last executing test programs:

4.009951124s ago: executing program 4 (id=5556):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0xfffffffc}]})
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x40107447, &(0x7f0000000180))
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2)
r3 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0x14, 0x0, 0x0)
r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@o_path={&(0x7f0000000900)='./file0\x00', 0xffffffffffffffff, 0x4000, r4}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000447401957fff100000000", @ANYRES32=0x1, @ANYBLOB='\x00'/18, @ANYRES32=0x0], 0x48)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb010018000000000000006000000060000000030000000300000000000009feffffff0e0000000000000c020000000000ae72800b000d000000000e000000000000000c00000002000000010000000100000007000000020000930c0000000600000000000000fdffff0705000000ff070000"], &(0x7f0000000380)=""/81, 0x7b, 0x51, 0x0, 0x0, 0x10000}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, r5}, 0x94)
socketpair(0x1d, 0x2, 0x2, &(0x7f0000000280))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x1, 0x1, 0x0, 0x0, 0x200000, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r6, 0x4004743c, 0xf0ff1f00000000)
r7 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8)

3.941378026s ago: executing program 1 (id=5557):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000280000002800000005000000030000000200000f000000040e00009a0000000000000000020000000200000000000004000000000000006100"], &(0x7f0000002200)=""/4109, 0x45, 0x100d, 0x1}, 0x28)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000480)='\\', 0x1}], 0x1}, 0x4000040)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r5 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x101, @local, 0x6}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000180)="02", 0x1}, {&(0x7f0000000000)="94ccb3233d9fb8e4549a8a826de917294b98074d", 0x14}], 0x2}, 0x24009080)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000400)="ba7f", 0x2}], 0x1}, 0x0)
socket$kcm(0x1e, 0x4, 0x0)
r6 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r7 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r7, 0x10f, 0x87, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000700)="2e0000e110008188040f46ecdb44b9cca7480ef431000000e3bd6efbf4000d000000ba00000012014f76a571fe66dc1af6896fb7fd01d27d5fd9b464f92393e6f41446af43f7270d2208173000f266a685da99228b91892deca751f9eca6c7d34c477347d75093e722a928d6e449cc159b58dd166dd2b8766b0356156a1960675d81a936f53906cdaec94e434fd8fc4f9a716a67a01c1944", 0xf9}], 0x1, 0x0, 0x0, 0xc9e}, 0x1ec90f8136d7ebcf)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'dvmrp0\x00', 0x2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x20, 0x1, 0x0, 0xfffff01c}, {0x6}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000ff0700000000000000000000850000002300000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r9)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x1, 0x8, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)

3.543755468s ago: executing program 1 (id=5559):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f9, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x9, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x87, 0x52000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x8000, 0xfffffffffffffffd, 0x80000001, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a0000008000000006"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

3.539840328s ago: executing program 0 (id=5560):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f9, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x9, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x87, 0x52000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x8000, 0xfffffffffffffffd, 0x80000001, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a0000008000000006"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

3.47461788s ago: executing program 4 (id=5561):
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100220005000000e27f00000100000084000000", @ANYRES32, @ANYRES16=r1, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r3, @ANYRES8=r2, @ANYRES64=r0, @ANYRES16=r0, @ANYRESDEC, @ANYRES16, @ANYRESOCT=r3], 0x50)
sendmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81fffffeffb9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xfe33)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000740)={0x1, <r5=>0x0}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0f0000002c20000000000000", @ANYRES32=r5, @ANYBLOB="a32fca0a89237e8ecb1b075ce3e5718bf0e3624c7f6cf789667755a8fea8e5807a606b7a55ee27393a51e1f3319f5e59adc7cd241c660cd05f04fced88be6c5a855554afe7e70cbac96c3877fb85a0affba60bf5c3a71b8c6e97bccca8e30f9537ababcd7f0d766930581fedafdf31d6b1", @ANYRES64], 0x20)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@map=r4, r1, 0x5, 0x4, 0x0, @void, @value=r1}, 0x20)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8924, &(0x7f00000001c0)={'nicvf0\x00'})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r7, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r8, 0x2000300, 0x70, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r9 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r9, 0x107, 0xf, 0x0, 0x0)
sendmsg$kcm(r9, 0x0, 0x4040)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))

2.812465519s ago: executing program 2 (id=5564):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x0, 0x1}, 0x201, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x11, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000240)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x8}})

2.4410793s ago: executing program 1 (id=5565):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="1c0000001e0081054e81f782db020000071d080006007c09e8fe08a1", 0x1c}], 0x1}, 0x804)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r3 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xfffffffffeffffff, r3, 0x2)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1a69, 0x5}, 0x0, 0x5, 0x0, 0x0, 0x1}, 0x0, 0xb, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r4, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200008d00"})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, r7)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005500000085000000d000000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r9, 0x27, 0x28, 0x0, &(0x7f0000000640)="f8ad48cc02cb29dcc8007f5b86dd", 0x0, 0x3ad9, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0100000006000000080000000800000040000000", @ANYRES32, @ANYBLOB="00000000000d9e82cef67dfcc5ebeb93bf0c7e9a00"/35, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000000e6bea200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000000000000484b7c568faa6f22cf2d4a4dc2369b00cb3abde7b40d6e4d2713846ebb43ed1e348141b19af594599272c597f4d146f17375d0eb4ff35134439e4758a8b05af4960c698136d26c32883672c5d4918c29c254649941707f6b92438cc02a8f3acef2984bc9c228afd800b1282878b748f2fe9c673e3cbd3981c0791b4b290d7f06a2514f63c26db1fa86a422e371c10ed34e8d4bc973a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000900)=r2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001ac0)={0xe, 0x9, &(0x7f0000001b80)=@raw=[@map_val={0x18, 0x0, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x76b}, @ldst={0x1, 0x3, 0x3, 0x0, 0xb, 0xffffffffffffffe0, 0x8}, @jmp={0x5, 0x0, 0x9, 0xa, 0x0, 0xffffffffffffffc0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}], &(0x7f0000000700)='syzkaller\x00', 0x8, 0xb3, &(0x7f0000000840)=""/179, 0x41000, 0x1, '\x00', r1, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000940)={0x0, 0x2000008, 0x0, 0xffff}, 0x10, r2, 0xffffffffffffffff, 0x0, &(0x7f0000001a80)=[r10, r10, r6], 0x0, 0x10, 0x6}, 0x94)
r12 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r12, &(0x7f0000002d00)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000000380)="bd08b640", 0x4}], 0x1, &(0x7f0000002cc0)=[@ip_tos_u8={{0x11}}], 0x18}, 0x8000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r11, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r6, @ANYBLOB="0000000002000000b70500000800000085000000c200000095"], &(0x7f0000000300)='GPL\x00', 0x6, 0x1013, &(0x7f0000000a40)=""/4115, 0x0, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x21)

2.4391482s ago: executing program 0 (id=5575):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f9, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x9, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x87, 0x52000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x8000, 0xfffffffffffffffd, 0x80000001, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a000000800000000642"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

2.43358901s ago: executing program 4 (id=5566):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="1b0000001d008104e00f80ecdb4cb9f207c804a00d000000880802", 0x1b}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f0000000100)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x11002000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x3, 0x0, 0x1010000}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x0, 0x10000000}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

2.391363261s ago: executing program 2 (id=5567):
socket$kcm(0x21, 0x2, 0x2)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext, 0x10c002, 0xac5d, 0x10000200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0a0000000b000000040000000700000000000000", @ANYRES32=r0, @ANYBLOB="be001c8d00"/14, @ANYRES16=r1, @ANYRESOCT=r1, @ANYBLOB="0000000000000017dfcd33000000000000000000000000009a1bd6b89a8e3dc4211ce100000000", @ANYRES8], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000500), &(0x7f0000000000)=""/7, 0x2}, 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x401c5820, &(0x7f0000000000)=0x818)
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x22a82, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000040000006c000000120090f687000000001c5de6a9d0513df9e7ae0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/28], 0x50)
perf_event_open(&(0x7f00000003c0)={0x3, 0x80, 0x4e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0xc2ba, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'geneve0\x00', 0x8000})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x8090)
recvmsg$unix(r5, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
r8 = socket$kcm(0xa, 0x2, 0x88)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4)
setsockopt$sock_attach_bpf(r8, 0x1, 0x41, &(0x7f0000000040)=r7, 0x4)
setsockopt$sock_attach_bpf(r4, 0x84, 0x64, 0x0, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x0, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r10, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
gettid()

2.389751531s ago: executing program 3 (id=5568):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10c)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0, 0x500}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000640)=[{0x10, 0x84, 0x8}, {0x18, 0x84, 0x0, 'b'}], 0x28}, 0x880)

2.146665178s ago: executing program 4 (id=5569):
socket$kcm(0x21, 0x2, 0x2)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext, 0x10c002, 0xac5d, 0x10000200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0a0000000b000000040000000700000000000000", @ANYRES32=r0, @ANYBLOB="be001c8d00"/14, @ANYRES16=r1, @ANYRESOCT=r1, @ANYBLOB="0000000000000017dfcd33000000000000000000000000009a1bd6b89a8e3dc4211ce100000000", @ANYRES8], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000500), &(0x7f0000000000)=""/7, 0x2}, 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x401c5820, &(0x7f0000000000)=0x818)
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x22a82, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000040000006c000000120090f687000000001c5de6a9d0513df9e7ae0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/28], 0x50)
perf_event_open(&(0x7f00000003c0)={0x3, 0x80, 0x4e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0xc2ba, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'geneve0\x00', 0x8000})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x8090)
recvmsg$unix(r5, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
r8 = socket$kcm(0xa, 0x2, 0x88)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4)
setsockopt$sock_attach_bpf(r8, 0x1, 0x41, &(0x7f0000000040)=r7, 0x4)
ioctl$TUNGETVNETLE(r3, 0x800454dd, &(0x7f0000000100))
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x0, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r10, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
gettid()

2.144900439s ago: executing program 0 (id=5580):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f9, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x9, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x87, 0x52000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x8000, 0xfffffffffffffffd, 0x80000001, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a000000800000000642"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

1.817361508s ago: executing program 1 (id=5570):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0xa}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa40, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r1=>0x0, 0x0})
r2 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000b00)=[{0x0}, {&(0x7f0000000740)}, {0x0}], 0x3}, 0x200ce0c0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9041c5d0800fe007c05e8fe55a1080001000002010000000000080005007a010401a80016002000034004020000035c0461c9d6694f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653765eaa48185e2a380d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6", 0xcb}], 0x1}, 0x0)
close(r1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000000080000000000001205000000002e002e2e00"], &(0x7f0000000500)=""/10, 0x2a, 0xa, 0x0, 0x5, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b70000008100003bbfa300000000000007030000f8feffff720af0fff8ffffff71a4f0ff0000000071102c00000000001d400500000000004704000001ed00000f030000000000004c440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a107464ffffff7f00000000617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce963b0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c3f000000315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b47623028271722fb515f31e0dd115a292f1e68481a62cd15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea608641600020208000c000300010004000300eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953a9ac8e8e0603da27", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20044088)

1.816870198s ago: executing program 3 (id=5571):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0xfffffffc}]})
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x40107447, &(0x7f0000000180))
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2)
r3 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0x14, 0x0, 0x0)
r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@o_path={&(0x7f0000000900)='./file0\x00', 0xffffffffffffffff, 0x4000, r4}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000447401957fff100000000", @ANYRES32=0x1, @ANYBLOB='\x00'/18, @ANYRES32=0x0], 0x48)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb010018000000000000006000000060000000030000000300000000000009feffffff0e0000000000000c020000000000ae72800b000d000000000e000000000000000c00000002000000010000000100000007000000020000930c0000000600000000000000fdffff0705000000ff070000"], &(0x7f0000000380)=""/81, 0x7b, 0x51, 0x0, 0x0, 0x10000}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, r5}, 0x94)
socketpair(0x1d, 0x2, 0x2, &(0x7f0000000280))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x1, 0x1, 0x0, 0x0, 0x200000, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r6, 0x4004743c, 0xf0ff1f00000000)
r7 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8)

1.809299868s ago: executing program 0 (id=5572):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$kcm(0x15, 0x7, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={0x0}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xf, 0x6000002c, &(0x7f0000000100)="b9ff03316844268cb89e14f00800fee0050000000000002f77fbac141416e000030a44079f03b180006000000000845013f2325f003901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014c0000c0adc043084617d7ecf41effff38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d7da058f6efa6d1f5f7ff400"/254, 0x0, 0xfe, 0x60000000, 0x0, 0xffffff23}, 0x2c)

1.73348219s ago: executing program 2 (id=5573):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000002700)={&(0x7f0000000080)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000180)="90", 0x1}], 0x1}, 0x8040)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
recvmsg$kcm(r0, 0x0, 0x100)
socketpair(0x1e, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x6, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00000009000100053582c137153e3702480180000c0000d1bd", 0x33fe0}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000280)=[{&(0x7f00000001c0)="e9", 0x1}], 0x1}, 0x8054)

1.605073474s ago: executing program 0 (id=5574):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000200), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x40000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x58c8, 0x0, 0xfffffffc, 0x3, 0x2, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpid()
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001dc0)={0x11, 0x1, &(0x7f00000000c0)=@raw=[@call={0x85, 0x0, 0x0, 0xc6}], &(0x7f0000000100)='syzkaller\x00', 0x2, 0x1000, &(0x7f0000000cc0)=""/4096, 0x0, 0x49, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000001cc0)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000001d00)={0x3, 0x6, 0x40, 0x6}, 0x10, 0x0, 0x0, 0x8, 0x0, &(0x7f0000001d40)=[{0x3, 0x5, 0xe, 0xa}, {0x1, 0x1, 0x4, 0x2}, {0x1, 0x1, 0x4, 0xb}, {0x0, 0x3, 0xd, 0xa}, {0x2, 0x2, 0x4, 0x1}, {0x0, 0x2, 0x4, 0xc}, {0x4, 0x2, 0x7, 0x8}, {0x3, 0x2, 0xc, 0x2}], 0x10, 0x4}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b70600005a132c13e624f627447e48adb41c3eceffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f4a0f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb446e8d340f53a34cc9b87cd1eb84d069183a5312d67ce13b8507fce05cd3d3b4960db64b3c26480f36be956c05b74058a02de4fd806"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x18000000000002a0, 0x1e, 0x0, &(0x7f0000000680)="b90103600040f000009e0ff008001fffffe1000040004d3277fb08060001", 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020032000b35d25a806f8c6394f90324fc602f1b01000a740100053582c137153e37024801", 0x27}], 0x1}, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[], 0x0, 0x26}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24, r5}, 0x94)
r6 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r6, 0x0, 0xfe33)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b80)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r7, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r8 = socket$kcm(0x2, 0x1, 0x84)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x40, 0x0, 0x0, 0x0, 0x5d31, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0x400000}, 0x14002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r8, 0x84, 0x10, &(0x7f0000000000), 0xc)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)=r9, 0x4)

1.37052213s ago: executing program 4 (id=5576):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
close(0xffffffffffffffff)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x4}, 0x50)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x2}, 0x50)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000780)=@generic={&(0x7f0000000740)='./file0\x00'}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000120000000000000000"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x142f1bfb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10000a3f}, 0x50)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="170000000000000004025a9fff0000002e0000001126078f39b52d89f6fa0b83ff40c17ef57cec2d0f76a8c1829bec8355c379c44c32e54f8fe7ca6b82e3c3d34cd6daa3ebed0779fcb90acbb4199889ae9cda14dee23f5a698d09f0aa3a0d9a5e2423e77138f4b3bdd1c24d0cee4cdb9cbb6df138362de9f4774c461afb8f5a973af29f1d822f86bab67762e8dc6229971f9fd9627bb26a0f0d8a1085", @ANYRES8=r5, @ANYBLOB="8700"/20, @ANYRESDEC=r4, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6}, 0x0, &(0x7f00000002c0)}, 0x20)
r7 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @private=0xa010104}, 0x10, 0x0, 0x0, 0x0, 0x5}, 0x34008885)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x3e, &(0x7f0000000100)=r8, 0x4)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x81, 0x0, r0, 0x343, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2}, 0x50)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0xe, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x1}, 0x50)
r11 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r12=>0xffffffffffffffff})
recvmsg$unix(r12, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r13=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r11, 0x84, 0x64, &(0x7f0000000000)=r13, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x15, &(0x7f0000000440)=@raw=[@map_fd, @exit, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ldst={0x0, 0x2, 0x3, 0x6, 0x0, 0x4, 0x8}, @ldst={0x0, 0x2, 0x3, 0x6, 0x0, 0xc, 0xfffffffffffffff0}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x1}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x6}, @ldst={0x2, 0x3, 0x6, 0x2, 0x6, 0xfffffffffffffffc, 0xffffffffffffffff}], &(0x7f0000000500)='syzkaller\x00', 0xad6, 0x8f, &(0x7f0000000540)=""/143, 0x40f00, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000900)=[0x1, r1, r2, r3, 0xffffffffffffffff, r6, r8, r9, r10, r13], &(0x7f0000000940)=[{0x5, 0x2, 0x10, 0x8}, {0x5, 0x2, 0xa, 0x6}, {0x0, 0x3, 0xa}, {0x5, 0x4, 0xb, 0x4}, {0x4, 0x3, 0xd, 0xc}], 0x10, 0x2}, 0x94)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r14=>0x0, <r15=>0x0})
close(r14)
setsockopt$sock_attach_bpf(r15, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
r16 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r16, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
close(r15)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, <r17=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x1d, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r17}}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xd}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00'}, 0x94)

1.306963282s ago: executing program 3 (id=5577):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000080)={0x2, 0x29, @multicast2}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001040)}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x14}, @loopback}}}], 0x20, 0x9405}, 0x4)

1.287608283s ago: executing program 2 (id=5578):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x10c002, 0x100000000000ac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x2f, 0x4, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x2005, 0x0, 0x50, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x36, 0xfffffeb2, &(0x7f0000000500)="b9ff03076804268cb89e14f086dd47e0ffff2000000060010000ac141416e000000129a130112b92121f9ae0dd972fa104edcce40d8d", 0x0, 0x2800, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.201228046s ago: executing program 1 (id=5579):
r0 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xe4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x80000000, 0x10003}, 0x100000, 0x0, 0x8, 0x0, 0x4000004, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x20004000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'}) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB="18000000000000000000000003000000611071000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffedc, &(0x7f0000000080)=[{&(0x7f00000000c0)="c018030020000b12d25a80648c2594f90224fc60100c074002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50) (async)
close(0x3) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r3, r2}, 0xc) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0x1000}) (async)
r4 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xfffffffb, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x17}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) (async)
ioctl$TUNGETSNDBUF(r1, 0x400454dc, &(0x7f0000001700))
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) (async)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f00000001c0)=ANY=[@ANYBLOB="050000000000000000000000000000000000000000000000000000002196f0f5eab36db00e352a291f500ee1d5e048af9d241757a380ce0d1dd7dec7b7cac3e839236ef74fc76902a0b36c380c33c98b7f64d5df"]) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r7, &(0x7f0000000000), 0x2a979d)
ioctl$TUNSETOFFLOAD(r6, 0x4004743d, 0x4) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x2, 0x0}, @generic={0x66, 0x0, 0x0, 0x0, 0x80ffffff}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)

