last executing test programs:

3.371278685s ago: executing program 4 (id=4899):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0x52d35ce30131f272})
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_config_ext={0x9}, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x16, 0x8, 0x2}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r5, &(0x7f00000001c0), 0x0}, 0x23)
socket$kcm(0x11, 0xa, 0x300)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @local}, 0x80, 0x0}, 0xb80b)
r6 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r6, 0x29, 0x21, &(0x7f0000000100), 0x120)
gettid()
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r1}, &(0x7f0000000640), &(0x7f0000000900)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000100), &(0x7f0000000140)=r2}, 0x20)
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xb)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000110000000800000000000000000000003000000000100000002", @ANYRESOCT=r0, @ANYRES32=r0], 0x0, 0x4e, 0x0, 0x2, 0x0, 0x10000}, 0x28)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x7400}, 0x40000)

3.019719905s ago: executing program 4 (id=4906):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu&\t\t')

2.867351244s ago: executing program 4 (id=4911):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x19300}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x40080, 0x0)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1)
r2 = socket$kcm(0xa, 0x5, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x0, r3}, 0x48)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, &(0x7f0000000000)={r2})
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r2})

2.523946983s ago: executing program 4 (id=4914):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000300)=[{0x0}, {&(0x7f00000000c0)="9f0da3278a6dd8b6f0536fc6638b0f3324ac93119f947fd7be3a3ad26b2d4cccd2e11f99d9ed91a7a2861e758037caa0396cb0db22390d0bb17233429fa446f965b3c49dfaa47f133d07f96f63", 0x4d}], 0x2, &(0x7f0000000a00)}, 0x0)
gettid()
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r1, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="33fe00004a00530c8e5eb88edc5a9c0e0a"], 0xfe33)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f00000001c0)={[{0x2d, 'cpu'}]}, 0x5)
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)

2.018213063s ago: executing program 4 (id=4917):
r0 = socket$kcm(0x22, 0x2, 0x21)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0)
r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d71, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0xa, 0x3, 0x3a)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r2})
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x6, 0x2, &(0x7f0000000c80)=ANY=[@ANYRES8=r1], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xb90, 0x0, &(0x7f0000000040)="8883956359d631539169aa77e133", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x2}, 0x50)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800"/16], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r6, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="180200d20ec89f3100000000efffffff850000002700000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300003f000000850000007b00000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r7, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000940)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x4, '\x00', r7, 0xffffffffffffffff, 0x3}, 0x50)
r9 = socket$kcm(0x1e, 0x1, 0x0)
sendmsg$kcm(r9, &(0x7f0000000540)={&(0x7f0000000280)=@in6={0xa, 0x4e20, 0x3, @empty, 0xff}, 0x80, 0x0}, 0x80)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r11 = bpf$ITER_CREATE(0x21, &(0x7f0000000a00), 0x8)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x1c, 0x4, 0x8, 0xf1, 0x60, r8, 0x11, '\x00', r7, 0xffffffffffffffff, 0x2, 0x5, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0x2, &(0x7f00000000c0)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x3}], &(0x7f00000009c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a40)={0x0, 0x5, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000b00)=[r8, r8, r8, r8, r8, r8, r12], &(0x7f0000000b40)=[{0x5, 0x2, 0xe, 0x2}, {0x2, 0x1, 0xf, 0xe}, {0x3, 0x38000000, 0xf, 0x7}, {0x1, 0x2, 0x0, 0x3}, {0x2, 0x3, 0x3, 0xb}, {0x5, 0x3, 0x10, 0x7}], 0x10, 0x1b00}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r13 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
close(r13)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r10, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
recvmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000180)=""/18, 0x12}, {&(0x7f0000000340)=""/127, 0x7f}, {0x0}, {&(0x7f0000000600)=""/176, 0xb0}, {&(0x7f00000006c0)=""/73, 0x49}, {&(0x7f0000000740)=""/164, 0xa4}], 0x6, &(0x7f0000000880)=""/175, 0xaf}, 0x10000)
sendmsg$kcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bd6efb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x0)

1.90494987s ago: executing program 1 (id=4918):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0x52d35ce30131f272})
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_config_ext={0x9}, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x16, 0x8, 0x2}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r5, &(0x7f00000001c0), 0x0}, 0x23)
socket$kcm(0x11, 0xa, 0x300)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @local}, 0x80, 0x0}, 0xb80b)
r6 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r6, 0x29, 0x21, &(0x7f0000000100), 0x120)
gettid()
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r1}, &(0x7f0000000640), &(0x7f0000000900)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000100), &(0x7f0000000140)=r2}, 0x20)
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xb)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000110000000800000000000000000000003000000000100000002", @ANYRESOCT=r0, @ANYRES32=r0], 0x0, 0x4e, 0x0, 0x2, 0x0, 0x10000}, 0x28)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x7400}, 0x40000)

1.537221501s ago: executing program 4 (id=4925):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1097f59b, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x8}, 0x50)

1.463926085s ago: executing program 1 (id=4926):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffc}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0))
socket$kcm(0x2, 0x1000000000000002, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x62, 0x0, &(0x7f0000000000)="e02742e8680d85ff9782762f86dd3f8a45e2318273ad90cb7ab9d0f477f5b43ac4ed2618bce6808e000000435024e1ff76b534e444fea2834c6c510d6aeb9ab347165756607916af436c42110bb30983c62b09ef27a9d6ff4c24f5d2cfc1067fb204", 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="364000001a00913a"], 0x82d7)
recvmsg(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r2 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2408, 0xca, 0x0, 0x4, 0x8}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
close(0xffffffffffffffff)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES64], 0x2)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000fe, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000100000080"], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000040)='GPL\x00', 0x1, 0x9f, &(0x7f00000001c0)=""/159, 0x0, 0x0, '\x00', r5}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000016c0)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000080000000200000b0000000c02000000000000000000000d0000000000005f5f612e30"], 0x0, 0x38}, 0x28)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r6, <r7=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000200)='%-010d \x00'}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000018c0)=@bpf_ext={0x1c, 0xe, &(0x7f0000001980)=ANY=[@ANYBLOB="18000000050000000000000001800000852000000400000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000185600000000000000000000000000009500000000000000f895f7aa4d76c615700300f4b50b4a7c678adc41fd89199412a1f5674fe8485a9950031816"], &(0x7f0000001740)='GPL\x00', 0x1, 0xff4, &(0x7f0000004000)=""/4084, 0x40f00, 0x60, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001780)={0x8, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x366d, r2, 0x4, &(0x7f0000001840)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3, r7, r7, r7], &(0x7f0000001880)=[{0x1, 0x4, 0x4, 0x9}, {0x0, 0x4, 0xd, 0x8}, {0x3, 0x2, 0x0, 0x1}, {0x4, 0x4, 0x4, 0x5}], 0x10, 0x6}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x10, 0x14, &(0x7f0000001580)=ANY=[@ANYBLOB="b57d000003000000000495026306ed92d6310000180686690b28e464ad8d88aa7d03b5ce4f6ca44eddd09b9649099d45d6f65e65e8dbbc0b289e6f67cd0c8a036d8ebd3e521b21f4fe2ad3a839f2d69f18a7976fb0174f1f07c6c93781409a9aa1d7c5870c850b2b8273d769d951c87826a5798e", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000186300000a0000000000000001000100186500000a00000000000000070000008520000005000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x4, 0x38, &(0x7f0000001680)=""/56, 0x61900, 0x11, '\x00', r5, @sk_msg=0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x0, &(0x7f0000001400)=[{0x3, 0x1, 0xd, 0xa}, {0x3, 0x1, 0x10, 0x6}, {0x5, 0x5, 0x10, 0xa}, {0x5, 0x2, 0x2, 0xb}, {0x4, 0x4, 0x1, 0x4}, {0x4, 0x1, 0x1, 0x9}, {0x5, 0x1, 0xa, 0x9}, {0x4, 0x3, 0x1}, {0x2, 0x1, 0x3, 0x1}, {0x0, 0x2, 0xf, 0xb}], 0x10, 0xf}, 0x94)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x41, 0x1}, 0x2}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)="27677de6dd9c02ff8950f2dde2370a82695e8715f0b65f6af234d61840f9e72172a73878b29cad0fb9158c33f2f84b9ea17370bf8767715005c17f24d99011c6cc8d07abad63333df974aec9ec8e61a01666caa3ec84b133abca5d6c354a75d1d3d110ad3def61e5c851fad6a4069079bf7e9180603fbaccc7eaffdcf21d90ec3097c3c3d2fdbceae37ae138ba6d67b714d74083af3173f0c9a73108afaaa108d3740b268654bb82bacd94d4d6f64fd2fb548ba92600d3f50314dbdec82280b51461e7226e9ee4b09a615dfe562a6adabda6ce92ca0769feea084e76ffccef966a7f1e5fb02450c82debbf50841d538c7506116f560e8169d3712d71031fee850b6ab6b32128c8602115d31ddb06c03dff0eb8b87031c3537a638e5feb88043f5b3629e31a94fd94271c7567108ff4e81a30b6b2fcaacca1ab197f7bd1c52b0ecea0d5728946b5a8f1e9aa130d50123fd8b35912286bd6d54dcde482279e8530c5bad63c2fda9ef33b021d90fc04f680ec45bb3eee8483f9f75427c734b2fc8f62857f4618673592a10b64e9d08d59303f95e51499ad4c4908b5f0947ee33f62f5ddff3033d3e5ce188f906e10099c8ab0ed331d2a26ed327e20b428a34a66c00d4883c6c3830d2b231ea9fcf3743a229eaa58ab4d7916706177e5967ac5fea9403a97c77441f022a9386a9711817d5165c3eab30581da7f89c6d5edb54e6cc2044e68b5f5501b0afa7a17915665ea3d20ec0b0328c3c14e3d07e291f14742f47ce8200139da3d661f57f9d15b00017a10da804413a4c476acf72d3155536531faca98778d10672ce12df4d78e03525c3dadd7caac8cb86bb9f32179f7c40a3aa7559a37af2a6a5f263fabc6ba3220ee8e4dd0c6f38e449128111a5d89e326692724be6dda9b933d0f84871abf80519e03d34506ae8ab83b5420303e79e25326bd47409378ccea45bdb77fdc23e08456c8c081ecb4e407919876fbc6b885da705cc09b700d8b0cb68378f6582f34c4263e9fc8e3067d50d51522fa9c1983606ab9616d2aa80963faea42b0a004e27c138180be46f9e831b9cadb401a41b28951c571e97008c104954c1e9bace40520681690f88fb6c9461e1ed659dfb3d61bfe9f070f7aa10c745caf9a0639bb5c22ff9a4a7bea09a3d8276f6dcef89e4a966bf92e3a3168636df2626b47b14fa9dfdb380c39ee860f7a3a9d0e9ff8f67d885dc6f360f8f274ecd9808c10fc7fb80209485f0d0b68727ee5c3b49f974fbe717c25b830eb5af0236bad9e782bed7ecc4199ddd7ba18a63d3e568fff58e0eb8f1f3ed845ce4d6333aa25fe343d8e8b222bda165969ff4ea23813a23aa77aa8114a109efcb0c753d84293b506f7cbaf06c7b517fe89f59185030aab402b0b2cc426acbde6e14b3c0ff1e07a0bca2973b3a0009f7606d8f4526cafdad72f84434472f181b0f21adeb64a485b495023dd3d393ff88e1496f5f382b601463ff74bc52eb09a57bb12c3f4693cc8d34c53edf8baa8f7b25cf3b87cd5d4953181feba06623a3212f02bf9c6815fda05e0791c9bfc2fe3e13fb243e3f7b83859fdffbc6be42aa1c22f3fa11a75b4b49ff65de1baa84ad1f788bcb4c229e1631e0144c2ac7ef2686147e5a5d99d3dbc86fa9750398156a6fd44901f66d062dbd0ce7e53afc70b325565cb7fd31e6c4b668e5c3247cccc15a2f15a05ceec9d46782c0299c6c981744e08946aaec878be69f4d99b97a097e164ef3e0be40153ae138fdbf2182dec7485d92588cf958892c5ffab5ccac8faf1c4946b0477631210b885ad7c9971e74133eed2c23a0f242fb7fa0f08990d32726e65d6216f4ec0442102d6fe4d99fada699ca0a3ac77fbad597573bb7104cd797e5d3863990a8b3764ecd0b457b21c16215b6556b26718843635647bce87e3f8790cd85cb3915da0f44693036d606d1954e901b6d9301554e43d0220248275223078f885c0394b0d9452cd79e059b0594b9995301072c4e89cda5e66c147c96e536aebbdcd490b0cb524452ebc32af90d765a7fd11c83ca98c1f775e2fe7d44420db7445b9702d0c435c0be5900dc02d0e956646de4f79ad43f8e405a30e288f7fb67b1250717d1755b8b34a17bc59c8ccbfe06276929fccd9000ea833b20bc42f9d7f62c7262487eba5ea3a7c09a040bf11f79eae9d62464e4711cfa8738840aa323c74fb4db25ed632a32153aaab2e2235b9af630304c63cedb1dcc603b1f9645e2e26a6b6223bd965a138e21dc1b35aca9a4854798497028d6083545851921cf94fb8c36242efb3ba79a8edbf0994ea93ea8ea7fceca6f01824d03cad59fc2eebdff43990315b93dc89c84fd51ccddd423cedeefd011e5ae840c633885163b63f511206e407f6699b9464c9fc79dc5e7e63b13f2d2310ec2f41e02aec1691d08aa98bf4ca0095a78cdbe342598996745f7d8eba6e25cc02a13dc68ddbdeb7b5cb492870bfb398af88ba9184967789d6645c54af8d2e0312ec09edcc6e63560c5dde4632d96d709a5854bd703fe46129fa1c528134718a1547d83107491e43321a17c68b4ce4db7351e1d79829e8d6493e9dea3d730b1b53afcd3ac1eb8b101e61409db0b6b2175618dfca0ab27836d289e7fdbb2f49e83b84c26b00dd0e8648c5ce11ac678a3c1caf0af9f53c998480efbc8ac7e791faeac3c313b51f3277f9c1b45add67400ea9c716726a3787c399ce8e8b6c343d8bd10798facc1c4e9a2a16a5d5f87a34660b2a9d9878509f73be1c95047a1f693e2bcd1663ecacf4f2e837db17439ccd17578032ae4198066b7ad14083bc0a1ee5d3aaad0065b87bb90e6de43dc7067cba1fcf1b1e203e342a504bfc5a9a34a850720eee7cd84d05caf4c222299ebb99e328571bc61f7bfe3abcb45af00f6e83fa8f11b683a54484043c9d40d5c3af40b5e7212c693fc7762dd99860f51605f927d3575684e6c1b8678dc550ed5cba8b61d407fae5f71bb358d0ffc4b73050828b1864c1127c1577a7d352ecaf23dfb6358e25bf3f74a11dce973f647caf0faed9842d7eb26d7d7d44b7bd64b7d87946682c8de517bd614e55acb370175ee12d7dfb5ba3dd751b31eb21c7f535428f6f16f173407b178ed0a864c55ffa4f7c1136f46baef2f0c9e2bb6c0ed45967bc0e1df8a5760322f541df85d3c682132f43be2f7b516f5b9b9534575ac67a13ee66b2c25d72fcd5828559fc4b5ad23bc924d6a260954ea671a1eb69a25e033fa22a11eb0772b878512a644958746157c1cc8613693846b2360dcec466404fba10042a866bf5f9dc2edbf864ba2cfa44e87c435625e7ba441e7f2cf923c0d1b5c99da9b08de8da1b5d4b8fcce91a007b8abd9d4eddf4c6535a71c0b6af46f6919dc01de46c2231526076a0a2efa56ee3956acc7c6757c68993e54fe8ae06efc893ea212b650517dc5653c68255a8a12be4959918fac7a60249726db6ed5021ce10f98495da25ae8fed52047509c4b0648b78aa9bb4df40582614186e33d70b62dab92ee5fe65a32e8a4e63ab29989b40f8b7f8e1bcb82c23546c3ba0392da3e9543dec8546eebba7e35e2e03e5e533ae507937b95a573f19231cb070a220524d6f2f30013ff80d9f45e45f07ffa7d822a9e056df026a5f656c43129b246fb7fd24d9230646187adeb9a288a005e9fc59d8f6d8d5346b5ab158e8ea6548f8f400c0a29c12724307f87948d078f67e5b065d1a0fb79e09c02820283f51ee13b8bc146ee6f569a4144252942e75109f556414974f2f9af0c776d665b33ee2c5681d244b52eda9d0978effc1bee749a41cf4c2bbbd7982eaebd895bee08cd342055bb64569a112e0bfc1b5a2426c7aa58071519c11e856eda1c30695255761b8e8901bc006d05af353e275f4ac58d2af861a10b43d5b64b1d321abce06210fe171158661e486c6d3758d72a919ee11518c8517d13947292363d7d8cf80f6f81b28c21d676baaf9d66fcdeacc8175cf9c6fcf5ea6249cb031e9d78201516ddb580e9531c6d9fb56058d55a64cc9e661a783e641e3089f57b5731573edf9e2677ffceabf8ab835473040dc36b2e435c01b33be259745fca8c1ea789a64b272d6f9bdfd306f05162a57811252847198c6506a79889b814f2daf574b4f215994b6605966693f1ebb2493cdf652cec96d6adc09519967a277d56415b50d2cbbe2a81a5ae6926c6b4a625d054823248acaa6d4bd8f1954944795d93419337658f1b271361e326e807e0a883f023aa73714fccf9c7efbe73d6e28217ce7c7c4dd5b5fc278190532dfa3617c8d297472515bcab10d55aa2079de4d6dd5bf00df60073f321f9c7e9b67136dd7b35129dc4489baa980b43ac8021f893a2e95e1033ab44cdbff4a888c8c220154607326e5ac7a067799074c2aa795b38229e1c1e1ed03140591d7242e684f8d135d5774a2f1dfc89a2e4d64f744138d874a63f9e72386561268a2ed569885f5b660305dfa6cb219ae1c66dd874f07818abcee56651f96077d4e8f52aca2c767a78e10edd8c15e7db2b9325c421452267e4526de3c3412655fddcaf4357a14bbdc5d8efedda5b1600320b800a1240a5423852571637679dd5e90d2fdff49fdebaa1c86ae61eb699108d64bb5829d1a6ed2fe1568eee519da65edc0c94dd5e73ebfaf7ca986ac26ff7bb73bd5c3ab628d4c5422e755fe249ecf0cc39a14c28cbf0c2e8b61424cdbacc0a470388f84be010f9bbae74f33a642a3399b7541995d13dd1da38a8d5b0d64d2f60ffec6e8f0d4d5750b422d07bc5c778d206830b06d6929109b8bdbd0fe54a08aa9a85e769273f1eb3526f498e9fbf05c4bb4d0a13ee9fc54342f7b5cf223c6e2c74811f249b7df8ee231ae67470b28444d2db683a50d0edf633a1f4c813d8a648f725b4cfa7ddbbd02fee7ba28de799d79bd15775c83665b7cd8c372f42d991d03613a3223d5a555f7f3b1507bab1d01512706b84e61d535d8aae2fb3cc948d8196e7f4f77ad42f56ca707f6a1c9ea6e3f8bd33dc2ae3cc950e4315c50f6e4b786286bc5aa4b5475bda9656854415a6249a7400d0dbf929578477220a5f95b5e26182f5b5766f3266201b934fe4ce3ded6dfb90e8e464012d5611e643075de223483b3afc17f90c5e46867e8bad0ddecfb42dd69496d61ffea7e9389d16d69cc3840e10ffeda3ee8107aece20f31733c08450f72e369264315126b7e53927ba59714b7f02b78189236376a30a9ce22106a53d534f39d1752b5c8de296ebea42f9077d44c362837f0a14427226086cf6289bddaabda0ddb3231a4efc783c30cc60270012904e3cdca5463fb49c807953b0b59fabf27d935d6b3f160636a2ac784ded9770e39d81ec38b3ec97903ba17d72bc61047b61f3b53e34469667354831dcb81a0266340f362a78d1843c2b0d4aeacbca27f8187a8e3739a4e16c958621263ebcc4b613145b806dcbeecfe038a2e5c25612c46028279d4c3ed23c507232f93587dd47d6145567ac447383e96629eeb82599aee812f0d6f6b158ee8368819c1beed40f696c284e63f7cb827a17a2d674c036ece0b09ca4a53c6c88fcfd5e47597c9cd73f304e12a644611c0f7cc171ad8ad15030896bc1cc49378957cc4320e313cc508c9122395e2cf9a85e64bc497c12842b56038d27c7c1426770010780be7346c1eccf81159263dd8c3741f587bd2113f13013802f9d0bfee6c8ee95d841d4b4376066817086259a76e926e15b1955c1c1c48b881feab8a4bb78e1ea74986130ac592dc3d51cbff9245edf2fcdae1f9fcaac99c6f3a6b", 0x1000}, {&(0x7f0000000040)="5bcdd70fe6eec55527dda0d724eacac2e759b33a6aa41aac37661d62e8d8fbb546dca49cdb74d9da89f7ee20dcba8fecb07563ba67953f82b92a963aac20982e234de9c6574704e542f6ecb7d4d46acf4299d1c102ccfbff882b3bcc595f21b182ffa04596a75ad4c1316bcc0488c51472", 0x71}], 0x2, &(0x7f0000000140)="a65814b405da4248c977869e19019acd886f9494ce7a2484ad4e487268c074ec9a86336ac8fca1286ca108efb38405", 0x2f, 0x45}, 0x20040080)

