] hsr_slave_1: entered promiscuous mode
[  256.839362][ T9877] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  256.847302][ T9877] Cannot create hsr debugfs directory
[  256.856856][T10021] sctp: [Deprecated]: syz.0.1180 (pid 10021) Use of int in max_burst socket option deprecated.
[  256.856856][T10021] Use struct sctp_assoc_value instead
[  256.887891][T10020] sctp: [Deprecated]: syz.0.1180 (pid 10020) Use of int in max_burst socket option deprecated.
[  256.887891][T10020] Use struct sctp_assoc_value instead
[  257.142642][ T5832] Bluetooth: hci4: command tx timeout
[  257.194076][T10032] syzkaller0: entered promiscuous mode
[  257.199771][T10032] syzkaller0: entered allmulticast mode
[  257.255739][   T65] syzkaller0: tun_net_xmit 48
[  257.343653][T10029] syzkaller0: entered promiscuous mode
[  257.349314][T10029] syzkaller0: entered allmulticast mode
[  257.362860][T10032] syzkaller0: tun_net_xmit 1280
[  257.370844][T10032] syzkaller0: create flow: hash 2294076624 index 1
[  257.396407][   T36] syzkaller0: tun_net_xmit 48
[  257.489115][T10031] syzkaller0: delete flow: hash 2294076624 index 1
[  257.654936][T10015] delete_channel: no stack
[  258.728510][T10029] syzkaller0: tun_chr_ioctl cmd 2147767520
[  259.213642][ T5832] Bluetooth: hci4: command tx timeout
[  260.197029][ T9877] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  260.211017][ T9877] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  260.236975][ T9877] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  260.266110][ T9877] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  260.519723][ T9877] 8021q: adding VLAN 0 to HW filter on device bond0
[  260.799287][ T9877] 8021q: adding VLAN 0 to HW filter on device team0
[  260.859392][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.866607][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  260.925331][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.932549][ T6042] bridge0: port 2(bridge_slave_1) entered forwarding state
[  261.148589][T10098] netlink: 'syz.3.1205': attribute type 10 has an invalid length.
[  261.197366][T10098] team0: Device geneve1 is up. Set it down before adding it as a team port
[  261.207909][T10069] delete_channel: no stack
[  261.328970][T10107] veth1_macvtap: left promiscuous mode
[  261.334767][T10107] macsec0: entered promiscuous mode
[  261.345477][T10107] veth1_macvtap: entered promiscuous mode
[  261.351609][T10107] macsec0: entered allmulticast mode
[  261.357130][T10107] veth1_macvtap: entered allmulticast mode
[  261.533922][ T9877] 8021q: adding VLAN 0 to HW filter on device batadv0
[  261.665531][ T9877] veth0_vlan: entered promiscuous mode
[  261.695406][ T9877] veth1_vlan: entered promiscuous mode
[  261.748298][ T9877] veth0_macvtap: entered promiscuous mode
[  261.762313][ T9877] veth1_macvtap: entered promiscuous mode
[  261.816579][ T9877] batman_adv: batadv0: Interface activated: batadv_slave_0
[  261.846743][ T9877] batman_adv: batadv0: Interface activated: batadv_slave_1
[  261.872398][ T9877] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  261.886340][ T9877] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  261.896364][ T9877] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  261.912228][ T9877] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.940545][T10122] netlink: 'syz.4.1214': attribute type 11 has an invalid length.
[  262.206886][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.242048][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  262.335530][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.358169][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.448741][T10144] delete_channel: no stack
[  263.649527][ T6042] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.171030][ T6042] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.466790][ T6042] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.545807][ T6042] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.607923][ T6042] bridge_slave_1: left allmulticast mode
[  264.613722][ T6042] bridge_slave_1: left promiscuous mode
[  264.619373][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.629567][ T6042] bridge_slave_0: left allmulticast mode
[  264.635563][ T6042] bridge_slave_0: left promiscuous mode
[  264.641338][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.886406][ T6042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  264.897824][ T6042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.907510][ T6042] bond0 (unregistering): Released all slaves
[  265.136735][ T6042] hsr_slave_0: left promiscuous mode
[  265.143471][ T6042] hsr_slave_1: left promiscuous mode
[  265.149249][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  265.156890][ T6042] batman_adv: batadv0: Removing interface: batadv_slave_0
[  265.165397][ T6042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  265.174686][ T6042] batman_adv: batadv0: Removing interface: batadv_slave_1
[  265.190962][ T6042] veth1_macvtap: left promiscuous mode
[  265.196722][ T6042] veth0_macvtap: left promiscuous mode
[  265.202307][ T6042] veth1_vlan: left promiscuous mode
[  265.207650][ T6042] veth0_vlan: left promiscuous mode
[  265.584437][T10175] FAULT_INJECTION: forcing a failure.
