last executing test programs:

9.917371835s ago: executing program 2 (id=2374):
r0 = socket$kcm(0x10, 0x2, 0x10) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r4, &(0x7f0000000000), 0x2a979d) (async)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x10102, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x50) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
close(r5)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110c23003f) (async)
ioctl$TUNGETVNETLE(r5, 0x40047451, &(0x7f0000000180)) (async)
ioctl$TUNGETVNETLE(r5, 0x40047451, &(0x7f00000002c0)) (async)
r7 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r7, 0x89e1, &(0x7f0000000100)={r0})
r8 = socket$kcm(0x10, 0x3, 0x10) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0x80000001, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50)
sendmsg$kcm(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000035000b0fd25a806c8c6f94f90224fc60", 0x14}], 0x1, 0x0, 0x0, 0x20000000}, 0x10) (async)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90224fc602f1a99000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

9.43701063s ago: executing program 2 (id=2377):
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x10, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000340)=ANY=[@ANYBLOB="b700000010e7ffffbca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f040000000000002e0a0200000000002604"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0xffffff84)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r0=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r0, 0x0, 0xfdef)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1b00000000000000000000000300000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000040000001000"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f00000006c0)=""/188, 0xbc}, {&(0x7f0000000f40)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)
recvmsg$kcm(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1100000004000000000000031f0000000000", @ANYRES32, @ANYBLOB="0000000000000000000000020000000000000000d78d67de305ac7d3d24eddd36c7e29037c085e93aad139433f3bac604d59123f0e1f0103204000000000000000497017eda3591162593db8bb383a4eb36b43be499f617b1fcf04c3a1653211ea53783d629603bb5d5d76f432d797084f7033a898ed62eaddab35611ead21e3e3f5667007971e09eee9bf0e33ea3c8d2fbb313bff49dde45e460756381bbede966e418fdf51c454c5e593b3aecfe63e91bc04b1d8880c3bbaa75de816e82868215d6fabe8146ced7ec71b56c70d8214dbceaac135139f7199c67ca81c6784b5bd6d3190fb33f9a9bb4776a4961b97", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(r3)
write$cgroup_pid(r3, &(0x7f00000005c0), 0x12)
bpf$LINK_DETACH(0x22, &(0x7f0000000440)=r3, 0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x408440, 0x0)
ioctl$TUNSETVNETBE(r6, 0x400454de, &(0x7f00000009c0)=0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000000)='syzkaller\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)

8.08709802s ago: executing program 2 (id=2384):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000002000000061198c00000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x80)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="e1a108b9f465f62688073619e8f1ccc3c71a5c84f709aac6c6317190ee66ff9416b22871500da7ae980eefe5984414ef771dec4885f4fc5607cd58bc114539e14006f47a0e15b84100047d8a6117054f2e35f15b2710350c7fb889dbf390f22d3ad1f51f74d1f21b", 0x68}], 0x1, &(0x7f0000000140)=[@ip_retopts={{0x58, 0x0, 0x7, {[@timestamp={0x44, 0x20, 0xd8, 0x0, 0x8, [0x1, 0x5, 0xfffffff5, 0xe5, 0x8, 0xd0a, 0x3]}, @cipso={0x86, 0x1f, 0x1, [{0x0, 0x9, "b1ad099ce1cf7b"}, {0x1, 0x10, "5b6b5e3671cb3fc661c5e416179c"}]}, @cipso={0x86, 0x6, 0xffffffffffffffff}]}}}], 0x58}, 0x40010)

7.864873862s ago: executing program 2 (id=2387):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, &(0x7f0000002800)=[{&(0x7f0000000c00)="b107c09a5026de51ce3e8640af1a8b2d1e67f16405c3458fe41dc04ef234718d683aa3a998fa99431a9c7c6d7505b0cec633f763303666604cbb6aa4c0f995a9454dc81b079dc93b0162ac3d1a8a1b72ce18d493594b3b24bad58801007a7b1d8ab9b50c5dbef8311b2502a124913259abadf354fea31d1ce0fed5c7ac577690164d1a72748723d3eb92e3e73e3a2b7cdfaa442f9e9f8e1a711d5b988215f0f80a2eeade5a078256a41973b0b029278c20a2818628dc256a0742896c3def6e825fdf64fd33d5f584ca908c272dc04d0693decdad028feec7f76221378c185027e8695c9b07506ed46d4f8bb90883c08e85e058ece62cd797d2c01e6285c77430eec435ac9df6256e121859d8aea507ff8a9dd0694681649d44fbb937398edecbe06096df2e443af0c3f0950301e1128727ba88a063e88f90206dd5f099a1c333114b97e0e1b55106a9755e208651a8f281173d1ed31e62433a766a28c8496f00ad108672a1f6079c10588a7ffb658dd61a6efa4bfa379945659c0ebbeca3f56215413802975d89f0c0131c71169084851cddd8b367738f069955b2d3fcdeba878b6bec8240227ddb9fac4706eb62bc6540a91014cce6987ee604c5f398ae4fef3f501ebad02ba122d7769b603eaddb5f9b101f1b42a931ac50c27feb4b0c703d1b3f9e88eb569db5082957fe", 0x1ec}, {&(0x7f0000001680)="fae0835ee82c20abb86f7c287ffb04a52a0b2339a4efc8216bada6fb7f4385ead471969bdf9b82994c10898db8b0fd9a6068b87f4547eff53d6cb7b37534e44d27c79042f5c405c0ff3eaf643001000000000000008263d71ee0e5b2cb31215ded6df9c76d150aa52a4eecb94fe48e79205c96a0aab13eaa4681860576d2e32f6873b200d669e65d56bd8a4703cbea6b8c610ec158fe5f8683f7", 0x9a}, {&(0x7f00000015c0)="6b75b597d05d969a191023", 0xb}, {&(0x7f0000001740)="3f013c9ef434ca4df0854ba1c14f7db8ccda5e87715ffd1ead9c4d9a2306168b07d3c6763a3ceabf6dfae235f3d783ddc8a7bbd796b345df843b5f0a623ab36b3123dfcd05bf4a6e3f35d859ffc0b699be4052995533be91880029387cc3e15b2d9bf3513e617572d965ba8f665eedcbdaad53d04cddeed78a3904956c5dc95f47132090648f98558d14a4850ac4b92e1b41a06dee6198c74c72607a032c3c7ef5abd0ba4a7f9f5dfebd75457b2ec358e951ade2375ad6524eb4263d6ef72e05901da983aac2b31a5e2631e39301a6dd04c128aabcea9134ec99685df1068506541f1265c77c85300497abfebce6ed768d9922ba3699dc6cc1863c0aa9321170b9e63a74986c1996d0fa1a5886e7023836ddbe64bea33edfe6fc1cb64784da18c2d4930eb481930b9298b57c7939189df401aed6a586f0103fccf70f92a53666d5afd3dd0b12273e5c1f2ddee89ed9a280c10df8e55ed24dcf9d631b693cd38006da4629a6b4a599de94a5b8ba6bccffdaa9d3fe0970623c118ba7e811d534915e4c63fa40df1e5a37ad9e5827ff65b2e4d8480a3f66576a3a52c0c80606098c0cb0b203f20d4f7b614652e4d8eb595d29ad1a4ce2c97aa30328c9987e1f1d8b7954ff54ddb69d5c3d2225bdd84e93b19edc2d33116373b0b5be8eea62d84896d2412edf5d321f75811360f89fe6ca8ac6545ec1c9f86ab285d1b5ba00c269514dab7a076c01cbfecaaff336d116481b16e434262de851a70ff056b1f9319840e27d5f446a3476210f4e70ceb71eeec17619911d56b74d7e761ff9c43dd237772377f888bfad215f3ee19eeeb87564f77241258874dd70bdd976305092426d18a3bc60022cb0acc2d21b3e246ae7f49f5b6461b888a3d353362c2ec9bed1f7d4d3a0200e3af42fcf36f4c09bc095b3fd391a23faad86bfa29696b80093da6a97d6c4a54eca89d4979f12acbf89bca0c8cc5f490737b09fd77b8b7fcfa7b94787f81cff59ae583b5309bdb82ff76ceaf739cd254b32cc8e289541b8921aa2aedac4bf6c91c2aab801c459", 0x2ea}], 0x4, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x10}, @multicast1}}}, @ip_retopts={{0x38, 0x0, 0x7, {[@noop, @noop, @rr={0x7, 0x17, 0x22, [@initdev={0xac, 0x1e, 0x0, 0x0}, @local, @multicast2, @rand_addr, @dev]}, @generic={0x82, 0xf, "3a047e2aae56e4b9eab8f1483f"}]}}}], 0x58}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="10", 0x33880}], 0x1, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c00000000000000010000146cf44300", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x38}, 0x8841)
r3 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000140)={&(0x7f0000000000)=@phonet, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)="b8", 0x1ff48}], 0x1, 0x0, 0x0, 0xeaff}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000040)="6700000011008188040f56ecdb4cb9cca7480ef435000000e3bd6efb440009000e002e0010000000ba80013ffa85f59a0000005a8c3774fa0af3dc59a933c1e6a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f", 0x67}], 0x1}, 0x0)

7.615243725s ago: executing program 2 (id=2388):
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x4)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000400000001"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000240), &(0x7f0000000380)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0xd50, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r3 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$kcm(r3, 0x0, 0x200000c0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r0, 0x0, 0xfe33)

7.278101172s ago: executing program 2 (id=2391):
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x10, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000340)=ANY=[@ANYBLOB="b700000010e7ffffbca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f040000000000002e0a0200000000002604"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0xffffff84)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r0=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r0, 0x0, 0xfdef)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1b00000000000000000000000300000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000040000001000"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f00000006c0)=""/188, 0xbc}, {&(0x7f0000000f40)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)
recvmsg$kcm(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1100000004000000000000031f0000000000", @ANYRES32, @ANYBLOB="0000000000000000000000020000000000000000d78d67de305ac7d3d24eddd36c7e29037c085e93aad139433f3bac604d59123f0e1f0103204000000000000000497017eda3591162593db8bb383a4eb36b43be499f617b1fcf04c3a1653211ea53783d629603bb5d5d76f432d797084f7033a898ed62eaddab35611ead21e3e3f5667007971e09eee9bf0e33ea3c8d2fbb313bff49dde45e460756381bbede966e418fdf51c454c5e593b3aecfe63e91bc04b1d8880c3bbaa75de816e82868215d6fabe8146ced7ec71b56c70d8214dbceaac135139f7199c67ca81c6784b5bd6d3190fb33f9a9bb4776a4961b97", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(r3)
write$cgroup_pid(r3, &(0x7f00000005c0), 0x12)
bpf$LINK_DETACH(0x22, &(0x7f0000000440)=r3, 0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x408440, 0x0)
ioctl$TUNSETVNETBE(r6, 0x400454de, &(0x7f00000009c0)=0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000000)='syzkaller\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)

2.583380836s ago: executing program 1 (id=2412):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x10006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x2, 0x300}, {0x6e, 0x0, 0xd}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9, 0x0, 0x0, 0x20000f19}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff0, 0x30000}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.323305139s ago: executing program 1 (id=2414):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x16, 0x2, 0x0, 0x0, 0x0, 0x1, 0x220, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x5ff, 0x100000001}, 0x11619d, 0x80006, 0xfffffbff, 0x5, 0x2, 0x200, 0x5, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x9)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@pptp={0x18, 0x2, {0xfffc, @remote}}, 0x80, 0x0}, 0x4004085)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a11800150006001400000000120800030043000040a8002b000a", 0x35}], 0x1}, 0x20000880)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r1, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b"], 0x50)
r3 = socket$kcm(0x1e, 0x5, 0x0)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50622, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x10000000000, 0xffffffffffffffff, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r4=>0x0, <r5=>0x0})
close(r4)
setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
r6 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r7 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r7, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$kcm(r3, &(0x7f0000000100)={&(0x7f00000004c0)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x2, 0x0, 0x1}}, 0x80, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080))
r8 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="33fe00004a00530c8e5eb88edc5a9c0e0a9b80"], 0xfe33)

2.051998323s ago: executing program 1 (id=2416):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000480)='%pi6   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0xffffffff}, 0x8)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x25, 0xc, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x3, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0b000000060000000c0000000000008001000000", @ANYRES32, @ANYBLOB="030000002cc53643e2276b372073be0000089ac07613d2e90a275cabf46e6f5e7325113c11903d7e0fc085fafa1fc93d1e84ec7d0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, 0xffffffffffffffff)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x36654480}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x100)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xc, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="61df712bc884fed5722780b605a7", 0x0, 0x2f00, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r6, 0x2000000, 0xe, 0x48, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0)
recvmsg(r7, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x4)
socketpair(0x1, 0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000001380)=ANY=[@ANYBLOB="180800002d98afeb000000000000000018280000", @ANYRES32=r8, @ANYBLOB="0000000000000008b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf9700000000000007080000fffdffffbfa400000000000007040000f0ffffff740200000800000018220000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000007d9800000000000056080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x5411, 0x0)

2.050636553s ago: executing program 0 (id=2423):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="850000002e0000004c1b000000000000270000009812000095409100000000000fb1bf58e1878b19b4cbb22d9f1be8fa9d4028e9f3c152c48524883968c2affd9cbdaa9694fc19cf5140ac72f87f841d1911b5b5"], &(0x7f0000000040)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffc62, 0x10, 0x0, 0xfffffffffffffed8}, 0x23)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1, <r1=>0xffffffffffffffff}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x1, 0x7, &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0, 0xad, &(0x7f0000000140)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000240), &(0x7f0000000300), 0x8, 0xa3, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r1, @ANYBLOB="0600000000000000000000000000008f3c0ce6", @ANYRES32=r2, @ANYRES32, @ANYBLOB="00000000050000000300"/28], 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={r1, 0x58, &(0x7f0000000540)}, 0x10)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000800), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x17, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000081000000000000000900000045360be30800bda51d4abbff01000000184400020600000000000000000000009500000000000000"], &(0x7f0000000640)='GPL\x00', 0x47, 0xcc, &(0x7f0000000680)=""/204, 0x40f00, 0x20, '\x00', r2, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x5, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x3, 0x9, 0x4, 0x9}, 0x10, r3, r0, 0x1, &(0x7f0000000840)=[r5, r4, r0, r1, r1, r4, r1, r1], &(0x7f0000000880)=[{0x1, 0x1, 0xf, 0xc}], 0x10, 0xa}, 0x94)

1.825251785s ago: executing program 0 (id=2417):
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x10, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000340)=ANY=[@ANYBLOB="b700000010e7ffffbca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f040000000000002e0a0200000000002604"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0xffffff84)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce2200000000000000"], 0xfdef)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000010000000000000000000000370001000000000095002b43990800125e000000000000"], &(0x7f0000001a40)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000040000001000"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)
recvmsg$kcm(r3, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"})
recvmsg(r3, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x10002)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1100000004000000000000031f0000000000", @ANYRES32, @ANYBLOB="0000000000000000000000020000000000000000d78d67de305ac7d3d24eddd36c7e29037c085e93aad139433f3bac604d59123f0e1f0103204000000000000000497017eda3591162593db8bb383a4eb36b43be499f617b1fcf04c3a1653211ea53783d629603bb5d5d76f432d797084f7033a898ed62eaddab35611ead21e3e3f5667007971e09eee9bf0e33ea3c8d2fbb313bff49dde45e460756381bbede966e418fdf51c454c5e593b3aecfe63e91bc04b1d8880c3bbaa75de816e82868215d6fabe8146ced7ec71b56c70d8214dbceaac135139f7199c67ca81c6784b5bd6d3190fb33f9a9bb4776a4961b97", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(r2)
write$cgroup_pid(r2, &(0x7f00000005c0), 0x12)
bpf$LINK_DETACH(0x22, &(0x7f0000000440)=r2, 0x4)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x408440, 0x0)
ioctl$TUNSETVNETBE(r5, 0x400454de, &(0x7f00000009c0)=0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='syzkaller\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)

1.627063125s ago: executing program 3 (id=2419):
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x3, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000040000000400000008"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0d00000023000000040000000200000040000000", @ANYRES32=r0], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000007c0)={r1, &(0x7f0000000680), 0x0}, 0x20)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

1.495034932s ago: executing program 3 (id=2420):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000400)=[{0xffffffff, 0x0, 0xb, 0x3}, {0x10000002, 0x5, 0x400084, 0x4}, {0x0, 0x1, 0xa, 0xa}, {0x0, 0x2, 0x6, 0xc}, {0x0, 0x4, 0xf, 0x3}]}, 0x94)
r1 = getpid() (async, rerun: 64)
r2 = perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x8601, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x5, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6493790710000000000080000b2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249f21c6eee84309e7a23c19a394830f2539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bfb1c0e6b1244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbb888b0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f94479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b844139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323478a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526894aa7fe5e68949a3b304723177d356c4604bca492ecec37e83efceefd78a2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bd43b5b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebcef5af469abe753314fae31a09c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa7000008000000000000117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d34264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5a71e0d7696caba172745c7dd919ffb631820420b75b6522c0e21c882c66f4f25ffb6d95e07e068000000000000eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6f0100000000000000f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e09d24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868db06fd892d68a547477f8ef686ff0dba7b8c18c94d5a89b0567a851750a35d9cc2217db890d89385fcaa00f0f2e524672e6f4c8bedfd5da5b157709b8265cf511dc5846ab1d85916c4a6b2d1b408575982e11230cbac0a9c6eaa03c945645581f678403c2a936c53ae72940aa92bcf22b82c6bc028e0acdddf9fef595f0f7a9f80c0e4c659ced769ec463d26a81e468846761a8e1efd6a031ab7adc8665e267be0065cc315aa23012423ec8b8492d9b50fa4d8c5891959b761eec6dc988532782fda13239c948e27853606e26225c796b79cc04f3d1a5a13000000001e301d82a27010d3ac6119d2b12caf282413672d20c852c50084d7b2d50754775ed63bc18023c31351af76e24788d96103455693b34e09a163a9f613a7e5530222cebd7fa0fbff32dc98088f9fab33648cc38e87dd2dd6ee157f5f018702696915661715c979b7796d4f101a257688af7c148e8615c938c4ca8a69f6fc585ec1dd1857a501f90b161eff23181a11a2b0da4c58d459cbf9db"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x9}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r1, r2, 0x0, 0x1, &(0x7f0000000280)='\\{\x00'}, 0x12) (async)
close(0x3) (async, rerun: 64)
r4 = socket$kcm(0x2, 0x1, 0x84) (rerun: 64)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000600)="00c2524718ec359a36a0f28820d9d5fc6d3556c2561f619b6f08000000996e58e0b2b220349f65f641ed8db4618f3caccdc25302bb4f723341dadc1c53304bfae1c45fc6ef71c64504febcf3289b659bf11df2d336b80b9a258cb45d4b68416db5fdea8ee772fd3e26acf8b4bb6aa7c8b7a5a769968f00f3668ea7bdc9446bc5528d0da1703c6234f53e19000000aa2c584d4359ad7c5ee6f6c0f253a9d0aab7dc36771596d00fe31609ed19bb14cec1dd7331996c9f4785cc2fe968f45ba1b43efcf69d959c570513008bf5524b9639fa23cd9bd74df19697139ba4f858c49c4b3da520289d982c2692d0c4a89bb413cda39a48aace1e46fce0c0f0425f8be69121d2d5bb4258436542aa838b225a638cfe2fe46b752df33b40bb3c05f12882a6856ef76e083fb8897942f7590d8347259cadf89cd270beded21975e64ceaf33b68d5d01b2e7e5fd1812210b21e99fb3f14b63afcf4c0690ea5f418df25a4c706e0ebb8d6b7eca85b0b586a957c85399af6aa6450aba2d0ee7c09e5598137", 0x17f}], 0x1}, 0x0) (async)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)='`\x00\x00', 0xffe0}], 0x1}, 0x0)

1.438176585s ago: executing program 0 (id=2421):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0e000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000c0000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008100000b704000000000400850000003300000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.211360457s ago: executing program 0 (id=2422):
r0 = socket$kcm(0x2, 0x3, 0x84)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1)
r2 = socket$kcm(0x29, 0x2, 0x0)
close(r2)
r3 = socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400, 0x94001, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, @perf_config_ext={0xffffffffffffffff}, 0x8000, 0x5, 0x3, 0xaaf04684de878bda, 0x9, 0x6, 0xfffe, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
close(r4)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0xffffffffffffffa6, &(0x7f00000001c0)=[{&(0x7f0000000100)="1c00000021006bcd210000006e04000081000000000000007aa60864", 0x1c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
close(r3)
socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0xd, &(0x7f0000000080), 0x2cb)
close(r3)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="280000000000000000000000070000000717a87f000001ac141400e0000001ac1e0001ac1414bb011c000000000000000000000008000000", @ANYRES64=r0], 0x48}, 0x20028814)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1}, [@call={0x85, 0x0, 0x0, 0xb2}]}, &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000140)=r1, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x80000001, '\x00', 0x0, 0x0}, 0x48)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a118001500060014ef030000120800040043160000a8001600a400014020000500feffff7fb94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0)

