last executing test programs:

3.716961516s ago: executing program 2 (id=12825):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f00000001c0)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41040, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x9}, 0x0, 0xc8, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffffcfe6}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000040000000400000008"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000800000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4002000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r4=>0x0, <r5=>0x0})
close(r4)
setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x127)
perf_event_open(&(0x7f00000004c0)={0x1, 0xc46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0131014010ff"})

3.286578708s ago: executing program 0 (id=12820):
r0 = socket$kcm(0x10, 0x2, 0x4)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$sock(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x102}}], 0x18}, 0x0)
recvmsg$kcm(r1, 0x0, 0x2000)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xffffff7f, 0x0, 0x1}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x18, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r5, 0x6, 0x1f, &(0x7f0000000080), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000002c0), 0x0, 0x0, 0xef, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
getpid()
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000003540)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000014006b04c84e21020af32c6e0a0675f800250002500100000017d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

2.84291566s ago: executing program 0 (id=12823):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0x8, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f00000001c0)='D', 0x33fe0}], 0x1}, 0x20000040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x6, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000002, 0x0, 0x0, 0x9}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r6)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce6266"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.43450492s ago: executing program 2 (id=12824):
r0 = socket$kcm(0x2, 0x2, 0x73)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x4, 0x6, 0x8, 0x0, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{0x0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x4}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0, 0x0, 0x7400}, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x5}, 0x80, 0xbecb, 0x0, 0x0, 0x4, 0x4, 0xc5}, 0x0, 0x80000000000000, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, 0xffffffffffffffff)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r5, 0x58, &(0x7f0000000040)}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae58e99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472ad529cefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc979ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa09acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b183940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000280)="61df718305a35997984d4763fcac", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

2.417852961s ago: executing program 3 (id=12826):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000040000000000000700000095"], &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
close(0x3)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x2, @perf_bp={0x0, 0x1}, 0x28, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x4000000, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES16=r0], 0x10)

1.991007292s ago: executing program 3 (id=12827):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5a2119bf86ff29ce, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0x4, 0x3, 0x3fd}, 0x10}, 0x94)
r1 = socket$kcm(0x1e, 0x5, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$kcm(r1, 0x0, 0x20008044)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400001a080000000100cd0080000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0))

1.898177396s ago: executing program 0 (id=12829):
r0 = socket$kcm(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d80000001e0081054e81f782db020000071d080006007c09e8fe08a104000e000a00142603600e1208000fc01e000406a80016c008000e400400027c035c0461c1967f6f94007134cff6d26efb8000a0ffa290457f01895416277ce06bba0000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d25ccca95c9757c01deeb12c0e440f57d6cf23b1900360db7e5167fda40fad956d809d5e12a9ecbee5de6ccd40dd6e4edef3d93452a92950b0000000000000023f9a941000000000000000000007d59ef7e1359485303f720a1ed469c778f", 0xd8}], 0x1}, 0x804)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20)
socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="8510000000000000181000", @ANYRES32, @ANYBLOB="f0f605748aed"], 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f2, &(0x7f0000000080))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="390e631c1900"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400"/28], 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={r1, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b, &(0x7f00000006c0), 0x0, 0x10, &(0x7f0000000700), 0x0, 0x0, 0x52, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0xfff5)

1.685890727s ago: executing program 0 (id=12830):
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c23003d)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x280, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000002380)=ANY=[@ANYBLOB="1802000002000000000000000d003f0487f52983a209020018010000696e6c2500000000002060207b1af8ff00000000bfa100000e00e7ff06010000f8d48100b802000008000000b70300000012000085000000710000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x2f, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x0)
r4 = socket$kcm(0x11, 0x2, 0x0)
r5 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r5, 0x107, 0x12, &(0x7f00000000c0)=r4, 0x8)
r6 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x89e1, &(0x7f0000000140)={r3})
setsockopt$sock_attach_bpf(r5, 0x107, 0x16, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r7)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r8, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62042712920101000001ad2f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a710292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca2d74d9a4de33", 0xda}, {&(0x7f0000000c00)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a804dd2a44ce42557b2e32e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c53cea91ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f3c6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e549966c1106a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c750", 0x114}, {&(0x7f0000000a40)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb4714219a2d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xfff0}, {&(0x7f0000000840)="6f4720baeb54", 0x6}], 0x4}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x5452, &(0x7f0000000400)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18040000000000000000000000000000850000008c0000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000040)=r7)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0x18)
close(0x3)

1.666002288s ago: executing program 3 (id=12831):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000040000000000000700000095"], &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
close(0x3)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x2, @perf_bp={0x0, 0x1}, 0x28, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x4000000, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES16=r0], 0x10)

1.598203101s ago: executing program 1 (id=12832):
r0 = socket$kcm(0x10, 0x2, 0x4)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$sock(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x102}}], 0x18}, 0x0)
recvmsg$kcm(r1, 0x0, 0x2000)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xffffff7f, 0x0, 0x1}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x18, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r5, 0x6, 0x1f, &(0x7f0000000080), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000002c0), 0x0, 0x0, 0xef, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
getpid()
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000003540)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000014006b04c84e21020af32c6e0a0675f800250002500100000017d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

1.449923839s ago: executing program 3 (id=12833):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
close(r0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x200008c0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair(0x21, 0x80000, 0xc9, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89a1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0600000008000000030000000008000020000100", @ANYRES32, @ANYBLOB="0300000000000000000000000600000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000010000000100"/21, @ANYRES32, @ANYBLOB], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000640), &(0x7f0000000680)='%pi6   \x00'}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r4)
r6 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r6, &(0x7f00000010c0)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000480)='\\', 0x1}], 0x1}, 0x4000040)
sendmsg$inet(r6, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000180)}], 0x1}, 0x8040)
close(r6)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map, r3, 0xa, 0x2028}, 0x20)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000080)="2e00000010008188040f46ecdb4cb9cca7480ef431000000e3bd6efb010509000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x8000)
r8 = getpid()
perf_event_open(0x0, r8, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getpid()
bpf$ITER_CREATE(0x21, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)

1.164418442s ago: executing program 0 (id=12834):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f00000001c0)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41040, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x9}, 0x0, 0xc8, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffffcfe6}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000040000000400000008"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000800000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4002000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r4=>0x0, <r5=>0x0})
close(r4)
setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x127)
perf_event_open(&(0x7f00000004c0)={0x1, 0xc46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0131014010ff"})

1.163998332s ago: executing program 1 (id=12835):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000040000000000000700000095"], &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0x3)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x2, @perf_bp={0x0, 0x1}, 0x28, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x4000000, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES16=r0], 0x10)

1.163723772s ago: executing program 2 (id=12836):
r0 = socket$kcm(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d80000001e0081054e81f782db020000071d080006007c09e8fe08a104000e000a00142603600e1208000fc01e000406a80016c008000e400400027c035c0461c1967f6f94007134cff6d26efb8000a0ffa290457f01895416277ce06bba0000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d25ccca95c9757c01deeb12c0e440f57d6cf23b1900360db7e5167fda40fad956d809d5e12a9ecbee5de6ccd40dd6e4edef3d93452a92950b0000000000000023f9a941000000000000000000007d59ef7e1359485303f720a1ed469c778f", 0xd8}], 0x1}, 0x804)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20)
socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="8510000000000000181000", @ANYRES32, @ANYBLOB="f0f605748aed"], 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f2, &(0x7f0000000080))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="390e631c1900"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400"/28], 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={r1, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b, &(0x7f00000006c0), 0x0, 0x10, &(0x7f0000000700), 0x0, 0x0, 0x52, 0x8, 0x0, 0x0}}, 0x10)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0xfff5)

1.003210621s ago: executing program 3 (id=12837):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
close(r0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x200008c0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair(0x21, 0x80000, 0xc9, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89a1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0600000008000000030000000008000020000100", @ANYRES32, @ANYBLOB="0300000000000000000000000600000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000010000000100"/21, @ANYRES32, @ANYBLOB], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{r0, <r4=>0xffffffffffffffff}, &(0x7f0000000640), &(0x7f0000000680)='%pi6   \x00'}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r6)
r8 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r8, &(0x7f00000010c0)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000480)='\\', 0x1}], 0x1}, 0x4000040)
sendmsg$inet(r8, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000180)}], 0x1}, 0x8040)
close(r8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map, r5, 0xa, 0x2028}, 0x20)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000080)="2e00000010008188040f46ecdb4cb9cca7480ef431000000e3bd6efb010509000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x8000)
r10 = getpid()
perf_event_open(0x0, r10, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r11 = getpid()
r12 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000001c0)="71e9185b619140e53faeff8f245d3fd3c676beba8c87af8d68f2bd3356ce68bce1a35483cd0c0fccdc510193a5b56c32b735b5a4fe49133bb3504b2ab61ff13ec3e77da15309e097a76f65993697852297af9fe0ce0bf5b08e29e5e59eea0080b9f8470cca64130da8455f2811051d22fb69ed748fcbc24819b13a65206553bda91edcc65959b658f67fa143ddf26d7a6c201540a1e6520e03a6f6502494f8bbfedbdb06d9d8c9688e7580", 0xab}, {&(0x7f0000000040)="593b0edc082499b9541b9ed7ab9c4b14a7b899d4ed", 0x15}, {&(0x7f0000000280)="34bdaa9b166c006b77b633991025d21fa5018b743467484f87700599f7eb54796334b638a38757dd55459815325b34dcf3ff752ff705f3ad54c05d419181f6b3c2995bceb8b92657059d15c387f74e1bc85e0ed36b27a5f3d69126d528b18ab6b14853686b07b317d26ecb2f9156a474e488f02fdd5f9cb6e1ae2137dcf462387eb4a27be13046eb405910541592b4a3c308408d2a1d675130ff2e56d16867ef261a8dc4b080b3aa5cf6dca3c05ab0b37d2a28929e2773137376a67aafc7783a007f4b49bffd0184116cdfe7bb02a8a093e5b4440f9b00a2", 0xd8}, {&(0x7f0000000380)="7d8e0c4bf7064e1b663d9a30278d67c07f597c2a2544", 0x16}], 0x4, &(0x7f0000000740)=[@rights={{0x24, 0x1, 0x1, [r1, r0, r0, r1, r0]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r2, r3, r0, r0, r0, r0]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [r0, r1]}}, @rights={{0x28, 0x1, 0x1, [r4, r0, r1, r1, r1, r0]}}, @cred={{0x1c, 0x1, 0x2, {r10, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [r1, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r11, 0xffffffffffffffff, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, 0xee01}}}, @rights={{0x24, 0x1, 0x1, [r0, r1, r1, r12, r0]}}], 0x158, 0x20008000}, 0xc000)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)

866.853468ms ago: executing program 2 (id=12838):
r0 = socket$kcm(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d80000001e0081054e81f782db020000071d080006007c09e8fe08a104000e000a00142603600e1208000fc01e000406a80016c008000e400400027c035c0461c1967f6f94007134cff6d26efb8000a0ffa290457f01895416277ce06bba0000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d25ccca95c9757c01deeb12c0e440f57d6cf23b1900360db7e5167fda40fad956d809d5e12a9ecbee5de6ccd40dd6e4edef3d93452a92950b0000000000000023f9a941000000000000000000007d59ef7e1359485303f720a1ed469c778f", 0xd8}], 0x1}, 0x804)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20)
socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="8510000000000000181000", @ANYRES32, @ANYBLOB="f0f605748aed"], 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f2, &(0x7f0000000080))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="390e631c1900"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400"/28], 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0xfff5)

749.471533ms ago: executing program 1 (id=12839):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5a2119bf86ff29ce, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0x4, 0x3, 0x3fd}, 0x10}, 0x94)
r1 = socket$kcm(0x1e, 0x5, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$kcm(r1, 0x0, 0x20008044)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400001a080000000100cd0080000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0))

592.510141ms ago: executing program 2 (id=12840):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)}], 0x1}, 0x20000840)
socket$kcm(0x10, 0x2, 0x4)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2})
sendmsg$kcm(r1, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0) (fail_nth: 6)

574.576941ms ago: executing program 1 (id=12841):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000040000000000000700000095"], &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
close(0x3)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x2, @perf_bp={0x0, 0x1}, 0x28, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x4000000, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
socket$kcm(0x2, 0xa, 0x2)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES16=r0], 0x10)

194.119011ms ago: executing program 2 (id=12842):
r0 = socket$kcm(0x2, 0x2, 0x73)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x4, 0x6, 0x8, 0x0, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{0x0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x4}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0, 0x0, 0x7400}, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000180)={0x3, &(0x7f0000000000)=[{0x1d, 0x0, 0x2}, {0x2, 0x0, 0x1, 0xfffffffe}, {}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x5}, 0x80, 0xbecb, 0x0, 0x0, 0x4, 0x4, 0xc5}, 0x0, 0x80000000000000, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, 0xffffffffffffffff)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r5, 0x58, &(0x7f0000000040)}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae58e99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472ad529cefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc979ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa09acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b183940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000280)="61df718305a35997984d4763fcac", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

193.71733ms ago: executing program 1 (id=12843):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000040000000000000700000095"], &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$kcm(0xa, 0x2, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
close(0x3)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x2, @perf_bp={0x0, 0x1}, 0x28, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x4000000, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRES16=r0], 0x10)

189.941811ms ago: executing program 0 (id=12844):
r0 = socket$kcm(0x10, 0x2, 0x4)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$sock(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x102}}], 0x18}, 0x0)
recvmsg$kcm(r1, 0x0, 0x2000)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xffffff7f, 0x0, 0x1}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x80000, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x18, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r5, 0x6, 0x1f, &(0x7f0000000080), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000002c0), 0x0, 0x0, 0xef, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
getpid()
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000003540)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000014006b04c84e21020af32c6e0a0675f800250002500100000017d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

179.889461ms ago: executing program 3 (id=12845):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)=""/140, 0x8c}], 0x1, &(0x7f0000002f40)=""/229, 0xe5}, 0x40000004)
sendmsg$tipc(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="b8d3d8e48974aae5039847936746be1d81a34f9b68100dbf05177b2436f9d642df271fd6b9aa6701365ffc72380000000001000000fcf2fbb053e277a04d3f44e3f9bafec64080f64f103ee1de769e5e9dd8cbb68869a662eaad499c52a16f40cb3a1f6f3d5f8df14c53b2e6b5397f7806b6ff846de37a34c8342b9ac5a51eacf8a09cede8676044eafd3d7935f9", 0x8e}, {&(0x7f0000000840)="8d03cab9cbe923f2ab882de5", 0xc}], 0x2, 0x0, 0x0, 0x400c800}, 0x4000000)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x26, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}, [@exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @exit, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000180)='syzkaller\x00', 0x8, 0x20, &(0x7f00000001c0)=""/32, 0x41100, 0x36, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x1, 0x3, 0x7, 0xb12e}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000300)=[0x1, 0x1, 0x1, 0x1], &(0x7f0000000380)=[{0x4, 0x3, 0x6, 0x4}, {0x4, 0x1, 0x8, 0x8}, {0x5, 0x5, 0x6}, {0x5, 0x2, 0x7, 0x3}], 0x10, 0x5}, 0x94)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0xed}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000480)=r2, 0x4)
close(r1)

0s ago: executing program 1 (id=12846):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
close(r0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x200008c0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair(0x21, 0x80000, 0xc9, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89a1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0600000008000000030000000008000020000100", @ANYRES32, @ANYBLOB="0300000000000000000000000600000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000010000000100"/21, @ANYRES32, @ANYBLOB], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000640), &(0x7f0000000680)='%pi6   \x00'}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r4)
r6 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r6, &(0x7f00000010c0)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000480)='\\', 0x1}], 0x1}, 0x4000040)
sendmsg$inet(r6, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000180)}], 0x1}, 0x8040)
close(r6)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map, r3, 0xa, 0x2028}, 0x20)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000080)="2e00000010008188040f46ecdb4cb9cca7480ef431000000e3bd6efb010509000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x8000)
r8 = getpid()
perf_event_open(0x0, r8, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getpid()
bpf$ITER_CREATE(0x21, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)

kernel console output (not intermixed with test programs):