1.102542738s ago: executing program 3 (id=5581):
socket$kcm(0x10, 0x2, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4002, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffef, 0x0, @perf_bp={0x0, 0xa}, 0x1063c4, 0x0, 0xc2ba, 0x0, 0x4000000, 0xffffffff, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
r1 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x3, 0x0, 0x10000}, {0x10000002, 0x0, 0x0, 0x8}], 0x10, 0x7ff}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
close(r1)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r4 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r4, 0x1, 0x2, &(0x7f0000000000), 0x4)
r5 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
close(r5)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r6 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r9, 0x89e1, &(0x7f00000000c0)={r7})
close(r8)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x0)
socket$kcm(0x29, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x52}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)
setsockopt$sock_attach_bpf(r6, 0x84, 0x6e, &(0x7f0000000000)=r10, 0x10)
r11 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r11, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001900599c6d0e00009bd028ef8020ab0700200005"], 0xfe33)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000080)='./cgroup/../file0\x00', 0x0, 0x10}, 0x18)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

373.53201ms ago: executing program 4 (id=5582):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000280)='cgroup.threads\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r3, 0x84, 0x9, &(0x7f0000000380), 0x9c)
r4 = socket$kcm(0x29, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r6 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r6, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000891)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000480)={r7, 0x0, 0x0}, 0x20)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r6, r5})
sendmsg$kcm(r4, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0)
socketpair(0x1f, 0xa, 0x9, &(0x7f00000001c0))
r8 = getpid()
write$cgroup_pid(r2, &(0x7f00000002c0)=r8, 0x12)
syz_open_procfs$namespace(r8, &(0x7f0000000000)='ns/uts\x00')
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180200000100000000000000000000008500000053000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70600000000000085000000170000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x81)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0xfca804a0, 0xe, 0x0, &(0x7f0000000800)="17724b568c149730350c352f658c", 0x0, 0x800004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'pimreg\x00', 0x5dcf70ef8daa5d0e})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000300)={0x2, &(0x7f0000000340)=[{0x4c, 0x0, 0x0, 0x2}, {0x6}]})
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r11 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r11, 0x29, 0x3, 0x0, 0x35)

321.835661ms ago: executing program 1 (id=5583):
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0xf6}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={0xffffffffffffffff, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000400), &(0x7f0000000440)=[0x0, 0x0], 0x0, 0x5a, &(0x7f0000000600)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000680), 0x8, 0x10d8, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x4, 0xe2004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x131}, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedc0790700117df37538e486dd6317ce2200"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x11, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x21, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000080), 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x2}})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="ab10000000000000000011000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000340)={r3})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f1, &(0x7f0000000080))

286.995892ms ago: executing program 2 (id=5584):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f9, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x9, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x87, 0x52000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x8000, 0xfffffffffffffffd, 0x80000001, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a000000800000000642"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

226.345043ms ago: executing program 0 (id=5585):
socket$kcm(0x21, 0x2, 0x2)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2d0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext, 0x10c002, 0xac5d, 0x10000200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0a0000000b000000040000000700000000000000", @ANYRES32=r0, @ANYBLOB="be001c8d00"/14, @ANYRES16=r1, @ANYRESOCT=r1, @ANYBLOB="0000000000000017dfcd33000000000000000000000000009a1bd6b89a8e3dc4211ce100000000", @ANYRES8], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000500), &(0x7f0000000000)=""/7, 0x2}, 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x401c5820, &(0x7f0000000000)=0x818)
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x22a82, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000040000006c000000120090f687000000001c5de6a9d0513df9e7ae0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/28], 0x50)
perf_event_open(&(0x7f00000003c0)={0x3, 0x80, 0x4e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0xc2ba, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'geneve0\x00', 0x8000})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x8090)
recvmsg$unix(r5, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
r8 = socket$kcm(0xa, 0x2, 0x88)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f00000002c0)=r9, 0x4)
setsockopt$sock_attach_bpf(r8, 0x1, 0x41, &(0x7f0000000040)=r7, 0x4)
setsockopt$sock_attach_bpf(r4, 0x84, 0x64, 0x0, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x0, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r10, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
gettid()

225.729954ms ago: executing program 3 (id=5586):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$kcm(0x15, 0x7, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={0x0}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xf, 0x6000002c, &(0x7f0000000100)="b9ff03316844268cb89e14f00800fee0050000000000002f77fbac141416e000030a44079f03b180006000000000845013f2325f003901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014c0000c0adc043084617d7ecf41effff38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d7da058f6efa6d1f5f7ff400"/254, 0x0, 0xfe, 0x60000000, 0x0, 0xffffff23}, 0x2c)

4.64212ms ago: executing program 3 (id=5587):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="1c0000001e0081054e81f782db020000071d080006007c09e8fe08a1", 0x1c}], 0x1}, 0x804)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r3 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xfffffffffeffffff, r3, 0x2)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1a69, 0x5}, 0x0, 0x5, 0x0, 0x0, 0x1}, 0x0, 0xb, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r4, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200008d00"})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, r7)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005500000085000000d000000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r9, 0x27, 0x28, 0x0, &(0x7f0000000640)="f8ad48cc02cb29dcc8007f5b86dd", 0x0, 0x3ad9, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0100000006000000080000000800000040000000", @ANYRES32, @ANYBLOB="00000000000d9e82cef67dfcc5ebeb93bf0c7e9a00"/35, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000000e6bea200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000000000000484b7c568faa6f22cf2d4a4dc2369b00cb3abde7b40d6e4d2713846ebb43ed1e348141b19af594599272c597f4d146f17375d0eb4ff35134439e4758a8b05af4960c698136d26c32883672c5d4918c29c254649941707f6b92438cc02a8f3acef2984bc9c228afd800b1282878b748f2fe9c673e3cbd3981c0791b4b290d7f06a2514f63c26db1fa86a422e371c10ed34e8d4bc973a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000900)=r2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001ac0)={0xe, 0x9, &(0x7f0000001b80)=@raw=[@map_val={0x18, 0x0, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x76b}, @ldst={0x1, 0x3, 0x3, 0x0, 0xb, 0xffffffffffffffe0, 0x8}, @jmp={0x5, 0x0, 0x9, 0xa, 0x0, 0xffffffffffffffc0, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}], &(0x7f0000000700)='syzkaller\x00', 0x8, 0xb3, &(0x7f0000000840)=""/179, 0x41000, 0x1, '\x00', r1, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000940)={0x0, 0x2000008, 0x0, 0xffff}, 0x10, r2, 0xffffffffffffffff, 0x0, &(0x7f0000001a80)=[r10, r10, r6], 0x0, 0x10, 0x6}, 0x94)
r12 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r12, &(0x7f0000002d00)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000000380)="bd08b640", 0x4}], 0x1, &(0x7f0000002cc0)=[@ip_tos_u8={{0x11}}], 0x18}, 0x8000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r11, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r6, @ANYBLOB="0000000002000000b70500000800000085000000c200000095"], &(0x7f0000000300)='GPL\x00', 0x6, 0x1013, &(0x7f0000000a40)=""/4115, 0x0, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x21)

0s ago: executing program 2 (id=5597):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f9, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x2, 0x3a)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x3, 0x9, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x87, 0x52000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x8000, 0xfffffffffffffffd, 0x80000001, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a000000800000000642"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

kernel console output (not intermixed with test programs):