1.171758749s ago: executing program 3 (id=2424):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000029006bcd9e3fe3dc4e48aa31086b8703290000001f00000002000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

1.035145166s ago: executing program 3 (id=2425):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000e00)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000500000000000e1ff95000000000000002ba76bb33123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee04000000670d25010000020000040000009fc404000000c788b277beee11bf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d04683712a0b09edc9e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca311f5b87e1ca8433a8acd715f5888b2007f0000000000000000010000000000fb00010000000000414027efc84293af6a22000000005335001db43a5c000000000000000024000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891f7e5ff7fd6fce424c2200af6c3784a1975fa657de38a3a32a4fd67ce446ac5431d07db79240acaf091231b986e77d05d988d6edc71df48dca02113a38300c2bf2b5543ffc1669557b3819d8c396d2c2361629d1022f722ec23812770d72cd0010000007889b8c7044f563a1f68d4eff895fdbc463f747c08f40105869035000000000000000000000000000000000000000000000000080000003ddf4aa4b1c8baa0ae6feb6737c275dc2740f742b5425f1d581961471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f1538ee25a365ccf4a9b604e88e12ff25184d4e3c6f7f623559435b26b50fb7113000000f0bc440550ee91302f5a000000000000000000000000006d0000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7af05c648978d9980ba49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec2c3f4523110c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da093dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32881dfd15dc84e79d326337e21e041654f06bd7f000000000000000000000000000000282ffe0000000009350cfa3ab109ab4a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dd6b1bfe4104d2262f33f596d606ccce75a3c3d5f9ad94a7316b0c6ad14f1398a6b39b07121f636da418b34d48677cf8d2d99ee8ac50142bcdcc73dd73cc6ec46896ffb35ac82ac7a9309ea07396d2814dc630ad1a9913934849be25f7b81b59aaa9fa2e9d6ecafcfa1de81b2d3581ab1138537f98d2240b6c2bf40569da4e2bb77532ab9220347d78319617d17e14f7331486e86b2145980b95c88ae11b1c6b6ea6c2b2311d6ce6315cc451dd50ac746acd59d075b41f9a747894956b10453ccf6527d8f579256e9849bbaf6c7c84362209d3d2320101d57"], &(0x7f0000000140)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000002c0)=r1, 0x4)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000006c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000586500000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)

997.905958ms ago: executing program 1 (id=2426):
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x10, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000340)=ANY=[@ANYBLOB="b700000010e7ffffbca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f040000000000002e0a0200000000002604"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0xffffff84)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r0=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r0, 0x0, 0xfdef)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1b00000000000000000000000300000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000040000001000"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {0x0}, {&(0x7f00000006c0)=""/188, 0xbc}, {&(0x7f0000000f40)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x9}, 0x40012100)
recvmsg$kcm(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1100000004000000000000031f0000000000", @ANYRES32, @ANYBLOB="0000000000000000000000020000000000000000d78d67de305ac7d3d24eddd36c7e29037c085e93aad139433f3bac604d59123f0e1f0103204000000000000000497017eda3591162593db8bb383a4eb36b43be499f617b1fcf04c3a1653211ea53783d629603bb5d5d76f432d797084f7033a898ed62eaddab35611ead21e3e3f5667007971e09eee9bf0e33ea3c8d2fbb313bff49dde45e460756381bbede966e418fdf51c454c5e593b3aecfe63e91bc04b1d8880c3bbaa75de816e82868215d6fabe8146ced7ec71b56c70d8214dbceaac135139f7199c67ca81c6784b5bd6d3190fb33f9a9bb4776a4961b97", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(r3)
write$cgroup_pid(r3, &(0x7f00000005c0), 0x12)
bpf$LINK_DETACH(0x22, &(0x7f0000000440)=r3, 0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x408440, 0x0)
ioctl$TUNSETVNETBE(r6, 0x400454de, &(0x7f00000009c0)=0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000000)='syzkaller\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)

839.192026ms ago: executing program 0 (id=2427):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x4, @perf_config_ext={0x4, 0x6}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x1, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000300)={0x1, &(0x7f0000000340)=[{0x28, 0x40, 0x10, 0xfffff00f}]})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
syz_open_procfs$namespace(0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1b", 0x11}], 0x1}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="9fedcb7968ddc36c8f263408008daa"], 0xfdef)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123000000000006113100000000000bf2000000000000016000200071b48013d030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07276702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

800.894028ms ago: executing program 3 (id=2428):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000005c0)=r2, 0x12)
r5 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x39)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000008040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000100)='devices.deny\x00', 0x2, 0x0)
r10 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x5, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000611214000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r11, &(0x7f0000000000), &(0x7f0000000040)=""/63}, 0x20)
write$cgroup_devices(r9, &(0x7f0000000140)=ANY=[@ANYBLOB="62202a3a340977770a89"], 0xa)
r12 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r13 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r13, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r12, 0x2405, r10)

661.859325ms ago: executing program 1 (id=2429):
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x10, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000340)=ANY=[@ANYBLOB="b700000010e7ffffbca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f040000000000002e0a0200000000002604"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0xffffff84)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce2200000000000000"], 0xfdef)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000010000000000000000000000370001000000000095002b43990800125e000000000000"], &(0x7f0000001a40)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000040000001000"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xf2}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0x8}, 0x40012100)
recvmsg$kcm(r3, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"})
recvmsg(r3, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x10002)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1100000004000000000000031f0000000000", @ANYRES32, @ANYBLOB="0000000000000000000000020000000000000000d78d67de305ac7d3d24eddd36c7e29037c085e93aad139433f3bac604d59123f0e1f0103204000000000000000497017eda3591162593db8bb383a4eb36b43be499f617b1fcf04c3a1653211ea53783d629603bb5d5d76f432d797084f7033a898ed62eaddab35611ead21e3e3f5667007971e09eee9bf0e33ea3c8d2fbb313bff49dde45e460756381bbede966e418fdf51c454c5e593b3aecfe63e91bc04b1d8880c3bbaa75de816e82868215d6fabe8146ced7ec71b56c70d8214dbceaac135139f7199c67ca81c6784b5bd6d3190fb33f9a9bb4776a4961b97", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(r2)
write$cgroup_pid(r2, &(0x7f00000005c0), 0x12)
bpf$LINK_DETACH(0x22, &(0x7f0000000440)=r2, 0x4)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x408440, 0x0)
ioctl$TUNSETVNETBE(r5, 0x400454de, &(0x7f00000009c0)=0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='syzkaller\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)

43.207237ms ago: executing program 3 (id=2430):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x39, '\x00', 0x0, @fallback=0x30}, 0x94)
r0 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x28, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='cpu&\'\'\t|\t')
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'})
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b"], 0x50)
recvmsg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000740)=""/132, 0xfffffffffffffea6}, 0xd5143fe8c873f1a9)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x33}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x4}}]}}, 0x0, 0x5a}, 0x20)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
r3 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161)
perf_event_open$cgroup(&(0x7f0000000480)={0x5, 0x80, 0xc, 0x0, 0x3, 0xe, 0x0, 0x8, 0x8, 0x6, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x4, @perf_config_ext={0x3, 0x100000001}, 0x10220b, 0x0, 0x5320000, 0x2, 0x7, 0x2c000000, 0x7, 0x0, 0xe32e, 0x0, 0xd}, 0xffffffffffffffff, 0x1, r2, 0x1)
r4 = socket$kcm(0x10, 0x2, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffff7ffd}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000180)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffe01}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0xe, 0x0, &(0x7f0000000040)="f7edad00"/14, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b18d25a806f8c6394f91424fc60040f030048000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

13.568019ms ago: executing program 1 (id=2431):
r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xde923, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0xd, 0x7}, 0x0, 0x0, 0x0, 0x6, 0x7, 0x3, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f0000002100)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000002080)=[{&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000002040)=""/36, 0x24}], 0x2, &(0x7f00000020c0)}, 0x20)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4)
r6 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x66137, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x9, 0x1, 0x56d, 0x4, 0x42, 0xffffffffffffffff, 0x1000}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r8}, 0x38)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)

0s ago: executing program 0 (id=2432):
r0 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0xd040, 0x10000}, 0x14403, 0xfffc, 0x0, 0x5, 0x582, 0x20005, 0x8, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0xc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x6}, 0x10000, 0x0, 0x0, 0x7, 0x6, 0x0, 0x1}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000140)={'macvtap0\x00'})
r2 = socket$kcm(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xd7d, '\x00', r4, 0xffffffffffffffff, 0x1, 0x1, 0x1}, 0x50)
sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000010000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000100)=0x3)
recvmsg$kcm(r5, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10182)
r6 = socket$kcm(0x23, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000021c0)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000002000000000000002200001891320600000000009500000000000000b8ebce6ce5f463d86f334939a7f927ee3400b32e481c47e456b6a6ca8edacd56cf797ed717359f2ca81d22b94fff5d8f2a675dac6cdad801ad702b322f6f8158f93a63703ef546101c0562523dd7c520297af9020994c6395e53b003ecc6823336757f8b56834bbf2220789c6c23cfd18f2a78accbaaa65e434e25801f4d3a8dffb801b2b3973a26a9745a149ca6"], &(0x7f0000000380)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
sendmsg$kcm(r6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeaff}, 0x48010)
sendmsg$sock(r6, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a118001500060014ef03000012080004004300000008001600a400014020000500feffff7fb94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516279ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