erface
[ 2185.678071][T26494] team0 (unregistering): Port device team_slave_1 removed
[ 2185.765320][T26494] team0 (unregistering): Port device team_slave_0 removed
[ 2185.846206][T26494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2185.927292][T26494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2186.456855][T26494] bond0 (unregistering): Released all slaves
[ 2186.591886][ T6425] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 2186.602252][ T6560] netlink: 'syz.0.11939': attribute type 10 has an invalid length.
[ 2186.611267][ T6425] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 2186.651595][ T6584] netlink: 'syz.3.11945': attribute type 10 has an invalid length.
[ 2186.674680][ T6584] netlink: 2 bytes leftover after parsing attributes in process `syz.3.11945'.
[ 2186.740825][ T6425] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 2186.908296][ T6587] netlink: 'syz.0.11946': attribute type 10 has an invalid length.
[ 2186.937775][ T6587] netlink: 2 bytes leftover after parsing attributes in process `syz.0.11946'.
[ 2187.145897][ T6425] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2187.251280][ T6425] 8021q: adding VLAN 0 to HW filter on device team0
[ 2187.367896][T26494] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2187.375546][T26494] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2187.395974][T26494] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2187.403636][T26494] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2187.904827][ T6425] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2188.026026][ T6425] veth0_vlan: entered promiscuous mode
[ 2188.055218][ T6425] veth1_vlan: entered promiscuous mode
[ 2188.124882][ T6425] veth0_macvtap: entered promiscuous mode
[ 2188.166128][ T6425] veth1_macvtap: entered promiscuous mode
[ 2188.213227][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2188.229847][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2188.244863][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2188.275817][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2188.289170][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2188.306469][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2188.328621][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2188.348705][ T6607] netlink: 'syz.2.11953': attribute type 10 has an invalid length.
[ 2188.565171][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2188.620048][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2188.636235][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2188.648400][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2188.658822][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2188.669886][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2188.685019][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2188.701758][ T6425] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2188.711958][ T6425] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2188.722556][ T6425] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2188.750202][ T6425] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2188.888809][ T6617] netlink: 'syz.0.11956': attribute type 10 has an invalid length.
[ 2188.920759][ T6617] netlink: 2 bytes leftover after parsing attributes in process `syz.0.11956'.
[ 2189.008274][ T2163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2189.019442][ T2163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2189.103462][T26494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2189.120065][T26494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2189.433994][ T6632] netlink: 'syz.3.11961': attribute type 10 has an invalid length.
[ 2189.447250][ T6632] netlink: 2 bytes leftover after parsing attributes in process `syz.3.11961'.
[ 2190.253826][ T6638] netlink: 'syz.0.11963': attribute type 10 has an invalid length.
[ 2190.287986][ T6638] netlink: 2 bytes leftover after parsing attributes in process `syz.0.11963'.
[ 2192.216865][ T6676] netlink: 'syz.2.11978': attribute type 10 has an invalid length.
[ 2192.227746][ T6676] netlink: 2 bytes leftover after parsing attributes in process `syz.2.11978'.
[ 2192.532270][ T6687] netlink: 'syz.2.11984': attribute type 21 has an invalid length.
[ 2192.601050][ T6689] netlink: 64 bytes leftover after parsing attributes in process `syz.3.11983'.
[ 2192.817741][ T6696] netlink: 'syz.2.11987': attribute type 10 has an invalid length.
[ 2193.808194][ T6706] netlink: 'syz.3.11993': attribute type 10 has an invalid length.
[ 2193.818246][ T6706] netlink: 2 bytes leftover after parsing attributes in process `syz.3.11993'.
[ 2193.927904][ T6712] netlink: 'syz.2.11995': attribute type 21 has an invalid length.
[ 2194.178714][ T6721] netlink: 'syz.3.11999': attribute type 10 has an invalid length.
[ 2194.225419][ T6716] netlink: 64 bytes leftover after parsing attributes in process `syz.1.11997'.
[ 2195.248333][ T6734] netlink: 'syz.0.12011': attribute type 10 has an invalid length.
[ 2195.440729][ T6738] netlink: 'syz.3.12006': attribute type 21 has an invalid length.
[ 2195.905625][ T6747] netlink: 'syz.2.12010': attribute type 10 has an invalid length.
[ 2195.919757][ T6747] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12010'.
[ 2196.607195][ T6755] netlink: 'syz.1.12014': attribute type 10 has an invalid length.
[ 2196.676902][ T6755] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 2196.694231][ T6756] netlink: 64 bytes leftover after parsing attributes in process `syz.0.12013'.
[ 2198.082013][ T6798] validate_nla: 1 callbacks suppressed
[ 2198.082031][ T6798] netlink: 'syz.2.12030': attribute type 21 has an invalid length.
[ 2198.110888][ T6794] netlink: 'syz.0.12028': attribute type 10 has an invalid length.
[ 2199.357061][ T6825] netlink: 'syz.0.12041': attribute type 21 has an invalid length.
[ 2199.524638][ T6828] netlink: 'syz.2.12042': attribute type 10 has an invalid length.
[ 2201.575904][ T6857] netlink: 10 bytes leftover after parsing attributes in process `syz.1.12052'.
[ 2201.605184][ T6858] Ÿë
: port 1(veth0_to_team) entered blocking state
[ 2201.616349][ T6858] Ÿë
: port 1(veth0_to_team) entered disabled state
[ 2201.625098][ T6858] veth0_to_team: entered allmulticast mode
[ 2201.656492][ T6858] veth0_to_team: entered promiscuous mode
[ 2201.732371][ T6866] FAULT_INJECTION: forcing a failure.
[ 2201.732371][ T6866] name failslab, interval 1, probability 0, space 0, times 0
[ 2201.746148][ T6866] CPU: 1 PID: 6866 Comm: syz.2.12057 Not tainted syzkaller #0
[ 2201.753991][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2201.766421][ T6866] Call Trace:
[ 2201.769727][ T6866]  <TASK>
[ 2201.772777][ T6866]  dump_stack_lvl+0x18c/0x250
[ 2201.777588][ T6866]  ? show_regs_print_info+0x20/0x20
[ 2201.779428][ T6864] netlink: 'syz.3.12054': attribute type 10 has an invalid length.
[ 2201.783062][ T6866]  ? load_image+0x400/0x400
[ 2201.783125][ T6866]  ? mark_lock+0x94/0x320
[ 2201.783148][ T6866]  ? __lock_acquire+0x1347/0x7d40
[ 2201.783174][ T6866]  should_fail_ex+0x39d/0x4d0
[ 2201.783204][ T6866]  should_failslab+0x9/0x20
[ 2201.815318][ T6866]  slab_pre_alloc_hook+0x59/0x310
[ 2201.820832][ T6866]  kmem_cache_alloc+0x5a/0x2d0
[ 2201.825817][ T6866]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 2201.831785][ T6866]  radix_tree_node_alloc+0x7e/0x3a0
[ 2201.837198][ T6866]  idr_get_free+0x2b3/0xa60
[ 2201.841857][ T6866]  idr_alloc_cyclic+0x27b/0x5d0
[ 2201.846927][ T6866]  ? idr_alloc+0x2f0/0x2f0
[ 2201.851547][ T6866]  ? do_raw_spin_lock+0x11f/0x2c0
[ 2201.856606][ T6866]  ? __radix_tree_preload+0x82/0x880
[ 2201.862101][ T6866]  ? btf_alloc_id+0x30/0x2d0
[ 2201.866721][ T6866]  btf_alloc_id+0x4f/0x2d0
[ 2201.871166][ T6866]  btf_new_fd+0x81b/0x9f0
[ 2201.875615][ T6866]  ? bpf_btf_show_fdinfo+0x80/0x80
[ 2201.880836][ T6866]  ? capable+0x88/0xe0
[ 2201.885116][ T6866]  __sys_bpf+0x670/0x890
[ 2201.889558][ T6866]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2201.895032][ T6866]  ? lock_chain_count+0x20/0x20
[ 2201.900011][ T6866]  __x64_sys_bpf+0x7c/0x90
[ 2201.904736][ T6866]  do_syscall_64+0x55/0xa0
[ 2201.909184][ T6866]  ? clear_bhb_loop+0x40/0x90
[ 2201.914054][ T6866]  ? clear_bhb_loop+0x40/0x90
[ 2201.919188][ T6866]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2201.925203][ T6866] RIP: 0033:0x7fdf4759c799
[ 2201.929896][ T6866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2201.950604][ T6866] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2201.959489][ T6866] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2201.967834][ T6866] RDX: 0000000000000028 RSI: 0000200000000100 RDI: 0000000000000012
[ 2201.975941][ T6866] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2201.984367][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2201.993150][ T6866] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2202.001249][ T6866]  </TASK>
[ 2202.910614][ T6895] netlink: 'syz.1.12068': attribute type 10 has an invalid length.
[ 2203.189072][ T6906] FAULT_INJECTION: forcing a failure.
[ 2203.189072][ T6906] name failslab, interval 1, probability 0, space 0, times 0
[ 2203.210231][ T6906] CPU: 0 PID: 6906 Comm: syz.1.12072 Not tainted syzkaller #0
[ 2203.218030][ T6906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2203.228719][ T6906] Call Trace:
[ 2203.232035][ T6906]  <TASK>
[ 2203.235233][ T6906]  dump_stack_lvl+0x18c/0x250
[ 2203.239961][ T6906]  ? show_regs_print_info+0x20/0x20
[ 2203.245495][ T6906]  ? load_image+0x400/0x400
[ 2203.250232][ T6906]  ? __might_sleep+0xe0/0xe0
[ 2203.255095][ T6906]  ? __lock_acquire+0x7d40/0x7d40
[ 2203.260276][ T6906]  should_fail_ex+0x39d/0x4d0
[ 2203.265112][ T6906]  should_failslab+0x9/0x20
[ 2203.269663][ T6906]  slab_pre_alloc_hook+0x59/0x310
[ 2203.274825][ T6906]  ? tomoyo_encode+0x28b/0x540
[ 2203.279820][ T6906]  ? tomoyo_encode+0x28b/0x540
[ 2203.284807][ T6906]  __kmem_cache_alloc_node+0x53/0x250
[ 2203.290313][ T6906]  ? tomoyo_encode+0x28b/0x540
[ 2203.295290][ T6906]  __kmalloc+0xa4/0x230
[ 2203.299576][ T6906]  tomoyo_encode+0x28b/0x540
[ 2203.304710][ T6906]  tomoyo_realpath_from_path+0x592/0x5d0
[ 2203.311365][ T6906]  tomoyo_path_number_perm+0x248/0x620
[ 2203.317313][ T6906]  ? tomoyo_path_number_perm+0x217/0x620
[ 2203.323225][ T6906]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 2203.328861][ T6906]  ? ksys_write+0x1c4/0x260
[ 2203.333428][ T6906]  ? __fget_files+0x28/0x4b0
[ 2203.338044][ T6906]  ? __fget_files+0x28/0x4b0
[ 2203.342759][ T6906]  security_file_ioctl+0x70/0xa0
[ 2203.348062][ T6906]  __se_sys_ioctl+0x48/0x170
[ 2203.352917][ T6906]  do_syscall_64+0x55/0xa0
[ 2203.357613][ T6906]  ? clear_bhb_loop+0x40/0x90
[ 2203.362547][ T6906]  ? clear_bhb_loop+0x40/0x90
[ 2203.367553][ T6906]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2203.373547][ T6906] RIP: 0033:0x7ff53399c799
[ 2203.378063][ T6906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2203.398838][ T6906] RSP: 002b:00007ff534871028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2203.408085][ T6906] RAX: ffffffffffffffda RBX: 00007ff533c15fa0 RCX: 00007ff53399c799
[ 2203.416328][ T6906] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000012
[ 2203.424450][ T6906] RBP: 00007ff534871090 R08: 0000000000000000 R09: 0000000000000000
[ 2203.432841][ T6906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2203.441162][ T6906] R13: 00007ff533c16038 R14: 00007ff533c15fa0 R15: 00007fff9e4a30a8
[ 2203.449733][ T6906]  </TASK>
[ 2203.492407][ T6906] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2203.669224][ T6918] FAULT_INJECTION: forcing a failure.
[ 2203.669224][ T6918] name failslab, interval 1, probability 0, space 0, times 0
[ 2203.686019][ T6918] CPU: 1 PID: 6918 Comm: syz.0.12078 Not tainted syzkaller #0
[ 2203.694235][ T6918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2203.705109][ T6918] Call Trace:
[ 2203.709123][ T6918]  <TASK>
[ 2203.712332][ T6918]  dump_stack_lvl+0x18c/0x250
[ 2203.717201][ T6918]  ? show_regs_print_info+0x20/0x20
[ 2203.722406][ T6918]  ? load_image+0x400/0x400
[ 2203.726995][ T6918]  ? __might_sleep+0xe0/0xe0
[ 2203.731761][ T6918]  ? __lock_acquire+0x7d40/0x7d40
[ 2203.736875][ T6918]  should_fail_ex+0x39d/0x4d0
[ 2203.741740][ T6918]  should_failslab+0x9/0x20
[ 2203.746246][ T6918]  slab_pre_alloc_hook+0x59/0x310
[ 2203.751481][ T6918]  ? bpf_prog_test_run_skb+0x238/0x12b0
[ 2203.757661][ T6918]  ? bpf_prog_test_run_skb+0x238/0x12b0
[ 2203.763569][ T6918]  __kmem_cache_alloc_node+0x53/0x250
[ 2203.768951][ T6918]  ? bpf_prog_test_run_skb+0x238/0x12b0
[ 2203.774717][ T6918]  __kmalloc+0xa4/0x230
[ 2203.779392][ T6918]  bpf_prog_test_run_skb+0x238/0x12b0
[ 2203.786447][ T6918]  ? __fget_files+0x28/0x4b0
[ 2203.791607][ T6918]  ? __fget_files+0x28/0x4b0
[ 2203.796376][ T6918]  ? __fget_files+0x43d/0x4b0
[ 2203.801062][ T6918]  ? cpu_online+0x60/0x60
[ 2203.805419][ T6918]  bpf_prog_test_run+0x321/0x390
[ 2203.810546][ T6918]  __sys_bpf+0x49d/0x890
[ 2203.815116][ T6918]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2203.820727][ T6918]  ? lock_chain_count+0x20/0x20
[ 2203.825941][ T6918]  __x64_sys_bpf+0x7c/0x90
[ 2203.830540][ T6918]  do_syscall_64+0x55/0xa0
[ 2203.835177][ T6918]  ? clear_bhb_loop+0x40/0x90
[ 2203.840229][ T6918]  ? clear_bhb_loop+0x40/0x90
[ 2203.845004][ T6918]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2203.851176][ T6918] RIP: 0033:0x7fe57c19c799
[ 2203.855795][ T6918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2203.876037][ T6918] RSP: 002b:00007fe57cff3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2203.884672][ T6918] RAX: ffffffffffffffda RBX: 00007fe57c415fa0 RCX: 00007fe57c19c799
[ 2203.893607][ T6918] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[ 2203.902425][ T6918] RBP: 00007fe57cff3090 R08: 0000000000000000 R09: 0000000000000000
[ 2203.910747][ T6918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2203.919063][ T6918] R13: 00007fe57c416038 R14: 00007fe57c415fa0 R15: 00007ffc850ce3f8
[ 2203.927314][ T6918]  </TASK>
[ 2204.041454][ T6925] netlink: 'syz.1.12080': attribute type 10 has an invalid length.
[ 2204.477529][ T6937] netlink: 'syz.2.12085': attribute type 1 has an invalid length.
[ 2204.494120][ T6937] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.12085'.
[ 2204.504319][ T6937] netlink: 9 bytes leftover after parsing attributes in process `syz.2.12085'.
[ 2204.624174][ T6940] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.12086'.
[ 2204.808780][ T6946] netlink: 'syz.0.12087': attribute type 9 has an invalid length.
[ 2204.826298][ T6946] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.12087'.
[ 2204.963685][ T6952] netlink: 'syz.3.12091': attribute type 10 has an invalid length.
[ 2205.297123][ T6966] netlink: 16410 bytes leftover after parsing attributes in process `syz.1.12097'.
[ 2205.368685][ T6966] netlink: 'syz.1.12097': attribute type 10 has an invalid length.
[ 2205.641478][ T6966] team0 (unregistering): Port device team_slave_0 removed
[ 2205.705934][ T6966] team0 (unregistering): Port device team_slave_1 removed
[ 2205.756124][ T6972] netlink: 'syz.0.12100': attribute type 21 has an invalid length.
[ 2205.916891][ T6979] netlink: 'syz.3.12103': attribute type 10 has an invalid length.
[ 2206.334139][ T6995] netlink: 'syz.3.12111': attribute type 21 has an invalid length.
[ 2206.506433][ T7002] netlink: 'syz.0.12115': attribute type 10 has an invalid length.
[ 2206.601728][ T7010] netlink: 'syz.0.12117': attribute type 21 has an invalid length.
[ 2206.618900][ T7010] netlink: 132 bytes leftover after parsing attributes in process `syz.0.12117'.
[ 2207.276719][ T7034] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.12125'.
[ 2207.289236][ T7034] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2208.036813][ T7036] Ÿë
: port 2(gretap0) entered blocking state
[ 2208.044049][ T7036] Ÿë
: port 2(gretap0) entered disabled state
[ 2208.069826][ T7036] gretap0: entered allmulticast mode
[ 2208.093829][ T7036] gretap0: entered promiscuous mode
[ 2208.592975][ T7058] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12136'.
[ 2208.613659][ T7058] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2208.687953][ T7063] mac80211_hwsim hwsim85 wlan1: entered allmulticast mode
[ 2209.713169][ T7076] Ÿë
: port 1(gretap0) entered blocking state
[ 2209.731519][ T7076] Ÿë
: port 1(gretap0) entered disabled state
[ 2209.738891][ T7076] gretap0: entered allmulticast mode
[ 2209.766637][ T7076] gretap0: entered promiscuous mode
[ 2209.935163][ T7088] validate_nla: 6 callbacks suppressed
[ 2209.935179][ T7088] netlink: 'syz.0.12147': attribute type 21 has an invalid length.
[ 2210.002191][ T7089] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12148'.
[ 2210.017861][ T7089] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2210.134804][ T7089] netlink: 'syz.1.12148': attribute type 39 has an invalid length.
[ 2210.255977][ T7097] netlink: 'syz.2.12152': attribute type 10 has an invalid length.
[ 2210.678276][ T7113] Ÿë
: port 2(gretap0) entered blocking state
[ 2210.692695][ T7113] Ÿë
: port 2(gretap0) entered disabled state
[ 2210.702306][ T7113] gretap0: entered allmulticast mode
[ 2210.709550][ T7113] gretap0: entered promiscuous mode
[ 2211.491481][ T7118] netlink: 'syz.3.12159': attribute type 21 has an invalid length.
[ 2211.609288][ T7124] netlink: 'syz.0.12162': attribute type 10 has an invalid length.
[ 2211.686739][ T7128] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12164'.
[ 2211.750240][ T7128] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2211.816465][ T7128] netlink: 'syz.1.12164': attribute type 39 has an invalid length.