f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1169.584032][T17634] RSP: 002b:00007f80929af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1169.592468][T17634] RAX: ffffffffffffffda RBX: 00007f8091e15fa0 RCX: 00007f8091b9ce59
[ 1169.600454][T17634] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a
[ 1169.608433][T17634] RBP: 00007f80929af090 R08: 0000000000000000 R09: 0000000000000000
[ 1169.616439][T17634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1169.624443][T17634] R13: 00007f8091e16038 R14: 00007f8091e15fa0 R15: 00007ffc57a2f7e8
[ 1169.632448][T17634]  </TASK>
[ 1169.840906][T17643] netlink: 'syz.0.4010': attribute type 29 has an invalid length.
[ 1169.879498][T17643] netlink: 'syz.0.4010': attribute type 29 has an invalid length.
[ 1169.906782][T17645] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4013'.
[ 1169.916404][T17645] tc_dump_action: action bad kind
[ 1171.073847][T17674] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4020'.
[ 1171.128753][T17676] netlink: 116376 bytes leftover after parsing attributes in process `syz.0.4020'.
[ 1171.819634][T17665] delete_channel: no stack
[ 1171.853537][T17687] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1172.047903][T17693] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1172.692874][T17712] validate_nla: 3 callbacks suppressed
[ 1172.692898][T17712] netlink: 'syz.4.4032': attribute type 13 has an invalid length.
[ 1172.739167][T17712] netlink: 152 bytes leftover after parsing attributes in process `syz.4.4032'.
[ 1172.828667][T17712] syz_tun: refused to change device tx_queue_len
[ 1172.902452][T17712] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 1172.993421][T17715] netlink: 'syz.3.4033': attribute type 46 has an invalid length.
[ 1173.008658][T17719] netlink: 'syz.2.4031': attribute type 10 has an invalid length.
[ 1173.414791][T17728] netlink: 'syz.3.4035': attribute type 6 has an invalid length.
[ 1173.469866][T17728] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.4035'.
[ 1173.477036][T17730] netlink: 'syz.1.4036': attribute type 2 has an invalid length.
[ 1173.529185][T17730] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4036'.
[ 1174.180299][T17751] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4044'.
[ 1174.350971][T17756] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1174.411071][T17753] netlink: 'syz.0.4044': attribute type 1 has an invalid length.
[ 1174.459323][T17753] netlink: 'syz.0.4044': attribute type 1 has an invalid length.
[ 1174.467979][T17753] netlink: 116376 bytes leftover after parsing attributes in process `syz.0.4044'.
[ 1174.903090][T17768] netlink: 763 bytes leftover after parsing attributes in process `syz.1.4050'.
[ 1174.912939][T17746] delete_channel: no stack
[ 1176.362586][T17790] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1176.380173][T17789] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4058'.
[ 1176.442627][T17793] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1176.470111][T17792] tap0: tun_chr_ioctl cmd 1074025677
[ 1176.480663][T17792] tap0: linktype set to 6
[ 1176.924586][T17810] netlink: 763 bytes leftover after parsing attributes in process `syz.3.4065'.
[ 1176.968214][T17812] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4064'.
[ 1177.024495][T17814] netlink: 'syz.2.4064': attribute type 1 has an invalid length.
[ 1177.067346][T17814] netlink: 'syz.2.4064': attribute type 1 has an invalid length.
[ 1177.126970][T17814] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.4064'.
[ 1177.303524][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.309992][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.482344][T17824] FAULT_INJECTION: forcing a failure.
[ 1177.482344][T17824] name failslab, interval 1, probability 0, space 0, times 0
[ 1177.516401][T17824] CPU: 0 PID: 17824 Comm: syz.4.4069 Not tainted syzkaller #0
[ 1177.523939][T17824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1177.534032][T17824] Call Trace:
[ 1177.537338][T17824]  <TASK>
[ 1177.540303][T17824]  dump_stack_lvl+0x188/0x24e
[ 1177.545035][T17824]  ? show_regs_print_info+0x12/0x12
[ 1177.550269][T17824]  ? load_image+0x400/0x400
[ 1177.554818][T17824]  ? perf_trace_lock_acquire+0x100/0x3e0
[ 1177.560499][T17824]  should_fail_ex+0x399/0x4d0
[ 1177.565221][T17824]  should_failslab+0x5/0x20
[ 1177.569762][T17824]  slab_pre_alloc_hook+0x59/0x310
[ 1177.574830][T17824]  kmem_cache_alloc+0x56/0x2f0
[ 1177.579634][T17824]  ? skb_clone+0x1e7/0x370
[ 1177.584093][T17824]  skb_clone+0x1e7/0x370
[ 1177.588372][T17824]  __netlink_deliver_tap+0x3ed/0x800
[ 1177.593709][T17824]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1177.598950][T17824]  netlink_deliver_tap+0x19c/0x1b0
[ 1177.604093][T17824]  netlink_dump+0x832/0xd00
[ 1177.608653][T17824]  ? netlink_lookup+0x200/0x200
[ 1177.613674][T17824]  ? __inet_diag_dump_start+0x805/0x970
[ 1177.619376][T17824]  __netlink_dump_start+0x537/0x6f0
[ 1177.624631][T17824]  inet_diag_rcv_msg_compat+0x207/0x420
[ 1177.630231][T17824]  ? __inet_diag_dump+0x380/0x380
[ 1177.635297][T17824]  ? sock_diag_rcv_msg+0x142/0x5f0
[ 1177.640451][T17824]  ? inet_diag_rcv_msg_compat+0x420/0x420
[ 1177.646205][T17824]  ? inet_diag_dump_start_compat+0x20/0x20
[ 1177.652055][T17824]  ? inet_diag_dump+0x50/0x50
[ 1177.656781][T17824]  ? __inet_diag_dump+0x380/0x380
[ 1177.661848][T17824]  sock_diag_rcv_msg+0x3cc/0x5f0
[ 1177.666834][T17824]  netlink_rcv_skb+0x1fb/0x450
[ 1177.671635][T17824]  ? sock_diag_bind+0xa0/0xa0
[ 1177.676347][T17824]  ? netlink_ack+0x1170/0x1170
[ 1177.681159][T17824]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1177.686398][T17824]  sock_diag_rcv+0x26/0x40
[ 1177.690843][T17824]  netlink_unicast+0x74d/0x8d0
[ 1177.695655][T17824]  netlink_sendmsg+0x8ad/0xbd0
[ 1177.700463][T17824]  ? netlink_getsockopt+0x550/0x550
[ 1177.705701][T17824]  ? aa_sock_msg_perm+0x94/0x150
[ 1177.710678][T17824]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1177.715996][T17824]  ? security_socket_sendmsg+0x7c/0xa0
[ 1177.721507][T17824]  ? netlink_getsockopt+0x550/0x550
[ 1177.726916][T17824]  ____sys_sendmsg+0x5be/0x970
[ 1177.731726][T17824]  ? __sys_sendmsg_sock+0x30/0x30
[ 1177.736777][T17824]  ? __import_iovec+0x315/0x500
[ 1177.741674][T17824]  ? import_iovec+0x6f/0xa0
[ 1177.746224][T17824]  ___sys_sendmsg+0x2a2/0x360
[ 1177.750939][T17824]  ? __sys_sendmsg+0x290/0x290
[ 1177.755769][T17824]  ? __lock_acquire+0x7d10/0x7d10
[ 1177.760875][T17824]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1177.765760][T17824]  ? __x64_sys_sendmsg+0x80/0x80
[ 1177.770751][T17824]  ? lockdep_hardirqs_on+0x94/0x140
[ 1177.775992][T17824]  do_syscall_64+0x4c/0xa0
[ 1177.780447][T17824]  ? clear_bhb_loop+0x60/0xb0
[ 1177.785165][T17824]  ? clear_bhb_loop+0x60/0xb0
[ 1177.789884][T17824]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1177.795816][T17824] RIP: 0033:0x7f61cf39ce59
[ 1177.800268][T17824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1177.819911][T17824] RSP: 002b:00007f61d02ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1177.828361][T17824] RAX: ffffffffffffffda RBX: 00007f61cf615fa0 RCX: 00007f61cf39ce59
[ 1177.836362][T17824] RDX: ff0f000020000080 RSI: 0000200000000000 RDI: 0000000000000003
[ 1177.844360][T17824] RBP: 00007f61d02ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.852359][T17824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1177.860361][T17824] R13: 00007f61cf616038 R14: 00007f61cf615fa0 R15: 00007ffec3068908
[ 1177.868385][T17824]  </TASK>
[ 1177.914332][T17807] delete_channel: no stack
[ 1178.845706][T17839] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4073'.
[ 1178.953168][T17841] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1179.225466][T17843] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4074'.
[ 1179.307111][T17843] bond0: (slave bond_slave_0): Releasing backup interface
[ 1179.421031][T17843] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 1180.053487][T17871] netlink: 'syz.4.4084': attribute type 29 has an invalid length.
[ 1180.072073][T17871] netlink: 'syz.4.4084': attribute type 29 has an invalid length.
[ 1180.087462][T17871] netlink: 'syz.4.4084': attribute type 29 has an invalid length.
[ 1180.530173][T17875] netlink: 'syz.2.4085': attribute type 29 has an invalid length.
[ 1180.538131][T17875] netlink: 'syz.2.4085': attribute type 29 has an invalid length.
[ 1180.578057][T17874] netlink: 'syz.2.4085': attribute type 29 has an invalid length.
[ 1180.763822][T17878] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4086'.
[ 1180.829616][T17878] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1183.332710][T17918] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4100'.
[ 1183.371770][T17918] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1183.663690][T17923] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4101'.
[ 1183.725322][T17925] netlink: 'syz.2.4101': attribute type 1 has an invalid length.
[ 1183.752899][T17925] netlink: 'syz.2.4101': attribute type 1 has an invalid length.
[ 1183.807866][T17925] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.4101'.
[ 1184.305336][T17936] netlink: 'syz.0.4106': attribute type 21 has an invalid length.
[ 1184.315233][T17936] netlink: 164 bytes leftover after parsing attributes in process `syz.0.4106'.
[ 1184.450456][T17919] delete_channel: no stack
[ 1184.702581][T17949] netlink: 'syz.1.4109': attribute type 3 has an invalid length.
[ 1184.781038][T17949] netlink: 13435 bytes leftover after parsing attributes in process `syz.1.4109'.
[ 1185.198965][T17951] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1186.470416][T17979] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4121'.
[ 1186.556456][T17979] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1186.957451][T17984] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4122'.
[ 1187.015834][T17986] netlink: 'syz.1.4122': attribute type 1 has an invalid length.
[ 1187.034242][T17986] netlink: 'syz.1.4122': attribute type 1 has an invalid length.
[ 1187.053012][T17986] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4122'.
[ 1187.684780][T17982] delete_channel: no stack
[ 1190.352180][T18000] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4126'.
[ 1190.391267][T18004] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1190.869274][T18010] netlink: 152 bytes leftover after parsing attributes in process `syz.4.4129'.
[ 1190.937886][T18010] bond0: (slave bond_slave_0): Releasing backup interface
[ 1191.057595][T18010] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 1191.235577][T18027] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4134'.
[ 1191.300122][T18030] netlink: 'syz.0.4134': attribute type 1 has an invalid length.
[ 1191.389043][T18030] netlink: 'syz.0.4134': attribute type 1 has an invalid length.
[ 1191.452884][T18030] netlink: 116376 bytes leftover after parsing attributes in process `syz.0.4134'.
[ 1191.967727][T18045] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4140'.
[ 1192.003005][T18045] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1192.329392][T18020] delete_channel: no stack
[ 1192.654551][T18062] FAULT_INJECTION: forcing a failure.
[ 1192.654551][T18062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1192.679226][T18062] CPU: 0 PID: 18062 Comm: syz.2.4145 Not tainted syzkaller #0
[ 1192.686777][T18062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1192.696879][T18062] Call Trace:
[ 1192.700204][T18062]  <TASK>
[ 1192.703166][T18062]  dump_stack_lvl+0x188/0x24e
[ 1192.707888][T18062]  ? show_regs_print_info+0x12/0x12
[ 1192.713216][T18062]  ? load_image+0x400/0x400
[ 1192.717776][T18062]  ? __lock_acquire+0x7d10/0x7d10
[ 1192.722866][T18062]  ? snprintf+0xe5/0x140
[ 1192.727154][T18062]  should_fail_ex+0x399/0x4d0
[ 1192.731874][T18062]  _copy_to_user+0x2c/0x130
[ 1192.736432][T18062]  simple_read_from_buffer+0xe3/0x150
[ 1192.741843][T18062]  proc_fail_nth_read+0x1a6/0x220
[ 1192.746907][T18062]  ? proc_fault_inject_write+0x310/0x310
[ 1192.752578][T18062]  ? fsnotify_perm+0x248/0x550
[ 1192.757386][T18062]  ? proc_fault_inject_write+0x310/0x310
[ 1192.763054][T18062]  vfs_read+0x2de/0xa00
[ 1192.767259][T18062]  ? kernel_read+0x1e0/0x1e0
[ 1192.771891][T18062]  ? __fget_files+0x28/0x4b0
[ 1192.776519][T18062]  ? __fget_files+0x28/0x4b0
[ 1192.781155][T18062]  ? __fget_files+0x43d/0x4b0
[ 1192.786056][T18062]  ? __fdget_pos+0x2ae/0x360
[ 1192.790671][T18062]  ? ksys_read+0x71/0x250
[ 1192.795022][T18062]  ksys_read+0x14c/0x250
[ 1192.799291][T18062]  ? vfs_write+0xa30/0xa30
[ 1192.803736][T18062]  ? lockdep_hardirqs_on+0x94/0x140
[ 1192.808965][T18062]  do_syscall_64+0x4c/0xa0
[ 1192.813414][T18062]  ? clear_bhb_loop+0x60/0xb0
[ 1192.818110][T18062]  ? clear_bhb_loop+0x60/0xb0
[ 1192.822810][T18062]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1192.828721][T18062] RIP: 0033:0x7f58c3d5d68e
[ 1192.833151][T18062] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1192.852946][T18062] RSP: 002b:00007f58c4cfefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1192.861372][T18062] RAX: ffffffffffffffda RBX: 00007f58c4cff6c0 RCX: 00007f58c3d5d68e
[ 1192.869360][T18062] RDX: 000000000000000f RSI: 00007f58c4cff0a0 RDI: 0000000000000004
[ 1192.877342][T18062] RBP: 00007f58c4cff090 R08: 0000000000000000 R09: 0000000000000000
[ 1192.885346][T18062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1192.893326][T18062] R13: 00007f58c4016038 R14: 00007f58c4015fa0 R15: 00007ffe2832cac8
[ 1192.901328][T18062]  </TASK>
[ 1193.640398][T18077] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4154'.
[ 1193.676477][T18080] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4153'.
[ 1193.720225][T18077] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1193.798412][T18084] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1194.070949][T18096] netlink: 'syz.4.4158': attribute type 21 has an invalid length.
[ 1194.119310][T18096] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4158'.
[ 1194.153584][T18096] netlink: 'syz.4.4158': attribute type 1 has an invalid length.
[ 1194.357723][T18098] bridge0: port 3(batadv0) entered blocking state
[ 1194.370247][T18098] bridge0: port 3(batadv0) entered disabled state
[ 1194.387147][T18098] device batadv0 entered promiscuous mode
[ 1194.408452][T18098] bridge0: port 3(batadv0) entered blocking state
[ 1194.415100][T18098] bridge0: port 3(batadv0) entered forwarding state
[ 1194.847058][T11030] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 1194.856421][T11030] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 1196.122695][T18129] netlink: 'syz.3.4166': attribute type 1 has an invalid length.
[ 1196.139724][T18129] netlink: 'syz.3.4166': attribute type 1 has an invalid length.
[ 1196.147890][T18129] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.4166'.
[ 1196.732598][T18125] delete_channel: no stack
[ 1197.652860][T18139] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4170'.
[ 1197.791952][T18139] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1198.413330][T18153] netlink: 'syz.3.4176': attribute type 6 has an invalid length.
[ 1199.250181][T18174] netlink: 'syz.3.4182': attribute type 29 has an invalid length.
[ 1199.265116][T18174] netlink: 'syz.3.4182': attribute type 29 has an invalid length.
[ 1199.321578][T18174] netlink: 'syz.3.4182': attribute type 29 has an invalid length.
[ 1199.461720][T18178] netlink: 154020 bytes leftover after parsing attributes in process `syz.2.4181'.
[ 1199.613817][T18178] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16)
[ 1200.269931][T18193] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4188'.
[ 1200.321796][T18193] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1200.907745][T18199] netlink: 'syz.2.4200': attribute type 10 has an invalid length.
[ 1202.346857][T18232] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4201'.
[ 1202.402820][T18233] netlink: 'syz.0.4199': attribute type 8 has an invalid length.
[ 1202.440264][T18233] netlink: 'syz.0.4199': attribute type 1 has an invalid length.
[ 1202.474608][T18229] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1202.475197][T18233] netlink: 104088 bytes leftover after parsing attributes in process `syz.0.4199'.
[ 1202.494334][T18235] netlink: 'syz.1.4202': attribute type 29 has an invalid length.
[ 1202.520645][T18235] netlink: 'syz.1.4202': attribute type 29 has an invalid length.
[ 1202.557636][T18235] netlink: 'syz.1.4202': attribute type 29 has an invalid length.
[ 1204.049296][T18253] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4208'.
[ 1204.199351][T18256] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.4210'.
[ 1204.236954][T18261] netlink: 40115 bytes leftover after parsing attributes in process `syz.0.4212'.
[ 1204.333890][T18256] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 1204.354163][T18256] CPU: 1 PID: 18256 Comm: syz.2.4210 Not tainted syzkaller #0
[ 1204.361733][T18256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1204.371838][T18256] Call Trace:
[ 1204.375147][T18256]  <TASK>
[ 1204.378108][T18256]  dump_stack_lvl+0x188/0x24e
[ 1204.382835][T18256]  ? show_regs_print_info+0x12/0x12
[ 1204.388067][T18256]  ? load_image+0x400/0x400
[ 1204.392597][T18256]  ? sysfs_warn_dup+0x61/0xa0
[ 1204.397385][T18256]  sysfs_warn_dup+0x8a/0xa0
[ 1204.401920][T18256]  sysfs_do_create_link_sd+0xc0/0x110
[ 1204.407326][T18256]  device_add+0x7ed/0xfb0
[ 1204.411742][T18256]  wiphy_register+0x1d9f/0x2ac0
[ 1204.416702][T18256]  ? cfg80211_event_work+0x40/0x40
[ 1204.421837][T18256]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1204.428046][T18256]  ? ieee80211_register_hw+0x2920/0x39f0
[ 1204.433730][T18256]  ieee80211_register_hw+0x2d00/0x39f0
[ 1204.439212][T18256]  ? lockdep_hardirqs_on+0x94/0x140
[ 1204.444466][T18256]  ? ieee80211_register_hw+0xf41/0x39f0
[ 1204.450057][T18256]  ? ieee80211_register_hw+0xe41/0x39f0
[ 1204.455698][T18256]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1204.461381][T18256]  ? memset+0x1e/0x40
[ 1204.465399][T18256]  ? __hrtimer_init+0x186/0x270
[ 1204.470291][T18256]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1204.476131][T18256]  hwsim_new_radio_nl+0xafa/0xce0
[ 1204.481226][T18256]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1204.486817][T18256]  ? end_current_label_crit_section+0x170/0x170
[ 1204.493098][T18256]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 1204.499038][T18256]  ? bpf_lsm_capable+0x5/0x10
[ 1204.503753][T18256]  ? security_capable+0x85/0xb0
[ 1204.508654][T18256]  genl_rcv_msg+0x604/0x790
[ 1204.513220][T18256]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1204.519434][T18256]  ? genl_bind+0x360/0x360
[ 1204.523893][T18256]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 1204.530290][T18256]  ? lock_acquire+0x225/0x4a0
[ 1204.535061][T18256]  netlink_rcv_skb+0x1fb/0x450
[ 1204.539861][T18256]  ? genl_bind+0x360/0x360
[ 1204.544313][T18256]  ? netlink_ack+0x1170/0x1170
[ 1204.549122][T18256]  ? down_read+0x1a8/0x2d0
[ 1204.553666][T18256]  genl_rcv+0x24/0x40
[ 1204.557685][T18256]  netlink_unicast+0x74d/0x8d0
[ 1204.562504][T18256]  netlink_sendmsg+0x8ad/0xbd0
[ 1204.567355][T18256]  ? netlink_getsockopt+0x550/0x550
[ 1204.572604][T18256]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1204.577923][T18256]  ? security_socket_sendmsg+0x7c/0xa0
[ 1204.583430][T18256]  ? netlink_getsockopt+0x550/0x550
[ 1204.588664][T18256]  ____sys_sendmsg+0x5be/0x970
[ 1204.593469][T18256]  ? __sys_sendmsg_sock+0x30/0x30
[ 1204.598518][T18256]  ? __import_iovec+0x315/0x500
[ 1204.603416][T18256]  ? import_iovec+0x6f/0xa0
[ 1204.607963][T18256]  ___sys_sendmsg+0x2a2/0x360
[ 1204.612696][T18256]  ? __sys_sendmsg+0x290/0x290
[ 1204.617547][T18256]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1204.622454][T18256]  ? __x64_sys_sendmsg+0x80/0x80
[ 1204.627466][T18256]  ? lockdep_hardirqs_on+0x94/0x140
[ 1204.632720][T18256]  do_syscall_64+0x4c/0xa0
[ 1204.637186][T18256]  ? clear_bhb_loop+0x60/0xb0
[ 1204.641920][T18256]  ? clear_bhb_loop+0x60/0xb0
[ 1204.646652][T18256]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1204.652594][T18256] RIP: 0033:0x7f58c3d9ce59
[ 1204.657041][T18256] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1204.676776][T18256] RSP: 002b:00007f58c4cff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1204.685225][T18256] RAX: ffffffffffffffda RBX: 00007f58c4015fa0 RCX: 00007f58c3d9ce59
[ 1204.693227][T18256] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000c
[ 1204.701314][T18256] RBP: 00007f58c3e32d6f R08: 0000000000000000 R09: 0000000000000000
[ 1204.709486][T18256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1204.717487][T18256] R13: 00007f58c4016038 R14: 00007f58c4015fa0 R15: 00007ffe2832cac8
[ 1204.725513][T18256]  </TASK>
[ 1204.854371][T18271] tap0: tun_chr_ioctl cmd 1074025677
[ 1204.902932][T18271] tap0: linktype set to 778
[ 1204.944976][T18274] tap0: tun_chr_ioctl cmd 1074025698
[ 1207.390276][T18282] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4216'.
