last executing test programs:

7.790638787s ago: executing program 2 (id=2236):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41ff, 0x2122, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x5, 0xf905}, 0x0, 0x0, 0x9, 0x1, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(r0, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x88)
setsockopt$sock_attach_bpf(r3, 0x1, 0x41, &(0x7f0000000040)=r2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000580)={&(0x7f00000001c0)=@in6={0xa, 0x4e21, 0x4, @mcast2, 0x9}, 0x80, 0x0}, 0x4000080)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x84000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x8, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = socket$kcm(0x11, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000200000095"], &(0x7f00000029c0)='syzkaller\x00', 0x9, 0x7c, &(0x7f0000000480)=""/124}, 0x94)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000000), 0x4)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000080)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001100)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x51, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x8, 0xf5, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f0000000580)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20004000)
sendmsg(r3, &(0x7f0000000b00)={&(0x7f00000005c0)=@x25, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000640)="aeb484a60fe028f2b22f3fa8b0063b3deadb5e1538c513d1c470b9afd0640a4aaef918940a9881e360db76520006d1982ae079abc7bd4a568e8f561f00ff886434467ad34487705119ceb3c8fc5d8ac7b26775cd543f9b9f60833c2c668d3a7417ade608a6635d6d2be9d3b7676256", 0x6f}, {&(0x7f0000000380)="1a2dcc3e6dda8151fd78ecc344a6532c6a839d49f749d607", 0x18}, {&(0x7f00000006c0)="1d0c998916f954f9", 0x8}, {&(0x7f0000000700)="adf5dc1807f6bcdb59ef40732233b1d271ab97dca70369e0df9183ec8a59724a23b53a1241c013a037377be3307944f1cb36ef076cc991c48ef4f886dd0dd57763d05e5df341c61baf965ff66fa7d82574beb574adc6df60ecb1859b7e9590882bc3f717943b5a2180d09653fcd499c70b69ad721b2e3add8d304399ad01912303e070266f6ca4031bfe241954c90fa8841086e09c8e730e96bf7b29d312c809", 0xa0}, {0x0}, {&(0x7f0000000940)="75f742fb9ddaabae8679c5fb7ab7ddf74a8f25e699e589a88e80b2457525e80321df111d6ca09646faf1a09f333c55f0cca8d73c20e229b50c8678ec9c0109d8afe3b69e7c75b605c6a423698abe99f008ae59af03ea96c30e7e57300c4ce03ebebf0affdf956d03fa1b6a690e20d15711fd", 0x72}, {&(0x7f00000009c0)="d7804679b1c4400f5b577b0f7c0def485f1a0d8c61d4c4a2ae862d569c3c53bdc0ad5e34823d29a8db1c79871fd2a4e40714e6bcad12037a0252357c3182c45a040e5b2ff9ca3120f85088023fbf41bad959f52a6aa765170de2f36ddc1e539351e8d6bbe7b8e133a5ed6c0b1a96dd328dd949a455fad2e91a0db35e2681d360ff9f46d34c5f497fadacd6f8f3c47b6d025d23f5fa67ed02982a32", 0x9b}], 0x7, &(0x7f0000001b80)=ANY=[@ANYBLOB="e0000000000000000000000000001000c2817e2c5363764d368378392382fa5f66f23e6f10ae67b1f59151960fda147a648b5e4be9e6c189a2bd0b136b3192910472dacd33b7cfd886963a76655e5861fc725ccbca322574513fc1f1dd0ddd04429e30306f4b3a701ef94083bdd82f79db2183be943ac0e83297fc6f4cc48d499e0d20989639932980b4bc869581e47cf959bf9903f19c1d904aaac9edce49b973334b08b9e4e1e4ef5bea407a335f909f4c2d1e4b83ab4ceff47b4ebaf30da5b6c75ced447e313935aaba76b2278b743e0000a0000000000000000000000008000000a27c321c0c2f9ba1e36ad8a7e80c6e34d626f3ada6fe2cb033f88433e320c3bb48fffb8ced36f37ef88d1b8c63295baab81e07639315c3e1a7e693f7feed673a9d86df97cd6cef1236ab11c986955416b755ba7d2fbc1715b980d71e5d76098d29ab2d188e22a70789469178a8df6556514b91b52e4356a3f02259f6b153dab3f404853716c510ffe45300000000000088000000000000003a00000006000000c012c9fb22b25ea3a1beefcc6fab849871569d3c2d55ab9d0e4c3f59cda31e47452f72ec2b5308c3839ab4ab9be87bb615ce0c08787e332a9e26e7dc005ac4f960"], 0x2f8}, 0x40800)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000240)={r3})
write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c", 0x69}, {0x0}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d787fd9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d863b1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c0156e4b754c5c648b4ef8af32c91859f9706048f029634cefd0d767e8b7743262cb8a468ad37dfa47a745495e3f03cfa1d4ed71af55453c0a25fa1122a9054bcc4d9960c9a54f36b6db55154ab7dd19890d9f8ff3549e0fbd5a655319566b7f9c72be0242e7ffb59020356c3ffb5b9c43858e69d7b677a9bc5b8a64721a51b75a254e07199a73726834bea05901455ad53b38116b953c970b2002d0d1f91deb73ccb7266fbb21aa8555599daed7585575ef3efbd737f2523018ba4645d862889d5c3d91b12f04166db8bffecde54ee278d0d5351f3bf1f8902ff3f4c24a8c0c8a4e6addc9baadc471813589324d3128a1b193137c15c01be9f367317b1c885301ff8e9df728efa37df27f65eb0464055091f2ed469fdab48f413e3978f73ff9dffeb85453e841f86594612ac91b50add8d14910748bfa903033662f3", 0x534}], 0x3}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x12}, 0x40012101)
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000300)='memory.swap.current\x00', 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r7 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r7, 0x0, 0x60, 0x0, 0x4310feed034fc9f2)

7.546678858s ago: executing program 2 (id=2239):
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x7, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x80114, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, @perf_config_ext={0xffffffffffdfffff, 0x5d}, 0x2, 0xca, 0x0, 0x0, 0x3, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x6c6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x5, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
close(r1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d80)={0xffffffffffffffff, 0xe0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1a, 0xd, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
gettid()
r5 = syz_clone(0x20021000, &(0x7f0000001180), 0x0, &(0x7f0000001040), 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x7, 0x2, 0x0, 0x0, 0x7fc}, r5, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="c1dfb061cd21d3084d94d35486dd", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$unix(r4, &(0x7f00000004c0)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000200)}], 0x1, &(0x7f0000000440)=ANY=[], 0x60, 0x24048006}, 0x2000014)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0xa8}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5f"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x4d}, 0x94)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
r10 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0xff, 0xa, 0x0, 0x0, 0x0, 0x510, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}, 0x0, 0x10000, 0x2, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000f00)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r10, 0x40042408, r11)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_subtree(r9, &(0x7f00000002c0)=ANY=[@ANYRES8=r1, @ANYRES8=r12], 0x12)

7.251592817s ago: executing program 2 (id=2242):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7, 0xff, 0xfa, 0x7, 0x0, 0x800ea, 0x9800, 0xb, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0, 0x1}, 0xc001, 0x10040, 0xfd84, 0x4, 0x10001, 0x3, 0xa33, 0x0, 0x8, 0x0, 0x8}, 0x0, 0xb, 0xffffffffffffffff, 0x8)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000480)={0x5, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, @perf_config_ext={0x0, 0xfffffffeffffffff}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x80000000, 0x3fff8000}, 0x110, 0x32, 0x43a1bd77, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200a}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0xff, 0x0, 0x0, 0x5d31, 0x2a040, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xe55}, 0x2000, 0x8, 0x0, 0x1, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x310c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="190000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x5, 0x84)
r1 = socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000800)={r0, 0x20, &(0x7f00000007c0)={&(0x7f00000003c0)=""/29, 0x1d, 0x0, &(0x7f00000006c0)=""/236, 0xec}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000000), 0x4)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@l2tp={0x2, 0x0, @private=0xa010100}, 0x80, 0x0, 0x0, &(0x7f0000003280)=ANY=[@ANYBLOB="20000000000000008400000008000000941f6721e757691d020000faffffff001800000000"], 0x38}, 0x41)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305828, &(0x7f0000000040))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32, @ANYRES32, @ANYBLOB="0500000005002538c3770000011bbe00"/32], 0x50)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)=0x20000)

6.730704364s ago: executing program 2 (id=2246):
socket$kcm(0x11, 0x200000000000002, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000090000000000000000000000850000002000000018010000696c6c2500000000002020207b1af8ff"], 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b9040a00000700000000000000000600142603600e1209001800", 0x28}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f00000005c0)=ANY=[], 0x33fe0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x2, &(0x7f0000000380)=@raw=[@btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @ringbuf_query, @initr0={0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x8}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
setsockopt$sock_attach_bpf(r1, 0x6, 0x3, 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x0, 0x0, 0xf3, 0xa, 0x0, 0x0, 0xd006e1258c4875cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x4c30, 0xc8, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
close(r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0x3, &(0x7f0000000000)=@raw=[@ldst={0x0, 0x3, 0x0, 0x5, 0x5, 0x80, 0xfffffffffffffff0}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xffffffffffffffff}], &(0x7f0000000040)='GPL\x00', 0x8000, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080)={0x3, 0x7, 0x6, 0x3}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000100)=[{0x1, 0x2, 0x6, 0x2}]}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000031d0851000000600000018040000", @ANYRES32, @ANYBLOB="00000000000000006600ffffff80000018000000000000000000000000000000950000000000000018010000202070250000000000202020db1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b502000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x3, &(0x7f0000000340)=""/206}, 0x90)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='pids.current\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000440)={@cgroup, 0x2b, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], <r8=>0x0}, 0x40)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r9, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r10, &(0x7f00000005c0), 0x0}, 0x20)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="0000000001000000", @ANYRES32=r7, @ANYBLOB, @ANYRES32=r9, @ANYBLOB="505bf9682684bf05f0d3f1a340fecc7299e757d20b86957b0c6e9a1ba7ee3066d2aedb963378bd2704f35691c59f61f476043950cb7fa60cf01cddc1461cb0d334c98d18ec35aefb63727a7e9bb27120525c820804cbf77c3b64ef9bf4055e3b8ef5471911d25cc3a2f29a8176d5c43b8938d4bb937f6bd53a94687bda85388a05b3e4a5bc87eb02ca19e4", @ANYRES64=r8], 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000bc0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x8, [@enum64={0x6, 0x1, 0x0, 0x13, 0x0, 0x4, [{0xfffffffe, 0x1, 0x40}]}]}, {0x0, [0x61, 0x5f, 0x2e, 0x30, 0x61, 0x61]}}, 0x0, 0x38, 0x0, 0x8, 0x1}, 0x28)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

6.476504607s ago: executing program 2 (id=2247):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x1, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x400008, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000002c0)=ANY=[], 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socket$kcm(0x11, 0x2, 0x0)

6.063881886s ago: executing program 2 (id=2251):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="c2", 0x1}], 0x1}, 0x80)
unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00')
r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce2200"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000008c0)=ANY=[@ANYRESHEX=r1, @ANYRES16=r1, @ANYRES16=r0], &(0x7f00000002c0)='GPL\x00', 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0xa, 0x2, 0x3a)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000008f000000000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000054000001b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000c3090000a1000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0xd}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="090000000b000000ff03000001"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r4}, &(0x7f0000000040), &(0x7f0000000080)='%-010d \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000580)='%+9llu \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)='%ps    \x00'}, 0x20)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

4.256153998s ago: executing program 1 (id=2263):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x1, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x400008, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000002c0)=ANY=[], 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socket$kcm(0x11, 0x2, 0x0)