1.334158532s ago: executing program 2 (id=4929):
r0 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000002c0)=@in6={0xa, 0x4e22, 0x0, @dev}, 0x80, 0x0}, 0x200ce0c0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/16, @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7fff}, 0x100000, 0x32, 0x43a1bd76, 0x5, 0x9, 0x6, 0x2, 0x0, 0x9, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={&(0x7f0000000200), 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
r4 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$kcm(r4, &(0x7f0000000100)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000000), 0x4c00}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r5, 0x1, 0x27, &(0x7f0000000040)=r1, 0x4)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000007c0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12t\x02\x006\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x01\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x828_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x04.\x9aL\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX\xf73\xa1\xa2\'\x00\x00\x00\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xf8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x93\xca?E9\x17\v\xbc\xc3\b\x00\x00\x00\x00\a\xf6\xfc\x1d\xd4\x893\xeb)\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O!\xd2q\xda}\xe2\xa2\xfe\xfd)\\\xdf\x9aN\\\xaeyc\xe4g\xc0\x8a\n\v{\xa9H\\\xd1\x9dI\xa6\xe4l\x1bD\xa1\xddD\x94\xb8*\x83\xf6\x10>\xdc,]R\xcc\xb2O\xdb\xed-\x87$\xeb\xde\x10*\xd9\xc6\xe7\x10\xd9rY\x0f\xa1d\x96\x03\x99\xa6.o4g\xc9+j\xd5\x9a-\x90\xfc1\xa0|\xe5\xf2\xe99\xa8zJ\xdb\x1c\x0e\x8b\x1e\x96\xa5?\xffv\x1f\x00\xd4\xfc\x04\x95\xfb\r\"\x86\x0f\xc9d\xa2\xef\x16\x030\x8a\x18(\xca\xfc\x11O4\x9aZ\xf8\xf6\xfc*q\xff\x16\xfe{@W$H\x9d\xfe\v\x93\x04u\x93\x920e\x11\x0e\xe9\x06\xc2\xd7\xcc\x18U\xd5\x80\xef\xbda\x82\b\a\xd4\xefU\x92|\xcfX-\xddoSh\x81*\x03T\x87\xf3_Jp\x18cA\xccc\x9e\"\n\xc9\x17\xaf\xdd\xe8aa\xb0\xf5\'U\xb6 \xa0O\xab)\xe5Un\xcb\x95\xe4\xcb\xccX\xee\xa4\x81\xc6\xb7\xd0c\xfc[P\xe1\xa5\xd8\xf9u\xab\x91\xccT<\t\xe6\x1f\xc6\xf6\xd0\x18b\x9e\x8e\xe3\xe3\xa2\xe9/\xcb\x11u5~\'\xbb\x85\xd2\xaafTp^\x85\xdc\x1c\xe1d6\xf8e\xd8\xe1\xdcg\x1c \xb19\x1ey#>z\x9e')
recvmsg$kcm(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x30}, 0x7e8166965e22236a)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext={0x5, 0xbcf3}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
r6 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980", 0x5b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)='n', 0x1}, {&(0x7f0000000100)="b64e1d00fcd7785ec31942aeeea49c982057f5a038887f999164254da7043cdb0ae06fb74334ed0e24da40f4d95fb78479e36d8c0864642646837cc118559f5e0dd86faafef1d8f760c24dc2a4a385ff7a623b3dce1ee3fc7d7fb3fad7eeb01ea32c7b39c3e5b306f704003dabb19a26f0dadf2272a8b02dc5d1da26624c676b732e02ec0c33ebd586cfbaa578bbbfc9cf818d375f3b5ad0edc66272a0dd2ae8ee89e56de50bd0ec7f91f99bca27ba3bcf8db97ea9dbed96a3aacec40b23bbc4f4f8d97ed518ae2cc9b624e2688b98c2d0e624e4d7d204f6c40435", 0xdb}, {&(0x7f0000000080)="b6b574cc417ea960e438f456461e6563b290f6", 0x13}], 0x3}, 0x20000081)

1.286149315s ago: executing program 0 (id=4930):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3, 0x1}, @func={0x1, 0x0, 0x0, 0x12}, @decl_tag={0x1, 0x0, 0x0, 0x11, 0x3, 0x5}]}, {0x0, [0x30, 0x0, 0x0, 0x61]}}, 0x0, 0x4a, 0x0, 0x2}, 0x28)

1.276746426s ago: executing program 1 (id=4931):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001d00)={r1, 0x58, &(0x7f0000002040)}, 0x10)

1.262900956s ago: executing program 3 (id=4932):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8915, &(0x7f00000001c0)={'hsr0\x00', @multicast})

1.148972383s ago: executing program 0 (id=4933):
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000140)=@ieee802154, 0x80, &(0x7f00000008c0)=[{0x0}, {0x0}, {&(0x7f0000000580)=""/169, 0xa9}, {0x0}, {&(0x7f0000000700)=""/219, 0xdb}, {&(0x7f0000000800)=""/189, 0xbd}], 0x6}, 0x2040)
socket$kcm(0x22, 0x2, 0x21)
perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x88, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x200000000000006, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000280)='./file0\x00', 0x0, 0x8}, 0x18)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYRES32=0x1, @ANYBLOB="a8dd00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r0, 0x58, &(0x7f0000000380)}, 0x10)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000080))

1.148427903s ago: executing program 3 (id=4934):
r0 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000440)=@phonet={0x23, 0x0, 0x0, 0x14}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000240)="270502001c0014000600002fb96d", 0xe}], 0x1}, 0x30048801)

1.096087107s ago: executing program 1 (id=4935):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x10, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4d6, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x17}]}, &(0x7f00000001c0)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ffffc}, 0x94)

1.090734057s ago: executing program 2 (id=4936):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu&\t\t')

972.649973ms ago: executing program 0 (id=4937):
r0 = socket$kcm(0x22, 0x2, 0x21)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0)
r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d71, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0xa, 0x3, 0x3a)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r2})
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x6, 0x2, &(0x7f0000000c80)=ANY=[@ANYRES8=r1], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xb90, 0x0, &(0x7f0000000040)="8883956359d631539169aa77e133", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x2}, 0x50)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800"/16], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r6, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="180200d20ec89f3100000000efffffff850000002700000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300003f000000850000007b00000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r7, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000940)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x4, '\x00', r7, 0xffffffffffffffff, 0x3}, 0x50)
r9 = socket$kcm(0x1e, 0x1, 0x0)
sendmsg$kcm(r9, &(0x7f0000000540)={&(0x7f0000000280)=@in6={0xa, 0x4e20, 0x3, @empty, 0xff}, 0x80, 0x0}, 0x80)
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r11 = bpf$ITER_CREATE(0x21, &(0x7f0000000a00), 0x8)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x1c, 0x4, 0x8, 0xf1, 0x60, r8, 0x11, '\x00', r7, 0xffffffffffffffff, 0x2, 0x5, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0x2, &(0x7f00000000c0)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x3}], &(0x7f00000009c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r11, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a40)={0x0, 0x5, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000b00)=[r8, r8, r8, r8, r8, r8, r12], &(0x7f0000000b40)=[{0x5, 0x2, 0xe, 0x2}, {0x2, 0x1, 0xf, 0xe}, {0x3, 0x38000000, 0xf, 0x7}, {0x1, 0x2, 0x0, 0x3}, {0x2, 0x3, 0x3, 0xb}, {0x5, 0x3, 0x10, 0x7}], 0x10, 0x1b00}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r13 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
close(r13)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r10, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
recvmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000180)=""/18, 0x12}, {&(0x7f0000000340)=""/127, 0x7f}, {0x0}, {&(0x7f0000000600)=""/176, 0xb0}, {&(0x7f00000006c0)=""/73, 0x49}, {&(0x7f0000000740)=""/164, 0xa4}], 0x6, &(0x7f0000000880)=""/175, 0xaf}, 0x10000)
sendmsg$kcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bd6efb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x0)

972.435933ms ago: executing program 1 (id=4938):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000180), 0x12)

972.218763ms ago: executing program 3 (id=4939):
r0 = socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffa}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r2, &(0x7f00000002c0)={&(0x7f0000000100)=@caif=@dgm={0x25, 0x1a}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000080)='r', 0x1}], 0x1}, 0x48004)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000400)='syz0\x00', 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000440), 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x50000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x21, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x10400, &(0x7f0000000580)="8555451985e93ae51af05b6faec3bc8aa826dc25ea7622f4b639d1aec6e11b4509d48399a1eccb34f145a531180e02dae7b3b76502d3429b5311c8aeda564a0304188c520b9116aba382e63fad54ba2a4357bc3c54decb76be04b191009485f9eb3ccc97333eca2879d8ac8ce1272cf6879c6ef81da9ec7709e9aa0a3a95daedd999a92404dc9d92d3a0befa8f4e93a829a3d37d7d5ef06d945e84aac44c3bcd2b4b85afa8fdbed3d060f2ac21406b19df1e8ecc", 0xb4, &(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)="04d978da36bb2c23a54ea29983340e62175bf3fbb155019f2d08f30d06fd1e1c6cbece")
syz_open_procfs$namespace(r4, &(0x7f0000000840)='ns/mnt\x00')
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000e90f51accda219a4ce9bb8a0b0000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000400000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70700000000000018010000202070c84ec73887202500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0xa, 0x5, 0x0)
r7 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9beb01031800000000000000000000008000000002"], 0x0, 0x1a}, 0x28)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x8916, &(0x7f0000000000)={r7})
r8 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x8916, &(0x7f0000000000)={r8})
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x8936, &(0x7f0000000000)={r7})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff90, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x4, 0x43, &(0x7f00000015c0)=ANY=[@ANYRES16], &(0x7f0000000340)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100)={0xfffffffc}, 0x10}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000380)}, 0x20)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000940)={r0})

871.947489ms ago: executing program 2 (id=4940):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x803fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x2050000, &(0x7f0000000040)="43dbef57653a34454150c21a8bf7569abc52e21751b9d23fdcf202", 0x1b, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000580)="3b58f5611e2ae2e23153e9dcb16d52c179871c166e36e87634f7d2416038a8a512fe5977d9f5365b3a878d17e50eb4541543ae68f7f0ea3849753c11103907f17ba61fcde45e7b966efb3ea85513fe4e5cd955645bb38d668a268e91d326b725ce6094011fc5e9080f3178361e183bcefebc5d2cc3ae3fb363ec3a99b7ebcce2c93a0eb06ed8e0aadacb24aeb2332405c24abe4e64c88bd60d4d")
perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000800000004000000000000070000000003000000000000080100000000000000000000090200000000002e2e5f"], 0x0, 0x44}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0xfffffffffffffe72, &(0x7f0000000000)=[{&(0x7f0000000300)="d800000018008105e00212ba0d8105040a020200020f100b067c55a1bc000900b80006990200000015000500fc038178a80015000338004002000c0901ac040000d67f6f947a7100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e970300000000000000000000000000000000000000008dc5fb510162", 0xd8}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
r5 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='blkio.bfq.idle_time\x00', 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000016c0)={r3, 0x20, &(0x7f0000000400)={&(0x7f0000000640)=""/104, 0x68, 0x0, &(0x7f00000006c0)=""/4096, 0x1000}}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9)
r7 = openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f0000000c40), 0x12)
r8 = syz_clone(0xc920000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r8, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x4, 0x40, 0x40, 0x41}, 0x50)

871.485309ms ago: executing program 1 (id=4941):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000000000009500"/24], 0x0, 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=0x0, @ANYRES32=<r3=>r2, @ANYBLOB="110000000000000009e2e4da00000000", @ANYRES64=0x0], 0x20)
close(r1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r4, 0x0, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES16=r4], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0x112e, r5, 0x0, 0xa0028000}, 0x38)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'wlan1\x00', @random="0100c3201000"})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x83, 0x1, 0x0, 0x0, 0x0, 0x10001, 0x100020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x9, 0x5, 0xd, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="4ba57c9598c0303c8e6775165664c7a7d37058a9b2dcb8c476eb5e26b3aa5a0c8c3851b0250973bdcd5e5aa5de2e5de172d0164436ec9ad2bdebb4944a914fe44837df98e401afc4b4f45feb8c2f78feffffffff818c3815ff2b4b4d9da35e844c17990fd45eb00f91a5d86b5dfd4f70a5f4bcefd2c3e8bbe44cc056c760c555d41f16253d9bcb3e4950455cab931be45688bbc853680785f9aa247a8e8839", @ANYRES8=r1, @ANYRESDEC=r5, @ANYRESHEX=r3, @ANYRESOCT=r4, @ANYRES32, @ANYRESDEC=r4, @ANYBLOB="15a9d0fd", @ANYRESOCT=r0], 0x48)
r7 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x97, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x100002, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x44000, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1946}, 0x402, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socket$kcm(0xf, 0x3, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)}, {&(0x7f0000000c00)}, {&(0x7f0000000a40)}], 0x3}, 0x0)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r6, 0x58, &(0x7f0000000300)}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

754.457986ms ago: executing program 3 (id=4942):
socket$kcm(0x10, 0x400000002, 0x0)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x9, 0x4, 0x2, 0x2481}, 0x50)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x77e, 0x4}, 0x0, 0x10000, 0x69d, 0x5, 0x7, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4c001)
socket$kcm(0x21, 0x2, 0x2)
socketpair(0x1, 0x1, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0xc0011122)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0xfeffff, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
socket$kcm(0x10, 0x400000002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000e8b81ed00605a8dae82e034b4f44c5b193c8af", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00', 0x0, 0x38}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x1090da, 0x0, 0x0, 0x0, 0x0, 0x4, 0x749}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2}, 0x50)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x3d)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00'})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, &(0x7f0000000080))

604.099904ms ago: executing program 3 (id=4943):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffc}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0))
socket$kcm(0x2, 0x1000000000000002, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x62, 0x0, &(0x7f0000000000)="e02742e8680d85ff9782762f86dd3f8a45e2318273ad90cb7ab9d0f477f5b43ac4ed2618bce6808e000000435024e1ff76b534e444fea2834c6c510d6aeb9ab347165756607916af436c42110bb30983c62b09ef27a9d6ff4c24f5d2cfc1067fb204", 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="364000001a00913a"], 0x82d7)
recvmsg(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r2 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2408, 0xca, 0x0, 0x4, 0x8}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
close(0xffffffffffffffff)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES64], 0x2)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000fe, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000100000080"], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000040)='GPL\x00', 0x1, 0x9f, &(0x7f00000001c0)=""/159, 0x0, 0x0, '\x00', r5}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000016c0)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000080000000200000b0000000c02000000000000000000000d0000000000005f5f612e30"], 0x0, 0x38}, 0x28)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r6, <r7=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000200)='%-010d \x00'}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000018c0)=@bpf_ext={0x1c, 0xe, &(0x7f0000001980)=ANY=[@ANYBLOB="18000000050000000000000001800000852000000400000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000185600000000000000000000000000009500000000000000f895f7aa4d76c615700300f4b50b4a7c678adc41fd89199412a1f5674fe8485a9950031816"], &(0x7f0000001740)='GPL\x00', 0x1, 0xff4, &(0x7f0000004000)=""/4084, 0x40f00, 0x60, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001780)={0x8, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x366d, r2, 0x4, &(0x7f0000001840)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3, r7, r7, r7], &(0x7f0000001880)=[{0x1, 0x4, 0x4, 0x9}, {0x0, 0x4, 0xd, 0x8}, {0x3, 0x2, 0x0, 0x1}, {0x4, 0x4, 0x4, 0x5}], 0x10, 0x6}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x10, 0x14, &(0x7f0000001580)=ANY=[@ANYBLOB="b57d000003000000000495026306ed92d6310000180686690b28e464ad8d88aa7d03b5ce4f6ca44eddd09b9649099d45d6f65e65e8dbbc0b289e6f67cd0c8a036d8ebd3e521b21f4fe2ad3a839f2d69f18a7976fb0174f1f07c6c93781409a9aa1d7c5870c850b2b8273d769d951c87826a5798e", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000186300000a0000000000000001000100186500000a00000000000000070000008520000005000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x4, 0x38, &(0x7f0000001680)=""/56, 0x61900, 0x11, '\x00', r5, @sk_msg=0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x0, &(0x7f0000001400)=[{0x3, 0x1, 0xd, 0xa}, {0x3, 0x1, 0x10, 0x6}, {0x5, 0x5, 0x10, 0xa}, {0x5, 0x2, 0x2, 0xb}, {0x4, 0x4, 0x1, 0x4}, {0x4, 0x1, 0x1, 0x9}, {0x5, 0x1, 0xa, 0x9}, {0x4, 0x3, 0x1}, {0x2, 0x1, 0x3, 0x1}, {0x0, 0x2, 0xf, 0xb}], 0x10, 0xf}, 0x94)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x41, 0x1}, 0x2}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)="27677de6dd9c02ff8950f2dde2370a82695e8715f0b65f6af234d61840f9e72172a73878b29cad0fb9158c33f2f84b9ea17370bf8767715005c17f24d99011c6cc8d07abad63333df974aec9ec8e61a01666caa3ec84b133abca5d6c354a75d1d3d110ad3def61e5c851fad6a4069079bf7e9180603fbaccc7eaffdcf21d90ec3097c3c3d2fdbceae37ae138ba6d67b714d74083af3173f0c9a73108afaaa108d3740b268654bb82bacd94d4d6f64fd2fb548ba92600d3f50314dbdec82280b51461e7226e9ee4b09a615dfe562a6adabda6ce92ca0769feea084e76ffccef966a7f1e5fb02450c82debbf50841d538c7506116f560e8169d3712d71031fee850b6ab6b32128c8602115d31ddb06c03dff0eb8b87031c3537a638e5feb88043f5b3629e31a94fd94271c7567108ff4e81a30b6b2fcaacca1ab197f7bd1c52b0ecea0d5728946b5a8f1e9aa130d50123fd8b35912286bd6d54dcde482279e8530c5bad63c2fda9ef33b021d90fc04f680ec45bb3eee8483f9f75427c734b2fc8f62857f4618673592a10b64e9d08d59303f95e51499ad4c4908b5f0947ee33f62f5ddff3033d3e5ce188f906e10099c8ab0ed331d2a26ed327e20b428a34a66c00d4883c6c3830d2b231ea9fcf3743a229eaa58ab4d7916706177e5967ac5fea9403a97c77441f022a9386a9711817d5165c3eab30581da7f89c6d5edb54e6cc2044e68b5f5501b0afa7a17915665ea3d20ec0b0328c3c14e3d07e291f14742f47ce8200139da3d661f57f9d15b00017a10da804413a4c476acf72d3155536531faca98778d10672ce12df4d78e03525c3dadd7caac8cb86bb9f32179f7c40a3aa7559a37af2a6a5f263fabc6ba3220ee8e4dd0c6f38e449128111a5d89e326692724be6dda9b933d0f84871abf80519e03d34506ae8ab83b5420303e79e25326bd47409378ccea45bdb77fdc23e08456c8c081ecb4e407919876fbc6b885da705cc09b700d8b0cb68378f6582f34c4263e9fc8e3067d50d51522fa9c1983606ab9616d2aa80963faea42b0a004e27c138180be46f9e831b9cadb401a41b28951c571e97008c104954c1e9bace40520681690f88fb6c9461e1ed659dfb3d61bfe9f070f7aa10c745caf9a0639bb5c22ff9a4a7bea09a3d8276f6dcef89e4a966bf92e3a3168636df2626b47b14fa9dfdb380c39ee860f7a3a9d0e9ff8f67d885dc6f360f8f274ecd9808c10fc7fb80209485f0d0b68727ee5c3b49f974fbe717c25b830eb5af0236bad9e782bed7ecc4199ddd7ba18a63d3e568fff58e0eb8f1f3ed845ce4d6333aa25fe343d8e8b222bda165969ff4ea23813a23aa77aa8114a109efcb0c753d84293b506f7cbaf06c7b517fe89f59185030aab402b0b2cc426acbde6e14b3c0ff1e07a0bca2973b3a0009f7606d8f4526cafdad72f84434472f181b0f21adeb64a485b495023dd3d393ff88e1496f5f382b601463ff74bc52eb09a57bb12c3f4693cc8d34c53edf8baa8f7b25cf3b87cd5d4953181feba06623a3212f02bf9c6815fda05e0791c9bfc2fe3e13fb243e3f7b83859fdffbc6be42aa1c22f3fa11a75b4b49ff65de1baa84ad1f788bcb4c229e1631e0144c2ac7ef2686147e5a5d99d3dbc86fa9750398156a6fd44901f66d062dbd0ce7e53afc70b325565cb7fd31e6c4b668e5c3247cccc15a2f15a05ceec9d46782c0299c6c981744e08946aaec878be69f4d99b97a097e164ef3e0be40153ae138fdbf2182dec7485d92588cf958892c5ffab5ccac8faf1c4946b0477631210b885ad7c9971e74133eed2c23a0f242fb7fa0f08990d32726e65d6216f4ec0442102d6fe4d99fada699ca0a3ac77fbad597573bb7104cd797e5d3863990a8b3764ecd0b457b21c16215b6556b26718843635647bce87e3f8790cd85cb3915da0f44693036d606d1954e901b6d9301554e43d0220248275223078f885c0394b0d9452cd79e059b0594b9995301072c4e89cda5e66c147c96e536aebbdcd490b0cb524452ebc32af90d765a7fd11c83ca98c1f775e2fe7d44420db7445b9702d0c435c0be5900dc02d0e956646de4f79ad43f8e405a30e288f7fb67b1250717d1755b8b34a17bc59c8ccbfe06276929fccd9000ea833b20bc42f9d7f62c7262487eba5ea3a7c09a040bf11f79eae9d62464e4711cfa8738840aa323c74fb4db25ed632a32153aaab2e2235b9af630304c63cedb1dcc603b1f9645e2e26a6b6223bd965a138e21dc1b35aca9a4854798497028d6083545851921cf94fb8c36242efb3ba79a8edbf0994ea93ea8ea7fceca6f01824d03cad59fc2eebdff43990315b93dc89c84fd51ccddd423cedeefd011e5ae840c633885163b63f511206e407f6699b9464c9fc79dc5e7e63b13f2d2310ec2f41e02aec1691d08aa98bf4ca0095a78cdbe342598996745f7d8eba6e25cc02a13dc68ddbdeb7b5cb492870bfb398af88ba9184967789d6645c54af8d2e0312ec09edcc6e63560c5dde4632d96d709a5854bd703fe46129fa1c528134718a1547d83107491e43321a17c68b4ce4db7351e1d79829e8d6493e9dea3d730b1b53afcd3ac1eb8b101e61409db0b6b2175618dfca0ab27836d289e7fdbb2f49e83b84c26b00dd0e8648c5ce11ac678a3c1caf0af9f53c998480efbc8ac7e791faeac3c313b51f3277f9c1b45add67400ea9c716726a3787c399ce8e8b6c343d8bd10798facc1c4e9a2a16a5d5f87a34660b2a9d9878509f73be1c95047a1f693e2bcd1663ecacf4f2e837db17439ccd17578032ae4198066b7ad14083bc0a1ee5d3aaad0065b87bb90e6de43dc7067cba1fcf1b1e203e342a504bfc5a9a34a850720eee7cd84d05caf4c222299ebb99e328571bc61f7bfe3abcb45af00f6e83fa8f11b683a54484043c9d40d5c3af40b5e7212c693fc7762dd99860f51605f927d3575684e6c1b8678dc550ed5cba8b61d407fae5f71bb358d0ffc4b73050828b1864c1127c1577a7d352ecaf23dfb6358e25bf3f74a11dce973f647caf0faed9842d7eb26d7d7d44b7bd64b7d87946682c8de517bd614e55acb370175ee12d7dfb5ba3dd751b31eb21c7f535428f6f16f173407b178ed0a864c55ffa4f7c1136f46baef2f0c9e2bb6c0ed45967bc0e1df8a5760322f541df85d3c682132f43be2f7b516f5b9b9534575ac67a13ee66b2c25d72fcd5828559fc4b5ad23bc924d6a260954ea671a1eb69a25e033fa22a11eb0772b878512a644958746157c1cc8613693846b2360dcec466404fba10042a866bf5f9dc2edbf864ba2cfa44e87c435625e7ba441e7f2cf923c0d1b5c99da9b08de8da1b5d4b8fcce91a007b8abd9d4eddf4c6535a71c0b6af46f6919dc01de46c2231526076a0a2efa56ee3956acc7c6757c68993e54fe8ae06efc893ea212b650517dc5653c68255a8a12be4959918fac7a60249726db6ed5021ce10f98495da25ae8fed52047509c4b0648b78aa9bb4df40582614186e33d70b62dab92ee5fe65a32e8a4e63ab29989b40f8b7f8e1bcb82c23546c3ba0392da3e9543dec8546eebba7e35e2e03e5e533ae507937b95a573f19231cb070a220524d6f2f30013ff80d9f45e45f07ffa7d822a9e056df026a5f656c43129b246fb7fd24d9230646187adeb9a288a005e9fc59d8f6d8d5346b5ab158e8ea6548f8f400c0a29c12724307f87948d078f67e5b065d1a0fb79e09c02820283f51ee13b8bc146ee6f569a4144252942e75109f556414974f2f9af0c776d665b33ee2c5681d244b52eda9d0978effc1bee749a41cf4c2bbbd7982eaebd895bee08cd342055bb64569a112e0bfc1b5a2426c7aa58071519c11e856eda1c30695255761b8e8901bc006d05af353e275f4ac58d2af861a10b43d5b64b1d321abce06210fe171158661e486c6d3758d72a919ee11518c8517d13947292363d7d8cf80f6f81b28c21d676baaf9d66fcdeacc8175cf9c6fcf5ea6249cb031e9d78201516ddb580e9531c6d9fb56058d55a64cc9e661a783e641e3089f57b5731573edf9e2677ffceabf8ab835473040dc36b2e435c01b33be259745fca8c1ea789a64b272d6f9bdfd306f05162a57811252847198c6506a79889b814f2daf574b4f215994b6605966693f1ebb2493cdf652cec96d6adc09519967a277d56415b50d2cbbe2a81a5ae6926c6b4a625d054823248acaa6d4bd8f1954944795d93419337658f1b271361e326e807e0a883f023aa73714fccf9c7efbe73d6e28217ce7c7c4dd5b5fc278190532dfa3617c8d297472515bcab10d55aa2079de4d6dd5bf00df60073f321f9c7e9b67136dd7b35129dc4489baa980b43ac8021f893a2e95e1033ab44cdbff4a888c8c220154607326e5ac7a067799074c2aa795b38229e1c1e1ed03140591d7242e684f8d135d5774a2f1dfc89a2e4d64f744138d874a63f9e72386561268a2ed569885f5b660305dfa6cb219ae1c66dd874f07818abcee56651f96077d4e8f52aca2c767a78e10edd8c15e7db2b9325c421452267e4526de3c3412655fddcaf4357a14bbdc5d8efedda5b1600320b800a1240a5423852571637679dd5e90d2fdff49fdebaa1c86ae61eb699108d64bb5829d1a6ed2fe1568eee519da65edc0c94dd5e73ebfaf7ca986ac26ff7bb73bd5c3ab628d4c5422e755fe249ecf0cc39a14c28cbf0c2e8b61424cdbacc0a470388f84be010f9bbae74f33a642a3399b7541995d13dd1da38a8d5b0d64d2f60ffec6e8f0d4d5750b422d07bc5c778d206830b06d6929109b8bdbd0fe54a08aa9a85e769273f1eb3526f498e9fbf05c4bb4d0a13ee9fc54342f7b5cf223c6e2c74811f249b7df8ee231ae67470b28444d2db683a50d0edf633a1f4c813d8a648f725b4cfa7ddbbd02fee7ba28de799d79bd15775c83665b7cd8c372f42d991d03613a3223d5a555f7f3b1507bab1d01512706b84e61d535d8aae2fb3cc948d8196e7f4f77ad42f56ca707f6a1c9ea6e3f8bd33dc2ae3cc950e4315c50f6e4b786286bc5aa4b5475bda9656854415a6249a7400d0dbf929578477220a5f95b5e26182f5b5766f3266201b934fe4ce3ded6dfb90e8e464012d5611e643075de223483b3afc17f90c5e46867e8bad0ddecfb42dd69496d61ffea7e9389d16d69cc3840e10ffeda3ee8107aece20f31733c08450f72e369264315126b7e53927ba59714b7f02b78189236376a30a9ce22106a53d534f39d1752b5c8de296ebea42f9077d44c362837f0a14427226086cf6289bddaabda0ddb3231a4efc783c30cc60270012904e3cdca5463fb49c807953b0b59fabf27d935d6b3f160636a2ac784ded9770e39d81ec38b3ec97903ba17d72bc61047b61f3b53e34469667354831dcb81a0266340f362a78d1843c2b0d4aeacbca27f8187a8e3739a4e16c958621263ebcc4b613145b806dcbeecfe038a2e5c25612c46028279d4c3ed23c507232f93587dd47d6145567ac447383e96629eeb82599aee812f0d6f6b158ee8368819c1beed40f696c284e63f7cb827a17a2d674c036ece0b09ca4a53c6c88fcfd5e47597c9cd73f304e12a644611c0f7cc171ad8ad15030896bc1cc49378957cc4320e313cc508c9122395e2cf9a85e64bc497c12842b56038d27c7c1426770010780be7346c1eccf81159263dd8c3741f587bd2113f13013802f9d0bfee6c8ee95d841d4b4376066817086259a76e926e15b1955c1c1c48b881feab8a4bb78e1ea74986130ac592dc3d51cbff9245edf2fcdae1f9fcaac99c6f3a6b", 0x1000}, {&(0x7f0000000040)="5bcdd70fe6eec55527dda0d724eacac2e759b33a6aa41aac37661d62e8d8fbb546dca49cdb74d9da89f7ee20dcba8fecb07563ba67953f82b92a963aac20982e234de9c6574704e542f6ecb7d4d46acf4299d1c102ccfbff882b3bcc595f21b182ffa04596a75ad4c1316bcc0488c51472", 0x71}], 0x2, &(0x7f0000000140)="a65814b405da4248c977869e19019acd886f9494ce7a2484ad4e487268c074ec9a86336ac8fca1286ca108efb38405", 0x2f, 0x45}, 0x20040080)