x40/0x90
[  192.490484][ T8641]  ? clear_bhb_loop+0x40/0x90
[  192.495158][ T8641]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  192.501041][ T8641] RIP: 0033:0x7fb6af79c819
[  192.505447][ T8641] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  192.525043][ T8641] RSP: 002b:00007fb6b06ca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  192.533447][ T8641] RAX: ffffffffffffffda RBX: 00007fb6afa16090 RCX: 00007fb6af79c819
[  192.541407][ T8641] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  192.549367][ T8641] RBP: 00007fb6b06ca090 R08: 0000000000000000 R09: 0000000000000000
[  192.557326][ T8641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.565287][ T8641] R13: 00007fb6afa16128 R14: 00007fb6afa16090 R15: 00007ffdb20840b8
[  192.573264][ T8641]  </TASK>
[  192.583418][ T8641] Mem-Info:
[  192.595407][ T8641] active_anon:5510 inactive_anon:0 isolated_anon:0
[  192.595407][ T8641]  active_file:16062 inactive_file:39974 isolated_file:0
[  192.595407][ T8641]  unevictable:768 dirty:95 writeback:0
[  192.595407][ T8641]  slab_reclaimable:10133 slab_unreclaimable:91871
[  192.595407][ T8641]  mapped:25410 shmem:1361 pagetables:588
[  192.595407][ T8641]  sec_pagetables:0 bounce:0
[  192.595407][ T8641]  kernel_misc_reclaimable:0
[  192.595407][ T8641]  free:1350426 free_pcp:8996 free_cma:0
[  192.640871][ T8644] netlink: 'syz.2.1052': attribute type 29 has an invalid length.
[  192.664864][ T8641] Node 0 active_anon:22140kB inactive_anon:0kB active_file:64248kB inactive_file:159696kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101640kB dirty:380kB writeback:0kB shmem:4008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11364kB pagetables:2352kB sec_pagetables:0kB all_unreclaimable? no
[  192.689086][ T8633] netlink: 'syz.2.1052': attribute type 29 has an invalid length.
[  192.698797][ T8641] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  192.758635][ T8641] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  192.792201][ T8641] lowmem_reserve[]: 0 2521 2522 2522 2522
[  192.806849][ T8641] Node 0 DMA32 free:1491480kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:22000kB inactive_anon:0kB active_file:64248kB inactive_file:158868kB unevictable:1536kB writepending:380kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:17360kB local_pcp:14124kB free_cma:0kB
[  192.864601][ T8641] lowmem_reserve[]: 0 0 0 0 0
[  192.884165][ T8641] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  192.917145][ T8641] lowmem_reserve[]: 0 0 0 0 0
[  192.922006][ T8641] Node 1 Normal free:3894412kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19168kB local_pcp:10560kB free_cma:0kB
[  192.953455][ T8641] lowmem_reserve[]: 0 0 0 0 0
[  192.962979][ T8641] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  192.983783][ T8641] Node 0 DMA32: 2056*4kB (UM) 1621*8kB (UME) 1307*16kB (UME) 689*32kB (UME) 356*64kB (UME) 89*128kB (UME) 34*256kB (UME) 22*512kB (M) 9*1024kB (ME) 4*2048kB (ME) 331*4096kB (UM) = 1491480kB
[  193.009226][ T8641] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  193.021566][ T8641] Node 1 Normal: 243*4kB (UME) 48*8kB (UME) 38*16kB (UME) 29*32kB (UME) 17*64kB (UE) 10*128kB (UME) 2*256kB (UE) 3*512kB (UME) 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3894412kB
[  193.041041][ T8641] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  193.065742][ T8649] netlink: 'syz.1.1056': attribute type 3 has an invalid length.
[  193.073523][ T8649] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1056'.
[  193.078498][ T8641] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  193.110322][ T8641] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  193.130177][ T8641] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  193.152341][ T8641] 57397 total pagecache pages
[  193.162147][ T8641] 0 pages in swap cache
[  193.175426][ T8641] Free swap  = 124996kB
[  193.195348][ T8641] Total swap = 124996kB
[  193.199560][ T8641] 2097051 pages RAM
[  193.232773][ T8641] 0 pages HighMem/MovableOnly
[  193.242891][ T8641] 416927 pages reserved
[  193.257238][ T8641] 0 pages cma reserved
[  193.333239][ T8658] netlink: 'syz.1.1061': attribute type 9 has an invalid length.
[  193.361702][ T8658] netlink: 154020 bytes leftover after parsing attributes in process `syz.1.1061'.
[  193.541393][ T8667] FAULT_INJECTION: forcing a failure.
[  193.541393][ T8667] name failslab, interval 1, probability 0, space 0, times 0
[  193.566013][ T8667] CPU: 0 PID: 8667 Comm: syz.0.1065 Not tainted syzkaller #0
[  193.573422][ T8667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  193.583491][ T8667] Call Trace:
[  193.586782][ T8667]  <TASK>
[  193.589716][ T8667]  dump_stack_lvl+0x18c/0x250
[  193.594427][ T8667]  ? show_regs_print_info+0x20/0x20
[  193.599647][ T8667]  ? load_image+0x420/0x420
[  193.604175][ T8667]  ? __might_sleep+0xe0/0xe0
[  193.608778][ T8667]  ? __lock_acquire+0x7d40/0x7d40
[  193.613820][ T8667]  should_fail_ex+0x39d/0x4d0
[  193.618533][ T8667]  should_failslab+0x9/0x20
[  193.623055][ T8667]  slab_pre_alloc_hook+0x59/0x310
[  193.628101][ T8667]  ? __lock_acquire+0x7d40/0x7d40
[  193.633142][ T8667]  kmem_cache_alloc+0x5a/0x2d0
[  193.637922][ T8667]  ? security_file_alloc+0x34/0x120
[  193.643143][ T8667]  security_file_alloc+0x34/0x120
[  193.648190][ T8667]  init_file+0x94/0x1f0
[  193.652368][ T8667]  alloc_empty_file+0xb7/0x1d0
[  193.657178][ T8667]  path_openat+0x113/0x3230
[  193.661710][ T8667]  ? __kasan_slab_alloc+0x6c/0x80
[  193.666760][ T8667]  ? do_sys_openat2+0xda/0x1d0
[  193.671536][ T8667]  ? __x64_sys_openat+0x139/0x160
[  193.676572][ T8667]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  193.682648][ T8667]  ? verify_lock_unused+0x140/0x140
[  193.687856][ T8667]  ? do_filp_open+0x430/0x430
[  193.692550][ T8667]  ? __virt_addr_valid+0x18c/0x540
[  193.697686][ T8667]  do_filp_open+0x1f5/0x430
[  193.702204][ T8667]  ? vfs_tmpfile+0x490/0x490
[  193.706828][ T8667]  ? _raw_spin_unlock+0x28/0x40
[  193.711690][ T8667]  ? alloc_fd+0x58f/0x630
[  193.716049][ T8667]  do_sys_openat2+0x134/0x1d0
[  193.720749][ T8667]  ? do_sys_open+0xe0/0xe0
[  193.725217][ T8667]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  193.731211][ T8667]  ? lock_chain_count+0x20/0x20
[  193.736077][ T8667]  __x64_sys_openat+0x139/0x160
[  193.740955][ T8667]  do_syscall_64+0x55/0xa0
[  193.745381][ T8667]  ? clear_bhb_loop+0x40/0x90
[  193.750072][ T8667]  ? clear_bhb_loop+0x40/0x90
[  193.754764][ T8667]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  193.760668][ T8667] RIP: 0033:0x7eff2a59c819
[  193.765092][ T8667] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  193.784710][ T8667] RSP: 002b:00007eff2b3ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  193.793147][ T8667] RAX: ffffffffffffffda RBX: 00007eff2a815fa0 RCX: 00007eff2a59c819
[  193.801132][ T8667] RDX: 0000000000000200 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  193.809114][ T8667] RBP: 00007eff2b3ff090 R08: 0000000000000000 R09: 0000000000000000
[  193.817093][ T8667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.825071][ T8667] R13: 00007eff2a816038 R14: 00007eff2a815fa0 R15: 00007ffc9f338898
[  193.833066][ T8667]  </TASK>
[  194.347550][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  194.353883][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  194.406720][ T8686] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1071'.
[  194.741813][ T8701] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1078'.
[  194.789200][ T8701] netlink: 'syz.3.1078': attribute type 9 has an invalid length.
[  194.942182][ T8708] netlink: 'syz.0.1079': attribute type 29 has an invalid length.
[  195.014826][ T8708] netlink: 'syz.0.1079': attribute type 29 has an invalid length.
[  195.031366][ T8714] netlink: 'syz.0.1079': attribute type 29 has an invalid length.
[  195.075408][ T8708] netlink: 'syz.0.1079': attribute type 29 has an invalid length.
[  195.111993][ T8708] netlink: 'syz.0.1079': attribute type 29 has an invalid length.
[  195.668516][ T8735] netlink: 'syz.0.1091': attribute type 29 has an invalid length.
[  195.701399][ T8735] netlink: 'syz.0.1091': attribute type 29 has an invalid length.
[  195.740497][ T8736] netlink: 'syz.0.1091': attribute type 29 has an invalid length.
[  195.798421][ T8735] netlink: 'syz.0.1091': attribute type 29 has an invalid length.
[  196.064941][ T8750] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  196.072229][ T8750] IPv6: NLM_F_CREATE should be set when creating new route
[  196.731359][ T8773] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  196.842660][ T8773] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.1104'.
[  197.593171][ T8795] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1112'.
[  197.603144][ T8795] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  198.617194][ T8816] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  198.628000][ T8818] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1119'.
[  199.283671][ T8840] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1128'.
[  199.502885][ T8846] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1131'.
[  199.537158][ T8846] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  199.857329][ T8855] validate_nla: 20 callbacks suppressed
[  199.857361][ T8855] netlink: 'syz.1.1135': attribute type 29 has an invalid length.
[  199.893407][ T8855] netlink: 'syz.1.1135': attribute type 29 has an invalid length.
[  199.955647][ T8859] netlink: 'syz.1.1135': attribute type 29 has an invalid length.
[  199.995468][ T8861] netlink: 'syz.1.1135': attribute type 29 has an invalid length.
[  200.056647][ T8855] netlink: 'syz.1.1135': attribute type 29 has an invalid length.
[  200.138589][ T8864] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1138'.
[  200.182239][ T8865] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1139'.
[  200.252650][ T8864] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1138'.
[  200.290092][ T8864] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  200.628637][ T8878] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1144'.
[  201.083933][ T8889] netlink: 'syz.1.1149': attribute type 29 has an invalid length.
[  201.115963][ T8889] netlink: 'syz.1.1149': attribute type 29 has an invalid length.
[  201.151640][ T8889] netlink: 'syz.1.1149': attribute type 29 has an invalid length.
[  201.185432][ T8889] netlink: 'syz.1.1149': attribute type 29 has an invalid length.
[  201.227566][ T8889] netlink: 'syz.1.1149': attribute type 29 has an invalid length.
[  201.284825][ T8899] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1153'.
[  201.303892][ T8899] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  201.385725][ T7415] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  201.803845][ T8915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1159'.
[  203.885641][ T8955] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1171'.
[  204.334570][    C0] icmp: detected local route for 172.20.20.170 during ICMP sending, src 172.20.20.187
[  204.612781][ T8982] netlink: zone id is out of range
[  204.634556][ T8982] netlink: set zone limit has 8 unknown bytes
[  204.658303][ T8982] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1178'.
[  209.247944][ T9013] validate_nla: 13 callbacks suppressed
[  209.247978][ T9013] netlink: 'syz.1.1189': attribute type 29 has an invalid length.
[  209.310865][ T9013] netlink: 'syz.1.1189': attribute type 29 has an invalid length.
[  209.325791][ T9015] netlink: 'syz.1.1189': attribute type 29 has an invalid length.
[  209.345557][ T9018] FAULT_INJECTION: forcing a failure.
[  209.345557][ T9018] name failslab, interval 1, probability 0, space 0, times 0
[  209.376212][ T9018] CPU: 0 PID: 9018 Comm: syz.0.1191 Not tainted syzkaller #0
[  209.383627][ T9018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  209.393701][ T9018] Call Trace:
[  209.396999][ T9018]  <TASK>
[  209.399942][ T9018]  dump_stack_lvl+0x18c/0x250
[  209.404649][ T9018]  ? show_regs_print_info+0x20/0x20
[  209.409877][ T9018]  ? load_image+0x420/0x420
[  209.414407][ T9018]  ? __might_sleep+0xe0/0xe0
[  209.419015][ T9018]  ? __lock_acquire+0x7d40/0x7d40
[  209.424063][ T9018]  should_fail_ex+0x39d/0x4d0
[  209.428772][ T9018]  should_failslab+0x9/0x20
[  209.433301][ T9018]  slab_pre_alloc_hook+0x59/0x310
[  209.438363][ T9018]  ? __lock_acquire+0x1347/0x7d40
[  209.443408][ T9018]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  209.449152][ T9018]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  209.454891][ T9018]  __kmem_cache_alloc_node+0x53/0x250
[  209.460297][ T9018]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  209.466040][ T9018]  __kmalloc+0xa4/0x230
[  209.470225][ T9018]  tomoyo_realpath_from_path+0xe3/0x5d0
[  209.475805][ T9018]  tomoyo_check_open_permission+0x224/0x460
[  209.481733][ T9018]  ? tomoyo_check_open_permission+0x1cf/0x460
[  209.487826][ T9018]  ? tomoyo_check_path_number_acl+0x280/0x280
[  209.493917][ T9018]  ? __asan_memset+0x22/0x40
[  209.498522][ T9018]  ? __rwlock_init+0x150/0x150
[  209.503283][ T9018]  ? capable_wrt_inode_uidgid+0x1e6/0x280
[  209.509054][ T9018]  ? tomoyo_file_open+0xed/0x180
[  209.513992][ T9018]  security_file_open+0x62/0xa0
[  209.518842][ T9018]  do_dentry_open+0x380/0x1500
[  209.523613][ T9018]  path_openat+0x27f1/0x3230
[  209.528211][ T9018]  ? get_alloc_stack_hash+0x3d8/0x770
[  209.533590][ T9018]  ? do_sys_openat2+0xda/0x1d0
[  209.538352][ T9018]  ? verify_lock_unused+0x140/0x140
[  209.543551][ T9018]  ? do_filp_open+0x430/0x430
[  209.548239][ T9018]  ? __virt_addr_valid+0x18c/0x540
[  209.553357][ T9018]  do_filp_open+0x1f5/0x430
[  209.557857][ T9018]  ? vfs_tmpfile+0x490/0x490
[  209.562453][ T9018]  ? _raw_spin_unlock+0x28/0x40
[  209.567296][ T9018]  ? alloc_fd+0x58f/0x630
[  209.571626][ T9018]  do_sys_openat2+0x134/0x1d0
[  209.576298][ T9018]  ? perf_trace_preemptirq_template+0x269/0x330
[  209.582535][ T9018]  ? do_sys_open+0xe0/0xe0
[  209.586943][ T9018]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  209.592923][ T9018]  ? lock_chain_count+0x20/0x20
[  209.597768][ T9018]  __x64_sys_openat+0x139/0x160
[  209.602622][ T9018]  do_syscall_64+0x55/0xa0
[  209.607032][ T9018]  ? clear_bhb_loop+0x40/0x90
[  209.611700][ T9018]  ? clear_bhb_loop+0x40/0x90
[  209.616372][ T9018]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.622270][ T9018] RIP: 0033:0x7eff2a59c819
[  209.626681][ T9018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  209.646286][ T9018] RSP: 002b:00007eff2b3ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  209.654780][ T9018] RAX: ffffffffffffffda RBX: 00007eff2a815fa0 RCX: 00007eff2a59c819
[  209.662742][ T9018] RDX: 0000000000000200 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  209.670703][ T9018] RBP: 00007eff2b3ff090 R08: 0000000000000000 R09: 0000000000000000
[  209.678661][ T9018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.686626][ T9018] R13: 00007eff2a816038 R14: 00007eff2a815fa0 R15: 00007ffc9f338898
[  209.694605][ T9018]  </TASK>
[  209.708688][ T9013] netlink: 'syz.1.1189': attribute type 29 has an invalid length.
[  209.744488][ T9018] ERROR: Out of memory at tomoyo_realpath_from_path.
[  209.749314][ T9013] netlink: 'syz.1.1189': attribute type 29 has an invalid length.
[  210.051565][ T9033] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1198'.
[  210.715019][ T9060] netlink: 'syz.2.1205': attribute type 29 has an invalid length.
[  210.745032][ T9060] netlink: 'syz.2.1205': attribute type 29 has an invalid length.
[  210.769458][ T9065] netlink: 'syz.2.1205': attribute type 29 has an invalid length.
[  210.807582][ T9060] netlink: 'syz.2.1205': attribute type 29 has an invalid length.
[  210.860578][ T9065] netlink: 'syz.2.1205': attribute type 29 has an invalid length.
[  212.478091][ T9111] team0: Port device syz_tun added
[  214.325760][ T9163] validate_nla: 17 callbacks suppressed
[  214.325775][ T9163] netlink: 'syz.2.1243': attribute type 10 has an invalid length.
[  214.350821][ T9162] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1244'.
[  214.409787][ T9162] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  214.626060][ T9174] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1247'.
[  214.845453][ T9180] netlink: 'syz.0.1249': attribute type 29 has an invalid length.
[  214.874238][ T9180] netlink: 'syz.0.1249': attribute type 29 has an invalid length.
[  214.902599][ T9180] netlink: 'syz.0.1249': attribute type 29 has an invalid length.
[  214.933379][ T9180] netlink: 'syz.0.1249': attribute type 29 has an invalid length.
[  214.977611][ T9180] netlink: 'syz.0.1249': attribute type 29 has an invalid length.
[  217.157941][ T9259] netlink: 'syz.0.1275': attribute type 9 has an invalid length.
[  217.178319][ T9259] netlink: 61951 bytes leftover after parsing attributes in process `syz.0.1275'.
[  217.207700][ T9260] netlink: 65051 bytes leftover after parsing attributes in process `syz.2.1277'.
[  218.288209][ T9289] netlink: 'syz.0.1287': attribute type 3 has an invalid length.
[  218.296727][ T9289] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1287'.
[  218.450161][ T9289] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.524009][ T9289] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.558172][ T9289] .` (unregistering): Released all slaves
[  218.620427][ T9300] netlink: 'syz.2.1292': attribute type 3 has an invalid length.
[  218.628764][ T9300] netlink: 106052 bytes leftover after parsing attributes in process `syz.2.1292'.
[  218.725348][ T9303] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  218.732637][ T9303] IPv6: NLM_F_CREATE should be set when creating new route
[  219.092249][ T9318] netlink: 'syz.2.1299': attribute type 5 has an invalid length.
[  219.114822][ T9318] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1299'.
[  219.288504][ T9320] netlink: 84908 bytes leftover after parsing attributes in process `syz.0.1300'.
[  220.466820][ T9346] validate_nla: 1 callbacks suppressed
[  220.466835][ T9346] netlink: 'syz.0.1312': attribute type 10 has an invalid length.
[  220.610215][ T9346] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.635247][ T9346] bridge_slave_1: left allmulticast mode
[  220.649170][ T9346] bridge_slave_1: left promiscuous mode
[  220.664391][ T9346] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.882764][ T9362] FAULT_INJECTION: forcing a failure.
[  220.882764][ T9362] name failslab, interval 1, probability 0, space 0, times 0
[  220.905810][ T9362] CPU: 0 PID: 9362 Comm: syz.0.1316 Not tainted syzkaller #0
[  220.913222][ T9362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  220.923286][ T9362] Call Trace:
[  220.926560][ T9362]  <TASK>
[  220.929485][ T9362]  dump_stack_lvl+0x18c/0x250
[  220.934166][ T9362]  ? show_regs_print_info+0x20/0x20
[  220.939359][ T9362]  ? load_image+0x420/0x420
[  220.943858][ T9362]  ? __might_sleep+0xe0/0xe0
[  220.948443][ T9362]  ? __lock_acquire+0x7d40/0x7d40
[  220.953461][ T9362]  ? prepend_path+0x4b/0x960
[  220.958051][ T9362]  should_fail_ex+0x39d/0x4d0
[  220.962728][ T9362]  should_failslab+0x9/0x20
[  220.967229][ T9362]  slab_pre_alloc_hook+0x59/0x310
[  220.972249][ T9362]  ? __asan_memcpy+0x40/0x70
[  220.976833][ T9362]  ? tomoyo_encode+0x28b/0x540
[  220.981589][ T9362]  ? tomoyo_encode+0x28b/0x540
[  220.986341][ T9362]  __kmem_cache_alloc_node+0x53/0x250
[  220.991708][ T9362]  ? prepend_path+0x4b/0x960
[  220.996292][ T9362]  ? tomoyo_encode+0x28b/0x540
[  221.001046][ T9362]  __kmalloc+0xa4/0x230
[  221.005201][ T9362]  tomoyo_encode+0x28b/0x540
[  221.009793][ T9362]  tomoyo_realpath_from_path+0x592/0x5d0
[  221.015430][ T9362]  tomoyo_check_open_permission+0x224/0x460
[  221.021323][ T9362]  ? tomoyo_check_open_permission+0x1cf/0x460
[  221.027387][ T9362]  ? tomoyo_check_path_number_acl+0x280/0x280
[  221.033473][ T9362]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  221.039453][ T9362]  ? __asan_memset+0x22/0x40
[  221.044052][ T9362]  ? __rwlock_init+0x150/0x150
[  221.048825][ T9362]  ? capable_wrt_inode_uidgid+0x1e6/0x280
[  221.054555][ T9362]  ? tomoyo_file_open+0xed/0x180
[  221.059490][ T9362]  security_file_open+0x62/0xa0
[  221.064342][ T9362]  do_dentry_open+0x380/0x1500
[  221.069124][ T9362]  path_openat+0x27f1/0x3230
[  221.073721][ T9362]  ? do_sys_openat2+0xda/0x1d0
[  221.078491][ T9362]  ? verify_lock_unused+0x140/0x140
[  221.083693][ T9362]  ? do_filp_open+0x430/0x430
[  221.088371][ T9362]  ? __virt_addr_valid+0x18c/0x540
[  221.093481][ T9362]  do_filp_open+0x1f5/0x430
[  221.097978][ T9362]  ? vfs_tmpfile+0x490/0x490
[  221.102573][ T9362]  ? _raw_spin_unlock+0x28/0x40
[  221.107423][ T9362]  ? alloc_fd+0x58f/0x630
[  221.111755][ T9362]  do_sys_openat2+0x134/0x1d0
[  221.116429][ T9362]  ? perf_trace_preemptirq_template+0x269/0x330
[  221.122666][ T9362]  ? do_sys_open+0xe0/0xe0
[  221.127080][ T9362]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  221.133053][ T9362]  ? lock_chain_count+0x20/0x20
[  221.137901][ T9362]  __x64_sys_openat+0x139/0x160
[  221.142749][ T9362]  do_syscall_64+0x55/0xa0
[  221.147155][ T9362]  ? clear_bhb_loop+0x40/0x90
[  221.151827][ T9362]  ? clear_bhb_loop+0x40/0x90
[  221.156499][ T9362]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  221.162418][ T9362] RIP: 0033:0x7eff2a59c819