4.012928439s ago: executing program 1 (id=2265):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="c2", 0x1}], 0x1}, 0x80)
unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00')
r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce2200"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000008c0)=ANY=[@ANYRESHEX=r1, @ANYRES16=r1, @ANYRES16=r0], &(0x7f00000002c0)='GPL\x00', 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0xa, 0x2, 0x3a)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000008f000000000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000054000001b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000c3090000a1000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0xd}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="090000000b000000ff03000001"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r4}, &(0x7f0000000040), &(0x7f0000000080)='%-010d \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000580)='%+9llu \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)='%ps    \x00'}, 0x20)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

3.412805719s ago: executing program 1 (id=2268):
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x7, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x80114, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, @perf_config_ext={0xffffffffffdfffff, 0x5d}, 0x2, 0xca, 0x0, 0x0, 0x3, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x6c6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x5, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
close(r1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d80)={0xffffffffffffffff, 0xe0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1a, 0xd, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
gettid()
r5 = syz_clone(0x20021000, &(0x7f0000001180), 0x0, &(0x7f0000001040), 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x7, 0x2, 0x0, 0x0, 0x7fc}, r5, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="c1dfb061cd21d3084d94d35486dd", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$unix(r4, &(0x7f00000004c0)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000200)}], 0x1, &(0x7f0000000440)=ANY=[], 0x60, 0x24048006}, 0x2000014)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0xa8}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5f"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x4d}, 0x94)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
r10 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0xff, 0xa, 0x0, 0x0, 0x0, 0x510, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}, 0x0, 0x10000, 0x2, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r11 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r10, 0x40042408, r11)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_subtree(r9, &(0x7f00000002c0)=ANY=[@ANYRES8=r1, @ANYRES8=r12], 0x12)

2.827396717s ago: executing program 0 (id=2269):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0xa, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x2, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000fc0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548ef8e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb030621204d3ded6f260af62d91faae95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b21675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd5fb62bd08242a858aeeda8c0cbb4fc2478a8155b859e88493f322702277939832bd4a1d8109f98c5a187564c9eb80acc63ac57459593c81ce8998e38ea231b81ebaa6b242ebdf382d70232f1d8e516a8eaf39d09ea40198cf1b72eb5ce5327d3a3861470be47a9a9dbf569e6f6f474fd1448adfd70c4f4a4487edaf193a00a808389a110a4286905ba81309735f6ac5d2ba7ab2be01fa25c11dbb3170258e9d9fed944fd85c03336a49f7016517a1988bc84ee301e167d3cf88c46c4eba6e2bfd099acd2eec5c624679aa7ebab76061a9ca792bffe3d6df4dbe70b5cab6299a51e63826fd0bda4846d06e322ebd745e73da718ba0c93e7567df9ed7ea8d2fdbde44e65a4cd01748b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0xff6c}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x56, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff88641100404863332121ac14142ce934a0a662079f4b4d2f87e56dca6aab845013f208001a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfb, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000001c40)="beb61ec2ca90080239f2a54e2368fa761313c3a024a98109ba1e2e7b780d03c54b7a83d56fce397842e724674507d531762055fca371ea775f418df7bee236c9b9968146efb3232ae3413b617445e98bb644a892b9337f1a9135d9f30457a8ffb21aef4a95a155fab70a40b086056b0f63331a66b3457c", 0x2}, 0x2c) (fail_nth: 6)

2.787731304s ago: executing program 1 (id=2270):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r0, &(0x7f0000000080)='blkio.throttle.read_iops_device\x00', 0x2, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000300)={0x7, &(0x7f00000002c0)=[{0x0, 0x9, 0x2, 0x9}, {0x2, 0x4, 0x2, 0x4}, {0x2, 0x6, 0x8, 0xffffffff}, {0x6, 0xb, 0xc, 0x7f6}, {0xff80, 0x7, 0xe5, 0x4}, {0x7, 0x7, 0x5, 0x5}, {0x8, 0xf, 0x0, 0x4}]})
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f0000000b80)="780be936cf8f0351fa365153ff1bd721f47e0a10c14d163e32f8d544dfada2de74dced9112829d70ed78d7e6b0dae964377efbcfcce672bd44362e47272966e3a2ac339cbca39c39f893e518c1dd6bf0ef4d4b0dbca22d4906a7893fdb4bb92384fc683adf4ca44e33e58a18baa991953b08437853129351021c7a2fcb27ab2cee1cfbe0ec12fe02482127bd61b9abebc3efd425822d2ec984e942134a6dc9b212b8eb927b7ac3888ea60ddf4041a766e2a3dec1fa872aecac43accf3a9d0ddd2569d767d6625b62eb9f3074f688a36b9f76dada47053aeb2c60b80c2f5ceaadf7b9cfa9937a304db252743bd7d3838fddc77fd657011a786c6132c9454b32839dcc33ffa7b92944e2719e17f8563f8eb38caf19e85b9775e56c7bf0d3f1e1128bf78d30dab817a5dd9b0f633f0243281b9bce2eb93d872cba10c15624803085165a95bd513ef057f0a110ba02154caa21faec804953b810df3f70f3d42e2e7cc78a6ff62f024dd8deb26c56dac9d95c21c8660a63968e4cb64cfbcbcfcb62a3b8a889f36d297e39387aa3cad970806a0fab4fe916f324178b8f595aad1578edc899a5751c9a21961940668858a721b50de83be07160c1bfbfe8bd5a965d9dbddc8ec92e9d575f2b2a98ed61fbd72c6407199b829a3814f357e91da127ffee2eeded2be1119195a38f49ede8cad5c142955c75631d3389b5a144b9c927f4dfc4cdc5a549945582bade81b1ba31a269d0804bd07ec409aec567604ff47d4252d40d4f7901121cfc85ffefc0352fe5f0cb33424c4c53e4d43425e9ab50904a48812ddee23593c238eae8af304ecda5f247bc48c60d5a4ba1d8e7101907319e01c4b50a30bc104ca4b3473192700fab5023fad29b304346417fd1b3f64b047ca74d390e59798c01067cc48d33aca5b82f9921b37755d9dfe7c26f67c2cbf44053221643470c8db22d1daa70a81a381805683a14a661184ae4283da38041d412caa5b275231a2d15aff5a44a01780427f3d8c61f061c4131a86147a5c7b989a7041b8002f98894983a5d147ea67f5ad2eab21ec112ad0f405a198cd15c38569388d4fa80eef0dee1bb185baf23f90bce5bc267ab879fd0bf412efd8a50eb583e7f8e3a58b3a6e1206c996498d5457d20aef14ae72ac0074d0728e6b7fcf0911a92e78403ebdfc6833286879925832414d92548adb43a36ad3aa54c1a79769a00288f14f0486dc78490844a8528125e712cb45165241918a7c18920c2216661f0bedb1a880375e85aec1f1ae117364e48a5c3e8073d13b6132dc18d86e4572cd63e46f4b770c993ca36d8648021c5e040ea741d02c3905f46c30c5c1b647c496695cdf3a90ad6646523c2daa9fa5a0aae6feb6e198086b0bc626542a015d14366caab804f127346bf6be1dcea6fa1290a1113c6d0ec107cb8b0c5ed6dd95394d3c0b24cc3372f4730d6745af25ab5df774996bc36615f51a0a07b001909b957a88c375031da24f72fea6cc6ebec4cc284a287a8d5da4ddef513c3828139fd446c4f9bde76c93b519cf09671d4a0c6c6525c2743fa6609135038d3cb40634c7703d8a6ebeef64990b9671926fed5aa1803d0a8dae46e0c777549f7e5997aa554b0453904ca663636142cc179e1f7514c52bbf21e66d5565abc8f1108c632a78096c9d2a1cb3dd0d5effe1671bdd4b2fc1e1efb8fbbc5ca1535a31ee87d885363e205a07f4ebfd3dd04f90a3def8b7328998990a08eda4e1ca6e4f576d1f5fed6b2fba8fac8920d88b73827f3754cba8a7300ec5ef8a5ec532d81db489fb564e17d2d27560edc7ac3a9d65a359588116c9a3bfbc7f225507a2b591418da342ec7aa1dfb0ce0508f75019544c502910de14a815257574d1b569f9131118ea476f3c6a0238aa15e6ee618522842280193d02f1e6d5df123d87cacb67c68ce0cf75a4f2657a831eb44eacf689482ee396f1bd3c64052728ec708d2e765a376e92de997920b008e8a4f2ce30fad8fbadff7c603a290202e8a6e833e3c137975d1886bde3a40f509469cda8c4316ab2e4956bc5abc12805606747e10944b31ea336eb224ae33ebd7298c4ea5baeda3118fe6c590965605a468d77b9f8d1acd5f56ed63e675a319a303c2a908c5ffd78d0743467c75e4b038db4821b678c5add7cc7991c8b9f4a3cfc139b78a05e65b6a6496a5ccf24a2a1a9f3cc086b633769a12d17701672ea4d2c98ab59dee33bd12343fdd36968c148c67014bd766d8e4dad3d574abf602a26aca93dac2816d1c812fce8004da66f476b2db2796de3f951b7c956690e16a3095216b095320106fc284ec6fa3e5e38e0a913de48a4a69ae8ca89118a80b17712c9785f6f33eae5090c2acb28c1f3ae1dadb694540a7912fc9b82463159f8106ea69dc0b74d5aee8193c97dbc8067d3a5b1359ec12600e570f7bc15a9400a700769f972de629ba4906954c7183cd891759e4a002989d9f871eb6e4970bc99a216cdb9eeca86007fbc4b0a23f1fd9930aeef95e7f381acec5093588da104f17b0ed09b1381fcce9838289c998b0c349af689ad76f5aa8ee63e3bec878aa6c7299e9ee7c40ba91f422020d3a6b009107bd7e20e6309a936404b2110bf2d9de9055a799efb883ff5a4d31955d49749854fa47561ec05c9dca0dd2e5114bae2c3075d0f07585fdf114d51d2ce830a28ca95d56e59b97626738eaa3f14b968c9ff2c4df99063e7acf106b409a8adb9afa626ebe47ee2588244f3cf506b67352b0a9db3f49c1829768e9ba305d88538283fc732ac2e688c1f03d7df41196e70220afaf26a0fd2855a7e2fd917e969520d5531a8f3ea869154bcd3133347ee4048ecd17a2a9118411452d5a66167de8399beac8acda5fdc29bbd97dcc4d1b81795fce9d508ad3eac34fc6fd0f5ff1e29623cf6db76287c2cc6bfdd4b7f03cee46e3af21d8f4e97c29484cfff3ca84580e01711601c1691cced45e5379ef7121e0a4aaabc141c9eff69a6af10cf6578867bd8ec830efbba63149ad311aaa272603693b24bc810ea8c642f83571688ade3df9564a150db1fb3b3167aee7efa4e998d1307b26e09b398596254b1fe3ce822c18b47f2be0e4dea552b4eb3f150e36d19c9dcd395222b0a6f541d16cc387bb4db9a4208e1b715760d7fe0536c6c41935edb3929495cc39a9d15f0001e1803acde5aeba4063858873be556fa622973ea0374680b114359ba7c39c5ef4e0e60a033e6fa8f30cee512ba274f6128b7a9287bba2d43288e6d3b2d7a3f3b96428e488f79a2ab0a976e64ad1a6d578d0ba86e33e24460d4e8f6dec87b504690362bfbbd0fb080579f68119c8cf6ab6d8618f22a923def19fad117cd5d023041b2f90fa74ae99a41fc10209c560732694d068d77f6e7cd1e227db721acc2fbbe442d7e94c19a4be94f06850b5a6dcf33ae0354ab0924038924d6b8d305369bc215aa57ba08eaf9b0c1136cce99bd75c2bd5a761bd6d5b191b9968ddffa0e5809d5f83ce2697e52357137f4d700313b67e0e35e77e2f751103a06f4875ad1c321ff666a5de4a0a77302c2ea1e2bc03f24d770cd9bfa98d5447a20057842a960930fe313903a605c89f39bdc0f7ff9164aa5439baad1aaff2b48e86ba155da5539bdefc15842ecc971811a7c3ef549804504c2b0438a7c0caaed2cc8d2dcf37540f65db5b3658b384b5b7a4b9b9b8e938e8e7664e89e89db116fd07c64623368133c09b2a0c72cfb9507cd6cc56539c70209da9f0c811fe2378098451cfc36fd31776678ba6ed25de59a4f44670ee8320f8d289ba996df199a71019b09cb49aa77793ef36bcc69301a1ae1b40eb84cd592e433a49264b50f165fb08d036dba7ceb4b43c65f0859e4bd4c1cab18a31bb8fa8c362ec094b546631ffd9c246a5747c415c4c2f3dc94482c2ffdca0b024940bd6098e38d65a71ea1369b2c5c62ddce6c0cfa3258e3ed56e382547530c6f6aac1866d0cdd7d0df57ea50dfb301c86c54ec65a1f35fcda8ca630cef5eb91a946b17b414e9c916", 0x3}, 0x38)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x5, 0x9fd, 0x85, 0x41}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000180)="ff5fb99772024dca4128654351fb3280df659b977f16d875fcc707b3cbb7b7a9c1d65d36636748dffc9414d25c561e46fe57c40e41404929394b03cdee6a1b0981334afa94d03d91841c75a69c2069ba4bbee2bf537a1fc5b34c0c5058d862122dfc2a9ff725e2ba1305f315c430b38263d97c468e728c74bd7c0393eabf3c701ea78bb2adbfeebfdc3238b3bdf23f08d1d078630395ee6811926f59cdd2bc0faf342c5a38e897044708cd8414532cb84459282b4f35aa", 0x800, r2}, 0x38)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008104e00f80ecdb4cb9f207c804a00d000000880802fb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0400000004000000040000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000033631"], 0x50)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}, 0x10002)
r4 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x80, 0x0}, 0x2004c040)
sendmsg$kcm(r4, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @local, 0x0, 0xfffffffd}, 0x80, 0x0}, 0x20040010)