577.989266ms ago: executing program 2 (id=4944):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x0)
recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x102)

566.236087ms ago: executing program 0 (id=4945):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001d00)={r1, 0x58, &(0x7f0000002040)}, 0x10)

406.513406ms ago: executing program 0 (id=4946):
r0 = socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000000000003000000000300000002000000fcffffff00000000000000010500000010000000000000000000000402"], 0x0, 0x4e}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000700)={r1, 0x406, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, &(0x7f00000007c0)="10c46de6ca57460438cd729a7e953aa50503789d589bd68927bd9d43be1d70484c8d6c2ce3d8413797b98f9dbad19596fc8224aa2cd6f29ea041c50e6f4b686cebac0c7a0b30e244d073ba621ac898b8952bb1465e629150fe93dc8ba23ab8cb2b", 0x0}, 0x50)
r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
r4 = socket$kcm(0x11, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1000000004000000080000000500000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000050000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000900)={r5, 0x58, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
sendmsg$inet(r0, &(0x7f0000000940)={&(0x7f0000000300)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000bc0)="5ff36b19ab12234b491b58e14ae737312377a57c86d8bc35d06429c15908bacc101625c5df7d449c5257dabca96c364963885ee0d5936f3ed239530c15c5a673fe9983cd14ab4bf6628080b8acaef9f95d40ef4fe55b3289124227ebfdea32ffdc752decb8f8d73afc05470a53e9c3a09b5491999a496ca785df6d768201cba1fb37b3514442d4590fb8b8eccf8acedaf5d07df4b17e0ebf72c8a9072534b202ffca375f8d1581c53cb978b37d28c89335c92675725f7bbaeb27e1be2a200c9f1ca4825a306d02fd", 0xc8}, {&(0x7f0000000380)="3c28eab5ae0ef2ca7ee99fb1d917bdaf8360900b8724d53164", 0x19}, {&(0x7f0000000cc0)="f192baf6a97ef02d1cd03ee9c58466c06ec4361678f9773896c21257e1da015a018cb769dd3d025618e43a64b938e525fa7236ee9735475f0c4818511fc2a39e6a217ba618619e2cc09f77829913714e2d13d60e5be7e912beb11bb2912a5a4738105e80c86120277b9088fbdcf57c7abe448658d22bed13a42c68f58bc81f2d13aa8e31bc330d253964586bcb4e5f1805", 0x91}], 0x3, &(0x7f0000000dc0)=[@ip_retopts={{0x6c, 0x0, 0x7, {[@timestamp={0x44, 0xc, 0x36, 0x0, 0xa, [0x1, 0x4]}, @timestamp={0x44, 0x10, 0xe8, 0x0, 0x4, [0x7ff, 0x1, 0x67f]}, @ra={0x94, 0x4}, @lsrr={0x83, 0xf, 0x6f, [@private=0xa010101, @broadcast, @private=0xa010100]}, @noop, @noop, @timestamp={0x44, 0x4, 0x52, 0x0, 0x4}, @ssrr={0x89, 0x23, 0xbf, [@initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xa}, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @dev={0xac, 0x14, 0x14, 0x3f}, @private=0xa010102, @local, @multicast1]}, @end]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @local}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @remote, @multicast1}}}, @ip_retopts={{0x58, 0x0, 0x7, {[@cipso={0x86, 0x32, 0xffffffffffffffff, [{0x6, 0xf, "2f8d0039fad220443d263f510e"}, {0x1, 0xc, "4fdf763674ef436270c6"}, {0x7, 0xd, "ce58f9288a6855eb18fff3"}, {0x7, 0x4, "2e88"}]}, @generic={0x94, 0x2}, @timestamp={0x44, 0x14, 0xcf, 0x0, 0x9, [0x3ff, 0x8, 0x5, 0xff]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x10000}}, @ip_tos_u8={{0x11}}], 0x138}, 0x40)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000840)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x75, 0x75, 0x4, [@int={0xe, 0x0, 0x0, 0x1, 0x0, 0x78, 0x0, 0x6, 0x2}, @ptr={0x1, 0x0, 0x0, 0x2, 0x3}, @func={0x8, 0x0, 0x0, 0xc, 0x3}, @datasec={0x8, 0x3, 0x0, 0xf, 0x1, [{0x3, 0x10, 0x98}, {0x5, 0x7, 0xe4a}, {0x2, 0x24c, 0x8}], ' '}, @restrict={0x8, 0x0, 0x0, 0xb, 0x3}, @decl_tag={0xd, 0x0, 0x0, 0x11, 0x1, 0x7}]}, {0x0, [0x5f, 0x2e]}}, &(0x7f00000017c0)=""/4096, 0x94, 0x1000, 0x0, 0x7}, 0x28)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000080), &(0x7f0000000240)=r7}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r7, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$kcm(r4, &(0x7f0000001780)={&(0x7f00000003c0)=@hci={0x1f, 0x3, 0x1}, 0x80, 0x0}, 0x0)
socket$kcm(0x29, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0x40, 0x71, 0x10, 0x1d}}, &(0x7f0000000480)='syzkaller\x00', 0x5}, 0x94)
socketpair(0x22, 0x2, 0x25, &(0x7f00000000c0))
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000b00)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f00ff0f00000000000050375ed08a56331dbf9ed78105001ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c0001000b080c00bdad01409bbc7a46e39a54cbbda812176679df069163ce955fed0009d78f0a947ee2b49e33538afaeb2713f450ebd010a20ff27fff", 0x89}], 0x1, 0x0, 0x0, 0x7}, 0x0)

226.816337ms ago: executing program 2 (id=4947):
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000140)=@ieee802154, 0x80, &(0x7f00000008c0)=[{0x0}, {0x0}, {&(0x7f0000000580)=""/169, 0xa9}, {0x0}, {&(0x7f0000000700)=""/219, 0xdb}, {&(0x7f0000000800)=""/189, 0xbd}], 0x6}, 0x2040)
socket$kcm(0x22, 0x2, 0x21)
perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x88, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x200000000000006, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000280)='./file0\x00', 0x0, 0x8}, 0x18)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYRES32=0x1, @ANYBLOB="a8dd00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r0, 0x58, &(0x7f0000000380)}, 0x10)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000080))

92.298424ms ago: executing program 0 (id=4948):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482d0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)

9.475049ms ago: executing program 3 (id=4949):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2b, 'blkio'}, {0x2b, 'devices'}, {0x2b, 'cpu'}, {0x2d, 'devices'}]}, 0x1e)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x1}, 0x1828a6, 0xca, 0x2, 0x0, 0x7, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYBLOB="3eca0d"], 0x9a)

0s ago: executing program 2 (id=4950):
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x8020000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x7, 0x6}, 0x1, 0x0, 0x7, 0x1, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000b0ffffffbfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r2, 0x27, 0xe40, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x702, 0xa, 0x0, &(0x7f0000000580)="e460334470d8d400eb00", 0x0, 0x8001, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x401c5820, &(0x7f0000000040)=0x7ffffffffffffffa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000640)=""/13, 0xd}], 0x6}, 0x2100)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0xc, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="03000000040a008be7d600040000000ace000032", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
close(r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000a80)={'bond0\x00', @broadcast})

kernel console output (not intermixed with test programs):