[  265.584437][T10175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.599075][ T6042] team0 (unregistering): Port device team_slave_1 removed
[  265.633075][T10175] CPU: 1 UID: 0 PID: 10175 Comm: syz.4.1234 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  265.633101][T10175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.633124][T10175] Call Trace:
[  265.633132][T10175]  <TASK>
[  265.633140][T10175]  dump_stack_lvl+0x189/0x250
[  265.633172][T10175]  ? __pfx____ratelimit+0x10/0x10
[  265.633190][T10175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.633215][T10175]  ? __pfx__printk+0x10/0x10
[  265.633235][T10175]  ? __might_fault+0xb0/0x130
[  265.633258][T10175]  ? __might_fault+0xb0/0x130
[  265.633283][T10175]  should_fail_ex+0x414/0x560
[  265.633313][T10175]  _copy_from_user+0x2d/0xb0
[  265.633334][T10175]  __sys_bpf+0x1ed/0x860
[  265.633365][T10175]  ? __pfx___sys_bpf+0x10/0x10
[  265.633404][T10175]  ? ksys_write+0x22a/0x250
[  265.633425][T10175]  ? __pfx_ksys_write+0x10/0x10
[  265.633441][T10175]  ? rcu_is_watching+0x15/0xb0
[  265.633475][T10175]  __x64_sys_bpf+0x7c/0x90
[  265.633497][T10175]  do_syscall_64+0xfa/0x3b0
[  265.633513][T10175]  ? lockdep_hardirqs_on+0x9c/0x150
[  265.633530][T10175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.633547][T10175]  ? clear_bhb_loop+0x60/0xb0
[  265.633569][T10175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.633586][T10175] RIP: 0033:0x7fada078e929
[  265.633601][T10175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.633616][T10175] RSP: 002b:00007fada16ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  265.633635][T10175] RAX: ffffffffffffffda RBX: 00007fada09b5fa0 RCX: 00007fada078e929
[  265.633648][T10175] RDX: 0000000000000094 RSI: 00002000000009c0 RDI: 0000000000000005
[  265.633660][T10175] RBP: 00007fada16ab090 R08: 0000000000000000 R09: 0000000000000000
[  265.633671][T10175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.633682][T10175] R13: 0000000000000000 R14: 00007fada09b5fa0 R15: 00007fff9ec70738
[  265.633714][T10175]  </TASK>
[  265.853205][ T2986] wlan1: Trigger new scan to find an IBSS to join
[  265.859700][ T2986] ------------[ cut here ]------------
[  265.865196][ T2986] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1223:5
[  265.872952][ T2986] index 1 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
[  265.886628][ T2986] CPU: 1 UID: 0 PID: 2986 Comm: kworker/u8:5 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  265.886650][ T2986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.886662][ T2986] Workqueue: events_unbound cfg80211_wiphy_work
[  265.886688][ T2986] Call Trace:
[  265.886695][ T2986]  <TASK>
[  265.886703][ T2986]  dump_stack_lvl+0x189/0x250
[  265.886736][ T2986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.886761][ T2986]  ? __pfx__printk+0x10/0x10
[  265.886797][ T2986]  ubsan_epilogue+0xa/0x40
[  265.886816][ T2986]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  265.886844][ T2986]  ieee80211_request_ibss_scan+0x600/0x8b0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  265.886873][ T2986]  ieee80211_ibss_work+0xde7/0x1060
[  265.886894][ T2986]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  265.886917][ T2986]  ? ieee80211_iface_work+0xf39/0xfe0
[  265.886928][ T2986]  ? rcu_is_watching+0x15/0xb0
[  265.886947][ T2986]  cfg80211_wiphy_work+0x2df/0x460
[  265.886958][ T2986]  ? process_scheduled_works+0x9ef/0x17b0