[ 2212.002247][ T7139] FAULT_INJECTION: forcing a failure.
[ 2212.002247][ T7139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2212.053707][ T7139] CPU: 1 PID: 7139 Comm: syz.3.12169 Not tainted syzkaller #0
[ 2212.061941][ T7139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2212.072648][ T7139] Call Trace:
[ 2212.076019][ T7139]  <TASK>
[ 2212.079193][ T7139]  dump_stack_lvl+0x18c/0x250
[ 2212.084210][ T7139]  ? show_regs_print_info+0x20/0x20
[ 2212.089652][ T7139]  ? load_image+0x400/0x400
[ 2212.094660][ T7139]  ? __lock_acquire+0x7d40/0x7d40
[ 2212.095752][ T7140] netlink: 'syz.1.12168': attribute type 10 has an invalid length.
[ 2212.100072][ T7139]  ? snprintf+0xe9/0x140
[ 2212.100111][ T7139]  should_fail_ex+0x39d/0x4d0
[ 2212.100140][ T7139]  _copy_to_user+0x2f/0xa0
[ 2212.100162][ T7139]  simple_read_from_buffer+0xe7/0x150
[ 2212.100194][ T7139]  proc_fail_nth_read+0x1e8/0x260
[ 2212.100223][ T7139]  ? proc_fault_inject_write+0x360/0x360
[ 2212.100251][ T7139]  ? fsnotify_perm+0x271/0x5e0
[ 2212.100277][ T7139]  ? proc_fault_inject_write+0x360/0x360
[ 2212.149856][ T7139]  vfs_read+0x28b/0x970
[ 2212.154034][ T7139]  ? kernel_read+0x1e0/0x1e0
[ 2212.158712][ T7139]  ? __fget_files+0x28/0x4b0
[ 2212.163388][ T7139]  ? __fget_files+0x28/0x4b0
[ 2212.167977][ T7139]  ? __fget_files+0x43d/0x4b0
[ 2212.173093][ T7139]  ? __fdget_pos+0x2a3/0x330
[ 2212.177794][ T7139]  ? ksys_read+0x75/0x260
[ 2212.182326][ T7139]  ksys_read+0x150/0x260
[ 2212.186749][ T7139]  ? vfs_write+0x990/0x990
[ 2212.191168][ T7139]  ? lockdep_hardirqs_on+0x98/0x150
[ 2212.196455][ T7139]  do_syscall_64+0x55/0xa0
[ 2212.200903][ T7139]  ? clear_bhb_loop+0x40/0x90
[ 2212.205780][ T7139]  ? clear_bhb_loop+0x40/0x90
[ 2212.210638][ T7139]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2212.216748][ T7139] RIP: 0033:0x7faa6a55cfce
[ 2212.221253][ T7139] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2212.241743][ T7139] RSP: 002b:00007faa6b481fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2212.250599][ T7139] RAX: ffffffffffffffda RBX: 00007faa6b4826c0 RCX: 00007faa6a55cfce
[ 2212.258696][ T7139] RDX: 000000000000000f RSI: 00007faa6b4820a0 RDI: 0000000000000003
[ 2212.267235][ T7139] RBP: 00007faa6b482090 R08: 0000000000000000 R09: 0000000000000000
[ 2212.275766][ T7139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2212.284520][ T7139] R13: 00007faa6a816038 R14: 00007faa6a815fa0 R15: 00007ffcbfa4dcf8
[ 2212.293125][ T7139]  </TASK>
[ 2212.511769][ T7150] netlink: 'syz.2.12174': attribute type 10 has an invalid length.
[ 2212.706787][ T7158] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.12178'.
[ 2212.737358][ T7158] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2212.787800][ T7158] netlink: 'syz.2.12178': attribute type 39 has an invalid length.
[ 2213.035537][ T7172] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.12182'.
[ 2213.181770][ T7172] netlink: 'syz.2.12182': attribute type 10 has an invalid length.
[ 2213.364252][ T7172] team0 (unregistering): Port device team_slave_0 removed
[ 2213.394082][ T7172] team0 (unregistering): Port device team_slave_1 removed
[ 2213.748202][ T7189] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12191'.
[ 2213.766429][ T7189] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2214.497127][ T6102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2214.526101][ T6102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2214.540823][ T6102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2214.568214][ T6102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2214.585706][ T6102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 2214.604501][ T6102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2214.677865][ T2162] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2214.846670][ T2162] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2214.923823][ T7214] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.12198'.
[ 2215.022848][ T2162] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2215.036782][ T7216] validate_nla: 3 callbacks suppressed
[ 2215.036819][ T7216] netlink: 'syz.1.12199': attribute type 10 has an invalid length.
[ 2215.052210][ T7214] netlink: 'syz.0.12198': attribute type 10 has an invalid length.
[ 2215.200873][ T7214] team0 (unregistering): Port device C removed
[ 2215.257987][ T7214] team0 (unregistering): Port device team_slave_1 removed
[ 2215.311014][ T7220] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12201'.
[ 2215.332191][ T7220] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2215.364450][ T2162] bond0: (slave netdevsim0): Releasing backup interface
[ 2215.383643][ T2162] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2215.414299][ T7220] netlink: 'syz.1.12201': attribute type 39 has an invalid length.
[ 2215.547932][ T7204] chnl_net:caif_netlink_parms(): no params data found
[ 2215.741135][ T7204] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2215.749114][ T7204] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2215.775547][ T7229] netlink: 'syz.0.12203': attribute type 9 has an invalid length.
[ 2215.809787][ T7204] bridge_slave_0: entered allmulticast mode
[ 2215.827496][ T7229] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.12203'.
[ 2215.857935][ T7204] bridge_slave_0: entered promiscuous mode
[ 2215.869710][ T7204] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2215.878419][ T7204] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2215.886360][ T7204] bridge_slave_1: entered allmulticast mode
[ 2215.896721][ T7204] bridge_slave_1: entered promiscuous mode
[ 2216.175111][ T7204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2216.262294][ T7204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2216.384829][ T7204] team0: Port device team_slave_0 added
[ 2216.407367][ T7246] netlink: 'syz.2.12207': attribute type 10 has an invalid length.
[ 2216.424430][ T7204] team0: Port device team_slave_1 added
[ 2216.569077][ T7204] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2216.583410][ T7204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2216.639601][ T7204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2216.670366][ T6102] Bluetooth: hci2: command tx timeout
[ 2217.497162][ T7204] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2217.519486][ T7204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2217.570833][ T7204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2217.602238][ T7265] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.12212'.
[ 2217.630123][ T7265] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2217.711437][ T7265] netlink: 'syz.2.12212': attribute type 39 has an invalid length.
[ 2217.728395][ T7269] netlink: 'syz.1.12213': attribute type 9 has an invalid length.
[ 2217.758624][ T7269] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.12213'.
[ 2217.863128][ T2162] gretap0 (unregistering): left allmulticast mode
[ 2217.869739][ T2162] gretap0 (unregistering): left promiscuous mode
[ 2217.882007][ T2162] Ÿë
: port 2(gretap0) entered disabled state
[ 2217.998703][ T7204] hsr_slave_0: entered promiscuous mode
[ 2218.005484][ T7204] hsr_slave_1: entered promiscuous mode
[ 2218.207641][ T7279] netlink: 'syz.1.12217': attribute type 10 has an invalid length.
[ 2218.760427][ T6102] Bluetooth: hci2: command tx timeout
[ 2219.485062][ T7308] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12222'.
[ 2219.513903][ T7308] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2219.629589][ T7312] netlink: 'syz.1.12222': attribute type 39 has an invalid length.
[ 2219.798492][ T2162] veth0_to_team: left allmulticast mode
[ 2219.841864][ T2162] veth0_to_team: left promiscuous mode
[ 2219.848648][ T2162] Ÿë
: port 1(veth0_to_team) entered disabled state
[ 2219.872841][ T2162] hsr_slave_0: left promiscuous mode
[ 2219.902760][ T2162] hsr_slave_1: left promiscuous mode
[ 2219.928257][ T2162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2219.957757][ T2162] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2219.979735][ T2162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2220.000513][ T2162] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2220.037665][ T2162] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi
[ 2220.061470][ T2162] batman_adv: batadv0: Removing interface: veth1_virt_wifi
[ 2220.079302][ T2162] hsr0: left allmulticast mode
[ 2220.088584][ T2162] bridge0: port 3(hsr0) entered disabled state
[ 2220.109538][ T2162] bridge_slave_1: left allmulticast mode
[ 2220.128767][ T2162] bridge_slave_1: left promiscuous mode
[ 2220.147739][ T2162] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2220.175690][ T2162] bridge_slave_0: left allmulticast mode
[ 2220.189146][ T2162] bridge_slave_0: left promiscuous mode
[ 2220.203417][ T2162] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2220.261379][ T2162] veth1_macvtap: left promiscuous mode
[ 2220.268315][ T2162] veth0_macvtap: left promiscuous mode
[ 2220.840259][ T6102] Bluetooth: hci2: command tx timeout
[ 2221.144750][ T2162] team0 (unregistering): Port device team_slave_1 removed
[ 2221.228618][ T2162] team0 (unregistering): Port device team_slave_0 removed
[ 2221.306042][ T2162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2221.390816][ T2162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2221.943342][ T2162] bond0 (unregistering): Released all slaves
[ 2222.195174][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2222.202835][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2222.321903][ T7204] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2222.375907][ T7204] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2222.392269][ T7204] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2222.920458][ T6102] Bluetooth: hci2: command tx timeout
[ 2223.191908][ T7204] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2223.547240][ T7204] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2223.603604][ T7204] 8021q: adding VLAN 0 to HW filter on device team0
[ 2223.637658][T26494] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2223.645989][T26494] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2223.712433][T26494] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2223.720240][T26494] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2223.736841][ T7373] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.12238'.
[ 2225.168515][ T7204] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2225.318234][ T7204] veth0_vlan: entered promiscuous mode
[ 2225.379569][ T7204] veth1_vlan: entered promiscuous mode
[ 2225.461910][ T7204] veth0_macvtap: entered promiscuous mode
[ 2225.487188][ T7204] veth1_macvtap: entered promiscuous mode
[ 2225.537709][ T7204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2225.555976][ T7204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2225.568060][ T7204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2225.600050][ T7204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2225.641180][ T7204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2225.660208][ T7204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2225.687554][ T7204] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2225.785471][ T7204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2225.798215][ T7204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2225.819480][ T7204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2225.855749][ T7204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2225.879958][ T7204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2225.902381][ T7204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2225.925298][ T7204] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2225.971657][ T7204] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2225.998507][ T7204] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2226.021011][ T7204] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2226.050968][ T7204] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2226.223298][ T2164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2226.244448][ T2164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2226.328670][ T2163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2226.347088][ T2163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2226.414000][ T7447] FAULT_INJECTION: forcing a failure.
[ 2226.414000][ T7447] name failslab, interval 1, probability 0, space 0, times 0
[ 2226.438790][ T7447] CPU: 0 PID: 7447 Comm: syz.2.12250 Not tainted syzkaller #0
[ 2226.447113][ T7447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2226.459125][ T7447] Call Trace:
[ 2226.462786][ T7447]  <TASK>
[ 2226.466109][ T7447]  dump_stack_lvl+0x18c/0x250
[ 2226.471291][ T7447]  ? show_regs_print_info+0x20/0x20
[ 2226.476726][ T7447]  ? load_image+0x400/0x400
[ 2226.481954][ T7447]  ? verify_lock_unused+0x140/0x140
[ 2226.487392][ T7447]  should_fail_ex+0x39d/0x4d0
[ 2226.492380][ T7447]  should_failslab+0x9/0x20
[ 2226.497116][ T7447]  slab_pre_alloc_hook+0x59/0x310
[ 2226.502443][ T7447]  kmem_cache_alloc+0x5a/0x2d0
[ 2226.507608][ T7447]  ? skb_clone+0x1eb/0x370
[ 2226.512492][ T7447]  skb_clone+0x1eb/0x370
[ 2226.517017][ T7447]  __netlink_deliver_tap+0x41c/0x830
[ 2226.522498][ T7447]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2226.528051][ T7447]  netlink_deliver_tap+0x19c/0x1b0
[ 2226.533449][ T7447]  netlink_unicast+0x72c/0x8d0
[ 2226.538324][ T7447]  netlink_sendmsg+0x8d0/0xbf0
[ 2226.543247][ T7447]  ? netlink_getsockopt+0x590/0x590
[ 2226.548632][ T7447]  ? aa_sock_msg_perm+0x94/0x150
[ 2226.553747][ T7447]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2226.559124][ T7447]  ? security_socket_sendmsg+0x80/0xa0
[ 2226.564680][ T7447]  ? netlink_getsockopt+0x590/0x590
[ 2226.570000][ T7447]  ____sys_sendmsg+0x5ba/0x960
[ 2226.574887][ T7447]  ? __asan_memset+0x22/0x40
[ 2226.579580][ T7447]  ? __sys_sendmsg_sock+0x30/0x30
[ 2226.584684][ T7447]  ? __import_iovec+0x5f2/0x850
[ 2226.589717][ T7447]  ? import_iovec+0x73/0xa0
[ 2226.594514][ T7447]  ___sys_sendmsg+0x2a6/0x360
[ 2226.599413][ T7447]  ? get_pid_task+0x20/0x1e0
[ 2226.604548][ T7447]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2226.609334][ T7447]  ? __lock_acquire+0x7d40/0x7d40
[ 2226.614690][ T7447]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2226.620263][ T7447]  ? __x64_sys_sendmsg+0x80/0x80
[ 2226.625407][ T7447]  ? lockdep_hardirqs_on+0x98/0x150
[ 2226.631180][ T7447]  do_syscall_64+0x55/0xa0
[ 2226.635808][ T7447]  ? clear_bhb_loop+0x40/0x90
[ 2226.641117][ T7447]  ? clear_bhb_loop+0x40/0x90
[ 2226.646069][ T7447]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2226.652159][ T7447] RIP: 0033:0x7fdf4759c799
[ 2226.656607][ T7447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2226.676761][ T7447] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2226.685287][ T7447] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2226.693519][ T7447] RDX: 000000002000c090 RSI: 0000200000000040 RDI: 0000000000000004
[ 2226.701963][ T7447] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2226.710556][ T7447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2226.719047][ T7447] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2226.727320][ T7447]  </TASK>
[ 2226.800915][ T7450] Ÿë
: port 1(gretap0) entered blocking state
[ 2226.807544][ T7450] Ÿë
: port 1(gretap0) entered disabled state
[ 2226.814733][ T7450] gretap0: entered allmulticast mode
[ 2226.822829][ T7450] gretap0: entered promiscuous mode
[ 2227.557657][T12379] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 2227.569389][T12379] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 2227.583318][T12379] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 2227.596209][T12379] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 2227.604576][T12379] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 2227.612761][T12379] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 2227.899514][ T7471] netlink: 'syz.2.12253': attribute type 12 has an invalid length.
[ 2228.369592][ T7493] FAULT_INJECTION: forcing a failure.
[ 2228.369592][ T7493] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2228.374867][ T7463] chnl_net:caif_netlink_parms(): no params data found
[ 2228.431542][ T7493] CPU: 1 PID: 7493 Comm: syz.1.12258 Not tainted syzkaller #0
[ 2228.439872][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2228.451014][ T7493] Call Trace:
[ 2228.454411][ T7493]  <TASK>
[ 2228.457387][ T7493]  dump_stack_lvl+0x18c/0x250
[ 2228.462211][ T7493]  ? show_regs_print_info+0x20/0x20
[ 2228.467457][ T7493]  ? load_image+0x400/0x400
[ 2228.472269][ T7493]  ? __might_fault+0xaa/0x120
[ 2228.477330][ T7493]  ? __lock_acquire+0x7d40/0x7d40
[ 2228.482572][ T7493]  should_fail_ex+0x39d/0x4d0
[ 2228.487559][ T7493]  _copy_from_user+0x2f/0xe0
[ 2228.492363][ T7493]  btf_new_fd+0x366/0x9f0
[ 2228.496915][ T7493]  ? bpf_btf_show_fdinfo+0x80/0x80
[ 2228.502084][ T7493]  ? capable+0x88/0xe0
[ 2228.506378][ T7493]  __sys_bpf+0x670/0x890
[ 2228.511083][ T7493]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2228.516701][ T7493]  ? lock_chain_count+0x20/0x20
[ 2228.521806][ T7493]  __x64_sys_bpf+0x7c/0x90
[ 2228.526371][ T7493]  do_syscall_64+0x55/0xa0
[ 2228.531029][ T7493]  ? clear_bhb_loop+0x40/0x90
[ 2228.536036][ T7493]  ? clear_bhb_loop+0x40/0x90
[ 2228.540935][ T7493]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2228.547224][ T7493] RIP: 0033:0x7ff53399c799
[ 2228.552125][ T7493] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2228.572463][ T7493] RSP: 002b:00007ff534871028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2228.581198][ T7493] RAX: ffffffffffffffda RBX: 00007ff533c15fa0 RCX: 00007ff53399c799
