last executing test programs:

19.77960464s ago: executing program 1 (id=6012):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140), 0x9}, 0x104101, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r1, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x23)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r2, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0xa, 0x5, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xda, &(0x7f0000000580)=[{}, {}], 0x10, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0x71, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="8fedcb790700117df37538e408066337ce2206"], 0xfdef)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r1, @ANYBLOB='\b\x00'/20, @ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="009916bda500000001000000000022f8fda0e323fce4000000000000"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x3, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="18020000000000000000000000aeec261e0000002e00000050a8960000000000aea75306872f20207b1af8ff00110000bfa100000000000007ffffb702000008000000b70300000000000085000000b2000000950000000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r7, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000440)="340b76235e542388314c94ffb092fe45f73f8c986973c4976cfb5e6d1d8c82244df1f513a1c1fbfa9a9f0b95aeb353c71ce43ab84de2d842a33e91ce88d884ec2a248e85b886f115b686136aaf601bbff88abe474a8494073ad74fa9adc48bb0"}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a118", 0x1d}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x3, 0x1, 0xfff7}}, 0x80, 0x0}, 0x200008d5)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f7d28344b90402", 0x11}], 0x1}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0x33fe0)
r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r9)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r10, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r11 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={r11, r10, 0x4, r10}, 0x10)

19.724735301s ago: executing program 3 (id=6013):
perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x20122, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x8}, 0x18944, 0x401, 0x25, 0x0, 0x10000000001, 0x200, 0x8, 0x0, 0x19, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000bc0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz0\x00', 0x200002, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000181d00", @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xc, &(0x7f00000001c0)=@framed={{}, [@printk={@lu, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0x3, 0x0, 0x0, 0x5, 0xa8, &(0x7f0000000640)=""/168, 0x0, 0x40, '\x00', 0x0, @sock_ops}, 0x94)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="140000004f007f049e", 0x9}, {&(0x7f0000000080)="00000000000000001b0000", 0xb}], 0x2}, 0x800)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x63, 0x2, 0x0, 0x0, 0x0, 0x0, 0x37a05, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x500}, 0x1075, 0x0, 0x0, 0x0, 0xffffffffffffbbfe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1c0000000000000}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080))

19.458228209s ago: executing program 0 (id=6014):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000ffffffff00000000fdfffdff850000002800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000005c0)=r2, 0x12)
r5 = openat$cgroup_ro(r4, 0x0, 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
r8 = socket$kcm(0x29, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r10 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r10, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg(r8, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000040)={r10, r9})
close(r8)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000091102f000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

19.457987839s ago: executing program 2 (id=6015):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
close(r0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={0x0}, 0x18)
r1 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r1, &(0x7f00000039c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af014a31ba377a1b2cc32b38d3aa2a70297400"/57, 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) (fail_nth: 2)

19.375057641s ago: executing program 3 (id=6016):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0x17, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x9}, {}, {}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x373df1d4}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0x10, 0x1, 0x7f}, 0x10, 0x2b264, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000580)=ANY=[@ANYBLOB="050000000200000071114200000000008510000002000000850000000500000095000000000000009500a50500000000379004f7e21d206adcb51802bdcd5e786cae88945aec2bf66c35921853918e2e1a0f8833eefade9b2c391d0d7d9e7b9d5aaaff9a3b8b00928520"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r1 = socket$kcm(0xa, 0x3, 0x3a)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x40100, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000d80)=ANY=[@ANYBLOB="18000000ff7f000000000000060000008500000018000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xfe80000000000000, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)='\x00\x00', 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x80}, {0x6, 0x0, 0x0, 0x4}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000200007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

18.580616452s ago: executing program 1 (id=6017):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1ad76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c0d000000ba090000160af3653c001ac004000202080002000300", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4a046)

18.566801492s ago: executing program 2 (id=6018):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000b6c8cff00f90429fc60010f5ddf", 0x14}], 0x1}, 0x0) (async)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0x3) (async)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000180)=0x8) (async)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7a, 0x2, @perf_config_ext={0x9, 0x1}, 0x0, 0x36, 0x1e7e7df9, 0x7, 0x5, 0x6, 0xa, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x1, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x1}, 0x108e64, 0xc78, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x200000000200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000080), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb0100180700000000f600f400000544000000000000000003000000000000000000e91d01000000120e6f2b2eac2265e5897cab756cee3c0800880e545307ebb8bf77a24fcdf2d0bb959661be14ea08d82504c8"], 0x0, 0x29, 0x0, 0x1, 0x0, 0x10000}, 0x28) (async)
write$cgroup_freezer_state(r2, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
socket$kcm(0xa, 0x5, 0x106) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_type(r3, 0x0, 0x2, 0x0)
write$cgroup_type(r4, 0x0, 0x0) (async)
r5 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000300), 0x12) (async)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(r7, &(0x7f00000000c0), 0x12)
socket$kcm(0x10, 0x2, 0x0)

18.442056066s ago: executing program 3 (id=6019):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x4b, &(0x7f0000000100), 0x120)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000023000b02d25a806f8c6394f90224fc60", 0x14}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f0000000180), 0x9}, 0x8000, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x1, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4}, 0x94)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f91424fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r8 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r8, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(r8, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x20000000)
close(r8)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x1b, 0x4, &(0x7f0000000980)=ANY=[@ANYRES64=r5, @ANYRESDEC=r7, @ANYRES32=r6, @ANYRESOCT=r3, @ANYRESHEX, @ANYRES64=r8, @ANYRES32, @ANYRES8=r7], 0x0, 0x0, 0x0, 0x0, 0x40efe, 0x4, '\x00', r4, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000340)=ANY=[@ANYRES32=r1], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1b, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r9)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xfffffeff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000002540)=ANY=[@ANYBLOB="611534000000000061134c0000000000bfa000000000000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000005000000160300000ee60060bf050000000000000f650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f674629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5480a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000005574d074fa7e93447a88c0fbab48660aae7cdf367ef0e4538279b6113de5b94e1056f443305145c9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
r10 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

18.28698967s ago: executing program 1 (id=6020):
socket$kcm(0x2, 0x5, 0x84)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x2, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xf}, 0x90208, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3b}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x80000001, 0x450f9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x1, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x10, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x76, 0x1ef7}, 0x4eaee940fbe0b616, 0x400, 0x98, 0x1, 0x2, 0xfffff271, 0xfff8, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
ioctl$SIOCSIFHWADDR(r3, 0x8b1b, &(0x7f0000000000)={'wlan1\x00', @broadcast})

18.220633811s ago: executing program 2 (id=6021):
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0)
r1 = socket$kcm(0x2, 0x6, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002fc0)=ANY=[], 0x0}, 0x94)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r3, &(0x7f0000000040)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0xd0, &(0x7f0000000080), 0x1}, 0x0)
sendmsg$inet(r1, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00', 0x0, 0x10, r2}, 0x18)

18.156571433s ago: executing program 0 (id=6022):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socket$kcm(0x2, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xf, 0xc, 0x0, 0x0, 0x0, 0x8, 0x640b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x80000001, 0x9}, 0x8000, 0x83, 0x43a1bd76, 0x7, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200c}, 0x0, 0xffffdfffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888ca2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000e00)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000010000ffffffff0604000000002eb800"], 0x0, 0x28, 0x0, 0x1}, 0x28)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000780)=""/174, 0xae}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000001b40)=""/4050, 0xfd2}, {&(0x7f0000000b00)=""/4117, 0x1015}, {&(0x7f0000000600)=""/212, 0xd4}], 0x5}, 0x20)
recvmsg$kcm(r2, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x80)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x10b8}, 0x20000000)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)}, 0xfc)
sendmsg$inet(r5, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)}], 0x1}, 0x4000080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x100, 0x2000000, 0xd384ed8852b2f03d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f3, 0x0)

18.079813305s ago: executing program 2 (id=6023):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000ffffffff00000000fdfffdff850000002800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000005c0)=r2, 0x12)
r5 = openat$cgroup_ro(r4, 0x0, 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
r8 = socket$kcm(0x29, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
r10 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r10, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg(r8, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000040)={r10, r9})
close(r8)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000091102f000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

17.89909817s ago: executing program 3 (id=6024):
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000540)={0x2, 0x80, 0xd1, 0xfe, 0x0, 0x0, 0x0, 0x8, 0x8602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000800)}, 0x12280, 0x2, 0x4000000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x2020)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000001c0)=@raw=[@map_idx_val={0x18, 0xa, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f0000000280)='syzkaller\x00', 0x7, 0x1a, &(0x7f00000002c0)=""/26, 0x41100, 0x28, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000440)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x2, 0xf, 0x1ff, 0xe50d}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000005c0)=[r1], &(0x7f0000000600)=[{0x4, 0x2, 0x5, 0x1}, {0x0, 0x3, 0xe, 0xa}], 0x10, 0x8}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0500000001f01f00350100007b00000001000000", @ANYRES32, @ANYBLOB="feffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000ffff00000000000000000000cdcab1dfa10bb0e4da00000000000098c55c103da51839d56752cd3f4cc72593ca3dc3659f"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xf, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f00000007c0)={r2, &(0x7f0000000000), 0x0}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffeee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080307000000e8fea4a1180015000600142603600e120800110000810401040016fc0a00104004000000036010fab94dcf5c0461c1d67f6f94067134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40000)

17.753724004s ago: executing program 3 (id=6025):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140), 0x9}, 0x104101, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r1, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x23)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r2, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0xa, 0x5, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xda, &(0x7f0000000580)=[{}, {}], 0x10, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0x71, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="8fedcb790700117df37538e408066337ce2206"], 0xfdef)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r1, @ANYBLOB='\b\x00'/20, @ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="009916bda500000001000000000022f8fda0e323fce4000000000000"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x3, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="18020000000000000000000000aeec261e0000002e00000050a8960000000000aea75306872f20207b1af8ff00110000bfa100000000000007ffffb702000008000000b70300000000000085000000b2000000950000000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r7, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000440)="340b76235e542388314c94ffb092fe45f73f8c986973c4976cfb5e6d1d8c82244df1f513a1c1fbfa9a9f0b95aeb353c71ce43ab84de2d842a33e91ce88d884ec2a248e85b886f115b686136aaf601bbff88abe474a8494073ad74fa9adc48bb0"}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a118", 0x1d}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x3, 0x1, 0xfff7}}, 0x80, 0x0}, 0x200008d5)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f7d28344b90402", 0x11}], 0x1}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0x33fe0)
r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r9)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r10, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r11 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={r11, r10, 0x4, r10}, 0x10)

17.567142279s ago: executing program 0 (id=6026):
close(0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0}, 0x20, 0x10000, 0x9e6, 0x7, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d33, 0x8015, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x500, 0x1000000, 0x0, 0x0, 0x10, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@ifindex, 0x13, 0x1, 0x46cb, &(0x7f0000000040)=[0x0], 0x1, 0x0, &(0x7f0000000280), 0x0, 0x0}, 0x40)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x40810)
recvmsg(r0, 0x0, 0x0)
recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x61, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x10100)
r1 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100201, 0x0, 0x0, 0xe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002e000b12d25a80648c2594f90124fc60100c02400a000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

17.402944744s ago: executing program 1 (id=6027):
close(0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0}, 0x20, 0x10000, 0x9e6, 0x7, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d33, 0x8015, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x500, 0x1000000, 0x0, 0x0, 0x10, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@ifindex, 0x13, 0x1, 0x46cb, &(0x7f0000000040)=[0x0], 0x1, 0x0, &(0x7f0000000280), 0x0, 0x0}, 0x40)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x40810)
recvmsg(r0, 0x0, 0x0)
recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x61, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x10100)
r1 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100201, 0x0, 0x0, 0xe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002e000b12d25a80648c2594f90124fc60100c02400a000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) (fail_nth: 1)

16.721429622s ago: executing program 2 (id=6028):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1ad76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c0d000000ba090000160af3653c001ac004000202080002000300", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4a046)

16.622394875s ago: executing program 1 (id=6029):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000009e01000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={r0, 0x58, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
close(r5)
write$cgroup_devices(r5, 0x0, 0xfffffeff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x7, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0xb, 0x1, 0x0, r4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xa76}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff9}], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x4f, &(0x7f00000001c0)=""/79, 0x41100, 0x0, '\x00', r2, 0x0, r4, 0x8, &(0x7f0000000840)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000880)={0x2, 0xb, 0x7fffffff, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000008c0)=[r5], &(0x7f0000000900)=[{0x5, 0x1, 0xc, 0x2}, {0x5, 0x3, 0x9, 0x1}], 0x10, 0xf795}, 0x94)
write$cgroup_subtree(r4, 0x0, 0xfdef)
write$cgroup_int(r4, &(0x7f0000000000)=0x7, 0x12)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x5, 0x41}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000b80)={r6, &(0x7f00000014c0), 0x0}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x5, <r7=>0x0}, 0x8)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x1f, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000090000000000000d01000000181100f0", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000018964900100000004549a6ff1000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085200000030000001830000002000000000000000000000018320000040000000000000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x40, 0x59, &(0x7f00000003c0)=""/89, 0x41100, 0x7, '\x00', r2, @sk_reuseport=0x28, r4, 0x8, &(0x7f0000000580)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x10, 0x3, 0x5}, 0x10, r7, r1, 0x7, &(0x7f00000006c0)=[r0, r0, r0, r0, r8, r0, r0, r0, r0, r0], &(0x7f0000000700)=[{0x1, 0x1, 0xe, 0x8}, {0x0, 0x5, 0x4, 0x9}, {0x4, 0x3, 0x10, 0xb}, {0x2, 0x2, 0x6, 0x3}, {0x1, 0x5, 0x2, 0x8}, {0x3, 0x3, 0xe, 0xc}, {0x0, 0x1, 0xa, 0x5}], 0x10, 0x4}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1b00000001000000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="0d85278eedaa1f9d25a494bcd94b3a1521", @ANYRES64=0x0], 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

16.603449955s ago: executing program 0 (id=6030):
close(0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000000800"/32], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f00000011c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000005380)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000400f8ffffffffffffff000700000000002e01004dd74383a51cbb482080a96d4124c7eda2eee2f0b5bf041aebd9eee9d5072292fd827e97e49578d61343323975a2f0c8e336ff28c4843e59c73f0c6f2680c4bfdd65004d44ed2ce6e495f526da5a5e56788296952ebb84f910853a6ecf62aa8f920ec7a5fcd5973addac71ef7e2585ab9cbca9cf0aee5d752fc83b6af094440c9374a1cd355145dd87e26650b3a7a8255e4b723dc22d699f9b4c1e4f388f47f7fac50d6678932927e1ef1d0c1be01a5e8d63b5bb"], 0x0, 0x28, 0x0, 0x1}, 0x28)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
close(r4)
recvmsg(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000015c0)=""/4096, 0x1000}], 0x1}, 0x100)
write$cgroup_devices(r4, &(0x7f00000005c0)=ANY=[], 0xfffffeff)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1e0000000020010004000000356c070040000000", @ANYRES32, @ANYBLOB="409600"/20, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="0400000004000000030000000100"/28], 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000380)={0x5, 0x80, 0x8a, 0x3, 0x40, 0x3, 0x0, 0x10000000000, 0x8880, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x4, @perf_bp={0x0, 0x3}, 0x4008, 0x3, 0x0, 0x6, 0x7, 0x4, 0x2, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
r7 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0xfffffffffffffff2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
close(r9)
recvmsg$unix(r8, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r7, 0x84, 0x6e, &(0x7f0000000000)=r10, 0x4)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x4b, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r11=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r11, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96')
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0}, 0x20, 0x10000, 0x9e6, 0x7, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d33, 0x8015, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_config_ext={0xffffffff, 0x20002}, 0x500, 0x1000000, 0x0, 0x0, 0x10, 0xb}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@ifindex, 0x13, 0x1, 0x46cb, &(0x7f0000000040)=[0x0], 0x1, 0x0, &(0x7f0000000280), 0x0, 0x0}, 0x40)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000003a00)=[{&(0x7f0000002a00)="8709647b5f67a64b023e8e0ddf0ace80e829f1ddd09ad4dead8339e0457de01a2f7de6ce32c55af0995ffc743de365cc7638337dacc63b3032248d2ccda7508d681a0e0b557df301b45b89d9c33fef254c4f84ae5135023fd6ddcec03af7caf1e3b3b58afd1855303a4e1cbd3013e976a80105b0baab2b48333ae511fa049b992e49967cf714460cc80e83082a118bca11e3a351716fb9d2e32a5558c862d6788c8af4a7bb2d902f846b8570f3bd4b7b0799c7572ba974549153b11a4be93e01992b318129cea461119bb28067b55f32060ca32c8a6f44fe89dd7d940c0fb674f1f56bcba3bc323915000f2e2e0cbd19d95845ef53fb14384fe30041a9dfe51b7685685c9c28c788969cdb88b79a7fa242e9a81b995ee33f84d4211f7c32076d742bfbe2c189075b285cc113d457750cc1737e7931066124f58b0466e907745de9b17c23fe795b6342908e9bb7048809926a171692e1470e257004b30c7d1ea04f021226146262d79e14bed242bfd664d9b867fc9d2328cc6b13f009a68f258949b461674c0f9454d1cb6fe1c1ea2a11b9a75e1a0dfbae68e19365964c661c39a821c95cf3f779e0c439329de29478c4732aa398491dadf5e51cd64ffcf74a1611330c5e77612f7b0c616a0f62512093fde7b7bab0ed812eec1680f46941741e0447373d5860daa039195dd29465836d12fdea6eec1861baec369f06c92f80158144138bb446ea35e0e81e3107921010e6b059445ee85759b987106fa1a60aa6fa9f4ad97178037ea4db89718a3f9089567bfb73288d23bed8c6876d9bf1ba3999180cb2ec91a7d74b876703c55aeced6030289670790851221503200591661012f7e5767d392d494db37ee3bedafd06c941e0e3c0e8410f5ad7f4045022d905e1c08799c2f813c12c68872eec0c5b9bc27c310e2d873fc7795ef73c881178932cc8b2b49701fc63c46a6c28d63b8c69882dd01b92f5374fbd93fa6c94ac865c7728b5a1b09e4ee74402d90662e56ef21816e3c609a2aa62b5f1736514feea4fdc9363afcff7f94a3d6f1faa05f40b8502a898a8ac1133beca8f7225356ade10f806a4a59c7d47e52672a693c415ab87af499b3f35299b7c8891026a1a4694a93c17328312024a68f56c07772501d910b39dcbd448b5778d5c226f968041b4827ec2479e2f5bc639bee8f4b57a580b9391df0760ae01c9f6bb4cc910e3ab756272c98cc5be37019feefe9dbabb8434a9f9bb127fd56179b11e6fd3fa16c5487132c523a16dc843696b1bebc85cc52f9b79603ab99f231c094c31cf71366169454d3ea0308788eb825707f9ae40111a0afd43de4595df0f21d3c81e79a5f4dcdc6b9b53e47df4ccd5647b663c2b6a106014df2552c4d86bb9fa350b8096886fb8a7797d2fd59ef77b2d24d334503e10a4f73bae70aa7e60dadda2066c11222db4a7cc058ba025f1f7f7fc2c54baad2e523a9b9fedc349722d01fdc1a28b0e2cbcbabba712a064a4a7def3a165bc3bd99190f3d2e3709431367f756071b8991fdd57eada23352356b0a7b9f403fb04afc67f693033b69116b36f5eeebee5fa6e8cd7a46abca79936aadeda7dd1a3f3bb5b13cc0deaae1591ba26fe6d3f61c52b2e48449584f8d8e01d8da7e05d3aa74e9fed2d384c2e90861c2ff38986ba16fec8b38513274a47fb6891b43594cb224eca7576d410a990da0e975a28fe40a7212d02e3ba5c7ec2295dd551acdd54a3fba51d4b7f14cdbf0427ad5980b65f056ff2219b79e84ad89a98218263f88df2243134d887aab7156570d925615c46c8d13d6ca9ef4671a6e124454acbdca79e8bb6e177e79781d775af8bf269c0014009a67aef3c508c1131b730db042488f90144d39d82b1b54ac75a995159b564a78ab625f3a3a2db6ade6ea69f206665c41f2285f092873568e1214019df2a6dda14a7cd230eccb0fe763c2615f1b3d391821ed672e39fe64215bf3be0459817379df773465020edf97e86262e7692403bd5decb1318dd3a6f663d3ffc3d609fee29cd6134cc68a7f5c9450424a904dfc5a98fa8bbe5c228143db7b55ac418404085c193023b9248ab2fc80c3515e48374501be914628fbef87447cca84cc2a29c152e6b40edecdc112870439822dc7b8ea0e9535b54180b67e1e6c9f0f39959f737716fd5080f33a397bc78d3d4a26d61d3cf814aef852581c8b5ed64c371d1837af652355c658b4eadd92af12f952a12a11e86a0420129f7cb2cec3b5b9aadf7b1a8bd50cd5750adc6f57f6c86a9f3754b81f2d3644d203b45bc11ac0b31889379c6ef8a7c33ac2760d81e6c6e99d79c2c4f436d11d216232c783ae8b87cc2ff4e3cda7d8584048aeaf4b2dc4602d3f1c82deb4629c0b51e30fefb879f2f2c60192dc9a6374e0090200df6340039654eb5a836926883f9bda839a3f3e28efe4d52813412778d5c5fbf1c92322b670cfb9c988da1edeaa8d96556c67a7577a9afa3995f7e985b689f1501eeac068669f13b025ca38c1b7c622d5863cc1fddf27957546e66839f6006d0729afe85bfbba7c1ade744e6b29f0eb12f17a1d215498e8fd5b23ba76e484edf9e0699411714cc299742d1492a2490755b33aba88e9a9a04c2b9ff888dd9c390ecae4f33e88cd128e68144fb856db51d9f1be0c9cd71c5b2b82be21ad6f402608b06dc89b3cf134a5b3ed622fd0b22d6ebcb872c6fdae143a73e80bd9de347db5c543e0d4076c44321da5c2f3bcecbe583450b92aaaa5ea7ee218ee8042b948dd69e1ced05f34b839f1d5c2d6db6e2b26026d65e6e147af583cc455e19826ffacf4e95a7b620816c28f418b15ed0711efafdd8cb439ea9f310deddc2dbe327608c853c0db6b37f8e6eac785cd3cacedc55fe2c0ca67493be9d37280b341146a8327d0cd0fea39c09ff0f5429abb49ebe85cc5f17c5ff416955af23d72e5dcfd6bd652d8555899aaa78e915ca6566bc95ab46525be4b429fa94d82fbd263b4d00b8f45587231d3a83571e0e1894f5baa95adda2e98de0c44298bb8a542f2805729673ef82362f449533031b673f58bcb74defca4d5a374a0a9c909b3cae4bb8fc01ddfa1d57817cffc9488081e695ae73c798afd9ba37276c0072a8b47fe895c164f0ccb5861ff6df99c286dc094070509e83aa4d76986d11722a9a8fda9416bbd0cc956f360a40c939f0dd17753caee834b7061269b56ebd46a6799cb6e8ba65d1d743da9f3467d7de56089e77f913265c14246b3916ccad5715e4c65d64eadbd389fe6572f42a3bf42f9fac04f1ba7f4c26609bcf4bf51d3d1287e1850a73ba50b8f8c724c09cd9f6f69d0d7f07c3269d38daa52f052c330af7827132047cbe84574dd9c5d5f02c5638654b3a8969a563851332799d758ff2bea1ad789ac52d44596261a535a1712adca13cf43dd9358a374504ccc5be19486faa89af8d375abee731e1612761e14c6ddac5613ec1142fac8588b7f2863fb9c8d00d5aa9259b2216cb98668b600dee456d2d22350535dc45b999264bd1ae0b7cdc5dd00ba1fb577a0c5d1c89e3c850494c979afc6b028658f9054a174ee707b9ad7afabd180b3c73c447882df89098a3d6b46b82ce3eabdd69ed84fddc56f86d3f0dc90b87eac478012a5f849a6bcbb342517d3f164b02a9e86c7aeceaae07398eb92e74ec89cee1cd16bb51b81e1256c4e5b2f7286eb828843c65cdb4adb8d4b978f1a76850abda459158af939be08353553b01e0d1bcb064f34e58938d637f43995d80319c22705611d616a7759e47e74d6216594bfaa4702761e69ef6214db4cf9ac314979ab8bc9b8e666f37035e3910f06c23e3a1114216968b21f6ba7c2b0101ae3e7a088533a9a6f276de5dc7e0650215537f78c50058782acef9c9789a9d5527a89ca8ccc7f0c86ae105b126e31cb68dc2efeb21c8679566947f59eb85fae353f96ce080755086c6171730883a9410a931dfa3ec4c7e7eaf9af9024058559d0043322f7792ef0d7add76197f4a484e3a5c256d6ec577c3cc950c9565431de693fae71798191e77bab6239ee55104f6dd5d2140d5f336cb290effc58cf27ace6c5dfa46fb022370cda49303c173307205cdc464cf467ea8245ceab0c449b1b926ddb35bbb16d6e8789488bd032b488b17007dc2830b265dcc34e58726296d57d5d1a904f26b94e8fec095edbe5b33d75deab1cf755deca0bb99792e85cf6c156c2ba83aefea08eb86b7782e1fc8658a6a54a1ff1bb8ad471b81689dff7559ffc84397d9db27a58d1a9bf8d56ab58eda2f5c32d4eed194b5878429745cb093aaeee781d61d03298ef648e0ed34b1e638a468281965092d420d05d0e00096953d354553f66f85b209dfbd883f706d7a8ba2352077e911b83bdf29e9f2f6dd1a54f036b3a07acce201a695e655e1fdde195196803f109d6336c5a2bddc4c5f4cc10ee89a94041c7c64c4baa6a39b415dfc9cab08d7b0e987204c249d0043ce3d3cf9ef923c65faa602428f289ef316c7f0d072df5d442890c3d3269cc24cbc5abc77a0cf5f8f99c67715ea463b4b0bdb64804489d1882fd0629cab7869a7364cdb40ad958c1506b69b33577afc82db0a6ef63ee8589ee338617f141af872b925e6bb067712562d8ec4ee9120af854cd76f59133d3c4902898c2c11bc46893a4f52eec6f7ea908960fa25be8787ae6ca100cdd18992193399b5b0ed035d1835b295761e70ae4d0faf20b9eb6398c16598ab90b5bd19f6c8fedcd8d88601d90dc3a2333fddec3fd9da231de4da0fd61293a717df21d568e161499525eed1dbdbe03112bd7601b561242a4dddd24617e06ff5f2ed8c86e1839b2cfebdbce7fbf1de5e3fcfda80699ff702fec23d1d4a8c1c77991f5c0001ddbd73984f248ee110fc5beab789777662a04b79f7c5811350b2381999e1a453c664f08615b0d22dc5d947c17a8a85d4ac9f9e072faf3addd7a952a9041165d293aedaf81e073e463395314baa9aa36f75ccb1f607d21e24ba443ce639c8fa1d7d8a5af8d31946d8f2a4ac41021830a7deeb874cc1ff7ba2bd12ad3ca0966c487d2a1b949fed0d561b810d2b750c787d211e206c291b22257dbf1ce9181e8c66fa56cba12188630d1a6561ee288e99409c551878d1aef1b767e8f2fe6513ccbed38f61a7465936c069bc818f98b63fd8926f589276122382c21484993bd6dc0ae2a431301ebed3dcad1ea53a46e3fb0c938d7aea87fc2d55767c81936046c39222dbd62be7b533fa65e00cae4cbfd7cde4de63087ea4068bbf2a4df16bf69a15d99966ed37d411e15f11c021b32ee6c1cf2a28ab2db84c138bc276f2ca513a6f5ccdecc2a530f2081a14a2413b40775f7996f16a20bcfb540d2465a32a07decc00399fd892ca1eda7e76bcddb5985893e4f4a0453e0e6451b45624f1cad3a15f78418833c52aa6b1ef99525ad12dab73fe185d720e9c70e86189774c13ceab5cb5839d3587218edc4a637b23602a74b9f5be445cc2d10dafe48abe752b64d89cc92882293518382c06b9d7b9f550a4551eceb4202fcd07a361698a53182bcf727247204595d42b5834578aa20ae923ebba025d1c93b67f397558af5bf85fdac30a7065527189d63a1818b0c0714c869d6c46f8bb06f78b468e0df7eccf2228b82f2d7489f75080e26bf13c0b686cabfc3904e643c07debf2505503aead3a0f695dfc29e66714b33df1e90145cd4bbbda665ecbaf00c27b7f2592adc19e3c42551cec2f408fae9e0b51680f1c2da27d406c4bb2969d14dd6e8db69055bf5aeb1ef7d57bb5f5113c", 0x1000}], 0x1}, 0x40810)