2.186583994s ago: executing program 0 (id=2272):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x1, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x400008, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000002c0)=ANY=[], 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socket$kcm(0x11, 0x2, 0x0)

2.054616397s ago: executing program 3 (id=2273):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x891e, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)

1.861141299s ago: executing program 0 (id=2274):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7, 0xff, 0xfa, 0x7, 0x0, 0x800ea, 0x9800, 0xb, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0, 0x1}, 0xc001, 0x10040, 0xfd84, 0x4, 0x10001, 0x3, 0xa33, 0x0, 0x8, 0x0, 0x8}, 0x0, 0xb, 0xffffffffffffffff, 0x8)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000480)={0x5, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, @perf_config_ext={0x0, 0xfffffffeffffffff}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x80000000, 0x3fff8000}, 0x110, 0x32, 0x43a1bd77, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200a}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0xff, 0x0, 0x0, 0x5d31, 0x2a040, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xe55}, 0x2000, 0x8, 0x0, 0x1, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x310c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="190000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x5, 0x84)
r1 = socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000800)={r0, 0x20, &(0x7f00000007c0)={&(0x7f00000003c0)=""/29, 0x1d, 0x0, &(0x7f00000006c0)=""/236, 0xec}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000000), 0x4)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@l2tp={0x2, 0x0, @private=0xa010100}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000003280)=ANY=[@ANYBLOB="20000000000000008400000008000000941f6721e757691d020000faffffff001800000000"], 0x38}, 0x41)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305828, &(0x7f0000000040))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32, @ANYRES32, @ANYBLOB="0500000005002538c3770000011bbe00"/32], 0x50)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)=0x20000)

1.750923537s ago: executing program 3 (id=2275):
socket$kcm(0xa, 0x3, 0x87)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}, 0xa023)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0}, 0x20, 0x10000, 0x9e6, 0x7, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$kcm(0x2, 0x200000000000001, 0x106)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100904, 0x0, 0x0, 0x7, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x410, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x21, 0x2, 0x2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0xdf, 0x0, 0x80, 0x0, 0x0, 0x5d, 0xe30e, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x8000, 0x3, 0x4000, 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0xfffffffe, 0x0, 0x1}, 0x0, 0x3, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1100000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x73)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000b6c8cff00f90429fc60010f5ddf", 0x14}], 0x1}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000001340)=@hci={0x1f, 0x8e88, 0x47}, 0x80, 0x0}, 0x0)

1.580955886s ago: executing program 1 (id=2276):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x8}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socket$kcm(0x2a, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26309, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4, @perf_config_ext={0x6, 0xffffffffffffffff}, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000"], 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfdef)
syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000001b40), 0x80, 0xffffffffffffffff, 0x0, 0x7}, 0x38)
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000200), 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext, 0x408, 0x1, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, @fallback=0x22}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1d, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x37}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan1\x00', 0x800})
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8946, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))

1.274574457s ago: executing program 0 (id=2277):
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x7, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x80114, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, @perf_config_ext={0xffffffffffdfffff, 0x5d}, 0x2, 0xca, 0x0, 0x0, 0x3, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x6c6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x5, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
close(r1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d80)={0xffffffffffffffff, 0xe0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1a, 0xd, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0)=0xffffffffffffffff, 0x12)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
gettid()
r5 = syz_clone(0x20021000, &(0x7f0000001180), 0x0, &(0x7f0000001040), 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x7, 0x2, 0x0, 0x0, 0x7fc}, r5, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="c1dfb061cd21d3084d94d35486dd", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$unix(r4, &(0x7f00000004c0)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000200)}], 0x1, &(0x7f0000000440)=ANY=[], 0x60, 0x24048006}, 0x2000014)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0xa8}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507000015300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5f"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x4d}, 0x94)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
r10 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0xff, 0xa, 0x0, 0x0, 0x0, 0x510, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}, 0x0, 0x10000, 0x2, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r11 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r10, 0x40042408, r11)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_subtree(r9, &(0x7f00000002c0)=ANY=[@ANYRES8=r1, @ANYRES8=r12], 0x12)

1.145423809s ago: executing program 3 (id=2278):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x891e, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)

932.627944ms ago: executing program 0 (id=2279):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
sendmsg$inet(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x2000c0d1)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x40, 0x20, 0x1, 0x0, 0xfffc, 0x8a412, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_bp={0x0, 0x4}, 0x10000a, 0x0, 0x3, 0x9, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r4, 0x84, 0x8, 0x0, 0x0)
sendmsg(r1, &(0x7f0000001800)={&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e24, @multicast2}, 0x3, 0x1, 0x3, 0x1}}, 0x80, &(0x7f0000001980)=[{&(0x7f00000001c0)="004ff2e02a4f9eb09b2678b70bbc467dd9343917bd6765866a2dfa3ac13ec80e7b3cfd52fbf56da8d6262e385d267ed5e0948c29c146c6f1c07427cc4e06997be12e3a71acca55c9b884addc0c7c3266880884b9a17d873934f4b57d28790b69d1c0d82947478bab217bb16cad2061b402b35452d4a2ecc581423cba1f3c26a45f5ad63dead62fd456e0ae3012", 0x8d}, {&(0x7f0000000140)="2a2e4ef08b337256e0b40c74abd6905416da0600138dbb8371d51cfbab6082dd986f0fa1f4f75a8adb9df4c3e9160e6f8de3eab06066d169a68e37db", 0x3c}, {&(0x7f00000002c0)="39fc3b7bfae3af5a8d013616b018360baaa46291abbc4be6829a15bc6628f1c55e5a3b55683c46bf592e7c753b5e7146816ca5dd806adb70c670f052e3061f4b59d1cd1969bd0182f44375e9c42b9f3b191eb954d6d19883659d36cbef0c8cc85ec964c2b44bfa456073d9b01e810bffb311fd3644a96b6e4939dadd1f2ecb9568180d73c90870e77b5cc48094835daf421f52acc0ab9489c6ba472aa4fcf037769a79a7dcd877c683d55377a90b3fcd80fb8fe94c8e7eceecfaa13f7794c9fed2213a18ddf79341184b002eb3a421ee76e850928a", 0xd5}, {&(0x7f00000003c0)="03e199bc07f06569ed54ee80d9c1", 0xe}, {&(0x7f0000000400)="534d076891e0c3bd297445b157af7695ace1b6ff852f21c9e20f250acf36c440a2279c3ca29aee04b0943bcaf1043de3681ce311a3a4e02481ad5c2b1c1911f688c1db", 0x43}, {&(0x7f0000000600)}, {&(0x7f0000001600)="730cfcfecbbf7b", 0x7}, {&(0x7f0000001640)="d5a440ca1577c963eaf89c3ad49f73de12a72a17e96b99626d9e402d2d579c2bd938831945535d04f1a706397480c0f7df67b71a272e7a23fe3568cebc3888ee45330f09cc9a695d5baaffaa2d2aa87a7a59c25acf0e03bf353ef3de2a9b37d8adcc534ef9116a8e112183f1f965", 0x6e}, {&(0x7f00000016c0)="f44d74cb09a44614510240172b89c97d239cfce5931b85e87d9cab2c685455132ba4d6f3b46b4facd628ab1c2fdd89f5e6b948689f46e9d709e74e3ae4b66f6f19edd991b6aae1b323b0b30db3b0ab876d81b31e11ce9c0f1e6be45bee14dd3c7ef9d5d295711556c0c618a67d298df2e8da9d45f049e114f709641089ec49cc0a3f06c523d363c9477f2b18e0a1c02cb6ce653f47bda229f5daaebb5496fe6f62", 0xa1}, {&(0x7f0000001780)="5339292ed8d7037b7e45e9416cf885bbad0a32de2fd4e9cf24cbf06d5b31d77b62a892ef569111e1a7dc2e5ba5108f2a36b78ab5d4c884f0465534d402d912c5a235a027a6ac78edc54b1f8289dd39e3a236fa5b0e", 0x55}], 0xa, &(0x7f0000001b80)=ANY=[], 0x118}, 0x1)
r5 = socket$kcm(0x10, 0x3, 0x10)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = perf_event_open(0x0, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x2)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x1f00, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188040f56ecdb4cb9cca7480ef436000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000e80)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x5, 0x9}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001ac0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open$cgroup(&(0x7f0000001a40)={0x1, 0x80, 0x1, 0x7, 0x81, 0x2, 0x0, 0x4b8, 0xa22a, 0x6, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x128e, 0x4, @perf_bp={0x0, 0x3}, 0x40, 0x9, 0x6, 0x6, 0x8, 0x3, 0x1, 0x0, 0x8, 0x0, 0x6}, r7, 0x5, r6, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000104000000000000020000004c0000ebffffff9400000000000000"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000006c0)=ANY=[@ANYRES32=r9, @ANYRES32, @ANYBLOB='\f\x00\x00\x00\b \x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="afb2cf236fb59e2d51a8d64651d90d589ea1b0e2b3a98dc520c89321be4ca7a6aade6a9a5cb71f4e8a42418729ceeec6afba1a4b22b1afa33c2c337548a0ca1b8126216f9828073cfa5e29dad1572dd95defd70138aa964f51887c87cf9b04b20421912fa24be566da0d2e0000278a66f03d0a186b4f00"/129, @ANYRES64=0x0], 0x20)
r10 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.max.depth\x00', 0x2, 0x0)
r11 = socket$kcm(0x2, 0x6, 0x0)
sendmsg$inet(r11, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380)}], 0x1, &(0x7f0000007880)}, 0x0)
write$cgroup_int(r10, &(0x7f0000000240)=0x9, 0x12)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x5, 0x25, 0x0, &(0x7f0000000000)="259a53f271a76d2608004c6588a80a3888ca2f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