[ 2228.589555][ T7493] RDX: 0000000000000028 RSI: 0000200000000100 RDI: 0000000000000012
[ 2228.597926][ T7493] RBP: 00007ff534871090 R08: 0000000000000000 R09: 0000000000000000
[ 2228.606203][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2228.614841][ T7493] R13: 00007ff533c16038 R14: 00007ff533c15fa0 R15: 00007fff9e4a30a8
[ 2228.623397][ T7493]  </TASK>
[ 2228.947614][ T7507] netlink: 826 bytes leftover after parsing attributes in process `syz.1.12260'.
[ 2228.998638][ T7463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2229.037426][ T7463] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2229.080386][ T7463] bridge_slave_0: entered allmulticast mode
[ 2229.140515][ T7463] bridge_slave_0: entered promiscuous mode
[ 2229.204736][ T7513] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.12260'.
[ 2229.254012][ T7463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2229.284736][ T7463] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2229.313763][ T7463] bridge_slave_1: entered allmulticast mode
[ 2229.350999][ T7463] bridge_slave_1: entered promiscuous mode
[ 2229.537355][ T7463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2229.592439][ T7463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2229.715345][ T6102] Bluetooth: hci3: command tx timeout
[ 2229.769430][ T7463] team0: Port device team_slave_0 added
[ 2229.803917][ T7463] team0: Port device team_slave_1 added
[ 2229.917430][ T7463] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2229.929575][ T7463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2229.973865][ T7463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2229.999306][ T7463] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2230.008174][ T7463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2230.049698][ T7463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2231.801233][ T6102] Bluetooth: hci3: command tx timeout
[ 2232.035148][ T7463] hsr_slave_0: entered promiscuous mode
[ 2232.043497][ T7463] hsr_slave_1: entered promiscuous mode
[ 2232.051054][ T7463] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2232.059175][ T7463] Cannot create hsr debugfs directory
[ 2232.134075][ T7530] FAULT_INJECTION: forcing a failure.
[ 2232.134075][ T7530] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.148553][ T7530] CPU: 0 PID: 7530 Comm: syz.2.12266 Not tainted syzkaller #0
[ 2232.156242][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2232.166580][ T7530] Call Trace:
[ 2232.169867][ T7530]  <TASK>
[ 2232.172811][ T7530]  dump_stack_lvl+0x18c/0x250
[ 2232.177576][ T7530]  ? show_regs_print_info+0x20/0x20
[ 2232.183156][ T7530]  ? load_image+0x400/0x400
[ 2232.187768][ T7530]  ? __might_sleep+0xe0/0xe0
[ 2232.192555][ T7530]  ? __lock_acquire+0x7d40/0x7d40
[ 2232.197894][ T7530]  should_fail_ex+0x39d/0x4d0
[ 2232.202600][ T7530]  should_failslab+0x9/0x20
[ 2232.207744][ T7530]  slab_pre_alloc_hook+0x59/0x310
[ 2232.212972][ T7530]  kmem_cache_alloc_node+0x60/0x320
[ 2232.218454][ T7530]  ? lock_chain_count+0x20/0x20
[ 2232.224109][ T7530]  ? dup_task_struct+0x57/0x7c0
[ 2232.229476][ T7530]  dup_task_struct+0x57/0x7c0
[ 2232.234676][ T7530]  ? lockdep_hardirqs_on+0x98/0x150
[ 2232.240355][ T7530]  copy_process+0x586/0x3d80
[ 2232.245328][ T7530]  ? __might_fault+0xaa/0x120
[ 2232.250340][ T7530]  ? get_pid_task+0x20/0x1e0
[ 2232.255075][ T7530]  ? __pidfd_prepare+0x140/0x140
[ 2232.260260][ T7530]  kernel_clone+0x24b/0x8a0
[ 2232.264822][ T7530]  ? create_io_thread+0x190/0x190
[ 2232.269895][ T7530]  __x64_sys_clone+0x1b7/0x230
[ 2232.274956][ T7530]  ? __fget_files+0x43d/0x4b0
[ 2232.279856][ T7530]  ? __ia32_sys_vfork+0x140/0x140
[ 2232.284913][ T7530]  ? lock_chain_count+0x20/0x20
[ 2232.289779][ T7530]  ? lockdep_hardirqs_on+0x98/0x150
[ 2232.295000][ T7530]  do_syscall_64+0x55/0xa0
[ 2232.299662][ T7530]  ? clear_bhb_loop+0x40/0x90
[ 2232.304700][ T7530]  ? clear_bhb_loop+0x40/0x90
[ 2232.309894][ T7530]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2232.316089][ T7530] RIP: 0033:0x7fdf4759c799
[ 2232.320967][ T7530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2232.342726][ T7530] RSP: 002b:00007fdf4844dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2232.351325][ T7530] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2232.359942][ T7530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[ 2232.368226][ T7530] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2232.376504][ T7530] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 2232.385021][ T7530] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2232.393660][ T7530]  </TASK>
[ 2232.725302][ T7532] netlink: 'syz.1.12265': attribute type 29 has an invalid length.
[ 2233.042250][ T7541] netlink: 'syz.1.12265': attribute type 1 has an invalid length.
[ 2233.072425][ T7541] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.12265'.
[ 2233.878235][ T6102] Bluetooth: hci3: command tx timeout
[ 2234.294883][T26494] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2234.329636][ T7532] netlink: 'syz.1.12265': attribute type 29 has an invalid length.
[ 2234.496293][T26494] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2234.680278][T26494] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2235.010952][T26494] bond0: (slave netdevsim0): Releasing backup interface
[ 2235.054511][T26494] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2235.431091][ T7571] netlink: 'syz.2.12277': attribute type 21 has an invalid length.
[ 2235.467912][ T7571] netlink: 132 bytes leftover after parsing attributes in process `syz.2.12277'.
[ 2235.491808][ T7571] netlink: 'syz.2.12277': attribute type 1 has an invalid length.
[ 2235.527370][ T7571] netlink: 'syz.2.12277': attribute type 21 has an invalid length.
[ 2235.536873][ T7571] IPv6: NLM_F_CREATE should be specified when creating new route
[ 2235.639636][ T7579] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.12277'.
[ 2235.950299][ T6102] Bluetooth: hci3: command tx timeout
[ 2236.362758][ T7598] FAULT_INJECTION: forcing a failure.
[ 2236.362758][ T7598] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2236.380571][ T7598] CPU: 0 PID: 7598 Comm: syz.2.12285 Not tainted syzkaller #0
[ 2236.389156][ T7598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2236.400396][ T7598] Call Trace:
[ 2236.403971][ T7598]  <TASK>
[ 2236.407327][ T7598]  dump_stack_lvl+0x18c/0x250
[ 2236.412055][ T7598]  ? show_regs_print_info+0x20/0x20
[ 2236.417831][ T7598]  ? load_image+0x400/0x400
[ 2236.422959][ T7598]  ? __might_fault+0xaa/0x120
[ 2236.427822][ T7598]  ? __lock_acquire+0x7d40/0x7d40
[ 2236.433474][ T7598]  should_fail_ex+0x39d/0x4d0
[ 2236.438336][ T7598]  _copy_from_user+0x2f/0xe0
[ 2236.443204][ T7598]  ___sys_sendmsg+0x1c7/0x360
[ 2236.448165][ T7598]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2236.453227][ T7598]  ? __lock_acquire+0x7d40/0x7d40
[ 2236.458652][ T7598]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2236.463947][ T7598]  ? __x64_sys_sendmsg+0x80/0x80
[ 2236.469144][ T7598]  ? lockdep_hardirqs_on+0x98/0x150
[ 2236.474900][ T7598]  do_syscall_64+0x55/0xa0
[ 2236.479805][ T7598]  ? clear_bhb_loop+0x40/0x90
[ 2236.484808][ T7598]  ? clear_bhb_loop+0x40/0x90
[ 2236.489769][ T7598]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2236.495884][ T7598] RIP: 0033:0x7fdf4759c799
[ 2236.500415][ T7598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2236.520644][ T7598] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2236.529279][ T7598] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2236.537876][ T7598] RDX: 0000000020000810 RSI: 0000200000000100 RDI: 0000000000000004
[ 2236.546146][ T7598] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2236.554233][ T7598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2236.562592][ T7598] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2236.572485][ T7598]  </TASK>
[ 2240.459137][ T7463] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2240.514389][ T7463] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2240.526330][ T7463] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2240.560813][ T7613] netlink: 'syz.3.12292': attribute type 10 has an invalid length.
[ 2240.601196][ T7613] team0: Device wg1 is of different type
[ 2240.662904][ T7463] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2240.885688][ T7463] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2240.939348][ T7463] 8021q: adding VLAN 0 to HW filter on device team0
[ 2240.969085][T26486] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2240.976456][T26486] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2241.014533][ T2162] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2241.021894][ T2162] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2241.511888][ T7463] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2241.542170][T26494] veth0_to_team: left allmulticast mode
[ 2241.548589][T26494] veth0_to_team: left promiscuous mode
[ 2241.556138][T26494] Ÿë
: port 1(veth0_to_team) entered disabled state
[ 2241.568327][T26494] hsr_slave_0: left promiscuous mode
[ 2241.575317][T26494] hsr_slave_1: left promiscuous mode
[ 2241.581986][T26494] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2241.589590][T26494] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2241.597942][T26494] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2241.608645][T26494] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2241.617181][T26494] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi
[ 2241.626336][T26494] batman_adv: batadv0: Removing interface: veth1_virt_wifi
[ 2241.635860][T26494] hsr0: left allmulticast mode
[ 2241.641190][T26494] bridge0: port 3(hsr0) entered disabled state
[ 2241.649214][T26494] bridge_slave_1: left allmulticast mode
[ 2241.655134][T26494] bridge_slave_1: left promiscuous mode
[ 2241.661988][T26494] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2241.680620][T26494] veth1_macvtap: left promiscuous mode
[ 2241.686273][T26494] veth0_macvtap: left promiscuous mode
[ 2242.399182][T26494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2242.696392][T26494] bond0 (unregistering): Released all slaves
[ 2242.854577][ T7463] veth0_vlan: entered promiscuous mode
[ 2242.878843][ T7463] veth1_vlan: entered promiscuous mode
[ 2242.934987][ T7463] veth0_macvtap: entered promiscuous mode
[ 2242.953560][ T7463] veth1_macvtap: entered promiscuous mode
[ 2242.987269][ T7463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2242.998872][ T7463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2243.009202][ T7463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2243.021282][ T7463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2243.031985][ T7463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2243.043297][ T7463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2243.056658][ T7463] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2243.082976][ T7463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2243.095949][ T7463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2243.106995][ T7463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2243.118582][ T7463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2243.129405][ T7463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2243.140362][ T7463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2243.153078][ T7463] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2243.166416][ T7463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2243.175636][ T7463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2243.185409][ T7463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2243.195441][ T7463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2243.298007][T19787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2243.307373][T19787] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2243.334220][T19787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2243.342706][T19787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2243.558260][ T7628] netlink: 'syz.3.12303': attribute type 7 has an invalid length.
[ 2243.575317][ T7630] netlink: 'syz.1.12301': attribute type 1 has an invalid length.
[ 2243.584571][ T7628] netlink: 176 bytes leftover after parsing attributes in process `syz.3.12303'.
[ 2243.595243][ T7630] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.12301'.
[ 2243.616898][ T7633] netlink: 'syz.3.12303': attribute type 10 has an invalid length.
[ 2243.633001][ T7633] veth0_macvtap: left promiscuous mode
[ 2243.703505][ T7634] netdevsim netdevsim1 ÿÿÿÿÿÿ: renamed from netdevsim0
[ 2244.034266][ T7645] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.12297'.
[ 2244.052757][ T7646] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2244.067729][ T7645] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2244.110787][ T7649] netlink: 'syz.2.12297': attribute type 39 has an invalid length.
[ 2244.256794][ T7650] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.12298'.
[ 2244.444756][ T7655] netlink: 'syz.1.12304': attribute type 10 has an invalid length.
[ 2244.483104][ T7655] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2244.494730][ T7655] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2244.564476][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2244.572328][ T7655] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2244.581489][ T7655] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2244.589695][ T7655] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2244.647230][ T7655] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 2244.776878][ T7662] netlink: 'syz.2.12306': attribute type 10 has an invalid length.
[ 2244.810333][ T7662] FAULT_INJECTION: forcing a failure.
[ 2244.810333][ T7662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2244.837301][ T7662] CPU: 0 PID: 7662 Comm: syz.2.12306 Not tainted syzkaller #0
[ 2244.844995][ T7662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2244.855488][ T7662] Call Trace:
[ 2244.858951][ T7662]  <TASK>
[ 2244.861983][ T7662]  dump_stack_lvl+0x18c/0x250
[ 2244.866851][ T7662]  ? show_regs_print_info+0x20/0x20
[ 2244.872315][ T7662]  ? load_image+0x400/0x400
[ 2244.876997][ T7662]  ? __lock_acquire+0x7d40/0x7d40
[ 2244.882366][ T7662]  ? snprintf+0xe9/0x140
[ 2244.886927][ T7662]  should_fail_ex+0x39d/0x4d0
[ 2244.891888][ T7662]  _copy_to_user+0x2f/0xa0
[ 2244.896606][ T7662]  simple_read_from_buffer+0xe7/0x150
[ 2244.902191][ T7662]  proc_fail_nth_read+0x1e8/0x260
[ 2244.907357][ T7662]  ? proc_fault_inject_write+0x360/0x360
[ 2244.913445][ T7662]  ? fsnotify_perm+0x271/0x5e0
[ 2244.918306][ T7662]  ? proc_fault_inject_write+0x360/0x360
[ 2244.924124][ T7662]  vfs_read+0x28b/0x970
[ 2244.928649][ T7662]  ? kernel_read+0x1e0/0x1e0
[ 2244.933412][ T7662]  ? __fget_files+0x28/0x4b0
[ 2244.938693][ T7662]  ? __fget_files+0x28/0x4b0
[ 2244.943370][ T7662]  ? __fget_files+0x43d/0x4b0
[ 2244.948400][ T7662]  ? __fdget_pos+0x2a3/0x330
[ 2244.952990][ T7662]  ? ksys_read+0x75/0x260
[ 2244.957773][ T7662]  ksys_read+0x150/0x260
[ 2244.962637][ T7662]  ? vfs_write+0x990/0x990
[ 2244.967172][ T7662]  ? lockdep_hardirqs_on+0x98/0x150
[ 2244.972734][ T7662]  do_syscall_64+0x55/0xa0
[ 2244.977476][ T7662]  ? clear_bhb_loop+0x40/0x90
[ 2244.982251][ T7662]  ? clear_bhb_loop+0x40/0x90
[ 2244.987227][ T7662]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2244.993144][ T7662] RIP: 0033:0x7fdf4755cfce
[ 2244.997735][ T7662] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2245.018033][ T7662] RSP: 002b:00007fdf4844dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2245.027011][ T7662] RAX: ffffffffffffffda RBX: 00007fdf4844e6c0 RCX: 00007fdf4755cfce
[ 2245.035429][ T7662] RDX: 000000000000000f RSI: 00007fdf4844e0a0 RDI: 0000000000000004
[ 2245.044475][ T7662] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2245.053964][ T7662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2245.062578][ T7662] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2245.070927][ T7662]  </TASK>
[ 2245.264926][ T7671] netlink: 'syz.1.12309': attribute type 10 has an invalid length.
[ 2245.275842][ T7675] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12312'.
[ 2245.293566][ T7675] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2245.320369][ T7675] netlink: 'syz.3.12312': attribute type 39 has an invalid length.
[ 2246.236112][ T7683] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2246.352208][ T7692] netlink: 'syz.3.12319': attribute type 46 has an invalid length.
[ 2246.366450][ T7692] netlink: 36 bytes leftover after parsing attributes in process `syz.3.12319'.
[ 2247.810117][ T7721] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12328'.
[ 2247.833179][ T7721] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2247.879037][ T7721] netlink: 'syz.0.12328': attribute type 39 has an invalid length.
[ 2248.277584][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2248.668854][ T7734] FAULT_INJECTION: forcing a failure.
[ 2248.668854][ T7734] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2248.694455][ T7734] CPU: 1 PID: 7734 Comm: syz.2.12331 Not tainted syzkaller #0
[ 2248.702068][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2248.712773][ T7734] Call Trace:
[ 2248.716171][ T7734]  <TASK>
[ 2248.719217][ T7734]  dump_stack_lvl+0x18c/0x250
[ 2248.724142][ T7734]  ? show_regs_print_info+0x20/0x20
[ 2248.729654][ T7734]  ? load_image+0x400/0x400
[ 2248.734353][ T7734]  ? __might_fault+0xaa/0x120
[ 2248.739427][ T7734]  ? __lock_acquire+0x7d40/0x7d40
[ 2248.744710][ T7734]  should_fail_ex+0x39d/0x4d0