[ 1207.419300][T18286] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1207.656881][T18293] netlink: 'syz.0.4219': attribute type 29 has an invalid length.
[ 1207.679588][T18293] netlink: 'syz.0.4219': attribute type 29 has an invalid length.
[ 1207.698837][T18293] netlink: 'syz.0.4219': attribute type 29 has an invalid length.
[ 1207.747775][T18297] netlink: 'syz.1.4220': attribute type 29 has an invalid length.
[ 1207.770015][T18297] netlink: 'syz.1.4220': attribute type 29 has an invalid length.
[ 1207.899914][T18302] netlink: 'syz.1.4220': attribute type 29 has an invalid length.
[ 1208.098230][T18296] netlink: 'syz.3.4221': attribute type 21 has an invalid length.
[ 1208.106845][T18296] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4221'.
[ 1208.135621][T18296] netlink: 'syz.3.4221': attribute type 1 has an invalid length.
[ 1208.354177][T18314] netlink: 'syz.4.4225': attribute type 11 has an invalid length.
[ 1208.421045][T18314] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.4225'.
[ 1208.526730][T18317] netlink: 'syz.4.4225': attribute type 11 has an invalid length.
[ 1208.595262][T18317] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.4225'.
[ 1208.715959][T18313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1209.563581][T18326] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4229'.
[ 1209.592063][T18326] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1211.507910][T18331] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.4231'.
[ 1211.780441][T18331] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 1212.741234][T18362] netlink: 'syz.2.4239': attribute type 29 has an invalid length.
[ 1212.794267][T18362] netlink: 'syz.2.4239': attribute type 29 has an invalid length.
[ 1212.835606][T18364] netlink: 'syz.2.4239': attribute type 29 has an invalid length.
[ 1213.112193][T18369] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4243'.
[ 1213.256676][T18369] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1214.008211][T18387] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.4251'.
[ 1214.167853][T18387] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 1214.877149][T18403] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4257'.
[ 1214.917437][T18405] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1214.966003][T18414] netlink: 'syz.3.4262': attribute type 1 has an invalid length.
[ 1215.404409][T18419] netlink: 'syz.2.4264': attribute type 29 has an invalid length.
[ 1215.421893][T18419] netlink: 'syz.2.4264': attribute type 29 has an invalid length.
[ 1215.623331][T18419] netlink: 'syz.2.4264': attribute type 29 has an invalid length.
[ 1217.614177][T18451] mac80211_hwsim hwsim24 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1217.658584][T18458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4274'.
[ 1217.700151][T18460] netlink: 'syz.0.4275': attribute type 10 has an invalid length.
[ 1217.735539][T18462] netlink: 'syz.4.4274': attribute type 6 has an invalid length.
[ 1217.759257][T18462] netlink: 140 bytes leftover after parsing attributes in process `syz.4.4274'.
[ 1218.190198][T18484] netlink: 'syz.3.4283': attribute type 10 has an invalid length.
[ 1218.239439][T18484] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4283'.
[ 1218.262515][T18484] device ipvlan1 entered promiscuous mode
[ 1218.301731][T18484] bridge0: port 3(ipvlan1) entered blocking state
[ 1218.316270][T18484] bridge0: port 3(ipvlan1) entered disabled state
[ 1218.353876][T18484] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[ 1218.523300][T18484] netlink: 'syz.3.4283': attribute type 10 has an invalid length.
[ 1218.843647][T18502] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4289'.
[ 1219.132336][T18504] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4290'.
[ 1219.197204][T18504] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1219.285587][T18516] netlink: 'syz.0.4295': attribute type 29 has an invalid length.
[ 1219.330128][T18516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4295'.
[ 1219.361471][T18516] netlink: 'syz.0.4295': attribute type 29 has an invalid length.
[ 1219.406227][T18516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4295'.
[ 1219.865615][T11063] wlan1: Trigger new scan to find an IBSS to join
[ 1219.902827][T18532] netlink: 'syz.2.4301': attribute type 2 has an invalid length.
[ 1219.968694][T18536] netlink: 'syz.2.4301': attribute type 10 has an invalid length.
[ 1220.000293][T18536] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1220.065537][T18535] netlink: 'syz.4.4302': attribute type 3 has an invalid length.
[ 1220.081124][T18535] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.4302'.
[ 1220.081421][T18536] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1220.137884][T18536] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1220.169510][T18538] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4303'.
[ 1220.222189][T18543] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1220.549576][T18548] netlink: 'syz.4.4306': attribute type 22 has an invalid length.
[ 1220.575167][T18548] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4306'.
[ 1220.713202][T18550] mac80211_hwsim hwsim20 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1220.783576][T18550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4307'.
[ 1221.126958][T18553] netlink: 'syz.2.4307': attribute type 6 has an invalid length.
[ 1221.145166][T18553] netlink: 140 bytes leftover after parsing attributes in process `syz.2.4307'.
[ 1221.793483][T18589] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1222.899916][T11030] wlan1: Trigger new scan to find an IBSS to join
[ 1223.040446][T18629] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1224.204208][T18665] FAULT_INJECTION: forcing a failure.
[ 1224.204208][T18665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1224.239024][T18665] CPU: 0 PID: 18665 Comm: syz.4.4348 Not tainted syzkaller #0
[ 1224.246562][T18665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1224.256646][T18665] Call Trace:
[ 1224.259954][T18665]  <TASK>
[ 1224.262911][T18665]  dump_stack_lvl+0x188/0x24e
[ 1224.267630][T18665]  ? show_regs_print_info+0x12/0x12
[ 1224.272858][T18665]  ? load_image+0x400/0x400
[ 1224.277396][T18665]  ? __lock_acquire+0x7d10/0x7d10
[ 1224.282468][T18665]  should_fail_ex+0x399/0x4d0
[ 1224.287181][T18665]  _copy_from_user+0x2c/0x170
[ 1224.291903][T18665]  __sys_bpf+0x2ea/0x780
[ 1224.296182][T18665]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1224.301614][T18665]  ? lock_chain_count+0x20/0x20
[ 1224.306512][T18665]  __x64_sys_bpf+0x78/0x90
[ 1224.310965][T18665]  do_syscall_64+0x4c/0xa0
[ 1224.315391][T18665]  ? clear_bhb_loop+0x60/0xb0
[ 1224.320101][T18665]  ? clear_bhb_loop+0x60/0xb0
[ 1224.324794][T18665]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1224.330721][T18665] RIP: 0033:0x7f61cf39ce59
[ 1224.335183][T18665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1224.354817][T18665] RSP: 002b:00007f61d028c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1224.363247][T18665] RAX: ffffffffffffffda RBX: 00007f61cf616090 RCX: 00007f61cf39ce59
[ 1224.371231][T18665] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1224.379221][T18665] RBP: 00007f61d028c090 R08: 0000000000000000 R09: 0000000000000000
[ 1224.387202][T18665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1224.395270][T18665] R13: 00007f61cf616128 R14: 00007f61cf616090 R15: 00007ffec3068908
[ 1224.403265][T18665]  </TASK>
[ 1224.761987][T18667] __nla_validate_parse: 3 callbacks suppressed
[ 1224.762021][T18667] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4349'.
[ 1224.812600][T18671] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1225.017606][T18676] netlink: 'syz.4.4351': attribute type 21 has an invalid length.
[ 1225.094646][T18676] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1225.181775][T18676] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1225.189238][T18676] IPv6: NLM_F_CREATE should be set when creating new route
[ 1225.196680][T18676] IPv6: NLM_F_CREATE should be set when creating new route
[ 1225.204031][T18676] IPv6: NLM_F_CREATE should be set when creating new route
[ 1225.649162][T18688] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4354'.
[ 1225.780977][T18688] bond0: (slave bond_slave_0): Releasing backup interface
[ 1225.821651][T18688] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 1225.860872][T11030] wlan1: Trigger new scan to find an IBSS to join
[ 1226.316727][T18708] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1226.717744][T18716] netlink: 'syz.4.4363': attribute type 2 has an invalid length.
[ 1226.752421][T18718] netlink: 'syz.4.4363': attribute type 10 has an invalid length.
[ 1226.767474][T18718] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1226.815462][T18718] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1226.841690][T11063] wlan1: Creating new IBSS network, BSSID 8a:a1:f8:2f:e1:51
[ 1226.862716][T18718] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1228.060432][T18737] FAULT_INJECTION: forcing a failure.
[ 1228.060432][T18737] name failslab, interval 1, probability 0, space 0, times 0
[ 1228.115005][T18737] CPU: 0 PID: 18737 Comm: syz.3.4371 Not tainted syzkaller #0
[ 1228.122550][T18737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1228.132637][T18737] Call Trace:
[ 1228.135943][T18737]  <TASK>
[ 1228.138900][T18737]  dump_stack_lvl+0x188/0x24e
[ 1228.143615][T18737]  ? show_regs_print_info+0x12/0x12
[ 1228.148842][T18737]  ? load_image+0x400/0x400
[ 1228.153386][T18737]  ? __might_sleep+0xd0/0xd0
[ 1228.158058][T18737]  ? __lock_acquire+0x7d10/0x7d10
[ 1228.163144][T18737]  should_fail_ex+0x399/0x4d0
[ 1228.167878][T18737]  should_failslab+0x5/0x20
[ 1228.172424][T18737]  slab_pre_alloc_hook+0x59/0x310
[ 1228.177489][T18737]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1228.183684][T18737]  kmem_cache_alloc+0x56/0x2f0
[ 1228.188477][T18737]  ? __alloc_file+0x25/0x230
[ 1228.193109][T18737]  __alloc_file+0x25/0x230
[ 1228.197578][T18737]  alloc_empty_file+0x90/0x180
[ 1228.202381][T18737]  alloc_file+0x5c/0x5f0
[ 1228.206660][T18737]  alloc_file_pseudo+0x180/0x200
[ 1228.211632][T18737]  ? alloc_empty_file_noaccount+0x80/0x80
[ 1228.217380][T18737]  ? _raw_spin_unlock+0x24/0x40
[ 1228.222279][T18737]  anon_inode_getfd+0xc6/0x1c0
[ 1228.227176][T18737]  map_create+0xbe8/0x1000
[ 1228.231635][T18737]  __sys_bpf+0x38b/0x780
[ 1228.235918][T18737]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1228.241345][T18737]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1228.247819][T18737]  __x64_sys_bpf+0x78/0x90
[ 1228.252365][T18737]  do_syscall_64+0x4c/0xa0
[ 1228.256893][T18737]  ? clear_bhb_loop+0x60/0xb0
[ 1228.261603][T18737]  ? clear_bhb_loop+0x60/0xb0
[ 1228.266313][T18737]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1228.272282][T18737] RIP: 0033:0x7f65d559ce59
[ 1228.276724][T18737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1228.296358][T18737] RSP: 002b:00007f65d37f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1228.304803][T18737] RAX: ffffffffffffffda RBX: 00007f65d5815fa0 RCX: 00007f65d559ce59
[ 1228.312801][T18737] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 0000000000000000
[ 1228.320883][T18737] RBP: 00007f65d37f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1228.328882][T18737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1228.336884][T18737] R13: 00007f65d5816038 R14: 00007f65d5815fa0 R15: 00007ffcb95fe8f8
[ 1228.344901][T18737]  </TASK>
[ 1228.737919][T18757] netlink: 'syz.4.4374': attribute type 14 has an invalid length.
[ 1228.800307][T18757] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.4374'.
[ 1229.218158][T18774] sctp: [Deprecated]: syz.3.4381 (pid 18774) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1229.218158][T18774] Use struct sctp_sack_info instead
[ 1230.282588][T18788] netlink: 'syz.2.4385': attribute type 1 has an invalid length.
[ 1230.307989][T18786] netlink: 'syz.3.4386': attribute type 10 has an invalid length.
[ 1230.323638][T18786] netlink: 2 bytes leftover after parsing attributes in process `syz.3.4386'.
[ 1230.330217][T18788] netlink: 'syz.2.4385': attribute type 1 has an invalid length.
[ 1230.336125][T18786] device hsr0 entered promiscuous mode
[ 1230.367916][T18786] bridge0: port 3(hsr0) entered blocking state
[ 1230.378302][T18786] bridge0: port 3(hsr0) entered disabled state
[ 1230.393058][T18788] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.4385'.
[ 1230.432988][T18786] bridge0: port 3(hsr0) entered blocking state
[ 1230.440874][T18786] bridge0: port 3(hsr0) entered forwarding state
[ 1230.743204][T18797] netlink: 'syz.1.4390': attribute type 2 has an invalid length.
[ 1230.761797][T18797] netlink: 'syz.1.4390': attribute type 8 has an invalid length.
[ 1230.785732][T18797] netlink: 197344 bytes leftover after parsing attributes in process `syz.1.4390'.
[ 1230.945741][T18797] netlink: 'syz.1.4390': attribute type 2 has an invalid length.
[ 1230.955263][T18805] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4391'.
[ 1231.006800][T18783] delete_channel: no stack
[ 1231.017850][T18797] netlink: 196452 bytes leftover after parsing attributes in process `syz.1.4390'.
[ 1231.084935][T18805] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1231.098664][T18806] netlink: 'syz.1.4390': attribute type 2 has an invalid length.
[ 1231.143319][T18806] device 0 entered promiscuous mode
[ 1231.515101][T18817] FAULT_INJECTION: forcing a failure.
[ 1231.515101][T18817] name failslab, interval 1, probability 0, space 0, times 0
[ 1231.536575][T18817] CPU: 1 PID: 18817 Comm: syz.2.4396 Not tainted syzkaller #0
[ 1231.544133][T18817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1231.554229][T18817] Call Trace:
[ 1231.557543][T18817]  <TASK>
[ 1231.560509][T18817]  dump_stack_lvl+0x188/0x24e
[ 1231.565262][T18817]  ? show_regs_print_info+0x12/0x12
[ 1231.570516][T18817]  ? load_image+0x400/0x400
[ 1231.575075][T18817]  ? __might_sleep+0xd0/0xd0
[ 1231.579711][T18817]  ? __lock_acquire+0x7d10/0x7d10
[ 1231.584789][T18817]  should_fail_ex+0x399/0x4d0
[ 1231.589513][T18817]  should_failslab+0x5/0x20
[ 1231.594054][T18817]  slab_pre_alloc_hook+0x59/0x310
[ 1231.599123][T18817]  kmem_cache_alloc_node+0x5a/0x320
[ 1231.604364][T18817]  ? __alloc_skb+0xfc/0x7e0
[ 1231.608944][T18817]  __alloc_skb+0xfc/0x7e0
[ 1231.613305][T18817]  ? netlink_autobind+0xda/0x300
[ 1231.618289][T18817]  netlink_sendmsg+0x654/0xbd0
[ 1231.623100][T18817]  ? netlink_getsockopt+0x550/0x550
[ 1231.628343][T18817]  ? aa_sock_msg_perm+0x94/0x150
[ 1231.633314][T18817]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1231.638631][T18817]  ? security_socket_sendmsg+0x7c/0xa0
[ 1231.644140][T18817]  ? netlink_getsockopt+0x550/0x550
[ 1231.649375][T18817]  ____sys_sendmsg+0x5be/0x970
[ 1231.654179][T18817]  ? __sys_sendmsg_sock+0x30/0x30
[ 1231.659231][T18817]  ? __import_iovec+0x315/0x500
[ 1231.664126][T18817]  ? import_iovec+0x6f/0xa0
[ 1231.668668][T18817]  ___sys_sendmsg+0x2a2/0x360
[ 1231.673388][T18817]  ? __sys_sendmsg+0x290/0x290
[ 1231.678208][T18817]  ? __lock_acquire+0x7d10/0x7d10
[ 1231.683311][T18817]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1231.688204][T18817]  ? __x64_sys_sendmsg+0x80/0x80
[ 1231.693192][T18817]  ? lockdep_hardirqs_on+0x94/0x140
[ 1231.698435][T18817]  do_syscall_64+0x4c/0xa0
[ 1231.702887][T18817]  ? clear_bhb_loop+0x60/0xb0
[ 1231.707610][T18817]  ? clear_bhb_loop+0x60/0xb0
[ 1231.712337][T18817]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1231.718274][T18817] RIP: 0033:0x7f58c3d9ce59
[ 1231.722728][T18817] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1231.742380][T18817] RSP: 002b:00007f58c4cff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1231.750940][T18817] RAX: ffffffffffffffda RBX: 00007f58c4015fa0 RCX: 00007f58c3d9ce59
[ 1231.758949][T18817] RDX: 0000000020044088 RSI: 0000200000000000 RDI: 0000000000000003
[ 1231.766961][T18817] RBP: 00007f58c4cff090 R08: 0000000000000000 R09: 0000000000000000
[ 1231.774973][T18817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1231.782984][T18817] R13: 00007f58c4016038 R14: 00007f58c4015fa0 R15: 00007ffe2832cac8
[ 1231.791008][T18817]  </TASK>
[ 1231.811127][T18819] netlink: 'syz.0.4397': attribute type 29 has an invalid length.
[ 1231.822702][T18819] netlink: 'syz.0.4397': attribute type 29 has an invalid length.
[ 1231.857827][T18819] netlink: 'syz.0.4397': attribute type 29 has an invalid length.
[ 1231.874986][T18819] sctp: [Deprecated]: syz.0.4397 (pid 18819) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1231.874986][T18819] Use struct sctp_sack_info instead
[ 1232.662517][T18840] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4402'.
[ 1232.803900][T18842] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4404'.
[ 1232.901948][T18842] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1232.933530][T18848] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4405'.
[ 1233.219781][T18850] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.4407'.
[ 1233.657122][T18843] delete_channel: no stack
[ 1234.612951][T18880] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4417'.
[ 1235.333474][T18900] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4423'.
[ 1235.404767][T18900] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1236.042076][T18910] sctp: [Deprecated]: syz.0.4426 (pid 18910) Use of int in max_burst socket option deprecated.
[ 1236.042076][T18910] Use struct sctp_assoc_value instead
[ 1236.378283][T18923] validate_nla: 5 callbacks suppressed
[ 1236.378309][T18923] netlink: 'syz.3.4431': attribute type 10 has an invalid length.
[ 1236.419838][T18923] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4431'.
[ 1236.686034][T18931] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4433'.
[ 1236.848603][T18931] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1237.167113][T18937] netlink: 'syz.0.4436': attribute type 1 has an invalid length.
[ 1237.199456][T18937] netlink: 'syz.0.4436': attribute type 1 has an invalid length.
[ 1237.250972][T18937] netlink: 116376 bytes leftover after parsing attributes in process `syz.0.4436'.
[ 1237.442299][T18951] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4438'.
[ 1237.486039][T18943] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[ 1237.577732][T18953] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1237.912024][T18936] delete_channel: no stack
[ 1238.483172][T18973] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4443'.
[ 1238.597582][T18973] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4443'.
[ 1238.849699][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.856159][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.969336][T18978] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4443'.
[ 1239.076827][T18979] netlink: 'syz.4.4446': attribute type 10 has an invalid length.
[ 1239.131754][T18979] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4446'.
[ 1239.395401][T18967] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4443'.
[ 1239.648092][T18992] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1239.835866][T18995] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1239.890507][T19005] netlink: 'syz.4.4452': attribute type 1 has an invalid length.
[ 1239.898342][T19005] netlink: 'syz.4.4452': attribute type 1 has an invalid length.
[ 1241.149316][T18996] delete_channel: no stack
[ 1241.790352][T19039] netlink: 'syz.2.4463': attribute type 10 has an invalid length.
[ 1241.805332][T19039] __nla_validate_parse: 3 callbacks suppressed
[ 1241.805354][T19039] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4463'.
[ 1242.009288][T19044] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4466'.
[ 1242.077282][T19042] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1242.392595][T19058] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4471'.
[ 1242.424997][T19053] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4469'.
[ 1242.515280][T19053] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1242.673552][T19066] netlink: 'syz.1.4473': attribute type 1 has an invalid length.
[ 1242.709413][T19066] netlink: 'syz.1.4473': attribute type 1 has an invalid length.
[ 1242.729255][T19066] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4473'.
[ 1242.774655][T19072] netlink: 'syz.4.4476': attribute type 21 has an invalid length.
[ 1243.519632][T19062] delete_channel: no stack
[ 1244.367260][T19087] netlink: 'syz.3.4480': attribute type 29 has an invalid length.
[ 1244.462041][T19089] netlink: 'syz.1.4481': attribute type 10 has an invalid length.
[ 1244.486785][T19087] netlink: 'syz.3.4480': attribute type 29 has an invalid length.
[ 1244.585213][T19092] netlink: 'syz.3.4480': attribute type 29 has an invalid length.
[ 1244.656279][T19097] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4482'.
[ 1244.702804][T19097] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1244.801725][T19099] netlink: 'syz.2.4483': attribute type 1 has an invalid length.