 bridge0: port 2(bridge_slave_1) entered forwarding state
[  699.589802][T15928] bridge0: port 1(bridge_slave_0) entered blocking state
[  699.596965][T15928] bridge0: port 1(bridge_slave_0) entered forwarding state
[  699.628282][T15928] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  699.643893][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  699.792384][T15946] device veth1_macvtap entered promiscuous mode
[  699.888885][T15950] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3475'.
[  699.915703][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  699.929600][T15956] validate_nla: 5 callbacks suppressed
[  699.929620][T15956] netlink: 'syz.2.3474': attribute type 10 has an invalid length.
[  700.091052][T15956] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.169862][T15963] netlink: 'syz.4.3478': attribute type 10 has an invalid length.
[  700.233139][T15963] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.240478][T15963] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.275995][T15967] netlink: 'syz.3.3480': attribute type 29 has an invalid length.
[  700.386130][T15967] netlink: 'syz.3.3480': attribute type 29 has an invalid length.
[  700.568443][T15970] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3482'.
[  700.609782][T15975] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3484'.
[  700.731433][T15974] netlink: 'syz.2.3481': attribute type 9 has an invalid length.
[  700.851057][T15977] netlink: 'syz.0.3485': attribute type 10 has an invalid length.
[  700.861820][T15974] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3481'.
[  700.922152][T15982] device veth1_macvtap left promiscuous mode
[  701.192371][T15987] device veth1_macvtap left promiscuous mode
[  701.224553][T15989] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3490'.
[  701.727975][T16001] netlink: 'syz.4.3493': attribute type 10 has an invalid length.
[  701.859881][T16001] team0: Port device bridge0 removed
[  701.906408][T16001] bridge0: port 2(bridge_slave_1) entered blocking state
[  701.914259][T16001] bridge0: port 2(bridge_slave_1) entered forwarding state
[  701.922952][T16001] bridge0: port 1(bridge_slave_0) entered blocking state
[  701.930423][T16001] bridge0: port 1(bridge_slave_0) entered forwarding state
[  702.010119][T16001] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  702.040319][T16013] device veth1_macvtap entered promiscuous mode
[  702.048939][T16011] netlink: 'syz.1.3496': attribute type 29 has an invalid length.
[  702.076065][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  702.094757][T16011] netlink: 'syz.1.3496': attribute type 29 has an invalid length.
[  702.105809][T16007] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3497'.
[  702.202951][T16012] netlink: 'syz.2.3495': attribute type 10 has an invalid length.
[  702.368792][T16012] bond0: (slave bridge0): Releasing backup interface
[  702.488840][T16012] bridge0: port 2(bridge_slave_1) entered blocking state
[  702.496073][T16012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  702.825567][T16012] team0: Port device bridge0 added
[  702.862187][T16017] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3498'.
[  702.915287][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  703.051801][T16030] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.3502'.
[  703.239257][T16032] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.247776][T16032] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.366377][T16036] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3505'.
[  703.575714][T16041] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.594879][T16041] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.080520][T16058] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.087840][T16058] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.167294][T16058] bond0: (slave bridge0): Releasing backup interface
[  704.191974][T16058] bridge0: port 2(bridge_slave_1) entered blocking state
[  704.199160][T16058] bridge0: port 2(bridge_slave_1) entered forwarding state
[  704.206633][T16058] bridge0: port 1(bridge_slave_0) entered blocking state
[  704.213768][T16058] bridge0: port 1(bridge_slave_0) entered forwarding state
[  704.277025][T16058] team0: Port device bridge0 added
[  704.296591][T16063] device veth1_macvtap left promiscuous mode
[  704.445269][T16066] bond0: (slave bridge0): Releasing backup interface
[  704.482697][T16066] bridge0: port 2(bridge_slave_1) entered blocking state
[  704.489957][T16066] bridge0: port 2(bridge_slave_1) entered forwarding state
[  704.497447][T16066] bridge0: port 1(bridge_slave_0) entered blocking state
[  704.504620][T16066] bridge0: port 1(bridge_slave_0) entered forwarding state
[  704.595507][T16071] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3519'.
[  704.683600][T16066] team0: Port device bridge0 added
[  704.739935][T16064] device veth1_macvtap entered promiscuous mode
[  704.877015][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  704.896905][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  704.911311][T16071] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3519'.
[  705.003484][T16078] validate_nla: 7 callbacks suppressed
[  705.003519][T16078] netlink: 'syz.1.3521': attribute type 9 has an invalid length.
[  705.036046][T16078] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.3521'.
[  705.055284][T16073] device veth0_vlan left promiscuous mode
[  705.084140][T16073] device veth0_vlan entered promiscuous mode
[  705.128852][T16073] team0: Device veth0_vlan failed to register rx_handler
[  705.298033][T16081] netlink: 'syz.4.3522': attribute type 10 has an invalid length.
[  705.307194][T16081] bridge0: port 2(bridge_slave_1) entered disabled state
[  705.314451][T16081] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.382553][T16081] team0: Port device bridge0 removed
[  705.402623][T16081] bridge0: port 2(bridge_slave_1) entered blocking state
[  705.409908][T16081] bridge0: port 2(bridge_slave_1) entered forwarding state
[  705.417348][T16081] bridge0: port 1(bridge_slave_0) entered blocking state
[  705.424490][T16081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  705.446122][T16088] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3526'.
[  705.472151][T16081] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  705.496366][T16083] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3523'.
[  705.616961][T16092] netlink: 'syz.3.3527': attribute type 10 has an invalid length.
[  705.633615][T16094] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3538'.
[  705.647279][T16092] bridge0: port 2(bridge_slave_1) entered disabled state
[  705.655685][T16092] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.835930][T16092] team0: Port device bridge0 removed
[  705.876397][T16092] bridge0: port 2(bridge_slave_1) entered blocking state
[  705.884084][T16092] bridge0: port 2(bridge_slave_1) entered forwarding state
[  705.892457][T16092] bridge0: port 1(bridge_slave_0) entered blocking state
[  705.899853][T16092] bridge0: port 1(bridge_slave_0) entered forwarding state
[  705.977936][T16092] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  706.128076][T16102] device veth1_macvtap left promiscuous mode
[  706.152206][T16098] device team_slave_0 entered promiscuous mode
[  706.169357][T16104] device veth1_macvtap left promiscuous mode
[  706.344513][T16111] netlink: 'syz.3.3535': attribute type 9 has an invalid length.
[  706.374934][T16108] device veth1_macvtap entered promiscuous mode
[  706.594353][T16121] device veth1_macvtap entered promiscuous mode
[  706.719290][T16124] netlink: 'syz.0.3541': attribute type 10 has an invalid length.
[  706.957410][T16128] netlink: 'syz.4.3544': attribute type 10 has an invalid length.
[  707.039138][T16128] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.047618][T16128] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.065373][T16130] FAULT_INJECTION: forcing a failure.
[  707.065373][T16130] name failslab, interval 1, probability 0, space 0, times 0
[  707.133017][T16130] CPU: 1 PID: 16130 Comm: syz.0.3543 Not tainted syzkaller #0
[  707.140644][T16130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  707.150724][T16130] Call Trace:
[  707.154028][T16130]  <TASK>
[  707.156983][T16130]  dump_stack_lvl+0x188/0x250
[  707.161682][T16130]  ? show_regs_print_info+0x20/0x20
[  707.166914][T16130]  ? load_image+0x400/0x400
[  707.171453][T16130]  ? __lock_acquire+0x7d10/0x7d10
[  707.176518][T16130]  should_fail+0x38c/0x4c0
[  707.180960][T16130]  should_failslab+0x5/0x20
[  707.185489][T16130]  slab_pre_alloc_hook+0x51/0xc0
[  707.190449][T16130]  kmem_cache_alloc_trace+0x47/0x2a0
[  707.195761][T16130]  ? btf_new_fd+0x1a0/0x910
[  707.200291][T16130]  btf_new_fd+0x1a0/0x910
[  707.204647][T16130]  __sys_bpf+0x58c/0x6f0
[  707.209011][T16130]  ? bpf_link_show_fdinfo+0x380/0x380
[  707.214434][T16130]  __x64_sys_bpf+0x78/0x90
[  707.219114][T16130]  do_syscall_64+0x4c/0xa0
[  707.223562][T16130]  ? clear_bhb_loop+0x30/0x80
[  707.228260][T16130]  ? clear_bhb_loop+0x30/0x80
[  707.232966][T16130]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  707.238888][T16130] RIP: 0033:0x7f68c789ceb9
[  707.243343][T16130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  707.262973][T16130] RSP: 002b:00007f68c5af8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  707.271416][T16130] RAX: ffffffffffffffda RBX: 00007f68c7b17fa0 RCX: 00007f68c789ceb9
[  707.279428][T16130] RDX: 0000000000000028 RSI: 0000200000000500 RDI: 0000000000000012
[  707.287434][T16130] RBP: 00007f68c5af8090 R08: 0000000000000000 R09: 0000000000000000
[  707.295434][T16130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.303430][T16130] R13: 00007f68c7b18038 R14: 00007f68c7b17fa0 R15: 00007ffff8c84678
[  707.311441][T16130]  </TASK>
[  707.501725][T16138] netlink: 'syz.3.3549': attribute type 9 has an invalid length.
[  707.509681][T16138] __nla_validate_parse: 4 callbacks suppressed
[  707.509698][T16138] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.3549'.
[  707.580017][T16143] FAULT_INJECTION: forcing a failure.
[  707.580017][T16143] name failslab, interval 1, probability 0, space 0, times 0
[  707.617305][T16143] CPU: 0 PID: 16143 Comm: syz.4.3550 Not tainted syzkaller #0
[  707.624962][T16143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  707.635050][T16143] Call Trace:
[  707.638358][T16143]  <TASK>
[  707.641303][T16143]  dump_stack_lvl+0x188/0x250
[  707.646002][T16143]  ? show_regs_print_info+0x20/0x20
[  707.651219][T16143]  ? load_image+0x400/0x400
[  707.655743][T16143]  ? __might_sleep+0xf0/0xf0
[  707.660355][T16143]  ? __lock_acquire+0x7d10/0x7d10
[  707.665398][T16143]  ? netlink_insert+0xe95/0x11f0
[  707.670357][T16143]  should_fail+0x38c/0x4c0
[  707.674805][T16143]  should_failslab+0x5/0x20
[  707.679328][T16143]  slab_pre_alloc_hook+0x51/0xc0
[  707.684299][T16143]  kmem_cache_alloc_node+0x47/0x2d0
[  707.689537][T16143]  ? __alloc_skb+0xf4/0x750
[  707.694070][T16143]  __alloc_skb+0xf4/0x750
[  707.698425][T16143]  netlink_sendmsg+0x654/0xbe0
[  707.703219][T16143]  ? netlink_getsockopt+0x570/0x570
[  707.708445][T16143]  ? aa_sock_msg_perm+0x94/0x150
[  707.713411][T16143]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  707.718738][T16143]  ? security_socket_sendmsg+0x7c/0xa0
[  707.724229][T16143]  ? netlink_getsockopt+0x570/0x570
[  707.729480][T16143]  ____sys_sendmsg+0x5b7/0x8f0
[  707.734285][T16143]  ? __sys_sendmsg_sock+0x30/0x30
[  707.739359][T16143]  ? import_iovec+0x6f/0xa0
[  707.743892][T16143]  ___sys_sendmsg+0x236/0x2e0
[  707.748596][T16143]  ? __sys_sendmsg+0x2a0/0x2a0
[  707.753403][T16143]  ? vfs_write+0x8b2/0xd60
[  707.757864][T16143]  __se_sys_sendmsg+0x1af/0x290
[  707.762768][T16143]  ? __x64_sys_sendmsg+0x80/0x80
[  707.767731][T16143]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  707.773749][T16143]  ? lockdep_hardirqs_on+0x94/0x140
[  707.778977][T16143]  do_syscall_64+0x4c/0xa0
[  707.783421][T16143]  ? clear_bhb_loop+0x30/0x80
[  707.788114][T16143]  ? clear_bhb_loop+0x30/0x80
[  707.792807][T16143]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  707.798730][T16143] RIP: 0033:0x7f427de16eb9
[  707.803187][T16143] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  707.822819][T16143] RSP: 002b:00007f427c072028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  707.831350][T16143] RAX: ffffffffffffffda RBX: 00007f427e091fa0 RCX: 00007f427de16eb9
[  707.839357][T16143] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000003
[  707.847364][T16143] RBP: 00007f427c072090 R08: 0000000000000000 R09: 0000000000000000
[  707.855360][T16143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.863361][T16143] R13: 00007f427e092038 R14: 00007f427e091fa0 R15: 00007ffdc4504938
[  707.871366][T16143]  </TASK>
[  707.925820][T16148] netlink: 'syz.3.3554': attribute type 10 has an invalid length.
[  708.005266][T16148] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.013467][T16148] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.167298][T16159] device veth1_macvtap entered promiscuous mode
[  708.251249][T16161] netlink: 'syz.1.3558': attribute type 10 has an invalid length.
[  708.292667][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  708.460967][T16166] netlink: 'syz.3.3561': attribute type 27 has an invalid length.
[  708.504949][T16166] netlink: 2418 bytes leftover after parsing attributes in process `syz.3.3561'.
[  708.542392][T16168] device veth1_macvtap left promiscuous mode
[  708.752956][T16171] bond0: (slave bridge0): Releasing backup interface
[  708.779818][T16171] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.787035][T16171] bridge0: port 2(bridge_slave_1) entered forwarding state
[  708.794493][T16171] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.801595][T16171] bridge0: port 1(bridge_slave_0) entered forwarding state
[  708.882129][T16171] team0: Port device bridge0 added
[  708.901158][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  709.195094][T16179] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3566'.
[  709.249649][T16182] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3567'.
[  709.287220][T16188] device team_slave_0 entered promiscuous mode
[  709.612789][T16204] netlink: 61951 bytes leftover after parsing attributes in process `syz.0.3577'.
[  709.671268][T16200] bond0: (slave bridge0): Releasing backup interface
[  709.716818][T16200] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.724171][T16200] bridge0: port 2(bridge_slave_1) entered forwarding state
[  709.732988][T16200] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.740511][T16200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  709.790327][T16200] team0: Port device bridge0 added
[  709.824556][T16212] device veth1_macvtap entered promiscuous mode
[  709.851983][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  709.877238][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  710.035942][T16224] validate_nla: 7 callbacks suppressed
[  710.035977][T16224] netlink: 'syz.3.3583': attribute type 10 has an invalid length.
[  710.099906][T16224] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.107996][T16224] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.524656][T16224] team0: Port device bridge0 removed
[  710.568178][T16224] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.575674][T16224] bridge0: port 2(bridge_slave_1) entered forwarding state
[  710.583914][T16224] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.591304][T16224] bridge0: port 1(bridge_slave_0) entered forwarding state
[  710.622929][T16224] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  710.748506][T16233] device team_slave_0 entered promiscuous mode
[  710.779760][T16235] netlink: 'syz.4.3588': attribute type 9 has an invalid length.
[  710.826610][T16235] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.3588'.
[  710.902648][T16243] FAULT_INJECTION: forcing a failure.
[  710.902648][T16243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.930273][T16243] CPU: 0 PID: 16243 Comm: syz.1.3591 Not tainted syzkaller #0
[  710.937805][T16243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  710.947894][T16243] Call Trace:
[  710.951193][T16243]  <TASK>
[  710.954184][T16243]  dump_stack_lvl+0x188/0x250
[  710.958901][T16243]  ? show_regs_print_info+0x20/0x20
[  710.964136][T16243]  ? load_image+0x400/0x400
[  710.968709][T16243]  ? __lock_acquire+0x7d10/0x7d10
[  710.973773][T16243]  should_fail+0x38c/0x4c0
[  710.978226][T16243]  _copy_to_user+0x2e/0x130
[  710.982771][T16243]  simple_read_from_buffer+0xe3/0x150
[  710.988171][T16243]  proc_fail_nth_read+0x1a6/0x220
[  710.993240][T16243]  ? proc_fault_inject_write+0x310/0x310
[  710.998908][T16243]  ? fsnotify_perm+0x254/0x560
[  711.003714][T16243]  ? proc_fault_inject_write+0x310/0x310
[  711.009375][T16243]  vfs_read+0x301/0xd60
[  711.013574][T16243]  ? kernel_read+0x1e0/0x1e0
[  711.018191][T16243]  ? __fget_files+0x40f/0x480
[  711.022896][T16243]  ? mutex_lock_nested+0x17/0x20
[  711.027865][T16243]  ? __fdget_pos+0x2bf/0x370
[  711.032480][T16243]  ? ksys_read+0x71/0x260
[  711.036847][T16243]  ksys_read+0x152/0x260
[  711.041114][T16243]  ? vfs_write+0xd60/0xd60
[  711.045551][T16243]  ? lockdep_hardirqs_on+0x94/0x140
[  711.050771][T16243]  do_syscall_64+0x4c/0xa0
[  711.055208][T16243]  ? clear_bhb_loop+0x30/0x80
[  711.059897][T16243]  ? clear_bhb_loop+0x30/0x80
[  711.064591][T16243]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  711.070499][T16243] RIP: 0033:0x7ff495ac278e
[  711.074928][T16243] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  711.094577][T16243] RSP: 002b:00007ff493d5cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  711.103175][T16243] RAX: ffffffffffffffda RBX: 00007ff493d5d6c0 RCX: 00007ff495ac278e
[  711.111383][T16243] RDX: 000000000000000f RSI: 00007ff493d5d0a0 RDI: 0000000000000004
[  711.119384][T16243] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  711.127390][T16243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  711.135389][T16243] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  711.143400][T16243]  </TASK>
[  711.147717][T16241] device veth1_macvtap left promiscuous mode
[  711.292858][T16250] netlink: 'syz.4.3593': attribute type 10 has an invalid length.
[  711.337200][T16250] bridge0: port 2(bridge_slave_1) entered disabled state
[  711.344456][T16250] bridge0: port 1(bridge_slave_0) entered disabled state
[  711.430182][T16249] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3594'.
[  711.503910][T16256] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3597'.
[  711.526691][T16259] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.3598'.
[  711.605437][T16258] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.3598'.
[  711.617004][T16263] netlink: 'syz.3.3600': attribute type 3 has an invalid length.
[  711.669411][T16265] device veth1_macvtap entered promiscuous mode
[  711.715569][T16269] netlink: 'syz.3.3600': attribute type 3 has an invalid length.
[  711.829201][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  712.736943][T16291] device veth1_macvtap left promiscuous mode
[  712.787814][T16289] netlink: 'syz.4.3607': attribute type 10 has an invalid length.
[  712.873606][T16289] team0: Port device bridge0 removed
[  712.894694][T16295] __nla_validate_parse: 2 callbacks suppressed
[  712.894713][T16295] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3610'.
[  712.956912][T16289] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.964875][T16289] bridge0: port 2(bridge_slave_1) entered forwarding state
[  712.974123][T16289] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.981909][T16289] bridge0: port 1(bridge_slave_0) entered forwarding state
[  713.092426][T16289] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  713.122717][T16300] netlink: 'syz.3.3609': attribute type 10 has an invalid length.
[  713.169374][T16300] bridge0: port 2(bridge_slave_1) entered disabled state
[  713.176643][T16300] bridge0: port 1(bridge_slave_0) entered disabled state
[  713.227983][T16300] bond0: (slave bridge0): Releasing backup interface
[  713.252749][T16300] bridge0: port 2(bridge_slave_1) entered blocking state
[  713.260102][T16300] bridge0: port 2(bridge_slave_1) entered forwarding state
[  713.267619][T16300] bridge0: port 1(bridge_slave_0) entered blocking state
[  713.274912][T16300] bridge0: port 1(bridge_slave_0) entered forwarding state
[  713.347418][T16300] team0: Port device bridge0 added
[  713.360728][T16297] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3611'.
[  713.390561][T16295] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3610'.
[  713.420242][T16301] netlink: 'syz.0.3610': attribute type 10 has an invalid length.
[  713.565465][T16301] device veth0_vlan left promiscuous mode
[  713.575058][T16301] device veth0_vlan entered promiscuous mode
[  713.586088][T16301] team0: Device veth0_vlan failed to register rx_handler
[  713.659605][T16319] netlink: 'syz.1.3616': attribute type 1 has an invalid length.
[  713.692649][T16308] netlink: 'syz.4.3613': attribute type 21 has an invalid length.
[  713.709162][T16319] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.3616'.
[  713.729166][T16308] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3613'.
[  713.784197][T16310] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3614'.
[  713.814793][T16310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3614'.
[  713.844302][T16310] netlink: 33 bytes leftover after parsing attributes in process `syz.2.3614'.
[  713.886653][T16310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3614'.
[  713.896340][T16310] netlink: 33 bytes leftover after parsing attributes in process `syz.2.3614'.
[  714.952639][T16362] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.170360][T16367] validate_nla: 4 callbacks suppressed
[  715.170392][T16367] netlink: 'syz.4.3635': attribute type 9 has an invalid length.
[  715.616150][T16389] netlink: 'syz.3.3641': attribute type 9 has an invalid length.
[  715.920940][T16398] device team_slave_0 entered promiscuous mode
[  716.187877][T16416] FAULT_INJECTION: forcing a failure.
[  716.187877][T16416] name failslab, interval 1, probability 0, space 0, times 0
[  716.269579][T16416] CPU: 0 PID: 16416 Comm: syz.1.3651 Not tainted syzkaller #0
[  716.277121][T16416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  716.287240][T16416] Call Trace:
[  716.290536][T16416]  <TASK>
[  716.293484][T16416]  dump_stack_lvl+0x188/0x250
[  716.298200][T16416]  ? show_regs_print_info+0x20/0x20
[  716.303428][T16416]  ? load_image+0x400/0x400
[  716.307970][T16416]  ? __might_sleep+0xf0/0xf0
[  716.312594][T16416]  ? __lock_acquire+0x7d10/0x7d10
[  716.317643][T16416]  should_fail+0x38c/0x4c0
[  716.322090][T16416]  should_failslab+0x5/0x20
[  716.326610][T16416]  slab_pre_alloc_hook+0x51/0xc0
[  716.331572][T16416]  __kmalloc_node_track_caller+0x68/0x3a0
[  716.337314][T16416]  ? netlink_sendmsg+0x654/0xbe0
[  716.342278][T16416]  ? kmem_cache_alloc_node+0x162/0x2d0
[  716.347763][T16416]  ? __alloc_skb+0xf4/0x750
[  716.352286][T16416]  ? netlink_sendmsg+0x654/0xbe0
[  716.357273][T16416]  __alloc_skb+0x22c/0x750
[  716.361718][T16416]  netlink_sendmsg+0x654/0xbe0
[  716.366528][T16416]  ? netlink_getsockopt+0x570/0x570
[  716.371757][T16416]  ? aa_sock_msg_perm+0x94/0x150
[  716.376713][T16416]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  716.382015][T16416]  ? security_socket_sendmsg+0x7c/0xa0
[  716.387488][T16416]  ? netlink_getsockopt+0x570/0x570
[  716.392713][T16416]  ____sys_sendmsg+0x5b7/0x8f0
[  716.397511][T16416]  ? __sys_sendmsg_sock+0x30/0x30
[  716.402581][T16416]  ? import_iovec+0x6f/0xa0
[  716.407123][T16416]  ___sys_sendmsg+0x236/0x2e0
[  716.411869][T16416]  ? __sys_sendmsg+0x2a0/0x2a0
[  716.416668][T16416]  ? vfs_write+0x8b2/0xd60
[  716.421131][T16416]  __se_sys_sendmsg+0x1af/0x290
[  716.426000][T16416]  ? __x64_sys_sendmsg+0x80/0x80
[  716.430961][T16416]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  716.437017][T16416]  ? lockdep_hardirqs_on+0x94/0x140
[  716.442245][T16416]  do_syscall_64+0x4c/0xa0
[  716.446684][T16416]  ? clear_bhb_loop+0x30/0x80
[  716.451387][T16416]  ? clear_bhb_loop+0x30/0x80
[  716.456083][T16416]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  716.461991][T16416] RIP: 0033:0x7ff495b01eb9
[  716.466426][T16416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  716.486059][T16416] RSP: 002b:00007ff493d5d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  716.494503][T16416] RAX: ffffffffffffffda RBX: 00007ff495d7cfa0 RCX: 00007ff495b01eb9
[  716.502533][T16416] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  716.510564][T16416] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  716.518563][T16416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.526566][T16416] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  716.534582][T16416]  </TASK>
[  716.616623][T16420] netlink: 'syz.2.3654': attribute type 10 has an invalid length.
[  716.667297][T16420] team0: Port device bridge0 removed
[  716.789840][T16424] netlink: 'syz.4.3655': attribute type 9 has an invalid length.
[  716.856879][T16420] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.864394][T16420] bridge0: port 2(bridge_slave_1) entered forwarding state
[  716.989931][T16420] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  717.173514][T16431] device veth1_macvtap left promiscuous mode
[  717.557106][T16439] netlink: 'syz.0.3661': attribute type 9 has an invalid length.
[  717.619425][T16445] device team_slave_0 left promiscuous mode
[  717.730577][T16446] device team_slave_0 entered promiscuous mode
[  717.780780][T16451] netlink: 'syz.0.3667': attribute type 3 has an invalid length.