854.387928ms ago: executing program 3 (id=2280):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000020000000000000001000080181500", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000450000001801000020756c2500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x46b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket$kcm(0x2, 0x7, 0x106)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
socket$kcm(0x10, 0x2, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@fallback=r2, 0xffffffffffffffff, 0x0, 0x10, 0x0, @void, @value=r2}, 0x20)

214.542985ms ago: executing program 3 (id=2281):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x1, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x400008, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000002c0)=ANY=[], 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socket$kcm(0x11, 0x2, 0x0)

132.900588ms ago: executing program 1 (id=2282):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="c2", 0x1}], 0x1}, 0x80)
unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00')
r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce2200"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000008c0)=ANY=[@ANYRESHEX=r1, @ANYRES16=r1, @ANYRES16=r0], &(0x7f00000002c0)='GPL\x00', 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0xa, 0x2, 0x3a)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000008f000000000000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000054000001b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000c3090000a1000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0xd}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="090000000b000000ff03000001"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r4}, &(0x7f0000000040), &(0x7f0000000080)='%-010d \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000580)='%+9llu \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)='%ps    \x00'}, 0x20)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce22"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

82.502756ms ago: executing program 0 (id=2283):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x891e, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)

0s ago: executing program 3 (id=2284):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x2080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7, 0xff, 0xfa, 0x7, 0x0, 0x800ea, 0x9800, 0xb, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0, 0x1}, 0xc001, 0x10040, 0xfd84, 0x4, 0x10001, 0x3, 0xa33, 0x0, 0x8, 0x0, 0x8}, 0x0, 0xb, 0xffffffffffffffff, 0x8)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000480)={0x5, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, @perf_config_ext={0x0, 0xfffffffeffffffff}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x80000000, 0x3fff8000}, 0x110, 0x32, 0x43a1bd77, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200a}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0xff, 0x0, 0x0, 0x5d31, 0x2a040, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xe55}, 0x2000, 0x8, 0x0, 0x1, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x310c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="190000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x5, 0x84)
r1 = socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000800)={r0, 0x20, &(0x7f00000007c0)={&(0x7f00000003c0)=""/29, 0x1d, 0x0, &(0x7f00000006c0)=""/236, 0xec}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000000), 0x4)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@l2tp={0x2, 0x0, @private=0xa010100}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000003280)=ANY=[@ANYBLOB="20000000000000008400000008000000941f6721e757691d020000faffffff001800000000"], 0x38}, 0x41)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305828, &(0x7f0000000040))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32, @ANYRES32, @ANYBLOB="0500000005002538c3770000011bbe00"/32], 0x50)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)=0x20000)

kernel console output (not intermixed with test programs):