[ 1244.851900][T19099] netlink: 'syz.2.4483': attribute type 4 has an invalid length.
[ 1244.889098][T19099] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.4483'.
[ 1245.327112][T19112] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4489'.
[ 1245.352739][T19114] netlink: 13435 bytes leftover after parsing attributes in process `syz.3.4488'.
[ 1245.480597][T19112] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1246.487711][T19131] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4495'.
[ 1246.711964][ T4322] Bluetooth: hci5: ISO packet for unknown connection handle 2366
[ 1247.046124][T19143] validate_nla: 3 callbacks suppressed
[ 1247.046260][T19143] netlink: 'syz.4.4497': attribute type 10 has an invalid length.
[ 1247.075028][T19143] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4497'.
[ 1247.130191][T19144] netlink: 'syz.1.4498': attribute type 10 has an invalid length.
[ 1247.143748][T19144] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4498'.
[ 1247.603773][T19148] netlink: 'syz.3.4500': attribute type 3 has an invalid length.
[ 1247.723496][T19148] netlink: 'syz.3.4500': attribute type 1 has an invalid length.
[ 1248.184685][T19152] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4501'.
[ 1248.229036][T19153] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1249.020452][T19166] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4505'.
[ 1249.044535][T19167] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1249.448334][T19173] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4508'.
[ 1249.649519][T19176] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1249.892710][T19182] netlink: 'syz.2.4511': attribute type 10 has an invalid length.
[ 1249.979014][T19182] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4511'.
[ 1251.499837][T19206] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4518'.
[ 1251.666041][T19213] netlink: 'syz.1.4520': attribute type 3 has an invalid length.
[ 1251.709238][T19213] netlink: 'syz.1.4520': attribute type 1 has an invalid length.
[ 1251.813962][T19220] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4521'.
[ 1252.022399][T19221] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4522'.
[ 1252.038000][T19208] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4519'.
[ 1252.069987][T19207] delete_channel: no stack
[ 1252.082426][T19219] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1252.159981][T19224] netlink: 'syz.0.4523': attribute type 10 has an invalid length.
[ 1252.168058][T19224] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4523'.
[ 1252.761730][T19238] netlink: 'syz.4.4529': attribute type 10 has an invalid length.
[ 1252.782997][T19238] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4529'.
[ 1252.807582][T19242] netlink: 'syz.1.4530': attribute type 11 has an invalid length.
[ 1252.988034][T19246] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4531'.
[ 1253.098788][T19247] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1253.748410][T19254] netlink: 'syz.1.4535': attribute type 21 has an invalid length.
[ 1253.763305][T19254] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4535'.
[ 1254.049838][T19258] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1254.830664][T19267] netlink: 'syz.0.4539': attribute type 10 has an invalid length.
[ 1254.842814][T19266] netlink: 'syz.1.4538': attribute type 29 has an invalid length.
[ 1254.855694][T19267] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4539'.
[ 1254.877018][T19266] netlink: 'syz.1.4538': attribute type 29 has an invalid length.
[ 1254.913377][T19270] netlink: 'syz.1.4538': attribute type 29 has an invalid length.
[ 1255.862344][T19289] netlink: 'syz.2.4546': attribute type 29 has an invalid length.
[ 1255.959689][T19289] netlink: 'syz.2.4546': attribute type 29 has an invalid length.
[ 1256.104909][T19295] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4548'.
[ 1256.206514][T19295] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1256.520381][T19307] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1256.834785][T19309] netlink: 146340 bytes leftover after parsing attributes in process `syz.4.4552'.
[ 1256.909501][T19309] openvswitch: netlink: Key type 386 is out of range max 32
[ 1256.917320][T11052] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1256.960168][T19316] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4554'.
[ 1257.705396][T19330] validate_nla: 3 callbacks suppressed
[ 1257.705418][T19330] netlink: 'syz.2.4557': attribute type 29 has an invalid length.
[ 1257.731406][T19330] netlink: 'syz.2.4557': attribute type 29 has an invalid length.
[ 1257.831305][T19335] netlink: 'syz.2.4557': attribute type 29 has an invalid length.
[ 1257.871562][T19334] netlink: 'syz.3.4559': attribute type 10 has an invalid length.
[ 1257.877124][T19324] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4556'.
[ 1257.884419][T19334] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4559'.
[ 1257.935109][T19323] delete_channel: no stack
[ 1258.357749][T19351] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1258.429758][T19352] netlink: 'syz.3.4565': attribute type 10 has an invalid length.
[ 1258.461999][T19352] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4565'.
[ 1259.210369][T19360] netlink: 'syz.4.4567': attribute type 16 has an invalid length.
[ 1259.231681][T19360] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4567'.
[ 1260.355809][T19388] netlink: 'syz.4.4573': attribute type 10 has an invalid length.
[ 1260.524344][T19388] bridge0: port 3(team0) entered disabled state
[ 1260.845946][T19388] bridge0: port 3(team0) entered disabled state
[ 1260.963107][T19388] device team_slave_0 left promiscuous mode
[ 1261.100301][T19388] team0 (unregistering): Port device team_slave_0 removed
[ 1261.130665][T19401] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4575'.
[ 1261.132203][T19388] device team_slave_1 left promiscuous mode
[ 1261.158608][T19405] netlink: 'syz.1.4578': attribute type 29 has an invalid length.
[ 1261.200996][T19388] team0 (unregistering): Port device team_slave_1 removed
[ 1261.213044][T19388] device macvlan1 left promiscuous mode
[ 1261.234856][T19388] team0 (unregistering): Port device macvlan1 removed
[ 1261.286053][T19403] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1261.299425][T19392] delete_channel: no stack
[ 1261.313672][T19405] netlink: 'syz.1.4578': attribute type 29 has an invalid length.
[ 1261.349835][T19407] netlink: 'syz.1.4578': attribute type 29 has an invalid length.
[ 1261.579853][T19411] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4579'.
[ 1264.048977][T19455] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1264.329537][T19460] validate_nla: 2 callbacks suppressed
[ 1264.329562][T19460] netlink: 'syz.2.4593': attribute type 10 has an invalid length.
[ 1264.359679][T19460] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4593'.
[ 1264.877851][T19469] FAULT_INJECTION: forcing a failure.
[ 1264.877851][T19469] name failslab, interval 1, probability 0, space 0, times 0
[ 1264.897791][T19469] CPU: 0 PID: 19469 Comm: syz.2.4596 Not tainted syzkaller #0
[ 1264.905320][T19469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1264.915409][T19469] Call Trace:
[ 1264.918723][T19469]  <TASK>
[ 1264.921683][T19469]  dump_stack_lvl+0x188/0x24e
[ 1264.926402][T19469]  ? show_regs_print_info+0x12/0x12
[ 1264.931629][T19469]  ? load_image+0x400/0x400
[ 1264.936171][T19469]  ? verify_lock_unused+0x140/0x140
[ 1264.941416][T19469]  should_fail_ex+0x399/0x4d0
[ 1264.946136][T19469]  should_failslab+0x5/0x20
[ 1264.950673][T19469]  slab_pre_alloc_hook+0x59/0x310
[ 1264.955739][T19469]  kmem_cache_alloc+0x56/0x2f0
[ 1264.960534][T19469]  ? skb_clone+0x1e7/0x370
[ 1264.964988][T19469]  skb_clone+0x1e7/0x370
[ 1264.969279][T19469]  __netlink_deliver_tap+0x3ed/0x800
[ 1264.974614][T19469]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1264.979846][T19469]  netlink_deliver_tap+0x19c/0x1b0
[ 1264.984992][T19469]  __netlink_sendskb+0x4b/0x90
[ 1264.989801][T19469]  netlink_dump+0x957/0xd00
[ 1264.994350][T19469]  ? netlink_lookup+0x200/0x200
[ 1264.999234][T19469]  ? __inet_diag_dump_start+0x805/0x970
[ 1265.004828][T19469]  __netlink_dump_start+0x537/0x6f0
[ 1265.010068][T19469]  inet_diag_rcv_msg_compat+0x207/0x420
[ 1265.015671][T19469]  ? __inet_diag_dump+0x380/0x380
[ 1265.020744][T19469]  ? sock_diag_rcv_msg+0x142/0x5f0
[ 1265.025905][T19469]  ? inet_diag_rcv_msg_compat+0x420/0x420
[ 1265.031663][T19469]  ? inet_diag_dump_start_compat+0x20/0x20
[ 1265.037504][T19469]  ? inet_diag_dump+0x50/0x50
[ 1265.042230][T19469]  ? __inet_diag_dump+0x380/0x380
[ 1265.047292][T19469]  sock_diag_rcv_msg+0x3cc/0x5f0
[ 1265.052269][T19469]  netlink_rcv_skb+0x1fb/0x450
[ 1265.057065][T19469]  ? sock_diag_bind+0xa0/0xa0
[ 1265.061780][T19469]  ? netlink_ack+0x1170/0x1170
[ 1265.066584][T19469]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1265.071821][T19469]  sock_diag_rcv+0x26/0x40
[ 1265.076269][T19469]  netlink_unicast+0x74d/0x8d0
[ 1265.081076][T19469]  netlink_sendmsg+0x8ad/0xbd0
[ 1265.085892][T19469]  ? netlink_getsockopt+0x550/0x550
[ 1265.091135][T19469]  ? aa_sock_msg_perm+0x94/0x150
[ 1265.096123][T19469]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1265.101453][T19469]  ? security_socket_sendmsg+0x7c/0xa0
[ 1265.106959][T19469]  ? netlink_getsockopt+0x550/0x550
[ 1265.112193][T19469]  ____sys_sendmsg+0x5be/0x970
[ 1265.117010][T19469]  ? __sys_sendmsg_sock+0x30/0x30
[ 1265.122082][T19469]  ? __import_iovec+0x315/0x500
[ 1265.126995][T19469]  ? import_iovec+0x6f/0xa0
[ 1265.131548][T19469]  ___sys_sendmsg+0x2a2/0x360
[ 1265.136276][T19469]  ? __sys_sendmsg+0x290/0x290
[ 1265.141116][T19469]  ? __lock_acquire+0x7d10/0x7d10
[ 1265.146223][T19469]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1265.151134][T19469]  ? __x64_sys_sendmsg+0x80/0x80
[ 1265.156224][T19469]  ? lockdep_hardirqs_on+0x94/0x140
[ 1265.161487][T19469]  do_syscall_64+0x4c/0xa0
[ 1265.165946][T19469]  ? clear_bhb_loop+0x60/0xb0
[ 1265.170672][T19469]  ? clear_bhb_loop+0x60/0xb0
[ 1265.175407][T19469]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1265.181346][T19469] RIP: 0033:0x7f58c3d9ce59
[ 1265.185795][T19469] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1265.205445][T19469] RSP: 002b:00007f58c4cff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1265.213906][T19469] RAX: ffffffffffffffda RBX: 00007f58c4015fa0 RCX: 00007f58c3d9ce59
[ 1265.221927][T19469] RDX: ff0f000020000080 RSI: 0000200000000000 RDI: 0000000000000003
[ 1265.229942][T19469] RBP: 00007f58c4cff090 R08: 0000000000000000 R09: 0000000000000000
[ 1265.237956][T19469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1265.245968][T19469] R13: 00007f58c4016038 R14: 00007f58c4015fa0 R15: 00007ffe2832cac8
[ 1265.254012][T19469]  </TASK>
[ 1268.710475][T19496] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1269.023496][T19503] netlink: 'syz.1.4606': attribute type 10 has an invalid length.
[ 1269.033272][T19503] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4606'.
[ 1269.309526][T19511] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[ 1270.318397][T19536] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4618'.
[ 1270.363920][T19536] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1270.968252][T19544] dvmrp1: tun_chr_ioctl cmd 1074025673
[ 1270.984553][T19545] dvmrp1: tun_chr_ioctl cmd 1074025677
[ 1271.000915][T19545] dvmrp1: linktype set to 768
[ 1271.158531][T19549] netlink: 'syz.0.4621': attribute type 10 has an invalid length.
[ 1271.203444][T19549] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4621'.
[ 1271.677699][T19568] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4628'.
[ 1272.077244][T19568] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1272.816882][T19568] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1272.844300][T19568] bond0 (unregistering): Released all slaves
[ 1272.892958][T19581] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4630'.
[ 1272.931020][T19576] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1273.519872][T19604] netlink: 'syz.0.4636': attribute type 10 has an invalid length.
[ 1273.585199][T19604] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4636'.
[ 1274.131475][T19612] netlink: 'syz.4.4639': attribute type 10 has an invalid length.
[ 1274.194519][T19612] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4639'.
[ 1274.576025][T19628] netlink: 'syz.3.4644': attribute type 29 has an invalid length.
[ 1275.339863][T19628] netlink: 'syz.3.4644': attribute type 29 has an invalid length.
[ 1275.348834][T19635] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4645'.
[ 1275.370484][T19636] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1275.393418][T19630] netlink: 'syz.3.4644': attribute type 29 has an invalid length.
[ 1276.066476][T19651] device pim6reg1 entered promiscuous mode
[ 1276.131265][T19655] netlink: 'syz.0.4652': attribute type 10 has an invalid length.
[ 1276.151410][T19655] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4652'.
[ 1276.261862][T19651] netlink: 'syz.3.4650': attribute type 2 has an invalid length.
[ 1277.135548][T19680] device wlan1 entered promiscuous mode
[ 1277.252179][T19683] netlink: 'syz.2.4657': attribute type 3 has an invalid length.
[ 1277.311493][T19683] netlink: 114680 bytes leftover after parsing attributes in process `syz.2.4657'.
[ 1277.562692][T19687] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4659'.
[ 1277.624348][T19687] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1277.660490][T19690] netlink: 'syz.1.4660': attribute type 29 has an invalid length.
[ 1277.709341][T19690] netlink: 'syz.1.4660': attribute type 29 has an invalid length.
[ 1277.762755][T19691] netlink: 'syz.1.4660': attribute type 29 has an invalid length.
[ 1277.992385][T19706] netlink: 'syz.2.4665': attribute type 10 has an invalid length.
[ 1278.012650][T19706] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4665'.
[ 1279.181218][T19718] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4669'.
[ 1279.869650][T11057] wlan1: Trigger new scan to find an IBSS to join
[ 1283.859442][T11052] wlan1: Trigger new scan to find an IBSS to join
[ 1284.514977][T19729] netlink: 'syz.4.4672': attribute type 1 has an invalid length.
[ 1284.772002][T19758] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4676'.
[ 1284.789288][T11052] wlan1: Creating new IBSS network, BSSID ae:3a:fe:1a:45:c2
[ 1284.806961][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1284.872367][T19762] netlink: 'syz.0.4677': attribute type 3 has an invalid length.
[ 1284.939237][T19762] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.4677'.
[ 1285.014874][T19764] netlink: 'syz.3.4679': attribute type 10 has an invalid length.
[ 1285.057780][T19764] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4679'.
[ 1285.141408][T19766] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1285.234359][T19766] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1285.638431][T19766] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1285.669407][T19766] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1285.703049][T19766] batman_adv: batadv0: Interface deactivated: veth0_vlan
[ 1285.719221][T19766] batman_adv: batadv0: Removing interface: veth0_vlan
[ 1285.741341][T19766] batman_adv: batadv0: Interface deactivated: vlan1
[ 1285.765659][T19766] batman_adv: batadv0: Removing interface: vlan1
[ 1285.803014][T19766] bridge0: port 3(batadv0) entered disabled state
[ 1285.942138][T19766] device batadv0 left promiscuous mode
[ 1285.947759][T19766] bridge0: port 3(batadv0) entered disabled state
[ 1286.539937][T19779] netlink: 'syz.2.4684': attribute type 10 has an invalid length.
[ 1286.582345][T19779] bridge0: port 3(batadv0) entered disabled state
[ 1286.694782][T19779] device batadv0 left promiscuous mode
[ 1286.702890][T19779] bridge0: port 3(batadv0) entered disabled state
[ 1286.749570][T19779] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1286.758236][T19779] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1286.848645][T19774] netlink: 'syz.0.4682': attribute type 2 has an invalid length.
[ 1286.899799][T19774] netlink: 'syz.0.4682': attribute type 1 has an invalid length.
[ 1286.941965][T19774] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4682'.
[ 1287.044847][T19794] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4682'.
[ 1287.071311][T19784] device pim6reg1 entered promiscuous mode
[ 1288.032820][T11052] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1288.685246][T19784] netlink: 'syz.1.4685': attribute type 2 has an invalid length.
[ 1288.728969][T19810] netlink: 'syz.0.4690': attribute type 21 has an invalid length.
[ 1288.749467][T19810] netlink: 'syz.0.4690': attribute type 4 has an invalid length.
[ 1288.777814][T19810] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4690'.
[ 1288.925360][T19815] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4692'.
[ 1288.997083][T19815] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1289.119725][T19818] netlink: 'syz.4.4693': attribute type 10 has an invalid length.
[ 1289.181443][T19818] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4693'.
[ 1290.649044][T19846] netlink: 'syz.4.4698': attribute type 10 has an invalid length.
[ 1292.004750][T19846] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1292.077325][T19846] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1296.746665][T19885] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4707'.
[ 1296.760049][T19886] netlink: 'syz.2.4708': attribute type 10 has an invalid length.
[ 1296.768283][T19886] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4708'.
[ 1296.856840][T19887] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1296.890421][T19892] netlink: 'syz.4.4709': attribute type 21 has an invalid length.
[ 1297.097591][T19894] netlink: 'syz.3.4711': attribute type 1 has an invalid length.
[ 1297.135718][T19894] netlink: 'syz.3.4711': attribute type 1 has an invalid length.
[ 1297.136340][T19898] netlink: 'syz.0.4713': attribute type 29 has an invalid length.
[ 1297.161108][T19894] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.4711'.
[ 1297.211364][T19896] netlink: 'syz.2.4712': attribute type 1 has an invalid length.
[ 1297.229266][T19896] netlink: 'syz.2.4712': attribute type 1 has an invalid length.
[ 1297.237509][T19898] netlink: 'syz.0.4713': attribute type 29 has an invalid length.
[ 1297.247498][T19896] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.4712'.
[ 1297.268026][T19908] netlink: 'syz.0.4713': attribute type 29 has an invalid length.
[ 1297.293596][T19906] netlink: 'syz.4.4715': attribute type 21 has an invalid length.
[ 1297.309554][T19906] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4715'.
[ 1297.361312][T19906] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4715'.
[ 1298.395607][T19931] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4722'.
[ 1298.543236][T19935] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4723'.
[ 1298.586085][T19935] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1299.468966][ T4357] syzkaller0: tun_net_xmit 76
[ 1299.474493][ T4357] syzkaller0: tun_net_xmit 48
[ 1299.497852][T19967] netlink: 116376 bytes leftover after parsing attributes in process `syz.4.4730'.
[ 1299.521860][T14018] syzkaller0: tun_net_xmit 76
[ 1299.883663][T14018] syzkaller0: tun_net_xmit 76
[ 1299.959738][T14018] syzkaller0: tun_net_xmit 76
[ 1300.181134][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.187574][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.257311][T19973] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1300.275462][T19973] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1300.289588][ T4321] syzkaller0: tun_net_xmit 76
[ 1300.296035][T19973] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1300.329237][T19973] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1300.811167][T19980] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4733'.
[ 1306.797706][T19978] validate_nla: 7 callbacks suppressed
[ 1306.797719][T19978] netlink: 'syz.2.4734': attribute type 29 has an invalid length.
[ 1306.811729][T19992] netlink: 'syz.3.4737': attribute type 10 has an invalid length.
[ 1306.831873][T19992] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4737'.
[ 1307.121096][T20010] netlink: 'syz.1.4743': attribute type 1 has an invalid length.
[ 1307.170691][T20010] netlink: 'syz.1.4743': attribute type 1 has an invalid length.
[ 1307.180168][T20010] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4743'.
[ 1307.512388][T20023] netlink: 'syz.4.4755': attribute type 10 has an invalid length.
[ 1307.572386][T20023] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4755'.
[ 1309.049269][T20044] netlink: 'syz.2.4752': attribute type 29 has an invalid length.
[ 1309.067897][T20044] netlink: 'syz.2.4752': attribute type 29 has an invalid length.
[ 1309.088174][T20044] netlink: 'syz.2.4752': attribute type 29 has an invalid length.