16.547844356s ago: executing program 3 (id=6031):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000ffffffff00000000fdfffdff850000002800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000005c0)=r2, 0x12)
r5 = openat$cgroup_ro(r4, 0x0, 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
r8 = socket$kcm(0x29, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r10 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r10, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg(r8, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000040)={r10, r9})
close(r8)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000091102f000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

16.547122426s ago: executing program 2 (id=6032):
socketpair(0x24, 0x800, 0x774, &(0x7f0000000380))
r0 = socket$kcm(0x10, 0x7, 0x4)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400, 0x94001, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1009, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x18820, 0x5, 0x6, 0xaaf04684de878bda, 0x9, 0x6, 0xfffe, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000001140)={r0})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x520, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0xa99, 0x3}, 0x8500, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000700000000000100008000009500000000000000cddf88304f94d149afc6cf5e3ceab9b5f51d0828b3a7a85b89447c14a344fbf61e5c2ae11cd047e91d47a26867150e97db8bc2deea5ba3d872ab997d210dcd942b087308b2ff2840152ba8b74079de2199c98d12ad1d4e478a3f0bf1914415def60f2222187e5fa9f3788fbb7e18b248c5e475a706ea2c0cc826735ec9803a0cd107ad02217c96f76a4dda46b151"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x30, &(0x7f0000000140), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0xf}, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000ac0)=[{0x0}], 0x1, &(0x7f0000000b00)=""/182, 0xb6}, 0x41)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000003780)=[{&(0x7f0000000380)="270502001a0014000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a", 0x23}], 0x1}, 0x1800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000500)="b958945d8ae49c4f19be14f06558", 0x0, 0x1cb0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$inet(r5, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{}, {0x27}}, [@printk={@p, {}, {0x5, 0x1, 0xb, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40007}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000001000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg(r4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/4098, 0x15}, 0x0)
r8 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r8, 0x29, 0x7, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000008c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0xffffffffffffffff, 0x2b4}, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x20005, 0xc8, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)

16.008890021s ago: executing program 0 (id=6033):
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000540)={0x2, 0x80, 0xd1, 0xfe, 0x0, 0x0, 0x0, 0x8, 0x8602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000800)}, 0x12280, 0x2, 0x4000000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x2020)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000001c0)=@raw=[@map_idx_val={0x18, 0xa, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f0000000280)='syzkaller\x00', 0x7, 0x1a, &(0x7f00000002c0)=""/26, 0x41100, 0x28, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000440)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000840)={0x2, 0xf, 0x1ff, 0xe50d}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000005c0)=[r1], &(0x7f0000000600)=[{0x4, 0x2, 0x5, 0x1}, {0x0, 0x3, 0xe, 0xa}], 0x10, 0x8}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0500000001f01f00350100007b00000001000000", @ANYRES32, @ANYBLOB="feffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000ffff00000000000000000000cdcab1dfa10bb0e4da00000000000098c55c103da51839d56752cd3f4cc72593ca3dc3659f"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xf, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f00000007c0)={r2, &(0x7f0000000000), 0x0}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffeee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080307000000e8fea4a1180015000600142603600e120800110000810401040016fc0a00104004000000036010fab94dcf5c0461c1d67f6f94067134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40000)

15.700025359s ago: executing program 0 (id=6034):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socket$kcm(0x2, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xf, 0xc, 0x0, 0x0, 0x0, 0x8, 0x640b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x80000001, 0x9}, 0x8000, 0x83, 0x43a1bd76, 0x7, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200c}, 0x0, 0xffffdfffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888ca2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000e00)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000010000ffffffff0604000000002eb800"], 0x0, 0x28, 0x0, 0x1}, 0x28)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000780)=""/174, 0xae}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000001b40)=""/4050, 0xfd2}, {&(0x7f0000000b00)=""/4117, 0x1015}, {&(0x7f0000000600)=""/212, 0xd4}], 0x5}, 0x20)
recvmsg$kcm(r2, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x80)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x10b8}, 0x20000000)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)}, 0xfc)
sendmsg$inet(r5, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)}], 0x1}, 0x4000080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x100, 0x2000000, 0xd384ed8852b2f03d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f3, 0x0)

15.6755122s ago: executing program 1 (id=6035):
socket$kcm(0x2, 0x5, 0x84)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x2, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xf}, 0x90208, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3b}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x80000001, 0x450f9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x1, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x10, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x76, 0x1ef7}, 0x4eaee940fbe0b616, 0x400, 0x98, 0x1, 0x2, 0xfffff271, 0xfff8, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
ioctl$SIOCSIFHWADDR(r2, 0x8b1b, &(0x7f0000000000)={'wlan1\x00', @broadcast})

1.458562521s ago: executing program 32 (id=6032):
socketpair(0x24, 0x800, 0x774, &(0x7f0000000380))
r0 = socket$kcm(0x10, 0x7, 0x4)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400, 0x94001, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1009, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x18820, 0x5, 0x6, 0xaaf04684de878bda, 0x9, 0x6, 0xfffe, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000001140)={r0})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x520, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0xa99, 0x3}, 0x8500, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000700000000000100008000009500000000000000cddf88304f94d149afc6cf5e3ceab9b5f51d0828b3a7a85b89447c14a344fbf61e5c2ae11cd047e91d47a26867150e97db8bc2deea5ba3d872ab997d210dcd942b087308b2ff2840152ba8b74079de2199c98d12ad1d4e478a3f0bf1914415def60f2222187e5fa9f3788fbb7e18b248c5e475a706ea2c0cc826735ec9803a0cd107ad02217c96f76a4dda46b151"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x30, &(0x7f0000000140), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0xf}, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000ac0)=[{0x0}], 0x1, &(0x7f0000000b00)=""/182, 0xb6}, 0x41)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000003780)=[{&(0x7f0000000380)="270502001a0014000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a", 0x23}], 0x1}, 0x1800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000500)="b958945d8ae49c4f19be14f06558", 0x0, 0x1cb0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$inet(r5, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{}, {0x27}}, [@printk={@p, {}, {0x5, 0x1, 0xb, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40007}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000001000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg(r4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002940)=""/4098, 0x15}, 0x0)
r8 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r8, 0x29, 0x7, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000008c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0xffffffffffffffff, 0x2b4}, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x20005, 0xc8, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)

1.271357726s ago: executing program 33 (id=6031):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000ffffffff00000000fdfffdff850000002800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000005c0)=r2, 0x12)
r5 = openat$cgroup_ro(r4, 0x0, 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
r8 = socket$kcm(0x29, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r10 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r10, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg(r8, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000040)={r10, r9})
close(r8)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000091102f000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

424.631539ms ago: executing program 34 (id=6034):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socket$kcm(0x2, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xf, 0xc, 0x0, 0x0, 0x0, 0x8, 0x640b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x80000001, 0x9}, 0x8000, 0x83, 0x43a1bd76, 0x7, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200c}, 0x0, 0xffffdfffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888ca2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000e00)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000010000ffffffff0604000000002eb800"], 0x0, 0x28, 0x0, 0x1}, 0x28)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000780)=""/174, 0xae}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000001b40)=""/4050, 0xfd2}, {&(0x7f0000000b00)=""/4117, 0x1015}, {&(0x7f0000000600)=""/212, 0xd4}], 0x5}, 0x20)
recvmsg$kcm(r2, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x80)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x10b8}, 0x20000000)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)}, 0xfc)
sendmsg$inet(r5, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)}], 0x1}, 0x4000080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x100, 0x2000000, 0xd384ed8852b2f03d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f3, 0x0)

0s ago: executing program 35 (id=6035):
socket$kcm(0x2, 0x5, 0x84)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x2, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xf}, 0x90208, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3b}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x80000001, 0x450f9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x1, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x10, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x76, 0x1ef7}, 0x4eaee940fbe0b616, 0x400, 0x98, 0x1, 0x2, 0xfffff271, 0xfff8, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
ioctl$SIOCSIFHWADDR(r2, 0x8b1b, &(0x7f0000000000)={'wlan1\x00', @broadcast})

kernel console output (not intermixed with test programs):