[  221.166843][ T9362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  221.186460][ T9362] RSP: 002b:00007eff2b3ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  221.194871][ T9362] RAX: ffffffffffffffda RBX: 00007eff2a815fa0 RCX: 00007eff2a59c819
[  221.202836][ T9362] RDX: 0000000000000200 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  221.210801][ T9362] RBP: 00007eff2b3ff090 R08: 0000000000000000 R09: 0000000000000000
[  221.218776][ T9362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  221.226742][ T9362] R13: 00007eff2a816038 R14: 00007eff2a815fa0 R15: 00007ffc9f338898
[  221.234724][ T9362]  </TASK>
[  221.276226][ T9362] ERROR: Out of memory at tomoyo_realpath_from_path.
[  221.479187][ T9370] netlink: 'syz.3.1321': attribute type 19 has an invalid length.
[  221.488047][ T9370] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1321'.
[  221.666186][ T9379] netlink: 'syz.0.1324': attribute type 30 has an invalid length.
[  221.882470][ T9385] netlink: 'syz.2.1326': attribute type 3 has an invalid length.
[  221.892907][ T9385] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1326'.
[  221.953289][ T9385] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  221.977113][ T9385] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  221.997832][ T9385] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  222.019504][ T9385] bond0 (unregistering): Released all slaves
[  222.429587][ T9391] netlink: 'syz.2.1328': attribute type 3 has an invalid length.
[  222.438820][ T9391] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1328'.
[  222.483023][ T9390] netlink: 'syz.1.1335': attribute type 3 has an invalid length.
[  222.518368][ T9390] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1335'.
[  222.701726][ T9393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  222.775031][ T9393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  222.806251][ T9393] bond0 (unregistering): (slave syz_tun): Releasing backup interface
[  222.856964][ T9393] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  222.882263][ T9393] bond0 (unregistering): Released all slaves
[  223.160285][ T9411] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1338'.
[  223.257317][ T9419] FAULT_INJECTION: forcing a failure.
[  223.257317][ T9419] name failslab, interval 1, probability 0, space 0, times 0
[  223.270067][ T9419] CPU: 0 PID: 9419 Comm: syz.2.1340 Not tainted syzkaller #0
[  223.277447][ T9419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  223.287518][ T9419] Call Trace:
[  223.290795][ T9419]  <TASK>
[  223.293721][ T9419]  dump_stack_lvl+0x18c/0x250
[  223.298408][ T9419]  ? show_regs_print_info+0x20/0x20
[  223.303608][ T9419]  ? load_image+0x420/0x420
[  223.308118][ T9419]  should_fail_ex+0x39d/0x4d0
[  223.312800][ T9419]  should_failslab+0x9/0x20
[  223.317310][ T9419]  slab_pre_alloc_hook+0x59/0x310
[  223.322352][ T9419]  ? ip_finish_output2+0xb04/0x11e0
[  223.327559][ T9419]  kmem_cache_alloc_node+0x60/0x320
[  223.332755][ T9419]  ? __alloc_skb+0x103/0x2c0
[  223.337340][ T9419]  __alloc_skb+0x103/0x2c0
[  223.341749][ T9419]  ip_frag_next+0xd1/0xaf0
[  223.346161][ T9419]  ? ip_options_fragment+0x1ae/0x290
[  223.351452][ T9419]  ? ip_do_fragment+0x7e2/0x1760
[  223.356405][ T9419]  ip_do_fragment+0x76f/0x1760
[  223.361180][ T9419]  ? __ip_local_out+0x5f0/0x5f0
[  223.366027][ T9419]  ? ip_fragment+0x210/0x210
[  223.370616][ T9419]  ? ip_skb_dst_mtu+0x58a/0x9c0
[  223.375477][ T9419]  ip_output+0x2a1/0x3b0
[  223.379723][ T9419]  ? ip_output+0x60/0x3b0
[  223.384050][ T9419]  iptunnel_xmit+0x4f0/0x920
[  223.388654][ T9419]  ip_tunnel_xmit+0x1cbc/0x2410
[  223.393520][ T9419]  ? ip4_dst_hoplimit+0x2d0/0x2d0
[  223.398552][ T9419]  ? validate_xmit_xfrm+0xbc/0x12c0
[  223.403758][ T9419]  ? gre_build_header+0x25b/0x990
[  223.408784][ T9419]  ipgre_xmit+0x7a6/0xb20
[  223.413117][ T9419]  dev_hard_start_xmit+0x246/0x740
[  223.418238][ T9419]  __dev_queue_xmit+0x19a3/0x3660
[  223.423271][ T9419]  ? __dev_queue_xmit+0x265/0x3660
[  223.428386][ T9419]  ? netdev_core_pick_tx+0x340/0x340
[  223.433672][ T9419]  ? skb_release_data+0x1cf/0x800
[  223.438698][ T9419]  ? pskb_expand_head+0xbfe/0x1230
[  223.443811][ T9419]  __bpf_tx_skb+0x189/0x250
[  223.448312][ T9419]  bpf_clone_redirect+0x30f/0x4a0
[  223.453340][ T9419]  bpf_prog_208b094576c80b22+0x5e/0x63
[  223.458799][ T9419]  ? perf_trace_run_bpf_submit+0x125/0x1c0
[  223.464612][ T9419]  ? perf_trace_preemptirq_template+0x269/0x330
[  223.470851][ T9419]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  223.476825][ T9419]  ? lockdep_softirqs_on+0x580/0x580
[  223.482105][ T9419]  ? lock_chain_count+0x20/0x20
[  223.486950][ T9419]  ? seqcount_lockdep_reader_access+0x191/0x1d0
[  223.493186][ T9419]  ? __local_bh_disable_ip+0x108/0x1a0
[  223.498636][ T9419]  ? __cant_sleep+0x220/0x220
[  223.503306][ T9419]  ? __local_bh_enable_ip+0x13a/0x1c0
[  223.508671][ T9419]  ? _local_bh_enable+0xa0/0xa0
[  223.513516][ T9419]  ? bpf_test_timer_continue+0x135/0x380
[  223.519145][ T9419]  ? bpf_test_run+0x174/0x870
[  223.523814][ T9419]  bpf_test_run+0x2df/0x870
[  223.528320][ T9419]  ? bpf_test_run+0x174/0x870
[  223.532988][ T9419]  ? convert___skb_to_skb+0x590/0x590
[  223.538350][ T9419]  ? eth_get_headlen+0x210/0x210
[  223.543287][ T9419]  ? slab_build_skb+0x25f/0x3f0
[  223.548125][ T9419]  ? convert___skb_to_skb+0x3d/0x590
[  223.553404][ T9419]  bpf_prog_test_run_skb+0xad2/0x12b0
[  223.558784][ T9419]  ? cpu_online+0x60/0x60
[  223.563112][ T9419]  bpf_prog_test_run+0x321/0x390
[  223.568043][ T9419]  __sys_bpf+0x49d/0x890
[  223.572281][ T9419]  ? bpf_link_show_fdinfo+0x390/0x390
[  223.577652][ T9419]  ? lock_chain_count+0x20/0x20
[  223.582498][ T9419]  __x64_sys_bpf+0x7c/0x90
[  223.586906][ T9419]  do_syscall_64+0x55/0xa0
[  223.591311][ T9419]  ? clear_bhb_loop+0x40/0x90
[  223.595979][ T9419]  ? clear_bhb_loop+0x40/0x90
[  223.600645][ T9419]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  223.606531][ T9419] RIP: 0033:0x7f558759c819
[  223.610937][ T9419] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  223.630533][ T9419] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  223.638938][ T9419] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  223.646902][ T9419] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  223.654865][ T9419] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  223.662825][ T9419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  223.670786][ T9419] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  223.678761][ T9419]  </TASK>
[  224.110877][ T9439] netlink: 'syz.3.1346': attribute type 2 has an invalid length.
[  224.138710][ T9439] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1346'.
[  225.602380][ T9465] netlink: 'syz.3.1354': attribute type 29 has an invalid length.
[  227.531698][ T9480] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode
[  227.553504][ T9480] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  228.037345][ T9487] ref_ctr_offset mismatch. inode: 0x42 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  228.228138][ T9493] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.1365'.
[  228.446787][ T9498] netlink: 'syz.0.1367': attribute type 22 has an invalid length.
[  228.505555][ T9493] C: renamed from team_slave_0 (while UP)
[  229.126250][ T9493] netlink: 'syz.2.1365': attribute type 3 has an invalid length.
[  229.136912][ T9493] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1365'.
[  229.235342][ T9493] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  229.366104][ T9493] syz.2.1365 (9493) used greatest stack depth: 18792 bytes left
[  229.614772][ T9520] netlink: 'syz.2.1373': attribute type 4 has an invalid length.
[  229.622781][ T9520] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1373'.
[  229.644219][ T9520] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  229.902137][ T9526] netlink: 'syz.0.1375': attribute type 10 has an invalid length.
[  230.209657][ T9533] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1378'.
[  230.231096][ T9533] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  230.583836][ T9544] netlink: 'syz.0.1383': attribute type 9 has an invalid length.
[  230.655074][ T9544] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.1383'.
[  230.683018][ T9548] netlink: 'syz.2.1384': attribute type 3 has an invalid length.
[  230.701259][ T9548] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1384'.
[  230.764234][ T9545] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  230.871091][ T9554] netlink: 'syz.3.1385': attribute type 1 has an invalid length.
[  230.879155][ T9554] netlink: 'syz.3.1385': attribute type 4 has an invalid length.
[  230.887555][ T9554] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1385'.
[  230.899531][ T9554] netlink: 'syz.3.1385': attribute type 11 has an invalid length.
[  230.907634][ T9554] netlink: 'syz.3.1385': attribute type 1 has an invalid length.
[  230.915943][ T9554] netlink: 'syz.3.1385': attribute type 1 has an invalid length.
[  230.924006][ T9554] netlink: 'syz.3.1385': attribute type 2 has an invalid length.
[  230.932147][ T9554] netlink: 198140 bytes leftover after parsing attributes in process `syz.3.1385'.
[  231.376326][ T9561] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1386'.
[  231.418177][ T9561] bridge_slave_0: entered allmulticast mode
[  231.531396][ T9569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1391'.
[  232.247891][ T9597] openvswitch: netlink: Key 32 has unexpected len 3064 expected 2
[  233.448577][ T9620] netlink: 'syz.1.1409': attribute type 2 has an invalid length.
[  233.457144][ T9620] netlink: 'syz.1.1409': attribute type 8 has an invalid length.
[  233.465789][ T9620] __nla_validate_parse: 1 callbacks suppressed
[  233.465819][ T9620] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1409'.
[  233.492170][ T9620] netlink: 'syz.1.1409': attribute type 11 has an invalid length.
[  235.061206][ T9688] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1431'.
[  235.365393][ T9703] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1432'.
[  235.443747][ T9696] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1435'.
[  235.767673][ T9716] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1439'.
[  235.783886][ T9716] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  236.733730][ T9736] validate_nla: 2 callbacks suppressed
[  236.733742][ T9736] netlink: 'syz.1.1446': attribute type 4 has an invalid length.
[  237.416668][ T9741] netlink: 'syz.1.1447': attribute type 10 has an invalid length.
[  237.434765][ T9741] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1447'.
[  237.821556][ T9764] netlink: 'syz.0.1456': attribute type 10 has an invalid length.
[  237.829652][ T9764] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1456'.
[  237.843035][ T9764] batman_adv: batadv0: Adding interface: vlan1
[  237.849609][ T9764] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.879993][ T9764] batman_adv: batadv0: Interface activated: vlan1
[  237.889964][ T9765] netlink: 'syz.1.1458': attribute type 10 has an invalid length.
[  237.900357][ T9769] 
@ÿ: renamed from bond_slave_0
[  238.228837][ T9779] netlink: 'syz.1.1460': attribute type 3 has an invalid length.
[  238.244733][ T9779] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1460'.
[  238.330417][ T9774] delete_channel: no stack
[  238.453878][ T9788] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  238.461193][ T9788] IPv6: NLM_F_CREATE should be set when creating new route
[  238.880635][ T9799] netlink: 199824 bytes leftover after parsing attributes in process `syz.1.1470'.
[  238.893603][ T9799] netlink: 'syz.1.1470': attribute type 5 has an invalid length.
[  238.902221][ T9799] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1470'.
[  239.428647][ T9810] netlink: 'syz.1.1473': attribute type 3 has an invalid length.
[  239.443354][ T9810] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1473'.
[  239.476184][ T9813] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.1474'.
[  243.727561][ T9852] delete_channel: no stack
[  243.782293][ T9868] netlink: 'syz.1.1494': attribute type 7 has an invalid length.
[  243.823593][ T9868] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1494'.
[  243.849213][ T9868] netlink: 3064 bytes leftover after parsing attributes in process `syz.1.1494'.
[  244.093010][ T9885] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1499'.
[  244.671833][ T9901] FAULT_INJECTION: forcing a failure.
[  244.671833][ T9901] name failslab, interval 1, probability 0, space 0, times 0
[  244.685325][ T9901] CPU: 0 PID: 9901 Comm: syz.2.1506 Not tainted syzkaller #0
[  244.692721][ T9901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  244.702782][ T9901] Call Trace:
[  244.706080][ T9901]  <TASK>
[  244.709026][ T9901]  dump_stack_lvl+0x18c/0x250
[  244.713737][ T9901]  ? show_regs_print_info+0x20/0x20
[  244.718968][ T9901]  ? load_image+0x420/0x420
[  244.723500][ T9901]  ? __might_sleep+0xe0/0xe0
[  244.728116][ T9901]  ? __lock_acquire+0x7d40/0x7d40
[  244.733164][ T9901]  should_fail_ex+0x39d/0x4d0
[  244.737886][ T9901]  should_failslab+0x9/0x20
[  244.742410][ T9901]  slab_pre_alloc_hook+0x59/0x310
[  244.747458][ T9901]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  244.753195][ T9901]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  244.758936][ T9901]  __kmem_cache_alloc_node+0x53/0x250
[  244.764335][ T9901]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  244.770081][ T9901]  __kmalloc+0xa4/0x230
[  244.774268][ T9901]  tomoyo_realpath_from_path+0xe3/0x5d0
[  244.779846][ T9901]  tomoyo_path_perm+0x282/0x560
[  244.784730][ T9901]  ? tomoyo_path_perm+0x250/0x560
[  244.789780][ T9901]  ? tomoyo_path_permission+0x380/0x380
[  244.795358][ T9901]  ? apparmor_current_getsecid_subj+0xb5/0x120
[  244.801514][ T9901]  ? ima_file_check+0xcc/0x110
[  244.806282][ T9901]  ? ima_bprm_check+0x200/0x200
[  244.811131][ T9901]  security_file_truncate+0x62/0x90
[  244.816324][ T9901]  path_openat+0x29a8/0x3230
[  244.820921][ T9901]  ? do_sys_openat2+0xda/0x1d0
[  244.825678][ T9901]  ? verify_lock_unused+0x140/0x140
[  244.830877][ T9901]  ? do_filp_open+0x430/0x430
[  244.835553][ T9901]  ? __virt_addr_valid+0x18c/0x540
[  244.840666][ T9901]  do_filp_open+0x1f5/0x430
[  244.845167][ T9901]  ? vfs_tmpfile+0x490/0x490
[  244.849763][ T9901]  ? _raw_spin_unlock+0x28/0x40
[  244.854608][ T9901]  ? alloc_fd+0x58f/0x630
[  244.858938][ T9901]  do_sys_openat2+0x134/0x1d0
[  244.863609][ T9901]  ? perf_trace_preemptirq_template+0x269/0x330
[  244.869855][ T9901]  ? do_sys_open+0xe0/0xe0
[  244.874264][ T9901]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  244.880244][ T9901]  ? lock_chain_count+0x20/0x20
[  244.885092][ T9901]  __x64_sys_openat+0x139/0x160
[  244.889943][ T9901]  do_syscall_64+0x55/0xa0
[  244.894356][ T9901]  ? clear_bhb_loop+0x40/0x90
[  244.899026][ T9901]  ? clear_bhb_loop+0x40/0x90
[  244.903705][ T9901]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  244.909600][ T9901] RIP: 0033:0x7f558759c819
[  244.914006][ T9901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  244.933602][ T9901] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  244.942010][ T9901] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  244.949994][ T9901] RDX: 0000000000000200 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  244.957978][ T9901] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  244.965952][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.973928][ T9901] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  244.981916][ T9901]  </TASK>
[  245.008821][ T9901] ERROR: Out of memory at tomoyo_realpath_from_path.
[  246.920731][ T9967] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1531'.
[  247.013934][ T9970] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1533'.
[  247.940597][ T9996] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1542'.
[  247.950711][ T9996] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  248.092735][ T9998] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  248.100056][ T9998] IPv6: NLM_F_CREATE should be set when creating new route
[  248.267867][T10008] netlink: 'syz.1.1547': attribute type 1 has an invalid length.
[  248.285519][T10008] netlink: 'syz.1.1547': attribute type 4 has an invalid length.
[  248.300427][T10008] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1547'.
[  250.590301][T10062] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  251.051922][T10072] netlink: 'syz.1.1569': attribute type 10 has an invalid length.
[  251.112225][T10072] batman_adv: batadv0: Adding interface: netdevsim0
[  251.124614][T10072] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.181593][T10072] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  251.318927][T10083] netlink: 'syz.3.1572': attribute type 22 has an invalid length.
[  251.464080][T10090] delete_channel: no stack
[  251.726003][T10099] netlink: 'syz.1.1577': attribute type 4 has an invalid length.
[  251.744681][T10099] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1577'.
[  251.764900][T10099] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  251.943930][T10110] netlink: 'syz.1.1581': attribute type 10 has an invalid length.
[  251.969486][T10110] batman_adv: batadv0: Removing interface: netdevsim0
[  252.140095][T10117] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1583'.
[  252.158318][T10117] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  252.387779][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1589'.
[  252.658846][T10138] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1592'.
[  252.682988][T10138] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1592'.
[  252.697318][T10138] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1592'.
[  252.708710][T10138] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1592'.
[  253.040377][T10150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1597'.
[  255.661334][T10231] netlink: 'syz.1.1625': attribute type 10 has an invalid length.
[  255.792895][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  255.799368][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  258.287842][T10302] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.1651'.
[  258.629389][T10314] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1655'.
[  258.698955][T10314] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  258.715665][T10310] netlink: 14556 bytes leftover after parsing attributes in process `syz.2.1655'.
[  259.123798][T10319] netlink: 'syz.1.1657': attribute type 4 has an invalid length.
[  260.208065][T10349] netlink: 'syz.2.1668': attribute type 10 has an invalid length.
[  260.218987][T10349] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1668'.
[  260.627715][T10363] netlink: 'syz.1.1672': attribute type 21 has an invalid length.
[  260.640871][T10363] netlink: 'syz.1.1672': attribute type 3 has an invalid length.
[  260.648854][T10363] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1672'.
[  260.942604][T10374] netlink: 'syz.3.1677': attribute type 3 has an invalid length.
[  260.970153][T10374] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1677'.
[  261.220776][T10383] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  261.228095][T10383] IPv6: NLM_F_CREATE should be set when creating new route
[  263.538979][T10420] netlink: 212940 bytes leftover after parsing attributes in process `syz.1.1694'.
[  264.216868][T10436] netlink: 'syz.2.1700': attribute type 10 has an invalid length.
[  267.150136][T10436] hsr_slave_0: left promiscuous mode
[  267.161553][T10436] hsr_slave_1: left promiscuous mode
[  268.594749][T10488] netlink: 'syz.2.1719': attribute type 3 has an invalid length.
[  268.613745][T10488] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1719'.
[  269.030034][T10503] FAULT_INJECTION: forcing a failure.
[  269.030034][T10503] name failslab, interval 1, probability 0, space 0, times 0
[  269.063791][T10503] CPU: 1 PID: 10503 Comm: syz.2.1725 Not tainted syzkaller #0
[  269.071301][T10503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  269.081370][T10503] Call Trace:
[  269.084659][T10503]  <TASK>
[  269.087601][T10503]  dump_stack_lvl+0x18c/0x250
[  269.092307][T10503]  ? show_regs_print_info+0x20/0x20
[  269.097528][T10503]  ? load_image+0x420/0x420
[  269.102051][T10503]  ? __might_sleep+0xe0/0xe0
[  269.106658][T10503]  ? __lock_acquire+0x7d40/0x7d40
[  269.111704][T10503]  ? prepend_path+0x4b/0x960
[  269.116314][T10503]  should_fail_ex+0x39d/0x4d0
[  269.121136][T10503]  should_failslab+0x9/0x20
[  269.125671][T10503]  slab_pre_alloc_hook+0x59/0x310
[  269.130720][T10503]  ? __asan_memcpy+0x40/0x70
[  269.135329][T10503]  ? tomoyo_encode+0x28b/0x540
[  269.140106][T10503]  ? tomoyo_encode+0x28b/0x540
[  269.144886][T10503]  __kmem_cache_alloc_node+0x53/0x250
[  269.150367][T10503]  ? prepend_path+0x4b/0x960
[  269.154979][T10503]  ? tomoyo_encode+0x28b/0x540
[  269.159746][T10503]  __kmalloc+0xa4/0x230
[  269.163904][T10503]  tomoyo_encode+0x28b/0x540
[  269.168491][T10503]  tomoyo_realpath_from_path+0x592/0x5d0
[  269.174124][T10503]  tomoyo_path_perm+0x282/0x560
[  269.178972][T10503]  ? tomoyo_path_perm+0x250/0x560
[  269.183997][T10503]  ? tomoyo_path_permission+0x380/0x380
[  269.189555][T10503]  ? apparmor_current_getsecid_subj+0xb5/0x120