bhb_loop+0x40/0x90
[  199.874941][ T7495]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  199.880876][ T7495] RIP: 0033:0x7f8dce15d04e
[  199.885339][ T7495] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  199.904984][ T7495] RSP: 002b:00007f8dcf098fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  199.913532][ T7495] RAX: ffffffffffffffda RBX: 00007f8dcf0996c0 RCX: 00007f8dce15d04e
[  199.921556][ T7495] RDX: 000000000000000f RSI: 00007f8dcf0990a0 RDI: 0000000000000007
[  199.929559][ T7495] RBP: 00007f8dcf099090 R08: 0000000000000000 R09: 0000000000000000
[  199.937579][ T7495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.945674][ T7495] R13: 00007f8dce416038 R14: 00007f8dce415fa0 R15: 00007fff2cfdb208
[  199.953914][ T7495]  </TASK>
[  200.112149][ T5777] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  200.394565][ T7506] netlink: 'syz.0.551': attribute type 10 has an invalid length.
[  200.426613][ T7506] team0: Device netdevsim0 is up. Set it down before adding it as a team port
[  200.465764][ T7511] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.552'.
[  200.495502][ T7511] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.552'.
[  200.545050][ T7509] netlink: 'syz.3.550': attribute type 5 has an invalid length.
[  200.665281][ T7509] netlink: 'syz.3.550': attribute type 1 has an invalid length.
[  200.755364][ T7509] netlink: 194188 bytes leftover after parsing attributes in process `syz.3.550'.
[  201.447013][ T5777] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  201.941527][ T7544] netlink: 14 bytes leftover after parsing attributes in process `syz.2.561'.
[  201.970635][ T5777] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  202.150307][ T7544] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  202.215410][ T7544] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  202.265274][ T7550] FAULT_INJECTION: forcing a failure.
[  202.265274][ T7550] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.272770][ T7544] bond0 (unregistering): Released all slaves
[  202.303100][ T7550] CPU: 0 PID: 7550 Comm: syz.1.563 Not tainted syzkaller #0
[  202.310462][ T7550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  202.320567][ T7550] Call Trace:
[  202.323896][ T7550]  <TASK>
[  202.326866][ T7550]  dump_stack_lvl+0x18c/0x250
[  202.331599][ T7550]  ? show_regs_print_info+0x20/0x20
[  202.336948][ T7550]  ? load_image+0x420/0x420
[  202.341503][ T7550]  ? __might_fault+0xaa/0x120
[  202.346226][ T7550]  ? __lock_acquire+0x7d40/0x7d40
[  202.351304][ T7550]  should_fail_ex+0x39d/0x4d0
[  202.356056][ T7550]  _copy_from_user+0x2f/0xe0
[  202.360713][ T7550]  get_user_ifreq+0x6b/0x180
[  202.365355][ T7550]  inet_ioctl+0x3ed/0x560
[  202.369735][ T7550]  ? inet_shutdown+0x370/0x370
[  202.374568][ T7550]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  202.380771][ T7550]  ? lockdep_hardirqs_on+0x98/0x150
[  202.386064][ T7550]  ? packet_ioctl+0x287/0x340
[  202.390803][ T7550]  ? packet_ioctl+0x269/0x340
[  202.395587][ T7550]  sock_do_ioctl+0xfc/0x310
[  202.400141][ T7550]  ? sock_show_fdinfo+0xb0/0xb0
[  202.405066][ T7550]  sock_ioctl+0x5ba/0x7e0
[  202.409443][ T7550]  ? sock_poll+0x3e0/0x3e0
[  202.413921][ T7550]  ? bpf_lsm_file_ioctl+0x9/0x10
[  202.418899][ T7550]  ? security_file_ioctl+0x80/0xa0
[  202.424062][ T7550]  ? sock_poll+0x3e0/0x3e0
[  202.428544][ T7550]  __se_sys_ioctl+0xfd/0x170
[  202.433176][ T7550]  do_syscall_64+0x55/0xa0
[  202.437638][ T7550]  ? clear_bhb_loop+0x40/0x90
[  202.442362][ T7550]  ? clear_bhb_loop+0x40/0x90
[  202.447086][ T7550]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  202.453044][ T7550] RIP: 0033:0x7f9ec779c819
[  202.457500][ T7550] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  202.477145][ T7550] RSP: 002b:00007f9ec86d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.485601][ T7550] RAX: ffffffffffffffda RBX: 00007f9ec7a15fa0 RCX: 00007f9ec779c819
[  202.493624][ T7550] RDX: 0000200000000000 RSI: 000000000000891a RDI: 0000000000000007
[  202.501647][ T7550] RBP: 00007f9ec86d1090 R08: 0000000000000000 R09: 0000000000000000
[  202.509749][ T7550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.517770][ T7550] R13: 00007f9ec7a16038 R14: 00007f9ec7a15fa0 R15: 00007ffe02dec298
[  202.525825][ T7550]  </TASK>
[  202.597801][ T7552] netlink: 152 bytes leftover after parsing attributes in process `syz.3.564'.
[  202.637526][ T7552] netlink: 6 bytes leftover after parsing attributes in process `syz.3.564'.
[  203.313831][ T5777] Bluetooth: hci2: unexpected event 0x36 length: 15 > 7
[  203.454023][ T5777] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  203.492074][ T7579] FAULT_INJECTION: forcing a failure.
[  203.492074][ T7579] name failslab, interval 1, probability 0, space 0, times 0
[  203.520934][ T7579] CPU: 1 PID: 7579 Comm: syz.1.573 Not tainted syzkaller #0
[  203.528275][ T7579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  203.538370][ T7579] Call Trace:
[  203.541685][ T7579]  <TASK>
[  203.544654][ T7579]  dump_stack_lvl+0x18c/0x250
[  203.549370][ T7579]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  203.555553][ T7579]  ? show_regs_print_info+0x20/0x20
[  203.560798][ T7579]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  203.566997][ T7579]  ? dump_stack+0x9/0x20
[  203.571278][ T7579]  should_fail_ex+0x39d/0x4d0
[  203.575994][ T7579]  should_failslab+0x9/0x20
[  203.580579][ T7579]  slab_pre_alloc_hook+0x59/0x310
[  203.585647][ T7579]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  203.591392][ T7579]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  203.597147][ T7579]  __kmem_cache_alloc_node+0x53/0x250
[  203.602559][ T7579]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  203.608303][ T7579]  __kmalloc+0xa4/0x230
[  203.612511][ T7579]  tomoyo_realpath_from_path+0xe3/0x5d0
[  203.618084][ T7579]  tomoyo_path_number_perm+0x248/0x620
[  203.623570][ T7579]  ? tomoyo_path_number_perm+0x217/0x620
[  203.629229][ T7579]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  203.634720][ T7579]  ? ksys_write+0x1c4/0x260
[  203.639302][ T7579]  ? __fget_files+0x28/0x4b0
[  203.643924][ T7579]  ? __fget_files+0x28/0x4b0
[  203.648566][ T7579]  security_file_ioctl+0x70/0xa0
[  203.653525][ T7579]  __se_sys_ioctl+0x48/0x170
[  203.658141][ T7579]  do_syscall_64+0x55/0xa0
[  203.662573][ T7579]  ? clear_bhb_loop+0x40/0x90
[  203.667267][ T7579]  ? clear_bhb_loop+0x40/0x90
[  203.671970][ T7579]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  203.677894][ T7579] RIP: 0033:0x7f9ec779c819
[  203.682343][ T7579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  203.702083][ T7579] RSP: 002b:00007f9ec86d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  203.710548][ T7579] RAX: ffffffffffffffda RBX: 00007f9ec7a15fa0 RCX: 00007f9ec779c819
[  203.718550][ T7579] RDX: 0000200000000040 RSI: 0000000000008b04 RDI: 0000000000000006
[  203.726553][ T7579] RBP: 00007f9ec86d1090 R08: 0000000000000000 R09: 0000000000000000
[  203.734549][ T7579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.742551][ T7579] R13: 00007f9ec7a16038 R14: 00007f9ec7a15fa0 R15: 00007ffe02dec298
[  203.750569][ T7579]  </TASK>
[  203.763560][ T7579] ERROR: Out of memory at tomoyo_realpath_from_path.
[  203.966760][ T7586] netlink: 'syz.3.574': attribute type 21 has an invalid length.
[  204.003418][ T7586] netlink: 168 bytes leftover after parsing attributes in process `syz.3.574'.
[  204.087687][ T7591] netlink: 'syz.3.574': attribute type 10 has an invalid length.
[  204.108847][ T7591] netlink: 40 bytes leftover after parsing attributes in process `syz.3.574'.
[  204.876328][ T7588] syzkaller0: entered promiscuous mode
[  204.881875][ T7588] syzkaller0: entered allmulticast mode
[  204.914671][ T7600] netlink: 14 bytes leftover after parsing attributes in process `syz.0.579'.
[  204.988084][   T51] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  205.105501][ T7600] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  205.141790][ T7600] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  205.163826][ T7600] bond0 (unregistering): Released all slaves
[  205.323486][   T51] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  206.845562][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  206.848658][ T5781] Bluetooth: hci3: command 0x0406 tx timeout
[  206.857440][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  206.861944][ T5781] Bluetooth: hci1: command 0x0406 tx timeout
[  206.956996][ T7631] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.592'.
[  206.972812][ T7626] netlink: 'syz.2.589': attribute type 10 has an invalid length.
[  207.050153][ T7626] netlink: 'syz.2.589': attribute type 3 has an invalid length.
[  207.069200][ T7626] netlink: 'syz.2.589': attribute type 1 has an invalid length.
[  207.077365][ T7626] netlink: 193404 bytes leftover after parsing attributes in process `syz.2.589'.
[  207.112035][ T7627] syzkaller0: entered promiscuous mode
[  207.128090][ T7627] syzkaller0: entered allmulticast mode
[  207.149428][ T7631] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.592'.
[  207.163623][ T7634] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.592'.
[  207.323588][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  207.357852][ T7645] netlink: 'syz.2.594': attribute type 5 has an invalid length.
[  207.372873][ T7645] netlink: 'syz.2.594': attribute type 1 has an invalid length.
[  207.380664][ T7645] netlink: 194188 bytes leftover after parsing attributes in process `syz.2.594'.
[  207.410538][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  207.648627][ T5782] Bluetooth: hci0: unexpected subevent 0x1a length: 150 > 6
[  209.119396][ T7661] syzkaller0: entered promiscuous mode
[  209.125263][ T7661] syzkaller0: entered allmulticast mode
[  209.141200][ T7660] netlink: 'syz.1.600': attribute type 10 has an invalid length.
[  209.183477][ T7660] netlink: 55 bytes leftover after parsing attributes in process `syz.1.600'.
[  209.204912][ T7664] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.601'.
[  209.216449][ T7664] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.601'.
[  209.228566][ T7664] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.601'.
[  209.695290][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  210.874573][ T7664] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.601'.
[  210.962422][ T7673] netlink: 'syz.2.604': attribute type 21 has an invalid length.
[  210.996247][ T7673] netlink: 'syz.2.604': attribute type 10 has an invalid length.
[  211.181346][ T5782] Bluetooth: hci2: unexpected subevent 0x1a length: 150 > 6
[  211.242195][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  211.261274][ T7684] netlink: 'syz.1.608': attribute type 5 has an invalid length.
[  211.278062][ T7684] netlink: 'syz.1.608': attribute type 1 has an invalid length.
[  212.416891][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  212.772898][ T7705] syzkaller0: entered promiscuous mode
[  212.786517][ T7705] syzkaller0: entered allmulticast mode
[  212.807032][ T7714] netlink: 'syz.1.617': attribute type 21 has an invalid length.
[  212.832952][ T7714] __nla_validate_parse: 7 callbacks suppressed
[  212.832999][ T7714] netlink: 168 bytes leftover after parsing attributes in process `syz.1.617'.
[  214.128184][ T7717] netlink: 'syz.0.618': attribute type 33 has an invalid length.
[  214.136373][ T7717] netlink: 152 bytes leftover after parsing attributes in process `syz.0.618'.
[  214.147075][ T7717] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  214.164182][ T7714] netlink: 'syz.1.617': attribute type 10 has an invalid length.
[  214.183672][ T7714] netlink: 40 bytes leftover after parsing attributes in process `syz.1.617'.
[  214.372510][ T7727] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.621'.
[  214.381975][ T7727] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.621'.
[  214.391894][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  214.394452][ T7727] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.621'.
[  214.411204][ T7727] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.621'.
[  214.647484][ T5782] Bluetooth: hci1: unexpected subevent 0x1a length: 150 > 6
[  214.722472][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  214.750773][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  216.427844][ T7758] syzkaller0: entered promiscuous mode
[  216.456987][ T7758] syzkaller0: entered allmulticast mode
[  216.663437][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  217.481679][ T7774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  217.857246][ T7769] netlink: 'syz.0.633': attribute type 10 has an invalid length.
[  217.865285][ T7769] netlink: 55 bytes leftover after parsing attributes in process `syz.0.633'.
[  217.883063][ T7775] netlink: 'syz.2.635': attribute type 10 has an invalid length.
[  218.148614][ T7786] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.639'.
[  218.161598][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  218.596125][ T7780] syzkaller0: entered promiscuous mode
[  218.609622][ T7780] syzkaller0: entered allmulticast mode
[  218.632246][ T7786] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.639'.
[  219.440273][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  220.467361][ T7787] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.639'.
[  220.484289][ T7806] netlink: 'syz.0.645': attribute type 10 has an invalid length.
[  220.492038][ T7806] netlink: 55 bytes leftover after parsing attributes in process `syz.0.645'.
[  220.736175][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  220.869133][ T7816] netlink: 'syz.3.649': attribute type 10 has an invalid length.