mode
[ 1408.729003][T23046] mac80211_hwsim hwsim34 wlan0: entered allmulticast mode
[ 1408.752293][T23059] mac80211_hwsim hwsim41 wlan1: entered allmulticast mode
[ 1408.901243][T23063] netlink: 'syz.2.5043': attribute type 10 has an invalid length.
[ 1409.096909][T23068] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.5045'.
[ 1409.467483][T23082] netlink: 'syz.2.5050': attribute type 10 has an invalid length.
[ 1411.026813][T23107] mac80211_hwsim hwsim35 wlan1: entered allmulticast mode
[ 1411.308448][T23116] netlink: 'syz.1.5060': attribute type 10 has an invalid length.
[ 1411.410644][T23119] netlink: 'syz.0.5062': attribute type 10 has an invalid length.
[ 1411.508941][T23123] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5064'.
[ 1411.533811][T13311] Bluetooth: hci0: unexpected event 0x3d length: 15 > 14
[ 1411.680341][T23127] netlink: 'syz.1.5065': attribute type 10 has an invalid length.
[ 1412.576005][T23127] macvlan0: entered promiscuous mode
[ 1412.581468][T23127] macvlan0: entered allmulticast mode
[ 1412.607545][T23127] veth1_vlan: entered allmulticast mode
[ 1412.630408][T23127] team0: Port device macvlan0 added
[ 1412.880817][T23143] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5067'.
[ 1412.909043][T23143] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5067'.
[ 1412.927834][T23143] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5067'.
[ 1413.017134][T23150] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.5070'.
[ 1413.325132][T23165] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5075'.
[ 1413.340719][T13311] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[ 1413.592780][T23172] netlink: 'syz.1.5076': attribute type 10 has an invalid length.
[ 1413.876527][T23180] netlink: 164 bytes leftover after parsing attributes in process `syz.2.5079'.
[ 1414.045197][T23190] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5085'.
[ 1414.298456][T13311] Bluetooth: hci1: Dropping invalid advertising data
[ 1414.306506][T13311] Bluetooth: hci1: Malformed LE Event: 0x02
[ 1414.488694][T23205] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5089'.
[ 1414.499665][T23205] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5089'.
[ 1414.769034][T23213] FAULT_INJECTION: forcing a failure.
[ 1414.769034][T23213] name failslab, interval 1, probability 0, space 0, times 0
[ 1414.782280][T23213] CPU: 0 PID: 23213 Comm: syz.2.5092 Not tainted syzkaller #0
[ 1414.789776][T23213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1414.799876][T23213] Call Trace:
[ 1414.803194][T23213]  <TASK>
[ 1414.806161][T23213]  dump_stack_lvl+0x18c/0x250
[ 1414.810919][T23213]  ? show_regs_print_info+0x20/0x20
[ 1414.816213][T23213]  ? load_image+0x420/0x420
[ 1414.820761][T23213]  ? mark_lock+0x94/0x320
[ 1414.825136][T23213]  ? __lock_acquire+0x1347/0x7d40
[ 1414.830230][T23213]  should_fail_ex+0x39d/0x4d0
[ 1414.834991][T23213]  should_failslab+0x9/0x20
[ 1414.839557][T23213]  slab_pre_alloc_hook+0x59/0x310
[ 1414.844660][T23213]  kmem_cache_alloc+0x5a/0x2d0
[ 1414.849480][T23213]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 1414.854902][T23213]  radix_tree_node_alloc+0x7e/0x3a0
[ 1414.860161][T23213]  idr_get_free+0x2b3/0xa60
[ 1414.864746][T23213]  idr_alloc_cyclic+0x27b/0x5d0
[ 1414.869662][T23213]  ? idr_alloc+0x2f0/0x2f0
[ 1414.874131][T23213]  ? do_raw_spin_lock+0x11f/0x2c0
[ 1414.879239][T23213]  ? __radix_tree_preload+0x82/0x880
[ 1414.884586][T23213]  ? sctp_assoc_set_id+0xa1/0x350
[ 1414.890028][T23213]  sctp_assoc_set_id+0xbd/0x350
[ 1414.894975][T23213]  __sctp_connect+0x8a3/0xd80
[ 1414.899731][T23213]  ? sctp_send_asconf+0x170/0x170
[ 1414.904815][T23213]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1414.910235][T23213]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[ 1414.915840][T23213]  ? security_sctp_bind_connect+0x89/0xb0
[ 1414.921608][T23213]  sctp_setsockopt_connectx+0x104/0x1a0
[ 1414.927201][T23213]  sctp_setsockopt+0x6d8/0x11e0
[ 1414.932101][T23213]  ? sock_common_recvmsg+0x190/0x190
[ 1414.937438][T23213]  do_sock_setsockopt+0x175/0x1a0
[ 1414.942505][T23213]  ? __fdget+0x180/0x210
[ 1414.946899][T23213]  __x64_sys_setsockopt+0x182/0x200
[ 1414.952160][T23213]  do_syscall_64+0x55/0xa0
[ 1414.956627][T23213]  ? clear_bhb_loop+0x40/0x90
[ 1414.961387][T23213]  ? clear_bhb_loop+0x40/0x90
[ 1414.966114][T23213]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1414.972051][T23213] RIP: 0033:0x7fc24b19cdd9
[ 1414.976573][T23213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1414.996224][T23213] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1415.004684][T23213] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1415.012692][T23213] RDX: 000000000000006e RSI: 0000000000000084 RDI: 0000000000000003
[ 1415.020686][T23213] RBP: 00007fc24c05f090 R08: 0000000000000010 R09: 0000000000000000
[ 1415.028681][T23213] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1415.036683][T23213] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1415.044714][T23213]  </TASK>
[ 1415.408969][T23229] FAULT_INJECTION: forcing a failure.
[ 1415.408969][T23229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1415.444759][T23229] CPU: 1 PID: 23229 Comm: syz.1.5098 Not tainted syzkaller #0
[ 1415.452317][T23229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1415.462421][T23229] Call Trace:
[ 1415.465739][T23229]  <TASK>
[ 1415.468717][T23229]  dump_stack_lvl+0x18c/0x250
[ 1415.473465][T23229]  ? show_regs_print_info+0x20/0x20
[ 1415.478762][T23229]  ? load_image+0x420/0x420
[ 1415.483322][T23229]  ? __might_fault+0xaa/0x120
[ 1415.488089][T23229]  ? __lock_acquire+0x7d40/0x7d40
[ 1415.493169][T23229]  should_fail_ex+0x39d/0x4d0
[ 1415.497917][T23229]  _copy_from_user+0x2f/0xe0
[ 1415.502558][T23229]  bpf_prog_test_run_skb+0x266/0x12b0
[ 1415.507975][T23229]  ? __fget_files+0x28/0x4b0
[ 1415.512712][T23229]  ? __fget_files+0x28/0x4b0
[ 1415.517370][T23229]  ? __fget_files+0x43d/0x4b0
[ 1415.522116][T23229]  ? cpu_online+0x60/0x60
[ 1415.526530][T23229]  bpf_prog_test_run+0x321/0x390
[ 1415.531537][T23229]  __sys_bpf+0x49d/0x890
[ 1415.536001][T23229]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1415.541421][T23229]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1415.547636][T23229]  __x64_sys_bpf+0x7c/0x90
[ 1415.552105][T23229]  do_syscall_64+0x55/0xa0
[ 1415.556660][T23229]  ? clear_bhb_loop+0x40/0x90
[ 1415.561390][T23229]  ? clear_bhb_loop+0x40/0x90
[ 1415.566110][T23229]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1415.572044][T23229] RIP: 0033:0x7f17d699cdd9
[ 1415.576490][T23229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1415.596135][T23229] RSP: 002b:00007f17d77b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1415.604617][T23229] RAX: ffffffffffffffda RBX: 00007f17d6c15fa0 RCX: 00007f17d699cdd9
[ 1415.612653][T23229] RDX: 0000000000000050 RSI: 00002000000007c0 RDI: 000000000000000a
[ 1415.620659][T23229] RBP: 00007f17d77b3090 R08: 0000000000000000 R09: 0000000000000000
[ 1415.628674][T23229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1415.636684][T23229] R13: 00007f17d6c16038 R14: 00007f17d6c15fa0 R15: 00007ffec55bf938
[ 1415.644728][T23229]  </TASK>
[ 1415.866826][T13311] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[ 1416.528541][T23271] __nla_validate_parse: 9 callbacks suppressed
[ 1416.528558][T23271] netlink: 6 bytes leftover after parsing attributes in process `syz.2.5113'.
[ 1416.572487][T23271] openvswitch: netlink: Flow key attr not present in new flow.
[ 1417.874439][T23281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5119'.
[ 1418.000736][T13311] Bluetooth: hci4: unexpected event 0x3d length: 15 > 14
[ 1418.041179][T23284] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5118'.
[ 1418.307093][T23294] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5122'.
[ 1418.433203][T23301] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5125'.
[ 1419.945999][T23325] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5135'.
[ 1420.013235][T23331] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5137'.
[ 1421.322859][T23353] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5147'.
[ 1421.437536][T23356] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5148'.
[ 1421.598970][T13311] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[ 1422.828904][T23376] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5157'.
[ 1422.840265][T23375] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5156'.
[ 1422.852034][T13311] Bluetooth: hci4: unexpected event 0x03 length: 15 > 11
[ 1423.125772][T23386] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5159'.
[ 1423.170765][T23386] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5159'.
[ 1423.183484][T23391] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5159'.
[ 1423.203714][T23386] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5159'.
[ 1423.355660][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.362082][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.556184][T23390] netlink: 'syz.0.5162': attribute type 10 has an invalid length.
[ 1423.587364][T23390] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5162'.
[ 1424.053634][T13311] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[ 1424.563648][T23406] netlink: 'syz.0.5173': attribute type 10 has an invalid length.
[ 1424.591453][T23406] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5173'.
[ 1425.312930][T23417] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5168'.
[ 1425.345177][T13311] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11
[ 1426.394903][T23439] netlink: 'syz.0.5177': attribute type 10 has an invalid length.
[ 1426.417498][T23439] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5177'.
[ 1426.998677][T13311] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 1427.438715][T13311] Bluetooth: hci4: unexpected event 0x03 length: 15 > 11
[ 1427.698710][T23467] FAULT_INJECTION: forcing a failure.
[ 1427.698710][T23467] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1427.724661][T23467] CPU: 0 PID: 23467 Comm: syz.1.5187 Not tainted syzkaller #0
[ 1427.732217][T23467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1427.742319][T23467] Call Trace:
[ 1427.745640][T23467]  <TASK>
[ 1427.748605][T23467]  dump_stack_lvl+0x18c/0x250
[ 1427.753349][T23467]  ? show_regs_print_info+0x20/0x20
[ 1427.758610][T23467]  ? load_image+0x420/0x420
[ 1427.763176][T23467]  ? __might_fault+0xaa/0x120
[ 1427.767904][T23467]  ? __lock_acquire+0x7d40/0x7d40
[ 1427.772988][T23467]  should_fail_ex+0x39d/0x4d0
[ 1427.777729][T23467]  _copy_from_user+0x2f/0xe0
[ 1427.782361][T23467]  ___sys_sendmsg+0x1c7/0x360
[ 1427.787100][T23467]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1427.791945][T23467]  ? __lock_acquire+0x7d40/0x7d40
[ 1427.797036][T23467]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1427.801926][T23467]  ? __x64_sys_sendmsg+0x80/0x80
[ 1427.807007][T23467]  ? lockdep_hardirqs_on+0x98/0x150
[ 1427.812260][T23467]  do_syscall_64+0x55/0xa0
[ 1427.816716][T23467]  ? clear_bhb_loop+0x40/0x90
[ 1427.821436][T23467]  ? clear_bhb_loop+0x40/0x90
[ 1427.826179][T23467]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1427.832129][T23467] RIP: 0033:0x7f17d699cdd9
[ 1427.836595][T23467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1427.856253][T23467] RSP: 002b:00007f17d77b3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1427.864733][T23467] RAX: ffffffffffffffda RBX: 00007f17d6c15fa0 RCX: 00007f17d699cdd9
[ 1427.872757][T23467] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000011
[ 1427.880776][T23467] RBP: 00007f17d77b3090 R08: 0000000000000000 R09: 0000000000000000
[ 1427.888802][T23467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1427.896830][T23467] R13: 00007f17d6c16038 R14: 00007f17d6c15fa0 R15: 00007ffec55bf938
[ 1427.904866][T23467]  </TASK>
[ 1427.907848][T23468] netlink: 'syz.3.5188': attribute type 10 has an invalid length.
[ 1428.047479][T23468] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1428.302745][T23475] netlink: 'syz.0.5189': attribute type 10 has an invalid length.
[ 1428.310836][T23475] __nla_validate_parse: 5 callbacks suppressed
[ 1428.310850][T23475] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5189'.
[ 1429.249089][T23492] netlink: 168 bytes leftover after parsing attributes in process `syz.3.5193'.
[ 1429.287638][T23491] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5196'.
[ 1429.502417][T23504] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5199'.
[ 1429.512267][T23504] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5199'.
[ 1429.526799][T23504] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5199'.
[ 1429.540387][T23504] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5199'.
[ 1429.930538][T23520] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5202'.
[ 1430.024467][T23520] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5202'.
[ 1430.081148][T23521] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5202'.
[ 1430.211798][T23519] netlink: 'syz.1.5203': attribute type 10 has an invalid length.
[ 1431.580778][T23551] netlink: 'syz.1.5213': attribute type 10 has an invalid length.
[ 1433.966649][T23597] netlink: 'syz.3.5227': attribute type 10 has an invalid length.
[ 1433.990916][T23597] __nla_validate_parse: 13 callbacks suppressed
[ 1433.990933][T23597] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5227'.
[ 1434.033478][T23612] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5230'.
[ 1434.108578][T23614] netlink: 'syz.2.5229': attribute type 21 has an invalid length.
[ 1434.143835][T23614] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5229'.
[ 1434.212200][T23614] netlink: 'syz.2.5229': attribute type 4 has an invalid length.
[ 1434.263928][T23614] netlink: 'syz.2.5229': attribute type 3 has an invalid length.
[ 1434.276963][T23614] netlink: 3 bytes leftover after parsing attributes in process `syz.2.5229'.
[ 1434.945734][T23641] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5240'.
[ 1435.063487][T23644] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5241'.
[ 1435.529040][T23644] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5241'.
[ 1435.545202][T23646] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5241'.
[ 1435.628130][T23647] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5241'.
[ 1435.760376][T23653] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5243'.
[ 1436.109292][T23650] netlink: 'syz.0.5242': attribute type 10 has an invalid length.
[ 1437.407963][T23684] netlink: 'syz.3.5255': attribute type 10 has an invalid length.
[ 1438.054246][T13311] Bluetooth: hci0: unexpected event 0x0f length: 15 > 4
[ 1438.133117][T23713] netlink: 'syz.0.5264': attribute type 6 has an invalid length.
[ 1439.091416][T23728] netlink: 'syz.1.5267': attribute type 10 has an invalid length.
[ 1439.149733][T23728] __nla_validate_parse: 7 callbacks suppressed
[ 1439.149752][T23728] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5267'.
[ 1439.682802][T23738] netlink: 194236 bytes leftover after parsing attributes in process `syz.3.5271'.
[ 1439.849604][T23742] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5274'.
[ 1439.876762][T13311] Bluetooth: hci0: unexpected event 0x0f length: 15 > 4
[ 1439.956767][T23748] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5277'.
[ 1440.013024][T23750] FAULT_INJECTION: forcing a failure.
[ 1440.013024][T23750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1440.031968][T23750] CPU: 0 PID: 23750 Comm: syz.2.5278 Not tainted syzkaller #0
[ 1440.039582][T23750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1440.049681][T23750] Call Trace:
[ 1440.052998][T23750]  <TASK>
[ 1440.055965][T23750]  dump_stack_lvl+0x18c/0x250
[ 1440.060702][T23750]  ? show_regs_print_info+0x20/0x20
[ 1440.065968][T23750]  ? load_image+0x420/0x420
[ 1440.070536][T23750]  ? __lock_acquire+0x7d40/0x7d40
[ 1440.075612][T23750]  ? snprintf+0xe9/0x140
[ 1440.079906][T23750]  should_fail_ex+0x39d/0x4d0
[ 1440.084647][T23750]  _copy_to_user+0x2f/0xa0
[ 1440.089118][T23750]  simple_read_from_buffer+0xe7/0x150
[ 1440.094546][T23750]  proc_fail_nth_read+0x1e8/0x260
[ 1440.099673][T23750]  ? proc_fault_inject_write+0x360/0x360
[ 1440.105364][T23750]  ? fsnotify_perm+0x271/0x5e0
[ 1440.110173][T23750]  ? proc_fault_inject_write+0x360/0x360
[ 1440.115854][T23750]  vfs_read+0x28b/0x970
[ 1440.120108][T23750]  ? kernel_read+0x1e0/0x1e0
[ 1440.124755][T23750]  ? __fget_files+0x28/0x4b0
[ 1440.129398][T23750]  ? __fget_files+0x28/0x4b0
[ 1440.134068][T23750]  ? __fget_files+0x43d/0x4b0
[ 1440.138812][T23750]  ? __fdget_pos+0x2a3/0x330
[ 1440.143458][T23750]  ? ksys_read+0x75/0x260
[ 1440.147866][T23750]  ksys_read+0x150/0x260
[ 1440.152170][T23750]  ? vfs_write+0x990/0x990
[ 1440.156650][T23750]  ? lockdep_hardirqs_on+0x98/0x150
[ 1440.161899][T23750]  do_syscall_64+0x55/0xa0
[ 1440.166351][T23750]  ? clear_bhb_loop+0x40/0x90
[ 1440.171067][T23750]  ? clear_bhb_loop+0x40/0x90
[ 1440.175777][T23750]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1440.181709][T23750] RIP: 0033:0x7fc24b15d60e
[ 1440.186193][T23750] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1440.205839][T23750] RSP: 002b:00007fc24c05efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1440.214279][T23750] RAX: ffffffffffffffda RBX: 00007fc24c05f6c0 RCX: 00007fc24b15d60e
[ 1440.222273][T23750] RDX: 000000000000000f RSI: 00007fc24c05f0a0 RDI: 0000000000000006
[ 1440.230271][T23750] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1440.238277][T23750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1440.246274][T23750] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1440.254288][T23750]  </TASK>
[ 1440.390318][T23757] FAULT_INJECTION: forcing a failure.
[ 1440.390318][T23757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1440.404981][T23757] CPU: 1 PID: 23757 Comm: syz.2.5281 Not tainted syzkaller #0
[ 1440.412516][T23757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1440.422635][T23757] Call Trace:
[ 1440.425968][T23757]  <TASK>
[ 1440.428934][T23757]  dump_stack_lvl+0x18c/0x250
[ 1440.433930][T23757]  ? show_regs_print_info+0x20/0x20
[ 1440.439182][T23757]  ? load_image+0x420/0x420
[ 1440.443734][T23757]  ? __might_fault+0xaa/0x120
[ 1440.448453][T23757]  ? __lock_acquire+0x7d40/0x7d40
[ 1440.453528][T23757]  should_fail_ex+0x39d/0x4d0
[ 1440.458276][T23757]  _copy_from_user+0x2f/0xe0
[ 1440.462913][T23757]  ___sys_sendmsg+0x1c7/0x360
[ 1440.467642][T23757]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1440.472468][T23757]  ? __lock_acquire+0x7d40/0x7d40
[ 1440.477576][T23757]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1440.482491][T23757]  ? __x64_sys_sendmsg+0x80/0x80
[ 1440.487499][T23757]  ? lockdep_hardirqs_on+0x98/0x150
[ 1440.492746][T23757]  do_syscall_64+0x55/0xa0
[ 1440.497218][T23757]  ? clear_bhb_loop+0x40/0x90
[ 1440.501949][T23757]  ? clear_bhb_loop+0x40/0x90
[ 1440.506682][T23757]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1440.512622][T23757] RIP: 0033:0x7fc24b19cdd9
[ 1440.517091][T23757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1440.536745][T23757] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1440.545245][T23757] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1440.553267][T23757] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 1440.561287][T23757] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1440.569310][T23757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1440.577321][T23757] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1440.585355][T23757]  </TASK>
[ 1440.937534][T23771] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5286'.
[ 1440.950554][T13311] Bluetooth: hci2: unexpected event 0x0f length: 15 > 4
[ 1441.018477][T23772] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.5285'.
[ 1441.069953][T23772] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[ 1441.105193][T23761] netlink: 'syz.1.5282': attribute type 10 has an invalid length.
[ 1441.113698][T23761] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5282'.
[ 1441.280978][T23780] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5289'.
[ 1441.327395][T23778] netlink: 'syz.0.5288': attribute type 17 has an invalid length.
[ 1441.342456][T23778] netlink: 'syz.0.5288': attribute type 16 has an invalid length.
[ 1441.351176][T23778] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5288'.
[ 1441.791158][T13311] Bluetooth: hci2: unexpected event 0x3d length: 15 > 14
[ 1441.952531][T23812] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5300'.
[ 1442.131096][T13311] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 1442.140561][T13311] Bluetooth: hci0: Injecting HCI hardware error event
[ 1442.149366][T13311] Bluetooth: hci0: hardware error 0x00
[ 1442.268356][T23815] À: port 1(vlan0) entered blocking state
[ 1442.287210][T23815] À: port 1(vlan0) entered disabled state
[ 1442.294744][T23815] vlan0: entered allmulticast mode
[ 1442.300084][T23815] veth0_vlan: entered allmulticast mode
[ 1442.309549][T23815] vlan0: entered promiscuous mode
[ 1442.318646][T23819] netlink: 'syz.2.5301': attribute type 17 has an invalid length.
[ 1442.327727][T23819] netlink: 'syz.2.5301': attribute type 16 has an invalid length.