[ 1309.176506][T20050] netlink: 'syz.4.4754': attribute type 2 has an invalid length.
[ 1309.205124][T20050] netlink: 'syz.4.4754': attribute type 4 has an invalid length.
[ 1309.327908][T20050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4754'.
[ 1310.137675][T20071] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4759'.
[ 1310.407585][T20079] netlink: 'syz.0.4762': attribute type 11 has an invalid length.
[ 1310.441038][T20079] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4762'.
[ 1310.512367][T20079] netlink: 'syz.0.4762': attribute type 11 has an invalid length.
[ 1310.539742][T20079] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4762'.
[ 1310.583436][T20078] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1311.422697][T20093] mac80211_hwsim hwsim26 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1311.458477][T20088] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.4765'.
[ 1312.325879][T20104] validate_nla: 4 callbacks suppressed
[ 1312.325900][T20104] netlink: 'syz.3.4770': attribute type 19 has an invalid length.
[ 1312.356021][T20102] netlink: 'syz.1.4769': attribute type 3 has an invalid length.
[ 1312.389502][T20102] netlink: 163968 bytes leftover after parsing attributes in process `syz.1.4769'.
[ 1312.576855][T20106] netlink: 'syz.2.4771': attribute type 29 has an invalid length.
[ 1312.599468][T20106] netlink: 'syz.2.4771': attribute type 29 has an invalid length.
[ 1312.657780][T20109] netlink: 'syz.2.4771': attribute type 29 has an invalid length.
[ 1312.944426][T20118] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.4775'.
[ 1314.506933][T20142] netlink: 'syz.1.4781': attribute type 1 has an invalid length.
[ 1314.529758][T20142] netlink: 'syz.1.4781': attribute type 1 has an invalid length.
[ 1314.538100][T20142] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4781'.
[ 1314.630930][T20125] netlink: 'syz.0.4777': attribute type 10 has an invalid length.
[ 1314.648981][T20125] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4777'.
[ 1314.862439][T11063] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1315.869401][T11052] wlan1: Trigger new scan to find an IBSS to join
[ 1318.016830][T20154] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.4783'.
[ 1318.026370][T20157] netlink: 'syz.0.4783': attribute type 21 has an invalid length.
[ 1318.034518][T20157] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4783'.
[ 1318.044268][T20157] netlink: 'syz.0.4783': attribute type 1 has an invalid length.
[ 1318.054863][T20160] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1318.066876][T20159] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4786'.
[ 1318.294528][T20172] netlink: 'syz.3.4790': attribute type 29 has an invalid length.
[ 1318.328105][T20172] netlink: 'syz.3.4790': attribute type 29 has an invalid length.
[ 1318.348408][T20175] netlink: 'syz.3.4790': attribute type 29 has an invalid length.
[ 1318.385465][T20177] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4791'.
[ 1318.500200][T20177] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1318.555563][T20176] syzkaller0: create flow: hash 3837184642 index 2
[ 1318.582812][ T4357] syzkaller0: tun_net_xmit 76
[ 1318.588166][ T4357] syzkaller0: tun_net_xmit 76
[ 1318.617580][ T4357] syzkaller0: tun_net_xmit 76
[ 1318.869493][T20180] netlink: 'syz.0.4794': attribute type 10 has an invalid length.
[ 1318.883921][T20180] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4794'.
[ 1318.894619][ T4357] syzkaller0: tun_net_xmit 76
[ 1319.061342][T11063] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1319.241737][T20174] syzkaller0: delete flow: hash 3837184642 index 2
[ 1319.869227][T11037] wlan1: Trigger new scan to find an IBSS to join
[ 1319.985703][T11058] wlan1: Creating new IBSS network, BSSID 86:cb:98:43:f3:68
[ 1321.710927][T20191] netlink: 'syz.0.4797': attribute type 1 has an invalid length.
[ 1321.719078][T20193] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.4798'.
[ 1321.957520][T20204] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4802'.
[ 1322.026138][T20206] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1322.093027][T20201] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.4801'.
[ 1322.153820][T20211] netlink: 'syz.2.4801': attribute type 21 has an invalid length.
[ 1322.184603][T20211] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4801'.
[ 1322.268991][T20211] netlink: 'syz.2.4801': attribute type 1 has an invalid length.
[ 1322.518348][T20218] netlink: 'syz.4.4806': attribute type 29 has an invalid length.
[ 1322.658310][T20221] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4807'.
[ 1323.706366][T20246] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1323.748701][T20246] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1324.114237][T20246] bond0: (slave batadv0): Releasing backup interface
[ 1324.153153][T20256] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.4817'.
[ 1324.195224][T20245] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4816'.
[ 1324.219699][T20256] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[ 1324.228473][T20254] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1324.347107][T20248] validate_nla: 3 callbacks suppressed
[ 1324.347130][T20248] netlink: 'syz.3.4818': attribute type 10 has an invalid length.
[ 1324.393491][T20248] bridge0: port 3(hsr0) entered disabled state
[ 1324.400834][T20248] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1324.409330][T20248] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1324.451888][T20248] device bridge0 left promiscuous mode
[ 1324.685176][T20248] bridge0: port 3(hsr0) entered blocking state
[ 1324.692013][T20248] bridge0: port 3(hsr0) entered forwarding state
[ 1324.700655][T20248] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1324.707926][T20248] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1324.715589][T20248] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1324.722916][T20248] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1324.878250][T20248] team0: Port device bridge0 added
[ 1325.845450][T20264] netlink: 'syz.4.4820': attribute type 10 has an invalid length.
[ 1325.853612][T20264] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4820'.
[ 1325.883038][T20276] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.4822'.
[ 1325.931916][T20277] netlink: 'syz.3.4822': attribute type 21 has an invalid length.
[ 1325.950722][T20277] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4822'.
[ 1326.006143][T20277] netlink: 'syz.3.4822': attribute type 1 has an invalid length.
[ 1326.175156][T20283] netlink: 'syz.2.4825': attribute type 29 has an invalid length.
[ 1326.191736][T20283] netlink: 'syz.2.4825': attribute type 29 has an invalid length.
[ 1326.229171][T20287] netlink: 'syz.2.4825': attribute type 29 has an invalid length.
[ 1326.389592][T20293] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4827'.
[ 1326.427413][T20293] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1326.692427][T20302] netlink: 'syz.0.4832': attribute type 10 has an invalid length.
[ 1327.513225][T20323] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.4838'.
[ 1327.557692][T20326] netlink: 'syz.1.4838': attribute type 21 has an invalid length.
[ 1327.566839][T20326] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4838'.
[ 1327.584321][T20326] netlink: 'syz.1.4838': attribute type 1 has an invalid length.
[ 1328.177572][T20340] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4844'.
[ 1328.238650][T20340] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1329.004007][T20363] FAULT_INJECTION: forcing a failure.
[ 1329.004007][T20363] name failslab, interval 1, probability 0, space 0, times 0
[ 1329.040321][T20363] CPU: 1 PID: 20363 Comm: syz.1.4851 Not tainted syzkaller #0
[ 1329.047868][T20363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1329.057965][T20363] Call Trace:
[ 1329.061276][T20363]  <TASK>
[ 1329.064231][T20363]  dump_stack_lvl+0x188/0x24e
[ 1329.068950][T20363]  ? show_regs_print_info+0x12/0x12
[ 1329.074183][T20363]  ? load_image+0x400/0x400
[ 1329.078742][T20363]  ? __lock_acquire+0x7d10/0x7d10
[ 1329.083818][T20363]  should_fail_ex+0x399/0x4d0
[ 1329.088545][T20363]  should_failslab+0x5/0x20
[ 1329.093081][T20363]  slab_pre_alloc_hook+0x59/0x310
[ 1329.098143][T20363]  ? bpf_test_init+0x9f/0x140
[ 1329.102858][T20363]  __kmem_cache_alloc_node+0x4f/0x260
[ 1329.108353][T20363]  ? bpf_test_init+0x9f/0x140
[ 1329.113062][T20363]  __kmalloc+0xa0/0x240
[ 1329.117268][T20363]  bpf_test_init+0x9f/0x140
[ 1329.121822][T20363]  bpf_prog_test_run_xdp+0x484/0xf10
[ 1329.127161][T20363]  ? dev_put+0x80/0x80
[ 1329.131279][T20363]  ? dev_put+0x80/0x80
[ 1329.135377][T20363]  bpf_prog_test_run+0x31e/0x390
[ 1329.140355][T20363]  __sys_bpf+0x62b/0x780
[ 1329.144643][T20363]  ? bpf_link_show_fdinfo+0x380/0x380
[ 1329.150082][T20363]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1329.156298][T20363]  __x64_sys_bpf+0x78/0x90
[ 1329.160764][T20363]  do_syscall_64+0x4c/0xa0
[ 1329.165225][T20363]  ? clear_bhb_loop+0x60/0xb0
[ 1329.169943][T20363]  ? clear_bhb_loop+0x60/0xb0
[ 1329.174657][T20363]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1329.180940][T20363] RIP: 0033:0x7faf8b59ce59
[ 1329.185480][T20363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1329.205131][T20363] RSP: 002b:00007faf897f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1329.213597][T20363] RAX: ffffffffffffffda RBX: 00007faf8b815fa0 RCX: 00007faf8b59ce59
[ 1329.221602][T20363] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1329.229603][T20363] RBP: 00007faf897f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1329.237609][T20363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1329.245625][T20363] R13: 00007faf8b816038 R14: 00007faf8b815fa0 R15: 00007ffebf2f8d08
[ 1329.253649][T20363]  </TASK>
[ 1330.788239][T20385] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4858'.
[ 1330.878447][T20390] validate_nla: 3 callbacks suppressed
[ 1330.878472][T20390] netlink: 'syz.0.4859': attribute type 29 has an invalid length.
[ 1330.919419][T20390] netlink: 'syz.0.4859': attribute type 29 has an invalid length.
[ 1330.971857][T20385] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1331.003264][T20393] netlink: 'syz.0.4859': attribute type 29 has an invalid length.
[ 1331.102138][T20394] netlink: 'syz.2.4860': attribute type 10 has an invalid length.
[ 1331.119316][T20394] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4860'.
[ 1331.496044][T20402] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4874'.
[ 1331.630516][T20408] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1331.804431][T20406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4863'.
[ 1331.836250][T20409] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1331.849193][T20409] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1332.071705][T20409] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1332.122450][T20409] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1332.243027][T20409] batman_adv: batadv0: Interface deactivated: vlan1
[ 1332.312314][T20409] batman_adv: batadv0: Removing interface: vlan1
[ 1334.496538][T20444] netlink: 14556 bytes leftover after parsing attributes in process `syz.1.4872'.
[ 1334.970226][T20451] netlink: 'syz.2.4875': attribute type 10 has an invalid length.
[ 1334.978173][T20451] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4875'.
[ 1335.115426][T20455] netlink: 'syz.0.4876': attribute type 29 has an invalid length.
[ 1335.137227][T20455] netlink: 'syz.0.4876': attribute type 29 has an invalid length.
[ 1335.182606][T20460] netlink: 'syz.0.4876': attribute type 29 has an invalid length.
[ 1335.398637][T20462] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4878'.
[ 1335.495805][T20466] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1335.528031][T20464] netlink: 'syz.4.4879': attribute type 10 has an invalid length.
[ 1335.550413][T20464] netlink: 140 bytes leftover after parsing attributes in process `syz.4.4879'.
[ 1336.969890][T20501] netlink: 'syz.2.4890': attribute type 10 has an invalid length.
[ 1336.977894][T20501] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4890'.
[ 1337.082953][T20505] netlink: 'syz.4.4891': attribute type 29 has an invalid length.
[ 1337.109347][T20505] netlink: 'syz.4.4891': attribute type 29 has an invalid length.
[ 1337.129043][T20505] netlink: 'syz.4.4891': attribute type 29 has an invalid length.
[ 1337.397170][T20516] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4896'.
[ 1337.575405][T20516] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1337.650628][T20519] netlink: 'syz.3.4897': attribute type 21 has an invalid length.
[ 1338.147943][T20528] netlink: 'syz.4.4901': attribute type 1 has an invalid length.
[ 1338.164992][T20528] netlink: 'syz.4.4901': attribute type 1 has an invalid length.
[ 1338.174562][T20528] netlink: 116376 bytes leftover after parsing attributes in process `syz.4.4901'.
[ 1338.245116][T20535] FAULT_INJECTION: forcing a failure.
[ 1338.245116][T20535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1338.350785][T20535] CPU: 0 PID: 20535 Comm: syz.0.4905 Not tainted syzkaller #0
[ 1338.358342][T20535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1338.368445][T20535] Call Trace:
[ 1338.371769][T20535]  <TASK>
[ 1338.374752][T20535]  dump_stack_lvl+0x188/0x24e
[ 1338.379505][T20535]  ? show_regs_print_info+0x12/0x12
[ 1338.384762][T20535]  ? load_image+0x400/0x400
[ 1338.389348][T20535]  ? __lock_acquire+0x7d10/0x7d10
[ 1338.394459][T20535]  should_fail_ex+0x399/0x4d0
[ 1338.399213][T20535]  _copy_from_iter+0x1c0/0x1130
[ 1338.404135][T20535]  ? __lock_acquire+0x7d10/0x7d10
[ 1338.409237][T20535]  ? sock_alloc_send_pskb+0x89d/0x9a0
[ 1338.414667][T20535]  ? migrate_enable+0x148/0x220
[ 1338.419611][T20535]  ? copyout_mc+0x110/0x110
[ 1338.424176][T20535]  ? __virt_addr_valid+0x188/0x540
[ 1338.429356][T20535]  ? __virt_addr_valid+0x188/0x540
[ 1338.434524][T20535]  ? __virt_addr_valid+0x465/0x540
[ 1338.439705][T20535]  ? __check_object_size+0x500/0xa40
[ 1338.445058][T20535]  skb_copy_datagram_from_iter+0xef/0x690
[ 1338.450931][T20535]  ? skb_put+0x117/0x210
[ 1338.455253][T20535]  tun_get_user+0xb81/0x3c70
[ 1338.460048][T20535]  ? rcu_read_unlock+0xa0/0xa0
[ 1338.464902][T20535]  ? tun_get+0x1c/0x2e0
[ 1338.469125][T20535]  ? __lock_acquire+0x7d10/0x7d10
[ 1338.474242][T20535]  ? tun_get+0x1c/0x2e0
[ 1338.478476][T20535]  tun_chr_write_iter+0x112/0x1f0
[ 1338.483576][T20535]  vfs_write+0x4b1/0xa30
[ 1338.487902][T20535]  ? file_end_write+0x250/0x250
[ 1338.492838][T20535]  ? __fget_files+0x43d/0x4b0
[ 1338.497611][T20535]  ? __fdget_pos+0x1d4/0x360
[ 1338.502257][T20535]  ? ksys_write+0x71/0x250
[ 1338.506756][T20535]  ksys_write+0x14c/0x250
[ 1338.511163][T20535]  ? __ia32_sys_read+0x80/0x80
[ 1338.516006][T20535]  ? lockdep_hardirqs_on+0x94/0x140
[ 1338.521323][T20535]  do_syscall_64+0x4c/0xa0
[ 1338.525784][T20535]  ? clear_bhb_loop+0x60/0xb0
[ 1338.530513][T20535]  ? clear_bhb_loop+0x60/0xb0
[ 1338.535254][T20535]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1338.541204][T20535] RIP: 0033:0x7f8091b9ce59
[ 1338.545674][T20535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1338.565338][T20535] RSP: 002b:00007f80929af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1338.573839][T20535] RAX: ffffffffffffffda RBX: 00007f8091e15fa0 RCX: 00007f8091b9ce59
[ 1338.581878][T20535] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 00000000000000c8
[ 1338.589903][T20535] RBP: 00007f80929af090 R08: 0000000000000000 R09: 0000000000000000
[ 1338.597923][T20535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1338.605945][T20535] R13: 00007f8091e16038 R14: 00007f8091e15fa0 R15: 00007ffc57a2f7e8
[ 1338.614037][T20535]  </TASK>
[ 1339.113961][T20541] netlink: 'syz.3.4906': attribute type 10 has an invalid length.
[ 1339.131868][T20541] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4906'.
[ 1340.316267][T20554] netlink: 'syz.1.4911': attribute type 29 has an invalid length.
[ 1340.403953][T20554] netlink: 'syz.1.4911': attribute type 29 has an invalid length.
[ 1340.831943][T20565] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4913'.
[ 1340.939046][T20565] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1341.365961][T20572] netlink: 16399 bytes leftover after parsing attributes in process `syz.3.4915'.
[ 1341.720900][T20581] netlink: 116376 bytes leftover after parsing attributes in process `syz.4.4917'.
[ 1342.927975][T20611] validate_nla: 3 callbacks suppressed
[ 1342.927998][T20611] netlink: 'syz.1.4927': attribute type 10 has an invalid length.
[ 1342.950763][T20614] netlink: 'syz.3.4926': attribute type 29 has an invalid length.
[ 1342.983323][T20611] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4927'.
[ 1343.019461][T20614] netlink: 'syz.3.4926': attribute type 29 has an invalid length.
[ 1343.039340][T20616] netlink: 'syz.3.4926': attribute type 29 has an invalid length.
[ 1343.156570][T20623] netlink: 'syz.2.4930': attribute type 15 has an invalid length.
[ 1343.218274][T20623] netlink: 'syz.2.4930': attribute type 7 has an invalid length.
[ 1343.272438][T20620] netlink: 'syz.0.4929': attribute type 10 has an invalid length.
[ 1343.290131][T20620] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4929'.
[ 1343.353265][T20621] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4928'.
[ 1343.442513][T20624] netlink: 'syz.2.4930': attribute type 39 has an invalid length.
[ 1343.518269][T20626] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1343.823818][T20636] netlink: 'syz.1.4933': attribute type 1 has an invalid length.
[ 1343.833505][T20636] netlink: 'syz.1.4933': attribute type 1 has an invalid length.
[ 1343.843199][T20636] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.4933'.
[ 1345.888261][T11058] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1346.548096][T20660] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4941'.
[ 1346.565277][T20664] netlink: 180 bytes leftover after parsing attributes in process `syz.0.4943'.
[ 1346.585897][T20665] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1346.711250][T20668] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1347.524428][T20690] netlink: 116376 bytes leftover after parsing attributes in process `syz.4.4951'.
[ 1347.564663][T20695] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4953'.
[ 1348.007111][T20705] validate_nla: 7 callbacks suppressed
[ 1348.007199][T20705] netlink: 'syz.1.4956': attribute type 10 has an invalid length.
[ 1348.075850][T20705] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4956'.
[ 1348.688720][T20723] netlink: 'syz.2.4961': attribute type 11 has an invalid length.
[ 1348.761805][T20723] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4961'.
[ 1348.987396][T20722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1349.561842][T20742] netlink: 'syz.0.4966': attribute type 29 has an invalid length.
[ 1349.570504][T20742] netlink: 'syz.0.4966': attribute type 29 has an invalid length.
[ 1349.582447][T20742] netlink: 'syz.0.4966': attribute type 29 has an invalid length.
[ 1349.967800][T20746] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4967'.
[ 1350.025518][T20751] netlink: 'syz.4.4968': attribute type 3 has an invalid length.
[ 1350.032657][T20746] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1350.040909][T20751] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.4968'.
[ 1350.106636][T11057] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1350.124931][T20755] netlink: 'syz.3.4969': attribute type 10 has an invalid length.
[ 1350.130541][T20753] netlink: 'syz.2.4970': attribute type 1 has an invalid length.
[ 1350.147302][T20753] netlink: 'syz.2.4970': attribute type 1 has an invalid length.
[ 1350.156761][T20753] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.4970'.
[ 1350.165894][T20755] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4969'.
[ 1350.713384][T20769] netlink: 'syz.0.4974': attribute type 3 has an invalid length.
[ 1350.721744][T20769] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4974'.
[ 1351.236461][T20766] netlink: 'syz.0.4974': attribute type 21 has an invalid length.
[ 1351.248348][T20766] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4974'.
[ 1351.276171][T20766] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4974'.
[ 1351.335013][T20769] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.4974'.
[ 1351.692848][T20788] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1351.704582][T20788] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1352.410698][T20788] bond0: (slave batadv0): Releasing backup interface
[ 1352.453569][T20794] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1353.289468][T20819] validate_nla: 7 callbacks suppressed
[ 1353.289489][T20819] netlink: 'syz.1.4993': attribute type 10 has an invalid length.
[ 1353.519936][T20819] __nla_validate_parse: 3 callbacks suppressed