[  269.195708][T10503]  ? ima_file_check+0xcc/0x110
[  269.200467][T10503]  ? ima_bprm_check+0x200/0x200
[  269.205314][T10503]  security_file_truncate+0x62/0x90
[  269.210506][T10503]  path_openat+0x29a8/0x3230
[  269.215105][T10503]  ? do_sys_openat2+0xda/0x1d0
[  269.219865][T10503]  ? verify_lock_unused+0x140/0x140
[  269.225057][T10503]  ? do_filp_open+0x430/0x430
[  269.229731][T10503]  ? __virt_addr_valid+0x18c/0x540
[  269.234845][T10503]  do_filp_open+0x1f5/0x430
[  269.239340][T10503]  ? vfs_tmpfile+0x490/0x490
[  269.243935][T10503]  ? _raw_spin_unlock+0x28/0x40
[  269.248779][T10503]  ? alloc_fd+0x58f/0x630
[  269.253108][T10503]  do_sys_openat2+0x134/0x1d0
[  269.257777][T10503]  ? perf_trace_preemptirq_template+0x269/0x330
[  269.264015][T10503]  ? do_sys_open+0xe0/0xe0
[  269.268429][T10503]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  269.274402][T10503]  ? lock_chain_count+0x20/0x20
[  269.279249][T10503]  __x64_sys_openat+0x139/0x160
[  269.284102][T10503]  do_syscall_64+0x55/0xa0
[  269.288506][T10503]  ? clear_bhb_loop+0x40/0x90
[  269.293179][T10503]  ? clear_bhb_loop+0x40/0x90
[  269.297847][T10503]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  269.303752][T10503] RIP: 0033:0x7f558759c819
[  269.308188][T10503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  269.327793][T10503] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  269.336203][T10503] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  269.344164][T10503] RDX: 0000000000000200 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  269.352133][T10503] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  269.360090][T10503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.368072][T10503] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  269.376051][T10503]  </TASK>
[  269.387528][T10503] ERROR: Out of memory at tomoyo_realpath_from_path.
[  270.430833][T10550] netlink: 'syz.3.1741': attribute type 28 has an invalid length.
[  270.445039][T10550] netlink: 'syz.3.1741': attribute type 29 has an invalid length.
[  270.453174][T10550] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1741'.
[  270.881895][T10559] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1745'.
[  270.892088][T10560] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1741'.
[  271.006860][T10570] FAULT_INJECTION: forcing a failure.
[  271.006860][T10570] name failslab, interval 1, probability 0, space 0, times 0
[  271.019591][T10570] CPU: 0 PID: 10570 Comm: syz.0.1748 Not tainted syzkaller #0
[  271.027074][T10570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  271.037147][T10570] Call Trace:
[  271.040439][T10570]  <TASK>
[  271.043376][T10570]  dump_stack_lvl+0x18c/0x250
[  271.048064][T10570]  ? show_regs_print_info+0x20/0x20
[  271.053276][T10570]  ? load_image+0x420/0x420
[  271.057801][T10570]  should_fail_ex+0x39d/0x4d0
[  271.062476][T10570]  should_failslab+0x9/0x20
[  271.066967][T10570]  slab_pre_alloc_hook+0x59/0x310
[  271.071981][T10570]  ? ip_finish_output2+0xb04/0x11e0
[  271.077184][T10570]  kmem_cache_alloc_node+0x60/0x320
[  271.082407][T10570]  ? __alloc_skb+0x103/0x2c0
[  271.087013][T10570]  __alloc_skb+0x103/0x2c0
[  271.091442][T10570]  ip_frag_next+0xd1/0xaf0
[  271.095891][T10570]  ip_do_fragment+0x76f/0x1760
[  271.100688][T10570]  ? __ip_local_out+0x5f0/0x5f0
[  271.105552][T10570]  ? ip_fragment+0x210/0x210
[  271.110151][T10570]  ? ip_skb_dst_mtu+0x58a/0x9c0
[  271.115026][T10570]  ip_output+0x2a1/0x3b0
[  271.119366][T10570]  ? ip_output+0x60/0x3b0
[  271.123707][T10570]  iptunnel_xmit+0x4f0/0x920
[  271.128330][T10570]  ip_tunnel_xmit+0x1cbc/0x2410
[  271.133216][T10570]  ? ip4_dst_hoplimit+0x2d0/0x2d0
[  271.138251][T10570]  ? validate_xmit_xfrm+0xbc/0x12c0
[  271.143478][T10570]  ? gre_build_header+0x25b/0x990
[  271.148527][T10570]  ipgre_xmit+0x7a6/0xb20
[  271.152882][T10570]  dev_hard_start_xmit+0x246/0x740
[  271.158031][T10570]  __dev_queue_xmit+0x19a3/0x3660
[  271.163099][T10570]  ? __dev_queue_xmit+0x265/0x3660
[  271.168236][T10570]  ? netdev_core_pick_tx+0x340/0x340
[  271.173535][T10570]  ? skb_release_data+0x1cf/0x800
[  271.178583][T10570]  ? pskb_expand_head+0xbfe/0x1230
[  271.183717][T10570]  __bpf_tx_skb+0x189/0x250
[  271.188232][T10570]  bpf_clone_redirect+0x30f/0x4a0
[  271.193279][T10570]  bpf_prog_208b094576c80b22+0x5e/0x63
[  271.198750][T10570]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  271.204745][T10570]  ? lock_chain_count+0x20/0x20
[  271.209605][T10570]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  271.215591][T10570]  ? lockdep_softirqs_on+0x580/0x580
[  271.220989][T10570]  ? lock_chain_count+0x20/0x20
[  271.225870][T10570]  ? seqcount_lockdep_reader_access+0x191/0x1d0
[  271.232150][T10570]  ? __local_bh_disable_ip+0x108/0x1a0
[  271.237648][T10570]  ? __cant_sleep+0x220/0x220
[  271.242340][T10570]  ? __local_bh_enable_ip+0x13a/0x1c0
[  271.247730][T10570]  ? _local_bh_enable+0xa0/0xa0
[  271.252597][T10570]  ? bpf_test_timer_continue+0x135/0x380
[  271.258241][T10570]  ? bpf_test_run+0x174/0x870
[  271.262927][T10570]  bpf_test_run+0x2df/0x870
[  271.267450][T10570]  ? bpf_test_run+0x174/0x870
[  271.272142][T10570]  ? convert___skb_to_skb+0x590/0x590
[  271.277526][T10570]  ? eth_get_headlen+0x210/0x210
[  271.282482][T10570]  ? slab_build_skb+0x25f/0x3f0
[  271.287340][T10570]  ? convert___skb_to_skb+0x3d/0x590
[  271.292634][T10570]  bpf_prog_test_run_skb+0xad2/0x12b0
[  271.298032][T10570]  ? cpu_online+0x60/0x60
[  271.302368][T10570]  bpf_prog_test_run+0x321/0x390
[  271.307313][T10570]  __sys_bpf+0x49d/0x890
[  271.311560][T10570]  ? bpf_link_show_fdinfo+0x390/0x390
[  271.316953][T10570]  ? lock_chain_count+0x20/0x20
[  271.321816][T10570]  __x64_sys_bpf+0x7c/0x90
[  271.326251][T10570]  do_syscall_64+0x55/0xa0
[  271.330673][T10570]  ? clear_bhb_loop+0x40/0x90
[  271.335357][T10570]  ? clear_bhb_loop+0x40/0x90
[  271.340040][T10570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  271.345936][T10570] RIP: 0033:0x7eff2a59c819
[  271.350353][T10570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  271.369959][T10570] RSP: 002b:00007eff2b3ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  271.378382][T10570] RAX: ffffffffffffffda RBX: 00007eff2a815fa0 RCX: 00007eff2a59c819
[  271.386358][T10570] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  271.394332][T10570] RBP: 00007eff2b3ff090 R08: 0000000000000000 R09: 0000000000000000
[  271.402306][T10570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  271.410276][T10570] R13: 00007eff2a816038 R14: 00007eff2a815fa0 R15: 00007ffc9f338898
[  271.418267][T10570]  </TASK>
[  271.543089][T10574] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1750'.
[  272.410435][T10582] netlink: 'syz.1.1747': attribute type 4 has an invalid length.
[  272.448078][T10582] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1747'.
[  272.468129][T10591] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1755'.
[  272.477649][T10591] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  272.795984][T10602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  272.803283][T10602] IPv6: NLM_F_CREATE should be set when creating new route
[  272.912898][T10608] netlink: 'syz.1.1761': attribute type 10 has an invalid length.
[  272.928339][T10607] netlink: 'syz.1.1761': attribute type 21 has an invalid length.
[  272.947623][T10607] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1761'.
[  272.998137][T10607] delete_channel: no stack
[  273.751264][T10625] netlink: 'syz.3.1767': attribute type 29 has an invalid length.
[  273.792490][T10625] netlink: 'syz.3.1767': attribute type 29 has an invalid length.
[  273.841474][T10630] netlink: 'syz.3.1767': attribute type 29 has an invalid length.
[  274.374298][T10660] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  274.726836][T10671] netlink: 'syz.1.1782': attribute type 29 has an invalid length.
[  274.741783][T10671] netlink: 'syz.1.1782': attribute type 29 has an invalid length.
[  275.219517][T10687] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1789'.
[  275.242708][T10687] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  275.249315][T10691] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1788'.
[  275.451165][T10697] validate_nla: 4 callbacks suppressed
[  275.451210][T10697] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  275.476548][T10697] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  275.498458][T10697] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  275.562937][T10703] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1795'.
[  275.595528][T10703] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  275.891259][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1799'.
[  276.639132][T10736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1807'.
[  276.675550][T10734] netlink: 'syz.1.1806': attribute type 29 has an invalid length.
[  276.706505][T10734] netlink: 'syz.1.1806': attribute type 29 has an invalid length.
[  276.736298][T10737] netlink: 'syz.1.1806': attribute type 29 has an invalid length.
[  276.783810][T10734] netlink: 'syz.1.1806': attribute type 29 has an invalid length.
[  277.618299][T10773] netlink: 'syz.2.1821': attribute type 29 has an invalid length.
[  277.676253][T10773] netlink: 'syz.2.1821': attribute type 29 has an invalid length.
[  277.702270][T10773] netlink: 'syz.2.1821': attribute type 29 has an invalid length.
[  277.739663][T10772] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.1822'.
[  279.554841][T10838] delete_channel: no stack
[  279.560083][T10838] delete_channel: no stack
[  279.572401][T10838] delete_channel: no stack
[  279.697303][T10837] delete_channel: no stack
[  280.497332][T10863] validate_nla: 15 callbacks suppressed
[  280.497349][T10863] netlink: 'syz.2.1851': attribute type 9 has an invalid length.
[  280.614574][T10863] netlink: 371 bytes leftover after parsing attributes in process `syz.2.1851'.
[  280.688290][T10858] netlink: 'syz.2.1851': attribute type 9 has an invalid length.
[  280.702760][T10858] netlink: 371 bytes leftover after parsing attributes in process `syz.2.1851'.
[  281.284692][T10891] netlink: 'syz.2.1863': attribute type 29 has an invalid length.
[  281.301211][T10891] netlink: 'syz.2.1863': attribute type 29 has an invalid length.
[  281.314185][T10894] netlink: 'syz.2.1863': attribute type 29 has an invalid length.
[  281.333077][T10891] netlink: 'syz.2.1863': attribute type 29 has an invalid length.
[  281.370658][T10889] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1862'.
[  281.763105][T10897] netlink: 'syz.2.1865': attribute type 10 has an invalid length.
[  281.777591][T10897] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1865'.
[  282.281319][T10915] netlink: 'syz.0.1872': attribute type 3 has an invalid length.
[  282.294884][T10915] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1872'.
[  282.324214][T10917] netlink: 'syz.1.1873': attribute type 29 has an invalid length.
[  282.351258][T10917] netlink: 'syz.1.1873': attribute type 29 has an invalid length.
[  282.490497][T10924] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  282.497813][T10924] IPv6: NLM_F_CREATE should be set when creating new route
[  282.609096][T10926] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1877'.
[  282.909769][T10945] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1882'.
[  286.670131][T10987] validate_nla: 20 callbacks suppressed
[  286.670179][T10987] netlink: 'syz.2.1901': attribute type 29 has an invalid length.
[  286.712433][T10987] netlink: 'syz.2.1901': attribute type 29 has an invalid length.
[  286.731247][T10988] netlink: 'syz.2.1901': attribute type 29 has an invalid length.
[  286.753320][T10987] netlink: 'syz.2.1901': attribute type 29 has an invalid length.
[  287.050506][T10996] netlink: 'syz.3.1902': attribute type 10 has an invalid length.
[  289.824213][T10996] team0: Port device geneve1 added
[  290.141183][T11021] netlink: 'syz.0.1912': attribute type 29 has an invalid length.
[  290.154889][T11022] netlink: 'syz.3.1911': attribute type 29 has an invalid length.
[  290.179112][T11022] netlink: 'syz.3.1911': attribute type 29 has an invalid length.
[  290.208433][T11021] netlink: 'syz.0.1912': attribute type 29 has an invalid length.
[  290.241686][T11022] netlink: 'syz.3.1911': attribute type 29 has an invalid length.
[  290.392640][T11030] FAULT_INJECTION: forcing a failure.
[  290.392640][T11030] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.406522][T11030] CPU: 0 PID: 11030 Comm: syz.2.1914 Not tainted syzkaller #0
[  290.414017][T11030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  290.424174][T11030] Call Trace:
[  290.427456][T11030]  <TASK>
[  290.430384][T11030]  dump_stack_lvl+0x18c/0x250
[  290.435066][T11030]  ? show_regs_print_info+0x20/0x20
[  290.440260][T11030]  ? load_image+0x420/0x420
[  290.444759][T11030]  ? __lock_acquire+0x7d40/0x7d40
[  290.449777][T11030]  ? snprintf+0xe9/0x140
[  290.454017][T11030]  should_fail_ex+0x39d/0x4d0
[  290.458693][T11030]  _copy_to_user+0x2f/0xa0
[  290.463102][T11030]  simple_read_from_buffer+0xe7/0x150
[  290.468477][T11030]  proc_fail_nth_read+0x1e8/0x260
[  290.473500][T11030]  ? proc_fault_inject_write+0x360/0x360
[  290.479143][T11030]  ? fsnotify_perm+0x271/0x5e0
[  290.483916][T11030]  ? proc_fault_inject_write+0x360/0x360
[  290.489638][T11030]  vfs_read+0x28b/0x970
[  290.493802][T11030]  ? kernel_read+0x1e0/0x1e0
[  290.498394][T11030]  ? __fget_files+0x28/0x4b0
[  290.502981][T11030]  ? __fget_files+0x28/0x4b0
[  290.507579][T11030]  ? __fget_files+0x43d/0x4b0
[  290.512266][T11030]  ? __fdget_pos+0x2a3/0x330
[  290.516850][T11030]  ? ksys_read+0x75/0x260
[  290.521181][T11030]  ksys_read+0x150/0x260
[  290.525421][T11030]  ? vfs_write+0x990/0x990
[  290.529835][T11030]  ? lockdep_hardirqs_on+0x98/0x150
[  290.535033][T11030]  do_syscall_64+0x55/0xa0
[  290.539440][T11030]  ? clear_bhb_loop+0x40/0x90
[  290.544107][T11030]  ? clear_bhb_loop+0x40/0x90
[  290.548776][T11030]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  290.554661][T11030] RIP: 0033:0x7f558755d04e
[  290.559075][T11030] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  290.578677][T11030] RSP: 002b:00007f55884b4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  290.587082][T11030] RAX: ffffffffffffffda RBX: 00007f55884b56c0 RCX: 00007f558755d04e
[  290.595055][T11030] RDX: 000000000000000f RSI: 00007f55884b50a0 RDI: 0000000000000003
[  290.603038][T11030] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  290.611008][T11030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.618976][T11030] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  290.626958][T11030]  </TASK>
[  291.345109][T11052] 
@0Ù: renamed from bond_slave_1 (while UP)
[  291.719189][T11068] validate_nla: 9 callbacks suppressed
[  291.719232][T11068] netlink: 'syz.2.1926': attribute type 29 has an invalid length.
[  291.752177][T11068] netlink: 'syz.2.1926': attribute type 29 has an invalid length.
[  291.801651][T11071] netlink: 'syz.2.1926': attribute type 29 has an invalid length.
[  291.822002][T11068] netlink: 'syz.2.1926': attribute type 29 has an invalid length.
[  291.845477][T11073] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1929'.
[  292.081304][T11082] FAULT_INJECTION: forcing a failure.
[  292.081304][T11082] name failslab, interval 1, probability 0, space 0, times 0
[  292.093977][T11082] CPU: 1 PID: 11082 Comm: syz.2.1932 Not tainted syzkaller #0
[  292.101456][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  292.111527][T11082] Call Trace:
[  292.114831][T11082]  <TASK>
[  292.117774][T11082]  dump_stack_lvl+0x18c/0x250
[  292.122486][T11082]  ? show_regs_print_info+0x20/0x20
[  292.127707][T11082]  ? load_image+0x420/0x420
[  292.132240][T11082]  should_fail_ex+0x39d/0x4d0
[  292.136947][T11082]  should_failslab+0x9/0x20
[  292.141467][T11082]  slab_pre_alloc_hook+0x59/0x310
[  292.146504][T11082]  ? ip_finish_output2+0xb04/0x11e0
[  292.151716][T11082]  kmem_cache_alloc_node+0x60/0x320
[  292.156920][T11082]  ? __alloc_skb+0x103/0x2c0
[  292.161504][T11082]  __alloc_skb+0x103/0x2c0
[  292.165920][T11082]  ip_frag_next+0xd1/0xaf0
[  292.170341][T11082]  ip_do_fragment+0x76f/0x1760
[  292.175110][T11082]  ? __ip_local_out+0x5f0/0x5f0
[  292.179959][T11082]  ? ip_fragment+0x210/0x210
[  292.184977][T11082]  ? ip_skb_dst_mtu+0x58a/0x9c0
[  292.189828][T11082]  ip_output+0x2a1/0x3b0
[  292.194082][T11082]  ? ip_output+0x60/0x3b0
[  292.198415][T11082]  iptunnel_xmit+0x4f0/0x920
[  292.203013][T11082]  ip_tunnel_xmit+0x1cbc/0x2410
[  292.207877][T11082]  ? ip4_dst_hoplimit+0x2d0/0x2d0
[  292.212900][T11082]  ? validate_xmit_xfrm+0xbc/0x12c0
[  292.218099][T11082]  ? gre_build_header+0x25b/0x990
[  292.223130][T11082]  ipgre_xmit+0x7a6/0xb20
[  292.227469][T11082]  dev_hard_start_xmit+0x246/0x740
[  292.232592][T11082]  __dev_queue_xmit+0x19a3/0x3660
[  292.237621][T11082]  ? __dev_queue_xmit+0x265/0x3660
[  292.242734][T11082]  ? netdev_core_pick_tx+0x340/0x340
[  292.248017][T11082]  ? skb_release_data+0x1cf/0x800
[  292.253045][T11082]  ? pskb_expand_head+0xbfe/0x1230
[  292.258159][T11082]  __bpf_tx_skb+0x189/0x250
[  292.262663][T11082]  bpf_clone_redirect+0x30f/0x4a0
[  292.267691][T11082]  bpf_prog_208b094576c80b22+0x5e/0x63
[  292.273146][T11082]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  292.279123][T11082]  ? lock_chain_count+0x20/0x20
[  292.283972][T11082]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  292.289947][T11082]  ? lockdep_softirqs_on+0x580/0x580
[  292.295222][T11082]  ? lock_chain_count+0x20/0x20
[  292.300060][T11082]  ? seqcount_lockdep_reader_access+0x191/0x1d0
[  292.306298][T11082]  ? __local_bh_disable_ip+0x108/0x1a0
[  292.311746][T11082]  ? __cant_sleep+0x220/0x220
[  292.316419][T11082]  ? __local_bh_enable_ip+0x13a/0x1c0
[  292.321780][T11082]  ? _local_bh_enable+0xa0/0xa0
[  292.326624][T11082]  ? bpf_test_timer_continue+0x135/0x380
[  292.332253][T11082]  ? bpf_test_run+0x174/0x870
[  292.336943][T11082]  bpf_test_run+0x2df/0x870
[  292.341460][T11082]  ? bpf_test_run+0x174/0x870
[  292.346139][T11082]  ? convert___skb_to_skb+0x590/0x590
[  292.351522][T11082]  ? eth_get_headlen+0x210/0x210
[  292.356474][T11082]  ? slab_build_skb+0x25f/0x3f0
[  292.361325][T11082]  ? convert___skb_to_skb+0x3d/0x590
[  292.366608][T11082]  bpf_prog_test_run_skb+0xad2/0x12b0
[  292.371986][T11082]  ? cpu_online+0x60/0x60
[  292.376310][T11082]  bpf_prog_test_run+0x321/0x390
[  292.381244][T11082]  __sys_bpf+0x49d/0x890
[  292.385480][T11082]  ? bpf_link_show_fdinfo+0x390/0x390
[  292.390857][T11082]  ? lock_chain_count+0x20/0x20
[  292.395713][T11082]  __x64_sys_bpf+0x7c/0x90
[  292.400126][T11082]  do_syscall_64+0x55/0xa0
[  292.404537][T11082]  ? clear_bhb_loop+0x40/0x90
[  292.409210][T11082]  ? clear_bhb_loop+0x40/0x90
[  292.413881][T11082]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  292.419771][T11082] RIP: 0033:0x7f558759c819
[  292.424179][T11082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  292.443777][T11082] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  292.452183][T11082] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  292.460147][T11082] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  292.468106][T11082] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  292.476070][T11082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  292.484036][T11082] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  292.492009][T11082]  </TASK>
[  292.633078][T11089] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1934'.
[  292.702363][T11089] netlink: 'syz.3.1934': attribute type 10 has an invalid length.
[  292.710640][T11089] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1934'.
[  292.734853][T11089] hsr0: entered promiscuous mode
[  292.820084][T11094] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1937'.
[  292.848589][T11096] netlink: 'syz.1.1936': attribute type 29 has an invalid length.
[  292.856918][T11094] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  292.921933][T11096] netlink: 'syz.1.1936': attribute type 29 has an invalid length.
[  292.954651][T11100] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  292.962097][T11100] IPv6: NLM_F_CREATE should be set when creating new route
[  293.048469][T11098] netlink: 'syz.1.1936': attribute type 29 has an invalid length.
[  293.095833][T11101] netlink: 'syz.1.1936': attribute type 29 has an invalid length.
[  293.161198][T11107] netlink: 'syz.1.1936': attribute type 29 has an invalid length.
[  293.510167][T11121] FAULT_INJECTION: forcing a failure.
[  293.510167][T11121] name failslab, interval 1, probability 0, space 0, times 0
[  293.544732][T11121] CPU: 0 PID: 11121 Comm: syz.3.1945 Not tainted syzkaller #0
[  293.552243][T11121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  293.562429][T11121] Call Trace:
[  293.565732][T11121]  <TASK>
[  293.568673][T11121]  dump_stack_lvl+0x18c/0x250
[  293.573375][T11121]  ? show_regs_print_info+0x20/0x20
[  293.578601][T11121]  ? load_image+0x420/0x420
[  293.583125][T11121]  ? __might_sleep+0xe0/0xe0
[  293.587736][T11121]  ? __lock_acquire+0x7d40/0x7d40
[  293.592780][T11121]  should_fail_ex+0x39d/0x4d0
[  293.597482][T11121]  should_failslab+0x9/0x20
[  293.602002][T11121]  slab_pre_alloc_hook+0x59/0x310