[ 1442.444473][T23810] netlink: 'syz.0.5299': attribute type 10 has an invalid length.
[ 1442.615115][T23817] À: port 1(vlan0) entered blocking state
[ 1442.621136][T23817] À: port 1(vlan0) entered forwarding state
[ 1444.285733][T13311] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1445.006233][T13311] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1445.015869][T13311] Bluetooth: hci2: Injecting HCI hardware error event
[ 1445.025997][T22134] Bluetooth: hci2: hardware error 0x00
[ 1446.006586][T13311] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[ 1446.063607][T23847] __nla_validate_parse: 2 callbacks suppressed
[ 1446.063634][T23847] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5309'.
[ 1446.108445][T23848] netlink: 'syz.3.5310': attribute type 17 has an invalid length.
[ 1446.121323][T23848] netlink: 'syz.3.5310': attribute type 16 has an invalid length.
[ 1446.139837][T23848] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5310'.
[ 1446.698638][T23850] netlink: 'syz.1.5311': attribute type 10 has an invalid length.
[ 1446.714422][T23850] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5311'.
[ 1447.006314][T23876] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5320'.
[ 1447.038716][T13311] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[ 1447.080628][T23878] netlink: 'syz.0.5321': attribute type 17 has an invalid length.
[ 1447.123821][T23878] netlink: 'syz.0.5321': attribute type 16 has an invalid length.
[ 1447.131753][T23878] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5321'.
[ 1447.301350][T23886] FAULT_INJECTION: forcing a failure.
[ 1447.301350][T23886] name failslab, interval 1, probability 0, space 0, times 0
[ 1447.314257][T23886] CPU: 0 PID: 23886 Comm: syz.2.5326 Not tainted syzkaller #0
[ 1447.321763][T23886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1447.331874][T23886] Call Trace:
[ 1447.335195][T23886]  <TASK>
[ 1447.338152][T23886]  dump_stack_lvl+0x18c/0x250
[ 1447.342867][T23886]  ? show_regs_print_info+0x20/0x20
[ 1447.348100][T23886]  ? load_image+0x420/0x420
[ 1447.352648][T23886]  should_fail_ex+0x39d/0x4d0
[ 1447.357362][T23886]  should_failslab+0x9/0x20
[ 1447.361892][T23886]  slab_pre_alloc_hook+0x59/0x310
[ 1447.366937][T23886]  ? ip6_pol_route+0x171/0x1230
[ 1447.371804][T23886]  kmem_cache_alloc+0x5a/0x2d0
[ 1447.376589][T23886]  ? dst_alloc+0x105/0x170
[ 1447.381030][T23886]  ? ipv6_sysctl_rtcache_flush+0xf0/0xf0
[ 1447.386679][T23886]  dst_alloc+0x105/0x170
[ 1447.390991][T23886]  ip6_pol_route+0x94f/0x1230
[ 1447.395712][T23886]  ? ip6_pol_route+0x171/0x1230
[ 1447.400590][T23886]  ? trace_fib6_table_lookup+0x1b0/0x1b0
[ 1447.406261][T23886]  fib6_rule_lookup+0x20c/0x570
[ 1447.411131][T23886]  ? skb_header_pointer+0x120/0x120
[ 1447.416349][T23886]  ? fib6_lookup+0x2d0/0x2d0
[ 1447.420964][T23886]  ? __lock_acquire+0x1347/0x7d40
[ 1447.426008][T23886]  ? verify_lock_unused+0x140/0x140
[ 1447.431225][T23886]  ? read_lock_is_recursive+0x20/0x20
[ 1447.436633][T23886]  ip6_route_output_flags+0x364/0x5d0
[ 1447.442060][T23886]  ? ip6_route_output_flags+0x2e/0x5d0
[ 1447.447561][T23886]  ip6_dst_lookup_tail+0x1ae/0x1530
[ 1447.452813][T23886]  ? sk_dst_check+0x25/0x430
[ 1447.457436][T23886]  ? ip6_dst_lookup+0x60/0x60
[ 1447.462134][T23886]  ? lock_chain_count+0x20/0x20
[ 1447.467043][T23886]  ? sk_dst_check+0x25/0x430
[ 1447.471678][T23886]  ? sk_dst_check+0x2f3/0x430
[ 1447.476393][T23886]  ip6_sk_dst_lookup_flow+0x731/0x970
[ 1447.481816][T23886]  udpv6_sendmsg+0x188c/0x2390
[ 1447.486620][T23886]  ? ip_skb_dst_mtu+0x9c0/0x9c0
[ 1447.491510][T23886]  ? udp_v6_early_demux+0xf80/0xf80
[ 1447.496733][T23886]  ? perf_trace_preemptirq_template+0xac/0x330
[ 1447.502926][T23886]  ? lock_chain_count+0x20/0x20
[ 1447.507809][T23886]  ? _local_bh_enable+0xa0/0xa0
[ 1447.512705][T23886]  ? inet_send_prepare+0x1b3/0x260
[ 1447.517849][T23886]  ? inet_send_prepare+0x1b3/0x260
[ 1447.522991][T23886]  ? inet6_sendmsg+0x5f/0xd0
[ 1447.527617][T23886]  ? inet6_compat_ioctl+0x3c0/0x3c0
[ 1447.532849][T23886]  ____sys_sendmsg+0x5ba/0x960
[ 1447.537647][T23886]  ? lockdep_hardirqs_on+0x98/0x150
[ 1447.542888][T23886]  ? __sys_sendmsg_sock+0x30/0x30
[ 1447.547945][T23886]  ? ___sys_sendmsg+0x28b/0x360
[ 1447.552820][T23886]  ___sys_sendmsg+0x2a6/0x360
[ 1447.557516][T23886]  ? get_pid_task+0x20/0x1e0
[ 1447.562147][T23886]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1447.566951][T23886]  ? __lock_acquire+0x7d40/0x7d40
[ 1447.572006][T23886]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1447.576882][T23886]  ? __x64_sys_sendmsg+0x80/0x80
[ 1447.581906][T23886]  ? lockdep_hardirqs_on+0x98/0x150
[ 1447.587152][T23886]  do_syscall_64+0x55/0xa0
[ 1447.591622][T23886]  ? clear_bhb_loop+0x40/0x90
[ 1447.596328][T23886]  ? clear_bhb_loop+0x40/0x90
[ 1447.601033][T23886]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1447.606949][T23886] RIP: 0033:0x7fc24b19cdd9
[ 1447.611395][T23886] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1447.631034][T23886] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1447.639471][T23886] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1447.647473][T23886] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000008
[ 1447.655497][T23886] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1447.663491][T23886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1447.671491][T23886] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1447.679506][T23886]  </TASK>
[ 1447.883973][T22134] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1448.076097][T23895] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5329'.
[ 1448.382227][T23905] netlink: 'syz.2.5333': attribute type 39 has an invalid length.
[ 1448.520071][T23910] netlink: 'syz.0.5334': attribute type 17 has an invalid length.
[ 1448.529030][T23910] netlink: 'syz.0.5334': attribute type 16 has an invalid length.
[ 1448.543865][T23910] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5334'.
[ 1448.844928][T23918] netlink: 'syz.0.5345': attribute type 17 has an invalid length.
[ 1448.863489][T23918] netlink: 'syz.0.5345': attribute type 16 has an invalid length.
[ 1448.893077][T23918] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5345'.
[ 1448.932447][T23913] netlink: 'syz.3.5336': attribute type 10 has an invalid length.
[ 1448.974309][T23913] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5336'.
[ 1449.281500][T22134] Bluetooth: hci1: unexpected event 0x3c length: 15 > 7
[ 1450.085045][T23952] netlink: 'syz.2.5350': attribute type 17 has an invalid length.
[ 1450.133615][T23952] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5350'.
[ 1450.160102][T22134] Bluetooth: hci1: unexpected event 0x3c length: 15 > 7
[ 1451.132618][T23986] __nla_validate_parse: 1 callbacks suppressed
[ 1451.132635][T23986] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5362'.
[ 1451.215629][T23990] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5365'.
[ 1452.775920][T24007] FAULT_INJECTION: forcing a failure.
[ 1452.775920][T24007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1452.795554][T24007] CPU: 1 PID: 24007 Comm: syz.3.5373 Not tainted syzkaller #0
[ 1452.803090][T24007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1452.813199][T24007] Call Trace:
[ 1452.813676][T24003] validate_nla: 6 callbacks suppressed
[ 1452.813723][T24003] netlink: 'syz.1.5371': attribute type 2 has an invalid length.
[ 1452.816759][T24003] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5371'.
[ 1452.822018][T24007]  <TASK>
[ 1452.822030][T24007]  dump_stack_lvl+0x18c/0x250
[ 1452.822068][T24007]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1452.822097][T24007]  ? show_regs_print_info+0x20/0x20
[ 1452.858211][T24007]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1452.864453][T24007]  should_fail_ex+0x39d/0x4d0
[ 1452.869189][T24007]  _copy_from_user+0x2f/0xe0
[ 1452.873827][T24007]  ___sys_sendmsg+0x1c7/0x360
[ 1452.878551][T24007]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1452.883393][T24007]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1452.888283][T24007]  ? __x64_sys_sendmsg+0x80/0x80
[ 1452.893326][T24007]  ? syscall_enter_from_user_mode+0x2e/0x80
[ 1452.899266][T24007]  do_syscall_64+0x55/0xa0
[ 1452.903723][T24007]  ? clear_bhb_loop+0x40/0x90
[ 1452.908448][T24007]  ? clear_bhb_loop+0x40/0x90
[ 1452.913170][T24007]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1452.919108][T24007] RIP: 0033:0x7f78d439cdd9
[ 1452.923562][T24007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1452.943219][T24007] RSP: 002b:00007f78d528e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1452.951865][T24007] RAX: ffffffffffffffda RBX: 00007f78d4615fa0 RCX: 00007f78d439cdd9
[ 1452.959886][T24007] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[ 1452.967908][T24007] RBP: 00007f78d528e090 R08: 0000000000000000 R09: 0000000000000000
[ 1452.975954][T24007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1452.983661][T24010] À: port 1(vlan0) entered blocking state
[ 1452.983949][T24007] R13: 00007f78d4616038 R14: 00007f78d4615fa0 R15: 00007ffff32546a8
[ 1452.983983][T24007]  </TASK>
[ 1453.004841][T24010] À: port 1(vlan0) entered disabled state
[ 1453.051149][T24010] vlan0: entered allmulticast mode
[ 1453.058045][T24010] veth0_vlan: entered allmulticast mode
[ 1453.065429][T24010] vlan0: entered promiscuous mode
[ 1453.102818][T24001] À: port 1(vlan0) entered blocking state
[ 1453.109498][T24001] À: port 1(vlan0) entered forwarding state
[ 1453.281758][T24018] netlink: 'syz.2.5375': attribute type 17 has an invalid length.
[ 1453.303935][T24018] netlink: 'syz.2.5375': attribute type 16 has an invalid length.
[ 1453.325366][T24018] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5375'.
[ 1453.396443][T24022] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5377'.
[ 1453.937846][T24037] netlink: 'syz.0.5383': attribute type 2 has an invalid length.
[ 1453.948480][T24037] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5383'.
[ 1454.049549][T24040] netlink: 'syz.1.5384': attribute type 21 has an invalid length.
[ 1454.140196][T24048] netlink: 'syz.3.5387': attribute type 17 has an invalid length.
[ 1454.148244][T24048] netlink: 'syz.3.5387': attribute type 16 has an invalid length.
[ 1454.157003][T24048] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5387'.
[ 1454.232971][T24052] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5388'.
[ 1454.665722][T24061] À: port 1(vlan0) entered blocking state
[ 1454.676431][T24061] À: port 1(vlan0) entered disabled state
[ 1454.683264][T24061] vlan0: entered allmulticast mode
[ 1454.694307][T24061] veth0_vlan: entered allmulticast mode
[ 1454.720009][T24061] vlan0: entered promiscuous mode
[ 1454.749997][T24064] À: port 1(vlan0) entered blocking state
[ 1454.756045][T24064] À: port 1(vlan0) entered forwarding state
[ 1455.147256][T24079] netlink: 'syz.0.5397': attribute type 17 has an invalid length.
[ 1455.174096][T24079] netlink: 'syz.0.5397': attribute type 16 has an invalid length.
[ 1455.182409][T24079] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5397'.
[ 1455.192186][T24078] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5398'.
[ 1455.301361][T24071] netlink: 'syz.1.5394': attribute type 10 has an invalid length.
[ 1455.529924][T22134] Bluetooth: hci4: unexpected event 0x3d length: 15 > 14
[ 1456.380047][T24119] __nla_validate_parse: 4 callbacks suppressed
[ 1456.380085][T24119] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.5411'.
[ 1456.579886][T22134] Bluetooth: hci4: unexpected event 0x3d length: 15 > 14
[ 1456.697400][T24128] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5414'.
[ 1456.746666][T24121] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5412'.
[ 1457.130356][T24137] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.5417'.
[ 1457.596553][T24147] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5420'.
[ 1458.503437][T22134] Bluetooth: hci4: unexpected event 0x3c length: 15 > 7
[ 1458.520105][T24151] validate_nla: 7 callbacks suppressed
[ 1458.520141][T24151] netlink: 'syz.1.5422': attribute type 33 has an invalid length.
[ 1458.543179][T24151] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5422'.
[ 1458.750467][T24160] netlink: 'syz.3.5426': attribute type 25 has an invalid length.
[ 1458.775168][T24160] netlink: 'syz.3.5426': attribute type 9 has an invalid length.
[ 1459.198745][T24172] netlink: 'syz.1.5428': attribute type 21 has an invalid length.
[ 1459.209356][T24165] netlink: 'syz.1.5428': attribute type 21 has an invalid length.
[ 1459.230148][T24158] netlink: 'syz.2.5425': attribute type 10 has an invalid length.
[ 1459.250589][T24158] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5425'.
[ 1460.245742][T24177] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5431'.
[ 1460.578710][T24189] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5436'.
[ 1460.611150][T24189] debugfs: Directory '!!ô!' with parent 'ieee80211' already present!
[ 1460.959601][T24198] netlink: 'syz.0.5439': attribute type 17 has an invalid length.
[ 1461.004378][T24198] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5439'.
[ 1461.034466][T24198] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1461.067074][T24196] netlink: 'syz.2.5438': attribute type 33 has an invalid length.
[ 1462.512737][T24222] __nla_validate_parse: 2 callbacks suppressed
[ 1462.512778][T24222] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.5449'.
[ 1462.656693][T24224] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.5450'.
[ 1462.738915][T24224] debugfs: Directory '!!ô!' with parent 'ieee80211' already present!
[ 1463.593994][T22134] Bluetooth: hci4: unexpected event 0x3d length: 15 > 14
[ 1464.724016][T24259] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5461'.
[ 1464.816486][T24259] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5461'.
[ 1464.864777][T24261] mac80211_hwsim hwsim35 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1464.891100][T24265] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5461'.
[ 1464.929722][T24269] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5461'.
[ 1465.625426][T22134] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[ 1466.052647][T24290] netlink: 'syz.0.5473': attribute type 10 has an invalid length.
[ 1466.072233][T24290] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5473'.
[ 1466.558977][T24292] mac80211_hwsim hwsim39 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1466.666706][T24298] sctp: [Deprecated]: syz.2.5475 (pid 24298) Use of int in max_burst socket option deprecated.
[ 1466.666706][T24298] Use struct sctp_assoc_value instead
[ 1467.155835][T24312] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5483'.
[ 1467.855949][T24319] netlink: 'syz.2.5486': attribute type 10 has an invalid length.
[ 1467.947494][T24319] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5486'.
[ 1468.762082][T24332] netlink: 'syz.0.5489': attribute type 25 has an invalid length.
[ 1468.776284][T24332] netlink: 'syz.0.5489': attribute type 9 has an invalid length.
[ 1468.796386][T24329] mac80211_hwsim hwsim41 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1468.877809][T24333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5488'.
[ 1469.538461][T24350] netlink: 'syz.3.5496': attribute type 7 has an invalid length.
[ 1470.010891][T24367] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5501'.
[ 1470.100488][T24368] netlink: 'syz.1.5497': attribute type 10 has an invalid length.
[ 1470.108500][T24368] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5497'.
[ 1471.072604][T24385] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5507'.
[ 1472.307653][T24409] netlink: 'syz.3.5516': attribute type 10 has an invalid length.
[ 1472.346027][T24409] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5516'.
[ 1472.515048][T24417] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1472.729269][T24424] netlink: 16046 bytes leftover after parsing attributes in process `syz.3.5520'.
[ 1473.106678][T24438] FAULT_INJECTION: forcing a failure.
[ 1473.106678][T24438] name failslab, interval 1, probability 0, space 0, times 0
[ 1473.143308][T24438] CPU: 0 PID: 24438 Comm: syz.0.5526 Not tainted syzkaller #0
[ 1473.150909][T24438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1473.161031][T24438] Call Trace:
[ 1473.164354][T24438]  <TASK>
[ 1473.167324][T24438]  dump_stack_lvl+0x18c/0x250
[ 1473.172151][T24438]  ? show_regs_print_info+0x20/0x20
[ 1473.177407][T24438]  ? load_image+0x420/0x420
[ 1473.181989][T24438]  ? __might_sleep+0xe0/0xe0
[ 1473.186769][T24438]  ? __lock_acquire+0x7d40/0x7d40
[ 1473.191854][T24438]  ? rep_movs_alternative+0x4a/0x90
[ 1473.197127][T24438]  should_fail_ex+0x39d/0x4d0
[ 1473.201887][T24438]  should_failslab+0x9/0x20
[ 1473.206485][T24438]  slab_pre_alloc_hook+0x59/0x310
[ 1473.211588][T24438]  kmem_cache_alloc_node+0x60/0x320
[ 1473.216849][T24438]  ? __alloc_skb+0x103/0x2c0
[ 1473.221485][T24438]  __alloc_skb+0x103/0x2c0
[ 1473.225943][T24438]  tipc_buf_acquire+0x2b/0xe0
[ 1473.230657][T24438]  tipc_msg_build+0x8c3/0xee0
[ 1473.235425][T24438]  ? skb_copy_to_linear_data_offset+0x60/0x60
[ 1473.241535][T24438]  ? tipc_nametbl_lookup_mcast_nodes+0x2e/0x9e0
[ 1473.247809][T24438]  __tipc_sendmsg+0x1c70/0x2bb0
[ 1473.252695][T24438]  ? rht_unlock+0x1d0/0x1d0
[ 1473.257243][T24438]  ? wait_woken+0x180/0x180
[ 1473.261777][T24438]  ? perf_trace_run_bpf_submit+0xf4/0x1c0
[ 1473.267551][T24438]  ? mark_lock+0x94/0x320
[ 1473.271923][T24438]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1473.277953][T24438]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1473.283350][T24438]  ? lockdep_hardirqs_on+0x98/0x150
[ 1473.288667][T24438]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1473.294062][T24438]  ? _local_bh_enable+0xa0/0xa0
[ 1473.298948][T24438]  tipc_sendmsg+0x55/0x70
[ 1473.303322][T24438]  ? tipc_recvmsg+0x1400/0x1400
[ 1473.308228][T24438]  ____sys_sendmsg+0x5ba/0x960
[ 1473.313029][T24438]  ? lockdep_hardirqs_on+0x98/0x150
[ 1473.318254][T24438]  ? __sys_sendmsg_sock+0x30/0x30
[ 1473.323317][T24438]  ? ___sys_sendmsg+0x28b/0x360
[ 1473.328203][T24438]  ___sys_sendmsg+0x2a6/0x360
[ 1473.332903][T24438]  ? get_pid_task+0x20/0x1e0
[ 1473.337533][T24438]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1473.342335][T24438]  ? __lock_acquire+0x7d40/0x7d40
[ 1473.347406][T24438]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1473.352317][T24438]  ? __x64_sys_sendmsg+0x80/0x80
[ 1473.357305][T24438]  ? lockdep_hardirqs_on+0x98/0x150
[ 1473.362567][T24438]  do_syscall_64+0x55/0xa0
[ 1473.367007][T24438]  ? clear_bhb_loop+0x40/0x90
[ 1473.371718][T24438]  ? clear_bhb_loop+0x40/0x90
[ 1473.376430][T24438]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1473.382360][T24438] RIP: 0033:0x7f72b7b9cdd9
[ 1473.386802][T24438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1473.406442][T24438] RSP: 002b:00007f72b8ada028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1473.414898][T24438] RAX: ffffffffffffffda RBX: 00007f72b7e15fa0 RCX: 00007f72b7b9cdd9
[ 1473.422974][T24438] RDX: 0000000000000000 RSI: 0000200000003a00 RDI: 000000000000000b
[ 1473.431075][T24438] RBP: 00007f72b8ada090 R08: 0000000000000000 R09: 0000000000000000
[ 1473.439090][T24438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1473.447093][T24438] R13: 00007f72b7e16038 R14: 00007f72b7e15fa0 R15: 00007ffeca497e88
[ 1473.455122][T24438]  </TASK>
[ 1474.067851][T24452] netlink: 'syz.3.5527': attribute type 6 has an invalid length.
[ 1474.078171][T24452] netlink: 140 bytes leftover after parsing attributes in process `syz.3.5527'.
[ 1474.091309][T24452] IPv6: Can't replace route, no match found
[ 1474.855999][T24465] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5534'.
[ 1474.870157][T24465] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5534'.
[ 1474.883131][T24465] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5534'.
[ 1474.959612][T24459] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5534'.
[ 1475.028122][T24469] netlink: 'syz.1.5536': attribute type 17 has an invalid length.
[ 1475.052806][T24469] netlink: 'syz.1.5536': attribute type 16 has an invalid length.
[ 1475.073159][T24469] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5536'.
[ 1475.326161][T22134] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[ 1475.734365][T24487] netlink: 'syz.3.5543': attribute type 10 has an invalid length.
[ 1476.661323][T24487] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1476.723512][T24487] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.731122][T24487] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1476.807841][T24487] team0: Port device bridge0 added
[ 1479.121077][T24527] netlink: 'syz.3.5557': attribute type 21 has an invalid length.
[ 1479.138325][T24527] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5557'.
[ 1479.168332][T24527] netlink: 'syz.3.5557': attribute type 1 has an invalid length.
[ 1480.547651][T22134] Bluetooth: hci4: unexpected event 0x0f length: 15 > 4
[ 1482.080947][T24592] netlink: 'syz.2.5577': attribute type 10 has an invalid length.
[ 1482.092777][T24592] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5577'.