[  717.840855][T16455] netlink: 'syz.4.3669': attribute type 9 has an invalid length.
[  717.862584][T16459] netlink: 'syz.0.3667': attribute type 3 has an invalid length.
[  717.888580][T16457] netlink: 'syz.3.3670': attribute type 10 has an invalid length.
[  718.073125][T16457] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.081447][T16457] bridge0: port 1(bridge_slave_0) entered disabled state
[  718.193519][T16457] team0: Port device bridge0 removed
[  718.232944][T16457] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.240619][T16457] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.250262][T16457] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.258009][T16457] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.366243][T16457] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  718.397895][T16462] netlink: 'syz.2.3671': attribute type 10 has an invalid length.
[  718.415759][T16462] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.448803][T16464] __nla_validate_parse: 20 callbacks suppressed
[  718.448840][T16464] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3672'.
[  718.497044][T16468] device veth1_macvtap entered promiscuous mode
[  718.553351][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  718.721512][T16478] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.728807][T16478] bridge0: port 1(bridge_slave_0) entered disabled state
[  718.893452][T16478] bond0: (slave bridge0): Releasing backup interface
[  718.961831][T16478] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.969197][T16478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.976830][T16478] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.984080][T16478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  719.181726][T16478] team0: Port device bridge0 added
[  719.224387][T16484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.261840][T16484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.332182][T16484] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.442861][T16484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.481506][T16484] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.510551][T16484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.533069][T16484] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3678'.
[  719.596877][T16495] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.3682'.
[  719.790289][T16502] device team_slave_0 entered promiscuous mode
[  719.821799][T16507] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3686'.
[  719.940693][T16512] bridge0: port 2(bridge_slave_1) entered disabled state
[  719.949095][T16512] bridge0: port 1(bridge_slave_0) entered disabled state
[  720.204414][T16512] team0: Port device bridge0 removed
[  720.276162][T16512] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.284581][T16512] bridge0: port 2(bridge_slave_1) entered forwarding state
[  720.295074][T16512] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.302880][T16512] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.458089][T16512] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  720.480630][T16516] device veth1_macvtap entered promiscuous mode
[  720.506416][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  720.526073][T16527] validate_nla: 4 callbacks suppressed
[  720.526091][T16527] netlink: 'syz.0.3694': attribute type 10 has an invalid length.
[  720.624825][T16527] bond0: (slave bridge0): Releasing backup interface
[  720.695066][T16527] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.702228][T16527] bridge0: port 2(bridge_slave_1) entered forwarding state
[  720.709738][T16527] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.716913][T16527] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.826277][T16527] team0: Port device bridge0 added
[  720.855411][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  721.352380][T16544] netlink: 'syz.0.3700': attribute type 10 has an invalid length.
[  721.387655][T16544] bridge0: port 2(bridge_slave_1) entered disabled state
[  721.395562][T16544] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.512872][T16544] team0: Port device bridge0 removed
[  721.587854][T16544] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.595365][T16544] bridge0: port 2(bridge_slave_1) entered forwarding state
[  721.603563][T16544] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.610998][T16544] bridge0: port 1(bridge_slave_0) entered forwarding state
[  721.661239][T16561] netlink: 'syz.3.3709': attribute type 9 has an invalid length.
[  721.677197][T16544] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  721.687230][T16546] device team_slave_0 left promiscuous mode
[  721.720706][T16553] device team_slave_0 entered promiscuous mode
[  721.875476][T16569] netlink: 'syz.1.3712': attribute type 10 has an invalid length.
[  722.086465][T16570] netlink: 'syz.0.3711': attribute type 10 has an invalid length.
[  722.124589][T16570] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.134312][T16570] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.664612][T16592] netlink: 'syz.0.3720': attribute type 10 has an invalid length.
[  722.768698][T16594] netlink: 'syz.1.3722': attribute type 10 has an invalid length.
[  722.835545][T16596] netlink: 'syz.3.3721': attribute type 9 has an invalid length.
[  722.942705][T16602] device team_slave_0 left promiscuous mode
[  723.034540][T16607] device team_slave_0 entered promiscuous mode
[  723.042641][T16606] netlink: 'syz.3.3727': attribute type 10 has an invalid length.
[  723.072552][T16606] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.080674][T16606] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.350887][T16617] netlink: 'syz.1.3731': attribute type 10 has an invalid length.
[  723.410422][T16629] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.417881][T16629] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.433352][T10626] Bluetooth: hci3: command 0x0406 tx timeout
[  723.633999][T16629] bond0: (slave bridge0): Releasing backup interface
[  723.678030][T16629] bridge0: port 2(bridge_slave_1) entered blocking state
[  723.685330][T16629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  723.692911][T16629] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.700142][T16629] bridge0: port 1(bridge_slave_0) entered forwarding state
[  723.820173][T16629] team0: Port device bridge0 added
[  723.842850][T16634] __nla_validate_parse: 23 callbacks suppressed
[  723.842888][T16634] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3736'.
[  724.027571][T16639] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.3738'.
[  724.188852][T16648] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.197967][T16648] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.438425][T16648] team0: Port device bridge0 removed
[  724.475743][T16648] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.483185][T16648] bridge0: port 2(bridge_slave_1) entered forwarding state
[  724.492293][T16648] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.499684][T16648] bridge0: port 1(bridge_slave_0) entered forwarding state
[  724.547049][T16648] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  724.662066][T16661] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3746'.
[  724.692555][T16659] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3756'.
[  724.862323][T16665] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.3747'.
[  725.006294][T16674] bond0: (slave bridge0): Releasing backup interface
[  725.082046][T16674] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.089278][T16674] bridge0: port 2(bridge_slave_1) entered forwarding state
[  725.096755][T16674] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.103894][T16674] bridge0: port 1(bridge_slave_0) entered forwarding state
[  725.122555][T16674] team0: Port device bridge0 added
[  725.128623][T16673] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3750'.
[  725.156858][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  725.220185][T16682] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.3754'.
[  725.284422][T16687] netlink: 144316 bytes leftover after parsing attributes in process `syz.0.3755'.
[  725.391024][T16691] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.399174][T16691] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.508228][T16699] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3762'.
[  725.519029][T16691] team0: Port device bridge0 removed
[  725.581324][T16691] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.589630][T16691] bridge0: port 2(bridge_slave_1) entered forwarding state
[  725.598361][T16691] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.606206][T16691] bridge0: port 1(bridge_slave_0) entered forwarding state
[  725.692802][T16691] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  725.710109][T16695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3761'.
[  726.042991][T16713] validate_nla: 8 callbacks suppressed
[  726.043023][T16713] netlink: 'syz.0.3767': attribute type 9 has an invalid length.
[  726.130495][T16719] FAULT_INJECTION: forcing a failure.
[  726.130495][T16719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.213317][T16719] CPU: 0 PID: 16719 Comm: syz.1.3769 Not tainted syzkaller #0
[  726.220851][T16719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  726.230934][T16719] Call Trace:
[  726.234242][T16719]  <TASK>
[  726.237201][T16719]  dump_stack_lvl+0x188/0x250
[  726.241913][T16719]  ? show_regs_print_info+0x20/0x20
[  726.247139][T16719]  ? load_image+0x400/0x400
[  726.251686][T16719]  ? __lock_acquire+0x7d10/0x7d10
[  726.256745][T16719]  should_fail+0x38c/0x4c0
[  726.261197][T16719]  _copy_from_iter+0x22e/0x1170
[  726.266085][T16719]  ? copy_mc_pipe_to_iter+0x7d0/0x7d0
[  726.271499][T16719]  packet_sendmsg+0x322c/0x5060
[  726.276480][T16719]  ? __lock_acquire+0x12e8/0x7d10
[  726.281557][T16719]  ? __might_sleep+0xf0/0xf0
[  726.286198][T16719]  ? aa_sk_perm+0x7dc/0x910
[  726.290722][T16719]  ? packet_getsockopt+0x9a0/0x9a0
[  726.295921][T16719]  ? aa_sock_msg_perm+0x94/0x150
[  726.300929][T16719]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  726.306248][T16719]  ? security_socket_sendmsg+0x7c/0xa0
[  726.311729][T16719]  ? packet_getsockopt+0x9a0/0x9a0
[  726.316877][T16719]  ____sys_sendmsg+0x5b7/0x8f0
[  726.321693][T16719]  ? __sys_sendmsg_sock+0x30/0x30
[  726.326756][T16719]  ? import_iovec+0x6f/0xa0
[  726.331303][T16719]  ___sys_sendmsg+0x236/0x2e0
[  726.336021][T16719]  ? __sys_sendmsg+0x2a0/0x2a0
[  726.340827][T16719]  ? vfs_write+0x8b2/0xd60
[  726.345290][T16719]  __se_sys_sendmsg+0x1af/0x290
[  726.350176][T16719]  ? __x64_sys_sendmsg+0x80/0x80
[  726.355144][T16719]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  726.361203][T16719]  ? lockdep_hardirqs_on+0x94/0x140
[  726.366439][T16719]  do_syscall_64+0x4c/0xa0
[  726.370886][T16719]  ? clear_bhb_loop+0x30/0x80
[  726.375599][T16719]  ? clear_bhb_loop+0x30/0x80
[  726.380312][T16719]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  726.386240][T16719] RIP: 0033:0x7ff495b01eb9
[  726.390684][T16719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  726.410321][T16719] RSP: 002b:00007ff493d5d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  726.418774][T16719] RAX: ffffffffffffffda RBX: 00007ff495d7cfa0 RCX: 00007ff495b01eb9
[  726.426861][T16719] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  726.434874][T16719] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  726.442856][T16719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.450862][T16719] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  726.458871][T16719]  </TASK>
[  726.482559][T16717] netlink: 'syz.3.3771': attribute type 9 has an invalid length.
[  726.531244][T16730] FAULT_INJECTION: forcing a failure.
[  726.531244][T16730] name failslab, interval 1, probability 0, space 0, times 0
[  726.552598][T16728] netlink: 'syz.0.3776': attribute type 10 has an invalid length.
[  726.580920][T16730] CPU: 0 PID: 16730 Comm: syz.4.3775 Not tainted syzkaller #0
[  726.588450][T16730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  726.598695][T16730] Call Trace:
[  726.601997][T16730]  <TASK>
[  726.604943][T16730]  dump_stack_lvl+0x188/0x250
[  726.609668][T16730]  ? show_regs_print_info+0x20/0x20
[  726.614913][T16730]  ? load_image+0x400/0x400
[  726.619442][T16730]  ? __might_sleep+0xf0/0xf0
[  726.624059][T16730]  ? __lock_acquire+0x7d10/0x7d10
[  726.629110][T16730]  ? __might_fault+0xb7/0x110
[  726.633826][T16730]  should_fail+0x38c/0x4c0
[  726.638281][T16730]  should_failslab+0x5/0x20
[  726.642813][T16730]  slab_pre_alloc_hook+0x51/0xc0
[  726.647779][T16730]  __kmalloc+0x6b/0x330
[  726.651959][T16730]  ? bpf_test_init+0xf8/0x1b0
[  726.656665][T16730]  bpf_test_init+0xf8/0x1b0
[  726.661194][T16730]  bpf_prog_test_run_xdp+0x1cb/0x920
[  726.666519][T16730]  ? dev_put+0x70/0x70
[  726.670617][T16730]  ? dev_put+0x70/0x70
[  726.674707][T16730]  bpf_prog_test_run+0x31e/0x390
[  726.679678][T16730]  __sys_bpf+0x5a5/0x6f0
[  726.683953][T16730]  ? perf_trace_preemptirq_template+0x2aa/0x360
[  726.690320][T16730]  ? bpf_link_show_fdinfo+0x380/0x380
[  726.695717][T16730]  ? rcu_nmi_exit+0x6f/0xf0
[  726.700255][T16730]  ? vtime_user_exit+0x2c8/0x3e0
[  726.705229][T16730]  __x64_sys_bpf+0x78/0x90
[  726.709675][T16730]  do_syscall_64+0x4c/0xa0
[  726.714111][T16730]  ? clear_bhb_loop+0x30/0x80
[  726.718807][T16730]  ? clear_bhb_loop+0x30/0x80
[  726.723514][T16730]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  726.729431][T16730] RIP: 0033:0x7f427de16eb9
[  726.733872][T16730] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  726.753558][T16730] RSP: 002b:00007f427c072028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  726.762010][T16730] RAX: ffffffffffffffda RBX: 00007f427e091fa0 RCX: 00007f427de16eb9
[  726.770005][T16730] RDX: 0000000000000048 RSI: 0000200000000040 RDI: 000000000000000a
[  726.778002][T16730] RBP: 00007f427c072090 R08: 0000000000000000 R09: 0000000000000000
[  726.785995][T16730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.793995][T16730] R13: 00007f427e092038 R14: 00007f427e091fa0 R15: 00007ffdc4504938
[  726.802003][T16730]  </TASK>
[  727.332720][T16759] netlink: 'syz.4.3788': attribute type 9 has an invalid length.
[  727.568851][T16763] netlink: 'syz.0.3790': attribute type 10 has an invalid length.
[  727.607411][T16774] netlink: 'syz.3.3791': attribute type 41 has an invalid length.
[  728.021390][T16796] netlink: 'syz.1.3803': attribute type 10 has an invalid length.
[  728.348323][T16805] netlink: 'syz.3.3807': attribute type 10 has an invalid length.
[  728.370623][T16805] bridge0: port 2(bridge_slave_1) entered disabled state
[  728.380008][T16805] bridge0: port 1(bridge_slave_0) entered disabled state
[  728.707962][T16818] FAULT_INJECTION: forcing a failure.
[  728.707962][T16818] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  728.768723][T16818] CPU: 1 PID: 16818 Comm: syz.1.3813 Not tainted syzkaller #0
[  728.776256][T16818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  728.786340][T16818] Call Trace:
[  728.789644][T16818]  <TASK>
[  728.792596][T16818]  dump_stack_lvl+0x188/0x250
[  728.797303][T16818]  ? show_regs_print_info+0x20/0x20
[  728.802532][T16818]  ? load_image+0x400/0x400
[  728.807110][T16818]  ? __lock_acquire+0x7d10/0x7d10
[  728.812171][T16818]  should_fail+0x38c/0x4c0
[  728.816618][T16818]  _copy_from_user+0x2e/0x170
[  728.816742][T16816] netlink: 'syz.4.3811': attribute type 10 has an invalid length.
[  728.821319][T16818]  get_user_ifreq+0x67/0x170
[  728.821349][T16818]  sock_ioctl+0x637/0x710
[  728.821382][T16818]  ? sock_poll+0x410/0x410
[  728.821415][T16818]  ? bpf_lsm_file_ioctl+0x5/0x10
[  728.821436][T16818]  ? security_file_ioctl+0x7c/0xa0
[  728.821461][T16818]  ? sock_poll+0x410/0x410
[  728.821484][T16818]  __se_sys_ioctl+0xfa/0x170
[  728.821507][T16818]  do_syscall_64+0x4c/0xa0
[  728.821528][T16818]  ? clear_bhb_loop+0x30/0x80
[  728.821549][T16818]  ? clear_bhb_loop+0x30/0x80
[  728.821571][T16818]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  728.821592][T16818] RIP: 0033:0x7ff495b01eb9
[  728.821612][T16818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  728.821631][T16818] RSP: 002b:00007ff493d5d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  728.821655][T16818] RAX: ffffffffffffffda RBX: 00007ff495d7cfa0 RCX: 00007ff495b01eb9
[  728.821672][T16818] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000008
[  728.821686][T16818] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  728.821700][T16818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  728.821713][T16818] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  728.821754][T16818]  </TASK>
[  728.960829][T16816] bridge0: port 2(bridge_slave_1) entered disabled state
[  728.970221][T16816] bridge0: port 1(bridge_slave_0) entered disabled state
[  729.100258][T16828] __nla_validate_parse: 39 callbacks suppressed
[  729.100293][T16828] netlink: 144316 bytes leftover after parsing attributes in process `syz.2.3817'.
[  729.137708][T16815] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3812'.
[  729.393806][T16840] netlink: 'syz.0.3820': attribute type 10 has an invalid length.
[  729.557406][T16842] bond0: (slave bridge0): Releasing backup interface
[  729.624765][T16842] bridge0: port 2(bridge_slave_1) entered blocking state
[  729.632063][T16842] bridge0: port 2(bridge_slave_1) entered forwarding state
[  729.639784][T16842] bridge0: port 1(bridge_slave_0) entered blocking state
[  729.647003][T16842] bridge0: port 1(bridge_slave_0) entered forwarding state
[  729.746044][T16843] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3824'.
[  729.802370][T16842] team0: Port device bridge0 added
[  730.062172][T16859] device team_slave_0 left promiscuous mode
[  730.120151][T16858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.137135][T16858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.147785][T16858] netlink: 33 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.158309][T16858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.169302][T16858] netlink: 33 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.180664][T16858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.207666][T16858] netlink: 33 bytes leftover after parsing attributes in process `syz.0.3830'.
[  730.791483][T16879] device veth1_macvtap entered promiscuous mode
[  730.848459][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  731.011751][T16890] bridge0: port 2(bridge_slave_1) entered disabled state
[  731.020898][T16890] bridge0: port 1(bridge_slave_0) entered disabled state
[  731.146253][T16890] team0: Port device bridge0 removed
[  731.173182][T16890] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.181188][T16890] bridge0: port 2(bridge_slave_1) entered forwarding state
[  731.190870][T16890] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.198420][T16890] bridge0: port 1(bridge_slave_0) entered forwarding state
[  731.226753][T16890] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  731.276130][T16894] validate_nla: 6 callbacks suppressed
[  731.276147][T16894] netlink: 'syz.3.3840': attribute type 10 has an invalid length.
[  731.339161][T16894] bond0: (slave bridge0): Releasing backup interface
[  731.381988][T16894] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.389227][T16894] bridge0: port 2(bridge_slave_1) entered forwarding state
[  731.396662][T16894] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.403789][T16894] bridge0: port 1(bridge_slave_0) entered forwarding state
[  731.475623][T16894] team0: Port device bridge0 added
[  731.505144][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  731.530367][T16896] device team_slave_0 left promiscuous mode
[  732.402603][T16926] netlink: 'syz.1.3853': attribute type 10 has an invalid length.
[  735.181044][T16930] __nla_validate_parse: 17 callbacks suppressed
[  735.181119][T16930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.204378][T16932] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.3856'.
[  735.255043][T16930] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.271602][T16930] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.299703][T16930] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.310886][T16930] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.321127][T16930] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.335503][T16930] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3855'.
[  735.373544][T16936] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3859'.
[  735.403423][T16943] netlink: 'syz.0.3857': attribute type 10 has an invalid length.
[  735.462623][T16943] bond0: (slave bridge0): Releasing backup interface
[  735.476988][T16943] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.484182][T16943] bridge0: port 2(bridge_slave_1) entered forwarding state
[  735.491623][T16943] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.498793][T16943] bridge0: port 1(bridge_slave_0) entered forwarding state
[  735.517554][T16943] team0: Port device bridge0 added
[  735.570297][T16948] netlink: 'syz.1.3860': attribute type 10 has an invalid length.
[  735.583538][T16951] netlink: 'syz.4.3863': attribute type 9 has an invalid length.
[  735.597887][T16951] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.3863'.
[  735.618330][T16948] bond0: (slave bridge0): Releasing backup interface
[  735.644491][T16948] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.651826][T16948] bridge0: port 2(bridge_slave_1) entered forwarding state
[  735.660200][T16948] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.667339][T16948] bridge0: port 1(bridge_slave_0) entered forwarding state
[  735.700251][T16948] team0: Port device bridge0 added
[  735.707863][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  735.740282][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  735.994932][T16967] netlink: 'syz.3.3868': attribute type 10 has an invalid length.
[  736.023518][T16967] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.032039][T16967] bridge0: port 1(bridge_slave_0) entered disabled state
[  736.237861][T16967] team0: Port device bridge0 removed
[  736.320285][T16967] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.328172][T16967] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.337578][T16967] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.345522][T16967] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.530910][T16967] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  736.609864][T16964] netlink: 'syz.0.3866': attribute type 10 has an invalid length.
[  736.642419][T16964] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.650522][T16964] bridge0: port 1(bridge_slave_0) entered disabled state
[  736.804046][T16964] team0: Port device bridge0 removed
[  736.832228][T16964] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.839601][T16964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.847058][T16964] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.854205][T16964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.902648][T16964] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  736.994229][T16975] netlink: 'syz.3.3871': attribute type 10 has an invalid length.
[  737.063149][T16975] bridge0: port 2(bridge_slave_1) entered disabled state
[  737.074023][T16975] bridge0: port 1(bridge_slave_0) entered disabled state
[  737.132798][T16982] netlink: 'syz.4.3875': attribute type 9 has an invalid length.
[  737.166694][T16984] device team_slave_0 entered promiscuous mode
[  737.197217][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  737.702805][T17011] netlink: 'syz.2.3890': attribute type 10 has an invalid length.
[  737.774824][T17016] device team_slave_0 left promiscuous mode
[  737.847670][T17020] device team_slave_0 entered promiscuous mode
[  737.890915][T17022] netlink: 'syz.1.3893': attribute type 10 has an invalid length.
[  737.915851][T17022] bridge0: port 2(bridge_slave_1) entered disabled state
[  737.923129][T17022] bridge0: port 1(bridge_slave_0) entered disabled state
[  738.002845][T17022] team0: Port device bridge0 removed
[  738.035430][T17022] bridge0: port 2(bridge_slave_1) entered blocking state
[  738.042615][T17022] bridge0: port 2(bridge_slave_1) entered forwarding state
[  738.050052][T17022] bridge0: port 1(bridge_slave_0) entered blocking state
[  738.057209][T17022] bridge0: port 1(bridge_slave_0) entered forwarding state
[  738.136160][T17022] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  738.625368][T17047] netlink: 'syz.2.3905': attribute type 10 has an invalid length.
[  738.726553][T17055] device team_slave_0 left promiscuous mode
[  738.890788][T17064] netlink: 'syz.3.3913': attribute type 10 has an invalid length.
[  739.220254][T17081] netlink: 'syz.4.3921': attribute type 10 has an invalid length.
[  739.245174][T17081] bridge0: port 2(bridge_slave_1) entered disabled state
[  739.253914][T17081] bridge0: port 1(bridge_slave_0) entered disabled state
[  739.667495][T17109] FAULT_INJECTION: forcing a failure.
[  739.667495][T17109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  739.707667][T17111] netlink: 'syz.2.3936': attribute type 29 has an invalid length.
[  739.728408][T17111] netlink: 'syz.2.3936': attribute type 29 has an invalid length.
[  739.774827][T17109] CPU: 0 PID: 17109 Comm: syz.4.3935 Not tainted syzkaller #0
[  739.782353][T17109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  739.792436][T17109] Call Trace:
[  739.795757][T17109]  <TASK>
[  739.798728][T17109]  dump_stack_lvl+0x188/0x250
[  739.803439][T17109]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  739.809641][T17109]  ? show_regs_print_info+0x20/0x20
[  739.814883][T17109]  ? load_image+0x400/0x400
[  739.819459][T17109]  should_fail+0x38c/0x4c0