[ 1353.519959][T20819] netlink: 168 bytes leftover after parsing attributes in process `syz.1.4993'.
[ 1353.621517][T20806] delete_channel: no stack
[ 1354.020279][T20830] netlink: 180 bytes leftover after parsing attributes in process `syz.4.4997'.
[ 1354.101017][T20830] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1354.600356][T20841] netlink: 'syz.4.5001': attribute type 10 has an invalid length.
[ 1354.639294][T20841] netlink: 55 bytes leftover after parsing attributes in process `syz.4.5001'.
[ 1354.919921][T20856] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5005'.
[ 1354.943956][T20856] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1354.953622][T20863] FAULT_INJECTION: forcing a failure.
[ 1354.953622][T20863] name failslab, interval 1, probability 0, space 0, times 0
[ 1354.979328][T20863] CPU: 0 PID: 20863 Comm: syz.2.5008 Not tainted syzkaller #0
[ 1354.986865][T20863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1354.996938][T20863] Call Trace:
[ 1355.000217][T20863]  <TASK>
[ 1355.003157][T20863]  dump_stack_lvl+0x188/0x24e
[ 1355.007847][T20863]  ? show_regs_print_info+0x12/0x12
[ 1355.013042][T20863]  ? load_image+0x400/0x400
[ 1355.017564][T20863]  ? __might_sleep+0xd0/0xd0
[ 1355.022202][T20863]  ? __lock_acquire+0x7d10/0x7d10
[ 1355.027279][T20863]  should_fail_ex+0x399/0x4d0
[ 1355.032000][T20863]  should_failslab+0x5/0x20
[ 1355.036536][T20863]  slab_pre_alloc_hook+0x59/0x310
[ 1355.041595][T20863]  ? call_usermodehelper_setup+0x8a/0x260
[ 1355.047420][T20863]  __kmem_cache_alloc_node+0x4f/0x260
[ 1355.052839][T20863]  ? call_usermodehelper_setup+0x8a/0x260
[ 1355.058597][T20863]  kmalloc_trace+0x26/0xe0
[ 1355.063060][T20863]  call_usermodehelper_setup+0x8a/0x260
[ 1355.068637][T20863]  ? __request_module+0xa00/0xa00
[ 1355.073705][T20863]  __request_module+0x406/0xa00
[ 1355.078617][T20863]  ? copy_regset_to_user+0x1e0/0x1e0
[ 1355.083945][T20863]  ? aa_get_newest_label+0xf9/0x5b0
[ 1355.089202][T20863]  ? apparmor_capable+0x12c/0x190
[ 1355.094267][T20863]  ? bpf_lsm_capable+0x5/0x10
[ 1355.098983][T20863]  ? phonet_proto_get+0x27/0x2a0
[ 1355.103952][T20863]  pn_socket_create+0x31d/0x510
[ 1355.108834][T20863]  __sock_create+0x4a2/0x940
[ 1355.113473][T20863]  __sys_socketpair+0x1bd/0x540
[ 1355.118369][T20863]  __x64_sys_socketpair+0x97/0xb0
[ 1355.123432][T20863]  do_syscall_64+0x4c/0xa0
[ 1355.127871][T20863]  ? clear_bhb_loop+0x60/0xb0
[ 1355.132580][T20863]  ? clear_bhb_loop+0x60/0xb0
[ 1355.137301][T20863]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1355.143227][T20863] RIP: 0033:0x7f58c3d9ce59
[ 1355.147669][T20863] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1355.167302][T20863] RSP: 002b:00007f58c4cff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[ 1355.175748][T20863] RAX: ffffffffffffffda RBX: 00007f58c4015fa0 RCX: 00007f58c3d9ce59
[ 1355.183747][T20863] RDX: 000000000000000e RSI: 0000000000000004 RDI: 0000000000000023
[ 1355.191740][T20863] RBP: 00007f58c4cff090 R08: 0000000000000000 R09: 0000000000000000
[ 1355.199735][T20863] R10: 0000200000000a40 R11: 0000000000000246 R12: 0000000000000002
[ 1355.208249][T20863] R13: 00007f58c4016038 R14: 00007f58c4015fa0 R15: 00007ffe2832cac8
[ 1355.216268][T20863]  </TASK>
[ 1355.300982][T20860] netlink: 'syz.4.5006': attribute type 41 has an invalid length.
[ 1355.435448][T20869] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5010'.
[ 1355.558313][T20873] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1356.799081][T20896] netlink: 'syz.3.5016': attribute type 10 has an invalid length.
[ 1356.873166][T20896] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5016'.
[ 1357.503793][T20904] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5019'.
[ 1357.517954][T20904] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1357.859916][T11063] wlan1: Trigger new scan to find an IBSS to join
[ 1358.223758][T20921] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5025'.
[ 1358.256727][T20921] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1358.937856][T20933] netlink: 'syz.4.5030': attribute type 10 has an invalid length.
[ 1358.967663][T20933] netlink: 55 bytes leftover after parsing attributes in process `syz.4.5030'.
[ 1359.653599][T20950] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5033'.
[ 1359.695103][T20950] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1360.500803][T20967] netlink: 'syz.3.5039': attribute type 29 has an invalid length.
[ 1360.539322][T20967] netlink: 'syz.3.5039': attribute type 29 has an invalid length.
[ 1360.619143][T20968] netlink: 'syz.3.5039': attribute type 29 has an invalid length.
[ 1360.627190][T20967] netlink: 'syz.3.5039': attribute type 29 has an invalid length.
[ 1360.899178][T11052] wlan1: Trigger new scan to find an IBSS to join
[ 1361.140050][T20984] netlink: 180 bytes leftover after parsing attributes in process `syz.2.5043'.
[ 1361.170402][T20987] netlink: 'syz.4.5044': attribute type 4 has an invalid length.
[ 1361.227151][ T4322] Bluetooth: hci4: ISO packet too small
[ 1361.253694][T20984] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1361.313158][T20990] netlink: 'syz.3.5046': attribute type 21 has an invalid length.
[ 1361.424536][T20991] netlink: 'syz.0.5045': attribute type 10 has an invalid length.
[ 1361.445962][T20991] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5045'.
[ 1361.768157][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.774783][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.907019][T20996] FAULT_INJECTION: forcing a failure.
[ 1361.907019][T20996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1361.940192][T20996] CPU: 1 PID: 20996 Comm: syz.4.5049 Not tainted syzkaller #0
[ 1361.947759][T20996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1361.957853][T20996] Call Trace:
[ 1361.961168][T20996]  <TASK>
[ 1361.964134][T20996]  dump_stack_lvl+0x188/0x24e
[ 1361.968863][T20996]  ? show_regs_print_info+0x12/0x12
[ 1361.974100][T20996]  ? load_image+0x400/0x400
[ 1361.978653][T20996]  ? __lock_acquire+0x7d10/0x7d10
[ 1361.983749][T20996]  should_fail_ex+0x399/0x4d0
[ 1361.988475][T20996]  _copy_from_user+0x2c/0x170
[ 1361.993205][T20996]  strndup_user+0xb3/0x150
[ 1361.997664][T20996]  perf_uprobe_init+0x5d/0x190
[ 1362.002491][T20996]  perf_uprobe_event_init+0xe2/0x170
[ 1362.007823][T20996]  perf_try_init_event+0x12b/0x3d0
[ 1362.012978][T20996]  perf_event_alloc+0xf5c/0x21b0
[ 1362.017956][T20996]  ? perf_event_alloc+0xbe2/0x21b0
[ 1362.023129][T20996]  ? find_lively_task_by_vpid+0x19/0x290
[ 1362.028818][T20996]  __se_sys_perf_event_open+0x6fd/0x1ec0
[ 1362.034489][T20996]  ? __fget_files+0x43d/0x4b0
[ 1362.039241][T20996]  ? __x64_sys_perf_event_open+0xc0/0xc0
[ 1362.044975][T20996]  ? lockdep_hardirqs_on+0x94/0x140
[ 1362.050234][T20996]  ? __x64_sys_perf_event_open+0x1c/0xc0
[ 1362.055936][T20996]  do_syscall_64+0x4c/0xa0
[ 1362.060395][T20996]  ? clear_bhb_loop+0x60/0xb0
[ 1362.065121][T20996]  ? clear_bhb_loop+0x60/0xb0
[ 1362.069851][T20996]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1362.075789][T20996] RIP: 0033:0x7f61cf39ce59
[ 1362.080240][T20996] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1362.099885][T20996] RSP: 002b:00007f61d02ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[ 1362.108345][T20996] RAX: ffffffffffffffda RBX: 00007f61cf615fa0 RCX: 00007f61cf39ce59
[ 1362.116351][T20996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000001080
[ 1362.124354][T20996] RBP: 00007f61d02ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1362.132362][T20996] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[ 1362.140367][T20996] R13: 00007f61cf616038 R14: 00007f61cf615fa0 R15: 00007ffec3068908
[ 1362.148410][T20996]  </TASK>
[ 1363.473962][T21019] netlink: 'syz.0.5056': attribute type 29 has an invalid length.
[ 1363.490592][T21019] netlink: 'syz.0.5056': attribute type 29 has an invalid length.
[ 1363.777827][T21033] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.5062'.
[ 1363.885570][T11063] wlan1: Trigger new scan to find an IBSS to join
[ 1363.955596][T21042] validate_nla: 3 callbacks suppressed
[ 1363.955613][T21042] netlink: 'syz.3.5064': attribute type 41 has an invalid length.
[ 1364.866893][T11063] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 1364.919481][T11054] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 1364.943220][T11063] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 1365.344649][T21068] netlink: 180 bytes leftover after parsing attributes in process `syz.0.5073'.
[ 1365.438635][T21068] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1365.784478][T21078] netlink: 'syz.1.5078': attribute type 29 has an invalid length.
[ 1365.788994][T21079] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5077'.
[ 1365.830490][T21078] netlink: 'syz.1.5078': attribute type 29 has an invalid length.
[ 1365.860981][T21085] netlink: 'syz.1.5078': attribute type 29 has an invalid length.
[ 1367.751837][T21111] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5087'.
[ 1368.782177][T21122] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5092'.
[ 1368.804143][T21127] netlink: 'syz.3.5096': attribute type 29 has an invalid length.
[ 1368.887722][T21126] netlink: 'syz.2.5095': attribute type 10 has an invalid length.
[ 1370.426203][T21127] netlink: 'syz.3.5096': attribute type 29 has an invalid length.
[ 1370.985328][T21153] netlink: 'syz.4.5102': attribute type 10 has an invalid length.
[ 1371.028189][T21153] netlink: 55 bytes leftover after parsing attributes in process `syz.4.5102'.
[ 1371.127310][T21160] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5104'.
[ 1372.101395][T21160] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1374.099692][T21208] netlink: 'syz.2.5119': attribute type 10 has an invalid length.
[ 1374.159830][T21208] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5119'.
[ 1374.486685][T21215] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5122'.
[ 1374.578083][T21215] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1375.668409][T21247] netlink: 'syz.1.5134': attribute type 10 has an invalid length.
[ 1375.871225][T21247] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5134'.
[ 1376.849528][T11058] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1378.288912][T21258] netlink: 'syz.3.5137': attribute type 1 has an invalid length.
[ 1378.296757][T21258] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5137'.
[ 1378.418006][T21262] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5139'.
[ 1378.527893][T21262] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1378.910445][T21280] netlink: 'syz.4.5141': attribute type 10 has an invalid length.
[ 1379.783638][T21280] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1379.791070][T21280] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1379.851585][T21280] device bridge0 left promiscuous mode
[ 1379.859610][T21290] netlink: 'syz.0.5147': attribute type 29 has an invalid length.
[ 1379.904865][T21286] netlink: 'syz.2.5146': attribute type 21 has an invalid length.
[ 1379.929380][T21290] netlink: 'syz.0.5147': attribute type 29 has an invalid length.
[ 1379.937413][T21291] netlink: 'syz.0.5147': attribute type 29 has an invalid length.
[ 1380.976507][T21312] netlink: 180 bytes leftover after parsing attributes in process `syz.0.5154'.
[ 1381.012385][T21311] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1381.433276][T21325] netlink: 180 bytes leftover after parsing attributes in process `syz.0.5159'.
[ 1381.549635][T21327] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1381.672840][T21331] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.5161'.
[ 1381.709688][T21329] netlink: 'syz.4.5160': attribute type 21 has an invalid length.
[ 1381.908503][T21336] netlink: 'syz.3.5164': attribute type 29 has an invalid length.
[ 1381.928591][T21336] netlink: 'syz.3.5164': attribute type 29 has an invalid length.
[ 1381.968140][T21341] netlink: 'syz.3.5164': attribute type 29 has an invalid length.
[ 1383.301882][T21360] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5169'.
[ 1383.524785][T21365] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1384.119718][T21370] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5172'.
[ 1384.239140][T21370] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1384.337376][T21376] netlink: 'syz.0.5175': attribute type 21 has an invalid length.
[ 1384.490603][T21385] netlink: 'syz.4.5178': attribute type 29 has an invalid length.
[ 1384.524283][T21385] netlink: 'syz.4.5178': attribute type 29 has an invalid length.
[ 1384.543000][T21389] netlink: 'syz.4.5178': attribute type 29 has an invalid length.
[ 1384.757181][T21394] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5182'.
[ 1384.804032][T21394] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1386.058768][T21426] netlink: 'syz.3.5190': attribute type 21 has an invalid length.
[ 1386.608231][T11054] tipc: Subscription rejected, illegal request
[ 1386.753985][T21438] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1387.097730][T21453] netlink: 'syz.3.5199': attribute type 29 has an invalid length.
[ 1387.116659][T21453] netlink: 'syz.3.5199': attribute type 29 has an invalid length.
[ 1387.157115][T21456] netlink: 'syz.3.5199': attribute type 29 has an invalid length.
[ 1387.203012][T21458] netlink: 'syz.4.5197': attribute type 21 has an invalid length.
[ 1387.229034][T21458] netlink: 'syz.4.5197': attribute type 6 has an invalid length.
[ 1387.236976][T21458] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5197'.
[ 1387.517944][T21466] FAULT_INJECTION: forcing a failure.
[ 1387.517944][T21466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1387.650809][T21466] CPU: 0 PID: 21466 Comm: syz.1.5213 Not tainted syzkaller #0
[ 1387.658364][T21466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1387.668448][T21466] Call Trace:
[ 1387.671755][T21466]  <TASK>
[ 1387.674716][T21466]  dump_stack_lvl+0x188/0x24e
[ 1387.679437][T21466]  ? show_regs_print_info+0x12/0x12
[ 1387.684663][T21466]  ? load_image+0x400/0x400
[ 1387.689209][T21466]  ? __might_fault+0xa6/0x120
[ 1387.693930][T21466]  should_fail_ex+0x399/0x4d0
[ 1387.698639][T21466]  copyin+0x1b/0x120
[ 1387.702650][T21466]  _copy_from_iter+0x447/0x1130
[ 1387.707623][T21466]  ? copyout_mc+0x110/0x110
[ 1387.712165][T21466]  ? copyout_mc+0x110/0x110
[ 1387.716700][T21466]  ? __virt_addr_valid+0x188/0x540
[ 1387.721871][T21466]  ? page_copy_sane+0x194/0x390
[ 1387.726751][T21466]  copy_page_from_iter+0x77/0x100
[ 1387.731806][T21466]  skb_copy_datagram_from_iter+0x2b3/0x690
[ 1387.737665][T21466]  unix_dgram_sendmsg+0x5fb/0x16e0
[ 1387.742825][T21466]  ? aa_sk_perm+0x81f/0x950
[ 1387.747371][T21466]  ? __might_fault+0xa6/0x120
[ 1387.752073][T21466]  ? unix_dgram_poll+0x680/0x680
[ 1387.757036][T21466]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[ 1387.763664][T21466]  ? aa_sock_msg_perm+0x94/0x150
[ 1387.768630][T21466]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1387.773944][T21466]  ? security_socket_sendmsg+0x7c/0xa0
[ 1387.779441][T21466]  ? unix_dgram_poll+0x680/0x680
[ 1387.784411][T21466]  ____sys_sendmsg+0x5be/0x970
[ 1387.789214][T21466]  ? __sys_sendmsg_sock+0x30/0x30
[ 1387.794259][T21466]  ? __import_iovec+0x315/0x500
[ 1387.799155][T21466]  ? import_iovec+0x6f/0xa0
[ 1387.803690][T21466]  ___sys_sendmsg+0x2a2/0x360
[ 1387.808400][T21466]  ? __sys_sendmsg+0x290/0x290
[ 1387.813214][T21466]  ? __lock_acquire+0x7d10/0x7d10
[ 1387.818317][T21466]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1387.823194][T21466]  ? ct_nmi_exit+0x145/0x1c0
[ 1387.827820][T21466]  ? __x64_sys_sendmsg+0x80/0x80
[ 1387.832812][T21466]  ? lockdep_hardirqs_on+0x94/0x140
[ 1387.838048][T21466]  do_syscall_64+0x4c/0xa0
[ 1387.842486][T21466]  ? clear_bhb_loop+0x60/0xb0
[ 1387.847196][T21466]  ? clear_bhb_loop+0x60/0xb0
[ 1387.851907][T21466]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1387.857841][T21466] RIP: 0033:0x7faf8b59ce59
[ 1387.862281][T21466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1387.881913][T21466] RSP: 002b:00007faf897f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1387.890360][T21466] RAX: ffffffffffffffda RBX: 00007faf8b815fa0 RCX: 00007faf8b59ce59
[ 1387.898357][T21466] RDX: 0000000020000000 RSI: 0000200000000100 RDI: 0000000000000005
[ 1387.906354][T21466] RBP: 00007faf897f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1387.914350][T21466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1387.922342][T21466] R13: 00007faf8b816038 R14: 00007faf8b815fa0 R15: 00007ffebf2f8d08
[ 1387.930366][T21466]  </TASK>
[ 1388.710925][T21481] bridge_slave_0: mtu less than device minimum
[ 1388.817964][T21485] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5211'.
[ 1389.035396][T21492] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1389.392867][T21500] netlink: 'syz.0.5215': attribute type 10 has an invalid length.
[ 1390.304575][T21500] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1390.312032][T21500] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1390.339309][T21500] device bridge0 left promiscuous mode
[ 1390.532217][T21514] netlink: 188 bytes leftover after parsing attributes in process `syz.4.5220'.
[ 1392.819997][T21563] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 1392.835304][T21564] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.5237'.
[ 1392.982629][T21569] netlink: 'syz.3.5236': attribute type 10 has an invalid length.
[ 1393.099133][T21569] bridge0: port 3(hsr0) entered disabled state
[ 1393.105717][T21569] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1393.113219][T21569] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1393.517878][T21578] FAULT_INJECTION: forcing a failure.
[ 1393.517878][T21578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1393.784119][T21578] CPU: 0 PID: 21578 Comm: syz.1.5242 Not tainted syzkaller #0
[ 1393.791687][T21578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1393.801795][T21578] Call Trace:
[ 1393.805237][T21578]  <TASK>
[ 1393.808261][T21578]  dump_stack_lvl+0x188/0x24e
[ 1393.813025][T21578]  ? show_regs_print_info+0x12/0x12
[ 1393.818288][T21578]  ? load_image+0x400/0x400
[ 1393.822863][T21578]  ? __lock_acquire+0x7d10/0x7d10
[ 1393.827975][T21578]  should_fail_ex+0x399/0x4d0
[ 1393.832731][T21578]  _copy_from_user+0x2c/0x170
[ 1393.837475][T21578]  ip_tunnel_siocdevprivate+0xbe/0x1e0
[ 1393.843076][T21578]  ? ip_tunnel_update+0xaa0/0xaa0
[ 1393.848188][T21578]  ? full_name_hash+0x8e/0xe0
[ 1393.852948][T21578]  dev_ifsioc+0xa4a/0xd40
[ 1393.857352][T21578]  ? dev_ioctl+0xe80/0xe80
[ 1393.861830][T21578]  ? __lock_acquire+0x7d10/0x7d10
[ 1393.867176][T21578]  ? full_name_hash+0x8e/0xe0
[ 1393.871920][T21578]  ? dev_load+0x1d/0x1e0
[ 1393.876223][T21578]  ? dev_load+0x1d/0x1e0
[ 1393.880544][T21578]  dev_ioctl+0x5f8/0xe80
[ 1393.884842][T21578]  ? get_user_ifreq+0xc7/0x170
[ 1393.889671][T21578]  sock_ioctl+0x691/0x710
[ 1393.894078][T21578]  ? sock_poll+0x410/0x410
[ 1393.898588][T21578]  ? bpf_lsm_file_ioctl+0x5/0x10
[ 1393.903581][T21578]  ? security_file_ioctl+0x7c/0xa0
[ 1393.908753][T21578]  ? sock_poll+0x410/0x410
[ 1393.913229][T21578]  __se_sys_ioctl+0xfa/0x170
[ 1393.917893][T21578]  do_syscall_64+0x4c/0xa0
[ 1393.922368][T21578]  ? clear_bhb_loop+0x60/0xb0
[ 1393.927106][T21578]  ? clear_bhb_loop+0x60/0xb0
[ 1393.931856][T21578]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1393.937839][T21578] RIP: 0033:0x7faf8b59ce59
[ 1393.942324][T21578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1393.962016][T21578] RSP: 002b:00007faf897d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1393.970505][T21578] RAX: ffffffffffffffda RBX: 00007faf8b816090 RCX: 00007faf8b59ce59
[ 1393.978525][T21578] RDX: 0000200000000080 RSI: 00000000000089f3 RDI: 000000000000000a
[ 1393.986556][T21578] RBP: 00007faf897d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1393.994595][T21578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1394.002631][T21578] R13: 00007faf8b816128 R14: 00007faf8b816090 R15: 00007ffebf2f8d08
[ 1394.010739][T21578]  </TASK>
[ 1394.412866][T11037] tipc: Subscription rejected, illegal request
[ 1394.709578][T21596] netlink: 'syz.2.5248': attribute type 21 has an invalid length.
[ 1394.737858][T21596] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5248'.
[ 1395.050791][T11063] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1395.520315][T21607] netlink: 'syz.2.5252': attribute type 29 has an invalid length.
[ 1395.528523][T21607] netlink: 'syz.2.5252': attribute type 29 has an invalid length.
[ 1395.704001][T21612] netlink: 'syz.3.5253': attribute type 1 has an invalid length.
[ 1395.711868][T21612] netlink: 'syz.3.5253': attribute type 4 has an invalid length.
[ 1395.732221][T21612] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.5253'.
[ 1398.046040][T21628] device syzkaller0 entered promiscuous mode
[ 1399.527947][T21663] netlink: 'syz.0.5272': attribute type 29 has an invalid length.
[ 1401.986101][T21663] netlink: 'syz.0.5272': attribute type 29 has an invalid length.