[  220.917936][ T7815] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  221.227838][ T7826] netlink: 152 bytes leftover after parsing attributes in process `syz.1.653'.
[  221.367767][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  221.386446][ T7834] netlink: 'syz.0.656': attribute type 10 has an invalid length.
[  221.425617][ T7834] netlink: 55 bytes leftover after parsing attributes in process `syz.0.656'.
[  221.840660][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  221.962219][ T7839] syzkaller0: entered promiscuous mode
[  221.976686][ T7839] syzkaller0: entered allmulticast mode
[  223.050992][ T7857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  223.584439][ T7858] netlink: 'syz.2.665': attribute type 10 has an invalid length.
[  223.795059][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  223.806217][ T7871] netlink: 'syz.1.668': attribute type 10 has an invalid length.
[  223.832952][ T7871] netlink: 55 bytes leftover after parsing attributes in process `syz.1.668'.
[  224.077146][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  224.485316][ T7893] syzkaller0: entered promiscuous mode
[  224.504395][ T7893] syzkaller0: entered allmulticast mode
[  224.511727][ T7895] netlink: 'syz.2.678': attribute type 10 has an invalid length.
[  224.522535][ T7894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.803439][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  226.568471][ T7901] netlink: 'syz.3.680': attribute type 10 has an invalid length.
[  226.576771][ T7901] netlink: 55 bytes leftover after parsing attributes in process `syz.3.680'.
[  226.818003][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  226.856900][ T5782] Bluetooth: hci1: unexpected subevent 0x19 length: 150 > 28
[  226.871647][ T5782] Bluetooth: hci1: Unable to find connection with handle 0x0000
[  227.080785][ T7924] netlink: 'syz.3.687': attribute type 10 has an invalid length.
[  227.101836][ T7922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  227.329044][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  227.467485][ T7935] netlink: 'syz.0.691': attribute type 10 has an invalid length.
[  227.526116][ T7935] netlink: 55 bytes leftover after parsing attributes in process `syz.0.691'.
[  228.408085][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  228.447777][ T7957] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.696'.
[  228.745325][ T7961] netlink: 'syz.3.698': attribute type 10 has an invalid length.
[  228.773658][ T7960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  228.825224][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  228.942655][ T7968] netlink: 'syz.2.701': attribute type 10 has an invalid length.
[  228.970354][ T7968] netlink: 55 bytes leftover after parsing attributes in process `syz.2.701'.
[  229.071926][ T7974] netlink: 'syz.3.704': attribute type 10 has an invalid length.
[  229.093882][ T5782] Bluetooth: hci0: unexpected subevent 0x1a length: 150 > 6
[  229.115083][ T7974] netlink: 'syz.3.704': attribute type 3 has an invalid length.
[  229.123769][ T7974] netlink: 'syz.3.704': attribute type 1 has an invalid length.
[  229.131684][ T7974] netlink: 193404 bytes leftover after parsing attributes in process `syz.3.704'.
[  229.364756][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  230.486293][ T8000] FAULT_INJECTION: forcing a failure.
[  230.486293][ T8000] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.553046][ T8000] CPU: 1 PID: 8000 Comm: syz.3.711 Not tainted syzkaller #0
[  230.560424][ T8000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  230.570619][ T8000] Call Trace:
[  230.573949][ T8000]  <TASK>
[  230.576937][ T8000]  dump_stack_lvl+0x18c/0x250
[  230.581690][ T8000]  ? show_regs_print_info+0x20/0x20
[  230.586966][ T8000]  ? load_image+0x420/0x420
[  230.591582][ T8000]  ? __might_fault+0xaa/0x120
[  230.596340][ T8000]  ? __lock_acquire+0x7d40/0x7d40
[  230.601434][ T8000]  should_fail_ex+0x39d/0x4d0
[  230.606209][ T8000]  _copy_from_iter+0x1d9/0x12e0
[  230.611176][ T8000]  ? __might_fault+0xaa/0x120
[  230.616013][ T8000]  ? _copy_from_iter+0x24e/0x12e0
[  230.621130][ T8000]  ? __virt_addr_valid+0x18c/0x540
[  230.626313][ T8000]  ? __lock_acquire+0x7d40/0x7d40
[  230.631400][ T8000]  ? copyout_mc+0x70/0x70
[  230.635798][ T8000]  ? copyout_mc+0x70/0x70
[  230.640167][ T8000]  ? __virt_addr_valid+0x18c/0x540
[  230.645325][ T8000]  ? page_copy_sane+0x16a/0x270
[  230.650215][ T8000]  copy_page_from_iter+0x7b/0x100
[  230.655282][ T8000]  skb_copy_datagram_from_iter+0x2e4/0x6e0
[  230.661142][ T8000]  unix_stream_sendmsg+0x562/0xbf0
[  230.666309][ T8000]  ? unix_show_fdinfo+0x270/0x270
[  230.671377][ T8000]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  230.677836][ T8000]  ? aa_sock_msg_perm+0x94/0x150
[  230.682906][ T8000]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  230.688229][ T8000]  ? security_socket_sendmsg+0x80/0xa0
[  230.693720][ T8000]  ? unix_show_fdinfo+0x270/0x270
[  230.698771][ T8000]  ____sys_sendmsg+0x5ba/0x960
[  230.703582][ T8000]  ? __asan_memset+0x22/0x40
[  230.708206][ T8000]  ? __sys_sendmsg_sock+0x30/0x30
[  230.713257][ T8000]  ? __import_iovec+0x5f2/0x850
[  230.718151][ T8000]  ? import_iovec+0x73/0xa0
[  230.722689][ T8000]  ___sys_sendmsg+0x2a6/0x360
[  230.727404][ T8000]  ? __sys_sendmsg+0x2a0/0x2a0
[  230.732222][ T8000]  ? trace_call_bpf+0xc3/0x6c0
[  230.737051][ T8000]  __se_sys_sendmsg+0x1c2/0x2b0
[  230.741933][ T8000]  ? __x64_sys_sendmsg+0x80/0x80
[  230.746914][ T8000]  ? lockdep_hardirqs_on+0x98/0x150
[  230.752155][ T8000]  do_syscall_64+0x55/0xa0
[  230.756589][ T8000]  ? clear_bhb_loop+0x40/0x90
[  230.761292][ T8000]  ? clear_bhb_loop+0x40/0x90
[  230.766019][ T8000]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  230.771972][ T8000] RIP: 0033:0x7f585099c819
[  230.776412][ T8000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  230.796062][ T8000] RSP: 002b:00007f584ebf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  230.804520][ T8000] RAX: ffffffffffffffda RBX: 00007f5850c16090 RCX: 00007f585099c819
[  230.812518][ T8000] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000005
[  230.820530][ T8000] RBP: 00007f584ebf6090 R08: 0000000000000000 R09: 0000000000000000
[  230.828546][ T8000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  230.836557][ T8000] R13: 00007f5850c16128 R14: 00007f5850c16090 R15: 00007ffd60ae15e8
[  230.844580][ T8000]  </TASK>
[  230.983482][ T8001] netlink: 14 bytes leftover after parsing attributes in process `syz.1.710'.
[  231.110965][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  231.152449][ T8009] netlink: 'syz.2.713': attribute type 10 has an invalid length.
[  231.197466][ T8008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  231.203939][ T8011] netlink: 'syz.3.714': attribute type 10 has an invalid length.
[  231.217315][ T8011] netlink: 55 bytes leftover after parsing attributes in process `syz.3.714'.
[  231.534718][ T8019] netlink: 'syz.2.716': attribute type 10 has an invalid length.
[  231.597859][ T8019] netlink: 'syz.2.716': attribute type 3 has an invalid length.
[  231.615079][ T5782] Bluetooth: hci3: unexpected subevent 0x1a length: 150 > 6
[  231.625548][ T8019] netlink: 'syz.2.716': attribute type 1 has an invalid length.
[  231.653603][ T8019] netlink: 193404 bytes leftover after parsing attributes in process `syz.2.716'.
[  231.675720][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  232.337404][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  232.577511][ T8044] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  232.744291][ T8047] netlink: 55 bytes leftover after parsing attributes in process `syz.3.726'.
[  233.150267][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  233.210757][ T8055] netlink: 193404 bytes leftover after parsing attributes in process `syz.3.729'.
[  233.691431][ T5782] Bluetooth: hci1: unexpected subevent 0x1a length: 150 > 6
[  233.821809][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  233.826865][ T8074] validate_nla: 5 callbacks suppressed
[  233.826889][ T8074] netlink: 'syz.1.735': attribute type 10 has an invalid length.
[  233.848836][ T8071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  234.001073][ T8078] netlink: 'syz.0.737': attribute type 10 has an invalid length.
[  234.037838][ T8078] netlink: 55 bytes leftover after parsing attributes in process `syz.0.737'.
[  234.278728][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  234.607653][ T8096] netlink: 'syz.3.742': attribute type 10 has an invalid length.
[  234.681457][ T8096] netlink: 'syz.3.742': attribute type 3 has an invalid length.
[  234.709113][ T8096] netlink: 'syz.3.742': attribute type 1 has an invalid length.
[  234.747864][ T8096] netlink: 193404 bytes leftover after parsing attributes in process `syz.3.742'.
[  235.339288][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  235.558047][ T8114] netlink: 14 bytes leftover after parsing attributes in process `syz.0.747'.
[  235.688111][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  235.697801][ T5782] Bluetooth: hci1: unexpected subevent 0x1a length: 150 > 6
[  236.028140][ T8130] netlink: 'syz.1.754': attribute type 10 has an invalid length.
[  236.091598][ T8132] netlink: 'syz.3.755': attribute type 10 has an invalid length.
[  236.100052][ T8132] netlink: 40 bytes leftover after parsing attributes in process `syz.3.755'.
[  236.310611][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  236.874132][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  237.239254][ T8161] netlink: 'syz.1.765': attribute type 10 has an invalid length.
[  237.532842][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  237.683307][ T5782] Bluetooth: hci0: unexpected subevent 0x1a length: 150 > 6
[  237.794705][ T8176] netlink: 14 bytes leftover after parsing attributes in process `syz.2.770'.
[  237.810827][ T8179] netlink: 'syz.1.778': attribute type 10 has an invalid length.
[  238.081794][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  239.108095][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  239.236845][ T8209] netlink: 'syz.1.781': attribute type 10 has an invalid length.
[  239.361561][ T5782] Bluetooth: hci0: unexpected event 0x35 length: 15 > 6
[  239.794227][ T5782] Bluetooth: hci0: unexpected subevent 0x1a length: 150 > 6
[  239.849406][ T8228] netlink: 148332 bytes leftover after parsing attributes in process `syz.1.786'.
[  239.859572][ T8228] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[  240.917593][ T5782] Bluetooth: hci3: unexpected event 0x35 length: 15 > 6
[  241.170354][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  241.178922][ T8253] netlink: 'syz.1.794': attribute type 10 has an invalid length.
[  241.445896][ T8257] syzkaller0: entered promiscuous mode
[  241.451459][ T8257] syzkaller0: entered allmulticast mode
[  243.590245][ T5782] Bluetooth: hci3: unexpected subevent 0x1a length: 150 > 6
[  243.617909][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  243.737352][ T5782] Bluetooth: hci1: unexpected event 0x35 length: 15 > 6
[  243.956469][ T8294] FAULT_INJECTION: forcing a failure.
[  243.956469][ T8294] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.028811][ T8294] CPU: 0 PID: 8294 Comm: syz.3.808 Not tainted syzkaller #0
[  244.036192][ T8294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  244.046305][ T8294] Call Trace:
[  244.049625][ T8294]  <TASK>
[  244.052602][ T8294]  dump_stack_lvl+0x18c/0x250
[  244.057381][ T8294]  ? show_regs_print_info+0x20/0x20
[  244.062728][ T8294]  ? load_image+0x420/0x420
[  244.067277][ T8294]  ? __lock_acquire+0x7d40/0x7d40
[  244.072354][ T8294]  should_fail_ex+0x39d/0x4d0
[  244.077085][ T8294]  _copy_from_user+0x2f/0xe0
[  244.081727][ T8294]  __copy_msghdr+0x3bb/0x580
[  244.086378][ T8294]  ___sys_sendmsg+0x214/0x360
[  244.091100][ T8294]  ? __sys_sendmsg+0x2a0/0x2a0
[  244.095939][ T8294]  ? __lock_acquire+0x7d40/0x7d40
[  244.101028][ T8294]  __se_sys_sendmsg+0x1c2/0x2b0
[  244.105914][ T8294]  ? __x64_sys_sendmsg+0x80/0x80
[  244.110893][ T8294]  ? lockdep_hardirqs_on+0x98/0x150
[  244.116145][ T8294]  do_syscall_64+0x55/0xa0
[  244.120590][ T8294]  ? clear_bhb_loop+0x40/0x90
[  244.125318][ T8294]  ? clear_bhb_loop+0x40/0x90
[  244.130030][ T8294]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  244.135957][ T8294] RIP: 0033:0x7f585099c819
[  244.140408][ T8294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  244.160041][ T8294] RSP: 002b:00007f5851779028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.168584][ T8294] RAX: ffffffffffffffda RBX: 00007f5850c15fa0 RCX: 00007f585099c819
[  244.176583][ T8294] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  244.184578][ T8294] RBP: 00007f5851779090 R08: 0000000000000000 R09: 0000000000000000
[  244.192575][ T8294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.200576][ T8294] R13: 00007f5850c16038 R14: 00007f5850c15fa0 R15: 00007ffd60ae15e8
[  244.208594][ T8294]  </TASK>
[  244.999302][ T8310] syzkaller0: entered promiscuous mode
[  245.010916][ T8310] syzkaller0: entered allmulticast mode
[  245.040826][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  246.734784][ T8325] netlink: 'syz.0.818': attribute type 21 has an invalid length.
[  246.750305][ T8325] netlink: 164 bytes leftover after parsing attributes in process `syz.0.818'.
[  246.759601][ T8331] C: renamed from team_slave_0 (while UP)
[  246.784965][ T8331] netlink: 'syz.3.819': attribute type 4 has an invalid length.
[  246.793102][ T8331] netlink: 116 bytes leftover after parsing attributes in process `syz.3.819'.