[ 2248.749436][ T7734]  _copy_from_user+0x2f/0xe0
[ 2248.754176][ T7734]  dev_ifconf+0xdc/0x310
[ 2248.758569][ T7734]  ? sock_diag_rcv_msg+0x600/0x600
[ 2248.763917][ T7734]  sock_ioctl+0x221/0x7e0
[ 2248.768332][ T7734]  ? sock_poll+0x3e0/0x3e0
[ 2248.772887][ T7734]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2248.777962][ T7734]  ? security_file_ioctl+0x80/0xa0
[ 2248.783202][ T7734]  ? sock_poll+0x3e0/0x3e0
[ 2248.787838][ T7734]  __se_sys_ioctl+0xfd/0x170
[ 2248.792732][ T7734]  do_syscall_64+0x55/0xa0
[ 2248.797194][ T7734]  ? clear_bhb_loop+0x40/0x90
[ 2248.802170][ T7734]  ? clear_bhb_loop+0x40/0x90
[ 2248.807065][ T7734]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2248.813615][ T7734] RIP: 0033:0x7fdf4759c799
[ 2248.818160][ T7734] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2248.839189][ T7734] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2248.847892][ T7734] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2248.855992][ T7734] RDX: 0000200000000080 RSI: 0000000000008912 RDI: 0000000000000004
[ 2248.864695][ T7734] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2248.873583][ T7734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2248.881741][ T7734] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2248.889987][ T7734]  </TASK>
[ 2248.925830][ T7729] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2249.217101][ T7744] netlink: 'syz.2.12337': attribute type 10 has an invalid length.
[ 2249.227657][ T7744] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12337'.
[ 2250.446505][ T7764] FAULT_INJECTION: forcing a failure.
[ 2250.446505][ T7764] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2250.459520][ T7760] netlink: 'syz.0.12342': attribute type 10 has an invalid length.
[ 2250.483330][ T7764] CPU: 1 PID: 7764 Comm: syz.3.12344 Not tainted syzkaller #0
[ 2250.491412][ T7764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2250.502258][ T7764] Call Trace:
[ 2250.505630][ T7764]  <TASK>
[ 2250.508757][ T7764]  dump_stack_lvl+0x18c/0x250
[ 2250.513638][ T7764]  ? show_regs_print_info+0x20/0x20
[ 2250.519136][ T7764]  ? load_image+0x400/0x400
[ 2250.523960][ T7764]  ? __lock_acquire+0x7d40/0x7d40
[ 2250.529149][ T7764]  ? snprintf+0xe9/0x140
[ 2250.534000][ T7764]  should_fail_ex+0x39d/0x4d0
[ 2250.538819][ T7764]  _copy_to_user+0x2f/0xa0
[ 2250.543436][ T7764]  simple_read_from_buffer+0xe7/0x150
[ 2250.548914][ T7764]  proc_fail_nth_read+0x1e8/0x260
[ 2250.553952][ T7764]  ? proc_fault_inject_write+0x360/0x360
[ 2250.561102][ T7764]  ? fsnotify_perm+0x271/0x5e0
[ 2250.566283][ T7764]  ? proc_fault_inject_write+0x360/0x360
[ 2250.572152][ T7764]  vfs_read+0x28b/0x970
[ 2250.576693][ T7764]  ? kernel_read+0x1e0/0x1e0
[ 2250.581731][ T7764]  ? __fget_files+0x28/0x4b0
[ 2250.586689][ T7764]  ? __fget_files+0x28/0x4b0
[ 2250.592155][ T7764]  ? __fget_files+0x43d/0x4b0
[ 2250.597208][ T7764]  ? __fdget_pos+0x2a3/0x330
[ 2250.601995][ T7764]  ? ksys_read+0x75/0x260
[ 2250.606618][ T7764]  ksys_read+0x150/0x260
[ 2250.611825][ T7764]  ? vfs_write+0x990/0x990
[ 2250.616908][ T7764]  ? lockdep_hardirqs_on+0x98/0x150
[ 2250.622710][ T7764]  do_syscall_64+0x55/0xa0
[ 2250.627681][ T7764]  ? clear_bhb_loop+0x40/0x90
[ 2250.632772][ T7764]  ? clear_bhb_loop+0x40/0x90
[ 2250.637907][ T7764]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2250.644030][ T7764] RIP: 0033:0x7f2d3335cfce
[ 2250.648655][ T7764] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2250.669616][ T7764] RSP: 002b:00007f2d341fbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2250.678718][ T7764] RAX: ffffffffffffffda RBX: 00007f2d341fc6c0 RCX: 00007f2d3335cfce
[ 2250.687152][ T7764] RDX: 000000000000000f RSI: 00007f2d341fc0a0 RDI: 0000000000000005
[ 2250.695680][ T7764] RBP: 00007f2d341fc090 R08: 0000000000000000 R09: 0000000000000000
[ 2250.704188][ T7764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2250.712929][ T7764] R13: 00007f2d33616038 R14: 00007f2d33615fa0 R15: 00007ffe8a4475d8
[ 2250.721362][ T7764]  </TASK>
[ 2250.729949][ T7760] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2250.741564][ T7760] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2250.796934][ T7760] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2250.805006][ T7760] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2250.814165][ T7760] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2250.822189][ T7760] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2250.903681][ T7760] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 2250.970476][ T7767] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2251.192653][ T7778] netlink: 'syz.1.12349': attribute type 10 has an invalid length.
[ 2251.202330][ T7778] netlink: 2 bytes leftover after parsing attributes in process `syz.1.12349'.
[ 2251.214125][ T7778] hsr0: entered promiscuous mode
[ 2251.227763][ T7778] bridge0: port 3(hsr0) entered blocking state
[ 2251.239834][ T7778] bridge0: port 3(hsr0) entered disabled state
[ 2251.250507][ T7778] hsr0: entered allmulticast mode
[ 2251.256618][ T7778] hsr_slave_0: entered allmulticast mode
[ 2251.266193][ T7778] hsr_slave_1: entered allmulticast mode
[ 2251.294007][ T7783] FAULT_INJECTION: forcing a failure.
[ 2251.294007][ T7783] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2251.320378][ T2162] wlan1: Trigger new scan to find an IBSS to join
[ 2251.341725][ T7783] CPU: 0 PID: 7783 Comm: syz.2.12351 Not tainted syzkaller #0
[ 2251.349556][ T7783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2251.360260][ T7783] Call Trace:
[ 2251.363653][ T7783]  <TASK>
[ 2251.366881][ T7783]  dump_stack_lvl+0x18c/0x250
[ 2251.371714][ T7783]  ? show_regs_print_info+0x20/0x20
[ 2251.374509][ T7778] bridge0: port 3(hsr0) entered blocking state
[ 2251.377193][ T7783]  ? load_image+0x400/0x400
[ 2251.377234][ T7783]  ? __might_fault+0xaa/0x120
[ 2251.377255][ T7783]  ? __lock_acquire+0x7d40/0x7d40
[ 2251.377281][ T7783]  should_fail_ex+0x39d/0x4d0
[ 2251.377314][ T7783]  _copy_to_user+0x2f/0xa0
[ 2251.377338][ T7783]  bpf_verifier_vlog+0x45c/0x870
[ 2251.377375][ T7783]  __btf_verifier_log+0xe3/0x140
[ 2251.377403][ T7783]  ? btf_check_sec_info+0x350/0x350
[ 2251.384113][ T7778] bridge0: port 3(hsr0) entered forwarding state
[ 2251.388343][ T7783]  ? __lock_acquire+0x7d40/0x7d40
[ 2251.388387][ T7783]  ? btf_parse_hdr+0x1f5/0x710
[ 2251.388411][ T7783]  btf_parse_hdr+0x3b6/0x710
[ 2251.388439][ T7783]  btf_new_fd+0x397/0x9f0
[ 2251.388469][ T7783]  ? bpf_btf_show_fdinfo+0x80/0x80
[ 2251.388492][ T7783]  ? capable+0x88/0xe0
[ 2251.388520][ T7783]  __sys_bpf+0x670/0x890
[ 2251.388544][ T7783]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2251.388576][ T7783]  ? lock_chain_count+0x20/0x20
[ 2251.388606][ T7783]  __x64_sys_bpf+0x7c/0x90
[ 2251.388626][ T7783]  do_syscall_64+0x55/0xa0
[ 2251.388650][ T7783]  ? clear_bhb_loop+0x40/0x90
[ 2251.388673][ T7783]  ? clear_bhb_loop+0x40/0x90
[ 2251.388696][ T7783]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2251.388716][ T7783] RIP: 0033:0x7fdf4759c799
[ 2251.388736][ T7783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2251.388753][ T7783] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2251.388775][ T7783] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2251.544782][ T7783] RDX: 0000000000000028 RSI: 0000200000000000 RDI: 0000000000000012
[ 2251.553606][ T7783] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2251.561714][ T7783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2251.569940][ T7783] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2251.578158][ T7783]  </TASK>
[ 2252.526898][ T7813] netlink: 'syz.3.12359': attribute type 10 has an invalid length.
[ 2252.544215][ T7813] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2252.552481][ T7813] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2252.578901][ T7813] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2252.586912][ T7813] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2252.587528][ T7811] netlink: 'syz.1.12358': attribute type 9 has an invalid length.
[ 2252.594523][ T7813] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2252.594648][ T7813] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2252.628219][ T7811] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.12358'.
[ 2252.652277][ T7813] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 2252.738041][ T7816] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.12358'.
[ 2252.781128][ T7818] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2252.811491][ T7820] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2252.833803][ T7816] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[ 2252.860141][ T7820] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2253.231762][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2253.557729][ T7820] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2253.580046][ T7820] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2253.798794][ T7826] netlink: 'syz.3.12363': attribute type 1 has an invalid length.
[ 2253.809992][ T7826] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.12363'.
[ 2253.938300][ T7829] netlink: 'syz.2.12364': attribute type 10 has an invalid length.
[ 2253.954970][ T7829] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12364'.
[ 2255.192260][ T7853] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2255.230473][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2255.656234][ T7868] netlink: 'syz.2.12379': attribute type 10 has an invalid length.
[ 2255.666524][ T7868] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12379'.
[ 2256.270557][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2256.318776][ T7873] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12388'.
[ 2256.329714][ T7873] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2256.436888][ T7878] netlink: 'syz.1.12382': attribute type 7 has an invalid length.
[ 2256.478073][ T7878] netlink: 176 bytes leftover after parsing attributes in process `syz.1.12382'.
[ 2256.519955][ T7879] netlink: 'syz.1.12382': attribute type 10 has an invalid length.
[ 2257.232209][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2257.384504][ T7622] wlan1: Creating new IBSS network, BSSID 6a:cd:69:f8:77:24
[ 2257.394618][ T7879] veth0_macvtap: left promiscuous mode
[ 2257.673167][ T7893] netlink: 'syz.0.12386': attribute type 10 has an invalid length.
[ 2257.703427][ T7893] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2257.711743][ T7893] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2257.818866][ T7897] netlink: 'syz.3.12390': attribute type 10 has an invalid length.
[ 2257.831294][ T7897] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12390'.
[ 2257.862791][ T7897] hsr0: entered promiscuous mode
[ 2257.872769][ T7897] bridge0: port 3(hsr0) entered blocking state
[ 2257.889144][ T7897] bridge0: port 3(hsr0) entered disabled state
[ 2257.891823][ T7901] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.12392'.
[ 2257.899696][ T7897] hsr0: entered allmulticast mode
[ 2257.910531][ T7901] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2257.928039][ T7897] hsr_slave_0: entered allmulticast mode
[ 2257.935345][ T7897] hsr_slave_1: entered allmulticast mode
[ 2258.011192][ T7904] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12401'.
[ 2258.021427][ T7904] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2258.044431][ T7897] bridge0: port 3(hsr0) entered blocking state
[ 2258.052571][ T7897] bridge0: port 3(hsr0) entered forwarding state
[ 2258.271611][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2259.185923][ T7914] netlink: 'syz.0.12396': attribute type 10 has an invalid length.
[ 2259.295167][ T7918] netlink: 'syz.3.12399': attribute type 10 has an invalid length.
[ 2259.318190][ T7918] bridge0: port 3(hsr0) entered disabled state
[ 2259.325847][ T7918] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2259.335421][ T7918] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2259.387642][ T7920] netlink: 'syz.2.12402': attribute type 10 has an invalid length.
[ 2259.409744][ T7920] bridge0: port 3(hsr0) entered disabled state
[ 2259.416781][ T7920] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2259.424931][ T7920] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2259.478704][ T7920] bond0: (slave bridge0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2259.498891][ T7920] bridge0: port 3(hsr0) entered blocking state
[ 2259.505700][ T7920] bridge0: port 3(hsr0) entered forwarding state
[ 2259.512592][ T7920] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2259.520075][ T7920] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2259.527632][ T7920] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2259.535420][ T7920] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2259.552268][ T7920] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 2259.594556][ T7930] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12404'.
[ 2259.594977][ T7924] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2259.630179][ T7930] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2259.961575][ T7943] netlink: 'syz.1.12408': attribute type 10 has an invalid length.
[ 2260.863953][ T7958] netlink: 'syz.2.12412': attribute type 21 has an invalid length.
[ 2260.957341][ T7960] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12413'.
[ 2260.986060][ T7960] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2261.056618][ T7967] netlink: 'syz.1.12415': attribute type 10 has an invalid length.
[ 2261.078063][ T7967] bridge0: port 3(hsr0) entered disabled state
[ 2261.084795][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2261.092393][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2261.232396][ T2162] wlan1: Trigger new scan to find an IBSS to join
[ 2261.310370][T26494] wlan1: Trigger new scan to find an IBSS to join
[ 2262.240350][T26494] wlan1: Creating new IBSS network, BSSID f6:a4:18:47:34:be
[ 2262.404230][ T7996] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12427'.
[ 2262.436996][ T7996] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2262.541191][ T8001] netlink: 'syz.2.12429': attribute type 10 has an invalid length.
[ 2263.568156][ T8022] netlink: 'syz.3.12434': attribute type 10 has an invalid length.
[ 2263.786800][ T8025] netlink: 'syz.2.12444': attribute type 10 has an invalid length.
[ 2263.807280][ T8025] bridge0: port 3(hsr0) entered disabled state
[ 2263.815118][ T8025] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2263.824056][ T8025] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2263.888582][ T8027] netlink: 'syz.3.12436': attribute type 10 has an invalid length.
[ 2263.898274][ T8027] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12436'.
[ 2264.091882][ T8035] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12440'.
[ 2264.140014][ T8035] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2264.155878][ T8033] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2264.251063][ T8037] netlink: 'syz.3.12441': attribute type 10 has an invalid length.
[ 2264.269044][ T8037] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12441'.
[ 2265.090918][ T8043] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2265.234865][ T8061] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12448'.
[ 2265.260160][ T8061] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12448'.
[ 2265.280386][ T8060] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12448'.
[ 2265.357949][ T8065] netlink: 'syz.1.12450': attribute type 10 has an invalid length.
[ 2265.459839][ T8069] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12452'.
[ 2265.474189][ T8069] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2265.575701][ T8073] FAULT_INJECTION: forcing a failure.
[ 2265.575701][ T8073] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2265.596664][ T8073] CPU: 1 PID: 8073 Comm: syz.1.12454 Not tainted syzkaller #0
[ 2265.604562][ T8073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2265.615358][ T8073] Call Trace:
[ 2265.618680][ T8073]  <TASK>
[ 2265.621897][ T8073]  dump_stack_lvl+0x18c/0x250
[ 2265.626798][ T8073]  ? show_regs_print_info+0x20/0x20
[ 2265.632292][ T8073]  ? load_image+0x400/0x400
[ 2265.636930][ T8073]  ? __lock_acquire+0x7d40/0x7d40
[ 2265.642314][ T8073]  should_fail_ex+0x39d/0x4d0
[ 2265.647447][ T8073]  _copy_from_user+0x2f/0xe0
[ 2265.652362][ T8073]  __copy_msghdr+0x3bb/0x580
[ 2265.657194][ T8073]  ___sys_sendmsg+0x214/0x360
[ 2265.662004][ T8073]  ? get_pid_task+0x20/0x1e0
[ 2265.666982][ T8073]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2265.671882][ T8073]  ? __lock_acquire+0x7d40/0x7d40
[ 2265.677115][ T8073]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2265.682075][ T8073]  ? __x64_sys_sendmsg+0x80/0x80
[ 2265.687063][ T8073]  ? lockdep_hardirqs_on+0x98/0x150
[ 2265.692289][ T8073]  do_syscall_64+0x55/0xa0
[ 2265.696978][ T8073]  ? clear_bhb_loop+0x40/0x90
[ 2265.701841][ T8073]  ? clear_bhb_loop+0x40/0x90
[ 2265.706925][ T8073]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2265.713043][ T8073] RIP: 0033:0x7ff53399c799
[ 2265.717763][ T8073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2265.738355][ T8073] RSP: 002b:00007ff534871028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2265.747573][ T8073] RAX: ffffffffffffffda RBX: 00007ff533c15fa0 RCX: 00007ff53399c799
[ 2265.755819][ T8073] RDX: 0000000040005000 RSI: 0000200000001780 RDI: 0000000000000004
[ 2265.764049][ T8073] RBP: 00007ff534871090 R08: 0000000000000000 R09: 0000000000000000
[ 2265.772511][ T8073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2265.780581][ T8073] R13: 00007ff533c16038 R14: 00007ff533c15fa0 R15: 00007fff9e4a30a8