[  293.607050][T11121]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  293.612795][T11121]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  293.618530][T11121]  __kmem_cache_alloc_node+0x53/0x250
[  293.623927][T11121]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  293.629662][T11121]  __kmalloc+0xa4/0x230
[  293.633845][T11121]  tomoyo_realpath_from_path+0xe3/0x5d0
[  293.639421][T11121]  tomoyo_path_number_perm+0x248/0x620
[  293.644904][T11121]  ? tomoyo_path_number_perm+0x217/0x620
[  293.650560][T11121]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  293.656042][T11121]  ? ksys_write+0x1c4/0x260
[  293.660595][T11121]  ? __fget_files+0x28/0x4b0
[  293.665205][T11121]  ? __fget_files+0x28/0x4b0
[  293.669910][T11121]  security_file_ioctl+0x70/0xa0
[  293.674862][T11121]  __se_sys_ioctl+0x48/0x170
[  293.679469][T11121]  do_syscall_64+0x55/0xa0
[  293.683899][T11121]  ? clear_bhb_loop+0x40/0x90
[  293.688589][T11121]  ? clear_bhb_loop+0x40/0x90
[  293.693284][T11121]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  293.699196][T11121] RIP: 0033:0x7fb6af79c819
[  293.703628][T11121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  293.723260][T11121] RSP: 002b:00007fb6b06eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.731696][T11121] RAX: ffffffffffffffda RBX: 00007fb6afa15fa0 RCX: 00007fb6af79c819
[  293.739688][T11121] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000004
[  293.747678][T11121] RBP: 00007fb6b06eb090 R08: 0000000000000000 R09: 0000000000000000
[  293.755668][T11121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.763656][T11121] R13: 00007fb6afa16038 R14: 00007fb6afa15fa0 R15: 00007ffdb20840b8
[  293.771657][T11121]  </TASK>
[  293.838168][T11121] ERROR: Out of memory at tomoyo_realpath_from_path.
[  294.908552][T11161] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  295.505276][T11188] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1968'.
[  295.977974][T11201] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1973'.
[  296.040818][T11205] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1974'.
[  296.055948][T11205] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  296.140421][T11209] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1977'.
[  296.160642][T11209] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  296.289513][T11215] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.330796][T11215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.342688][T11215] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.351035][T11215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  296.410701][T11211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1979'.
[  296.886801][T11239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1987'.
[  297.211671][T11250] validate_nla: 36 callbacks suppressed
[  297.211706][T11250] netlink: 'syz.3.1991': attribute type 29 has an invalid length.
[  297.261357][T11254] netlink: 'syz.2.1993': attribute type 29 has an invalid length.
[  297.264049][T11250] netlink: 'syz.3.1991': attribute type 29 has an invalid length.
[  297.336013][T11255] netlink: 'syz.3.1991': attribute type 29 has an invalid length.
[  297.363219][T11254] netlink: 'syz.2.1993': attribute type 29 has an invalid length.
[  297.399289][T11257] netlink: 'syz.3.1991': attribute type 29 has an invalid length.
[  297.426379][T11250] netlink: 'syz.3.1991': attribute type 29 has an invalid length.
[  297.463200][T11256] netlink: 'syz.2.1993': attribute type 29 has an invalid length.
[  297.483958][T11258] netlink: 'syz.2.1993': attribute type 29 has an invalid length.
[  297.503104][T11260] netlink: 'syz.0.1992': attribute type 10 has an invalid length.
[  298.555939][T11288] syz.0.2004[11288] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  298.556111][T11288] syz.0.2004[11288] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  299.069964][T11306] FAULT_INJECTION: forcing a failure.
[  299.069964][T11306] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.114472][T11306] CPU: 1 PID: 11306 Comm: syz.3.2011 Not tainted syzkaller #0
[  299.121978][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  299.132052][T11306] Call Trace:
[  299.135349][T11306]  <TASK>
[  299.138297][T11306]  dump_stack_lvl+0x18c/0x250
[  299.143013][T11306]  ? show_regs_print_info+0x20/0x20
[  299.148238][T11306]  ? load_image+0x420/0x420
[  299.152773][T11306]  ? __might_fault+0xaa/0x120
[  299.157465][T11306]  ? __lock_acquire+0x7d40/0x7d40
[  299.162505][T11306]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[  299.168770][T11306]  should_fail_ex+0x39d/0x4d0
[  299.173480][T11306]  _copy_from_user+0x2f/0xe0
[  299.178096][T11306]  __sys_bpf+0x23e/0x890
[  299.182419][T11306]  ? bpf_link_show_fdinfo+0x390/0x390
[  299.187827][T11306]  ? lock_chain_count+0x20/0x20
[  299.192701][T11306]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  299.198713][T11306]  __x64_sys_bpf+0x7c/0x90
[  299.203149][T11306]  do_syscall_64+0x55/0xa0
[  299.207579][T11306]  ? clear_bhb_loop+0x40/0x90
[  299.212278][T11306]  ? clear_bhb_loop+0x40/0x90
[  299.216980][T11306]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  299.222893][T11306] RIP: 0033:0x7fb6af79c819
[  299.227328][T11306] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  299.246956][T11306] RSP: 002b:00007fb6b06eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  299.255413][T11306] RAX: ffffffffffffffda RBX: 00007fb6afa15fa0 RCX: 00007fb6af79c819
[  299.263411][T11306] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  299.271399][T11306] RBP: 00007fb6b06eb090 R08: 0000000000000000 R09: 0000000000000000
[  299.279388][T11306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.287376][T11306] R13: 00007fb6afa16038 R14: 00007fb6afa15fa0 R15: 00007ffdb20840b8
[  299.295381][T11306]  </TASK>
[  300.244013][T11345] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2026'.
[  301.335547][T11373] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2036'.
[  301.514220][T11382] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2038'.
[  301.552028][T11382] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  302.312703][T11398] validate_nla: 42 callbacks suppressed
[  302.312719][T11398] netlink: 'syz.3.2047': attribute type 10 has an invalid length.
[  302.355282][T11398] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2047'.
[  302.403953][T11398] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[  302.438199][T11408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  302.524895][T11412] netlink: 'syz.2.2052': attribute type 29 has an invalid length.
[  302.540413][T11412] netlink: 'syz.2.2052': attribute type 29 has an invalid length.
[  302.580544][T11417] netlink: 'syz.2.2052': attribute type 29 has an invalid length.
[  302.596987][T11412] netlink: 'syz.2.2052': attribute type 29 has an invalid length.
[  302.622208][T11412] netlink: 'syz.2.2052': attribute type 29 has an invalid length.
[  302.772466][T11421] netlink: 'syz.0.2056': attribute type 29 has an invalid length.
[  302.792532][T11421] netlink: 'syz.0.2056': attribute type 29 has an invalid length.
[  302.807974][T11425] netlink: 'syz.0.2056': attribute type 29 has an invalid length.
[  302.822027][T11421] netlink: 'syz.0.2056': attribute type 29 has an invalid length.
[  302.849533][T11427] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2058'.
[  302.932699][T11431] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  302.940036][T11431] IPv6: NLM_F_CREATE should be set when creating new route
[  303.111784][T11441] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2061'.
[  303.132689][T11440] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2063'.
[  304.172414][T11475] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.2075'.
[  307.676749][T11501] validate_nla: 23 callbacks suppressed
[  307.676787][T11501] netlink: 'syz.3.2087': attribute type 29 has an invalid length.
[  307.760981][T11501] netlink: 'syz.3.2087': attribute type 29 has an invalid length.
[  307.836989][T11506] netlink: 'syz.3.2087': attribute type 29 has an invalid length.
[  307.865313][T11507] netlink: 'syz.3.2087': attribute type 29 has an invalid length.
[  307.949797][T11501] netlink: 'syz.3.2087': attribute type 29 has an invalid length.
[  308.282842][T11517] netlink: 'syz.2.2091': attribute type 29 has an invalid length.
[  308.295832][T11517] netlink: 'syz.2.2091': attribute type 29 has an invalid length.
[  308.333600][T11518] netlink: 'syz.2.2091': attribute type 29 has an invalid length.
[  308.349810][T11517] netlink: 'syz.2.2091': attribute type 29 has an invalid length.
[  308.971887][T11543] netlink: 'syz.1.2101': attribute type 29 has an invalid length.
[  309.419763][T11566] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2110'.
[  310.018457][T11586] FAULT_INJECTION: forcing a failure.
[  310.018457][T11586] name failslab, interval 1, probability 0, space 0, times 0
[  310.031501][T11586] CPU: 0 PID: 11586 Comm: syz.1.2118 Not tainted syzkaller #0
[  310.039250][T11586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  310.049777][T11586] Call Trace:
[  310.053075][T11586]  <TASK>
[  310.056025][T11586]  dump_stack_lvl+0x18c/0x250
[  310.060745][T11586]  ? show_regs_print_info+0x20/0x20
[  310.065983][T11586]  ? load_image+0x420/0x420
[  310.070530][T11586]  ? skb_network_protocol+0x529/0x780
[  310.075945][T11586]  should_fail_ex+0x39d/0x4d0
[  310.080657][T11586]  should_failslab+0x9/0x20
[  310.085182][T11586]  slab_pre_alloc_hook+0x59/0x310
[  310.090247][T11586]  kmem_cache_alloc+0x5a/0x2d0
[  310.095042][T11586]  ? skb_clone+0x1eb/0x370
[  310.099486][T11586]  skb_clone+0x1eb/0x370
[  310.103743][T11586]  ? dev_queue_xmit_nit+0x212/0xbb0
[  310.108966][T11586]  dev_queue_xmit_nit+0x24d/0xbb0
[  310.114018][T11586]  ? dev_queue_xmit_nit+0x2d/0xbb0
[  310.117718][T11588] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2119'.
[  310.119139][T11586]  ? validate_xmit_skb+0x949/0xf60
[  310.119182][T11586]  dev_hard_start_xmit+0x148/0x740
[  310.128439][T11588] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  310.133294][T11586]  __dev_queue_xmit+0x19a3/0x3660
[  310.158501][T11586]  ? __dev_queue_xmit+0x265/0x3660
[  310.163616][T11586]  ? lockdep_hardirqs_on+0x98/0x150
[  310.168811][T11586]  ? read_seqbegin+0x1c8/0x270
[  310.173574][T11586]  ? neigh_event_send+0x110/0x110
[  310.178598][T11586]  ? netdev_core_pick_tx+0x340/0x340
[  310.183887][T11586]  ? neigh_connected_output+0x3b0/0x450
[  310.189447][T11586]  ? ip_finish_output2+0x457/0x11e0
[  310.194638][T11586]  ip_finish_output2+0xd3a/0x11e0
[  310.199660][T11586]  ? ip_finish_output2+0x457/0x11e0
[  310.204856][T11586]  ? ip_fast_csum+0x1ee/0x2b0
[  310.209532][T11586]  ? ip_fragment+0x210/0x210
[  310.214109][T11586]  ? ip_frag_next+0x622/0xaf0
[  310.218788][T11586]  ? ip_options_fragment+0x1ae/0x290
[  310.224063][T11586]  ? ip_do_fragment+0x7e2/0x1760
[  310.228997][T11586]  ip_do_fragment+0x877/0x1760
[  310.233766][T11586]  ? ip_fragment+0x210/0x210
[  310.238348][T11586]  ? ip_skb_dst_mtu+0x58a/0x9c0
[  310.243201][T11586]  ip_output+0x2a1/0x3b0
[  310.247436][T11586]  ? ip_output+0x60/0x3b0
[  310.251759][T11586]  iptunnel_xmit+0x4f0/0x920
[  310.256356][T11586]  udp_tunnel_xmit_skb+0x249/0x390
[  310.261474][T11586]  geneve_xmit+0x26a8/0x3540
[  310.266072][T11586]  ? geneve_xmit+0x15e/0x3540
[  310.270761][T11586]  ? geneve_stop+0x1b0/0x1b0
[  310.275343][T11586]  ? kmem_cache_free+0xf8/0x270
[  310.280205][T11586]  ? dev_queue_xmit_nit+0x2d/0xbb0
[  310.285316][T11586]  ? __lock_acquire+0x7d40/0x7d40
[  310.290330][T11586]  ? dev_queue_xmit_nit+0xa80/0xbb0
[  310.295537][T11586]  dev_hard_start_xmit+0x246/0x740
[  310.300659][T11586]  __dev_queue_xmit+0x19a3/0x3660
[  310.305677][T11586]  ? iptunnel_xmit+0x4f0/0x920
[  310.310433][T11586]  ? ip_tunnel_xmit+0x1cbc/0x2410
[  310.315457][T11586]  ? __dev_queue_xmit+0x265/0x3660
[  310.320586][T11586]  ? trace_event_raw_event_lock+0x250/0x250
[  310.326501][T11586]  ? netdev_core_pick_tx+0x340/0x340
[  310.331812][T11586]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  310.337801][T11586]  ? lock_chain_count+0x20/0x20
[  310.342661][T11586]  ? __alloc_skb+0x138/0x2c0
[  310.347249][T11586]  ? ip_finish_output2+0xb04/0x11e0
[  310.352451][T11586]  ? ip_finish_output2+0x457/0x11e0
[  310.357644][T11586]  ip_finish_output2+0xcec/0x11e0
[  310.362757][T11586]  ? ip_finish_output2+0x457/0x11e0
[  310.367955][T11586]  ? ip_fragment+0x210/0x210
[  310.372553][T11586]  ? ip_options_fragment+0x1ae/0x290
[  310.377831][T11586]  ? ip_do_fragment+0x7e2/0x1760
[  310.382765][T11586]  ip_do_fragment+0x877/0x1760
[  310.387542][T11586]  ? __ip_local_out+0x5f0/0x5f0
[  310.392388][T11586]  ? ip_fragment+0x210/0x210
[  310.396972][T11586]  ? ip_skb_dst_mtu+0x58a/0x9c0
[  310.401830][T11586]  ip_output+0x2a1/0x3b0
[  310.406070][T11586]  ? ip_output+0x60/0x3b0
[  310.410394][T11586]  iptunnel_xmit+0x4f0/0x920
[  310.414994][T11586]  ip_tunnel_xmit+0x1cbc/0x2410
[  310.419863][T11586]  ? ip4_dst_hoplimit+0x2d0/0x2d0
[  310.424885][T11586]  ? kmem_cache_free+0xf8/0x270
[  310.429737][T11586]  ? dev_forward_skb_nomtu+0x31/0x50
[  310.435024][T11586]  ? gre_build_header+0x25b/0x990
[  310.440054][T11586]  ipgre_xmit+0x7a6/0xb20
[  310.444392][T11586]  dev_hard_start_xmit+0x246/0x740
[  310.449516][T11586]  __dev_queue_xmit+0x19a3/0x3660
[  310.454548][T11586]  ? __dev_queue_xmit+0x265/0x3660
[  310.459665][T11586]  ? netdev_core_pick_tx+0x340/0x340
[  310.464953][T11586]  ? skb_release_data+0x1cf/0x800
[  310.469995][T11586]  ? pskb_expand_head+0xbfe/0x1230
[  310.475110][T11586]  __bpf_tx_skb+0x189/0x250
[  310.479615][T11586]  bpf_clone_redirect+0x30f/0x4a0
[  310.484649][T11586]  bpf_prog_208b094576c80b22+0x5e/0x63
[  310.490110][T11586]  ? preempt_schedule+0xc0/0xd0
[  310.494957][T11586]  ? bpf_test_run+0x174/0x870
[  310.499632][T11586]  ? preempt_schedule_common+0x82/0xc0
[  310.505094][T11586]  ? schedule_preempt_disabled+0x20/0x20
[  310.510726][T11586]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  310.516704][T11586]  ? lockdep_softirqs_on+0x580/0x580
[  310.521982][T11586]  ? lock_chain_count+0x20/0x20
[  310.526828][T11586]  ? preempt_schedule_thunk+0x1a/0x30
[  310.532207][T11586]  ? __local_bh_disable_ip+0x108/0x1a0
[  310.537660][T11586]  ? __cant_sleep+0x220/0x220
[  310.542330][T11586]  ? __local_bh_enable_ip+0x14b/0x1c0
[  310.547693][T11586]  ? _local_bh_enable+0xa0/0xa0
[  310.552541][T11586]  ? bpf_test_timer_continue+0x135/0x380
[  310.558170][T11586]  ? bpf_test_run+0x174/0x870
[  310.562850][T11586]  bpf_test_run+0x2df/0x870
[  310.567362][T11586]  ? bpf_test_run+0x174/0x870
[  310.572038][T11586]  ? convert___skb_to_skb+0x590/0x590
[  310.577416][T11586]  ? eth_get_headlen+0x210/0x210
[  310.582358][T11586]  ? slab_build_skb+0x25f/0x3f0
[  310.587223][T11586]  ? convert___skb_to_skb+0x3d/0x590
[  310.592527][T11586]  bpf_prog_test_run_skb+0xad2/0x12b0
[  310.597916][T11586]  ? cpu_online+0x60/0x60
[  310.602249][T11586]  bpf_prog_test_run+0x321/0x390
[  310.607187][T11586]  __sys_bpf+0x49d/0x890
[  310.611428][T11586]  ? bpf_link_show_fdinfo+0x390/0x390
[  310.616809][T11586]  ? lock_chain_count+0x20/0x20
[  310.621669][T11586]  __x64_sys_bpf+0x7c/0x90
[  310.626081][T11586]  do_syscall_64+0x55/0xa0
[  310.630489][T11586]  ? clear_bhb_loop+0x40/0x90
[  310.635165][T11586]  ? clear_bhb_loop+0x40/0x90
[  310.639839][T11586]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  310.645733][T11586] RIP: 0033:0x7f508a79c819
[  310.650146][T11586] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  310.669741][T11586] RSP: 002b:00007f508b61b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  310.678149][T11586] RAX: ffffffffffffffda RBX: 00007f508aa15fa0 RCX: 00007f508a79c819
[  310.686111][T11586] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  310.694076][T11586] RBP: 00007f508b61b090 R08: 0000000000000000 R09: 0000000000000000
[  310.702042][T11586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  310.710005][T11586] R13: 00007f508aa16038 R14: 00007f508aa15fa0 R15: 00007ffefe9771b8
[  310.717985][T11586]  </TASK>
[  310.895151][T11590] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  310.902478][T11590] IPv6: NLM_F_CREATE should be set when creating new route
[  311.331088][T11611] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.339906][T11611] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.352105][T11611] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  311.374610][T11611] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.395542][T11611] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi
[  311.403280][T11614] FAULT_INJECTION: forcing a failure.
[  311.403280][T11614] name failslab, interval 1, probability 0, space 0, times 0
[  311.403423][T11611] batman_adv: batadv0: Removing interface: veth1_virt_wifi
[  311.418367][T11614] CPU: 1 PID: 11614 Comm: syz.2.2129 Not tainted syzkaller #0
[  311.430903][T11614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  311.441050][T11614] Call Trace:
[  311.444323][T11614]  <TASK>
[  311.447251][T11614]  dump_stack_lvl+0x18c/0x250
[  311.451931][T11614]  ? show_regs_print_info+0x20/0x20
[  311.457129][T11614]  ? load_image+0x420/0x420
[  311.461625][T11614]  ? __might_sleep+0xe0/0xe0
[  311.466210][T11614]  ? __lock_acquire+0x7d40/0x7d40
[  311.471229][T11614]  should_fail_ex+0x39d/0x4d0
[  311.475904][T11614]  should_failslab+0x9/0x20
[  311.480403][T11614]  slab_pre_alloc_hook+0x59/0x310
[  311.485437][T11614]  ? tomoyo_encode+0x28b/0x540
[  311.490192][T11614]  ? tomoyo_encode+0x28b/0x540
[  311.494944][T11614]  __kmem_cache_alloc_node+0x53/0x250
[  311.500313][T11614]  ? tomoyo_encode+0x28b/0x540
[  311.505066][T11614]  __kmalloc+0xa4/0x230
[  311.509218][T11614]  tomoyo_encode+0x28b/0x540
[  311.513804][T11614]  tomoyo_realpath_from_path+0x592/0x5d0
[  311.519440][T11614]  tomoyo_path_number_perm+0x248/0x620
[  311.524897][T11614]  ? tomoyo_path_number_perm+0x217/0x620
[  311.530523][T11614]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  311.535974][T11614]  ? trace_call_bpf+0xc3/0x6c0
[  311.540731][T11614]  ? trace_call_bpf+0xc3/0x6c0
[  311.545518][T11614]  ? __fget_files+0x28/0x4b0
[  311.550099][T11614]  ? __fget_files+0x28/0x4b0
[  311.554689][T11614]  security_file_ioctl+0x70/0xa0
[  311.559616][T11614]  __se_sys_ioctl+0x48/0x170
[  311.564199][T11614]  do_syscall_64+0x55/0xa0
[  311.568618][T11614]  ? clear_bhb_loop+0x40/0x90
[  311.573284][T11614]  ? clear_bhb_loop+0x40/0x90
[  311.577950][T11614]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  311.583832][T11614] RIP: 0033:0x7f558759c819
[  311.588237][T11614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  311.607838][T11614] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  311.616242][T11614] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  311.624204][T11614] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000004
[  311.632167][T11614] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  311.640132][T11614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  311.648098][T11614] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  311.656073][T11614]  </TASK>
[  311.692644][T11614] ERROR: Out of memory at tomoyo_realpath_from_path.
[  312.452148][T11642] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  313.040126][T11662] validate_nla: 35 callbacks suppressed
[  313.040159][T11662] netlink: 'syz.2.2150': attribute type 22 has an invalid length.
[  313.073984][T11666] netlink: 'syz.0.2152': attribute type 29 has an invalid length.
[  313.103636][T11666] netlink: 'syz.0.2152': attribute type 29 has an invalid length.
[  313.122564][T11668] netlink: 'syz.0.2152': attribute type 29 has an invalid length.
[  313.145130][T11666] netlink: 'syz.0.2152': attribute type 29 has an invalid length.
[  313.208755][T11666] netlink: 'syz.0.2152': attribute type 29 has an invalid length.
[  313.228001][T11670] netlink: 'syz.2.2153': attribute type 29 has an invalid length.
[  313.235949][T11672] netlink: 'syz.1.2154': attribute type 10 has an invalid length.
[  313.249716][T11670] netlink: 'syz.2.2153': attribute type 29 has an invalid length.
[  313.261009][T11673] netlink: 'syz.2.2153': attribute type 29 has an invalid length.
[  313.457121][T11681] mac80211_hwsim hwsim10 wlan0: left promiscuous mode
[  313.465444][T11681] mac80211_hwsim hwsim10 wlan0: left allmulticast mode
[  313.522362][T11680] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2157'.
[  313.531677][T11680] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  313.798872][T11687] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2160'.
[  313.848161][T11689] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2161'.
[  313.875307][T11689] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  313.916057][T11691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2162'.
[  313.956767][T11693] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2163'.
[  314.490466][T11709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2169'.
[  314.827102][T11718] bridge_slave_0: left allmulticast mode
[  314.871085][T11718] bridge_slave_0: left promiscuous mode
[  314.915114][T11718] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.357607][T11771] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.2192'.
[  316.706601][T11784] FAULT_INJECTION: forcing a failure.
[  316.706601][T11784] name failslab, interval 1, probability 0, space 0, times 0