[ 1482.305248][T22134] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[ 1482.711954][T24607] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5583'.
[ 1482.769588][T24607] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5583'.
[ 1482.785329][T24608] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5583'.
[ 1482.827121][T24605] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5583'.
[ 1483.245911][T24627] netlink: 'syz.1.5589': attribute type 21 has an invalid length.
[ 1483.391885][T24627] netlink: 121460 bytes leftover after parsing attributes in process `syz.1.5589'.
[ 1483.422997][T24627] netlink: 21096 bytes leftover after parsing attributes in process `syz.1.5589'.
[ 1483.448617][T24627] tipc: Started in network mode
[ 1483.459786][T24627] tipc: Node identity 1a, cluster identity 4711
[ 1483.478501][T24627] tipc: Node number set to 26
[ 1483.845725][T24638] netlink: 'syz.2.5590': attribute type 10 has an invalid length.
[ 1483.943908][T24638] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5590'.
[ 1484.340788][T24636] netlink: 'syz.1.5593': attribute type 10 has an invalid length.
[ 1484.358921][T24636] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5593'.
[ 1484.604447][T22134] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[ 1484.615072][T22134] Bluetooth: hci4: Injecting HCI hardware error event
[ 1484.623425][T22134] Bluetooth: hci4: hardware error 0x00
[ 1484.639534][T24657] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5598'.
[ 1484.653165][T24657] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5598'.
[ 1484.676473][T24657] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5598'.
[ 1484.688384][T24657] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5598'.
[ 1484.770331][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.779514][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.589428][T24674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 1485.736964][T24674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 1485.781592][T24677] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 1485.856388][T24679] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 1486.364944][T21880] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1486.373896][T21880] Bluetooth: hci1: Injecting HCI hardware error event
[ 1486.495129][T24688] netlink: 'syz.3.5603': attribute type 10 has an invalid length.
[ 1486.503139][T24688] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5603'.
[ 1486.764377][T22134] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1486.853952][T22134] Bluetooth: hci1: command 0x0406 tx timeout
[ 1486.876621][T13311] Bluetooth: hci1: hardware error 0x00
[ 1487.343958][T24701] netlink: 'syz.0.5610': attribute type 9 has an invalid length.
[ 1487.808136][T24705] netlink: 'syz.3.5613': attribute type 10 has an invalid length.
[ 1488.647962][T24731] netlink: 'syz.3.5616': attribute type 10 has an invalid length.
[ 1488.929111][T13311] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1489.289904][T24744] FAULT_INJECTION: forcing a failure.
[ 1489.289904][T24744] name failslab, interval 1, probability 0, space 0, times 0
[ 1489.309154][T24744] CPU: 0 PID: 24744 Comm: syz.1.5622 Not tainted syzkaller #0
[ 1489.316699][T24744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1489.326802][T24744] Call Trace:
[ 1489.330117][T24744]  <TASK>
[ 1489.333087][T24744]  dump_stack_lvl+0x18c/0x250
[ 1489.337865][T24744]  ? show_regs_print_info+0x20/0x20
[ 1489.343138][T24744]  ? load_image+0x420/0x420
[ 1489.347728][T24744]  ? __might_sleep+0xe0/0xe0
[ 1489.352385][T24744]  ? __lock_acquire+0x7d40/0x7d40
[ 1489.357491][T24744]  should_fail_ex+0x39d/0x4d0
[ 1489.362269][T24744]  should_failslab+0x9/0x20
[ 1489.366856][T24744]  slab_pre_alloc_hook+0x59/0x310
[ 1489.371968][T24744]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1489.377766][T24744]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1489.383548][T24744]  __kmem_cache_alloc_node+0x53/0x250
[ 1489.389019][T24744]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1489.394800][T24744]  __kmalloc+0xa4/0x230
[ 1489.399054][T24744]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1489.404727][T24744]  tomoyo_path_number_perm+0x248/0x620
[ 1489.410261][T24744]  ? tomoyo_path_number_perm+0x217/0x620
[ 1489.415959][T24744]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1489.421470][T24744]  ? ksys_write+0x1c4/0x260
[ 1489.426101][T24744]  ? __fget_files+0x28/0x4b0
[ 1489.430753][T24744]  ? __fget_files+0x28/0x4b0
[ 1489.435450][T24744]  security_file_ioctl+0x70/0xa0
[ 1489.440461][T24744]  __se_sys_ioctl+0x48/0x170
[ 1489.445130][T24744]  do_syscall_64+0x55/0xa0
[ 1489.449598][T24744]  ? clear_bhb_loop+0x40/0x90
[ 1489.454315][T24744]  ? clear_bhb_loop+0x40/0x90
[ 1489.459063][T24744]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1489.465004][T24744] RIP: 0033:0x7f17d699cdd9
[ 1489.469474][T24744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1489.489140][T24744] RSP: 002b:00007f17d77b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1489.497605][T24744] RAX: ffffffffffffffda RBX: 00007f17d6c15fa0 RCX: 00007f17d699cdd9
[ 1489.505614][T24744] RDX: 0000000000000000 RSI: 0000000000005411 RDI: 0000000000000003
[ 1489.513631][T24744] RBP: 00007f17d77b3090 R08: 0000000000000000 R09: 0000000000000000
[ 1489.521647][T24744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1489.529655][T24744] R13: 00007f17d6c16038 R14: 00007f17d6c15fa0 R15: 00007ffec55bf938
[ 1489.537710][T24744]  </TASK>
[ 1489.576271][T24744] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1490.118255][T24756] __nla_validate_parse: 7 callbacks suppressed
[ 1490.118274][T24756] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.5626'.
[ 1490.607981][T24750] netlink: 'syz.0.5625': attribute type 10 has an invalid length.
[ 1490.648144][T24750] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5625'.
[ 1491.224941][T24768] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5629'.
[ 1491.236674][T24762] netlink: 'syz.3.5627': attribute type 10 has an invalid length.
[ 1491.236703][T24762] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5627'.
[ 1491.300101][T24768] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5629'.
[ 1491.374286][T24769] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5629'.
[ 1491.392797][T24768] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5629'.
[ 1494.392413][T24805] netlink: 'syz.3.5641': attribute type 25 has an invalid length.
[ 1494.427487][T24805] netlink: 'syz.3.5641': attribute type 9 has an invalid length.
[ 1494.498793][T24795] netlink: 'syz.1.5638': attribute type 10 has an invalid length.
[ 1494.540133][T24795] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5638'.
[ 1494.576342][T24809] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5642'.
[ 1494.605662][T24809] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5642'.
[ 1496.082996][T24833] syzkaller0: entered promiscuous mode
[ 1496.103895][T24833] syzkaller0: entered allmulticast mode
[ 1496.285742][T24841] __nla_validate_parse: 3 callbacks suppressed
[ 1496.285773][T24841] netlink: 763 bytes leftover after parsing attributes in process `syz.0.5652'.
[ 1496.742091][T24849] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5653'.
[ 1496.976119][T24849] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5653'.
[ 1497.006782][T24851] netlink: 'syz.2.5654': attribute type 10 has an invalid length.
[ 1497.020979][T24851] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5654'.
[ 1497.048986][T24854] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5653'.
[ 1497.109188][T24855] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5653'.
[ 1497.339045][T24864] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5658'.
[ 1498.058700][T24876] FAULT_INJECTION: forcing a failure.
[ 1498.058700][T24876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1498.103845][T24876] CPU: 1 PID: 24876 Comm: syz.0.5663 Not tainted syzkaller #0
[ 1498.111486][T24876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1498.121599][T24876] Call Trace:
[ 1498.124930][T24876]  <TASK>
[ 1498.127915][T24876]  dump_stack_lvl+0x18c/0x250
[ 1498.132667][T24876]  ? show_regs_print_info+0x20/0x20
[ 1498.137934][T24876]  ? load_image+0x420/0x420
[ 1498.142510][T24876]  ? __might_fault+0xaa/0x120
[ 1498.147239][T24876]  ? __lock_acquire+0x7d40/0x7d40
[ 1498.152342][T24876]  should_fail_ex+0x39d/0x4d0
[ 1498.157096][T24876]  _copy_from_iter+0x1d9/0x12e0
[ 1498.162041][T24876]  ? __virt_addr_valid+0x18c/0x540
[ 1498.167204][T24876]  ? __lock_acquire+0x7d40/0x7d40
[ 1498.172310][T24876]  ? lockdep_hardirqs_on+0x98/0x150
[ 1498.177575][T24876]  ? copyout_mc+0x70/0x70
[ 1498.181956][T24876]  ? __virt_addr_valid+0x18c/0x540
[ 1498.187117][T24876]  ? __virt_addr_valid+0x18c/0x540
[ 1498.192289][T24876]  ? __virt_addr_valid+0x469/0x540
[ 1498.197461][T24876]  ? __check_object_size+0x506/0xa20
[ 1498.202795][T24876]  netlink_sendmsg+0x76b/0xbf0
[ 1498.207634][T24876]  ? netlink_getsockopt+0x590/0x590
[ 1498.212900][T24876]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1498.219111][T24876]  ? aa_sock_msg_perm+0x94/0x150
[ 1498.224102][T24876]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1498.229449][T24876]  ? security_socket_sendmsg+0x80/0xa0
[ 1498.234961][T24876]  ? netlink_getsockopt+0x590/0x590
[ 1498.240227][T24876]  ____sys_sendmsg+0x5ba/0x960
[ 1498.245054][T24876]  ? __sys_sendmsg_sock+0x30/0x30
[ 1498.250121][T24876]  ? __import_iovec+0x5f2/0x850
[ 1498.255035][T24876]  ? import_iovec+0x73/0xa0
[ 1498.259683][T24876]  ___sys_sendmsg+0x2a6/0x360
[ 1498.264430][T24876]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1498.269274][T24876]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[ 1498.275604][T24876]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1498.280515][T24876]  ? hrtimer_interrupt+0x7bb/0x9c0
[ 1498.285681][T24876]  ? __x64_sys_sendmsg+0x80/0x80
[ 1498.290686][T24876]  ? lockdep_hardirqs_on+0x98/0x150
[ 1498.295952][T24876]  do_syscall_64+0x55/0xa0
[ 1498.300405][T24876]  ? clear_bhb_loop+0x40/0x90
[ 1498.305151][T24876]  ? clear_bhb_loop+0x40/0x90
[ 1498.309894][T24876]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1498.315882][T24876] RIP: 0033:0x7f72b7b9cdd9
[ 1498.320365][T24876] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1498.340114][T24876] RSP: 002b:00007f72b8ada028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1498.348602][T24876] RAX: ffffffffffffffda RBX: 00007f72b7e15fa0 RCX: 00007f72b7b9cdd9
[ 1498.356634][T24876] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000007
[ 1498.364738][T24876] RBP: 00007f72b8ada090 R08: 0000000000000000 R09: 0000000000000000
[ 1498.372760][T24876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1498.380847][T24876] R13: 00007f72b7e16038 R14: 00007f72b7e15fa0 R15: 00007ffeca497e88
[ 1498.388880][T24876]  </TASK>
[ 1499.081132][T24886] netlink: 'syz.0.5666': attribute type 10 has an invalid length.
[ 1499.101036][T24886] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5666'.
[ 1499.444541][T24903] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5670'.
[ 1499.466881][T24903] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5670'.
[ 1499.559463][T24901] netlink: 'syz.2.5668': attribute type 10 has an invalid length.
[ 1500.419805][T24921] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes.
[ 1500.614606][T24925] FAULT_INJECTION: forcing a failure.
[ 1500.614606][T24925] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1500.746184][T24925] CPU: 1 PID: 24925 Comm: syz.2.5676 Not tainted syzkaller #0
[ 1500.753785][T24925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1500.763918][T24925] Call Trace:
[ 1500.767242][T24925]  <TASK>
[ 1500.770209][T24925]  dump_stack_lvl+0x18c/0x250
[ 1500.774957][T24925]  ? show_regs_print_info+0x20/0x20
[ 1500.780252][T24925]  ? load_image+0x420/0x420
[ 1500.784821][T24925]  ? __lock_acquire+0x7d40/0x7d40
[ 1500.789927][T24925]  ? mark_lock+0x94/0x320
[ 1500.794369][T24925]  should_fail_ex+0x39d/0x4d0
[ 1500.799201][T24925]  prepare_alloc_pages+0x1e2/0x5f0
[ 1500.804379][T24925]  __alloc_pages+0x134/0x460
[ 1500.809022][T24925]  ? zone_statistics+0x170/0x170
[ 1500.814021][T24925]  ? do_wp_page+0x876/0x35f0
[ 1500.818665][T24925]  ? do_wp_page+0x1006/0x35f0
[ 1500.823393][T24925]  __folio_alloc+0x10/0x20
[ 1500.827851][T24925]  vma_alloc_folio+0x47a/0x8f0
[ 1500.832681][T24925]  do_wp_page+0x1272/0x35f0
[ 1500.837249][T24925]  ? folio_put+0xd0/0xd0
[ 1500.841534][T24925]  ? do_raw_spin_lock+0x11f/0x2c0
[ 1500.846608][T24925]  ? __rwlock_init+0x150/0x150
[ 1500.851437][T24925]  handle_mm_fault+0x135d/0x4c00
[ 1500.856600][T24925]  ? handle_mm_fault+0xe7/0x4c00
[ 1500.861595][T24925]  ? lock_vma_under_rcu+0x549/0x680
[ 1500.866854][T24925]  ? numa_migrate_prep+0x350/0x350
[ 1500.872045][T24925]  ? do_user_addr_fault+0x1c3/0x12c0
[ 1500.877392][T24925]  do_user_addr_fault+0xac8/0x12c0
[ 1500.882568][T24925]  ? rcu_is_watching+0x15/0xb0
[ 1500.887393][T24925]  exc_page_fault+0x64/0x100
[ 1500.892145][T24925]  ? clear_bhb_loop+0x40/0x90
[ 1500.896891][T24925]  asm_exc_page_fault+0x26/0x30
[ 1500.901794][T24925] RIP: 0033:0x7fc24b0630bd
[ 1500.906255][T24925] Code: fe ff 48 83 c4 78 5b 5d 41 5c 41 5e c3 48 8b 44 24 20 48 8b 5c 24 08 48 8b b0 88 00 00 00 8b 78 08 48 8d 53 30 e8 93 39 ff ff <48> 89 83 88 00 00 00 e9 35 fe ff ff 0f 1f 80 00 00 00 00 8b 7c 24
[ 1500.925927][T24925] RSP: 002b:00007fc24c05f050 EFLAGS: 00010206
[ 1500.932055][T24925] RAX: 0000000000000000 RBX: 00007fc24b415fa0 RCX: 00007fc24b232d69
[ 1500.940078][T24925] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000a
[ 1500.948103][T24925] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1500.956126][T24925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1500.964179][T24925] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1500.972221][T24925]  </TASK>
[ 1501.054390][T24925] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 1501.290271][T24934] netlink: 'syz.1.5679': attribute type 10 has an invalid length.
[ 1501.298326][T24934] __nla_validate_parse: 5 callbacks suppressed
[ 1501.298338][T24934] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5679'.
[ 1501.674273][T24949] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5681'.
[ 1501.701456][T24949] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5681'.
[ 1501.734411][T24946] syzkaller0: entered promiscuous mode
[ 1501.744414][T24946] syzkaller0: entered allmulticast mode
[ 1501.763073][T24950] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5681'.
[ 1501.871317][T24949] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5681'.
[ 1502.454283][T24964] netlink: 'syz.3.5686': attribute type 17 has an invalid length.
[ 1502.475603][T24964] netlink: 'syz.3.5686': attribute type 16 has an invalid length.
[ 1502.485663][T24964] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5686'.
[ 1502.804115][T24975] netlink: 'syz.2.5690': attribute type 46 has an invalid length.
[ 1503.454636][T24995] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5698'.
[ 1503.507349][T24996] netlink: 'syz.3.5699': attribute type 1 has an invalid length.
[ 1503.518137][T24995] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5698'.
[ 1503.534065][T24996] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.5699'.
[ 1503.556639][T24993] netlink: 'syz.2.5697': attribute type 17 has an invalid length.
[ 1503.588875][T24993] netlink: 'syz.2.5697': attribute type 16 has an invalid length.
[ 1503.629931][T24993] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5697'.
[ 1504.807874][T25026] netlink: 'syz.2.5709': attribute type 17 has an invalid length.
[ 1504.843828][T25026] netlink: 'syz.2.5709': attribute type 16 has an invalid length.
[ 1506.230313][T25054] netlink: 'syz.0.5718': attribute type 17 has an invalid length.
[ 1506.239434][T25054] netlink: 'syz.0.5718': attribute type 16 has an invalid length.
[ 1506.816370][T25059] __nla_validate_parse: 8 callbacks suppressed
[ 1506.816390][T25059] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5720'.
[ 1506.878751][T25069] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5724'.
[ 1506.894230][T25069] vlan1: entered promiscuous mode
[ 1506.905719][T25069] batman_adv: batadv0: Adding interface: vlan1
[ 1506.912554][T25069] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1506.943454][T25069] batman_adv: batadv0: Interface activated: vlan1
[ 1507.271430][T25078] syzkaller0: entered promiscuous mode
[ 1507.283294][T25078] syzkaller0: entered allmulticast mode
[ 1507.427399][T25081] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5727'.
[ 1507.438707][T25081] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5727'.
[ 1507.452258][T25081] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5727'.
[ 1507.473058][T25081] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5727'.
[ 1507.988108][T25089] validate_nla: 2 callbacks suppressed
[ 1507.988126][T25089] netlink: 'syz.2.5729': attribute type 17 has an invalid length.
[ 1508.002131][T25089] netlink: 'syz.2.5729': attribute type 16 has an invalid length.
[ 1508.026342][T25089] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5729'.
[ 1508.601627][T25106] netlink: 'syz.3.5736': attribute type 46 has an invalid length.
[ 1508.858138][T25100] netlink: 'syz.0.5735': attribute type 10 has an invalid length.
[ 1508.873988][T25100] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5735'.
[ 1509.106704][T25115] netlink: 'syz.0.5740': attribute type 17 has an invalid length.
[ 1509.134915][T25115] netlink: 'syz.0.5740': attribute type 16 has an invalid length.
[ 1509.153020][T25115] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5740'.
[ 1509.216573][T25120] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5741'.
[ 1509.412185][T25123] netlink: 'syz.0.5743': attribute type 13 has an invalid length.
[ 1511.710511][T25123] erspan0: refused to change device tx_queue_len
[ 1511.734023][T25123] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[ 1511.913616][T25135] netlink: 'syz.1.5744': attribute type 2 has an invalid length.
[ 1511.928963][T25135] netlink: 'syz.1.5744': attribute type 1 has an invalid length.
[ 1511.938121][T25135] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1512.210538][T25143] syzkaller0: entered promiscuous mode
[ 1512.216253][T25143] syzkaller0: entered allmulticast mode
[ 1513.141106][T25169] netlink: 'syz.1.5754': attribute type 3 has an invalid length.
[ 1513.157511][T25169] __nla_validate_parse: 4 callbacks suppressed
[ 1513.157528][T25169] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.5754'.
[ 1513.192549][T25170] netlink: 'syz.1.5754': attribute type 3 has an invalid length.
[ 1513.200719][T25170] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.5754'.
[ 1514.760008][T25150] netlink: 'syz.2.5749': attribute type 10 has an invalid length.
[ 1514.770741][T25150] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5749'.
[ 1514.782225][T25161] netlink: 'syz.0.5751': attribute type 17 has an invalid length.
[ 1514.790218][T25161] netlink: 'syz.0.5751': attribute type 16 has an invalid length.
[ 1514.798602][T25161] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5751'.
[ 1514.954956][T25176] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.5756'.
[ 1514.964805][T25176] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5756'.
[ 1515.225080][T25184] FAULT_INJECTION: forcing a failure.
[ 1515.225080][T25184] name failslab, interval 1, probability 0, space 0, times 0
[ 1515.241795][T25184] CPU: 0 PID: 25184 Comm: syz.1.5760 Not tainted syzkaller #0
[ 1515.249352][T25184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1515.259444][T25184] Call Trace:
[ 1515.262767][T25184]  <TASK>
[ 1515.265736][T25184]  dump_stack_lvl+0x18c/0x250
[ 1515.270508][T25184]  ? show_regs_print_info+0x20/0x20
[ 1515.275794][T25184]  ? load_image+0x420/0x420
[ 1515.280381][T25184]  ? __might_sleep+0xe0/0xe0
[ 1515.285018][T25184]  ? __lock_acquire+0x7d40/0x7d40
[ 1515.290103][T25184]  should_fail_ex+0x39d/0x4d0
[ 1515.294850][T25184]  should_failslab+0x9/0x20
[ 1515.299410][T25184]  slab_pre_alloc_hook+0x59/0x310
[ 1515.304492][T25184]  ? __get_vm_area_node+0x125/0x370
[ 1515.309790][T25184]  __kmem_cache_alloc_node+0x53/0x250
[ 1515.315222][T25184]  ? __get_vm_area_node+0x125/0x370
[ 1515.320480][T25184]  kmalloc_node_trace+0x26/0xe0
[ 1515.325385][T25184]  __get_vm_area_node+0x125/0x370
[ 1515.330474][T25184]  __vmalloc_node_range+0x36e/0x1330
[ 1515.335833][T25184]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.341453][T25184]  ? mark_lock+0x94/0x320
[ 1515.345875][T25184]  ? __lock_acquire+0x1347/0x7d40
[ 1515.350982][T25184]  ? free_vm_area+0x50/0x50
[ 1515.355538][T25184]  ? perf_swevent_event+0x4be/0x570
[ 1515.360784][T25184]  ? end_current_label_crit_section+0x170/0x170
[ 1515.367126][T25184]  ? perf_tp_event+0x1520/0x1520
[ 1515.372111][T25184]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.377682][T25184]  __vmalloc+0x7a/0x90
[ 1515.381780][T25184]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.387366][T25184]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.392773][T25184]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1515.397577][T25184]  bpf_prog_alloc+0x3d/0x1a0