[  246.804015][ T8331] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  246.948776][ T8337] netlink: 'syz.2.821': attribute type 10 has an invalid length.
[  246.969193][ T8336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  247.064060][ T8343] syzkaller0: entered promiscuous mode
[  247.069610][ T8343] syzkaller0: entered allmulticast mode
[  247.078653][ T8339] netlink: 14 bytes leftover after parsing attributes in process `syz.0.820'.
[  247.709951][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  248.824473][ T8366] netlink: 'syz.2.828': attribute type 3 has an invalid length.
[  248.874042][ T8366] netlink: 201336 bytes leftover after parsing attributes in process `syz.2.828'.
[  249.034239][ T8373] netlink: 60 bytes leftover after parsing attributes in process `syz.0.834'.
[  249.060804][ T8373] netlink: 60 bytes leftover after parsing attributes in process `syz.0.834'.
[  249.081244][ T8373] netlink: 60 bytes leftover after parsing attributes in process `syz.0.834'.
[  249.312846][ T5782] Bluetooth: hci2: unexpected event 0x35 length: 15 > 6
[  249.540551][ T8390] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.839'.
[  249.615746][ T8392] netlink: 14 bytes leftover after parsing attributes in process `syz.0.838'.
[  249.679328][ T8393] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  249.878703][ T8399] netlink: 60 bytes leftover after parsing attributes in process `syz.3.841'.
[  249.889396][ T8399] FAULT_INJECTION: forcing a failure.
[  249.889396][ T8399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.903063][ T8399] CPU: 1 PID: 8399 Comm: syz.3.841 Not tainted syzkaller #0
[  249.910410][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  249.920483][ T8399] Call Trace:
[  249.923819][ T8399]  <TASK>
[  249.926773][ T8399]  dump_stack_lvl+0x18c/0x250
[  249.931488][ T8399]  ? show_regs_print_info+0x20/0x20
[  249.936724][ T8399]  ? load_image+0x420/0x420
[  249.941255][ T8399]  should_fail_ex+0x39d/0x4d0
[  249.946079][ T8399]  copyout+0x1a/0x90
[  249.950015][ T8399]  _copy_to_iter+0x432/0x1120
[  249.954740][ T8399]  ? iov_iter_init+0x1e0/0x1e0
[  249.959550][ T8399]  ? __virt_addr_valid+0x18c/0x540
[  249.964688][ T8399]  ? __virt_addr_valid+0x469/0x540
[  249.969824][ T8399]  ? __phys_addr_symbol+0x2f/0x70
[  249.974888][ T8399]  __skb_datagram_iter+0xdb/0x780
[  249.979963][ T8399]  ? skb_copy_datagram_iter+0x200/0x200
[  249.985589][ T8399]  skb_copy_datagram_iter+0xb1/0x200
[  249.990907][ T8399]  netlink_recvmsg+0x2d4/0xe60
[  249.995708][ T8399]  ? netlink_sendmsg+0xbf0/0xbf0
[  250.000685][ T8399]  ? aa_af_perm+0x330/0x330
[  250.005222][ T8399]  ? __lock_acquire+0x1273/0x7d40
[  250.010272][ T8399]  ? verify_lock_unused+0x140/0x140
[  250.015495][ T8399]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  250.020809][ T8399]  ? security_socket_recvmsg+0x89/0xb0
[  250.026296][ T8399]  ? netlink_sendmsg+0xbf0/0xbf0
[  250.031275][ T8399]  ____sys_recvmsg+0x2ce/0x5e0
[  250.036097][ T8399]  ? __sys_recvmsg_sock+0x50/0x50
[  250.041150][ T8399]  ? import_iovec+0x73/0xa0
[  250.045685][ T8399]  ___sys_recvmsg+0x216/0x590
[  250.050392][ T8399]  ? __sys_recvmsg+0x2a0/0x2a0
[  250.055198][ T8399]  ? ksys_write+0x1c4/0x260
[  250.059748][ T8399]  ? __fget_files+0x43d/0x4b0
[  250.064454][ T8399]  __x64_sys_recvmsg+0x20c/0x2e0
[  250.069407][ T8399]  ? ___sys_recvmsg+0x590/0x590
[  250.074285][ T8399]  ? lockdep_hardirqs_on+0x98/0x150
[  250.079508][ T8399]  do_syscall_64+0x55/0xa0
[  250.083966][ T8399]  ? clear_bhb_loop+0x40/0x90
[  250.088680][ T8399]  ? clear_bhb_loop+0x40/0x90
[  250.093501][ T8399]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  250.099417][ T8399] RIP: 0033:0x7f585099c819
[  250.103868][ T8399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  250.123517][ T8399] RSP: 002b:00007f5851779028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  250.131965][ T8399] RAX: ffffffffffffffda RBX: 00007f5850c15fa0 RCX: 00007f585099c819
[  250.139968][ T8399] RDX: 0000000000000020 RSI: 0000200000000040 RDI: 0000000000000003
[  250.147959][ T8399] RBP: 00007f5851779090 R08: 0000000000000000 R09: 0000000000000000
[  250.155949][ T8399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.163944][ T8399] R13: 00007f5850c16038 R14: 00007f5850c15fa0 R15: 00007ffd60ae15e8
[  250.171963][ T8399]  </TASK>
[  250.566952][ T5782] Bluetooth: hci0: unexpected event 0x34 length: 15 > 6
[  250.735523][ T8416] syzkaller0: entered promiscuous mode
[  250.752843][ T8416] syzkaller0: entered allmulticast mode
[  252.392192][ T8441] __nla_validate_parse: 3 callbacks suppressed
[  252.392204][ T8441] netlink: 60 bytes leftover after parsing attributes in process `syz.1.854'.
[  252.956676][ T8457] FAULT_INJECTION: forcing a failure.
[  252.956676][ T8457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  252.984266][ T8457] CPU: 1 PID: 8457 Comm: syz.3.859 Not tainted syzkaller #0
[  252.985557][ T5782] Bluetooth: hci1: unexpected event 0x34 length: 15 > 6
[  252.991607][ T8457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  252.991622][ T8457] Call Trace:
[  252.991631][ T8457]  <TASK>
[  253.014954][ T8457]  dump_stack_lvl+0x18c/0x250
[  253.019673][ T8457]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  253.025844][ T8457]  ? show_regs_print_info+0x20/0x20
[  253.031071][ T8457]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  253.037268][ T8457]  should_fail_ex+0x39d/0x4d0
[  253.041999][ T8457]  _copy_from_user+0x2f/0xe0
[  253.046657][ T8457]  ___sys_sendmsg+0x1c7/0x360
[  253.051432][ T8457]  ? perf_trace_run_bpf_submit+0xf4/0x1c0
[  253.057197][ T8457]  ? __sys_sendmsg+0x2a0/0x2a0
[  253.062072][ T8457]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  253.068079][ T8457]  ? lockdep_hardirqs_on+0x98/0x150
[  253.073393][ T8457]  ? kasan_check_range+0x89/0x290
[  253.078519][ T8457]  __se_sys_sendmsg+0x1c2/0x2b0
[  253.083393][ T8457]  ? __x64_sys_sendmsg+0x80/0x80
[  253.088410][ T8457]  ? syscall_enter_from_user_mode+0x2e/0x80
[  253.094372][ T8457]  do_syscall_64+0x55/0xa0
[  253.098844][ T8457]  ? clear_bhb_loop+0x40/0x90
[  253.103563][ T8457]  ? clear_bhb_loop+0x40/0x90
[  253.108271][ T8457]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  253.114204][ T8457] RIP: 0033:0x7f585099c819
[  253.118648][ T8457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  253.138288][ T8457] RSP: 002b:00007f5851779028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  253.146792][ T8457] RAX: ffffffffffffffda RBX: 00007f5850c15fa0 RCX: 00007f585099c819
[  253.154796][ T8457] RDX: 000000000000afe6 RSI: 0000200000000380 RDI: 0000000000000006
[  253.162802][ T8457] RBP: 00007f5851779090 R08: 0000000000000000 R09: 0000000000000000
[  253.170801][ T8457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.178811][ T8457] R13: 00007f5850c16038 R14: 00007f5850c15fa0 R15: 00007ffd60ae15e8
[  253.186821][ T8457]  </TASK>
[  253.732177][ T8475] netlink: 'syz.1.865': attribute type 10 has an invalid length.
[  253.749078][ T8474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  254.012932][ T8477] syzkaller0: entered promiscuous mode
[  254.031004][ T8477] syzkaller0: entered allmulticast mode
[  255.969281][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  255.976086][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  256.245465][ T5782] Bluetooth: hci3: unexpected event 0x34 length: 15 > 6
[  256.559141][ T8517] netlink: 'syz.1.876': attribute type 10 has an invalid length.
[  256.594590][ T8515] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.823891][ T8526] netlink: 'syz.3.879': attribute type 10 has an invalid length.
[  257.341287][ T8541] netlink: 14 bytes leftover after parsing attributes in process `syz.3.882'.
[  257.632548][ T8541] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  257.766750][ T8541] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  257.897762][ T8541] bond0 (unregistering): Released all slaves
[  258.278255][ T8555] netlink: 'syz.3.886': attribute type 10 has an invalid length.
[  258.299545][ T8554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  258.763627][ T8569] netlink: 'syz.2.891': attribute type 10 has an invalid length.
[  259.165029][ T8573] syzkaller0: entered promiscuous mode
[  259.170589][ T8573] syzkaller0: entered allmulticast mode
[  260.729216][ T8590] netlink: 14 bytes leftover after parsing attributes in process `syz.1.894'.
[  260.832328][ T8595] netlink: 'syz.2.896': attribute type 10 has an invalid length.
[  260.841872][ T8592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  261.121254][ T8602] netlink: 60 bytes leftover after parsing attributes in process `syz.2.899'.
[  261.143036][ T8602] netlink: 60 bytes leftover after parsing attributes in process `syz.2.899'.
[  261.163046][ T8602] netlink: 60 bytes leftover after parsing attributes in process `syz.2.899'.
[  261.450325][ T8605] syzkaller0: entered promiscuous mode
[  261.455985][ T8605] syzkaller0: entered allmulticast mode
[  263.612451][ T8614] syzkaller0: entered promiscuous mode
[  263.618002][ T8614] syzkaller0: entered allmulticast mode
[  263.789765][ T8639] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.906'.
[  264.583893][ T8637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  264.995394][ T8640] netlink: 'syz.0.908': attribute type 10 has an invalid length.
[  265.208552][ T8644] netlink: 14 bytes leftover after parsing attributes in process `syz.2.909'.
[  266.026210][ T8670] FAULT_INJECTION: forcing a failure.
[  266.026210][ T8670] name failslab, interval 1, probability 0, space 0, times 0
[  266.040893][ T8670] CPU: 0 PID: 8670 Comm: syz.1.918 Not tainted syzkaller #0
[  266.048238][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  266.058326][ T8670] Call Trace:
[  266.061647][ T8670]  <TASK>
[  266.064613][ T8670]  dump_stack_lvl+0x18c/0x250
[  266.069373][ T8670]  ? show_regs_print_info+0x20/0x20
[  266.074628][ T8670]  ? load_image+0x420/0x420
[  266.079180][ T8670]  ? __might_sleep+0xe0/0xe0
[  266.083821][ T8670]  ? __lock_acquire+0x7d40/0x7d40
[  266.088900][ T8670]  should_fail_ex+0x39d/0x4d0
[  266.093644][ T8670]  should_failslab+0x9/0x20
[  266.098216][ T8670]  slab_pre_alloc_hook+0x59/0x310
[  266.103294][ T8670]  kmem_cache_alloc_node+0x60/0x320
[  266.108523][ T8670]  ? perf_event_alloc+0x15a/0x21b0
[  266.113662][ T8670]  perf_event_alloc+0x15a/0x21b0
[  266.118639][ T8670]  ? _raw_spin_unlock+0x28/0x40
[  266.123514][ T8670]  ? alloc_fd+0x58f/0x630
[  266.127880][ T8670]  ? find_lively_task_by_vpid+0x19/0x290
[  266.133565][ T8670]  ? find_lively_task_by_vpid+0x19/0x290
[  266.139234][ T8670]  __se_sys_perf_event_open+0x740/0x1c50
[  266.144935][ T8670]  ? __x64_sys_perf_event_open+0xc0/0xc0
[  266.150628][ T8670]  ? lock_chain_count+0x20/0x20
[  266.155548][ T8670]  ? lockdep_hardirqs_on+0x98/0x150
[  266.160803][ T8670]  ? __x64_sys_perf_event_open+0x20/0xc0
[  266.166464][ T8670]  do_syscall_64+0x55/0xa0
[  266.170920][ T8670]  ? clear_bhb_loop+0x40/0x90
[  266.175625][ T8670]  ? clear_bhb_loop+0x40/0x90
[  266.180336][ T8670]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  266.186256][ T8670] RIP: 0033:0x7f9ec779c819
[  266.190693][ T8670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  266.210322][ T8670] RSP: 002b:00007f9ec86d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  266.218763][ T8670] RAX: ffffffffffffffda RBX: 00007f9ec7a15fa0 RCX: 00007f9ec779c819
[  266.226755][ T8670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  266.234743][ T8670] RBP: 00007f9ec86d1090 R08: 0000000000000000 R09: 0000000000000000
[  266.242732][ T8670] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  266.250726][ T8670] R13: 00007f9ec7a16038 R14: 00007f9ec7a15fa0 R15: 00007ffe02dec298
[  266.258754][ T8670]  </TASK>
[  266.533005][ T8676] netlink: 'syz.1.920': attribute type 10 has an invalid length.
[  266.573607][ T8675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  266.753465][ T8678] syzkaller0: entered promiscuous mode
[  266.769309][ T8678] syzkaller0: entered allmulticast mode
[  266.857228][ T8682] syzkaller0: entered promiscuous mode
[  266.864085][ T8682] syzkaller0: entered allmulticast mode
[  269.508794][ T8687] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.922'.
[  269.518169][ T8693] netlink: 14 bytes leftover after parsing attributes in process `syz.1.923'.
[  269.891453][ T8709] netlink: 'syz.3.928': attribute type 4 has an invalid length.
[  270.162566][ T8716] netlink: 14 bytes leftover after parsing attributes in process `syz.3.930'.
[  270.198656][ T8718] netlink: 'syz.1.931': attribute type 10 has an invalid length.
[  270.208133][ T8717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  270.804367][ T8733] syzkaller0: entered promiscuous mode
[  270.812309][ T8733] syzkaller0: entered allmulticast mode
[  270.828696][ T5782] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[  273.602208][ T8747] netlink: 'syz.1.938': attribute type 10 has an invalid length.
[  273.653055][ T8747] netlink: 55 bytes leftover after parsing attributes in process `syz.1.938'.
[  274.328640][ T8782] netlink: 14 bytes leftover after parsing attributes in process `syz.3.947'.
[  274.428241][ T5782] Bluetooth: hci3: unexpected event 0x0f length: 15 > 4
[  274.729345][ T8788] netlink: 'syz.2.949': attribute type 10 has an invalid length.
[  274.748590][ T8787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  274.829117][ T8789] syzkaller0: entered promiscuous mode
[  274.834819][ T8789] syzkaller0: entered allmulticast mode
[  274.844239][ T5782] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  274.852911][ T5782] Bluetooth: hci1: Injecting HCI hardware error event