[  739.823923][T17109]  _copy_from_user+0x2e/0x170
[  739.828633][T17109]  __copy_msghdr_from_user+0xc9/0x630
[  739.834059][T17109]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  739.840242][T17109]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  739.845653][T17109]  ? ___sys_sendmsg+0x100/0x2e0
[  739.850548][T17109]  ___sys_sendmsg+0x19a/0x2e0
[  739.855272][T17109]  ? __sys_sendmsg+0x2a0/0x2a0
[  739.860092][T17109]  ? __se_sys_sendmsg+0xc9/0x290
[  739.865059][T17109]  ? kasan_add_zero_shadow+0x50/0x50
[  739.870380][T17109]  __se_sys_sendmsg+0x1af/0x290
[  739.875257][T17109]  ? __x64_sys_sendmsg+0x80/0x80
[  739.880241][T17109]  ? lockdep_hardirqs_on+0x94/0x140
[  739.885483][T17109]  do_syscall_64+0x4c/0xa0
[  739.889939][T17109]  ? clear_bhb_loop+0x30/0x80
[  739.894635][T17109]  ? clear_bhb_loop+0x30/0x80
[  739.899354][T17109]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  739.905267][T17109] RIP: 0033:0x7f427de16eb9
[  739.909696][T17109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  739.929318][T17109] RSP: 002b:00007f427c072028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  739.937754][T17109] RAX: ffffffffffffffda RBX: 00007f427e091fa0 RCX: 00007f427de16eb9
[  739.945820][T17109] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  739.953889][T17109] RBP: 00007f427c072090 R08: 0000000000000000 R09: 0000000000000000
[  739.961871][T17109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  739.969866][T17109] R13: 00007f427e092038 R14: 00007f427e091fa0 R15: 00007ffdc4504938
[  739.977860][T17109]  </TASK>
[  740.143671][T17124] bridge0: port 2(bridge_slave_1) entered disabled state
[  740.151898][T17124] bridge0: port 1(bridge_slave_0) entered disabled state
[  740.311821][T17133] device team_slave_0 left promiscuous mode
[  740.409625][T17137] __nla_validate_parse: 62 callbacks suppressed
[  740.409643][T17137] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3944'.
[  740.816959][T17159] netlink: 144316 bytes leftover after parsing attributes in process `syz.0.3952'.
[  742.020302][T17153] bond0: (slave bridge0): Releasing backup interface
[  742.967574][T17153] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.974836][T17153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  742.982282][T17153] bridge0: port 1(bridge_slave_0) entered blocking state
[  742.989558][T17153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.006601][T17153] team0: Port device bridge0 added
[  743.012404][T17164] validate_nla: 2 callbacks suppressed
[  743.012421][T17164] netlink: 'syz.1.3953': attribute type 10 has an invalid length.
[  743.031420][T17171] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3956'.
[  743.072931][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  743.152256][T17182] device team_slave_0 entered promiscuous mode
[  743.195173][T12071] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  743.215793][T17184] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3957'.
[  743.262829][T17186] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3961'.
[  743.291698][T17188] netlink: 'syz.0.3962': attribute type 10 has an invalid length.
[  743.333948][T17188] bridge0: port 2(bridge_slave_1) entered disabled state
[  743.341742][T17188] bridge0: port 1(bridge_slave_0) entered disabled state
[  743.494213][T17196] netlink: 'syz.3.3966': attribute type 9 has an invalid length.
[  743.516685][T17198] netlink: 'syz.4.3968': attribute type 10 has an invalid length.
[  743.525123][T17196] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.3966'.
[  743.587867][T17202] netlink: 144316 bytes leftover after parsing attributes in process `syz.2.3969'.
[  743.663379][T17204] netlink: 'syz.0.3970': attribute type 10 has an invalid length.
[  743.682917][T17210] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3972'.
[  743.817058][T17216] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3974'.
[  743.885132][T17216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3974'.
[  743.939423][T17224] netlink: 'syz.2.3975': attribute type 10 has an invalid length.
[  746.565092][T17224] bond0: (slave bridge0): Releasing backup interface
[  746.621004][T17224] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.628268][T17224] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.641198][T17224] team0: Port device bridge0 added
[  746.647388][T17223] __nla_validate_parse: 6 callbacks suppressed
[  746.647492][T17223] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3976'.
[  746.693518][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  746.765942][T17233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3990'.
[  746.799390][T17233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3990'.
[  746.850013][T17242] netlink: 'syz.4.3983': attribute type 9 has an invalid length.
[  746.879841][T17233] netlink: 33 bytes leftover after parsing attributes in process `syz.1.3990'.
[  746.902521][T17242] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.3983'.
[  746.921657][T17233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3990'.
[  746.965859][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  746.972226][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  746.997237][T17233] netlink: 33 bytes leftover after parsing attributes in process `syz.1.3990'.
[  747.015526][T17233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3990'.
[  747.040455][T17233] netlink: 33 bytes leftover after parsing attributes in process `syz.1.3990'.
[  747.098049][T17238] netlink: 'syz.0.3981': attribute type 10 has an invalid length.
[  747.118195][T17245] netlink: 'syz.2.3984': attribute type 10 has an invalid length.
[  747.135655][T17245] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.273692][T17245] team0: Port device bridge0 removed
[  747.311152][T17245] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.318997][T17245] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.332621][T17253] netlink: 144316 bytes leftover after parsing attributes in process `syz.4.3986'.
[  747.372664][T17245] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  747.661987][T17274] netlink: 'syz.2.3994': attribute type 10 has an invalid length.
[  747.719514][T17274] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.811802][T17274] bond0: (slave bridge0): Releasing backup interface
[  747.859595][T17274] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.866793][T17274] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.934166][T17274] team0: Port device bridge0 added
[  748.268321][T17307] validate_nla: 2 callbacks suppressed
[  748.268357][T17307] netlink: 'syz.0.4005': attribute type 10 has an invalid length.
[  748.394344][T17313] FAULT_INJECTION: forcing a failure.
[  748.394344][T17313] name failslab, interval 1, probability 0, space 0, times 0
[  748.413142][T17313] CPU: 0 PID: 17313 Comm: syz.2.4008 Not tainted syzkaller #0
[  748.420661][T17313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  748.430756][T17313] Call Trace:
[  748.434053][T17313]  <TASK>
[  748.437006][T17313]  dump_stack_lvl+0x188/0x250
[  748.441715][T17313]  ? show_regs_print_info+0x20/0x20
[  748.446940][T17313]  ? load_image+0x400/0x400
[  748.451463][T17313]  ? __might_sleep+0xf0/0xf0
[  748.456057][T17313]  ? __lock_acquire+0x7d10/0x7d10
[  748.461100][T17313]  should_fail+0x38c/0x4c0
[  748.465533][T17313]  should_failslab+0x5/0x20
[  748.470046][T17313]  slab_pre_alloc_hook+0x51/0xc0
[  748.474997][T17313]  __kmalloc+0x6b/0x330
[  748.479168][T17313]  ? tomoyo_encode+0x27e/0x540
[  748.483953][T17313]  tomoyo_encode+0x27e/0x540
[  748.488559][T17313]  tomoyo_realpath_from_path+0x5cd/0x610
[  748.494311][T17313]  tomoyo_path_number_perm+0x242/0x660
[  748.499798][T17313]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  748.505274][T17313]  ? perf_trace_lock+0xe4/0x390
[  748.510133][T17313]  ? perf_trace_lock+0xe4/0x390
[  748.515029][T17313]  security_file_ioctl+0x6c/0xa0
[  748.519984][T17313]  __se_sys_ioctl+0x48/0x170
[  748.524582][T17313]  do_syscall_64+0x4c/0xa0
[  748.529006][T17313]  ? clear_bhb_loop+0x30/0x80
[  748.533692][T17313]  ? clear_bhb_loop+0x30/0x80
[  748.538386][T17313]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  748.544292][T17313] RIP: 0033:0x7f108adcbeb9
[  748.548720][T17313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  748.568332][T17313] RSP: 002b:00007f1089027028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  748.576766][T17313] RAX: ffffffffffffffda RBX: 00007f108b046fa0 RCX: 00007f108adcbeb9
[  748.584748][T17313] RDX: 0000200000000080 RSI: 00000000000089f0 RDI: 0000000000000004
[  748.592724][T17313] RBP: 00007f1089027090 R08: 0000000000000000 R09: 0000000000000000
[  748.600707][T17313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.608705][T17313] R13: 00007f108b047038 R14: 00007f108b046fa0 R15: 00007ffcd9256bc8
[  748.616706][T17313]  </TASK>
[  748.641782][T17313] ERROR: Out of memory at tomoyo_realpath_from_path.
[  748.657052][T17318] device team_slave_0 entered promiscuous mode
[  748.697473][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  748.801307][T17323] netlink: 'syz.2.4015': attribute type 5 has an invalid length.
[  749.033267][T11990] Bluetooth: hci5: command 0x0406 tx timeout
[  752.240593][T17345] __nla_validate_parse: 34 callbacks suppressed
[  752.240614][T17345] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4022'.
[  752.273196][T17357] netlink: 'syz.4.4026': attribute type 21 has an invalid length.
[  752.451257][T17364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.497415][T17364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.520052][T17364] netlink: 33 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.534553][T17364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.609299][T17364] netlink: 33 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.629831][T17364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.643724][T17364] netlink: 33 bytes leftover after parsing attributes in process `syz.4.4029'.
[  752.839331][T17376] netlink: 144316 bytes leftover after parsing attributes in process `syz.0.4033'.
[  752.848044][T17380] netlink: 10 bytes leftover after parsing attributes in process `syz.4.4034'.
[  753.008744][T17383] FAULT_INJECTION: forcing a failure.
[  753.008744][T17383] name failslab, interval 1, probability 0, space 0, times 0
[  753.054393][T17380] netlink: 'syz.4.4034': attribute type 7 has an invalid length.
[  753.110889][T17383] CPU: 1 PID: 17383 Comm: syz.1.4036 Not tainted syzkaller #0
[  753.118437][T17383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  753.128612][T17383] Call Trace:
[  753.131929][T17383]  <TASK>
[  753.134892][T17383]  dump_stack_lvl+0x188/0x250
[  753.139615][T17383]  ? show_regs_print_info+0x20/0x20
[  753.144852][T17383]  ? load_image+0x400/0x400
[  753.149429][T17383]  ? __might_sleep+0xf0/0xf0
[  753.154177][T17383]  ? __lock_acquire+0x7d10/0x7d10
[  753.159246][T17383]  should_fail+0x38c/0x4c0
[  753.163721][T17383]  should_failslab+0x5/0x20
[  753.168263][T17383]  slab_pre_alloc_hook+0x51/0xc0
[  753.173235][T17383]  __kmalloc_node+0x6e/0x3b0
[  753.177863][T17383]  ? kvmalloc_node+0x84/0x130
[  753.182583][T17383]  ? __might_fault+0xb3/0x110
[  753.187324][T17383]  kvmalloc_node+0x84/0x130
[  753.191870][T17383]  map_update_elem+0x53d/0x770
[  753.196680][T17383]  __sys_bpf+0x46b/0x6f0
[  753.200978][T17383]  ? bpf_link_show_fdinfo+0x380/0x380
[  753.206416][T17383]  __x64_sys_bpf+0x78/0x90
[  753.210872][T17383]  do_syscall_64+0x4c/0xa0
[  753.215319][T17383]  ? clear_bhb_loop+0x30/0x80
[  753.220075][T17383]  ? clear_bhb_loop+0x30/0x80
[  753.224782][T17383]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  753.230703][T17383] RIP: 0033:0x7ff495b01eb9
[  753.234946][T17390] netlink: 'syz.0.4038': attribute type 10 has an invalid length.
[  753.243003][T17383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  753.243023][T17383] RSP: 002b:00007ff493d5d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  753.243047][T17383] RAX: ffffffffffffffda RBX: 00007ff495d7cfa0 RCX: 00007ff495b01eb9
[  753.243064][T17383] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000002
[  753.243077][T17383] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  753.243091][T17383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  753.243104][T17383] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  753.243138][T17383]  </TASK>
[  753.462301][T17400] netlink: 'syz.3.4041': attribute type 10 has an invalid length.
[  753.555575][T17402] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  753.563316][T17400] bridge0: port 2(bridge_slave_1) entered disabled state
[  753.571978][T17400] bridge0: port 1(bridge_slave_0) entered disabled state
[  753.616243][T17407] netlink: 'syz.4.4044': attribute type 9 has an invalid length.
[  753.822102][T17412] FAULT_INJECTION: forcing a failure.
[  753.822102][T17412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  753.877697][T17412] CPU: 0 PID: 17412 Comm: syz.4.4046 Not tainted syzkaller #0
[  753.880207][T17400] team0: Port device bridge0 removed
[  753.885235][T17412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  753.885249][T17412] Call Trace:
[  753.885257][T17412]  <TASK>
[  753.885265][T17412]  dump_stack_lvl+0x188/0x250
[  753.885297][T17412]  ? show_regs_print_info+0x20/0x20
[  753.885319][T17412]  ? load_image+0x400/0x400
[  753.885364][T17412]  ? __lock_acquire+0x7d10/0x7d10
[  753.885399][T17412]  should_fail+0x38c/0x4c0
[  753.885429][T17412]  _copy_from_user+0x2e/0x170
[  753.885471][T17412]  ____sys_sendmsg+0x30a/0x8f0
[  753.885507][T17412]  ? __sys_sendmsg_sock+0x30/0x30
[  753.885543][T17412]  ? import_iovec+0x6f/0xa0
[  753.885572][T17412]  ___sys_sendmsg+0x236/0x2e0
[  753.885604][T17412]  ? __sys_sendmsg+0x2a0/0x2a0
[  753.885665][T17412]  __se_sys_sendmsg+0x1af/0x290
[  753.885693][T17412]  ? __x64_sys_sendmsg+0x80/0x80
[  753.885715][T17412]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  753.885753][T17412]  ? lockdep_hardirqs_on+0x94/0x140
[  753.885782][T17412]  do_syscall_64+0x4c/0xa0
[  753.885801][T17412]  ? clear_bhb_loop+0x30/0x80
[  753.885822][T17412]  ? clear_bhb_loop+0x30/0x80
[  753.885852][T17412]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  753.885874][T17412] RIP: 0033:0x7f427de16eb9
[  753.885894][T17412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  753.885913][T17412] RSP: 002b:00007f427c072028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  753.885938][T17412] RAX: ffffffffffffffda RBX: 00007f427e091fa0 RCX: 00007f427de16eb9
[  753.885955][T17412] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000003
[  753.885970][T17412] RBP: 00007f427c072090 R08: 0000000000000000 R09: 0000000000000000
[  753.885984][T17412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  753.885998][T17412] R13: 00007f427e092038 R14: 00007f427e091fa0 R15: 00007ffdc4504938
[  753.886029][T17412]  </TASK>
[  754.175819][T17400] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.183531][T17400] bridge0: port 2(bridge_slave_1) entered forwarding state
[  754.192006][T17400] bridge0: port 1(bridge_slave_0) entered blocking state
[  754.200012][T17400] bridge0: port 1(bridge_slave_0) entered forwarding state
[  754.359493][T17400] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  754.379641][T17421] netlink: 'syz.4.4049': attribute type 10 has an invalid length.
[  754.984638][T17443] netlink: 'syz.2.4055': attribute type 10 has an invalid length.
[  755.035309][T17443] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.227411][T17443] team0: Port device bridge0 removed
[  755.251031][T17443] bridge0: port 2(bridge_slave_1) entered blocking state
[  755.258625][T17443] bridge0: port 2(bridge_slave_1) entered forwarding state
[  755.329956][T17443] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  755.365203][T17457] netlink: 'syz.1.4062': attribute type 10 has an invalid length.
[  755.616160][T17462] netlink: 'syz.1.4064': attribute type 10 has an invalid length.
[  756.202540][T17489] netlink: 'syz.2.4075': attribute type 10 has an invalid length.
[  756.226097][T17489] bridge0: port 2(bridge_slave_1) entered disabled state
[  756.320668][T17491] netlink: 'syz.1.4076': attribute type 10 has an invalid length.
[  756.751992][T17501] netlink: 'syz.1.4081': attribute type 7 has an invalid length.
[  756.948624][T17512] netlink: 'syz.0.4086': attribute type 10 has an invalid length.
[  757.510559][T17532] __nla_validate_parse: 18 callbacks suppressed
[  757.510595][T17532] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4095'.
[  758.192953][T17552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.235615][T17552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.273862][T17552] netlink: 33 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.317111][T17552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.337056][T17552] netlink: 33 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.360330][T17552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.371656][T17552] netlink: 33 bytes leftover after parsing attributes in process `syz.0.4105'.
[  758.403970][T17553] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4104'.
[  758.515080][T17566] netlink: 10 bytes leftover after parsing attributes in process `syz.4.4109'.
[  758.558460][T17568] validate_nla: 4 callbacks suppressed
[  758.558492][T17568] netlink: 'syz.0.4110': attribute type 10 has an invalid length.
[  758.733392][T17570] netlink: 'syz.2.4111': attribute type 1 has an invalid length.
[  758.742690][T17570] netlink: 'syz.2.4111': attribute type 4 has an invalid length.
[  759.137913][T17587] netlink: 'syz.1.4119': attribute type 10 has an invalid length.
[  759.942419][T17613] netlink: 'syz.1.4127': attribute type 10 has an invalid length.
[  760.781881][T17631] netlink: 'syz.4.4133': attribute type 10 has an invalid length.
[  761.537345][T17668] netlink: 'syz.0.4153': attribute type 10 has an invalid length.
[  761.695519][T17675] netlink: 'syz.3.4151': attribute type 4 has an invalid length.
[  761.731458][T17677] FAULT_INJECTION: forcing a failure.
[  761.731458][T17677] name failslab, interval 1, probability 0, space 0, times 0
[  761.803328][T17677] CPU: 1 PID: 17677 Comm: syz.0.4156 Not tainted syzkaller #0
[  761.810854][T17677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  761.820950][T17677] Call Trace:
[  761.824250][T17677]  <TASK>
[  761.827202][T17677]  dump_stack_lvl+0x188/0x250
[  761.831913][T17677]  ? show_regs_print_info+0x20/0x20
[  761.837147][T17677]  ? load_image+0x400/0x400
[  761.841687][T17677]  ? __might_sleep+0xf0/0xf0
[  761.846304][T17677]  ? __lock_acquire+0x7d10/0x7d10
[  761.851363][T17677]  ? mark_lock+0x94/0x320
[  761.855720][T17677]  should_fail+0x38c/0x4c0
[  761.860175][T17677]  should_failslab+0x5/0x20
[  761.864718][T17677]  slab_pre_alloc_hook+0x51/0xc0
[  761.869686][T17677]  __kmalloc+0x6b/0x330
[  761.873867][T17677]  ? tomoyo_realpath_from_path+0x118/0x610
[  761.879712][T17677]  tomoyo_realpath_from_path+0x118/0x610
[  761.885393][T17677]  tomoyo_path_number_perm+0x242/0x660
[  761.890885][T17677]  ? verify_lock_unused+0x140/0x140
[  761.896125][T17677]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  761.901619][T17677]  ? ksys_write+0x1c6/0x260
[  761.906199][T17677]  security_file_ioctl+0x6c/0xa0
[  761.911177][T17677]  __se_sys_ioctl+0x48/0x170
[  761.915799][T17677]  do_syscall_64+0x4c/0xa0
[  761.920258][T17677]  ? clear_bhb_loop+0x30/0x80
[  761.924969][T17677]  ? clear_bhb_loop+0x30/0x80
[  761.929681][T17677]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  761.935622][T17677] RIP: 0033:0x7f68c789ceb9
[  761.940069][T17677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  761.959706][T17677] RSP: 002b:00007f68c5af8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  761.968177][T17677] RAX: ffffffffffffffda RBX: 00007f68c7b17fa0 RCX: 00007f68c789ceb9
[  761.976188][T17677] RDX: 0000200000000140 RSI: 0000000000008914 RDI: 0000000000000004
[  761.984206][T17677] RBP: 00007f68c5af8090 R08: 0000000000000000 R09: 0000000000000000
[  761.992213][T17677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  762.000221][T17677] R13: 00007f68c7b18038 R14: 00007f68c7b17fa0 R15: 00007ffff8c84678
[  762.008255][T17677]  </TASK>
[  762.180408][T17677] ERROR: Out of memory at tomoyo_realpath_from_path.
[  762.524091][T17696] __nla_validate_parse: 30 callbacks suppressed
[  762.524128][T17696] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4164'.
[  762.720654][T17707] netlink: 144316 bytes leftover after parsing attributes in process `syz.3.4167'.
[  762.876761][T17712] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4169'.
[  762.983369][T17715] netlink: 'syz.2.4168': attribute type 29 has an invalid length.
[  762.995469][T17712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4169'.
[  763.092953][T17712] netlink: 33 bytes leftover after parsing attributes in process `syz.1.4169'.
[  763.151562][T17712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4169'.
[  763.166313][T17712] netlink: 33 bytes leftover after parsing attributes in process `syz.1.4169'.
[  763.188627][T17712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4169'.
[  763.226093][T17712] netlink: 33 bytes leftover after parsing attributes in process `syz.1.4169'.
[  763.375169][T17715] netlink: 'syz.2.4168': attribute type 29 has an invalid length.
[  763.815483][T17730] netlink: 'syz.1.4171': attribute type 4 has an invalid length.
[  763.951653][T17738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4177'.
[  764.393341][   T21] Bluetooth: hci0: command 0x0406 tx timeout
[  764.440567][T17761] FAULT_INJECTION: forcing a failure.
[  764.440567][T17761] name failslab, interval 1, probability 0, space 0, times 0
[  764.526598][T17761] CPU: 0 PID: 17761 Comm: syz.0.4184 Not tainted syzkaller #0
[  764.534119][T17761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  764.544197][T17761] Call Trace:
[  764.547486][T17761]  <TASK>
[  764.550422][T17761]  dump_stack_lvl+0x188/0x250
[  764.555113][T17761]  ? show_regs_print_info+0x20/0x20
[  764.560319][T17761]  ? load_image+0x400/0x400
[  764.564831][T17761]  ? __might_sleep+0xf0/0xf0
[  764.569426][T17761]  ? __lock_acquire+0x7d10/0x7d10
[  764.574466][T17761]  should_fail+0x38c/0x4c0
[  764.578905][T17761]  should_failslab+0x5/0x20
[  764.583421][T17761]  slab_pre_alloc_hook+0x51/0xc0
[  764.588364][T17761]  __kmalloc_node_track_caller+0x68/0x3a0
[  764.594097][T17761]  ? netlink_sendmsg+0x654/0xbe0
[  764.599067][T17761]  ? kmem_cache_alloc_node+0x162/0x2d0
[  764.604668][T17761]  ? __alloc_skb+0xf4/0x750
[  764.609313][T17761]  ? netlink_sendmsg+0x654/0xbe0
[  764.614271][T17761]  __alloc_skb+0x22c/0x750
[  764.618728][T17761]  netlink_sendmsg+0x654/0xbe0
[  764.623521][T17761]  ? netlink_getsockopt+0x570/0x570
[  764.628743][T17761]  ? aa_sock_msg_perm+0x94/0x150
[  764.633706][T17761]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  764.639017][T17761]  ? security_socket_sendmsg+0x7c/0xa0
[  764.644523][T17761]  ? netlink_getsockopt+0x570/0x570
[  764.649749][T17761]  ____sys_sendmsg+0x5b7/0x8f0
[  764.654536][T17761]  ? __sys_sendmsg_sock+0x30/0x30
[  764.659577][T17761]  ? import_iovec+0x6f/0xa0
[  764.664101][T17761]  ___sys_sendmsg+0x236/0x2e0
[  764.668796][T17761]  ? __sys_sendmsg+0x2a0/0x2a0
[  764.673582][T17761]  ? ktime_get_real_ts64+0x440/0x440
[  764.678905][T17761]  __se_sys_sendmsg+0x1af/0x290
[  764.683775][T17761]  ? __x64_sys_sendmsg+0x80/0x80
[  764.688729][T17761]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  764.694736][T17761]  ? lockdep_hardirqs_on+0x94/0x140
[  764.699972][T17761]  do_syscall_64+0x4c/0xa0
[  764.704401][T17761]  ? clear_bhb_loop+0x30/0x80
[  764.709087][T17761]  ? clear_bhb_loop+0x30/0x80
[  764.713787][T17761]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  764.719812][T17761] RIP: 0033:0x7f68c789ceb9
[  764.724255][T17761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  764.743867][T17761] RSP: 002b:00007f68c5af8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  764.752297][T17761] RAX: ffffffffffffffda RBX: 00007f68c7b17fa0 RCX: 00007f68c789ceb9
[  764.760299][T17761] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000006
[  764.768361][T17761] RBP: 00007f68c5af8090 R08: 0000000000000000 R09: 0000000000000000
[  764.776356][T17761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  764.784339][T17761] R13: 00007f68c7b18038 R14: 00007f68c7b17fa0 R15: 00007ffff8c84678
[  764.792341][T17761]  </TASK>
[  765.046078][T17777] netlink: 'syz.1.4191': attribute type 10 has an invalid length.
[  765.224589][T17782] netlink: 'syz.2.4193': attribute type 4 has an invalid length.
[  765.503653][T17787] netlink: 'syz.1.4195': attribute type 29 has an invalid length.
[  765.558998][T17787] netlink: 'syz.1.4195': attribute type 29 has an invalid length.
[  765.823843][T17810] netlink: 'syz.2.4205': attribute type 10 has an invalid length.
[  766.354782][T17839] netlink: 'syz.2.4218': attribute type 10 has an invalid length.
[  766.873724][T17860] netlink: 'syz.4.4222': attribute type 29 has an invalid length.
[  766.882096][T17860] netlink: 'syz.4.4222': attribute type 29 has an invalid length.
[  767.609214][T17883] netlink: 'syz.3.4236': attribute type 29 has an invalid length.
[  767.755362][T17893] __nla_validate_parse: 35 callbacks suppressed
[  767.755397][T17893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4241'.
[  767.780775][T17889] netlink: 144316 bytes leftover after parsing attributes in process `syz.0.4240'.
[  767.814671][T17893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4241'.
[  767.833636][T17893] netlink: 33 bytes leftover after parsing attributes in process `syz.3.4241'.
[  767.911946][T17893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4241'.