[ 1515.402194][T25184]  bpf_prog_load+0x6eb/0x1670
[ 1515.406915][T25184]  ? map_freeze+0x420/0x420
[ 1515.411459][T25184]  ? __might_fault+0xaa/0x120
[ 1515.416181][T25184]  ? __lock_acquire+0x7d40/0x7d40
[ 1515.421236][T25184]  ? __might_fault+0xaa/0x120
[ 1515.425930][T25184]  ? __might_fault+0xc6/0x120
[ 1515.430640][T25184]  ? __might_fault+0xaa/0x120
[ 1515.435341][T25184]  ? bpf_lsm_bpf+0x9/0x10
[ 1515.439705][T25184]  ? security_bpf+0x7e/0xa0
[ 1515.444249][T25184]  __sys_bpf+0x5ba/0x890
[ 1515.448545][T25184]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1515.453979][T25184]  ? lock_chain_count+0x20/0x20
[ 1515.458855][T25184]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1515.464895][T25184]  __x64_sys_bpf+0x7c/0x90
[ 1515.469342][T25184]  do_syscall_64+0x55/0xa0
[ 1515.473784][T25184]  ? clear_bhb_loop+0x40/0x90
[ 1515.478497][T25184]  ? clear_bhb_loop+0x40/0x90
[ 1515.483210][T25184]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1515.489136][T25184] RIP: 0033:0x7f17d699cdd9
[ 1515.493573][T25184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1515.513249][T25184] RSP: 002b:00007f17d77b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1515.521689][T25184] RAX: ffffffffffffffda RBX: 00007f17d6c15fa0 RCX: 00007f17d699cdd9
[ 1515.529697][T25184] RDX: 0000000000000094 RSI: 00002000000007c0 RDI: 0000000000000005
[ 1515.537704][T25184] RBP: 00007f17d77b3090 R08: 0000000000000000 R09: 0000000000000000
[ 1515.545703][T25184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1515.553701][T25184] R13: 00007f17d6c16038 R14: 00007f17d6c15fa0 R15: 00007ffec55bf938
[ 1515.561711][T25184]  </TASK>
[ 1515.610202][T25184] syz.1.5760: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[ 1515.680933][T25184] CPU: 0 PID: 25184 Comm: syz.1.5760 Not tainted syzkaller #0
[ 1515.688489][T25184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1515.698675][T25184] Call Trace:
[ 1515.701996][T25184]  <TASK>
[ 1515.704967][T25184]  dump_stack_lvl+0x18c/0x250
[ 1515.709709][T25184]  ? show_regs_print_info+0x20/0x20
[ 1515.714984][T25184]  ? load_image+0x420/0x420
[ 1515.719549][T25184]  ? __rcu_read_unlock+0x7c/0xd0
[ 1515.724546][T25184]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1515.731046][T25184]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1515.737683][T25184]  warn_alloc+0x246/0x340
[ 1515.742071][T25184]  ? __get_vm_area_node+0x125/0x370
[ 1515.747338][T25184]  ? zone_watermark_ok_safe+0x230/0x230
[ 1515.752948][T25184]  ? rcu_is_watching+0x15/0xb0
[ 1515.757861][T25184]  ? __get_vm_area_node+0x356/0x370
[ 1515.763127][T25184]  __vmalloc_node_range+0x393/0x1330
[ 1515.768511][T25184]  ? mark_lock+0x94/0x320
[ 1515.770310][T25194] netlink: 'syz.0.5763': attribute type 17 has an invalid length.
[ 1515.772875][T25184]  ? __lock_acquire+0x1347/0x7d40
[ 1515.785805][T25184]  ? free_vm_area+0x50/0x50
[ 1515.790407][T25184]  ? perf_swevent_event+0x4be/0x570
[ 1515.795657][T25184]  ? end_current_label_crit_section+0x170/0x170
[ 1515.801959][T25184]  ? perf_tp_event+0x1520/0x1520
[ 1515.806952][T25184]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.812569][T25184]  __vmalloc+0x7a/0x90
[ 1515.816673][T25184]  ? bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.822248][T25184]  bpf_prog_alloc_no_stats+0x47/0x440
[ 1515.827648][T25184]  ? bpf_prog_alloc+0x2b/0x1a0
[ 1515.832452][T25184]  bpf_prog_alloc+0x3d/0x1a0
[ 1515.837069][T25184]  bpf_prog_load+0x6eb/0x1670
[ 1515.841788][T25184]  ? map_freeze+0x420/0x420
[ 1515.846329][T25184]  ? __might_fault+0xaa/0x120
[ 1515.851035][T25184]  ? __lock_acquire+0x7d40/0x7d40
[ 1515.856092][T25184]  ? __might_fault+0xaa/0x120
[ 1515.860799][T25184]  ? __might_fault+0xc6/0x120
[ 1515.865501][T25184]  ? __might_fault+0xaa/0x120
[ 1515.870208][T25184]  ? bpf_lsm_bpf+0x9/0x10
[ 1515.874588][T25184]  ? security_bpf+0x7e/0xa0
[ 1515.879152][T25184]  __sys_bpf+0x5ba/0x890
[ 1515.883436][T25184]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1515.888864][T25184]  ? lock_chain_count+0x20/0x20
[ 1515.893747][T25184]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1515.899772][T25184]  __x64_sys_bpf+0x7c/0x90
[ 1515.904216][T25184]  do_syscall_64+0x55/0xa0
[ 1515.908668][T25184]  ? clear_bhb_loop+0x40/0x90
[ 1515.913375][T25184]  ? clear_bhb_loop+0x40/0x90
[ 1515.918077][T25184]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1515.924006][T25184] RIP: 0033:0x7f17d699cdd9
[ 1515.928475][T25184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1515.948105][T25184] RSP: 002b:00007f17d77b3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1515.956578][T25184] RAX: ffffffffffffffda RBX: 00007f17d6c15fa0 RCX: 00007f17d699cdd9
[ 1515.964586][T25184] RDX: 0000000000000094 RSI: 00002000000007c0 RDI: 0000000000000005
[ 1515.972670][T25184] RBP: 00007f17d77b3090 R08: 0000000000000000 R09: 0000000000000000
[ 1515.980665][T25184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1515.988663][T25184] R13: 00007f17d6c16038 R14: 00007f17d6c15fa0 R15: 00007ffec55bf938
[ 1515.996687][T25184]  </TASK>
[ 1516.013838][T25194] netlink: 'syz.0.5763': attribute type 16 has an invalid length.
[ 1516.021728][T25194] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5763'.
[ 1516.060620][T25184] Mem-Info:
[ 1516.064300][T25184] active_anon:7467 inactive_anon:0 isolated_anon:0
[ 1516.064300][T25184]  active_file:21492 inactive_file:40490 isolated_file:0
[ 1516.064300][T25184]  unevictable:768 dirty:233 writeback:0
[ 1516.064300][T25184]  slab_reclaimable:10634 slab_unreclaimable:95743
[ 1516.064300][T25184]  mapped:25332 shmem:1361 pagetables:486
[ 1516.064300][T25184]  sec_pagetables:0 bounce:0
[ 1516.064300][T25184]  kernel_misc_reclaimable:0
[ 1516.064300][T25184]  free:1341429 free_pcp:5888 free_cma:0
[ 1516.115930][T25184] Node 0 active_anon:29868kB inactive_anon:0kB active_file:85968kB inactive_file:161760kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101328kB dirty:932kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10520kB pagetables:1944kB sec_pagetables:0kB all_unreclaimable? no
[ 1516.173086][T25184] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1516.203694][T25184] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1516.231730][T25184] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1516.237785][T25184] Node 0 DMA32 free:1443436kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:29756kB inactive_anon:0kB active_file:85968kB inactive_file:160932kB unevictable:1536kB writepending:1068kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:17284kB local_pcp:9404kB free_cma:0kB
[ 1516.269263][T25184] lowmem_reserve[]: 0 0 0 0 0
[ 1516.274443][T25184] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1516.319362][T25184] lowmem_reserve[]: 0 0 0 0 0
[ 1516.324558][T25184] Node 1 Normal free:3906916kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:6432kB local_pcp:6432kB free_cma:0kB
[ 1516.363836][T25184] lowmem_reserve[]: 0 0 0 0 0
[ 1516.374477][T25184] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1516.405537][T25184] Node 0 DMA32: 1065*4kB (UME) 1279*8kB (UME) 1011*16kB (ME) 1157*32kB (UME) 1690*64kB (UME) 795*128kB (UME) 274*256kB (UME) 106*512kB (UME) 53*1024kB (UM) 20*2048kB (UM) 231*4096kB (UM) = 1443436kB
[ 1516.445557][T25184] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[ 1516.464072][T25184] Node 1 Normal: 239*4kB (UME) 43*8kB (UME) 45*16kB (UME) 218*32kB (UME) 87*64kB (UME) 19*128kB (UME) 5*256kB (UM) 1*512kB (U) 1*1024kB (E) 2*2048kB (UE) 948*4096kB (M) = 3906916kB
[ 1516.488231][T25204] FAULT_INJECTION: forcing a failure.
[ 1516.488231][T25204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1516.501873][T25184] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1516.511595][T25184] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1516.521742][T25204] CPU: 0 PID: 25204 Comm: syz.0.5766 Not tainted syzkaller #0
[ 1516.529685][T25204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1516.539817][T25204] Call Trace:
[ 1516.543120][T25204]  <TASK>
[ 1516.546099][T25204]  dump_stack_lvl+0x18c/0x250
[ 1516.550902][T25204]  ? show_regs_print_info+0x20/0x20
[ 1516.556140][T25204]  ? load_image+0x420/0x420
[ 1516.560724][T25204]  ? __might_fault+0xaa/0x120
[ 1516.565465][T25204]  ? __lock_acquire+0x7d40/0x7d40
[ 1516.570553][T25204]  should_fail_ex+0x39d/0x4d0
[ 1516.575476][T25204]  _copy_from_user+0x2f/0xe0
[ 1516.580174][T25204]  __sys_bpf+0x23e/0x890
[ 1516.584488][T25204]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1516.589919][T25204]  ? lock_chain_count+0x20/0x20
[ 1516.594814][T25204]  __x64_sys_bpf+0x7c/0x90
[ 1516.599257][T25204]  do_syscall_64+0x55/0xa0
[ 1516.603792][T25204]  ? clear_bhb_loop+0x40/0x90
[ 1516.608503][T25204]  ? clear_bhb_loop+0x40/0x90
[ 1516.613210][T25204]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1516.619131][T25204] RIP: 0033:0x7f72b7b9cdd9
[ 1516.623621][T25204] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1516.643547][T25204] RSP: 002b:00007f72b8ada028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1516.651997][T25204] RAX: ffffffffffffffda RBX: 00007f72b7e15fa0 RCX: 00007f72b7b9cdd9
[ 1516.659995][T25204] RDX: 0000000000000048 RSI: 0000200000000040 RDI: 000000000000000a
[ 1516.667991][T25204] RBP: 00007f72b8ada090 R08: 0000000000000000 R09: 0000000000000000
[ 1516.675984][T25204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1516.683981][T25204] R13: 00007f72b7e16038 R14: 00007f72b7e15fa0 R15: 00007ffeca497e88
[ 1516.691994][T25204]  </TASK>
[ 1516.695855][T25184] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1516.705566][T25184] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1516.715044][T25184] 63343 total pagecache pages
[ 1516.719758][T25184] 0 pages in swap cache
[ 1516.724289][T25184] Free swap  = 124996kB
[ 1516.728565][T25184] Total swap = 124996kB
[ 1516.732773][T25184] 2097051 pages RAM
[ 1516.743895][T25184] 0 pages HighMem/MovableOnly
[ 1516.748629][T25184] 416927 pages reserved
[ 1516.752820][T25184] 0 pages cma reserved
[ 1517.098608][T25218] netlink: 'syz.1.5771': attribute type 19 has an invalid length.
[ 1517.134373][T25218] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi
[ 1517.166785][T25223] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5771'.
[ 1517.361249][T25227] netlink: 'syz.1.5774': attribute type 17 has an invalid length.
[ 1517.374245][T25227] netlink: 'syz.1.5774': attribute type 16 has an invalid length.
[ 1517.392002][T25227] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5774'.
[ 1517.452420][T25229] netlink: 668 bytes leftover after parsing attributes in process `syz.3.5775'.
[ 1517.464953][T25229] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[ 1517.474688][T25229] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1520.885905][T25257] validate_nla: 2 callbacks suppressed
[ 1520.885923][T25257] netlink: 'syz.1.5786': attribute type 17 has an invalid length.
[ 1520.900006][T25257] netlink: 'syz.1.5786': attribute type 16 has an invalid length.
[ 1520.908266][T25257] __nla_validate_parse: 1 callbacks suppressed
[ 1520.908280][T25257] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5786'.
[ 1520.995908][T25262] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5788'.
[ 1521.013931][T25262] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5788'.
[ 1521.043050][T25262] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5788'.
[ 1521.054945][T25262] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5788'.
[ 1521.150614][T25268] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.5791'.
[ 1524.365640][T25286] netlink: 'syz.0.5796': attribute type 17 has an invalid length.
[ 1524.373540][T25286] netlink: 'syz.0.5796': attribute type 16 has an invalid length.
[ 1524.400609][T25286] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5796'.
[ 1525.867006][T25326] netlink: 'syz.2.5809': attribute type 17 has an invalid length.
[ 1525.876832][T25326] netlink: 'syz.2.5809': attribute type 16 has an invalid length.
[ 1525.954041][T25326] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5809'.
[ 1526.001621][T25321] netlink: 'syz.3.5808': attribute type 10 has an invalid length.
[ 1526.030530][T25321] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5808'.
[ 1526.194565][T25334] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.5812'.
[ 1526.463712][T25328] netlink: 'syz.1.5810': attribute type 10 has an invalid length.
[ 1526.472408][T25328] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5810'.
[ 1526.495821][T25328] batman_adv: batadv0: Interface activated: veth1_virt_wifi
[ 1527.156795][T25363] netlink: 'syz.3.5820': attribute type 17 has an invalid length.
[ 1527.224800][T25363] netlink: 'syz.3.5820': attribute type 16 has an invalid length.
[ 1527.295043][T25363] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5820'.
[ 1527.456933][T25369] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5824'.
[ 1527.490259][T25365] netlink: 'syz.0.5821': attribute type 10 has an invalid length.
[ 1527.522694][T25365] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5821'.
[ 1528.213858][T25378] netlink: 'syz.3.5825': attribute type 10 has an invalid length.
[ 1528.262597][T25378] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5825'.
[ 1528.317549][T25389] netlink: 'syz.0.5829': attribute type 10 has an invalid length.
[ 1528.326497][T25389] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5829'.
[ 1528.339725][T25389] bridge0: port 2(team0) entered blocking state
[ 1528.347182][T25389] bridge0: port 2(team0) entered disabled state
[ 1528.354542][T25389] team0: entered allmulticast mode
[ 1528.359897][T25389] team_slave_0: entered allmulticast mode
[ 1528.367378][T25389] team_slave_1: entered allmulticast mode
[ 1528.392988][T25389] team0: entered promiscuous mode
[ 1528.412923][T25389] team_slave_0: entered promiscuous mode
[ 1528.424641][T25389] team_slave_1: entered promiscuous mode
[ 1528.442207][T25389] bridge0: port 2(team0) entered blocking state
[ 1528.449076][T25389] bridge0: port 2(team0) entered forwarding state
[ 1528.480536][T25393] netlink: 'syz.1.5830': attribute type 4 has an invalid length.
[ 1528.501337][T25393] netlink: 168 bytes leftover after parsing attributes in process `syz.1.5830'.
[ 1528.743963][T25402] netlink: 'syz.0.5833': attribute type 17 has an invalid length.
[ 1528.763979][T25402] netlink: 'syz.0.5833': attribute type 16 has an invalid length.
[ 1531.057686][T25430] __nla_validate_parse: 3 callbacks suppressed
[ 1531.057705][T25430] netlink: 168 bytes leftover after parsing attributes in process `syz.3.5842'.
[ 1532.245412][T25436] validate_nla: 2 callbacks suppressed
[ 1532.245429][T25436] netlink: 'syz.1.5844': attribute type 17 has an invalid length.
[ 1532.277657][T25441] FAULT_INJECTION: forcing a failure.
[ 1532.277657][T25441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1532.291476][T25436] netlink: 'syz.1.5844': attribute type 16 has an invalid length.
[ 1532.292942][T25441] CPU: 0 PID: 25441 Comm: syz.2.5846 Not tainted syzkaller #0
[ 1532.306236][T25436] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5844'.
[ 1532.306792][T25441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1532.325959][T25441] Call Trace:
[ 1532.329289][T25441]  <TASK>
[ 1532.332260][T25441]  dump_stack_lvl+0x18c/0x250
[ 1532.337007][T25441]  ? show_regs_print_info+0x20/0x20
[ 1532.342264][T25441]  ? load_image+0x420/0x420
[ 1532.346829][T25441]  ? __might_fault+0xaa/0x120
[ 1532.351556][T25441]  ? __lock_acquire+0x7d40/0x7d40
[ 1532.356640][T25441]  ? tomoyo_path_number_perm+0x5b4/0x620
[ 1532.362345][T25441]  should_fail_ex+0x39d/0x4d0
[ 1532.367082][T25441]  _copy_from_user+0x2f/0xe0
[ 1532.371723][T25441]  wext_handle_ioctl+0xc8/0x1d0
[ 1532.376626][T25441]  ? call_commit_handler+0xf0/0xf0
[ 1532.381807][T25441]  sock_ioctl+0x15d/0x7e0
[ 1532.386184][T25441]  ? sock_poll+0x3e0/0x3e0
[ 1532.390666][T25441]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1532.395646][T25441]  ? security_file_ioctl+0x80/0xa0
[ 1532.400813][T25441]  ? sock_poll+0x3e0/0x3e0
[ 1532.405287][T25441]  __se_sys_ioctl+0xfd/0x170
[ 1532.409935][T25441]  do_syscall_64+0x55/0xa0
[ 1532.414404][T25441]  ? clear_bhb_loop+0x40/0x90
[ 1532.419133][T25441]  ? clear_bhb_loop+0x40/0x90
[ 1532.423869][T25441]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1532.429798][T25441] RIP: 0033:0x7fc24b19cdd9
[ 1532.434255][T25441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1532.453903][T25441] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1532.462362][T25441] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1532.470426][T25441] RDX: 0000200000000040 RSI: 0000000000008b20 RDI: 0000000000000004
[ 1532.478447][T25441] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1532.486470][T25441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1532.494504][T25441] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1532.502536][T25441]  </TASK>
[ 1533.200075][T25459] netlink: 'syz.0.5851': attribute type 10 has an invalid length.
[ 1533.240404][T25459] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5851'.
[ 1535.752734][T25470] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5854'.
[ 1535.819860][T25472] netlink: 'syz.2.5856': attribute type 17 has an invalid length.
[ 1535.844102][T25472] netlink: 'syz.2.5856': attribute type 16 has an invalid length.
[ 1535.879573][T25472] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5856'.
[ 1535.892610][T25474] netlink: 'syz.1.5855': attribute type 9 has an invalid length.
[ 1535.912067][T25474] netlink: 154020 bytes leftover after parsing attributes in process `syz.1.5855'.
[ 1535.968200][T25474] netlink: 'syz.1.5855': attribute type 10 has an invalid length.
[ 1535.977264][T25474] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5855'.
[ 1536.013946][T25474] team0: entered promiscuous mode
[ 1536.019435][T25474] team_slave_0: entered promiscuous mode
[ 1536.060921][T25474] team_slave_1: entered promiscuous mode
[ 1536.095499][T25474] team0: entered allmulticast mode
[ 1536.100888][T25474] team_slave_0: entered allmulticast mode
[ 1536.144062][T25474] team_slave_1: entered allmulticast mode
[ 1536.172090][T25474] bridge0: port 2(team0) entered blocking state
[ 1536.184424][T25474] bridge0: port 2(team0) entered disabled state
[ 1536.239304][T25474] bridge0: port 2(team0) entered blocking state
[ 1536.246251][T25474] bridge0: port 2(team0) entered forwarding state
[ 1536.852483][T25490] netlink: 'syz.1.5862': attribute type 10 has an invalid length.
[ 1536.870857][T25490] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5862'.
[ 1537.292392][T25499] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.5865'.
[ 1537.459915][T25494] netlink: 'syz.3.5863': attribute type 10 has an invalid length.
[ 1537.468198][T25494] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5863'.
[ 1537.549900][T25511] netlink: 'syz.2.5868': attribute type 17 has an invalid length.
[ 1537.558567][T25511] netlink: 'syz.2.5868': attribute type 16 has an invalid length.
[ 1537.567151][T25511] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5868'.
[ 1537.684532][T25515] FAULT_INJECTION: forcing a failure.
[ 1537.684532][T25515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1537.711803][T25515] CPU: 0 PID: 25515 Comm: syz.0.5870 Not tainted syzkaller #0
[ 1537.719332][T25515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1537.729435][T25515] Call Trace:
[ 1537.732752][T25515]  <TASK>
[ 1537.735723][T25515]  dump_stack_lvl+0x18c/0x250
[ 1537.740479][T25515]  ? show_regs_print_info+0x20/0x20
[ 1537.745737][T25515]  ? load_image+0x420/0x420
[ 1537.750296][T25515]  ? __might_fault+0xaa/0x120
[ 1537.755029][T25515]  ? __lock_acquire+0x7d40/0x7d40
[ 1537.760108][T25515]  should_fail_ex+0x39d/0x4d0
[ 1537.764846][T25515]  _copy_from_user+0x2f/0xe0
[ 1537.769476][T25515]  ____sys_sendmsg+0x2fd/0x960
[ 1537.774263][T25515]  ? __lock_acquire+0x7d40/0x7d40
[ 1537.779334][T25515]  ? __sys_sendmsg_sock+0x30/0x30
[ 1537.784396][T25515]  ? __import_iovec+0x3fa/0x850
[ 1537.789283][T25515]  ? import_iovec+0x73/0xa0
[ 1537.793824][T25515]  ___sys_sendmsg+0x2a6/0x360
[ 1537.798514][T25515]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1537.803298][T25515]  ? trace_call_bpf+0xc3/0x6c0
[ 1537.808093][T25515]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1537.812987][T25515]  ? __x64_sys_sendmsg+0x80/0x80
[ 1537.817991][T25515]  ? lockdep_hardirqs_on+0x98/0x150
[ 1537.823233][T25515]  do_syscall_64+0x55/0xa0
[ 1537.827690][T25515]  ? clear_bhb_loop+0x40/0x90
[ 1537.832417][T25515]  ? clear_bhb_loop+0x40/0x90
[ 1537.837145][T25515]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1537.843084][T25515] RIP: 0033:0x7f72b7b9cdd9
[ 1537.847539][T25515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1537.867230][T25515] RSP: 002b:00007f72b8ada028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1537.875700][T25515] RAX: ffffffffffffffda RBX: 00007f72b7e15fa0 RCX: 00007f72b7b9cdd9
[ 1537.883719][T25515] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1537.891733][T25515] RBP: 00007f72b8ada090 R08: 0000000000000000 R09: 0000000000000000