[  316.772462][T11784] CPU: 1 PID: 11784 Comm: syz.2.2197 Not tainted syzkaller #0
[  316.779978][T11784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  316.790059][T11784] Call Trace:
[  316.793368][T11784]  <TASK>
[  316.796313][T11784]  dump_stack_lvl+0x18c/0x250
[  316.801013][T11784]  ? show_regs_print_info+0x20/0x20
[  316.806224][T11784]  ? load_image+0x420/0x420
[  316.810758][T11784]  ? __might_sleep+0xe0/0xe0
[  316.815370][T11784]  ? __lock_acquire+0x7d40/0x7d40
[  316.820425][T11784]  should_fail_ex+0x39d/0x4d0
[  316.825130][T11784]  should_failslab+0x9/0x20
[  316.829654][T11784]  slab_pre_alloc_hook+0x59/0x310
[  316.834705][T11784]  ? __get_vm_area_node+0x125/0x370
[  316.839927][T11784]  __kmem_cache_alloc_node+0x53/0x250
[  316.845324][T11784]  ? __get_vm_area_node+0x125/0x370
[  316.850544][T11784]  kmalloc_node_trace+0x26/0xe0
[  316.855424][T11784]  __get_vm_area_node+0x125/0x370
[  316.860471][T11784]  __vmalloc_node_range+0x36e/0x1330
[  316.865774][T11784]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  316.871340][T11784]  ? irqentry_enter+0x37/0x50
[  316.876033][T11784]  ? lock_chain_count+0x20/0x20
[  316.880885][T11784]  ? free_vm_area+0x50/0x50
[  316.885381][T11784]  ? lockdep_hardirqs_on+0x98/0x150
[  316.890568][T11784]  ? end_current_label_crit_section+0x170/0x170
[  316.896803][T11784]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  316.902339][T11784]  __vmalloc+0x7a/0x90
[  316.906401][T11784]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  316.911934][T11784]  bpf_prog_alloc_no_stats+0x47/0x440
[  316.917297][T11784]  ? bpf_prog_alloc+0x2b/0x1a0
[  316.922059][T11784]  bpf_prog_alloc+0x3d/0x1a0
[  316.926643][T11784]  bpf_prog_load+0x6eb/0x1670
[  316.931318][T11784]  ? map_freeze+0x420/0x420
[  316.935814][T11784]  ? __might_fault+0xaa/0x120
[  316.940482][T11784]  ? __lock_acquire+0x7d40/0x7d40
[  316.945496][T11784]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[  316.951729][T11784]  ? __might_fault+0xaa/0x120
[  316.956394][T11784]  ? __might_fault+0xc6/0x120
[  316.961061][T11784]  ? __might_fault+0xaa/0x120
[  316.965726][T11784]  ? bpf_lsm_bpf+0x9/0x10
[  316.970113][T11784]  ? security_bpf+0x7e/0xa0
[  316.974607][T11784]  __sys_bpf+0x5ba/0x890
[  316.978840][T11784]  ? bpf_link_show_fdinfo+0x390/0x390
[  316.984207][T11784]  ? lock_chain_count+0x20/0x20
[  316.989044][T11784]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  316.995025][T11784]  __x64_sys_bpf+0x7c/0x90
[  316.999432][T11784]  do_syscall_64+0x55/0xa0
[  317.003834][T11784]  ? clear_bhb_loop+0x40/0x90
[  317.008497][T11784]  ? clear_bhb_loop+0x40/0x90
[  317.013167][T11784]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  317.019058][T11784] RIP: 0033:0x7f558759c819
[  317.023464][T11784] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  317.043083][T11784] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  317.051495][T11784] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  317.059461][T11784] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  317.067426][T11784] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  317.075389][T11784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.083352][T11784] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  317.091328][T11784]  </TASK>
[  317.174874][T11784] syz.2.2197: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  317.234948][T11784] CPU: 0 PID: 11784 Comm: syz.2.2197 Not tainted syzkaller #0
[  317.242457][T11784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  317.252524][T11784] Call Trace:
[  317.255814][T11784]  <TASK>
[  317.258803][T11784]  dump_stack_lvl+0x18c/0x250
[  317.263506][T11784]  ? show_regs_print_info+0x20/0x20
[  317.268722][T11784]  ? load_image+0x420/0x420
[  317.273252][T11784]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  317.279683][T11784]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  317.286211][T11784]  warn_alloc+0x246/0x340
[  317.290566][T11784]  ? zone_watermark_ok_safe+0x230/0x230
[  317.296135][T11784]  ? lockdep_hardirqs_on+0x98/0x150
[  317.301375][T11784]  __vmalloc_node_range+0x393/0x1330
[  317.306687][T11784]  ? irqentry_enter+0x37/0x50
[  317.311391][T11784]  ? lock_chain_count+0x20/0x20
[  317.316261][T11784]  ? free_vm_area+0x50/0x50
[  317.320781][T11784]  ? lockdep_hardirqs_on+0x98/0x150
[  317.326000][T11784]  ? end_current_label_crit_section+0x170/0x170
[  317.332265][T11784]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  317.337825][T11784]  __vmalloc+0x7a/0x90
[  317.341913][T11784]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  317.347475][T11784]  bpf_prog_alloc_no_stats+0x47/0x440
[  317.352857][T11784]  ? bpf_prog_alloc+0x2b/0x1a0
[  317.357636][T11784]  bpf_prog_alloc+0x3d/0x1a0
[  317.362245][T11784]  bpf_prog_load+0x6eb/0x1670
[  317.366949][T11784]  ? map_freeze+0x420/0x420
[  317.371479][T11784]  ? __might_fault+0xaa/0x120
[  317.376166][T11784]  ? __lock_acquire+0x7d40/0x7d40
[  317.381203][T11784]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[  317.387459][T11784]  ? __might_fault+0xaa/0x120
[  317.392148][T11784]  ? __might_fault+0xc6/0x120
[  317.396836][T11784]  ? __might_fault+0xaa/0x120
[  317.401525][T11784]  ? bpf_lsm_bpf+0x9/0x10
[  317.405866][T11784]  ? security_bpf+0x7e/0xa0
[  317.410384][T11784]  __sys_bpf+0x5ba/0x890
[  317.414639][T11784]  ? bpf_link_show_fdinfo+0x390/0x390
[  317.420040][T11784]  ? lock_chain_count+0x20/0x20
[  317.424900][T11784]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  317.430900][T11784]  __x64_sys_bpf+0x7c/0x90
[  317.435328][T11784]  do_syscall_64+0x55/0xa0
[  317.439755][T11784]  ? clear_bhb_loop+0x40/0x90
[  317.444446][T11784]  ? clear_bhb_loop+0x40/0x90
[  317.449143][T11784]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  317.455054][T11784] RIP: 0033:0x7f558759c819
[  317.459479][T11784] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  317.479096][T11784] RSP: 002b:00007f55884b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  317.487867][T11784] RAX: ffffffffffffffda RBX: 00007f5587815fa0 RCX: 00007f558759c819
[  317.495853][T11784] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  317.498518][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  317.503816][T11784] RBP: 00007f55884b5090 R08: 0000000000000000 R09: 0000000000000000
[  317.518017][T11784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.525979][T11784] R13: 00007f5587816038 R14: 00007f5587815fa0 R15: 00007ffec5b36c48
[  317.533953][T11784]  </TASK>
[  317.537088][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  317.547049][T11784] Mem-Info:
[  317.550507][T11784] active_anon:12452 inactive_anon:0 isolated_anon:0
[  317.550507][T11784]  active_file:16318 inactive_file:40020 isolated_file:0
[  317.550507][T11784]  unevictable:768 dirty:218 writeback:0
[  317.550507][T11784]  slab_reclaimable:10132 slab_unreclaimable:92636
[  317.550507][T11784]  mapped:31256 shmem:8346 pagetables:577
[  317.550507][T11784]  sec_pagetables:0 bounce:0
[  317.550507][T11784]  kernel_misc_reclaimable:0
[  317.550507][T11784]  free:1341288 free_pcp:9647 free_cma:0
[  317.601088][T11784] Node 0 active_anon:49808kB inactive_anon:0kB active_file:65272kB inactive_file:159880kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:125024kB dirty:872kB writeback:0kB shmem:31848kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11108kB pagetables:2308kB sec_pagetables:0kB all_unreclaimable? no
[  317.635782][T11784] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  317.674751][T11784] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  317.765454][T11784] lowmem_reserve[]: 0 2521 2522 2522 2522
[  317.781608][T11784] Node 0 DMA32 free:1453612kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:51568kB inactive_anon:0kB active_file:65272kB inactive_file:159052kB unevictable:1536kB writepending:872kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:20652kB local_pcp:2080kB free_cma:0kB
[  317.838381][T11784] lowmem_reserve[]: 0 0 0 0 0
[  317.843155][T11784] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  317.899871][T11784] lowmem_reserve[]: 0 0 0 0 0
[  317.971449][T11784] Node 1 Normal free:3894412kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19200kB local_pcp:8608kB free_cma:0kB
[  318.048381][T11784] lowmem_reserve[]: 0 0 0 0 0
[  318.053164][T11784] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  318.106384][T11784] Node 0 DMA32: 2458*4kB (UM) 992*8kB (UE) 653*16kB (UE) 831*32kB (UME) 368*64kB (UME) 91*128kB (UME) 52*256kB (UME) 24*512kB (UM) 16*1024kB (UME) 4*2048kB (ME) 319*4096kB (UM) = 1446808kB
[  318.134982][T11784] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  318.166573][T11784] Node 1 Normal: 243*4kB (UME) 48*8kB (UME) 38*16kB (UME) 29*32kB (UME) 17*64kB (UE) 10*128kB (UME) 2*256kB (UE) 3*512kB (UME) 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3894412kB
[  318.300378][T11784] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  318.326284][T11817] validate_nla: 41 callbacks suppressed
[  318.326316][T11817] netlink: 'syz.3.2211': attribute type 29 has an invalid length.
[  318.330160][T11784] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  318.355935][T11817] netlink: 'syz.3.2211': attribute type 29 has an invalid length.
[  318.394517][T11821] netlink: 'syz.3.2211': attribute type 29 has an invalid length.
[  318.426530][T11784] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  318.438045][T11817] netlink: 'syz.3.2211': attribute type 29 has an invalid length.
[  318.481474][T11784] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  318.521792][T11784] 67546 total pagecache pages
[  318.534432][T11784] 0 pages in swap cache
[  318.549319][T11784] Free swap  = 124996kB
[  318.553715][T11784] Total swap = 124996kB
[  318.575618][T11823] netlink: 'syz.0.2213': attribute type 29 has an invalid length.
[  318.584990][T11784] 2097051 pages RAM
[  318.589493][T11784] 0 pages HighMem/MovableOnly
[  318.594193][T11784] 416927 pages reserved
[  318.607988][T11823] netlink: 'syz.0.2213': attribute type 29 has an invalid length.
[  318.646295][T11823] netlink: 'syz.0.2213': attribute type 29 has an invalid length.
[  318.683149][T11784] 0 pages cma reserved
[  318.685039][T11823] netlink: 'syz.0.2213': attribute type 29 has an invalid length.
[  318.728243][T11823] netlink: 'syz.0.2213': attribute type 29 has an invalid length.
[  319.334805][T11843] netlink: 'syz.0.2219': attribute type 4 has an invalid length.
[  320.506829][T11881] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2233'.
[  320.549857][T11881] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  321.091708][T11883] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2234'.
[  321.316590][T11897] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.2240'.
[  321.354133][T11901] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  321.361447][T11901] IPv6: NLM_F_CREATE should be set when creating new route
[  321.391455][T11897] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2240'.
[  321.426420][T11897] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2240'.
[  321.658053][T11903] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.2242'.
[  321.765330][T11904] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2242'.
[  322.249805][T11911] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.2243'.
[  323.966135][T11942] validate_nla: 31 callbacks suppressed
[  323.966171][T11942] netlink: 'syz.2.2258': attribute type 29 has an invalid length.
[  323.992003][T11942] netlink: 'syz.2.2258': attribute type 29 has an invalid length.
[  324.026774][T11946] netlink: 'syz.2.2258': attribute type 29 has an invalid length.
[  324.048069][T11942] netlink: 'syz.2.2258': attribute type 29 has an invalid length.
[  324.191140][T11949] netlink: 'syz.3.2261': attribute type 29 has an invalid length.
[  324.222290][T11949] netlink: 'syz.3.2261': attribute type 29 has an invalid length.
[  324.242674][T11954] netlink: 'syz.3.2261': attribute type 29 has an invalid length.
[  324.273247][T11949] netlink: 'syz.3.2261': attribute type 29 has an invalid length.
[  324.306394][T11949] netlink: 'syz.3.2261': attribute type 29 has an invalid length.
[  324.608509][ T5771] Bluetooth: hci2: ISO packet for unknown connection handle 8
[  324.637708][T11966] netlink: 'syz.3.2267': attribute type 6 has an invalid length.
[  324.685703][T11966] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2267'.
[  327.009643][T11998] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.2280'.
[  327.049479][T11998] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2280'.
[  327.063660][T11998] syz_tun: refused to change device tx_queue_len
[  327.072338][T11998] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  327.172994][T11998] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2280'.
[  327.199972][T11998] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  327.218665][T12003] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2280'.
[  327.253644][T12003] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2280'.
[  327.975195][T12035] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2295'.
[  328.272645][T12050] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2302'.
[  328.321679][T12052] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.2301'.
[  328.331136][T12050] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  328.563100][T12061] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  328.570439][T12061] IPv6: NLM_F_CREATE should be set when creating new route
[  328.752089][T12069] netlink: 127924 bytes leftover after parsing attributes in process `syz.2.2308'.
[  328.794479][T12069] netlink: 16384 bytes leftover after parsing attributes in process `syz.2.2308'.
[  328.868484][T12074] FAULT_INJECTION: forcing a failure.
[  328.868484][T12074] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  328.882029][T12074] CPU: 0 PID: 12074 Comm: syz.0.2311 Not tainted syzkaller #0
[  328.889511][T12074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  328.899564][T12074] Call Trace:
[  328.902836][T12074]  <TASK>
[  328.905759][T12074]  dump_stack_lvl+0x18c/0x250
[  328.910439][T12074]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  328.916588][T12074]  ? show_regs_print_info+0x20/0x20
[  328.921779][T12074]  ? load_image+0x420/0x420
[  328.926282][T12074]  should_fail_ex+0x39d/0x4d0
[  328.930961][T12074]  _copy_from_user+0x2f/0xe0
[  328.935552][T12074]  wext_handle_ioctl+0xc8/0x1d0
[  328.940405][T12074]  ? call_commit_handler+0xf0/0xf0
[  328.945523][T12074]  sock_ioctl+0x15d/0x7e0
[  328.949846][T12074]  ? sock_poll+0x3e0/0x3e0
[  328.954259][T12074]  ? bpf_lsm_file_ioctl+0x9/0x10
[  328.959187][T12074]  ? security_file_ioctl+0x80/0xa0
[  328.964293][T12074]  ? sock_poll+0x3e0/0x3e0
[  328.968703][T12074]  __se_sys_ioctl+0xfd/0x170
[  328.973286][T12074]  do_syscall_64+0x55/0xa0
[  328.977697][T12074]  ? clear_bhb_loop+0x40/0x90
[  328.982371][T12074]  ? clear_bhb_loop+0x40/0x90
[  328.987041][T12074]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  328.992924][T12074] RIP: 0033:0x7eff2a59c819
[  328.997333][T12074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  329.016927][T12074] RSP: 002b:00007eff2b3ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  329.025333][T12074] RAX: ffffffffffffffda RBX: 00007eff2a815fa0 RCX: 00007eff2a59c819
[  329.033302][T12074] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000004
[  329.041268][T12074] RBP: 00007eff2b3ff090 R08: 0000000000000000 R09: 0000000000000000
[  329.049242][T12074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.057288][T12074] R13: 00007eff2a816038 R14: 00007eff2a815fa0 R15: 00007ffc9f338898
[  329.065296][T12074]  </TASK>
[  329.466504][T12091] validate_nla: 38 callbacks suppressed
[  329.466528][T12091] netlink: 'syz.1.2319': attribute type 29 has an invalid length.
[  329.485736][T12091] netlink: 'syz.1.2319': attribute type 29 has an invalid length.
[  329.501038][T12091] netlink: 'syz.1.2319': attribute type 29 has an invalid length.
[  329.513715][T12091] netlink: 'syz.1.2319': attribute type 29 has an invalid length.
[  329.668892][T12100] netlink: 'syz.0.2322': attribute type 29 has an invalid length.
[  329.694015][T12100] netlink: 'syz.0.2322': attribute type 29 has an invalid length.
[  329.726924][T12106] netlink: 'syz.0.2322': attribute type 29 has an invalid length.
[  329.749105][T12100] netlink: 'syz.0.2322': attribute type 29 has an invalid length.
[  329.782854][T12104] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe
[  329.800013][T12100] netlink: 'syz.0.2322': attribute type 29 has an invalid length.
[  330.437056][T12129] netlink: 'syz.0.2333': attribute type 29 has an invalid length.
[  330.568387][T12124] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  331.192267][T12158] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  331.840665][ T5766] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  331.849836][ T5766] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  331.866591][ T5766] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  331.880010][ T5766] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  331.904582][ T5766] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  331.912733][ T5766] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  332.038462][ T7416] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.064752][T12186] __nla_validate_parse: 2 callbacks suppressed
[  332.064791][T12186] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2351'.
[  332.143720][ T7416] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.243033][ T7416] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.310749][ T7416] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.440259][T12180] chnl_net:caif_netlink_parms(): no params data found
[  332.766472][T12180] bridge0: port 1(bridge_slave_0) entered blocking state
[  332.773700][T12180] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.781423][T12180] bridge_slave_0: entered allmulticast mode
[  332.788861][T12180] bridge_slave_0: entered promiscuous mode
[  332.797622][T12180] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.806015][T12180] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.813342][T12180] bridge_slave_1: entered allmulticast mode
[  332.820637][T12180] bridge_slave_1: entered promiscuous mode
[  332.849929][T12180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  332.862678][T12180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  333.027571][T12180] team0: Port device team_slave_0 added
[  333.049775][T12206] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2355'.
[  333.099173][T12180] team0: Port device team_slave_1 added
[  333.145836][T12206] IPv6: NLM_F_CREATE should be specified when creating new route
[  333.169993][T12206] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2355'.
[  333.304244][T12180] batman_adv: batadv0: Adding interface: batadv_slave_0
[  333.342278][T12180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.395486][T12180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  333.478514][T12180] batman_adv: batadv0: Adding interface: batadv_slave_1
[  333.499617][T12180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.564623][T12180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  333.673357][T12225] mac80211_hwsim hwsim6 »»»»»»: renamed from wlan0
[  333.838504][T12180] hsr_slave_0: entered promiscuous mode
[  333.857759][T12180] hsr_slave_1: entered promiscuous mode
[  334.016389][ T5771] Bluetooth: hci1: command tx timeout
[  334.891192][T12269] validate_nla: 32 callbacks suppressed
[  334.891236][T12269] netlink: 'syz.0.2370': attribute type 29 has an invalid length.
[  334.925861][T12269] netlink: 'syz.0.2370': attribute type 29 has an invalid length.
[  334.972013][T12274] netlink: 'syz.0.2370': attribute type 29 has an invalid length.
[  335.001935][T12269] netlink: 'syz.0.2370': attribute type 29 has an invalid length.
[  335.176547][T12274] netlink: 'syz.0.2370': attribute type 29 has an invalid length.
[  335.536082][ T7416] hsr_slave_0: left promiscuous mode
[  335.542768][ T7416] hsr_slave_1: left promiscuous mode
[  335.640710][T12296] netlink: 'syz.2.2377': attribute type 29 has an invalid length.
[  335.661597][ T7416] veth1_vlan: left promiscuous mode
[  335.678647][ T7416] veth0_vlan: left promiscuous mode
[  336.104599][ T5771] Bluetooth: hci1: command tx timeout
[  336.211528][T12322] netlink: 'syz.3.2382': attribute type 29 has an invalid length.
[  336.827266][T12296] netlink: 'syz.2.2377': attribute type 29 has an invalid length.
[  336.842886][T12322] netlink: 'syz.3.2382': attribute type 29 has an invalid length.
[  336.862398][T12323] netlink: 'syz.3.2382': attribute type 29 has an invalid length.
[  337.030846][T12180] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  337.106993][T12180] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  337.168279][T12180] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  337.199876][T12180] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  337.232079][T12338] netlink: 55 bytes leftover after parsing attributes in process `syz.2.2387'.
[  337.568578][T12180] 8021q: adding VLAN 0 to HW filter on device bond0
[  337.656413][T12180] 8021q: adding VLAN 0 to HW filter on device team0