[  767.950039][T17893] netlink: 33 bytes leftover after parsing attributes in process `syz.3.4241'.
[  767.988558][T17893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4241'.
[  768.041713][T17893] netlink: 33 bytes leftover after parsing attributes in process `syz.3.4241'.
[  768.100312][T17892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4239'.
[  768.114048][T17892] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4239'.
[  768.331886][T17914] FAULT_INJECTION: forcing a failure.
[  768.331886][T17914] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  768.419129][T17914] CPU: 0 PID: 17914 Comm: syz.1.4250 Not tainted syzkaller #0
[  768.426660][T17914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  768.436751][T17914] Call Trace:
[  768.440053][T17914]  <TASK>
[  768.442998][T17914]  dump_stack_lvl+0x188/0x250
[  768.447707][T17914]  ? show_regs_print_info+0x20/0x20
[  768.452939][T17914]  ? load_image+0x400/0x400
[  768.457473][T17914]  ? __lock_acquire+0x7d10/0x7d10
[  768.462533][T17914]  should_fail+0x38c/0x4c0
[  768.466978][T17914]  _copy_from_user+0x2e/0x170
[  768.471685][T17914]  __copy_msghdr_from_user+0xc9/0x630
[  768.477085][T17914]  ? verify_lock_unused+0x140/0x140
[  768.482316][T17914]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  768.487649][T17914]  ___sys_sendmsg+0x19a/0x2e0
[  768.492366][T17914]  ? __sys_sendmsg+0x2a0/0x2a0
[  768.497200][T17914]  __se_sys_sendmsg+0x1af/0x290
[  768.502087][T17914]  ? __x64_sys_sendmsg+0x80/0x80
[  768.507053][T17914]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  768.513078][T17914]  ? lockdep_hardirqs_on+0x94/0x140
[  768.518332][T17914]  do_syscall_64+0x4c/0xa0
[  768.522772][T17914]  ? clear_bhb_loop+0x30/0x80
[  768.527493][T17914]  ? clear_bhb_loop+0x30/0x80
[  768.532189][T17914]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  768.538122][T17914] RIP: 0033:0x7ff495b01eb9
[  768.542560][T17914] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  768.562319][T17914] RSP: 002b:00007ff493d5d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  768.570765][T17914] RAX: ffffffffffffffda RBX: 00007ff495d7cfa0 RCX: 00007ff495b01eb9
[  768.578764][T17914] RDX: 0000000020000800 RSI: 0000200000000080 RDI: 0000000000000003
[  768.586780][T17914] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  768.594798][T17914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  768.602794][T17914] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  768.610809][T17914]  </TASK>
[  769.207398][T17932] validate_nla: 3 callbacks suppressed
[  769.207432][T17932] netlink: 'syz.4.4254': attribute type 4 has an invalid length.
[  769.541344][T17961] netlink: 'syz.1.4268': attribute type 10 has an invalid length.
[  769.628347][T17961] bond0: (slave bridge0): Releasing backup interface
[  769.667876][T17961] bridge0: port 2(bridge_slave_1) entered blocking state
[  769.675199][T17961] bridge0: port 2(bridge_slave_1) entered forwarding state
[  769.683744][T17961] bridge0: port 1(bridge_slave_0) entered blocking state
[  769.690861][T17961] bridge0: port 1(bridge_slave_0) entered forwarding state
[  769.731109][T17968] FAULT_INJECTION: forcing a failure.
[  769.731109][T17968] name failslab, interval 1, probability 0, space 0, times 0
[  769.772492][T17968] CPU: 1 PID: 17968 Comm: syz.3.4270 Not tainted syzkaller #0
[  769.780015][T17968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  769.790092][T17968] Call Trace:
[  769.793399][T17968]  <TASK>
[  769.796351][T17968]  dump_stack_lvl+0x188/0x250
[  769.801120][T17968]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  769.807304][T17968]  ? show_regs_print_info+0x20/0x20
[  769.812537][T17968]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  769.818735][T17968]  ? dump_stack+0x5/0x20
[  769.823023][T17968]  should_fail+0x38c/0x4c0
[  769.827476][T17968]  should_failslab+0x5/0x20
[  769.832014][T17968]  slab_pre_alloc_hook+0x51/0xc0
[  769.836980][T17968]  __kmalloc_node+0x6e/0x3b0
[  769.841601][T17968]  ? kvmalloc_node+0x84/0x130
[  769.846315][T17968]  kvmalloc_node+0x84/0x130
[  769.850847][T17968]  btf_new_fd+0x1e2/0x910
[  769.855212][T17968]  __sys_bpf+0x58c/0x6f0
[  769.859495][T17968]  ? bpf_link_show_fdinfo+0x380/0x380
[  769.864916][T17968]  __x64_sys_bpf+0x78/0x90
[  769.869362][T17968]  do_syscall_64+0x4c/0xa0
[  769.873802][T17968]  ? clear_bhb_loop+0x30/0x80
[  769.878498][T17968]  ? clear_bhb_loop+0x30/0x80
[  769.883202][T17968]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  769.889138][T17968] RIP: 0033:0x7f1154736eb9
[  769.893585][T17968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  769.913217][T17968] RSP: 002b:00007f1152992028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  769.921680][T17968] RAX: ffffffffffffffda RBX: 00007f11549b1fa0 RCX: 00007f1154736eb9
[  769.929685][T17968] RDX: 0000000000000028 RSI: 0000200000000500 RDI: 0000000000000012
[  769.937690][T17968] RBP: 00007f1152992090 R08: 0000000000000000 R09: 0000000000000000
[  769.945681][T17968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.953680][T17968] R13: 00007f11549b2038 R14: 00007f11549b1fa0 R15: 00007ffc0bfbf298
[  769.961705][T17968]  </TASK>
[  769.993831][T17961] team0: Port device bridge0 added
[  770.010376][T13477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  770.292894][T17978] netlink: 'syz.2.4275': attribute type 4 has an invalid length.
[  770.829399][T18005] netlink: 'syz.4.4287': attribute type 10 has an invalid length.
[  770.855831][T18005] bond0: (slave bridge0): Releasing backup interface
[  770.872411][T18005] bridge0: port 2(bridge_slave_1) entered blocking state
[  770.879779][T18005] bridge0: port 2(bridge_slave_1) entered forwarding state
[  770.887279][T18005] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.894432][T18005] bridge0: port 1(bridge_slave_0) entered forwarding state
[  770.905491][T18005] team0: Port device bridge0 added
[  770.922431][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  771.226259][T18020] netlink: 'syz.1.4290': attribute type 4 has an invalid length.
[  772.095848][T18055] netlink: 'syz.3.4306': attribute type 4 has an invalid length.
[  772.280017][T18053] netlink: 'syz.0.4307': attribute type 4 has an invalid length.
[  772.545362][T18076] netlink: 'syz.2.4315': attribute type 4 has an invalid length.
[  772.593968][T18077] FAULT_INJECTION: forcing a failure.
[  772.593968][T18077] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  772.710716][T18077] CPU: 1 PID: 18077 Comm: syz.1.4316 Not tainted syzkaller #0
[  772.718243][T18077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  772.728358][T18077] Call Trace:
[  772.731664][T18077]  <TASK>
[  772.734612][T18077]  dump_stack_lvl+0x188/0x250
[  772.739330][T18077]  ? show_regs_print_info+0x20/0x20
[  772.744564][T18077]  ? load_image+0x400/0x400
[  772.749100][T18077]  ? __lock_acquire+0x7d10/0x7d10
[  772.754165][T18077]  should_fail+0x38c/0x4c0
[  772.758624][T18077]  _copy_from_iter+0x22e/0x1170
[  772.763527][T18077]  ? __lock_acquire+0x7d10/0x7d10
[  772.768617][T18077]  ? copy_mc_pipe_to_iter+0x7d0/0x7d0
[  772.774041][T18077]  ? __virt_addr_valid+0x3c6/0x470
[  772.779186][T18077]  ? __phys_addr_symbol+0x2b/0x70
[  772.784239][T18077]  ? __check_object_size+0x30c/0x410
[  772.789560][T18077]  netlink_sendmsg+0x758/0xbe0
[  772.794364][T18077]  ? netlink_getsockopt+0x570/0x570
[  772.799627][T18077]  ? aa_sock_msg_perm+0x94/0x150
[  772.804602][T18077]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  772.809917][T18077]  ? security_socket_sendmsg+0x7c/0xa0
[  772.815407][T18077]  ? netlink_getsockopt+0x570/0x570
[  772.820639][T18077]  ____sys_sendmsg+0x5b7/0x8f0
[  772.825461][T18077]  ? __sys_sendmsg_sock+0x30/0x30
[  772.830539][T18077]  ? import_iovec+0x6f/0xa0
[  772.835079][T18077]  ___sys_sendmsg+0x236/0x2e0
[  772.839799][T18077]  ? __sys_sendmsg+0x2a0/0x2a0
[  772.844609][T18077]  ? vfs_write+0x8b2/0xd60
[  772.849087][T18077]  __se_sys_sendmsg+0x1af/0x290
[  772.854005][T18077]  ? __x64_sys_sendmsg+0x80/0x80
[  772.858982][T18077]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  772.865021][T18077]  ? lockdep_hardirqs_on+0x94/0x140
[  772.870252][T18077]  do_syscall_64+0x4c/0xa0
[  772.874698][T18077]  ? clear_bhb_loop+0x30/0x80
[  772.879425][T18077]  ? clear_bhb_loop+0x30/0x80
[  772.884132][T18077]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  772.890046][T18077] RIP: 0033:0x7ff495b01eb9
[  772.894490][T18077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  772.914134][T18077] RSP: 002b:00007ff493d5d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  772.922610][T18077] RAX: ffffffffffffffda RBX: 00007ff495d7cfa0 RCX: 00007ff495b01eb9
[  772.930619][T18077] RDX: 0000000000004040 RSI: 00002000000004c0 RDI: 0000000000000003
[  772.938636][T18077] RBP: 00007ff493d5d090 R08: 0000000000000000 R09: 0000000000000000
[  772.946647][T18077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  772.954654][T18077] R13: 00007ff495d7d038 R14: 00007ff495d7cfa0 R15: 00007ffd777408a8
[  772.962676][T18077]  </TASK>
[  773.215378][T18085] __nla_validate_parse: 45 callbacks suppressed
[  773.215415][T18085] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4321'.
[  773.284780][T18084] netlink: 'syz.4.4320': attribute type 10 has an invalid length.
[  773.319091][T18084] bridge0: port 2(bridge_slave_1) entered disabled state
[  773.327192][T18084] bridge0: port 1(bridge_slave_0) entered disabled state
[  773.511647][T18084] team0: Port device bridge0 removed
[  773.642518][T18084] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.650837][T18084] bridge0: port 2(bridge_slave_1) entered forwarding state
[  773.662179][T18084] bridge0: port 1(bridge_slave_0) entered blocking state
[  773.670697][T18084] bridge0: port 1(bridge_slave_0) entered forwarding state
[  773.747139][T18084] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  773.780718][T18087] netlink: 'syz.3.4322': attribute type 4 has an invalid length.
[  773.805469][T18096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4326'.
[  773.827044][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4326'.
[  773.858026][T18096] netlink: 33 bytes leftover after parsing attributes in process `syz.2.4326'.
[  773.885334][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4326'.
[  773.911064][T18096] netlink: 33 bytes leftover after parsing attributes in process `syz.2.4326'.
[  773.942948][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4326'.
[  773.972872][T18096] netlink: 33 bytes leftover after parsing attributes in process `syz.2.4326'.
[  774.019958][T18102] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4328'.
[  774.200119][T18118] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4334'.
[  774.928297][T18142] netlink: 'syz.0.4340': attribute type 4 has an invalid length.
[  775.334706][T18159] netlink: 'syz.2.4351': attribute type 4 has an invalid length.
[  775.415185][T18159] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  776.014545][T18191] netlink: 'syz.0.4361': attribute type 10 has an invalid length.
[  776.231084][T18191] team0: Port device geneve1 added
[  776.605088][T18199] device bond0 entered promiscuous mode
[  776.610703][T18199] device bond_slave_0 entered promiscuous mode
[  776.699500][T18199] device bond_slave_1 entered promiscuous mode
[  776.727005][T18199] device batadv0 entered promiscuous mode
[  776.736377][T18199] device bridge0 entered promiscuous mode
[  779.706690][T18216] __nla_validate_parse: 13 callbacks suppressed
[  779.706730][T18216] netlink: 202920 bytes leftover after parsing attributes in process `syz.2.4373'.
[  779.789512][ T4229] Bluetooth: hci4: command 0x0406 tx timeout
[  779.802867][T18227] netlink: 'syz.2.4373': attribute type 29 has an invalid length.
[  779.881199][T18227] netlink: 'syz.2.4373': attribute type 29 has an invalid length.
[  779.916936][T18216] netlink: 'syz.2.4373': attribute type 29 has an invalid length.
[  780.332976][T18246] device syzkaller0 entered promiscuous mode
[  780.846969][T18250] delete_channel: no stack
[  783.815189][T18289] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.4401'.
[  783.974668][T18299] netlink: 'syz.2.4404': attribute type 39 has an invalid length.
[  784.251209][T18295] netlink: 'syz.4.4401': attribute type 10 has an invalid length.
[  784.532536][T18295] team0: Port device dummy0 added
[  784.567103][T18301] netlink: 'syz.4.4401': attribute type 10 has an invalid length.
[  784.607781][T18301] team0: Port device dummy0 removed
[  784.618501][T18301] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  784.638352][T18310] netlink: 'syz.0.4406': attribute type 10 has an invalid length.
[  784.695411][T18310] team0: Device veth1_macvtap failed to register rx_handler
[  784.815467][T18317] device lo entered promiscuous mode
[  785.056302][T18327] netlink: 'syz.1.4412': attribute type 1 has an invalid length.
[  785.114331][T18327] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.4412'.
[  792.320449][T18415] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4442'.
[  792.491011][T18426] netlink: 'syz.2.4447': attribute type 1 has an invalid length.
[  792.518932][T18427] netlink: 'syz.3.4449': attribute type 10 has an invalid length.
[  792.539846][T18426] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.4447'.
[  792.555936][T18427] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4449'.
[  792.579427][T18427] device team0 entered promiscuous mode
[  792.628909][T18427] device team_slave_1 entered promiscuous mode
[  792.687203][T18427] bridge0: port 3(team0) entered blocking state
[  792.717145][T18427] bridge0: port 3(team0) entered disabled state
[  792.757353][T18427] bridge0: port 3(team0) entered blocking state
[  792.763780][T18427] bridge0: port 3(team0) entered forwarding state
[  792.777412][T18434] netlink: 65055 bytes leftover after parsing attributes in process `syz.0.4450'.
[  792.791647][T18434] tc_dump_action: action bad kind
[  792.798789][T18438] netlink: 'syz.2.4452': attribute type 16 has an invalid length.
[  792.815189][T18438] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4452'.
[  793.011380][T18448] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4456'.
[  793.059497][T18448] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4456'.
[  793.078116][T18452] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4456'.
[  793.090134][T18448] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4456'.
[  795.881752][T18462] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  795.940064][T18462] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  796.220562][T18473] netlink: 'syz.3.4466': attribute type 10 has an invalid length.
[  796.255028][T18473] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4466'.
[  796.283787][T18473] batman_adv: batadv0: Adding interface: hsr_slave_1
[  796.290774][T18473] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  796.410646][T18473] batman_adv: batadv0: Interface activated: hsr_slave_1
[  796.446310][T18479] netlink: 'syz.2.4464': attribute type 10 has an invalid length.
[  796.456543][T18472] delete_channel: no stack
[  796.463572][T18479] batman_adv: batadv0: Adding interface: hsr_slave_1
[  796.470311][T18479] batman_adv: batadv0: Interface activated: hsr_slave_1
[  796.541316][T18482] device syzkaller0 entered promiscuous mode
[  796.560139][T18470] delete_channel: no stack
[  796.580406][T12071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  796.791328][T18496] netlink: 'syz.3.4471': attribute type 39 has an invalid length.
[  796.834386][T18491] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  796.855405][T18491] device syzkaller0 entered promiscuous mode
[  797.363843][T18522] __nla_validate_parse: 3 callbacks suppressed
[  797.363859][T18522] netlink: 1 bytes leftover after parsing attributes in process `syz.1.4482'.
[  797.441251][T18526] netlink: 'syz.3.4484': attribute type 16 has an invalid length.
[  797.500055][T18526] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4484'.
[  797.746607][T18543] netlink: 'syz.0.4491': attribute type 39 has an invalid length.
[  798.056310][T18549] netlink: 'syz.4.4492': attribute type 33 has an invalid length.
[  798.070100][T18549] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4492'.
[  798.111178][T18549] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  798.615874][T18565] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4500'.
[  798.685225][T18564] device syzkaller0 entered promiscuous mode
[  798.795579][T18564] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.4498'.
[  799.142027][T18582] netlink: 'syz.1.4506': attribute type 10 has an invalid length.
[  799.150288][T18582] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4506'.
[  799.167658][T18582] batman_adv: batadv0: Adding interface: hsr_slave_1
[  799.196900][T18582] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  799.237202][T18582] batman_adv: batadv0: Interface activated: hsr_slave_1
[  799.263604][T18588] netlink: 'syz.0.4505': attribute type 10 has an invalid length.
[  799.294901][T18581] delete_channel: no stack
[  799.307055][T18588] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4505'.
[  799.374072][T18588] batman_adv: batadv0: Adding interface: hsr_slave_1
[  799.427085][T18588] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  799.570199][T18588] batman_adv: batadv0: Interface activated: hsr_slave_1
[  799.680655][T18599] netlink: 'syz.1.4509': attribute type 4 has an invalid length.
[  799.703398][T18583] delete_channel: no stack
[  799.709631][T18599] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4509'.
[  800.233293][ T1108] Bluetooth: hci1: command 0x0406 tx timeout
[  800.356708][T18628] netlink: 'syz.2.4517': attribute type 39 has an invalid length.
[  800.719507][T18637] netlink: 'syz.4.4524': attribute type 10 has an invalid length.
[  800.783505][T18637] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4524'.
[  800.897793][T18637] batman_adv: batadv0: Adding interface: hsr_slave_1
[  800.969854][T18637] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  801.163274][T18637] batman_adv: batadv0: Interface activated: hsr_slave_1
[  801.235043][T18636] delete_channel: no stack
[  801.245504][T18641] netlink: 'syz.0.4521': attribute type 10 has an invalid length.
[  801.288615][T18641] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4521'.
[  801.478750][T18635] delete_channel: no stack
[  801.497365][T18654] netlink: 'syz.4.4529': attribute type 10 has an invalid length.
[  801.653479][T18659] netlink: 'syz.2.4532': attribute type 9 has an invalid length.
[  801.701648][T18654] device hsr_slave_0 left promiscuous mode
[  801.710214][T18654] device hsr_slave_1 left promiscuous mode
[  801.790645][T18657] device sit0 entered promiscuous mode
[  801.986880][T18671] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  801.993873][T18671] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  802.206500][T18677] bridge0: port 3(team0) entered disabled state
[  802.437444][T18677] device bridge_slave_1 left promiscuous mode
[  802.448624][T18677] bridge0: port 2(bridge_slave_1) entered disabled state
[  802.508389][T18677] device bridge_slave_0 left promiscuous mode
[  802.543120][T18677] bridge0: port 1(bridge_slave_0) entered disabled state
[  803.000892][T18677] bond0: (slave bridge0): Releasing backup interface
[  803.087266][T18680] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  803.110291][T18680] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  803.175796][T18691] device syzkaller0 entered promiscuous mode
[  803.332047][T18698] mac80211_hwsim hwsim16 .3ãc¤±: renamed from wlan1
[  803.361044][T18704] device bond0 left promiscuous mode
[  803.372942][T18704] device bond_slave_0 left promiscuous mode
[  803.383325][T18704] device bond_slave_1 left promiscuous mode
[  803.393880][T18704] device batadv0 left promiscuous mode
[  803.409748][T18704] device bridge0 left promiscuous mode
[  804.604193][T18725] __nla_validate_parse: 5 callbacks suppressed
[  804.604234][T18725] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4554'.
[  804.703067][T18725] device bridge_slave_1 left promiscuous mode
[  804.715913][T18725] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.333199][T18721] delete_channel: no stack
[  806.556909][T18725] device bridge_slave_0 left promiscuous mode
[  806.565504][T18725] bridge0: port 1(bridge_slave_0) entered disabled state
[  806.607803][T18725] bond0: (slave bridge0): Releasing backup interface
[  806.736975][T18738] validate_nla: 1 callbacks suppressed
[  806.736992][T18738] netlink: 'syz.3.4556': attribute type 10 has an invalid length.
[  806.807065][T18738] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4556'.
[  806.834320][T18742] netlink: 'syz.2.4567': attribute type 10 has an invalid length.
[  806.875941][T18742] 8021q: adding VLAN 0 to HW filter on device team0
[  806.900227][T18742] bond0: (slave team0): Enslaving as an active interface with an up link
[  806.944435][T18737] delete_channel: no stack
[  807.081617][T18752] delete_channel: no stack
[  807.370748][T18764] netlink: 'syz.1.4568': attribute type 10 has an invalid length.
[  807.428109][T18764] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  807.767645][T18776] tap0: tun_chr_ioctl cmd 1074025677
[  807.784777][T18776] tap0: linktype set to 778
[  807.807840][T18783] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.4573'.
[  807.835129][T18776] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4571'.
[  807.911086][T18783] device bridge_slave_1 left promiscuous mode
[  807.924976][T18783] bridge0: port 2(bridge_slave_1) entered disabled state
[  808.145599][T18783] device bridge_slave_0 left promiscuous mode
[  808.254069][T18783] bridge0: port 1(bridge_slave_0) entered disabled state
[  808.396986][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  808.403525][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  808.574413][T18783] bond0: (slave bridge0): Releasing backup interface
[  808.727085][T18792] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  808.775265][T18792] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  808.884806][T18857] netlink: 'syz.3.4578': attribute type 10 has an invalid length.
[  809.342666][T18870] IPv6: pim6reg1: Disabled Multicast RS
[  810.071457][T18891] netlink: 'syz.2.4590': attribute type 10 has an invalid length.
[  810.422242][T18891] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  810.657552][T18895] tap0: tun_chr_ioctl cmd 1074025677
[  810.682803][T18895] tap0: linktype set to 778
[  810.712376][T18895] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4591'.
[  810.749202][T18904] netlink: 'syz.2.4595': attribute type 10 has an invalid length.
[  810.783216][T18904] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4595'.
[  810.898617][T18901] delete_channel: no stack
[  811.366338][T18923] netlink: 'syz.1.4604': attribute type 33 has an invalid length.
[  811.382816][T18923] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4604'.
[  811.410397][T18925] netlink: 'syz.3.4606': attribute type 10 has an invalid length.
[  811.531439][T18925] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  811.665372][T18938] netlink: 'syz.2.4610': attribute type 10 has an invalid length.
[  811.676376][T18938] device hsr_slave_0 left promiscuous mode
[  811.702415][T18940] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4619'.
[  811.750442][T18938] device hsr_slave_1 left promiscuous mode
[  811.797919][T18945] netlink: 'syz.3.4612': attribute type 3 has an invalid length.
[  811.810869][T18945] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4612'.
[  811.942431][T18940] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4619'.
[  811.979923][T18946] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4619'.
[  812.017042][T18949] tap0: tun_chr_ioctl cmd 1074025677
[  812.039781][T18949] tap0: linktype set to 778
[  812.067701][T18954] netlink: 'syz.3.4613': attribute type 10 has an invalid length.
[  812.103449][T18954] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4613'.
[  812.183402][T18950] delete_channel: no stack
[  812.482169][T18968] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.4618'.
[  812.513972][T18967] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4620'.
[  812.903424][T18990] delete_channel: no stack
[  813.082986][T18993] device bond0 entered promiscuous mode
[  813.089590][T18993] device bond_slave_0 entered promiscuous mode
[  813.110503][T18993] device bond_slave_1 entered promiscuous mode
[  813.122726][T18993] device bridge0 entered promiscuous mode
[  813.145038][T18993] device dummy0 entered promiscuous mode
[  813.205592][T18997] device syzkaller0 entered promiscuous mode
[  813.739982][T19018] device bridge_slave_1 left promiscuous mode
[  813.750326][T19018] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.819563][T19018] device bridge_slave_0 left promiscuous mode
[  813.835800][T19018] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.016612][T19018] team0: Port device bridge0 removed
[  814.805579][T19069] device bond0 entered promiscuous mode
[  814.811370][T19069] device bond_slave_0 entered promiscuous mode
[  814.838619][T19060] delete_channel: no stack
[  814.901528][T19069] device bond_slave_1 entered promiscuous mode
[  815.525694][T19084] device syzkaller0 entered promiscuous mode
[  816.079782][T19118] netlink: 'syz.1.4650': attribute type 10 has an invalid length.
[  816.102466][T19122] __nla_validate_parse: 7 callbacks suppressed
[  816.102503][T19122] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4653'.
[  816.366128][T19126] netlink: 'syz.4.4655': attribute type 33 has an invalid length.
[  816.383111][T19126] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4655'.