[ 1537.899752][T25515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1537.907764][T25515] R13: 00007f72b7e16038 R14: 00007f72b7e15fa0 R15: 00007ffeca497e88
[ 1537.915796][T25515]  </TASK>
[ 1537.988116][T25523] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5871'.
[ 1538.008743][T25523] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5871'.
[ 1538.039998][T25524] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5871'.
[ 1538.051010][T25523] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5871'.
[ 1538.485316][T25534] netlink: 'syz.3.5875': attribute type 153 has an invalid length.
[ 1538.494715][T25534] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.5875'.
[ 1538.621073][T25544] netlink: 'syz.1.5879': attribute type 17 has an invalid length.
[ 1538.631668][T25544] netlink: 'syz.1.5879': attribute type 16 has an invalid length.
[ 1538.640407][T25544] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5879'.
[ 1539.104060][T25551] netlink: 'syz.2.5880': attribute type 10 has an invalid length.
[ 1539.693645][T25569] netlink: 'syz.0.5888': attribute type 9 has an invalid length.
[ 1539.797228][T25569] netlink: 'syz.0.5888': attribute type 10 has an invalid length.
[ 1539.934759][T25575] netlink: 'syz.1.5890': attribute type 17 has an invalid length.
[ 1542.462288][T25642] __nla_validate_parse: 15 callbacks suppressed
[ 1542.462306][T25642] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5914'.
[ 1542.513630][T25645] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5913'.
[ 1542.523180][T25645] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5913'.
[ 1542.543330][T25645] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5913'.
[ 1542.574381][T25645] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5913'.
[ 1542.684001][T25647] validate_nla: 6 callbacks suppressed
[ 1542.684020][T25647] netlink: 'syz.1.5911': attribute type 10 has an invalid length.
[ 1542.718433][T25647] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5911'.
[ 1542.939066][T25656] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5918'.
[ 1542.963172][T25656] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5918'.
[ 1542.975514][T25656] netlink: 'syz.2.5918': attribute type 21 has an invalid length.
[ 1542.983615][T25656] netlink: 'syz.2.5918': attribute type 1 has an invalid length.
[ 1543.004959][T25656] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5918'.
[ 1543.321462][T25664] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5921'.
[ 1543.332160][T25664] openvswitch: netlink: Flow key attribute not present in set flow.
[ 1543.384234][T25660] netlink: 'syz.1.5920': attribute type 10 has an invalid length.
[ 1543.562246][T25672] netlink: 'syz.3.5925': attribute type 17 has an invalid length.
[ 1543.574164][T25673] syz.0.5924: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 1543.586403][T25672] netlink: 'syz.3.5925': attribute type 16 has an invalid length.
[ 1543.602709][T25673] CPU: 0 PID: 25673 Comm: syz.0.5924 Not tainted syzkaller #0
[ 1543.610255][T25673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1543.620359][T25673] Call Trace:
[ 1543.623681][T25673]  <TASK>
[ 1543.626667][T25673]  dump_stack_lvl+0x18c/0x250
[ 1543.631403][T25673]  ? show_regs_print_info+0x20/0x20
[ 1543.636662][T25673]  ? load_image+0x420/0x420
[ 1543.641229][T25673]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1543.647700][T25673]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1543.654258][T25673]  warn_alloc+0x246/0x340
[ 1543.658665][T25673]  ? stack_trace_save+0xaa/0x100
[ 1543.663657][T25673]  ? zone_watermark_ok_safe+0x230/0x230
[ 1543.669290][T25673]  ? kasan_set_track+0x5f/0x70
[ 1543.674112][T25673]  ? kasan_set_track+0x4e/0x70
[ 1543.678928][T25673]  ? __kasan_kmalloc+0x8f/0xa0
[ 1543.683745][T25673]  ? xsk_init_queue+0xad/0x100
[ 1543.688592][T25673]  ? xsk_setsockopt+0x4e5/0x760
[ 1543.693502][T25673]  ? do_sock_setsockopt+0x175/0x1a0
[ 1543.698757][T25673]  ? __x64_sys_setsockopt+0x182/0x200
[ 1543.704177][T25673]  __vmalloc_node_range+0x126/0x1330
[ 1543.709519][T25673]  ? free_vm_area+0x50/0x50
[ 1543.714060][T25673]  vmalloc_user+0x74/0x80
[ 1543.718421][T25673]  ? xskq_create+0xbf/0x170
[ 1543.722956][T25673]  xskq_create+0xbf/0x170
[ 1543.727332][T25673]  xsk_init_queue+0xad/0x100
[ 1543.731962][T25673]  xsk_setsockopt+0x4e5/0x760
[ 1543.736682][T25673]  ? xsk_poll+0x680/0x680
[ 1543.741057][T25673]  ? __fget_files+0x28/0x4b0
[ 1543.745694][T25673]  ? __fget_files+0x28/0x4b0
[ 1543.750331][T25673]  ? aa_sock_opt_perm+0x74/0x100
[ 1543.755316][T25673]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[ 1543.760905][T25673]  ? security_socket_setsockopt+0x7e/0xa0
[ 1543.766658][T25673]  ? xsk_poll+0x680/0x680
[ 1543.771037][T25673]  do_sock_setsockopt+0x175/0x1a0
[ 1543.776103][T25673]  ? __fdget+0x180/0x210
[ 1543.780375][T25673]  __x64_sys_setsockopt+0x182/0x200
[ 1543.785608][T25673]  do_syscall_64+0x55/0xa0
[ 1543.790061][T25673]  ? clear_bhb_loop+0x40/0x90
[ 1543.794777][T25673]  ? clear_bhb_loop+0x40/0x90
[ 1543.799484][T25673]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1543.805406][T25673] RIP: 0033:0x7f72b7b9cdd9
[ 1543.809845][T25673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1543.829477][T25673] RSP: 002b:00007f72b8ada028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1543.837927][T25673] RAX: ffffffffffffffda RBX: 00007f72b7e15fa0 RCX: 00007f72b7b9cdd9
[ 1543.845927][T25673] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[ 1543.853937][T25673] RBP: 00007f72b7c32d69 R08: 0000000000000004 R09: 0000000000000000
[ 1543.861940][T25673] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[ 1543.869936][T25673] R13: 00007f72b7e16038 R14: 00007f72b7e15fa0 R15: 00007ffeca497e88
[ 1543.877941][T25673]  </TASK>
[ 1543.903470][T25673] Mem-Info:
[ 1543.907951][T25673] active_anon:7471 inactive_anon:0 isolated_anon:0
[ 1543.907951][T25673]  active_file:21492 inactive_file:40502 isolated_file:0
[ 1543.907951][T25673]  unevictable:768 dirty:286 writeback:0
[ 1543.907951][T25673]  slab_reclaimable:10556 slab_unreclaimable:95557
[ 1543.907951][T25673]  mapped:25341 shmem:1361 pagetables:507
[ 1543.907951][T25673]  sec_pagetables:0 bounce:0
[ 1543.907951][T25673]  kernel_misc_reclaimable:0
[ 1543.907951][T25673]  free:1337350 free_pcp:9185 free_cma:0
[ 1543.984772][T25673] Node 0 active_anon:29984kB inactive_anon:0kB active_file:85968kB inactive_file:161808kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101364kB dirty:1144kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10516kB pagetables:2028kB sec_pagetables:0kB all_unreclaimable? no
[ 1544.053121][T25673] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1544.094660][T25673] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1544.155029][T25673] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1544.160902][T25673] Node 0 DMA32 free:1426448kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:30036kB inactive_anon:0kB active_file:85968kB inactive_file:160980kB unevictable:1536kB writepending:1156kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:30244kB local_pcp:12232kB free_cma:0kB
[ 1544.263872][T25673] lowmem_reserve[]: 0 0 0 0 0
[ 1544.280811][T25673] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1544.376593][T25673] lowmem_reserve[]: 0 0 0 0 0
[ 1544.414432][T25673] Node 1 Normal free:3906916kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:6432kB local_pcp:0kB free_cma:0kB
[ 1544.489373][T25673] lowmem_reserve[]: 0 0 0 0 0
[ 1544.495551][T25673] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1544.508861][T25673] Node 0 DMA32: 1374*4kB (UME) 1164*8kB (UM) 1010*16kB (UME) 839*32kB (UME) 1545*64kB (UME) 806*128kB (UME) 275*256kB (UME) 104*512kB (UME) 54*1024kB (UM) 20*2048kB (UM) 231*4096kB (UM) = 1425944kB
[ 1544.529263][T25673] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[ 1544.544521][T25686] netlink: 'syz.2.5928': attribute type 10 has an invalid length.
[ 1544.552503][T25673] Node 1 Normal: 239*4kB (UME) 43*8kB (UME) 45*16kB (UME) 218*32kB (UME) 87*64kB (UME) 19*128kB (UME) 5*256kB (UM) 1*512kB (U) 1*1024kB (E) 2*2048kB (UE) 948*4096kB (M) = 3906916kB
[ 1544.604854][T25673] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1544.625744][T25673] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1544.635539][T25673] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1544.645640][T25673] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1544.655608][T25673] 63355 total pagecache pages
[ 1544.660428][T25673] 0 pages in swap cache
[ 1544.665141][T25673] Free swap  = 124996kB
[ 1544.672841][T25673] Total swap = 124996kB
[ 1544.685563][T25673] 2097051 pages RAM
[ 1544.696196][T25673] 0 pages HighMem/MovableOnly
[ 1544.713304][T25673] 416927 pages reserved
[ 1544.723891][T25673] 0 pages cma reserved
[ 1545.721021][T25710] netlink: 'syz.0.5936': attribute type 17 has an invalid length.
[ 1545.753974][T25710] netlink: 'syz.0.5936': attribute type 16 has an invalid length.
[ 1546.242031][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.254538][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.899531][T25730] netlink: 'syz.0.5939': attribute type 10 has an invalid length.
[ 1547.251569][T25737] FAULT_INJECTION: forcing a failure.
[ 1547.251569][T25737] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1547.274753][T25737] CPU: 1 PID: 25737 Comm: syz.0.5946 Not tainted syzkaller #0
[ 1547.282313][T25737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1547.292408][T25737] Call Trace:
[ 1547.295725][T25737]  <TASK>
[ 1547.298688][T25737]  dump_stack_lvl+0x18c/0x250
[ 1547.303410][T25737]  ? show_regs_print_info+0x20/0x20
[ 1547.308646][T25737]  ? load_image+0x420/0x420
[ 1547.313182][T25737]  ? __lock_acquire+0x7d40/0x7d40
[ 1547.318243][T25737]  ? snprintf+0xe9/0x140
[ 1547.322512][T25737]  should_fail_ex+0x39d/0x4d0
[ 1547.327233][T25737]  _copy_to_user+0x2f/0xa0
[ 1547.331678][T25737]  simple_read_from_buffer+0xe7/0x150
[ 1547.337084][T25737]  proc_fail_nth_read+0x1e8/0x260
[ 1547.342148][T25737]  ? proc_fault_inject_write+0x360/0x360
[ 1547.347825][T25737]  ? fsnotify_perm+0x271/0x5e0
[ 1547.352627][T25737]  ? proc_fault_inject_write+0x360/0x360
[ 1547.358282][T25737]  vfs_read+0x28b/0x970
[ 1547.362469][T25737]  ? kernel_read+0x1e0/0x1e0
[ 1547.367082][T25737]  ? __fget_files+0x28/0x4b0
[ 1547.371697][T25737]  ? __fget_files+0x28/0x4b0
[ 1547.376333][T25737]  ? __fget_files+0x43d/0x4b0
[ 1547.381049][T25737]  ? __fdget_pos+0x2a3/0x330
[ 1547.385667][T25737]  ? ksys_read+0x75/0x260
[ 1547.390025][T25737]  ksys_read+0x150/0x260
[ 1547.394297][T25737]  ? vfs_write+0x990/0x990
[ 1547.398739][T25737]  ? lockdep_hardirqs_on+0x98/0x150
[ 1547.403987][T25737]  do_syscall_64+0x55/0xa0
[ 1547.408428][T25737]  ? clear_bhb_loop+0x40/0x90
[ 1547.413151][T25737]  ? clear_bhb_loop+0x40/0x90
[ 1547.417877][T25737]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1547.423801][T25737] RIP: 0033:0x7f72b7b5d60e
[ 1547.428239][T25737] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1547.447873][T25737] RSP: 002b:00007f72b8ad9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1547.456336][T25737] RAX: ffffffffffffffda RBX: 00007f72b8ada6c0 RCX: 00007f72b7b5d60e
[ 1547.464336][T25737] RDX: 000000000000000f RSI: 00007f72b8ada0a0 RDI: 0000000000000006
[ 1547.472344][T25737] RBP: 00007f72b8ada090 R08: 0000000000000000 R09: 0000000000000000
[ 1547.480351][T25737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1547.488352][T25737] R13: 00007f72b7e16038 R14: 00007f72b7e15fa0 R15: 00007ffeca497e88
[ 1547.496355][T25737]  </TASK>
[ 1547.655932][T25739] __nla_validate_parse: 12 callbacks suppressed
[ 1547.655953][T25739] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5947'.
[ 1548.141310][T25754] netlink: 202328 bytes leftover after parsing attributes in process `syz.3.5953'.
[ 1548.151213][T25754] openvswitch: netlink: Key type 29 is not supported
[ 1548.193276][T25754] validate_nla: 3 callbacks suppressed
[ 1548.193296][T25754] netlink: 'syz.3.5953': attribute type 25 has an invalid length.
[ 1548.212023][T25754] netlink: 2418 bytes leftover after parsing attributes in process `syz.3.5953'.
[ 1548.967485][T25770] netlink: 'syz.2.5960': attribute type 17 has an invalid length.
[ 1548.990417][T25770] netlink: 'syz.2.5960': attribute type 16 has an invalid length.
[ 1549.026335][T25770] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5960'.
[ 1549.132211][T25767] netlink: 'syz.3.5957': attribute type 10 has an invalid length.
[ 1549.141307][T25767] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5957'.
[ 1549.268892][T25779] FAULT_INJECTION: forcing a failure.
[ 1549.268892][T25779] name failslab, interval 1, probability 0, space 0, times 0
[ 1549.291538][T25779] CPU: 1 PID: 25779 Comm: syz.2.5961 Not tainted syzkaller #0
[ 1549.299093][T25779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1549.309194][T25779] Call Trace:
[ 1549.312510][T25779]  <TASK>
[ 1549.315475][T25779]  dump_stack_lvl+0x18c/0x250
[ 1549.320214][T25779]  ? show_regs_print_info+0x20/0x20
[ 1549.325461][T25779]  ? load_image+0x420/0x420
[ 1549.330026][T25779]  ? __might_sleep+0xe0/0xe0
[ 1549.334681][T25779]  ? __lock_acquire+0x7d40/0x7d40
[ 1549.339759][T25779]  should_fail_ex+0x39d/0x4d0
[ 1549.344498][T25779]  should_failslab+0x9/0x20
[ 1549.349060][T25779]  slab_pre_alloc_hook+0x59/0x310
[ 1549.354137][T25779]  ? tomoyo_encode+0x28b/0x540
[ 1549.358937][T25779]  ? tomoyo_encode+0x28b/0x540
[ 1549.363748][T25779]  __kmem_cache_alloc_node+0x53/0x250
[ 1549.369175][T25779]  ? tomoyo_encode+0x28b/0x540
[ 1549.373989][T25779]  __kmalloc+0xa4/0x230
[ 1549.378190][T25779]  tomoyo_encode+0x28b/0x540
[ 1549.382830][T25779]  tomoyo_realpath_from_path+0x592/0x5d0
[ 1549.388535][T25779]  tomoyo_path_number_perm+0x248/0x620
[ 1549.394075][T25779]  ? tomoyo_path_number_perm+0x217/0x620
[ 1549.399788][T25779]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1549.405346][T25779]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1549.411560][T25779]  ? lockdep_hardirqs_on+0x98/0x150
[ 1549.416835][T25779]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1549.423066][T25779]  security_file_ioctl+0x70/0xa0
[ 1549.428065][T25779]  __se_sys_ioctl+0x48/0x170
[ 1549.432710][T25779]  do_syscall_64+0x55/0xa0
[ 1549.437228][T25779]  ? clear_bhb_loop+0x40/0x90
[ 1549.441979][T25779]  ? clear_bhb_loop+0x40/0x90
[ 1549.446713][T25779]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1549.452654][T25779] RIP: 0033:0x7fc24b19cdd9
[ 1549.457112][T25779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1549.476790][T25779] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1549.485268][T25779] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1549.493370][T25779] RDX: 0000200000000280 RSI: 0000000000008b26 RDI: 0000000000000005
[ 1549.501376][T25779] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1549.509391][T25779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1549.517408][T25779] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1549.525445][T25779]  </TASK>
[ 1549.563961][T25779] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1550.348120][T25798] netlink: 'syz.2.5969': attribute type 17 has an invalid length.
[ 1550.358098][T25798] netlink: 'syz.2.5969': attribute type 16 has an invalid length.
[ 1550.373988][T25798] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5969'.
[ 1550.962136][T25810] FAULT_INJECTION: forcing a failure.
[ 1550.962136][T25810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1550.975970][T25810] CPU: 1 PID: 25810 Comm: syz.1.5972 Not tainted syzkaller #0
[ 1550.983484][T25810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1550.993586][T25810] Call Trace:
[ 1550.996921][T25810]  <TASK>
[ 1550.999895][T25810]  dump_stack_lvl+0x18c/0x250
[ 1551.004640][T25810]  ? show_regs_print_info+0x20/0x20
[ 1551.009929][T25810]  ? load_image+0x420/0x420
[ 1551.014484][T25810]  ? __lock_acquire+0x7d40/0x7d40
[ 1551.019565][T25810]  ? snprintf+0xe9/0x140
[ 1551.023858][T25810]  should_fail_ex+0x39d/0x4d0
[ 1551.028600][T25810]  _copy_to_user+0x2f/0xa0
[ 1551.033081][T25810]  simple_read_from_buffer+0xe7/0x150
[ 1551.038525][T25810]  proc_fail_nth_read+0x1e8/0x260
[ 1551.043618][T25810]  ? proc_fault_inject_write+0x360/0x360
[ 1551.049315][T25810]  ? fsnotify_perm+0x271/0x5e0
[ 1551.054138][T25810]  ? proc_fault_inject_write+0x360/0x360
[ 1551.059831][T25810]  vfs_read+0x28b/0x970
[ 1551.064152][T25810]  ? kernel_read+0x1e0/0x1e0
[ 1551.068802][T25810]  ? __fget_files+0x28/0x4b0
[ 1551.073452][T25810]  ? __fget_files+0x28/0x4b0
[ 1551.078093][T25810]  ? __fget_files+0x43d/0x4b0
[ 1551.082836][T25810]  ? __fdget_pos+0x2a3/0x330
[ 1551.087509][T25810]  ? ksys_read+0x75/0x260
[ 1551.091888][T25810]  ksys_read+0x150/0x260
[ 1551.096198][T25810]  ? vfs_write+0x990/0x990
[ 1551.100678][T25810]  ? lockdep_hardirqs_on+0x98/0x150
[ 1551.105949][T25810]  do_syscall_64+0x55/0xa0
[ 1551.110415][T25810]  ? clear_bhb_loop+0x40/0x90
[ 1551.115143][T25810]  ? clear_bhb_loop+0x40/0x90
[ 1551.119880][T25810]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1551.125808][T25810] RIP: 0033:0x7f17d695d60e
[ 1551.130250][T25810] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1551.149879][T25810] RSP: 002b:00007f17d7791fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1551.158323][T25810] RAX: ffffffffffffffda RBX: 00007f17d77926c0 RCX: 00007f17d695d60e
[ 1551.166330][T25810] RDX: 000000000000000f RSI: 00007f17d77920a0 RDI: 0000000000000008
[ 1551.174330][T25810] RBP: 00007f17d7792090 R08: 0000000000000000 R09: 0000000000000000
[ 1551.182323][T25810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1551.190320][T25810] R13: 00007f17d6c16128 R14: 00007f17d6c16090 R15: 00007ffec55bf938
[ 1551.198340][T25810]  </TASK>
[ 1551.704258][T25815] netlink: 'syz.2.5973': attribute type 10 has an invalid length.
[ 1551.712182][T25815] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5973'.
[ 1551.865196][T25823] netlink: 'syz.1.5978': attribute type 17 has an invalid length.
[ 1551.878370][T25823] netlink: 'syz.1.5978': attribute type 16 has an invalid length.
[ 1551.914629][T25823] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5978'.
[ 1552.117953][T25829] netlink: 'syz.2.5981': attribute type 3 has an invalid length.
[ 1552.126507][T25829] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.5981'.
[ 1553.186767][T25848] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5988'.
[ 1553.575713][T25856] validate_nla: 2 callbacks suppressed
[ 1553.575731][T25856] netlink: 'syz.0.5990': attribute type 10 has an invalid length.
[ 1553.612268][T25856] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5990'.
[ 1554.700438][T25876] netlink: 'syz.1.6000': attribute type 17 has an invalid length.
[ 1554.729256][T25876] netlink: 'syz.1.6000': attribute type 16 has an invalid length.
[ 1554.756257][T25876] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6000'.
[ 1554.880031][T25880] netlink: 156 bytes leftover after parsing attributes in process `syz.0.6002'.
[ 1554.998832][T25885] netlink: 'syz.2.6004': attribute type 4 has an invalid length.
[ 1555.076698][T25890] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.6003'.
[ 1555.096816][T25890] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6003'.
[ 1555.336030][T25900] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6009'.
[ 1555.372522][T25900] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6009'.
[ 1555.445471][T25903] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6009'.
[ 1555.471408][T25900] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6009'.
[ 1555.625984][T25905] netlink: 'syz.3.6008': attribute type 10 has an invalid length.
[ 1555.819629][T25911] netlink: 'syz.2.6011': attribute type 17 has an invalid length.
[ 1555.848461][T25911] netlink: 'syz.2.6011': attribute type 16 has an invalid length.
[ 1556.248754][T25919] FAULT_INJECTION: forcing a failure.
[ 1556.248754][T25919] name failslab, interval 1, probability 0, space 0, times 0
[ 1556.283437][T25919] CPU: 1 PID: 25919 Comm: syz.2.6015 Not tainted syzkaller #0
[ 1556.291059][T25919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1556.301189][T25919] Call Trace:
[ 1556.304525][T25919]  <TASK>
[ 1556.307523][T25919]  dump_stack_lvl+0x18c/0x250
[ 1556.312293][T25919]  ? show_regs_print_info+0x20/0x20
[ 1556.317566][T25919]  ? load_image+0x420/0x420
[ 1556.322125][T25919]  ? __might_sleep+0xe0/0xe0
[ 1556.326763][T25919]  ? __lock_acquire+0x7d40/0x7d40
[ 1556.331851][T25919]  should_fail_ex+0x39d/0x4d0
[ 1556.336637][T25919]  should_failslab+0x9/0x20
[ 1556.341200][T25919]  slab_pre_alloc_hook+0x59/0x310
[ 1556.346293][T25919]  ? __lock_acquire+0x7d40/0x7d40
[ 1556.351370][T25919]  kmem_cache_alloc_node+0x60/0x320
[ 1556.356624][T25919]  ? __alloc_skb+0x103/0x2c0
[ 1556.361269][T25919]  __alloc_skb+0x103/0x2c0
[ 1556.365741][T25919]  netlink_sendmsg+0x66a/0xbf0
[ 1556.370584][T25919]  ? perf_trace_lock+0x304/0x3b0
[ 1556.375587][T25919]  ? netlink_getsockopt+0x590/0x590
[ 1556.380847][T25919]  ? aa_sock_msg_perm+0x94/0x150
[ 1556.385849][T25919]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1556.391201][T25919]  ? security_socket_sendmsg+0x80/0xa0
[ 1556.396711][T25919]  ? netlink_getsockopt+0x590/0x590
[ 1556.401978][T25919]  ____sys_sendmsg+0x5ba/0x960