[ 1404.302378][T21702] netlink: 'syz.1.5286': attribute type 29 has an invalid length.
[ 1404.343081][T21702] netlink: 'syz.1.5286': attribute type 29 has an invalid length.
[ 1408.052273][T11057] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1408.541215][T21790] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1411.095267][T21827] netlink: 'syz.0.5327': attribute type 3 has an invalid length.
[ 1411.106491][T21827] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5327'.
[ 1411.532546][T21856] syzkaller0: create flow: hash 2693956377 index 2
[ 1411.559270][T14465] syzkaller0: tun_net_xmit 76
[ 1411.564511][T14465] syzkaller0: tun_net_xmit 76
[ 1411.652001][T21849] syzkaller0: delete flow: hash 2693956377 index 2
[ 1413.826548][T21861] netlink: 830 bytes leftover after parsing attributes in process `syz.0.5339'.
[ 1413.843946][T21870] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1414.391669][T21889] netlink: 'syz.1.5349': attribute type 10 has an invalid length.
[ 1414.435269][T21889] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5349'.
[ 1414.450346][T21889] bridge0: port 3(ipvlan1) entered blocking state
[ 1414.457211][T21889] bridge0: port 3(ipvlan1) entered disabled state
[ 1414.471023][T21889] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[ 1414.963243][T21891] netlink: 'syz.1.5349': attribute type 10 has an invalid length.
[ 1416.347907][T21918] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5360'.
[ 1416.362524][T21918] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1416.717457][T21927] netlink: 'syz.4.5363': attribute type 1 has an invalid length.
[ 1416.813892][T21927] netlink: 112865 bytes leftover after parsing attributes in process `syz.4.5363'.
[ 1417.558431][T21942] tap0: tun_chr_ioctl cmd 1074025673
[ 1417.576337][T21941] tap0: tun_chr_ioctl cmd 2147767517
[ 1417.584314][T21942] tap0: tun_chr_ioctl cmd 2147767517
[ 1420.323578][T21970] netlink: 'syz.3.5379': attribute type 10 has an invalid length.
[ 1420.350385][T21970] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5379'.
[ 1423.063322][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.069944][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1424.226171][T22010] netlink: 'syz.2.5393': attribute type 25 has an invalid length.
[ 1424.251943][T22005] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1424.257636][T22010] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.5393'.
[ 1424.575799][T22024] netlink: 'syz.3.5396': attribute type 25 has an invalid length.
[ 1424.595954][T22024] netlink: 'syz.3.5396': attribute type 29 has an invalid length.
[ 1424.618613][T22024] netlink: 5 bytes leftover after parsing attributes in process `syz.3.5396'.
[ 1425.494962][T22037] netlink: 'syz.0.5401': attribute type 10 has an invalid length.
[ 1425.550227][T22037] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5401'.
[ 1425.929041][T22048] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1426.049790][T22051] netlink: 'syz.0.5404': attribute type 22 has an invalid length.
[ 1426.057740][T22051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5404'.
[ 1426.424067][T22061] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1426.504126][T22064] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5408'.
[ 1426.886963][T11037] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1427.046133][T22078] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1427.751881][T22094] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1428.030096][ T4322] Bluetooth: hci5: ISO packet for unknown connection handle 4095
[ 1428.397390][T22110] FAULT_INJECTION: forcing a failure.
[ 1428.397390][T22110] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1428.447087][T22110] CPU: 1 PID: 22110 Comm: syz.1.5427 Not tainted syzkaller #0
[ 1428.454649][T22110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1428.464741][T22110] Call Trace:
[ 1428.468055][T22110]  <TASK>
[ 1428.471014][T22110]  dump_stack_lvl+0x188/0x24e
[ 1428.475815][T22110]  ? show_regs_print_info+0x12/0x12
[ 1428.481043][T22110]  ? load_image+0x400/0x400
[ 1428.485589][T22110]  ? __lock_acquire+0x7d10/0x7d10
[ 1428.490658][T22110]  should_fail_ex+0x399/0x4d0
[ 1428.495376][T22110]  _copy_from_user+0x2c/0x170
[ 1428.500088][T22110]  iovec_from_user+0x143/0x360
[ 1428.504887][T22110]  __import_iovec+0x6d/0x500
[ 1428.509523][T22110]  import_iovec+0x6f/0xa0
[ 1428.513888][T22110]  ___sys_sendmsg+0x252/0x360
[ 1428.518604][T22110]  ? __sys_sendmsg+0x290/0x290
[ 1428.523424][T22110]  ? __lock_acquire+0x7d10/0x7d10
[ 1428.528510][T22110]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1428.533397][T22110]  ? __x64_sys_sendmsg+0x80/0x80
[ 1428.538385][T22110]  ? lockdep_hardirqs_on+0x94/0x140
[ 1428.543628][T22110]  do_syscall_64+0x4c/0xa0
[ 1428.548081][T22110]  ? clear_bhb_loop+0x60/0xb0
[ 1428.552802][T22110]  ? clear_bhb_loop+0x60/0xb0
[ 1428.557537][T22110]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1428.563490][T22110] RIP: 0033:0x7faf8b59ce59
[ 1428.567950][T22110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1428.587600][T22110] RSP: 002b:00007faf897f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1428.596151][T22110] RAX: ffffffffffffffda RBX: 00007faf8b815fa0 RCX: 00007faf8b59ce59
[ 1428.604150][T22110] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000005
[ 1428.612932][T22110] RBP: 00007faf897f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1428.620941][T22110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1428.628940][T22110] R13: 00007faf8b816038 R14: 00007faf8b815fa0 R15: 00007ffebf2f8d08
[ 1428.636964][T22110]  </TASK>
[ 1429.728626][T22135] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1430.425424][T22145] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.5439'.
[ 1430.448181][T22144] device veth1_macvtap left promiscuous mode
[ 1430.483582][T22144] device macsec0 left promiscuous mode
[ 1431.693976][T22181] netlink: 'syz.2.5449': attribute type 2 has an invalid length.
[ 1431.736702][T22181] netlink: 'syz.2.5449': attribute type 8 has an invalid length.
[ 1431.784879][T22181] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5449'.
[ 1431.922660][T22183] netlink: 'syz.2.5449': attribute type 2 has an invalid length.
[ 1431.954717][T22183] netlink: 'syz.2.5449': attribute type 8 has an invalid length.
[ 1431.992041][T22183] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5449'.
[ 1432.071544][T22181] netlink: 'syz.2.5449': attribute type 10 has an invalid length.
[ 1432.280744][T22181] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1432.292012][T22181] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1432.323197][T22181] device bridge0 left promiscuous mode
[ 1432.457375][T22181] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1432.464642][T22181] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1432.472226][T22181] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1432.479421][T22181] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1432.523459][T22181] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1432.700835][T22188] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1432.889210][T22200] netlink: 'syz.2.5456': attribute type 1 has an invalid length.
[ 1432.938938][T22200] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5456'.
[ 1436.170106][T22230] netlink: 15231 bytes leftover after parsing attributes in process `syz.4.5468'.
[ 1436.183149][T22230] netlink: 'syz.4.5468': attribute type 21 has an invalid length.
[ 1436.192009][T22230] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5468'.
[ 1437.429058][T22259] netlink: 'syz.0.5479': attribute type 41 has an invalid length.
[ 1437.688012][T22269] netlink: 'syz.4.5481': attribute type 7 has an invalid length.
[ 1437.691549][T22255] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[ 1438.765958][T22288] FAULT_INJECTION: forcing a failure.
[ 1438.765958][T22288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1438.798985][T22288] CPU: 1 PID: 22288 Comm: syz.0.5487 Not tainted syzkaller #0
[ 1438.806538][T22288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1438.816648][T22288] Call Trace:
[ 1438.819969][T22288]  <TASK>
[ 1438.822939][T22288]  dump_stack_lvl+0x188/0x24e
[ 1438.827778][T22288]  ? show_regs_print_info+0x12/0x12
[ 1438.833048][T22288]  ? load_image+0x400/0x400
[ 1438.837603][T22288]  ? __lock_acquire+0x7d10/0x7d10
[ 1438.842696][T22288]  should_fail_ex+0x399/0x4d0
[ 1438.847523][T22288]  _copy_from_user+0x2c/0x170
[ 1438.852255][T22288]  sk_setsockopt+0x2f1/0x28a0
[ 1438.856982][T22288]  ? __fget_files+0x28/0x4b0
[ 1438.861632][T22288]  ? sockopt_capable+0x60/0x60
[ 1438.866557][T22288]  ? aa_sk_perm+0x81f/0x950
[ 1438.871116][T22288]  ? aa_af_perm+0x340/0x340
[ 1438.875665][T22288]  ? __fget_files+0x43d/0x4b0
[ 1438.880394][T22288]  ? aa_sock_opt_perm+0x74/0x100
[ 1438.885376][T22288]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 1438.890970][T22288]  ? security_socket_setsockopt+0x7a/0xa0
[ 1438.896739][T22288]  __sys_setsockopt+0x2f6/0x3d0
[ 1438.901649][T22288]  __x64_sys_setsockopt+0xb1/0xc0
[ 1438.906722][T22288]  do_syscall_64+0x4c/0xa0
[ 1438.911172][T22288]  ? clear_bhb_loop+0x60/0xb0
[ 1438.915885][T22288]  ? clear_bhb_loop+0x60/0xb0
[ 1438.920606][T22288]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1438.926542][T22288] RIP: 0033:0x7f8091b9ce59
[ 1438.930991][T22288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1438.950654][T22288] RSP: 002b:00007f80929af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1438.959190][T22288] RAX: ffffffffffffffda RBX: 00007f8091e15fa0 RCX: 00007f8091b9ce59
[ 1438.967204][T22288] RDX: 000000000000003d RSI: 0000000000000001 RDI: 0000000000000003
[ 1438.975207][T22288] RBP: 00007f80929af090 R08: 0000000000000004 R09: 0000000000000000
[ 1438.983207][T22288] R10: 0000200000000b80 R11: 0000000000000246 R12: 0000000000000001
[ 1438.991227][T22288] R13: 00007f8091e16038 R14: 00007f8091e15fa0 R15: 00007ffc57a2f7e8
[ 1438.999244][T22288]  </TASK>
[ 1439.006378][T11063] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1439.195791][T22295] can: request_module (can-proto-0) failed.
[ 1439.714352][T22316] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1439.856390][T22312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1440.417299][T22329] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1440.665192][T22327] netlink: 'syz.3.5501': attribute type 29 has an invalid length.
[ 1440.802859][T22327] netlink: 'syz.3.5501': attribute type 29 has an invalid length.
[ 1441.462291][T22332] netlink: 'syz.3.5501': attribute type 29 has an invalid length.
[ 1441.824082][T22362] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1447.430615][T22404] netlink: 'syz.0.5525': attribute type 7 has an invalid length.
[ 1447.585116][T22407] netlink: 'syz.1.5526': attribute type 10 has an invalid length.
[ 1447.601336][T22407] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5526'.
[ 1447.818689][T22410] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1448.855804][T22418] mac80211_hwsim hwsim20 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1449.127948][T22427] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1451.585087][T22443] netlink: 'syz.0.5540': attribute type 10 has an invalid length.
[ 1451.593241][T22443] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5540'.
[ 1451.613475][T22453] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1451.760972][T22458] FAULT_INJECTION: forcing a failure.
[ 1451.760972][T22458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1451.803009][T22458] CPU: 1 PID: 22458 Comm: syz.3.5544 Not tainted syzkaller #0
[ 1451.810574][T22458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1451.820677][T22458] Call Trace:
[ 1451.823998][T22458]  <TASK>
[ 1451.826952][T22458]  dump_stack_lvl+0x188/0x24e
[ 1451.831669][T22458]  ? show_regs_print_info+0x12/0x12
[ 1451.836891][T22458]  ? load_image+0x400/0x400
[ 1451.841427][T22458]  ? __lock_acquire+0x7d10/0x7d10
[ 1451.846485][T22458]  ? snprintf+0xe5/0x140
[ 1451.850774][T22458]  should_fail_ex+0x399/0x4d0
[ 1451.855483][T22458]  _copy_to_user+0x2c/0x130
[ 1451.860049][T22458]  simple_read_from_buffer+0xe3/0x150
[ 1451.865450][T22458]  proc_fail_nth_read+0x1a6/0x220
[ 1451.870503][T22458]  ? proc_fault_inject_write+0x310/0x310
[ 1451.876164][T22458]  ? fsnotify_perm+0x248/0x550
[ 1451.880959][T22458]  ? proc_fault_inject_write+0x310/0x310
[ 1451.886624][T22458]  vfs_read+0x2de/0xa00
[ 1451.890820][T22458]  ? kernel_read+0x1e0/0x1e0
[ 1451.895441][T22458]  ? __fget_files+0x28/0x4b0
[ 1451.900058][T22458]  ? __fget_files+0x28/0x4b0
[ 1451.904676][T22458]  ? __fget_files+0x43d/0x4b0
[ 1451.909397][T22458]  ? __fdget_pos+0x2ae/0x360
[ 1451.914021][T22458]  ? ksys_read+0x71/0x250
[ 1451.918392][T22458]  ksys_read+0x14c/0x250
[ 1451.922668][T22458]  ? vfs_write+0xa30/0xa30
[ 1451.927123][T22458]  ? lockdep_hardirqs_on+0x94/0x140
[ 1451.932349][T22458]  do_syscall_64+0x4c/0xa0
[ 1451.936811][T22458]  ? clear_bhb_loop+0x60/0xb0
[ 1451.941517][T22458]  ? clear_bhb_loop+0x60/0xb0
[ 1451.946233][T22458]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1451.952155][T22458] RIP: 0033:0x7f65d555d68e
[ 1451.956593][T22458] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1451.976399][T22458] RSP: 002b:00007f65d37f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1451.984835][T22458] RAX: ffffffffffffffda RBX: 00007f65d37f66c0 RCX: 00007f65d555d68e
[ 1451.992828][T22458] RDX: 000000000000000f RSI: 00007f65d37f60a0 RDI: 0000000000000004
[ 1452.000819][T22458] RBP: 00007f65d37f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1452.008813][T22458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1452.016806][T22458] R13: 00007f65d5816038 R14: 00007f65d5815fa0 R15: 00007ffcb95fe8f8
[ 1452.024815][T22458]  </TASK>
[ 1452.658550][T22480] mac80211_hwsim hwsim22 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1452.802350][T22481] device sit0 entered promiscuous mode
[ 1452.836244][T11063] wlan1: Trigger new scan to find an IBSS to join
[ 1453.485050][T22496] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1454.047392][T22518] netlink: 'syz.4.5561': attribute type 1 has an invalid length.
[ 1454.060338][T22518] netlink: 'syz.4.5561': attribute type 4 has an invalid length.
[ 1454.068752][T22518] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.5561'.
[ 1455.844184][T22551] netlink: 'syz.2.5573': attribute type 1 has an invalid length.
[ 1455.852881][T22551] netlink: 'syz.2.5573': attribute type 1 has an invalid length.
[ 1455.869269][T11063] wlan1: Trigger new scan to find an IBSS to join
[ 1455.929500][T22551] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.5573'.
[ 1456.059943][T22552] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1457.049609][T11058] wlan1: Creating new IBSS network, BSSID 42:ca:53:09:44:60
[ 1457.561267][T22587] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1457.859460][T22592] mac80211_hwsim hwsim26 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1457.859477][T11070] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 1457.859502][T11070] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 1457.902529][T11057] ------------[ cut here ]------------
[ 1457.908502][T11057] WARNING: CPU: 1 PID: 11057 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x428/0x4b0
[ 1457.919412][T11057] Modules linked in:
[ 1457.923359][T11057] CPU: 1 PID: 11057 Comm: kworker/u4:11 Not tainted syzkaller #0
[ 1457.931488][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1457.941647][T11057] Workqueue: cfg80211 cfg80211_event_work
[ 1457.947438][T11057] RIP: 0010:__cfg80211_ibss_joined+0x428/0x4b0
[ 1457.953702][T11057] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 57 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 61 e8 ec f7 0f 0b eb bb e8 58 e8 ec f7 <0f> 0b eb b2 e8 4f e8 ec f7 0f 0b e9 77 fd ff ff e8 43 e8 ec f7 0f
[ 1457.973586][T11057] RSP: 0018:ffffc9001b787aa0 EFLAGS: 00010293
[ 1457.979766][T11057] RAX: ffffffff89959e58 RBX: dffffc0000000000 RCX: ffff88802b705940
[ 1457.987792][T11057] RDX: 0000000000000000 RSI: ffffffff8a8c19a0 RDI: ffffffff8adf1b60
[ 1457.995839][T11057] RBP: ffffc9001b787b70 R08: ffffffff90afd2a7 R09: 1ffffffff215fa54
[ 1458.003896][T11057] R10: dffffc0000000000 R11: fffffbfff215fa55 R12: ffff88807be635f8
[ 1458.011940][T11057] R13: 1ffff920036f0f5c R14: 000000000000001f R15: ffff8880572d8c90
[ 1458.020002][T11057] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1458.029096][T11057] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1458.035728][T11057] CR2: 0000001b2d818ff8 CR3: 0000000075947000 CR4: 00000000003506e0
[ 1458.043801][T11057] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1458.051851][T11057] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 1458.059918][T11057] Call Trace:
[ 1458.063239][T11057]  <TASK>
[ 1458.066214][T11057]  ? mutex_lock_nested+0x10/0x10
[ 1458.071258][T11057]  ? trace_rdev_return_void+0x240/0x240
[ 1458.076867][T11057]  cfg80211_process_wdev_events+0x3ad/0x550
[ 1458.082968][T11057]  cfg80211_process_rdev_events+0x9d/0x110
[ 1458.088845][T11057]  ? process_one_work+0x7b0/0x1160
[ 1458.094004][T11057]  cfg80211_event_work+0x2b/0x40
[ 1458.099034][T11057]  process_one_work+0x8a2/0x1160
[ 1458.104046][T11057]  ? worker_detach_from_pool+0x240/0x240
[ 1458.109774][T11057]  ? _raw_spin_lock_irq+0x86/0xf0
[ 1458.114859][T11057]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1458.119971][T11057]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1458.125568][T11057]  ? kthread_data+0x4b/0xc0
[ 1458.130179][T11057]  worker_thread+0xaa2/0x1270
[ 1458.134935][T11057]  kthread+0x29d/0x330
[ 1458.139090][T11057]  ? worker_clr_flags+0x1a0/0x1a0
[ 1458.144159][T11057]  ? kthread_blkcg+0xd0/0xd0
[ 1458.148851][T11057]  ret_from_fork+0x1f/0x30
[ 1458.153368][T11057]  </TASK>
[ 1458.156429][T11057] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1458.163731][T11057] CPU: 1 PID: 11057 Comm: kworker/u4:11 Not tainted syzkaller #0
[ 1458.171480][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1458.181563][T11057] Workqueue: cfg80211 cfg80211_event_work
[ 1458.187329][T11057] Call Trace:
[ 1458.190632][T11057]  <TASK>
[ 1458.193588][T11057]  dump_stack_lvl+0x188/0x24e
[ 1458.198300][T11057]  ? memcpy+0x3c/0x60
[ 1458.202315][T11057]  ? show_regs_print_info+0x12/0x12
[ 1458.207544][T11057]  ? load_image+0x400/0x400
[ 1458.212098][T11057]  panic+0x2e5/0x730
[ 1458.216030][T11057]  ? bpf_jit_dump+0xd0/0xd0
[ 1458.220583][T11057]  ? ret_from_fork+0x1f/0x30
[ 1458.225221][T11057]  __warn+0x2f8/0x4f0
[ 1458.229234][T11057]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 1458.234812][T11057]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 1458.240384][T11057]  report_bug+0x2ba/0x4f0
[ 1458.244740][T11057]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 1458.250324][T11057]  handle_bug+0x3a/0x70
[ 1458.254600][T11057]  exc_invalid_op+0x16/0x40
[ 1458.259135][T11057]  asm_exc_invalid_op+0x16/0x20
[ 1458.264030][T11057] RIP: 0010:__cfg80211_ibss_joined+0x428/0x4b0
[ 1458.270219][T11057] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 57 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 61 e8 ec f7 0f 0b eb bb e8 58 e8 ec f7 <0f> 0b eb b2 e8 4f e8 ec f7 0f 0b e9 77 fd ff ff e8 43 e8 ec f7 0f
[ 1458.289867][T11057] RSP: 0018:ffffc9001b787aa0 EFLAGS: 00010293
[ 1458.295967][T11057] RAX: ffffffff89959e58 RBX: dffffc0000000000 RCX: ffff88802b705940
[ 1458.303967][T11057] RDX: 0000000000000000 RSI: ffffffff8a8c19a0 RDI: ffffffff8adf1b60
[ 1458.312061][T11057] RBP: ffffc9001b787b70 R08: ffffffff90afd2a7 R09: 1ffffffff215fa54
[ 1458.320077][T11057] R10: dffffc0000000000 R11: fffffbfff215fa55 R12: ffff88807be635f8
[ 1458.328088][T11057] R13: 1ffff920036f0f5c R14: 000000000000001f R15: ffff8880572d8c90
[ 1458.336106][T11057]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 1458.341706][T11057]  ? mutex_lock_nested+0x10/0x10
[ 1458.346772][T11057]  ? trace_rdev_return_void+0x240/0x240
[ 1458.352624][T11057]  cfg80211_process_wdev_events+0x3ad/0x550
[ 1458.358561][T11057]  cfg80211_process_rdev_events+0x9d/0x110
[ 1458.364402][T11057]  ? process_one_work+0x7b0/0x1160
[ 1458.369555][T11057]  cfg80211_event_work+0x2b/0x40
[ 1458.374532][T11057]  process_one_work+0x8a2/0x1160
[ 1458.379533][T11057]  ? worker_detach_from_pool+0x240/0x240
[ 1458.385206][T11057]  ? _raw_spin_lock_irq+0x86/0xf0
[ 1458.390277][T11057]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1458.395336][T11057]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1458.400916][T11057]  ? kthread_data+0x4b/0xc0
[ 1458.405462][T11057]  worker_thread+0xaa2/0x1270
[ 1458.410208][T11057]  kthread+0x29d/0x330
[ 1458.414298][T11057]  ? worker_clr_flags+0x1a0/0x1a0
[ 1458.419355][T11057]  ? kthread_blkcg+0xd0/0xd0
[ 1458.423978][T11057]  ret_from_fork+0x1f/0x30
[ 1458.428448][T11057]  </TASK>
[ 1458.431743][T11057] Kernel Offset: disabled
[ 1458.436139][T11057] Rebooting in 86400 seconds..