[  816.470344][T19129] netlink: 'syz.2.4656': attribute type 10 has an invalid length.
[  816.516598][T19129] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4656'.
[  816.528235][T19128] delete_channel: no stack
[  816.626856][T19127] delete_channel: no stack
[  816.644139][T19134] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4659'.
[  816.674891][T19134] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4659'.
[  816.719170][T19139] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4659'.
[  816.801912][T19134] device bond0 entered promiscuous mode
[  816.825741][T19134] device bond_slave_0 entered promiscuous mode
[  816.839527][T19134] device bond_slave_1 entered promiscuous mode
[  817.187746][T19158] netlink: 'syz.2.4666': attribute type 3 has an invalid length.
[  817.246158][T19158] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4666'.
[  817.722907][T19174] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4671'.
[  817.759404][T19176] netlink: 'syz.4.4670': attribute type 33 has an invalid length.
[  817.808335][T19176] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4670'.
[  817.820807][ T4195] Bluetooth: hci0: hardware error 0x84
[  817.838441][T19174] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4671'.
[  818.073942][T19183] netlink: 'syz.0.4674': attribute type 10 has an invalid length.
[  818.209997][T19180] delete_channel: no stack
[  818.314393][T19187] device bond0 entered promiscuous mode
[  818.320180][T19187] device bond_slave_0 entered promiscuous mode
[  818.413919][T19187] device bond_slave_1 entered promiscuous mode
[  818.517004][T19187] device batadv0 entered promiscuous mode
[  818.617605][T19187] device team0 entered promiscuous mode
[  818.680917][T19187] device team_slave_1 entered promiscuous mode
[  818.716139][T19196] delete_channel: no stack
[  818.742607][T19201] delete_channel: no stack
[  818.768950][T19201] delete_channel: no stack
[  818.778451][T19187] 8021q: adding VLAN 0 to HW filter on device bond0
[  818.995447][T19206] netlink: 'syz.4.4683': attribute type 10 has an invalid length.
[  819.645438][T19216] delete_channel: no stack
[  819.744861][T19233] netlink: 'syz.2.4693': attribute type 10 has an invalid length.
[  819.815054][T19232] delete_channel: no stack
[  820.657844][T19253] netlink: 'syz.0.4700': attribute type 10 has an invalid length.
[  820.735516][T19253] team0: Device veth1_macvtap failed to register rx_handler
[  820.845577][T19262] netlink: 'syz.3.4703': attribute type 3 has an invalid length.
[  821.315390][T19277] __nla_validate_parse: 11 callbacks suppressed
[  821.315409][T19277] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4708'.
[  821.340350][T19277] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4708'.
[  821.341018][T19266] delete_channel: no stack
[  821.483831][T19285] device bond0 entered promiscuous mode
[  821.489543][T19285] device bond_slave_0 entered promiscuous mode
[  821.499504][T19285] device bond_slave_1 entered promiscuous mode
[  821.509491][T19275] netlink: 'syz.2.4709': attribute type 10 has an invalid length.
[  821.551503][T19280] netlink: 'syz.4.4710': attribute type 33 has an invalid length.
[  821.575492][T19280] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4710'.
[  821.782003][T19295] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4716'.
[  821.907597][T19300] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  822.049942][T19300] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  822.220915][T19310] netlink: 'syz.0.4719': attribute type 3 has an invalid length.
[  822.250516][T19310] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4719'.
[  822.305549][T19313] netlink: 'syz.1.4720': attribute type 10 has an invalid length.
[  822.337296][T19313] bond0: (slave bond_slave_0): Releasing backup interface
[  822.378863][T19313] device bond_slave_0 left promiscuous mode
[  822.449637][T19315] netlink: 'syz.4.4721': attribute type 10 has an invalid length.
[  822.483789][T19316] delete_channel: no stack
[  822.528456][T19312] delete_channel: no stack
[  822.664954][T19321] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4724'.
[  822.710865][T19321] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4724'.
[  822.812407][T19331] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.4729'.
[  822.936513][T19331] device bridge_slave_1 left promiscuous mode
[  822.984760][T19331] bridge0: port 2(bridge_slave_1) entered disabled state
[  823.068752][T19331] device bridge_slave_0 left promiscuous mode
[  823.094833][T19331] bridge0: port 1(bridge_slave_0) entered disabled state
[  823.137676][T19340] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  823.157179][T19344] netlink: 'syz.1.4734': attribute type 3 has an invalid length.
[  823.183792][T19344] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4734'.
[  823.264192][T19331] bond0: (slave bridge0): Releasing backup interface
[  823.290668][T19331] device bridge0 left promiscuous mode
[  823.426832][T19338] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  823.453474][T19338] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  823.508167][T19352] delete_channel: no stack
[  823.639406][T19365] netlink: 'syz.0.4738': attribute type 10 has an invalid length.
[  823.752673][T19365] device dummy0 entered promiscuous mode
[  823.788467][T19365] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  823.801065][T19364] bond0: (slave batadv0): Error: Slave device does not support XDP
[  823.835248][T19371] netlink: 'syz.2.4739': attribute type 10 has an invalid length.
[  823.863613][T19371] bond0: (slave bond_slave_0): Releasing backup interface
[  823.871487][T19371] device bond_slave_0 left promiscuous mode
[  823.998980][T19362] delete_channel: no stack
[  824.472234][T19398] netlink: 'syz.3.4751': attribute type 10 has an invalid length.
[  824.493370][T19398] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4751'.
[  824.502729][T19393] delete_channel: no stack
[  824.515113][T19398] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  824.821291][T19404] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  824.964856][T19404] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  824.991216][T19412] netlink: 'syz.3.4754': attribute type 10 has an invalid length.
[  825.043650][T19412] team0: Device veth1_macvtap failed to register rx_handler
[  825.171025][T19418] bond0: (slave dummy0): Error: Slave device does not support XDP
[  825.241672][T19418] netlink: 'syz.0.4757': attribute type 10 has an invalid length.
[  825.277233][T19418] bond0: (slave bond_slave_0): Releasing backup interface
[  825.301997][T19418] device bond_slave_0 left promiscuous mode
[  825.427156][T19417] delete_channel: no stack
[  825.439516][T19428] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  825.571614][T19428] netlink: 'syz.1.4760': attribute type 10 has an invalid length.
[  825.890839][T19428] team0: Port device dummy0 added
[  826.022724][T19435] team0: Port device dummy0 removed
[  826.032467][T19435] device dummy0 entered promiscuous mode
[  826.039525][T19435] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  826.061182][T19448] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  826.071359][T19433] delete_channel: no stack
[  826.231639][T19448] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  826.550497][T19466] device syzkaller0 entered promiscuous mode
[  826.611144][T19462] __nla_validate_parse: 4 callbacks suppressed
[  826.611197][T19462] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.4772'.
[  827.216967][T19474] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4775'.
[  827.320163][T19469] delete_channel: no stack
[  827.474900][T19485] validate_nla: 3 callbacks suppressed
[  827.474920][T19485] netlink: 'syz.4.4781': attribute type 3 has an invalid length.
[  827.499108][T19485] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4781'.
[  827.533375][T19480] delete_channel: no stack
[  827.700725][T19490] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.4782'.
[  827.734406][T19494] netlink: 'syz.2.4783': attribute type 10 has an invalid length.
[  827.785233][T19494] device bond0 left promiscuous mode
[  827.795159][T19494] device bond_slave_1 left promiscuous mode
[  827.805576][T19494] device batadv0 left promiscuous mode
[  827.857757][T19494] device team0 left promiscuous mode
[  827.882260][T19494] device team_slave_1 left promiscuous mode
[  828.112717][T19494] team0: Device bond0 is already an upper device of the team interface
[  828.157421][T19490] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  828.255123][T19490] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  828.727774][T19519] netlink: 'syz.4.4792': attribute type 10 has an invalid length.
[  828.929874][T19519] team0: Device veth1_macvtap failed to register rx_handler
[  829.075875][T19523] delete_channel: no stack
[  829.290367][T19543] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4800'.
[  829.570761][T19543] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  829.634631][T19543] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  829.849425][T19565] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4808'.
[  829.999120][T19565] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4808'.
[  830.017798][T19569] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4808'.
[  830.028233][T19563] netlink: 17267 bytes leftover after parsing attributes in process `syz.4.4807'.
[  830.047899][T19570] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4808'.
[  830.075988][T19567] delete_channel: no stack
[  830.159043][T19573] bond0: (slave dummy0): Error: Slave device does not support XDP
[  830.813641][T19606] delete_channel: no stack
[  830.921261][T19614] bond0: (slave dummy0): Error: Slave device does not support XDP
[  831.214926][T19625] netlink: 'syz.1.4829': attribute type 10 has an invalid length.
[  831.368539][T19622] delete_channel: no stack
[  831.403602][T19637] netlink: 'syz.0.4835': attribute type 39 has an invalid length.
[  831.574093][T19638] delete_channel: no stack
[  831.650051][T19645] device bond0 entered promiscuous mode
[  831.663669][T19645] device bond_slave_1 entered promiscuous mode
[  831.684542][T19645] device batadv0 entered promiscuous mode
[  831.708560][T19645] device team0 entered promiscuous mode
[  831.732272][T19645] device team_slave_1 entered promiscuous mode
[  831.764831][T19645] 8021q: adding VLAN 0 to HW filter on device bond0
[  832.032432][T19655] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  832.687795][T19682] sctp: [Deprecated]: syz.4.4851 (pid 19682) Use of int in maxseg socket option.
[  832.687795][T19682] Use struct sctp_assoc_value instead
[  832.930123][T19687] __nla_validate_parse: 2 callbacks suppressed
[  832.930140][T19687] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4853'.
[  834.007337][T19682] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4851'.
[  834.033461][T19687] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4853'.
[  834.074194][T19683] delete_channel: no stack
[  834.345603][T19702] bond0: (slave dummy0): Error: Slave device does not support XDP
[  834.407032][T19702] netlink: 'syz.1.4858': attribute type 10 has an invalid length.
[  834.476657][T19701] delete_channel: no stack
[  834.827983][T19724] tap0: tun_chr_ioctl cmd 1074025677
[  834.848558][T19724] tap0: linktype set to 778
[  834.969950][T19727] delete_channel: no stack
[  835.101431][T19733] netlink: 'syz.4.4869': attribute type 10 has an invalid length.
[  835.133235][T19733] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4869'.
[  835.170927][T19737] sctp: [Deprecated]: syz.2.4870 (pid 19737) Use of int in maxseg socket option.
[  835.170927][T19737] Use struct sctp_assoc_value instead
[  835.228151][T19736] netlink: 49819 bytes leftover after parsing attributes in process `syz.0.4871'.
[  835.255260][T19731] delete_channel: no stack
[  835.349285][T19737] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4870'.
[  835.911936][T19763] tap0: tun_chr_ioctl cmd 1074025677
[  835.918777][T19758] delete_channel: no stack
[  835.987068][T19763] tap0: linktype set to 778
[  836.034195][T19766] netlink: 'syz.2.4883': attribute type 10 has an invalid length.
[  836.074676][T19766] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4883'.
[  836.178710][T19771] netlink: 49819 bytes leftover after parsing attributes in process `syz.3.4885'.
[  836.188911][T19765] delete_channel: no stack
[  836.373384][T19779] sctp: [Deprecated]: syz.0.4888 (pid 19779) Use of int in maxseg socket option.
[  836.373384][T19779] Use struct sctp_assoc_value instead
[  836.521685][T19779] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4888'.
[  836.655548][T19785] bond0: (slave batadv0): Error: Slave device does not support XDP
[  836.737115][T19791] netlink: 'syz.2.4891': attribute type 10 has an invalid length.
[  836.807203][T19791] device dummy0 entered promiscuous mode
[  836.860592][T19791] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  836.977047][T19793] delete_channel: no stack
[  836.987869][T19797] netlink: 'syz.1.4897': attribute type 10 has an invalid length.
[  837.013233][T19797] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4897'.
[  837.077798][T19798] netlink: 'syz.3.4896': attribute type 10 has an invalid length.
[  837.154077][T19798] bond0: (slave bond_slave_0): Releasing backup interface
[  837.161843][T19796] delete_channel: no stack
[  837.184194][T19798] device bond_slave_0 left promiscuous mode
[  837.388708][T19808] tap0: tun_chr_ioctl cmd 1074025677
[  837.404367][T19808] tap0: linktype set to 778
[  837.434798][T19816] netlink: 'syz.0.4902': attribute type 33 has an invalid length.
[  837.452408][T19795] delete_channel: no stack
[  837.745007][T19827] delete_channel: no stack
[  837.749941][T19827] delete_channel: no stack
[  837.763969][T19825] delete_channel: no stack
[  838.197170][T19847] netlink: 'syz.3.4913': attribute type 11 has an invalid length.
[  838.240138][T19846] __nla_validate_parse: 1 callbacks suppressed
[  838.240186][T19846] netlink: 49819 bytes leftover after parsing attributes in process `syz.4.4914'.
[  838.276970][T19847] netlink: 184116 bytes leftover after parsing attributes in process `syz.3.4913'.
[  838.352380][T19847] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  838.614059][T19849] device syzkaller0 entered promiscuous mode
[  838.755540][T19856] bond0: (slave dummy0): Error: Slave device does not support XDP
[  838.791558][T19863] netlink: 'syz.4.4917': attribute type 10 has an invalid length.
[  838.822999][T19863] bond0: (slave bond_slave_0): Releasing backup interface
[  838.831738][T19863] device bond_slave_0 left promiscuous mode
[  838.846173][T19860] tap0: tun_chr_ioctl cmd 1074025677
[  838.853365][T19860] tap0: linktype set to 778
[  838.962084][T19855] delete_channel: no stack
[  839.514092][T19891] delete_channel: no stack
[  839.724982][T19905] bond0: (slave dummy0): Error: Slave device does not support XDP
[  839.786293][T19905] netlink: 'syz.0.4937': attribute type 10 has an invalid length.
[  839.864110][T19904] delete_channel: no stack
[  839.871721][T19909] netlink: 'syz.1.4941': attribute type 10 has an invalid length.
[  840.198166][T19925] delete_channel: no stack
[  840.207872][T19925] delete_channel: no stack
[  840.453577][T19928] delete_channel: no stack
[  840.511959][T19931] netlink: 'syz.0.4948': attribute type 10 has an invalid length.
[  840.571693][ T4195] ==================================================================
[  840.580169][ T4195] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12ca/0x3c90
[  840.588113][ T4195] Read of size 2 at addr ffff88805feede00 by task kworker/u5:4/4195
[  840.596222][ T4195] 
[  840.598579][ T4195] CPU: 0 PID: 4195 Comm: kworker/u5:4 Not tainted syzkaller #0
[  840.606153][ T4195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  840.616320][ T4195] Workqueue: hci4 hci_rx_work
[  840.621026][ T4195] Call Trace:
[  840.624329][ T4195]  <TASK>
[  840.627476][ T4195]  dump_stack_lvl+0x188/0x250
[  840.632177][ T4195]  ? show_regs_print_info+0x20/0x20
[  840.637606][ T4195]  ? load_image+0x400/0x400
[  840.642149][ T4195]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  840.647645][ T4195]  ? mutex_lock_io_nested+0x60/0x60
[  840.653293][ T4195]  print_address_description+0x60/0x2d0
[  840.658874][ T4195]  ? hci_le_meta_evt+0x12ca/0x3c90
[  840.664041][ T4195]  kasan_report+0xdf/0x130
[  840.668488][ T4195]  ? hci_le_meta_evt+0x12ca/0x3c90
[  840.673600][T19931] team0: Port device veth0_to_hsr added
[  840.673627][ T4195]  hci_le_meta_evt+0x12ca/0x3c90
[  840.679218][ T4195]  ? hci_remote_host_features_evt+0x280/0x280
[  840.690270][ T4195]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  840.695967][ T4195]  ? mark_lock+0x94/0x320
[  840.700319][ T4195]  ? mutex_unlock+0x10/0x10
[  840.704855][ T4195]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  840.710870][ T4195]  ? lock_chain_count+0x20/0x20
[  840.715749][ T4195]  ? __rwlock_init+0x140/0x140
[  840.720623][ T4195]  hci_event_packet+0xe48/0x1370
[  840.725611][ T4195]  ? lockdep_hardirqs_on+0x94/0x140
[  840.730948][ T4195]  ? rcu_lock_release+0x20/0x20
[  840.735847][ T4195]  ? hci_send_to_monitor+0x9c/0x4a0
[  840.741095][ T4195]  hci_rx_work+0x255/0xa10
[  840.745588][ T4195]  process_one_work+0x85f/0x1010
[  840.751012][ T4195]  ? worker_detach_from_pool+0x240/0x240
[  840.756675][ T4195]  ? lockdep_hardirqs_off+0x70/0x100
[  840.761997][ T4195]  ? _raw_spin_lock_irq+0xb7/0xf0
[  840.767055][ T4195]  ? _raw_spin_lock_irqsave+0x100/0x100
[  840.772721][ T4195]  ? wq_worker_running+0x97/0x170
[  840.777763][ T4195]  worker_thread+0xaa6/0x1290
[  840.782481][ T4195]  kthread+0x436/0x520
[  840.786580][ T4195]  ? rcu_lock_release+0x20/0x20
[  840.791454][ T4195]  ? kthread_blkcg+0xd0/0xd0
[  840.796149][ T4195]  ret_from_fork+0x1f/0x30
[  840.800591][ T4195]  </TASK>
[  840.803632][ T4195] 
[  840.805979][ T4195] Allocated by task 19933:
[  840.810398][ T4195]  __kasan_kmalloc+0xb5/0xf0
[  840.814999][ T4195]  __alloc_skb+0x22c/0x750
[  840.819426][ T4195]  vhci_write+0xbc/0x450
[  840.823699][ T4195]  vfs_write+0x745/0xd60
[  840.828042][ T4195]  ksys_write+0x152/0x260
[  840.832376][ T4195]  do_syscall_64+0x4c/0xa0
[  840.836944][ T4195]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  840.842848][ T4195] 
[  840.845265][ T4195] Last potentially related work creation:
[  840.851000][ T4195]  kasan_save_stack+0x35/0x60
[  840.855693][ T4195]  kasan_record_aux_stack+0xb8/0x100
[  840.860988][ T4195]  call_rcu+0x189/0x950
[  840.865144][ T4195]  ip6_route_info_create+0x9c5/0x1210
[  840.870547][ T4195]  ip6_route_add+0x24/0x130
[  840.875071][ T4195]  addrconf_add_dev+0x295/0x3c0
[  840.879931][ T4195]  inet6_addr_add+0x18d/0x9c0
[  840.884615][ T4195]  inet6_rtm_newaddr+0x64c/0x8f0
[  840.889565][ T4195]  rtnetlink_rcv_msg+0x844/0xf30
[  840.894514][ T4195]  netlink_rcv_skb+0x1f5/0x440
[  840.899287][ T4195]  netlink_unicast+0x774/0x920
[  840.904059][ T4195]  netlink_sendmsg+0x8ba/0xbe0
[  840.908852][ T4195]  __sys_sendto+0x46d/0x620
[  840.913378][ T4195]  __x64_sys_sendto+0xda/0xf0
[  840.918096][ T4195]  do_syscall_64+0x4c/0xa0
[  840.922537][ T4195]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  840.928443][ T4195] 
[  840.930782][ T4195] Second to last potentially related work creation:
[  840.937372][ T4195]  kasan_save_stack+0x35/0x60
[  840.942088][ T4195]  kasan_record_aux_stack+0xb8/0x100
[  840.947401][ T4195]  call_rcu+0x189/0x950
[  840.951566][ T4195]  perf_event_exit_task+0x763/0x960
[  840.956864][ T4195]  do_exit+0x5a4/0x20c0
[  840.961043][ T4195]  do_group_exit+0x12e/0x300
[  840.965734][ T4195]  get_signal+0x6ca/0x12c0
[  840.970173][ T4195]  arch_do_signal_or_restart+0xe7/0x12c0
[  840.975818][ T4195]  exit_to_user_mode_loop+0x9e/0x130
[  840.981109][ T4195]  exit_to_user_mode_prepare+0xee/0x180
[  840.986668][ T4195]  syscall_exit_to_user_mode+0x16/0x40
[  840.992139][ T4195]  do_syscall_64+0x58/0xa0
[  840.996558][ T4195]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  841.002451][ T4195] 
[  841.004778][ T4195] The buggy address belongs to the object at ffff88805feedc00
[  841.004778][ T4195]  which belongs to the cache kmalloc-512 of size 512
[  841.018850][ T4195] The buggy address is located 0 bytes to the right of
[  841.018850][ T4195]  512-byte region [ffff88805feedc00, ffff88805feede00)
[  841.033092][ T4195] The buggy address belongs to the page:
[  841.038923][ T4195] page:ffffea00017fbb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5feec
[  841.049096][ T4195] head:ffffea00017fbb00 order:2 compound_mapcount:0 compound_pincount:0
[  841.057435][ T4195] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  841.065467][ T4195] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016c41c80
[  841.074093][ T4195] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  841.082691][ T4195] page dumped because: kasan: bad access detected
[  841.089127][ T4195] page_owner tracks the page as allocated
[  841.094850][ T4195] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4197, ts 66190496624, free_ts 20078473521
[  841.113967][ T4195]  get_page_from_freelist+0x1bbd/0x1ca0
[  841.119534][ T4195]  __alloc_pages+0x1ee/0x480
[  841.124135][ T4195]  new_slab+0xc0/0x4b0
[  841.128727][ T4195]  ___slab_alloc+0x80a/0xdd0
[  841.133345][ T4195]  __kmalloc_node_track_caller+0x1fc/0x3a0
[  841.139168][ T4195]  __alloc_skb+0x22c/0x750
[  841.143598][ T4195]  rtmsg_ifa+0xf9/0x1f0
[  841.147858][ T4195]  __inet_insert_ifa+0x9e3/0xbe0
[  841.152830][ T4195]  inet_rtm_newaddr+0x99a/0x1890
[  841.157781][ T4195]  rtnetlink_rcv_msg+0x844/0xf30
[  841.162741][ T4195]  netlink_rcv_skb+0x1f5/0x440
[  841.167519][ T4195]  netlink_unicast+0x774/0x920
[  841.172306][ T4195]  netlink_sendmsg+0x8ba/0xbe0
[  841.177085][ T4195]  __sys_sendto+0x46d/0x620
[  841.181692][ T4195]  __x64_sys_sendto+0xda/0xf0
[  841.186380][ T4195]  do_syscall_64+0x4c/0xa0
[  841.190812][ T4195] page last free stack trace:
[  841.195497][ T4195]  free_unref_page_prepare+0x637/0x6c0
[  841.200976][ T4195]  free_unref_page+0x8f/0x2a0
[  841.205678][ T4195]  free_contig_range+0x96/0xf0
[  841.210462][ T4195]  destroy_args+0xf0/0xa00
[  841.214888][ T4195]  debug_vm_pgtable+0x321/0x380
[  841.219750][ T4195]  do_one_initcall+0x272/0x730
[  841.224542][ T4195]  do_initcall_level+0x137/0x1f0
[  841.229990][ T4195]  do_initcalls+0x4b/0x90
[  841.234344][ T4195]  kernel_init_freeable+0x3e9/0x570
[  841.239566][ T4195]  kernel_init+0x19/0x1b0
[  841.243999][ T4195]  ret_from_fork+0x1f/0x30
[  841.248442][ T4195] 
[  841.250789][ T4195] Memory state around the buggy address:
[  841.256434][ T4195]  ffff88805feedd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  841.264513][ T4195]  ffff88805feedd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  841.272587][ T4195] >ffff88805feede00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  841.280665][ T4195]                    ^
[  841.284742][ T4195]  ffff88805feede80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  841.292816][ T4195]  ffff88805feedf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  841.300881][ T4195] ==================================================================
[  841.308946][ T4195] Disabling lock debugging due to kernel taint
[  841.320030][ T4195] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  841.327278][ T4195] CPU: 0 PID: 4195 Comm: kworker/u5:4 Tainted: G    B             syzkaller #0
[  841.336239][ T4195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  841.346328][ T4195] Workqueue: hci4 hci_rx_work
[  841.351044][ T4195] Call Trace:
[  841.354343][ T4195]  <TASK>
[  841.357299][ T4195]  dump_stack_lvl+0x188/0x250
[  841.362003][ T4195]  ? show_regs_print_info+0x20/0x20
[  841.367222][ T4195]  ? load_image+0x400/0x400
[  841.371745][ T4195]  panic+0x2e5/0x810
[  841.375670][ T4195]  ? bpf_jit_dump+0xd0/0xd0
[  841.380196][ T4195]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  841.386208][ T4195]  ? _raw_spin_unlock+0x40/0x40
[  841.391089][ T4195]  ? hci_le_meta_evt+0x12ca/0x3c90
[  841.396218][ T4195]  check_panic_on_warn+0x80/0xa0
[  841.401611][ T4195]  ? hci_le_meta_evt+0x12ca/0x3c90
[  841.406738][ T4195]  end_report+0x6d/0xf0
[  841.410908][ T4195]  kasan_report+0x102/0x130
[  841.415430][ T4195]  ? hci_le_meta_evt+0x12ca/0x3c90
[  841.420650][ T4195]  hci_le_meta_evt+0x12ca/0x3c90
[  841.425629][ T4195]  ? hci_remote_host_features_evt+0x280/0x280
[  841.431724][ T4195]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  841.437385][ T4195]  ? mark_lock+0x94/0x320
[  841.441738][ T4195]  ? mutex_unlock+0x10/0x10
[  841.446270][ T4195]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  841.452690][ T4195]  ? lock_chain_count+0x20/0x20
[  841.457654][ T4195]  ? __rwlock_init+0x140/0x140
[  841.462436][ T4195]  hci_event_packet+0xe48/0x1370
[  841.467412][ T4195]  ? lockdep_hardirqs_on+0x94/0x140
[  841.472638][ T4195]  ? rcu_lock_release+0x20/0x20
[  841.477524][ T4195]  ? hci_send_to_monitor+0x9c/0x4a0
[  841.482762][ T4195]  hci_rx_work+0x255/0xa10
[  841.487231][ T4195]  process_one_work+0x85f/0x1010
[  841.492298][ T4195]  ? worker_detach_from_pool+0x240/0x240
[  841.497970][ T4195]  ? lockdep_hardirqs_off+0x70/0x100
[  841.503271][ T4195]  ? _raw_spin_lock_irq+0xb7/0xf0
[  841.508310][ T4195]  ? _raw_spin_lock_irqsave+0x100/0x100
[  841.513880][ T4195]  ? wq_worker_running+0x97/0x170
[  841.518953][ T4195]  worker_thread+0xaa6/0x1290
[  841.523773][ T4195]  kthread+0x436/0x520
[  841.527863][ T4195]  ? rcu_lock_release+0x20/0x20
[  841.532729][ T4195]  ? kthread_blkcg+0xd0/0xd0
[  841.537438][ T4195]  ret_from_fork+0x1f/0x30
[  841.541889][ T4195]  </TASK>
[  841.545675][ T4195] Kernel Offset: disabled
[  841.550038][ T4195] Rebooting in 86400 seconds..