[ 1556.406809][T25919]  ? __asan_memset+0x22/0x40
[ 1556.411536][T25919]  ? __sys_sendmsg_sock+0x30/0x30
[ 1556.416604][T25919]  ? __import_iovec+0x5f2/0x850
[ 1556.421533][T25919]  ? import_iovec+0x73/0xa0
[ 1556.426089][T25919]  ___sys_sendmsg+0x2a6/0x360
[ 1556.430815][T25919]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1556.435672][T25919]  ? __lock_acquire+0x7d40/0x7d40
[ 1556.440797][T25919]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1556.445700][T25919]  ? __x64_sys_sendmsg+0x80/0x80
[ 1556.450799][T25919]  ? lockdep_hardirqs_on+0x98/0x150
[ 1556.456058][T25919]  do_syscall_64+0x55/0xa0
[ 1556.460539][T25919]  ? clear_bhb_loop+0x40/0x90
[ 1556.465281][T25919]  ? clear_bhb_loop+0x40/0x90
[ 1556.470031][T25919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1556.475977][T25919] RIP: 0033:0x7fc24b19cdd9
[ 1556.480431][T25919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1556.500106][T25919] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1556.508570][T25919] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1556.516579][T25919] RDX: 0000000000000000 RSI: 00002000000039c0 RDI: 0000000000000007
[ 1556.524613][T25919] RBP: 00007fc24c05f090 R08: 0000000000000000 R09: 0000000000000000
[ 1556.532615][T25919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1556.540630][T25919] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1556.548687][T25919]  </TASK>
[ 1557.035065][T25925] netlink: 'syz.0.6014': attribute type 10 has an invalid length.
[ 1557.157716][T25929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1557.305442][T25936] netlink: 'syz.3.6019': attribute type 3 has an invalid length.
[ 1557.654164][T25947] netlink: 'syz.3.6024': attribute type 17 has an invalid length.
[ 1558.553945][T25957] FAULT_INJECTION: forcing a failure.
[ 1558.553945][T25957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1558.568924][T25957] CPU: 1 PID: 25957 Comm: syz.1.6027 Not tainted syzkaller #0
[ 1558.576468][T25957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1558.586583][T25957] Call Trace:
[ 1558.589929][T25957]  <TASK>
[ 1558.592918][T25957]  dump_stack_lvl+0x18c/0x250
[ 1558.597680][T25957]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1558.604085][T25957]  ? show_regs_print_info+0x20/0x20
[ 1558.609385][T25957]  ? load_image+0x420/0x420
[ 1558.614089][T25957]  ? should_fail_ex+0x322/0x4d0
[ 1558.619057][T25957]  should_fail_ex+0x39d/0x4d0
[ 1558.623869][T25957]  _copy_from_user+0x2f/0xe0
[ 1558.628550][T25957]  ___sys_sendmsg+0x1c7/0x360
[ 1558.633323][T25957]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1558.638212][T25957]  ? __lock_acquire+0x7d40/0x7d40
[ 1558.643415][T25957]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1558.648321][T25957]  ? __x64_sys_sendmsg+0x80/0x80
[ 1558.653345][T25957]  ? syscall_enter_from_user_mode+0x2e/0x80
[ 1558.659304][T25957]  do_syscall_64+0x55/0xa0
[ 1558.663776][T25957]  ? clear_bhb_loop+0x40/0x90
[ 1558.668530][T25957]  ? clear_bhb_loop+0x40/0x90
[ 1558.673254][T25957]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1558.679196][T25957] RIP: 0033:0x7f17d699cdd9
[ 1558.683654][T25957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1558.703330][T25957] RSP: 002b:00007f17d77b3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1558.711825][T25957] RAX: ffffffffffffffda RBX: 00007f17d6c15fa0 RCX: 00007f17d699cdd9
[ 1558.720034][T25957] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 1558.728060][T25957] RBP: 00007f17d77b3090 R08: 0000000000000000 R09: 0000000000000000
[ 1558.736063][T25957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1558.744073][T25957] R13: 00007f17d6c16038 R14: 00007f17d6c15fa0 R15: 00007ffec55bf938
[ 1558.752126][T25957]  </TASK>
[ 1559.323388][T25967] validate_nla: 2 callbacks suppressed
[ 1559.323406][T25967] netlink: 'syz.3.6031': attribute type 10 has an invalid length.
[ 1559.338425][T25967] __nla_validate_parse: 10 callbacks suppressed
[ 1559.338444][T25967] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6031'.
[ 1559.721094][T25977] netlink: 'syz.0.6033': attribute type 17 has an invalid length.
[ 1559.740487][T25977] netlink: 'syz.0.6033': attribute type 16 has an invalid length.
[ 1559.750281][T25977] netlink: 152 bytes leftover after parsing attributes in process `syz.0.6033'.
[ 1559.992871][T25982] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6034'.
[ 1560.003341][T25982] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6034'.
[ 1560.022924][T25982] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6034'.
[ 1560.035949][T25982] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6034'.
[ 1575.100738][T22134] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1575.111485][T22134] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1575.120053][T22134] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1575.129240][T22134] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1575.137585][T22134] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1575.145075][T22134] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1575.374926][T21880] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1575.385334][T21880] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1575.393625][T21880] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1575.402276][T21880] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1575.411015][T21880] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1575.419036][T21880] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1576.570902][T25989] chnl_net:caif_netlink_parms(): no params data found
[ 1576.865200][T21880] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1576.876827][T21880] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1576.886975][T21880] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1576.895796][T21880] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1576.903721][T21880] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1576.911883][T21880] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1576.920103][T21880] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1576.930180][T21880] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1576.938006][T21880] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1576.965287][T21880] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1576.972694][T21880] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 1576.982317][T13311] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1577.150505][T25989] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1577.169064][T25989] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1577.203925][T25989] bridge_slave_0: entered allmulticast mode
[ 1577.232478][T25989] bridge_slave_0: entered promiscuous mode
[ 1577.252174][T25992] chnl_net:caif_netlink_parms(): no params data found
[ 1577.263849][T22134] Bluetooth: hci3: command tx timeout
[ 1577.320238][T25989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1577.327985][T25989] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1577.342077][T25989] bridge_slave_1: entered allmulticast mode
[ 1577.350037][T25989] bridge_slave_1: entered promiscuous mode
[ 1577.493097][T25989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1577.511678][T26013] Bluetooth: hci5: command tx timeout
[ 1577.631238][T25989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1577.957620][T25992] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1577.972774][T25992] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1577.985310][T25992] bridge_slave_0: entered allmulticast mode
[ 1577.992904][T25992] bridge_slave_0: entered promiscuous mode
[ 1578.011794][T25989] team0: Port device team_slave_0 added
[ 1578.026457][T25992] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1578.033624][T25992] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1578.053163][T25992] bridge_slave_1: entered allmulticast mode
[ 1578.061287][T25992] bridge_slave_1: entered promiscuous mode
[ 1578.077983][T25989] team0: Port device team_slave_1 added
[ 1578.205819][T25989] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1578.212837][T25989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1578.254550][T25989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1578.278305][T25992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1579.083987][ T5785] Bluetooth: hci6: command tx timeout
[ 1579.090446][T26013] Bluetooth: hci7: command tx timeout
[ 1579.324097][T26013] Bluetooth: hci3: command tx timeout
[ 1579.583325][T26013] Bluetooth: hci5: command tx timeout
[ 1581.164082][ T5785] Bluetooth: hci6: command tx timeout
[ 1581.170700][T26013] Bluetooth: hci7: command tx timeout
[ 1581.404226][T26013] Bluetooth: hci3: command tx timeout
[ 1581.654102][T26013] Bluetooth: hci5: command tx timeout
[ 1583.254086][ T5785] Bluetooth: hci6: command tx timeout
[ 1583.261612][T26013] Bluetooth: hci7: command tx timeout
[ 1583.494080][T26013] Bluetooth: hci3: command tx timeout
[ 1583.724106][T26013] Bluetooth: hci5: command tx timeout
[ 1585.323876][T26013] Bluetooth: hci7: command tx timeout
[ 1585.329393][T26013] Bluetooth: hci6: command tx timeout
[ 1607.659749][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.673804][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[ 1635.915302][T22134] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1635.925712][T22134] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1635.933759][T22134] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1635.942399][T22134] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1635.950979][T22134] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[ 1635.958893][T22134] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1636.055334][T22134] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 1636.070657][T22134] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1636.079531][T22134] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1636.094918][T22134] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1636.102718][T22134] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[ 1636.110625][T22134] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1637.185897][ T5785] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[ 1637.202860][ T5785] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 1637.212401][ T5785] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 1637.226097][ T5785] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 1637.234635][ T5785] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[ 1637.242176][ T5785] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 1637.378655][T22134] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[ 1637.400467][T22134] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[ 1637.413573][T22134] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[ 1637.430266][T22134] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[ 1637.441287][T22134] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[ 1637.455139][T22134] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[ 1638.044127][T22134] Bluetooth: hci8: command tx timeout
[ 1638.214139][T22134] Bluetooth: hci9: command tx timeout
[ 1639.334265][T22134] Bluetooth: hci10: command tx timeout
[ 1639.491445][T22134] Bluetooth: hci11: command tx timeout
[ 1640.123942][T22134] Bluetooth: hci8: command tx timeout
[ 1640.294195][T22134] Bluetooth: hci9: command tx timeout
[ 1641.414382][T22134] Bluetooth: hci10: command tx timeout
[ 1641.573782][T22134] Bluetooth: hci11: command tx timeout
[ 1642.204027][T22134] Bluetooth: hci8: command tx timeout
[ 1642.374068][T22134] Bluetooth: hci9: command tx timeout
[ 1643.485445][T22134] Bluetooth: hci10: command tx timeout
[ 1643.644271][T22134] Bluetooth: hci11: command tx timeout
[ 1644.283819][T22134] Bluetooth: hci8: command tx timeout
[ 1644.454086][T22134] Bluetooth: hci9: command tx timeout
[ 1645.572394][T22134] Bluetooth: hci10: command tx timeout
[ 1645.734156][T22134] Bluetooth: hci11: command tx timeout
[ 1664.463724][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[ 1664.470507][    C0] rcu: 	0-....: (10500 ticks this GP) idle=6504/1/0x4000000000000000 softirq=113793/113793 fqs=4305
[ 1664.482531][    C0] rcu: 	         hardirqs   softirqs   csw/system
[ 1664.488963][    C0] rcu: 	 number:  1261016          0            0
[ 1664.495391][    C0] rcu: 	cputime:    17188      35301           66   ==> 52490(ms)
[ 1664.503255][    C0] rcu: 	(t=10500 jiffies g=160793 q=4257 ncpus=2)
[ 1664.509688][    C0] CPU: 0 PID: 25971 Comm: syz.2.6032 Not tainted syzkaller #0
[ 1664.517162][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1664.527247][    C0] RIP: 0010:kasan_check_range+0x1c0/0x290
[ 1664.533001][    C0] Code: 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 0e 41 80 3b 00 75 6b 49 ff c3 49 ff cc 75 f2 5b 41 5c 41 5d 41 5e <41> 5f 5d c3 45 84 ff 0f 85 91 00 00 00 41 f7 c7 00 ff 00 00 0f 85
[ 1664.552631][    C0] RSP: 0018:ffffc90000007208 EFLAGS: 00000256
[ 1664.558720][    C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff8168ad76
[ 1664.566715][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e8b19a8
[ 1664.574726][    C0] RBP: ffffc90000007338 R08: ffffffff8e8b19af R09: 1ffffffff1d16335
[ 1664.582834][    C0] R10: dffffc0000000000 R11: fffffbfff1d16336 R12: ffffffff819477b6
[ 1664.590847][    C0] R13: dffffc0000000000 R14: 00007fc24b19cdd9 R15: 1ffffffff1d16335
[ 1664.598860][    C0] FS:  00007fc24c05f6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1664.607821][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1664.614431][    C0] CR2: 0000200000003780 CR3: 000000006b2dd000 CR4: 00000000003506f0
[ 1664.622420][    C0] DR0: 0000000000000002 DR1: 0000000000000000 DR2: 0000000000000000
[ 1664.630413][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 1664.638426][    C0] Call Trace:
[ 1664.641725][    C0]  <IRQ>
[ 1664.644602][    C0]  lock_release+0xa6/0x8c0
[ 1664.649049][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1664.655234][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[ 1664.660458][    C0]  ? __lock_acquire+0x7d40/0x7d40
[ 1664.665515][    C0]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1664.671626][    C0]  ? is_bpf_text_address+0x5b/0x2a0
[ 1664.676850][    C0]  is_bpf_text_address+0x28f/0x2a0
[ 1664.681987][    C0]  ? is_bpf_text_address+0x26/0x2a0
[ 1664.687224][    C0]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1664.693321][    C0]  kernel_text_address+0xa0/0xd0
[ 1664.698318][    C0]  __kernel_text_address+0xd/0x30
[ 1664.703392][    C0]  unwind_get_return_address+0x5d/0xc0
[ 1664.708975][    C0]  ? stack_trace_save+0x100/0x100
[ 1664.714036][    C0]  arch_stack_walk+0x11d/0x190
[ 1664.718852][    C0]  stack_trace_save+0xaa/0x100
[ 1664.723691][    C0]  ? stack_trace_snprint+0xf0/0xf0
[ 1664.728847][    C0]  ? unwind_get_return_address+0x91/0xc0
[ 1664.734512][    C0]  ? stack_trace_save+0x100/0x100
[ 1664.739568][    C0]  ? arch_stack_walk+0x160/0x190
[ 1664.744532][    C0]  kasan_set_track+0x4e/0x70
[ 1664.749145][    C0]  ? kasan_set_track+0x4e/0x70
[ 1664.753943][    C0]  ? __kasan_kmalloc+0x8f/0xa0
[ 1664.758737][    C0]  ? ref_tracker_alloc+0x162/0x4c0
[ 1664.764067][    C0]  ? switchdev_deferred_enqueue+0x111/0x240
[ 1664.769992][    C0]  ? br_switchdev_mdb_notify+0x40a/0x860
[ 1664.775670][    C0]  ? br_mdb_notify+0x68/0x960
[ 1664.780383][    C0]  ? br_multicast_group_expired+0x300/0x5e0
[ 1664.786312][    C0]  ? call_timer_fn+0x189/0x540
[ 1664.791122][    C0]  ? __run_timers+0x542/0x800
[ 1664.795829][    C0]  ? run_timer_softirq+0x67/0xf0
[ 1664.800806][    C0]  ? handle_softirqs+0x280/0x820
[ 1664.805771][    C0]  ? __irq_exit_rcu+0xd3/0x190
[ 1664.810559][    C0]  ? irq_exit_rcu+0x9/0x20
[ 1664.814997][    C0]  ? sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1664.820833][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1664.827025][    C0]  ? ___slab_alloc+0x111a/0x12f0
[ 1664.832001][    C0]  ? kmem_cache_alloc_lru+0x1aa/0x2d0
[ 1664.837392][    C0]  ? __d_alloc+0x31/0x730
[ 1664.841747][    C0]  ? d_alloc_pseudo+0x1d/0x70
[ 1664.846450][    C0]  ? alloc_file_pseudo+0xe4/0x210
[ 1664.851497][    C0]  ? sock_alloc_file+0xb7/0x280
[ 1664.856377][    C0]  ? __sys_socket+0x13d/0x1a0
[ 1664.861095][    C0]  ? __x64_sys_socket+0x7a/0x90
[ 1664.865990][    C0]  ? do_syscall_64+0x55/0xa0
[ 1664.870594][    C0]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1664.876721][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1664.881521][    C0]  __kasan_kmalloc+0x8f/0xa0
[ 1664.886130][    C0]  ref_tracker_alloc+0x162/0x4c0
[ 1664.891091][    C0]  ? ref_tracker_dir_exit+0x500/0x500
[ 1664.896507][    C0]  ? __kmem_cache_alloc_node+0x13a/0x250
[ 1664.902167][    C0]  ? switchdev_deferred_enqueue+0x2d/0x240
[ 1664.907998][    C0]  ? switchdev_deferred_enqueue+0x2d/0x240
[ 1664.913836][    C0]  ? switchdev_port_obj_add_deferred+0x350/0x350
[ 1664.920189][    C0]  ? switchdev_deferred_enqueue+0x93/0x240
[ 1664.926022][    C0]  switchdev_deferred_enqueue+0x111/0x240
[ 1664.931767][    C0]  br_switchdev_mdb_notify+0x40a/0x860
[ 1664.937252][    C0]  ? lapic_next_event+0x11/0x20
[ 1664.942132][    C0]  ? clockevents_program_event+0x230/0x310
[ 1664.947970][    C0]  ? br_switchdev_port_vlan_del+0x120/0x120
[ 1664.953914][    C0]  ? mark_lock+0x94/0x320
[ 1664.958274][    C0]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1664.964280][    C0]  ? lock_chain_count+0x20/0x20
[ 1664.969156][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1664.975345][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[ 1664.980573][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1664.986792][    C0]  br_mdb_notify+0x68/0x960
[ 1664.991326][    C0]  br_multicast_group_expired+0x300/0x5e0
[ 1664.997078][    C0]  call_timer_fn+0x189/0x540
[ 1665.001706][    C0]  ? br_multicast_destroy_mdb_entry+0xc0/0xc0
[ 1665.007808][    C0]  ? call_timer_fn+0xd2/0x540
[ 1665.012507][    C0]  ? __run_timers+0x800/0x800
[ 1665.017219][    C0]  ? br_multicast_destroy_mdb_entry+0xc0/0xc0
[ 1665.023310][    C0]  __run_timers+0x542/0x800
[ 1665.027839][    C0]  ? detach_timer+0x2b0/0x2b0
[ 1665.032557][    C0]  run_timer_softirq+0x67/0xf0
[ 1665.037342][    C0]  handle_softirqs+0x280/0x820
[ 1665.042152][    C0]  ? __irq_exit_rcu+0xd3/0x190
[ 1665.046957][    C0]  ? do_softirq+0x1a0/0x1a0
[ 1665.051480][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[ 1665.056710][    C0]  __irq_exit_rcu+0xd3/0x190
[ 1665.061318][    C0]  ? irq_exit_rcu+0x20/0x20
[ 1665.065848][    C0]  irq_exit_rcu+0x9/0x20
[ 1665.070126][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1665.075795][    C0]  </IRQ>
[ 1665.078755][    C0]  <TASK>
[ 1665.081723][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1665.087742][    C0] RIP: 0010:___slab_alloc+0x111a/0x12f0
[ 1665.093335][    C0] Code: c7 44 24 68 00 00 00 00 9c 8f 44 24 68 f7 44 24 68 00 02 00 00 75 7a 41 f7 c6 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 70 0f 85 ef 00 00 00 4c 89 e8 48 83 c4 78 5b 41 5c 41
[ 1665.112978][    C0] RSP: 0018:ffffc90003607c28 EFLAGS: 00000206
[ 1665.119087][    C0] RAX: c0ac9e66a7dc0700 RBX: ffff8880b8e42b70 RCX: c0ac9e66a7dc0700
[ 1665.127109][    C0] RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8fa0
[ 1665.135112][    C0] RBP: ffffffff81debf2f R08: ffffffff8e8b19af R09: 1ffffffff1d16335
[ 1665.143137][    C0] R10: dffffc0000000000 R11: fffffbfff1d16336 R12: 0000000000000000
[ 1665.151138][    C0] R13: ffff88805cecf318 R14: 0000000000000246 R15: 0000000000000000
[ 1665.159153][    C0]  ? ___slab_alloc+0x1ef/0x12f0
[ 1665.164097][    C0]  ? __d_alloc+0x31/0x730
[ 1665.168489][    C0]  kmem_cache_alloc_lru+0x1aa/0x2d0
[ 1665.173735][    C0]  ? __d_alloc+0x31/0x730
[ 1665.178130][    C0]  __d_alloc+0x31/0x730
[ 1665.182362][    C0]  ? alloc_fd+0x58f/0x630
[ 1665.186761][    C0]  d_alloc_pseudo+0x1d/0x70
[ 1665.191307][    C0]  alloc_file_pseudo+0xe4/0x210
[ 1665.196210][    C0]  ? alloc_empty_backing_file+0xe0/0xe0
[ 1665.201812][    C0]  ? _raw_spin_unlock+0x28/0x40
[ 1665.206708][    C0]  ? alloc_fd+0x58f/0x630
[ 1665.211075][    C0]  sock_alloc_file+0xb7/0x280
[ 1665.215809][    C0]  __sys_socket+0x13d/0x1a0
[ 1665.220384][    C0]  __x64_sys_socket+0x7a/0x90
[ 1665.225109][    C0]  do_syscall_64+0x55/0xa0
[ 1665.229586][    C0]  ? clear_bhb_loop+0x40/0x90
[ 1665.234303][    C0]  ? clear_bhb_loop+0x40/0x90
[ 1665.239008][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1665.244941][    C0] RIP: 0033:0x7fc24b19cdd9
[ 1665.249393][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1665.269031][    C0] RSP: 002b:00007fc24c05f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 1665.277496][    C0] RAX: ffffffffffffffda RBX: 00007fc24b415fa0 RCX: 00007fc24b19cdd9
[ 1665.285515][    C0] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000011
[ 1665.293551][    C0] RBP: 00007fc24b232d69 R08: 0000000000000000 R09: 0000000000000000
[ 1665.301681][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1665.309682][    C0] R13: 00007fc24b416038 R14: 00007fc24b415fa0 R15: 00007ffe1c0dfa38
[ 1665.317711][    C0]  </TASK>
[ 1669.089453][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.109521][ T1282] ieee802154 phy1 wpan1: encryption failed: -22