[ 2265.788774][ T8073]  </TASK>
[ 2265.973872][ T8078] netlink: 'syz.2.12457': attribute type 10 has an invalid length.
[ 2265.988192][ T8078] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12457'.
[ 2266.274766][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2266.726323][ T8077] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2266.967893][ T8098] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12464'.
[ 2267.000504][ T8098] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2267.149371][ T8105] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2267.310283][ T2162] wlan1: Trigger new scan to find an IBSS to join
[ 2267.355997][ T8114] FAULT_INJECTION: forcing a failure.
[ 2267.355997][ T8114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2267.369790][ T8114] CPU: 0 PID: 8114 Comm: syz.3.12471 Not tainted syzkaller #0
[ 2267.377551][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2267.388083][ T8114] Call Trace:
[ 2267.391429][ T8114]  <TASK>
[ 2267.394561][ T8114]  dump_stack_lvl+0x18c/0x250
[ 2267.399438][ T8114]  ? show_regs_print_info+0x20/0x20
[ 2267.404924][ T8114]  ? load_image+0x400/0x400
[ 2267.409718][ T8114]  ? __might_fault+0xaa/0x120
[ 2267.414858][ T8114]  ? __lock_acquire+0x7d40/0x7d40
[ 2267.420851][ T8114]  should_fail_ex+0x39d/0x4d0
[ 2267.425885][ T8114]  _copy_from_iter+0x1d9/0x12e0
[ 2267.431817][ T8114]  ? slab_post_alloc_hook+0x8a/0x4b0
[ 2267.437216][ T8114]  ? __virt_addr_valid+0x18c/0x540
[ 2267.442782][ T8114]  ? __lock_acquire+0x7d40/0x7d40
[ 2267.447834][ T8114]  ? rcu_is_watching+0x15/0xb0
[ 2267.453175][ T8114]  ? copyout_mc+0x70/0x70
[ 2267.457713][ T8114]  ? __virt_addr_valid+0x18c/0x540
[ 2267.464047][ T8114]  ? __virt_addr_valid+0x18c/0x540
[ 2267.469639][ T8114]  ? __virt_addr_valid+0x469/0x540
[ 2267.475133][ T8114]  ? __check_object_size+0x506/0xa20
[ 2267.481019][ T8114]  netlink_sendmsg+0x76b/0xbf0
[ 2267.487141][ T8114]  ? netlink_getsockopt+0x590/0x590
[ 2267.493376][ T8114]  ? aa_sock_msg_perm+0x94/0x150
[ 2267.499387][ T8114]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2267.505664][ T8114]  ? security_socket_sendmsg+0x80/0xa0
[ 2267.511791][ T8114]  ? netlink_getsockopt+0x590/0x590
[ 2267.517435][ T8114]  ____sys_sendmsg+0x5ba/0x960
[ 2267.522450][ T8114]  ? __asan_memset+0x22/0x40
[ 2267.527444][ T8114]  ? __sys_sendmsg_sock+0x30/0x30
[ 2267.532684][ T8114]  ? __import_iovec+0x5f2/0x850
[ 2267.538367][ T8114]  ? import_iovec+0x73/0xa0
[ 2267.544521][ T8114]  ___sys_sendmsg+0x2a6/0x360
[ 2267.549672][ T8114]  ? get_pid_task+0x20/0x1e0
[ 2267.554869][ T8114]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2267.560176][ T8114]  ? __lock_acquire+0x7d40/0x7d40
[ 2267.565257][ T8114]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2267.570931][ T8114]  ? __x64_sys_sendmsg+0x80/0x80
[ 2267.576436][ T8114]  ? lockdep_hardirqs_on+0x98/0x150
[ 2267.582217][ T8114]  do_syscall_64+0x55/0xa0
[ 2267.586861][ T8114]  ? clear_bhb_loop+0x40/0x90
[ 2267.591657][ T8114]  ? clear_bhb_loop+0x40/0x90
[ 2267.596681][ T8114]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2267.603060][ T8114] RIP: 0033:0x7f2d3339c799
[ 2267.608617][ T8114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2267.631284][ T8114] RSP: 002b:00007f2d341fc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2267.642214][ T8114] RAX: ffffffffffffffda RBX: 00007f2d33615fa0 RCX: 00007f2d3339c799
[ 2267.650642][ T8114] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 2267.660082][ T8114] RBP: 00007f2d341fc090 R08: 0000000000000000 R09: 0000000000000000
[ 2267.668511][ T8114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2267.676676][ T8114] R13: 00007f2d33616038 R14: 00007f2d33615fa0 R15: 00007ffe8a4475d8
[ 2267.685551][ T8114]  </TASK>
[ 2267.768533][ T8115] netlink: 'syz.0.12469': attribute type 10 has an invalid length.
[ 2267.798931][ T8119] FAULT_INJECTION: forcing a failure.
[ 2267.798931][ T8119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2267.817172][ T8119] CPU: 0 PID: 8119 Comm: syz.3.12472 Not tainted syzkaller #0
[ 2267.825223][ T8119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2267.835518][ T8119] Call Trace:
[ 2267.839337][ T8119]  <TASK>
[ 2267.842291][ T8119]  dump_stack_lvl+0x18c/0x250
[ 2267.847166][ T8119]  ? show_regs_print_info+0x20/0x20
[ 2267.852600][ T8119]  ? load_image+0x400/0x400
[ 2267.857385][ T8119]  ? __lock_acquire+0x7d40/0x7d40
[ 2267.862956][ T8119]  ? snprintf+0xe9/0x140
[ 2267.867328][ T8119]  should_fail_ex+0x39d/0x4d0
[ 2267.872219][ T8119]  _copy_to_user+0x2f/0xa0
[ 2267.877434][ T8119]  simple_read_from_buffer+0xe7/0x150
[ 2267.883298][ T8119]  proc_fail_nth_read+0x1e8/0x260
[ 2267.888642][ T8119]  ? proc_fault_inject_write+0x360/0x360
[ 2267.894842][ T8119]  ? fsnotify_perm+0x271/0x5e0
[ 2267.899832][ T8119]  ? proc_fault_inject_write+0x360/0x360
[ 2267.905686][ T8119]  vfs_read+0x28b/0x970
[ 2267.910228][ T8119]  ? kernel_read+0x1e0/0x1e0
[ 2267.915984][ T8119]  ? __fget_files+0x28/0x4b0
[ 2267.921309][ T8119]  ? __fget_files+0x28/0x4b0
[ 2267.926359][ T8119]  ? __fget_files+0x43d/0x4b0
[ 2267.932148][ T8119]  ? __fdget_pos+0x2a3/0x330
[ 2267.936868][ T8119]  ? ksys_read+0x75/0x260
[ 2267.941830][ T8119]  ksys_read+0x150/0x260
[ 2267.947179][ T8119]  ? vfs_write+0x990/0x990
[ 2267.952156][ T8119]  ? lockdep_hardirqs_on+0x98/0x150
[ 2267.958163][ T8119]  do_syscall_64+0x55/0xa0
[ 2267.962852][ T8119]  ? clear_bhb_loop+0x40/0x90
[ 2267.967615][ T8119]  ? clear_bhb_loop+0x40/0x90
[ 2267.972638][ T8119]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2267.979089][ T8119] RIP: 0033:0x7f2d3335cfce
[ 2267.983514][ T8119] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2268.004363][ T8119] RSP: 002b:00007f2d341fbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2268.013092][ T8119] RAX: ffffffffffffffda RBX: 00007f2d341fc6c0 RCX: 00007f2d3335cfce
[ 2268.021499][ T8119] RDX: 000000000000000f RSI: 00007f2d341fc0a0 RDI: 0000000000000006
[ 2268.029816][ T8119] RBP: 00007f2d341fc090 R08: 0000000000000000 R09: 0000000000000000
[ 2268.038932][ T8119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2268.047184][ T8119] R13: 00007f2d33616038 R14: 00007f2d33615fa0 R15: 00007ffe8a4475d8
[ 2268.055782][ T8119]  </TASK>
[ 2268.236384][ T8128] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12475'.
[ 2268.270496][ T8128] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2268.547946][ T8140] netlink: 'syz.2.12479': attribute type 9 has an invalid length.
[ 2268.570001][ T8140] netlink: 49779 bytes leftover after parsing attributes in process `syz.2.12479'.
[ 2268.597769][ T8139] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2269.310091][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2269.317567][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2269.709331][ T8151] netlink: 'syz.3.12484': attribute type 10 has an invalid length.
[ 2269.733228][ T8156] netlink: 'syz.1.12487': attribute type 10 has an invalid length.
[ 2269.853621][ T8159] netlink: 192436 bytes leftover after parsing attributes in process `syz.2.12488'.
[ 2269.865865][ T8159] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2270.092061][ T8169] netlink: 'syz.2.12493': attribute type 10 has an invalid length.
[ 2270.101648][ T8169] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12493'.
[ 2270.206091][ T8173] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.12494'.
[ 2270.290164][ T8173] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[ 2270.315891][ T8173] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 2270.867610][ T8173] veth1_to_bridge: entered promiscuous mode
[ 2270.900734][ T8173] veth1_to_bridge: entered allmulticast mode
[ 2270.913812][ T8175] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12494'.
[ 2271.004043][ T8183] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2271.296964][ T8195] netlink: 'syz.1.12500': attribute type 6 has an invalid length.
[ 2271.315639][ T8195] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.12500'.
[ 2271.358926][ T8201] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12501'.
[ 2271.390055][ T8201] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2271.447161][ T8192] netlink: 176 bytes leftover after parsing attributes in process `syz.2.12498'.
[ 2271.676684][ T8209] netlink: 'syz.0.12505': attribute type 10 has an invalid length.
[ 2271.688384][ T8209] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12505'.
[ 2271.703864][ T8209] hsr0: entered promiscuous mode
[ 2271.716439][ T8209] bridge0: port 3(hsr0) entered blocking state
[ 2271.741010][ T8209] bridge0: port 3(hsr0) entered disabled state
[ 2271.762829][ T8209] hsr0: entered allmulticast mode
[ 2271.768772][ T8209] hsr_slave_0: entered allmulticast mode
[ 2271.782932][ T8209] hsr_slave_1: entered allmulticast mode
[ 2271.880861][ T8214] netlink: 'syz.3.12504': attribute type 10 has an invalid length.
[ 2272.270535][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2272.334759][ T8214] 8021q: adding VLAN 0 to HW filter on device team0
[ 2272.358594][ T8214] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2272.663203][ T8222] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2272.891736][ T8231] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12512'.
[ 2272.912919][ T8231] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2273.144568][ T8240] Ÿë
: port 2(veth0_to_team) entered blocking state
[ 2273.156083][ T8240] Ÿë
: port 2(veth0_to_team) entered disabled state
[ 2273.164549][ T8240] veth0_to_team: entered allmulticast mode
[ 2273.176009][ T8240] veth0_to_team: entered promiscuous mode
[ 2273.188001][ T8241] netlink: 'syz.3.12517': attribute type 10 has an invalid length.
[ 2273.204437][ T8241] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12517'.
[ 2273.230434][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2273.310403][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2274.057987][ T8247] netlink: 'syz.1.12518': attribute type 10 has an invalid length.
[ 2274.071909][ T8247] netlink: 2 bytes leftover after parsing attributes in process `syz.1.12518'.
[ 2274.838126][ T7622] wlan1: Creating new IBSS network, BSSID 02:0e:44:be:de:80
[ 2275.036408][ T8255] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2275.333588][ T8269] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12525'.
[ 2275.364837][ T8269] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2275.411019][ T8275] netlink: 209592 bytes leftover after parsing attributes in process `syz.1.12529'.
[ 2275.426110][ T8275] netlink: zone id is out of range
[ 2275.627479][ T8273] netlink: 176 bytes leftover after parsing attributes in process `syz.3.12528'.
[ 2275.730572][ T8281] netlink: 'syz.0.12530': attribute type 10 has an invalid length.
[ 2276.151756][ T8294] netlink: 'syz.2.12534': attribute type 10 has an invalid length.
[ 2276.281791][ T8296] netlink: 'syz.3.12536': attribute type 10 has an invalid length.
[ 2276.626749][ T8305] __nla_validate_parse: 2 callbacks suppressed
[ 2276.626769][ T8305] netlink: 192436 bytes leftover after parsing attributes in process `syz.1.12538'.
[ 2276.652992][ T8300] netlink: 'syz.2.12537': attribute type 10 has an invalid length.
[ 2276.677381][ T8300] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12537'.
[ 2276.705008][ T8305] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2276.953955][ T8320] netlink: 'syz.2.12544': attribute type 10 has an invalid length.
[ 2276.970219][ T8320] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12544'.
[ 2277.200625][ T8324] netlink: 'syz.1.12545': attribute type 10 has an invalid length.
[ 2277.231141][T26494] wlan1: Trigger new scan to find an IBSS to join
[ 2277.238304][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2277.267262][ T8319] netlink: 176 bytes leftover after parsing attributes in process `syz.0.12543'.
[ 2277.310125][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2277.468715][ T8330] netlink: 'syz.3.12548': attribute type 10 has an invalid length.
[ 2277.482729][ T8330] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12548'.
[ 2278.392771][ T8353] TCP: TCP_TX_DELAY enabled
[ 2278.457247][ T8354] FAULT_INJECTION: forcing a failure.
[ 2278.457247][ T8354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2278.516007][ T8354] CPU: 1 PID: 8354 Comm: syz.2.12554 Not tainted syzkaller #0
[ 2278.523990][ T8354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2278.534449][ T8354] Call Trace:
[ 2278.537766][ T8354]  <TASK>
[ 2278.541082][ T8354]  dump_stack_lvl+0x18c/0x250
[ 2278.546342][ T8354]  ? show_regs_print_info+0x20/0x20
[ 2278.551700][ T8354]  ? load_image+0x400/0x400
[ 2278.556378][ T8354]  ? __might_fault+0xaa/0x120
[ 2278.561707][ T8354]  ? __lock_acquire+0x7d40/0x7d40
[ 2278.566987][ T8354]  should_fail_ex+0x39d/0x4d0
[ 2278.572220][ T8354]  _copy_from_user+0x2f/0xe0
[ 2278.577190][ T8354]  __sys_bpf+0x23e/0x890
[ 2278.581501][ T8354]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2278.587148][ T8354]  ? lock_chain_count+0x20/0x20
[ 2278.592172][ T8354]  __x64_sys_bpf+0x7c/0x90
[ 2278.596726][ T8354]  do_syscall_64+0x55/0xa0
[ 2278.601187][ T8354]  ? clear_bhb_loop+0x40/0x90
[ 2278.606077][ T8354]  ? clear_bhb_loop+0x40/0x90
[ 2278.610899][ T8354]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2278.617281][ T8354] RIP: 0033:0x7fdf4759c799
[ 2278.621828][ T8354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2278.642091][ T8354] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2278.650876][ T8354] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2278.658947][ T8354] RDX: 0000000000000050 RSI: 0000200000000100 RDI: 000000000000000a
[ 2278.667373][ T8354] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2278.675363][ T8354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2278.683436][ T8354] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2278.691995][ T8354]  </TASK>
[ 2279.077014][ T8346] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2279.090309][T26481] wlan1: Creating new IBSS network, BSSID 02:14:5c:24:69:41
[ 2279.276562][ T8358] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2279.705582][ T8362] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2279.819636][ T8368] netlink: 'syz.1.12556': attribute type 10 has an invalid length.
[ 2279.859162][ T8368] netlink: 2 bytes leftover after parsing attributes in process `syz.1.12556'.
[ 2279.869502][ T8375] netlink: 'syz.0.12559': attribute type 10 has an invalid length.
[ 2279.878604][ T8375] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12559'.
[ 2280.477528][ T8386] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.12563'.
[ 2280.592846][ T8390] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12565'.
[ 2280.642122][ T8388] netlink: 'syz.0.12565': attribute type 3 has an invalid length.
[ 2280.669994][ T8388] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.12565'.
[ 2281.230287][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2281.483691][ T8395] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2281.796625][ T8411] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2281.906468][ T8413] netlink: 'syz.3.12572': attribute type 10 has an invalid length.
[ 2281.917212][ T8413] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12572'.
[ 2282.277750][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2282.285613][ T8418] netlink: 'syz.0.12581': attribute type 10 has an invalid length.
[ 2282.301040][ T8418] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12581'.
[ 2282.358773][ T8422] netlink: 'syz.3.12573': attribute type 10 has an invalid length.
[ 2282.380493][ T8422] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12573'.
[ 2282.926336][ T8438] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2282.984190][ T8444] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.12583'.
[ 2283.235367][ T8442] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2283.455512][ T8459] netlink: 'syz.0.12588': attribute type 10 has an invalid length.
[ 2283.472687][ T8459] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12588'.
[ 2283.521411][ T8464] netlink: 'syz.1.12590': attribute type 19 has an invalid length.
[ 2283.618512][ T8464] netlink: 'syz.1.12590': attribute type 19 has an invalid length.
[ 2283.636580][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.643322][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.798045][ T8470] Ÿë
: port 2(veth0_to_team) entered blocking state
[ 2283.815608][ T8470] Ÿë
: port 2(veth0_to_team) entered disabled state
[ 2283.841172][ T8470] veth0_to_team: entered allmulticast mode
[ 2283.880767][ T8470] veth0_to_team: entered promiscuous mode
[ 2284.011312][ T8481] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2284.049680][ T8479] netlink: 'syz.0.12602': attribute type 10 has an invalid length.
[ 2284.071226][ T8479] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12602'.
[ 2284.271200][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2284.465831][ T8489] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2284.555111][ T8493] netlink: 'syz.2.12597': attribute type 10 has an invalid length.
[ 2284.758402][ T8498] netlink: 'syz.3.12600': attribute type 10 has an invalid length.
[ 2284.774763][ T8498] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12600'.
[ 2284.803738][ T8496] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2285.103321][ T8511] netlink: 140 bytes leftover after parsing attributes in process `syz.2.12604'.
[ 2285.251762][ T8510] netlink: 'syz.0.12605': attribute type 10 has an invalid length.
[ 2285.270728][ T8510] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12605'.