[  337.738578][ T7419] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.745792][ T7419] bridge0: port 1(bridge_slave_0) entered forwarding state
[  337.812540][ T7426] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.819717][ T7426] bridge0: port 2(bridge_slave_1) entered forwarding state
[  338.176845][ T5771] Bluetooth: hci1: command tx timeout
[  338.203395][T12180] 8021q: adding VLAN 0 to HW filter on device batadv0
[  338.264172][T12180] veth0_vlan: entered promiscuous mode
[  338.283941][T12180] veth1_vlan: entered promiscuous mode
[  338.314096][T12180] veth0_macvtap: entered promiscuous mode
[  338.326030][T12180] veth1_macvtap: entered promiscuous mode
[  338.344854][T12180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.364369][T12180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.374228][T12180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  338.389710][T12180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.401349][T12180] batman_adv: batadv0: Interface activated: batadv_slave_0
[  338.427205][T12180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  338.438224][T12180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.449618][T12180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  338.460395][T12180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  338.477245][T12180] batman_adv: batadv0: Interface activated: batadv_slave_1
[  338.492310][T12180] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  338.501831][T12180] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  338.516089][T12180] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  338.527297][T12180] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  338.642879][ T7419] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.664476][ T7419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.698583][ T2950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.706846][ T2950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.872660][T12383] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2341'.
[  338.911323][T12383] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  339.432231][T12394] mac80211_hwsim hwsim15 »»»»»»: renamed from wlan0
[  339.809406][ T5766] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  339.821642][ T5766] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  339.832716][ T5766] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  339.847771][ T5766] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  339.857657][ T5766] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  339.865745][ T5766] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  340.231750][ T7419] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.254737][ T5766] Bluetooth: hci1: command tx timeout
[  340.928813][T12425] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2402'.
[  340.956192][T12426] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2402'.
[  341.122188][T12430] validate_nla: 19 callbacks suppressed
[  341.122221][T12430] netlink: 'syz.3.2403': attribute type 29 has an invalid length.
[  341.122309][ T7419] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.204987][T12430] netlink: 'syz.3.2403': attribute type 29 has an invalid length.
[  341.225615][T12433] netlink: 'syz.1.2405': attribute type 4 has an invalid length.
[  341.291230][ T7419] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.341256][T12432] netlink: 'syz.3.2403': attribute type 29 has an invalid length.
[  341.417603][ T7419] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.452736][T12440] netlink: 'syz.1.2406': attribute type 29 has an invalid length.
[  341.467883][T12440] netlink: 'syz.1.2406': attribute type 29 has an invalid length.
[  341.491163][T12435] netlink: 'syz.3.2403': attribute type 29 has an invalid length.
[  341.499812][T12440] netlink: 'syz.1.2406': attribute type 29 has an invalid length.
[  341.524686][T12440] netlink: 'syz.1.2406': attribute type 29 has an invalid length.
[  341.572252][T12440] netlink: 'syz.1.2406': attribute type 29 has an invalid length.
[  341.640786][T12445] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2407'.
[  341.673072][T12445] batman_adv: batadv0: Interface deactivated: vlan1
[  341.734972][T12445] À: port 1(vlan0) entered disabled state
[  341.930345][T12445] vlan0 (unregistering): left allmulticast mode
[  341.937181][ T5766] Bluetooth: hci0: command tx timeout
[  341.943342][T12445] veth0_vlan (unregistering): left allmulticast mode
[  341.956348][T12445] vlan0 (unregistering): left promiscuous mode
[  341.962636][T12445] À: port 1(vlan0) entered disabled state
[  342.001843][T12445] batman_adv: batadv0: Removing interface: vlan1
[  342.191609][T12403] chnl_net:caif_netlink_parms(): no params data found
[  342.772897][T12403] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.785887][T12403] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.793256][T12403] bridge_slave_0: entered allmulticast mode
[  342.801337][T12403] bridge_slave_0: entered promiscuous mode
[  342.813182][T12472] C: renamed from team_slave_0 (while UP)
[  342.828343][T12472] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2414'.
[  342.838204][T12472] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  342.890477][T12403] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.929000][T12403] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.959963][T12403] bridge_slave_1: entered allmulticast mode
[  342.981207][T12403] bridge_slave_1: entered promiscuous mode
[  343.091626][T12403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  343.117347][T12403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  343.417131][T12403] team0: Port device team_slave_0 added
[  343.432435][T12403] team0: Port device team_slave_1 added
[  343.656514][T12403] batman_adv: batadv0: Adding interface: batadv_slave_0
[  343.663504][T12403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  343.737010][T12403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  343.766468][T12403] batman_adv: batadv0: Adding interface: batadv_slave_1
[  343.773441][T12403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  343.856981][T12403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  343.976269][T12403] hsr_slave_0: entered promiscuous mode
[  343.999384][T12403] hsr_slave_1: entered promiscuous mode
[  344.024514][ T5766] Bluetooth: hci0: command tx timeout
[  344.035712][T12403] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  344.043470][T12403] Cannot create hsr debugfs directory
[  344.053607][T12516] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2422'.
[  344.065304][T12516] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  344.135678][T12520] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  344.142948][T12520] IPv6: NLM_F_CREATE should be set when creating new route
[  344.760202][T12540] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2428'.
[  344.795087][T12540] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[  345.100313][ T7419] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  345.112063][ T7419] batman_adv: batadv0: Removing interface: batadv_slave_0
[  345.112087][T12549] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2430'.
[  345.131494][ T7419] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  345.145909][ T7419] batman_adv: batadv0: Removing interface: batadv_slave_1
[  345.153896][ T7419] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi
[  345.161959][ T7419] batman_adv: batadv0: Removing interface: veth1_virt_wifi
[  345.183724][ T7419] veth1_macvtap: left promiscuous mode
[  345.190456][ T7419] veth0_macvtap: left promiscuous mode
[  345.206124][ T7419] veth1_vlan: left promiscuous mode
[  345.221697][ T7419] veth0_vlan: left promiscuous mode
[  345.269365][T12556] ==================================================================
[  345.277463][T12556] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900
[  345.285294][T12556] Write of size 72 at addr ffff88801b31e910 by task syz.1.2431/12556
[  345.293356][T12556] 
[  345.295670][T12556] CPU: 1 PID: 12556 Comm: syz.1.2431 Not tainted syzkaller #0
[  345.303112][T12556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  345.313154][T12556] Call Trace:
[  345.316422][T12556]  <TASK>
[  345.319343][T12556]  dump_stack_lvl+0x18c/0x250
[  345.324043][T12556]  ? __lock_acquire+0x7d40/0x7d40
[  345.329074][T12556]  ? show_regs_print_info+0x20/0x20
[  345.334282][T12556]  ? load_image+0x420/0x420
[  345.338788][T12556]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  345.344248][T12556]  ? __virt_addr_valid+0x18c/0x540
[  345.349355][T12556]  ? __virt_addr_valid+0x469/0x540
[  345.354461][T12556]  print_report+0xa8/0x210
[  345.358877][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  345.363982][T12556]  kasan_report+0x117/0x150
[  345.368486][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  345.373597][T12556]  kasan_check_range+0x241/0x290
[  345.378703][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  345.383818][T12556]  __asan_memcpy+0x40/0x70
[  345.388232][T12556]  __bpf_get_stackid+0x6bf/0x900
[  345.393168][T12556]  bpf_get_stackid_pe+0x343/0x410
[  345.398188][T12556]  bpf_prog_a448e89f4c9ad9d1+0x30/0x4a
[  345.403636][T12556]  bpf_overflow_handler+0x1fc/0x510
[  345.408830][T12556]  ? bpf_overflow_handler+0xde/0x510
[  345.414107][T12556]  ? tp_perf_event_destroy+0x20/0x20
[  345.419387][T12556]  ? mark_lock+0x94/0x320
[  345.423707][T12556]  ? __perf_event_account_interrupt+0x187/0x280
[  345.429943][T12556]  __perf_event_overflow+0x447/0x630
[  345.435230][T12556]  perf_swevent_event+0x319/0x570
[  345.440250][T12556]  ? perf_tp_event+0x1520/0x1520
[  345.445174][T12556]  ? lock_chain_count+0x20/0x20
[  345.450017][T12556]  ___perf_sw_event+0x4a7/0x730
[  345.454859][T12556]  ? ___perf_sw_event+0x199/0x730
[  345.459872][T12556]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[  345.466279][T12556]  ? __lock_acquire+0x1347/0x7d40
[  345.471294][T12556]  ? rep_movs_alternative+0x4a/0x90
[  345.476500][T12556]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  345.482467][T12556]  ? lock_chain_count+0x20/0x20
[  345.487302][T12556]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  345.493186][T12556]  __perf_sw_event+0x139/0x270
[  345.497944][T12556]  do_user_addr_fault+0x123e/0x12c0
[  345.503135][T12556]  ? rcu_is_watching+0x15/0xb0
[  345.507893][T12556]  exc_page_fault+0x64/0x100
[  345.512471][T12556]  asm_exc_page_fault+0x26/0x30
[  345.517614][T12556] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  345.523417][T12556] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  345.543099][T12556] RSP: 0018:ffffc90003a97bd0 EFLAGS: 00050206
[  345.549153][T12556] RAX: ffffffff842a2001 RBX: 000000000000056d RCX: 00000000000001f0
[  345.557113][T12556] RDX: 0000000000000001 RSI: 000020000021b000 RDI: ffff88802cc2a37d
[  345.565072][T12556] RBP: ffffc90003a97d20 R08: 0000000000000004 R09: 0000000000000005
[  345.573027][T12556] R10: dffffc0000000000 R11: ffffed10059854ad R12: 000020000021b1f0
[  345.580986][T12556] R13: 1ffff92000752fbd R14: ffff88802cc2a000 R15: 000020000021ac83
[  345.588952][T12556]  ? rcuref_put_slowpath+0xe1/0x150
[  345.594150][T12556]  _copy_from_user+0x8b/0xe0
[  345.598733][T12556]  generic_map_update_batch+0x59a/0x810
[  345.604270][T12556]  ? rcu_read_unlock+0xa0/0xa0
[  345.609023][T12556]  ? __fdget+0x180/0x210
[  345.613258][T12556]  ? rcu_read_unlock+0xa0/0xa0
[  345.618012][T12556]  bpf_map_do_batch+0x3d7/0x610
[  345.622859][T12556]  __sys_bpf+0x381/0x890
[  345.627096][T12556]  ? bpf_link_show_fdinfo+0x390/0x390
[  345.632462][T12556]  ? lock_chain_count+0x20/0x20
[  345.637303][T12556]  __x64_sys_bpf+0x7c/0x90
[  345.641711][T12556]  do_syscall_64+0x55/0xa0
[  345.646114][T12556]  ? clear_bhb_loop+0x40/0x90
[  345.650780][T12556]  ? clear_bhb_loop+0x40/0x90
[  345.655445][T12556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  345.661334][T12556] RIP: 0033:0x7f838579c819
[  345.665749][T12556] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  345.685428][T12556] RSP: 002b:00007f83865da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  345.693830][T12556] RAX: ffffffffffffffda RBX: 00007f8385a16090 RCX: 00007f838579c819
[  345.701788][T12556] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a
[  345.709749][T12556] RBP: 00007f8385832c91 R08: 0000000000000000 R09: 0000000000000000
[  345.718093][T12556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  345.726064][T12556] R13: 00007f8385a16128 R14: 00007f8385a16090 R15: 00007ffcafb42e18
[  345.734033][T12556]  </TASK>
[  345.737042][T12556] 
[  345.739352][T12556] Allocated by task 12552:
[  345.743756][T12556]  kasan_set_track+0x4e/0x70
[  345.748338][T12556]  __kasan_kmalloc+0x8f/0xa0
[  345.752915][T12556]  __kmalloc_node+0xb4/0x230
[  345.757502][T12556]  bpf_map_area_alloc+0x5e/0x110
[  345.762434][T12556]  prealloc_elems_and_freelist+0x86/0x1c0
[  345.768142][T12556]  stack_map_alloc+0x33a/0x4c0
[  345.772894][T12556]  map_create+0x877/0x12f0
[  345.777295][T12556]  __sys_bpf+0x651/0x890
[  345.781522][T12556]  __x64_sys_bpf+0x7c/0x90
[  345.785928][T12556]  do_syscall_64+0x55/0xa0
[  345.790327][T12556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  345.796219][T12556] 
[  345.798532][T12556] The buggy address belongs to the object at ffff88801b31e900
[  345.798532][T12556]  which belongs to the cache kmalloc-cg-64 of size 64
[  345.812658][T12556] The buggy address is located 16 bytes inside of
[  345.812658][T12556]  allocated 40-byte region [ffff88801b31e900, ffff88801b31e928)
[  345.826615][T12556] 
[  345.828925][T12556] The buggy address belongs to the physical page:
[  345.835330][T12556] page:ffffea00006cc780 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801b31e280 pfn:0x1b31e
[  345.846770][T12556] memcg:ffff88807dfe6601
[  345.850993][T12556] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[  345.858958][T12556] page_type: 0xffffffff()
[  345.863271][T12556] raw: 00fff00000000800 ffff888017c4da00 ffffea000173fc40 dead000000000005
[  345.871837][T12556] raw: ffff88801b31e280 000000008020001e 00000001ffffffff ffff88807dfe6601
[  345.880398][T12556] page dumped because: kasan: bad access detected
[  345.886798][T12556] page_owner tracks the page as allocated
[  345.892493][T12556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5768, tgid 5768 (syz-executor), ts 127736932238, free_ts 127736557182
[  345.910882][T12556]  post_alloc_hook+0x1c1/0x200
[  345.915640][T12556]  get_page_from_freelist+0x1951/0x19e0
[  345.921167][T12556]  __alloc_pages+0x1f0/0x460
[  345.925738][T12556]  alloc_slab_page+0x5d/0x160
[  345.930397][T12556]  new_slab+0x87/0x2d0
[  345.934453][T12556]  ___slab_alloc+0xc5d/0x12f0
[  345.939146][T12556]  __kmem_cache_alloc_node+0x19e/0x250
[  345.944611][T12556]  kmalloc_trace+0x2a/0xe0
[  345.949025][T12556]  alloc_fdtable+0xca/0x2c0
[  345.953524][T12556]  dup_fd+0x786/0xa50
[  345.957511][T12556]  copy_files+0xc3/0x120
[  345.961756][T12556]  copy_process+0x15ab/0x3d80
[  345.966421][T12556]  kernel_clone+0x24b/0x8a0
[  345.970918][T12556]  __x64_sys_clone+0x1b7/0x230
[  345.975672][T12556]  do_syscall_64+0x55/0xa0
[  345.980077][T12556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  345.985960][T12556] page last free stack trace:
[  345.990630][T12556]  free_unref_page_prepare+0x7b2/0x8c0
[  345.996091][T12556]  free_unref_page+0x32/0x2e0
[  346.000758][T12556]  vfree+0x1a6/0x320
[  346.004643][T12556]  __do_replace+0x858/0x990
[  346.009135][T12556]  do_ip6t_set_ctl+0xb48/0xe10
[  346.013882][T12556]  nf_setsockopt+0x263/0x280
[  346.018461][T12556]  do_sock_setsockopt+0x175/0x1a0
[  346.023472][T12556]  __x64_sys_setsockopt+0x182/0x200
[  346.028677][T12556]  do_syscall_64+0x55/0xa0
[  346.033098][T12556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  346.038999][T12556] 
[  346.041316][T12556] Memory state around the buggy address:
[  346.046983][T12556]  ffff88801b31e800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  346.055065][T12556]  ffff88801b31e880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  346.063113][T12556] >ffff88801b31e900: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  346.071164][T12556]                                   ^
[  346.076518][T12556]  ffff88801b31e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  346.084575][T12556]  ffff88801b31ea00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  346.092618][T12556] ==================================================================
[  346.100672][T12556] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  346.107851][T12556] CPU: 1 PID: 12556 Comm: syz.1.2431 Not tainted syzkaller #0
[  346.115302][T12556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  346.125346][T12556] Call Trace:
[  346.128613][T12556]  <TASK>
[  346.131530][T12556]  dump_stack_lvl+0x18c/0x250
[  346.136204][T12556]  ? show_regs_print_info+0x20/0x20
[  346.141395][T12556]  ? load_image+0x420/0x420
[  346.145896][T12556]  panic+0x2dc/0x730
[  346.149782][T12556]  ? __lock_acquire+0x7d40/0x7d40
[  346.154802][T12556]  ? bpf_jit_dump+0xd0/0xd0
[  346.159321][T12556]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  346.165216][T12556]  ? _raw_spin_unlock+0x40/0x40
[  346.170060][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  346.175165][T12556]  check_panic_on_warn+0x84/0xa0
[  346.180097][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  346.185198][T12556]  end_report+0x6f/0x130
[  346.189434][T12556]  kasan_report+0x128/0x150
[  346.193930][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  346.199043][T12556]  kasan_check_range+0x241/0x290
[  346.203972][T12556]  ? __bpf_get_stackid+0x6bf/0x900
[  346.209081][T12556]  __asan_memcpy+0x40/0x70
[  346.213577][T12556]  __bpf_get_stackid+0x6bf/0x900
[  346.218511][T12556]  bpf_get_stackid_pe+0x343/0x410
[  346.223543][T12556]  bpf_prog_a448e89f4c9ad9d1+0x30/0x4a
[  346.229000][T12556]  bpf_overflow_handler+0x1fc/0x510
[  346.234201][T12556]  ? bpf_overflow_handler+0xde/0x510
[  346.239479][T12556]  ? tp_perf_event_destroy+0x20/0x20
[  346.244766][T12556]  ? mark_lock+0x94/0x320
[  346.249085][T12556]  ? __perf_event_account_interrupt+0x187/0x280
[  346.255314][T12556]  __perf_event_overflow+0x447/0x630
[  346.260590][T12556]  perf_swevent_event+0x319/0x570
[  346.265610][T12556]  ? perf_tp_event+0x1520/0x1520
[  346.270534][T12556]  ? lock_chain_count+0x20/0x20
[  346.275375][T12556]  ___perf_sw_event+0x4a7/0x730
[  346.280217][T12556]  ? ___perf_sw_event+0x199/0x730
[  346.285230][T12556]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[  346.291631][T12556]  ? __lock_acquire+0x1347/0x7d40
[  346.296649][T12556]  ? rep_movs_alternative+0x4a/0x90
[  346.301839][T12556]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  346.307805][T12556]  ? lock_chain_count+0x20/0x20
[  346.312640][T12556]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  346.318522][T12556]  __perf_sw_event+0x139/0x270
[  346.323276][T12556]  do_user_addr_fault+0x123e/0x12c0
[  346.328464][T12556]  ? rcu_is_watching+0x15/0xb0
[  346.333217][T12556]  exc_page_fault+0x64/0x100
[  346.337799][T12556]  asm_exc_page_fault+0x26/0x30
[  346.342638][T12556] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  346.348433][T12556] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  346.368024][T12556] RSP: 0018:ffffc90003a97bd0 EFLAGS: 00050206
[  346.374074][T12556] RAX: ffffffff842a2001 RBX: 000000000000056d RCX: 00000000000001f0
[  346.382032][T12556] RDX: 0000000000000001 RSI: 000020000021b000 RDI: ffff88802cc2a37d
[  346.389989][T12556] RBP: ffffc90003a97d20 R08: 0000000000000004 R09: 0000000000000005
[  346.397946][T12556] R10: dffffc0000000000 R11: ffffed10059854ad R12: 000020000021b1f0
[  346.405903][T12556] R13: 1ffff92000752fbd R14: ffff88802cc2a000 R15: 000020000021ac83
[  346.413869][T12556]  ? rcuref_put_slowpath+0xe1/0x150
[  346.419068][T12556]  _copy_from_user+0x8b/0xe0
[  346.423643][T12556]  generic_map_update_batch+0x59a/0x810
[  346.429179][T12556]  ? rcu_read_unlock+0xa0/0xa0
[  346.433936][T12556]  ? __fdget+0x180/0x210
[  346.438175][T12556]  ? rcu_read_unlock+0xa0/0xa0
[  346.442922][T12556]  bpf_map_do_batch+0x3d7/0x610
[  346.447765][T12556]  __sys_bpf+0x381/0x890
[  346.451995][T12556]  ? bpf_link_show_fdinfo+0x390/0x390
[  346.457356][T12556]  ? lock_chain_count+0x20/0x20
[  346.462193][T12556]  __x64_sys_bpf+0x7c/0x90
[  346.466593][T12556]  do_syscall_64+0x55/0xa0
[  346.470996][T12556]  ? clear_bhb_loop+0x40/0x90
[  346.475660][T12556]  ? clear_bhb_loop+0x40/0x90
[  346.480323][T12556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  346.486204][T12556] RIP: 0033:0x7f838579c819
[  346.490607][T12556] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  346.510205][T12556] RSP: 002b:00007f83865da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  346.518609][T12556] RAX: ffffffffffffffda RBX: 00007f8385a16090 RCX: 00007f838579c819
[  346.526585][T12556] RDX: 0000000000000038 RSI: 00002000000006c0 RDI: 000000000000001a
[  346.534554][T12556] RBP: 00007f8385832c91 R08: 0000000000000000 R09: 0000000000000000
[  346.542519][T12556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  346.550483][T12556] R13: 00007f8385a16128 R14: 00007f8385a16090 R15: 00007ffcafb42e18
[  346.558468][T12556]  </TASK>
[  346.561821][T12556] Kernel Offset: disabled
[  346.566153][T12556] Rebooting in 86400 seconds..