[  265.886974][ T2986]  process_scheduled_works+0xae1/0x17b0
[  265.887008][ T2986]  ? __pfx_process_scheduled_works+0x10/0x10
[  265.887033][ T2986]  worker_thread+0x8a0/0xda0
[  265.887049][ T2986]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  265.887070][ T2986]  ? __kthread_parkme+0x7b/0x200
[  265.887086][ T2986]  kthread+0x70e/0x8a0
[  265.887099][ T2986]  ? __pfx_worker_thread+0x10/0x10
[  265.887112][ T2986]  ? __pfx_kthread+0x10/0x10
[  265.887124][ T2986]  ? _raw_spin_unlock_irq+0x23/0x50
[  265.887138][ T2986]  ? lockdep_hardirqs_on+0x9c/0x150
[  265.887146][ T2986]  ? __pfx_kthread+0x10/0x10
[  265.887157][ T2986]  ret_from_fork+0x3fc/0x770
[  265.887173][ T2986]  ? __pfx_ret_from_fork+0x10/0x10
[  265.887190][ T2986]  ? __switch_to_asm+0x39/0x70
[  265.887199][ T2986]  ? __switch_to_asm+0x33/0x70
[  265.887207][ T2986]  ? __pfx_kthread+0x10/0x10
[  265.887219][ T2986]  ret_from_fork_asm+0x1a/0x30
[  265.887239][ T2986]  </TASK>
[  265.887243][ T2986] ---[ end trace ]---
[  266.162569][ T2986] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  266.169814][ T2986] CPU: 1 UID: 0 PID: 2986 Comm: kworker/u8:5 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) 
[  266.181455][ T2986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.191521][ T2986] Workqueue: events_unbound cfg80211_wiphy_work
[  266.197790][ T2986] Call Trace:
[  266.201087][ T2986]  <TASK>
[  266.204026][ T2986]  dump_stack_lvl+0x99/0x250
[  266.208640][ T2986]  ? __asan_memcpy+0x40/0x70
[  266.213251][ T2986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.218458][ T2986]  ? __pfx__printk+0x10/0x10
[  266.223055][ T2986]  panic+0x2db/0x790
[  266.226953][ T2986]  ? __pfx_panic+0x10/0x10
[  266.231365][ T2986]  ? _printk+0xcf/0x120
[  266.235518][ T2986]  ? __pfx__printk+0x10/0x10
[  266.240111][ T2986]  check_panic_on_warn+0x89/0xb0
[  266.245046][ T2986]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  266.250762][ T2986]  ieee80211_request_ibss_scan+0x600/0x8b0
[  266.256581][ T2986]  ieee80211_ibss_work+0xde7/0x1060
[  266.261786][ T2986]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  266.267427][ T2986]  ? ieee80211_iface_work+0xf39/0xfe0
[  266.272790][ T2986]  ? rcu_is_watching+0x15/0xb0
[  266.277556][ T2986]  cfg80211_wiphy_work+0x2df/0x460
[  266.282663][ T2986]  ? process_scheduled_works+0x9ef/0x17b0
[  266.288382][ T2986]  process_scheduled_works+0xae1/0x17b0
[  266.293955][ T2986]  ? __pfx_process_scheduled_works+0x10/0x10
[  266.299952][ T2986]  worker_thread+0x8a0/0xda0
[  266.304547][ T2986]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  266.310883][ T2986]  ? __kthread_parkme+0x7b/0x200
[  266.315820][ T2986]  kthread+0x70e/0x8a0
[  266.319885][ T2986]  ? __pfx_worker_thread+0x10/0x10
[  266.324991][ T2986]  ? __pfx_kthread+0x10/0x10
[  266.329573][ T2986]  ? _raw_spin_unlock_irq+0x23/0x50
[  266.334768][ T2986]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.339954][ T2986]  ? __pfx_kthread+0x10/0x10
[  266.344536][ T2986]  ret_from_fork+0x3fc/0x770
[  266.349128][ T2986]  ? __pfx_ret_from_fork+0x10/0x10
[  266.354241][ T2986]  ? __switch_to_asm+0x39/0x70
[  266.359002][ T2986]  ? __switch_to_asm+0x33/0x70
[  266.363758][ T2986]  ? __pfx_kthread+0x10/0x10
[  266.368341][ T2986]  ret_from_fork_asm+0x1a/0x30
[  266.373112][ T2986]  </TASK>
[  266.376361][ T2986] Kernel Offset: disabled
[  266.380718][ T2986] Rebooting in 86400 seconds..