[ 2285.502489][ T8523] FAULT_INJECTION: forcing a failure.
[ 2285.502489][ T8523] name failslab, interval 1, probability 0, space 0, times 0
[ 2285.536287][ T8523] CPU: 1 PID: 8523 Comm: syz.2.12609 Not tainted syzkaller #0
[ 2285.545497][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2285.556567][ T8523] Call Trace:
[ 2285.559994][ T8523]  <TASK>
[ 2285.563238][ T8523]  dump_stack_lvl+0x18c/0x250
[ 2285.568325][ T8523]  ? show_regs_print_info+0x20/0x20
[ 2285.574298][ T8523]  ? load_image+0x400/0x400
[ 2285.579981][ T8523]  ? __might_sleep+0xe0/0xe0
[ 2285.585116][ T8523]  ? __lock_acquire+0x7d40/0x7d40
[ 2285.590619][ T8523]  should_fail_ex+0x39d/0x4d0
[ 2285.596049][ T8523]  should_failslab+0x9/0x20
[ 2285.600956][ T8523]  slab_pre_alloc_hook+0x59/0x310
[ 2285.607115][ T8523]  ? __lock_acquire+0x7d40/0x7d40
[ 2285.612628][ T8523]  kmem_cache_alloc_node+0x60/0x320
[ 2285.618588][ T8523]  ? __alloc_skb+0x103/0x2c0
[ 2285.624209][ T8523]  __alloc_skb+0x103/0x2c0
[ 2285.630578][ T8523]  netlink_sendmsg+0x66a/0xbf0
[ 2285.636436][ T8523]  ? netlink_getsockopt+0x590/0x590
[ 2285.642246][ T8523]  ? aa_sock_msg_perm+0x94/0x150
[ 2285.647793][ T8523]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2285.654470][ T8523]  ? security_socket_sendmsg+0x80/0xa0
[ 2285.660415][ T8523]  ? netlink_getsockopt+0x590/0x590
[ 2285.665925][ T8523]  ____sys_sendmsg+0x5ba/0x960
[ 2285.671089][ T8523]  ? __asan_memset+0x22/0x40
[ 2285.676067][ T8523]  ? __sys_sendmsg_sock+0x30/0x30
[ 2285.681123][ T8523]  ? __import_iovec+0x5f2/0x850
[ 2285.686077][ T8523]  ? import_iovec+0x73/0xa0
[ 2285.690853][ T8523]  ___sys_sendmsg+0x2a6/0x360
[ 2285.695825][ T8523]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2285.701139][ T8523]  ? __lock_acquire+0x7d40/0x7d40
[ 2285.706316][ T8523]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2285.711280][ T8523]  ? __x64_sys_sendmsg+0x80/0x80
[ 2285.716626][ T8523]  ? lockdep_hardirqs_on+0x98/0x150
[ 2285.722255][ T8523]  do_syscall_64+0x55/0xa0
[ 2285.727174][ T8523]  ? clear_bhb_loop+0x40/0x90
[ 2285.732178][ T8523]  ? clear_bhb_loop+0x40/0x90
[ 2285.737322][ T8523]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2285.743550][ T8523] RIP: 0033:0x7fdf4759c799
[ 2285.748403][ T8523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2285.770566][ T8523] RSP: 002b:00007fdf4844e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2285.781227][ T8523] RAX: ffffffffffffffda RBX: 00007fdf47815fa0 RCX: 00007fdf4759c799
[ 2285.789243][ T8523] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 2285.797408][ T8523] RBP: 00007fdf4844e090 R08: 0000000000000000 R09: 0000000000000000
[ 2285.805819][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2285.813853][ T8523] R13: 00007fdf47816038 R14: 00007fdf47815fa0 R15: 00007ffe1b2a86c8
[ 2285.822193][ T8523]  </TASK>
[ 2285.837826][T12379] Bluetooth: hci4: command 0x0406 tx timeout
[ 2285.959051][ T8529] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2286.119491][ T8537] sctp: [Deprecated]: syz.2.12615 (pid 8537) Use of int in maxseg socket option.
[ 2286.119491][ T8537] Use struct sctp_assoc_value instead
[ 2286.200277][ T8539] Ÿë
: port 1(veth0_to_team) entered blocking state
[ 2286.211930][ T8539] Ÿë
: port 1(veth0_to_team) entered disabled state
[ 2286.220626][ T8539] veth0_to_team: entered allmulticast mode
[ 2286.236152][ T8539] veth0_to_team: entered promiscuous mode
[ 2286.300660][ T8544] netlink: 140 bytes leftover after parsing attributes in process `syz.1.12616'.
[ 2287.153275][ T8562] validate_nla: 2 callbacks suppressed
[ 2287.153316][ T8562] netlink: 'syz.3.12623': attribute type 10 has an invalid length.
[ 2287.208646][ T8565] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2287.313400][T26494] wlan1: Trigger new scan to find an IBSS to join
[ 2287.323589][ T7622] wlan1: Trigger new scan to find an IBSS to join
[ 2287.494047][ T8578] __nla_validate_parse: 1 callbacks suppressed
[ 2287.494072][ T8578] netlink: 140 bytes leftover after parsing attributes in process `syz.1.12627'.
[ 2287.749305][ T8585] netlink: 668 bytes leftover after parsing attributes in process `syz.3.12630'.
[ 2287.769281][ T8585] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[ 2287.775349][ T8588] netlink: 'syz.2.12631': attribute type 10 has an invalid length.
[ 2287.788261][ T8585] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 2287.802999][ T8588] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12631'.
[ 2288.535053][T26481] wlan1: Creating new IBSS network, BSSID be:72:d3:49:74:97
[ 2288.648305][ T8602] FAULT_INJECTION: forcing a failure.
[ 2288.648305][ T8602] name failslab, interval 1, probability 0, space 0, times 0
[ 2288.676257][ T8602] CPU: 1 PID: 8602 Comm: syz.0.12636 Not tainted syzkaller #0
[ 2288.683987][ T8602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2288.694447][ T8602] Call Trace:
[ 2288.697944][ T8602]  <TASK>
[ 2288.701090][ T8602]  dump_stack_lvl+0x18c/0x250
[ 2288.705914][ T8602]  ? show_regs_print_info+0x20/0x20
[ 2288.711347][ T8602]  ? load_image+0x400/0x400
[ 2288.715919][ T8602]  ? __might_sleep+0xe0/0xe0
[ 2288.720545][ T8602]  ? __lock_acquire+0x7d40/0x7d40
[ 2288.725780][ T8602]  should_fail_ex+0x39d/0x4d0
[ 2288.730781][ T8602]  should_failslab+0x9/0x20
[ 2288.735875][ T8602]  slab_pre_alloc_hook+0x59/0x310
[ 2288.741034][ T8602]  ? kvmalloc_node+0x70/0x180
[ 2288.745857][ T8602]  ? kvmalloc_node+0x70/0x180
[ 2288.750663][ T8602]  __kmem_cache_alloc_node+0x53/0x250
[ 2288.756282][ T8602]  ? kvmalloc_node+0x70/0x180
[ 2288.761187][ T8602]  __kmalloc_node+0xa4/0x230
[ 2288.765920][ T8602]  kvmalloc_node+0x70/0x180
[ 2288.770557][ T8602]  bpf_test_run_xdp_live+0x1e9/0x1b20
[ 2288.775971][ T8602]  ? 0xffffffffa0004740
[ 2288.780313][ T8602]  ? 0xffffffffa0004740
[ 2288.785100][ T8602]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 2288.791007][ T8602]  ? 0xffffffffa0004740
[ 2288.795183][ T8602]  ? xdp_convert_md_to_buff+0x330/0x330
[ 2288.800898][ T8602]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 2288.807269][ T8602]  ? _copy_from_user+0xa5/0xe0
[ 2288.812337][ T8602]  ? bpf_test_init+0x119/0x140
[ 2288.817139][ T8602]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 2288.822711][ T8602]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 2288.828400][ T8602]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2288.834781][ T8602]  ? lockdep_hardirqs_on+0x98/0x150
[ 2288.840276][ T8602]  ? dev_put+0x80/0x80
[ 2288.844384][ T8602]  ? bpf_prog_test_run+0x27a/0x390
[ 2288.849517][ T8602]  ? dev_put+0x80/0x80
[ 2288.853619][ T8602]  bpf_prog_test_run+0x321/0x390
[ 2288.858773][ T8602]  __sys_bpf+0x49d/0x890
[ 2288.863141][ T8602]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2288.868832][ T8602]  ? lock_chain_count+0x20/0x20
[ 2288.873924][ T8602]  __x64_sys_bpf+0x7c/0x90
[ 2288.878668][ T8602]  do_syscall_64+0x55/0xa0
[ 2288.883327][ T8602]  ? clear_bhb_loop+0x40/0x90
[ 2288.888321][ T8602]  ? clear_bhb_loop+0x40/0x90
[ 2288.893160][ T8602]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2288.899272][ T8602] RIP: 0033:0x7f07b459c799
[ 2288.903900][ T8602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2288.924161][ T8602] RSP: 002b:00007f07b543c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2288.933265][ T8602] RAX: ffffffffffffffda RBX: 00007f07b4815fa0 RCX: 00007f07b459c799
[ 2288.941271][ T8602] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2288.949893][ T8602] RBP: 00007f07b543c090 R08: 0000000000000000 R09: 0000000000000000
[ 2288.958198][ T8602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2288.966455][ T8602] R13: 00007f07b4816038 R14: 00007f07b4815fa0 R15: 00007ffe93598748
[ 2288.974639][ T8602]  </TASK>
[ 2289.002345][ T8604] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2289.040535][ T8600] netlink: 'syz.1.12635': attribute type 10 has an invalid length.
[ 2289.137670][ T8620] netlink: 140 bytes leftover after parsing attributes in process `syz.2.12641'.
[ 2289.312541][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2289.426908][ T8621] netlink: 'syz.0.12640': attribute type 1 has an invalid length.
[ 2289.515470][ T8621] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.12640'.
[ 2289.526773][ T8621] netlink: 'syz.0.12640': attribute type 1 has an invalid length.
[ 2289.723621][ T8633] netlink: 'syz.2.12645': attribute type 10 has an invalid length.
[ 2289.739224][ T8633] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12645'.
[ 2290.484011][ T8641] netlink: 180 bytes leftover after parsing attributes in process `syz.3.12648'.
[ 2290.598986][ T8638] mac80211_hwsim hwsim87 wlan0: entered promiscuous mode
[ 2290.619259][ T8638] mac80211_hwsim hwsim87 wlan0: entered allmulticast mode
[ 2290.673515][ T8643] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2291.038977][ T8653] netlink: 'syz.3.12652': attribute type 10 has an invalid length.
[ 2291.056827][ T8655] netlink: 140 bytes leftover after parsing attributes in process `syz.1.12653'.
[ 2291.301806][ T8657] netlink: 'syz.3.12655': attribute type 29 has an invalid length.
[ 2291.325156][ T8657] netlink: 'syz.3.12655': attribute type 29 has an invalid length.
[ 2291.345649][ T8657] netlink: 'syz.3.12655': attribute type 29 has an invalid length.
[ 2292.346659][ T8670] validate_nla: 1 callbacks suppressed
[ 2292.346678][ T8670] netlink: 'syz.3.12658': attribute type 10 has an invalid length.
[ 2292.380211][ T8670] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12658'.
[ 2292.464790][ T8679] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12661'.
[ 2292.490007][ T8679] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2292.637723][ T8682] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2292.759475][ T8687] netlink: 'syz.3.12663': attribute type 10 has an invalid length.
[ 2292.803754][ T8691] netlink: 140 bytes leftover after parsing attributes in process `syz.2.12664'.
[ 2292.956623][ T8689] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2293.022207][ T8696] sctp: [Deprecated]: syz.0.12666 (pid 8696) Use of int in maxseg socket option.
[ 2293.022207][ T8696] Use struct sctp_assoc_value instead
[ 2293.180304][ T8703] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12670'.
[ 2293.239462][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2293.275432][ T8703] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2293.861336][ T8702] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2294.184452][ T8715] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2294.284874][ T8720] netlink: 'syz.3.12675': attribute type 10 has an invalid length.
[ 2294.350884][ T8726] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12676'.
[ 2294.464929][ T8726] netlink: 'syz.0.12676': attribute type 3 has an invalid length.
[ 2294.503466][ T8726] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.12676'.
[ 2294.725604][ T8733] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12679'.
[ 2294.738318][ T8733] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2295.321300][T26486] wlan1: Trigger new scan to find an IBSS to join
[ 2295.670680][ T8741] netlink: 209592 bytes leftover after parsing attributes in process `syz.2.12682'.
[ 2295.692976][ T8741] netlink: 'syz.2.12682': attribute type 6 has an invalid length.
[ 2295.702449][ T8741] netlink: 164 bytes leftover after parsing attributes in process `syz.2.12682'.
[ 2295.816588][ T8746] netlink: 192436 bytes leftover after parsing attributes in process `syz.0.12691'.
[ 2295.821435][ T8743] mac80211_hwsim hwsim88 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2295.836540][ T8746] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2296.081115][ T8758] netlink: 'syz.2.12685': attribute type 10 has an invalid length.
[ 2296.150293][ T8758] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12685'.
[ 2296.170918][ T8754] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2296.206714][ T8759] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12687'.
[ 2296.249257][ T8756] netlink: 'syz.0.12687': attribute type 3 has an invalid length.
[ 2296.287399][T26494] wlan1: Trigger new scan to find an IBSS to join
[ 2296.500783][ T8767] netlink: 'syz.1.12690': attribute type 10 has an invalid length.
[ 2296.921882][ T8785] netlink: 'syz.1.12694': attribute type 10 has an invalid length.
[ 2297.622269][ T8789] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2297.788676][ T8798] FAULT_INJECTION: forcing a failure.
[ 2297.788676][ T8798] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2297.807959][ T8792] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2297.834299][ T8798] CPU: 1 PID: 8798 Comm: syz.1.12700 Not tainted syzkaller #0
[ 2297.841832][ T8798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2297.852108][ T8798] Call Trace:
[ 2297.855518][ T8798]  <TASK>
[ 2297.858474][ T8798]  dump_stack_lvl+0x18c/0x250
[ 2297.863282][ T8798]  ? show_regs_print_info+0x20/0x20
[ 2297.868866][ T8798]  ? load_image+0x400/0x400
[ 2297.873939][ T8798]  ? __lock_acquire+0x7d40/0x7d40
[ 2297.879359][ T8798]  ? mark_lock+0x94/0x320
[ 2297.883823][ T8798]  should_fail_ex+0x39d/0x4d0
[ 2297.889225][ T8798]  prepare_alloc_pages+0x1e2/0x5f0
[ 2297.894473][ T8798]  __alloc_pages+0x134/0x460
[ 2297.899458][ T8798]  ? zone_statistics+0x170/0x170
[ 2297.904801][ T8798]  ? do_wp_page+0x7ca/0x35f0
[ 2297.909430][ T8798]  ? do_wp_page+0xfc5/0x35f0
[ 2297.914266][ T8798]  __folio_alloc+0x10/0x20
[ 2297.918722][ T8798]  vma_alloc_folio+0x47a/0x8f0
[ 2297.923528][ T8798]  do_wp_page+0x1243/0x35f0
[ 2297.928258][ T8798]  ? folio_put+0xd0/0xd0
[ 2297.932534][ T8798]  ? do_raw_spin_lock+0x11f/0x2c0
[ 2297.937612][ T8798]  ? __rwlock_init+0x150/0x150
[ 2297.942452][ T8798]  handle_mm_fault+0x135d/0x4c00
[ 2297.947634][ T8798]  ? handle_mm_fault+0xe7/0x4c00
[ 2297.952727][ T8798]  ? numa_migrate_prep+0x350/0x350
[ 2297.957893][ T8798]  ? lock_mm_and_find_vma+0x9c/0x2f0
[ 2297.963288][ T8798]  do_user_addr_fault+0x730/0x12c0
[ 2297.968578][ T8798]  exc_page_fault+0x64/0x100
[ 2297.973188][ T8798]  asm_exc_page_fault+0x26/0x30
[ 2297.978221][ T8798] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 2297.984131][ T8798] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[ 2298.004290][ T8798] RSP: 0018:ffffc9000553f630 EFLAGS: 00050202
[ 2298.011083][ T8798] RAX: ffffffff8427bd01 RBX: 0000000000000cb0 RCX: 00000000000003b0
[ 2298.019267][ T8798] RDX: 0000000000000000 RSI: ffff888021fd8900 RDI: 0000200000005000
[ 2298.027549][ T8798] RBP: ffffc9000553f7c0 R08: ffff888021fd8caf R09: 1ffff110043fb195
[ 2298.035645][ T8798] R10: dffffc0000000000 R11: ffffed10043fb196 R12: 00002000000053b0
[ 2298.044169][ T8798] R13: ffffc9000553fe40 R14: 0000200000004700 R15: ffff888021fd8000
[ 2298.052276][ T8798]  ? _copy_to_iter+0x10a1/0x1120
[ 2298.057331][ T8798]  copyout+0x70/0x90
[ 2298.061327][ T8798]  _copy_to_iter+0x432/0x1120
[ 2298.066022][ T8798]  ? iov_iter_init+0x1e0/0x1e0
[ 2298.070785][ T8798]  ? __virt_addr_valid+0x18c/0x540
[ 2298.076097][ T8798]  ? __virt_addr_valid+0x469/0x540
[ 2298.081388][ T8798]  ? __phys_addr_symbol+0x2f/0x70
[ 2298.086594][ T8798]  __skb_datagram_iter+0xdb/0x780
[ 2298.091721][ T8798]  ? skb_copy_datagram_iter+0x200/0x200
[ 2298.097276][ T8798]  skb_copy_datagram_iter+0xb1/0x200
[ 2298.102581][ T8798]  netlink_recvmsg+0x2d4/0xe60
[ 2298.107435][ T8798]  ? netlink_sendmsg+0xbf0/0xbf0
[ 2298.112566][ T8798]  ? aa_af_perm+0x330/0x330
[ 2298.117084][ T8798]  ? __lock_acquire+0x1273/0x7d40
[ 2298.122195][ T8798]  ? verify_lock_unused+0x140/0x140
[ 2298.127391][ T8798]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[ 2298.132873][ T8798]  ? security_socket_recvmsg+0x89/0xb0
[ 2298.138501][ T8798]  ? netlink_sendmsg+0xbf0/0xbf0
[ 2298.143455][ T8798]  ____sys_recvmsg+0x2ce/0x5e0
[ 2298.148228][ T8798]  ? __sys_recvmsg_sock+0x50/0x50
[ 2298.153344][ T8798]  ? import_iovec+0x73/0xa0
[ 2298.157839][ T8798]  ___sys_recvmsg+0x216/0x590
[ 2298.162608][ T8798]  ? __sys_recvmsg+0x2a0/0x2a0
[ 2298.167453][ T8798]  ? ksys_write+0x1c4/0x260
[ 2298.172102][ T8798]  ? __fget_files+0x43d/0x4b0
[ 2298.176909][ T8798]  __x64_sys_recvmsg+0x20c/0x2e0
[ 2298.181961][ T8798]  ? ___sys_recvmsg+0x590/0x590
[ 2298.187095][ T8798]  ? lockdep_hardirqs_on+0x98/0x150
[ 2298.192488][ T8798]  do_syscall_64+0x55/0xa0
[ 2298.197197][ T8798]  ? clear_bhb_loop+0x40/0x90
[ 2298.202152][ T8798]  ? clear_bhb_loop+0x40/0x90
[ 2298.207163][ T8798]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2298.213633][ T8798] RIP: 0033:0x7ff53399c799
[ 2298.218681][ T8798] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2298.239562][ T8798] RSP: 002b:00007ff534871028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 2298.248175][ T8798] RAX: ffffffffffffffda RBX: 00007ff533c15fa0 RCX: 00007ff53399c799
[ 2298.256181][ T8798] RDX: 0000000000000000 RSI: 0000200000000a00 RDI: 0000000000000003
[ 2298.264492][ T8798] RBP: 00007ff534871090 R08: 0000000000000000 R09: 0000000000000000
[ 2298.272808][ T8798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2298.281145][ T8798] R13: 00007ff533c16038 R14: 00007ff533c15fa0 R15: 00007fff9e4a30a8
[ 2298.289408][ T8798]  </TASK>
[ 2298.292790][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2298.299704][T26494] wlan1: Trigger new scan to find an IBSS to join
[ 2298.356712][ T8794] netlink: 'syz.3.12698': attribute type 3 has an invalid length.
[ 2298.365438][ T8794] __nla_validate_parse: 3 callbacks suppressed
[ 2298.365453][ T8794] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.12698'.
[ 2298.587203][ T8811] netlink: 'syz.1.12702': attribute type 10 has an invalid length.
[ 2298.608964][ T8809] netlink: 'syz.0.12704': attribute type 10 has an invalid length.
[ 2298.643906][ T8809] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12704'.
[ 2298.787320][ T8814] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2299.135557][ T8825] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12709'.
[ 2299.156075][ T8825] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2299.357850][ T8829] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12711'.
[ 2299.381845][ T8829] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12711'.
[ 2299.407371][ T8827] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2299.440709][ T8829] netlink: 'syz.2.12711': attribute type 2 has an invalid length.
[ 2299.449129][ T8829] netlink: 'syz.2.12711': attribute type 8 has an invalid length.
[ 2299.502191][ T8829] netlink: 132 bytes leftover after parsing attributes in process `syz.2.12711'.
[ 2299.548767][ T8836] netlink: 140 bytes leftover after parsing attributes in process `syz.1.12713'.
[ 2299.896365][ T8850] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2299.934186][ T8847] netlink: 'syz.2.12716': attribute type 10 has an invalid length.
[ 2299.955420][ T8847] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12716'.
[ 2300.133349][ T8854] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.12720'.
[ 2300.164435][ T8854] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 2301.072298][T12379] Bluetooth: hci1: command 0x0406 tx timeout
[ 2301.235328][T26476] wlan1: Trigger new scan to find an IBSS to join
[ 2301.399203][ T8879] netlink: 140 bytes leftover after parsing attributes in process `syz.2.12727'.
[ 2301.606551][ T8886] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2302.657231][ T8895] netlink: 'syz.1.12733': attribute type 10 has an invalid length.
[ 2302.867815][ T8911] sit0: entered promiscuous mode
[ 2302.879982][ T8911] sit0: entered allmulticast mode
[ 2302.902228][ T8911] netlink: 'syz.3.12738': attribute type 29 has an invalid length.
[ 2302.917902][ T8911] netlink: 'syz.3.12738': attribute type 29 has an invalid length.
[ 2302.929030][ T8911] netlink: 'syz.3.12738': attribute type 29 has an invalid length.
[ 2303.236015][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2303.240566][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2304.220428][T26481] wlan1: Creating new IBSS network, BSSID e6:c7:35:40:7e:4a
[ 2304.364623][ T8954] validate_nla: 1 callbacks suppressed
[ 2304.364678][ T8954] netlink: 'syz.0.12759': attribute type 10 has an invalid length.
[ 2304.393906][ T8954] __nla_validate_parse: 2 callbacks suppressed
[ 2304.394128][ T8954] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12759'.
[ 2304.643917][ T8968] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12763'.
[ 2304.724671][ T8966] mac80211_hwsim hwsim85 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2304.757966][ T8968] netlink: 'syz.0.12763': attribute type 3 has an invalid length.
[ 2304.787187][ T8968] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.12763'.
[ 2304.942687][ T8979] netlink: 140 bytes leftover after parsing attributes in process `syz.3.12766'.
[ 2305.168220][ T8982] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2305.231192][T26476] wlan1: Trigger new scan to find an IBSS to join
[ 2305.463574][ T9000] netlink: 'syz.2.12773': attribute type 10 has an invalid length.
[ 2305.480005][ T9000] netlink: 2 bytes leftover after parsing attributes in process `syz.2.12773'.
[ 2305.540499][ T9001] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12775'.
[ 2305.893237][ T9014] netlink: 140 bytes leftover after parsing attributes in process `syz.1.12779'.
[ 2306.458123][ T9035] FAULT_INJECTION: forcing a failure.
[ 2306.458123][ T9035] name failslab, interval 1, probability 0, space 0, times 0
[ 2306.485682][ T9035] CPU: 0 PID: 9035 Comm: syz.0.12787 Not tainted syzkaller #0
[ 2306.493488][ T9035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2306.503606][ T9035] Call Trace:
[ 2306.503722][ T9038] netlink: 'syz.3.12788': attribute type 6 has an invalid length.
[ 2306.507025][ T9035]  <TASK>
[ 2306.507042][ T9035]  dump_stack_lvl+0x18c/0x250
[ 2306.507077][ T9035]  ? show_regs_print_info+0x20/0x20
[ 2306.507100][ T9035]  ? load_image+0x400/0x400
[ 2306.507127][ T9035]  ? __might_sleep+0xe0/0xe0
[ 2306.507150][ T9035]  ? __lock_acquire+0x7d40/0x7d40
[ 2306.532363][ T9038] netlink: 164 bytes leftover after parsing attributes in process `syz.3.12788'.
[ 2306.532821][ T9035]  should_fail_ex+0x39d/0x4d0
[ 2306.532865][ T9035]  should_failslab+0x9/0x20
[ 2306.532890][ T9035]  slab_pre_alloc_hook+0x59/0x310
[ 2306.532920][ T9035]  ? page_pool_create+0x71/0x5c0
[ 2306.532946][ T9035]  __kmem_cache_alloc_node+0x53/0x250
[ 2306.532974][ T9035]  ? page_pool_create+0x71/0x5c0
[ 2306.532997][ T9035]  kmalloc_node_trace+0x26/0xe0
[ 2306.533024][ T9035]  page_pool_create+0x71/0x5c0
[ 2306.533051][ T9035]  bpf_test_run_xdp_live+0x203/0x1b20
[ 2306.533085][ T9035]  ? 0xffffffffa0004740
[ 2306.533103][ T9035]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 2306.533123][ T9035]  ? 0xffffffffa0004740
[ 2306.533144][ T9035]  ? xdp_convert_md_to_buff+0x330/0x330
[ 2306.533198][ T9035]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 2306.625289][ T9035]  ? _copy_from_user+0xa5/0xe0
[ 2306.630182][ T9035]  ? bpf_test_init+0x119/0x140
[ 2306.634948][ T9035]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 2306.640473][ T9035]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 2306.645996][ T9035]  ? dev_put+0x80/0x80
[ 2306.650087][ T9035]  ? dev_put+0x80/0x80
[ 2306.654289][ T9035]  bpf_prog_test_run+0x321/0x390
[ 2306.659274][ T9035]  __sys_bpf+0x49d/0x890
[ 2306.663542][ T9035]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2306.669289][ T9035]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2306.676047][ T9035]  __x64_sys_bpf+0x7c/0x90
[ 2306.680741][ T9035]  do_syscall_64+0x55/0xa0
[ 2306.685314][ T9035]  ? clear_bhb_loop+0x40/0x90
[ 2306.690200][ T9035]  ? clear_bhb_loop+0x40/0x90
[ 2306.694938][ T9035]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2306.701099][ T9035] RIP: 0033:0x7f07b459c799
[ 2306.705621][ T9035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2306.725973][ T9035] RSP: 002b:00007f07b543c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2306.734518][ T9035] RAX: ffffffffffffffda RBX: 00007f07b4815fa0 RCX: 00007f07b459c799
[ 2306.742962][ T9035] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 2306.751229][ T9035] RBP: 00007f07b543c090 R08: 0000000000000000 R09: 0000000000000000
[ 2306.759718][ T9035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2306.768318][ T9035] R13: 00007f07b4816038 R14: 00007f07b4815fa0 R15: 00007ffe93598748
[ 2306.776750][ T9035]  </TASK>
[ 2306.967308][ T9043] netlink: 'syz.1.12790': attribute type 10 has an invalid length.
[ 2306.977899][ T9043] netlink: 2 bytes leftover after parsing attributes in process `syz.1.12790'.
[ 2307.128750][ T9049] netlink: 140 bytes leftover after parsing attributes in process `syz.3.12791'.
[ 2307.318102][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2307.375727][ T9059] netlink: 'syz.0.12796': attribute type 2 has an invalid length.
[ 2307.400704][ T9059] netlink: 'syz.0.12796': attribute type 1 has an invalid length.
[ 2307.415639][ T9059] netlink: 'syz.0.12796': attribute type 8 has an invalid length.
[ 2308.094490][ T9088] netlink: 'syz.3.12805': attribute type 10 has an invalid length.
[ 2308.162806][ T9091] netlink: 'syz.3.12805': attribute type 9 has an invalid length.
[ 2308.751236][ T9108] 
@ÿ: renamed from bond_slave_0 (while UP)
[ 2309.501255][ T9119] FAULT_INJECTION: forcing a failure.
[ 2309.501255][ T9119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2309.538706][ T9119] CPU: 0 PID: 9119 Comm: syz.1.12815 Not tainted syzkaller #0
[ 2309.546249][ T9119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2309.556592][ T9119] Call Trace:
[ 2309.559987][ T9119]  <TASK>
[ 2309.562940][ T9119]  dump_stack_lvl+0x18c/0x250
[ 2309.568008][ T9119]  ? show_regs_print_info+0x20/0x20
[ 2309.573374][ T9119]  ? load_image+0x400/0x400
[ 2309.577927][ T9119]  ? __might_fault+0xaa/0x120
[ 2309.582994][ T9119]  ? __lock_acquire+0x7d40/0x7d40
[ 2309.588317][ T9119]  should_fail_ex+0x39d/0x4d0
[ 2309.593388][ T9119]  _copy_from_user+0x2f/0xe0
[ 2309.598170][ T9119]  kstrtouint_from_user+0xde/0x170
[ 2309.603297][ T9119]  ? kstrtol_from_user+0x190/0x190
[ 2309.608425][ T9119]  proc_fail_nth_write+0x8f/0x250
[ 2309.613456][ T9119]  ? proc_fail_nth_read+0x260/0x260
[ 2309.619178][ T9119]  ? proc_fail_nth_read+0x260/0x260
[ 2309.624389][ T9119]  vfs_write+0x296/0x990
[ 2309.628817][ T9119]  ? file_end_write+0x250/0x250
[ 2309.633753][ T9119]  ? __fget_files+0x28/0x4b0
[ 2309.638600][ T9119]  ? __fget_files+0x28/0x4b0
[ 2309.643191][ T9119]  ? __fget_files+0x43d/0x4b0
[ 2309.648064][ T9119]  ? __fdget_pos+0x2a3/0x330
[ 2309.652801][ T9119]  ? ksys_write+0x75/0x260
[ 2309.657572][ T9119]  ksys_write+0x150/0x260
[ 2309.662042][ T9119]  ? __ia32_sys_read+0x90/0x90
[ 2309.666839][ T9119]  ? syscall_enter_from_user_mode+0x2e/0x80
[ 2309.672863][ T9119]  do_syscall_64+0x55/0xa0
[ 2309.677579][ T9119]  ? clear_bhb_loop+0x40/0x90
[ 2309.682291][ T9119]  ? clear_bhb_loop+0x40/0x90
[ 2309.687335][ T9119]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2309.693233][ T9119] RIP: 0033:0x7ff53395cfce
[ 2309.697667][ T9119] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2309.717548][ T9119] RSP: 002b:00007ff534870fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2309.726517][ T9119] RAX: ffffffffffffffda RBX: 00007ff5348716c0 RCX: 00007ff53395cfce
[ 2309.734699][ T9119] RDX: 0000000000000001 RSI: 00007ff5348710a0 RDI: 0000000000000007
[ 2309.742934][ T9119] RBP: 00007ff534871090 R08: 0000000000000000 R09: 0000000000000000
[ 2309.751174][ T9119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2309.759486][ T9119] R13: 00007ff533c16038 R14: 00007ff533c15fa0 R15: 00007fff9e4a30a8
[ 2309.767575][ T9119]  </TASK>
[ 2309.808324][ T9125] __nla_validate_parse: 4 callbacks suppressed
[ 2309.808344][ T9125] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12816'.
[ 2310.029209][ T9134] 
@ÿ: renamed from bond_slave_0 (while UP)
[ 2310.271458][T26481] wlan1: Trigger new scan to find an IBSS to join
[ 2310.394583][ T9141] validate_nla: 2 callbacks suppressed
[ 2310.394665][ T9141] netlink: 'syz.1.12822': attribute type 10 has an invalid length.
[ 2310.420033][ T9141] netlink: 2 bytes leftover after parsing attributes in process `syz.1.12822'.
[ 2310.467989][ T9139] netlink: 'syz.3.12821': attribute type 10 has an invalid length.
[ 2311.212736][T19787] wlan1: Creating new IBSS network, BSSID 62:ca:d5:55:73:09
[ 2311.471929][ T9160] netlink: 140 bytes leftover after parsing attributes in process `syz.0.12829'.
[ 2311.671490][ T9163] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2311.680868][ T9163] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2311.688942][ T9163] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2311.697805][ T9163] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2311.988443][ T9174] netlink: 'syz.3.12833': attribute type 10 has an invalid length.
[ 2311.997160][ T9174] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12833'.
[ 2312.226000][ T9182] netlink: 140 bytes leftover after parsing attributes in process `syz.2.12836'.
[ 2312.281189][T19787] wlan1: Trigger new scan to find an IBSS to join
[ 2312.330418][ T9184] 
@ÿ: renamed from bond_slave_0 (while UP)
[ 2312.585604][ T9193] netlink: 140 bytes leftover after parsing attributes in process `syz.2.12838'.
[ 2312.615060][ T9187] netlink: 'syz.3.12837': attribute type 10 has an invalid length.
[ 2312.630032][ T9187] netlink: 2 bytes leftover after parsing attributes in process `syz.3.12837'.
[ 2313.190466][T26476] wlan1: Creating new IBSS network, BSSID be:fd:0f:0b:9b:c8
[ 2313.225150][ T9207] mac80211_hwsim hwsim91 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2313.237637][T26494] ------------[ cut here ]------------
[ 2313.244178][T26494] WARNING: CPU: 1 PID: 26494 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440
[ 2313.254669][T26494] Modules linked in:
[ 2313.259074][T26494] CPU: 1 PID: 26494 Comm: kworker/u4:49 Not tainted syzkaller #0
[ 2313.267932][T26494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2313.278309][T26494] Workqueue: cfg80211 cfg80211_event_work
[ 2313.284237][T26494] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[ 2313.290646][T26494] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a7 f4 a0 f7 0f 0b eb bb e8 9e f4 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 90 f4 a0 f7 0f 0b e9 e0 fd ff ff e8
[ 2313.311967][T26494] RSP: 0018:ffffc90004e6fa20 EFLAGS: 00010293
[ 2313.318254][T26494] RAX: ffffffff89e62b82 RBX: dffffc0000000000 RCX: ffff88805f445a00
[ 2313.326967][T26494] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c89a0
[ 2313.335809][T26494] RBP: ffffc90004e6faf8 R08: ffffffff911c356f R09: 1ffffffff22386ad
[ 2313.345560][T26494] R10: dffffc0000000000 R11: fffffbfff22386ae R12: ffff88804c6b8c90
[ 2313.354106][T26494] R13: 1ffff920009cdf4c R14: ffff8880745f35b8 R15: 000000000000001f
[ 2313.362262][T26494] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 2313.371452][T26494] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2313.378249][T26494] CR2: 000000110c312b9f CR3: 000000002dd91000 CR4: 00000000003506e0
[ 2313.386509][T26494] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2313.395012][T26494] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 2313.403502][T26494] Call Trace:
[ 2313.407126][T26494]  <TASK>
[ 2313.410181][T26494]  ? mutex_lock_nested+0x20/0x20
[ 2313.415549][T26494]  ? trace_rdev_return_void+0x1c0/0x1c0
[ 2313.421308][T26494]  cfg80211_process_wdev_events+0x3bc/0x550
[ 2313.427354][T26494]  cfg80211_process_rdev_events+0xa1/0x110
[ 2313.433649][T26494]  cfg80211_event_work+0x2f/0x40
[ 2313.438730][T26494]  ? process_scheduled_works+0x96f/0x15d0
[ 2313.444754][T26494]  process_scheduled_works+0xa5d/0x15d0
[ 2313.451227][T26494]  ? worker_attach_to_pool+0x380/0x380
[ 2313.457014][T26494]  ? assign_work+0x3d2/0x5d0
[ 2313.462183][T26494]  worker_thread+0xa55/0xfc0
[ 2313.466851][T26494]  kthread+0x2fa/0x390
[ 2313.471244][T26494]  ? pr_cont_work+0x560/0x560
[ 2313.476062][T26494]  ? kthread_blkcg+0xd0/0xd0
[ 2313.481536][T26494]  ret_from_fork+0x48/0x80
[ 2313.486262][T26494]  ? kthread_blkcg+0xd0/0xd0
[ 2313.491081][T26494]  ret_from_fork_asm+0x11/0x20
[ 2313.496176][T26494]  </TASK>
[ 2313.499251][T26494] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2313.506990][T26494] CPU: 1 PID: 26494 Comm: kworker/u4:49 Not tainted syzkaller #0
[ 2313.514895][T26494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2313.525252][T26494] Workqueue: cfg80211 cfg80211_event_work
[ 2313.531129][T26494] Call Trace:
[ 2313.534602][T26494]  <TASK>
[ 2313.537559][T26494]  dump_stack_lvl+0x18c/0x250
[ 2313.542363][T26494]  ? show_regs_print_info+0x20/0x20
[ 2313.547612][T26494]  ? load_image+0x400/0x400
[ 2313.553276][T26494]  panic+0x2dc/0x730
[ 2313.557363][T26494]  ? bpf_jit_dump+0xd0/0xd0
[ 2313.562223][T26494]  ? ret_from_fork_asm+0x11/0x20
[ 2313.567311][T26494]  __warn+0x2e0/0x470
[ 2313.571307][T26494]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2313.577257][T26494]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2313.583189][T26494]  report_bug+0x2be/0x4f0
[ 2313.587568][T26494]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2313.593342][T26494]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2313.599196][T26494]  ? __cfg80211_ibss_joined+0x3d4/0x440
[ 2313.604855][T26494]  handle_bug+0xcf/0x120
[ 2313.609456][T26494]  exc_invalid_op+0x1a/0x50
[ 2313.614235][T26494]  asm_exc_invalid_op+0x1a/0x20
[ 2313.619179][T26494] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[ 2313.625517][T26494] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a7 f4 a0 f7 0f 0b eb bb e8 9e f4 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 90 f4 a0 f7 0f 0b e9 e0 fd ff ff e8
[ 2313.645765][T26494] RSP: 0018:ffffc90004e6fa20 EFLAGS: 00010293
[ 2313.652023][T26494] RAX: ffffffff89e62b82 RBX: dffffc0000000000 RCX: ffff88805f445a00
[ 2313.660276][T26494] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c89a0
[ 2313.668427][T26494] RBP: ffffc90004e6faf8 R08: ffffffff911c356f R09: 1ffffffff22386ad
[ 2313.676567][T26494] R10: dffffc0000000000 R11: fffffbfff22386ae R12: ffff88804c6b8c90
[ 2313.685143][T26494] R13: 1ffff920009cdf4c R14: ffff8880745f35b8 R15: 000000000000001f
[ 2313.693671][T26494]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2313.700002][T26494]  ? mutex_lock_nested+0x20/0x20
[ 2313.705004][T26494]  ? trace_rdev_return_void+0x1c0/0x1c0
[ 2313.710749][T26494]  cfg80211_process_wdev_events+0x3bc/0x550
[ 2313.716877][T26494]  cfg80211_process_rdev_events+0xa1/0x110
[ 2313.723079][T26494]  cfg80211_event_work+0x2f/0x40
[ 2313.728282][T26494]  ? process_scheduled_works+0x96f/0x15d0
[ 2313.734363][T26494]  process_scheduled_works+0xa5d/0x15d0
[ 2313.740138][T26494]  ? worker_attach_to_pool+0x380/0x380
[ 2313.745874][T26494]  ? assign_work+0x3d2/0x5d0
[ 2313.750735][T26494]  worker_thread+0xa55/0xfc0
[ 2313.755346][T26494]  kthread+0x2fa/0x390
[ 2313.759408][T26494]  ? pr_cont_work+0x560/0x560
[ 2313.764176][T26494]  ? kthread_blkcg+0xd0/0xd0
[ 2313.768871][T26494]  ret_from_fork+0x48/0x80
[ 2313.773585][T26494]  ? kthread_blkcg+0xd0/0xd0
[ 2313.778313][T26494]  ret_from_fork_asm+0x11/0x20
[ 2313.783538][T26494]  </TASK>
[ 2313.787308][T26494] Kernel Offset: disabled
[ 2313.792512][T26494] Rebooting in 86400 seconds..