[  274.860985][ T5777] Bluetooth: hci1: hardware error 0x00
[  276.434943][ T8797] netlink: 'syz.3.952': attribute type 10 has an invalid length.
[  276.451971][ T8797] netlink: 55 bytes leftover after parsing attributes in process `syz.3.952'.
[  276.470387][ T8800] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.953'.
[  276.490806][ T8800] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.953'.
[  276.501496][ T8800] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.953'.
[  276.521899][ T8800] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.953'.
[  276.653024][ T8804] netlink: 'syz.0.962': attribute type 10 has an invalid length.
[  276.666691][ T8804] netlink: 55 bytes leftover after parsing attributes in process `syz.0.962'.
[  276.938586][ T5777] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  277.091684][ T8815] netlink: 'syz.1.956': attribute type 10 has an invalid length.
[  277.103142][ T8815] netlink: 2 bytes leftover after parsing attributes in process `syz.1.956'.
[  277.112002][ T8815] hsr0: entered promiscuous mode
[  277.117855][ T8815] bridge0: port 3(hsr0) entered blocking state
[  277.125105][ T8815] bridge0: port 3(hsr0) entered disabled state
[  277.131711][ T8815] hsr0: entered allmulticast mode
[  277.137176][ T8815] hsr_slave_0: entered allmulticast mode
[  277.143206][ T8815] hsr_slave_1: entered allmulticast mode
[  277.152315][ T8815] bridge0: port 3(hsr0) entered blocking state
[  277.159255][ T8815] bridge0: port 3(hsr0) entered forwarding state
[  277.917782][ T8830] netlink: 14 bytes leftover after parsing attributes in process `syz.3.961'.
[  278.105795][ T8833] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.963'.
[  278.115355][ T8833] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.963'.
[  278.273977][ T8836] netlink: 'syz.0.964': attribute type 10 has an invalid length.
[  278.430706][ T8842] netlink: 'syz.2.966': attribute type 3 has an invalid length.
[  278.454235][ T5777] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  278.463794][ T5777] Bluetooth: hci3: Injecting HCI hardware error event
[  278.471941][ T5777] Bluetooth: hci3: hardware error 0x00
[  278.479155][ T8842] netlink: 'syz.2.966': attribute type 1 has an invalid length.
[  278.645838][ T8845] syzkaller0: entered promiscuous mode
[  278.651572][ T8845] syzkaller0: entered allmulticast mode
[  280.422838][ T8856] netlink: 'syz.2.970': attribute type 10 has an invalid length.
[  280.432894][ T8856] hsr0: entered promiscuous mode
[  280.438320][ T8856] bridge0: port 3(hsr0) entered blocking state
[  280.446354][ T8856] bridge0: port 3(hsr0) entered disabled state
[  280.463118][ T8856] hsr0: entered allmulticast mode
[  280.482797][ T8856] hsr_slave_0: entered allmulticast mode
[  280.488487][ T8856] hsr_slave_1: entered allmulticast mode
[  280.513787][ T8856] bridge0: port 3(hsr0) entered blocking state
[  280.520178][ T8856] bridge0: port 3(hsr0) entered forwarding state
[  280.609948][ T5777] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  280.789662][ T8871] netlink: 'syz.3.975': attribute type 10 has an invalid length.
[  281.430740][ T8883] FAULT_INJECTION: forcing a failure.
[  281.430740][ T8883] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.465635][ T8883] CPU: 1 PID: 8883 Comm: syz.3.978 Not tainted syzkaller #0
[  281.473013][ T8883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  281.483104][ T8883] Call Trace:
[  281.486413][ T8883]  <TASK>
[  281.489386][ T8883]  dump_stack_lvl+0x18c/0x250
[  281.494131][ T8883]  ? show_regs_print_info+0x20/0x20
[  281.499367][ T8883]  ? load_image+0x420/0x420
[  281.503906][ T8883]  ? __lock_acquire+0x7d40/0x7d40
[  281.509052][ T8883]  should_fail_ex+0x39d/0x4d0
[  281.513771][ T8883]  _copy_from_user+0x2f/0xe0
[  281.518402][ T8883]  __copy_msghdr+0x3bb/0x580
[  281.523034][ T8883]  ___sys_sendmsg+0x214/0x360
[  281.527749][ T8883]  ? get_pid_task+0x20/0x1e0
[  281.532388][ T8883]  ? __sys_sendmsg+0x2a0/0x2a0
[  281.537198][ T8883]  ? __lock_acquire+0x7d40/0x7d40
[  281.542268][ T8883]  __se_sys_sendmsg+0x1c2/0x2b0
[  281.547162][ T8883]  ? __x64_sys_sendmsg+0x80/0x80
[  281.552145][ T8883]  ? lockdep_hardirqs_on+0x98/0x150
[  281.557367][ T8883]  do_syscall_64+0x55/0xa0
[  281.561810][ T8883]  ? clear_bhb_loop+0x40/0x90
[  281.566521][ T8883]  ? clear_bhb_loop+0x40/0x90
[  281.571236][ T8883]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.577163][ T8883] RIP: 0033:0x7f585099c819
[  281.581605][ T8883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  281.601324][ T8883] RSP: 002b:00007f5851779028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.609816][ T8883] RAX: ffffffffffffffda RBX: 00007f5850c15fa0 RCX: 00007f585099c819
[  281.617824][ T8883] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  281.625854][ T8883] RBP: 00007f5851779090 R08: 0000000000000000 R09: 0000000000000000
[  281.633861][ T8883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.641871][ T8883] R13: 00007f5850c16038 R14: 00007f5850c15fa0 R15: 00007ffd60ae15e8
[  281.649913][ T8883]  </TASK>
[  281.826582][ T8891] __nla_validate_parse: 11 callbacks suppressed
[  281.826598][ T8891] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.981'.
[  281.844496][ T8887] syzkaller0: entered promiscuous mode
[  281.850093][ T8887] syzkaller0: entered allmulticast mode
[  281.857154][ T8891] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.981'.
[  283.143367][ T8891] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.981'.
[  283.157366][ T8892] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.981'.
[  283.283442][ T8895] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.990'.
[  283.332872][ T8895] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.990'.
[  283.403490][ T8899] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.990'.
[  283.432236][ T8895] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.990'.
[  283.496286][ T8902] netlink: 'syz.0.984': attribute type 10 has an invalid length.
[  283.505373][ T8902] netlink: 55 bytes leftover after parsing attributes in process `syz.0.984'.
[  283.557243][ T8903] netlink: 'syz.3.982': attribute type 10 has an invalid length.
[  283.630384][ T8903] netlink: 2 bytes leftover after parsing attributes in process `syz.3.982'.
[  283.642478][ T8903] hsr0: entered promiscuous mode
[  283.648476][ T8903] bridge0: port 3(hsr0) entered blocking state
[  283.656594][ T8903] bridge0: port 3(hsr0) entered disabled state
[  283.675002][ T8903] hsr0: entered allmulticast mode
[  283.680154][ T8903] hsr_slave_0: entered allmulticast mode
[  283.707858][ T8903] hsr_slave_1: entered allmulticast mode
[  283.718653][ T8903] bridge0: port 3(hsr0) entered blocking state
[  283.725250][ T8903] bridge0: port 3(hsr0) entered forwarding state
[  284.256892][ T5777] Bluetooth: hci2: unexpected event 0x0f length: 15 > 4
[  284.560363][ T8923] syzkaller0: entered promiscuous mode
[  284.573341][ T8923] syzkaller0: entered allmulticast mode
[  286.308582][ T8941] netlink: 'syz.3.996': attribute type 10 has an invalid length.
[  287.000918][ T5777] Bluetooth: hci2: unexpected subevent 0x1a length: 150 > 6
[  287.194339][ T8962] __nla_validate_parse: 4 callbacks suppressed
[  287.194357][ T8962] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1003'.
[  287.218428][ T8962] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1003'.
[  287.231460][ T8962] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1003'.
[  287.245483][ T8962] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1003'.
[  287.435948][ T8964] syzkaller0: entered promiscuous mode
[  287.447485][ T8964] syzkaller0: entered allmulticast mode
[  288.282875][ T5777] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  288.291584][ T5777] Bluetooth: hci2: Injecting HCI hardware error event
[  288.299993][ T5777] Bluetooth: hci2: hardware error 0x00
[  288.708345][ T8972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  289.405202][ T8973] netlink: 'syz.0.1007': attribute type 10 has an invalid length.
[  289.418661][ T8978] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1006'.
[  289.848452][ T8992] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1012'.
[  289.918165][ T8992] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1012'.
[  289.934369][ T8995] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1012'.
[  289.991357][ T8992] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1012'.
[  290.164277][ T8993] syzkaller0: entered promiscuous mode
[  290.180698][ T8993] syzkaller0: entered allmulticast mode
[  290.372335][ T5777] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  292.712353][ T9024] netlink: 'syz.0.1019': attribute type 10 has an invalid length.
[  292.739649][ T9023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  292.774519][ T9019] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1018'.
[  292.978362][ T9031] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1022'.
[  292.988791][ T9031] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1022'.
[  292.999715][ T9031] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1022'.
[  293.017389][ T9031] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1022'.
[  293.788811][ T9048] syzkaller0: entered promiscuous mode
[  293.807845][ T9048] syzkaller0: entered allmulticast mode
[  294.728427][ T9053] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.835520][ T9054] netlink: 'syz.3.1030': attribute type 10 has an invalid length.
[  295.962012][ T9063] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1032'.
[  295.977797][ T9063] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1032'.
[  295.991136][ T9063] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1032'.
[  296.087651][ T9063] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1032'.
[  297.350263][ T9089] syzkaller0: entered promiscuous mode
[  297.362925][ T9089] syzkaller0: entered allmulticast mode
[  298.607821][ T9099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  298.918240][ T9100] netlink: 'syz.2.1042': attribute type 10 has an invalid length.
[  299.027795][ T9105] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1043'.
[  299.037717][ T9105] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1043'.
[  299.048296][ T9105] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1043'.
[  299.093137][ T9105] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1043'.
[  299.381387][ T9108] syzkaller0: entered promiscuous mode
[  299.387703][ T9108] syzkaller0: entered allmulticast mode
[  301.063613][ T9125] syzkaller0: entered promiscuous mode
[  301.089043][ T9125] syzkaller0: entered allmulticast mode
[  302.996853][ T9148] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1055'.
[  303.016346][ T9148] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1055'.
[  303.028392][ T9148] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1055'.
[  303.043487][ T9148] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1055'.
[  303.084208][ T9150] netlink: 'syz.2.1056': attribute type 10 has an invalid length.
[  303.097692][ T9149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  303.277089][ T9158] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1067'.
[  303.303596][ T9158] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1067'.
[  303.912242][ T9162] syzkaller0: entered promiscuous mode
[  303.920363][ T9162] syzkaller0: entered allmulticast mode
[  304.401892][ T5777] Bluetooth: hci0: unexpected event 0x0f length: 15 > 4
[  305.504803][ T9179] netlink: 'syz.2.1065': attribute type 10 has an invalid length.
[  305.520183][ T9179] __nla_validate_parse: 2 callbacks suppressed
[  305.520193][ T9179] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1065'.
[  305.673155][ T9185] netlink: 'syz.2.1068': attribute type 10 has an invalid length.
[  305.707638][ T9184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  305.807226][ T9191] syzkaller0: entered promiscuous mode
[  305.812956][ T9191] syzkaller0: entered allmulticast mode
[  305.930139][ T9194] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1072'.
[  307.511572][ T9194] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1072'.
[  307.578945][ T9210] netlink: 'syz.2.1076': attribute type 10 has an invalid length.
[  307.593850][ T9210] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1076'.
[  307.771917][ T9214] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1077'.
[  307.842169][ T9212] syzkaller0: entered promiscuous mode
[  307.847870][ T9212] syzkaller0: entered allmulticast mode
[  308.447025][ T5777] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  308.456146][ T5777] Bluetooth: hci0: Injecting HCI hardware error event
[  308.471750][ T5777] Bluetooth: hci0: hardware error 0x00
[  308.779346][ T9220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  309.260257][ T9221] netlink: 'syz.2.1080': attribute type 10 has an invalid length.
[  309.558798][ T9232] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1084'.
[  309.568703][ T9232] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1084'.
[  309.579709][ T9232] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1084'.
[  309.589439][ T9232] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1084'.
[  309.842783][ T9241] netlink: 'syz.1.1086': attribute type 10 has an invalid length.
[  309.852547][ T9241] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1086'.
[  310.009189][ T9245] netlink: 'syz.2.1088': attribute type 10 has an invalid length.
[  310.491523][ T9262] netlink: 'syz.0.1092': attribute type 10 has an invalid length.
[  310.507578][ T9261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.523372][ T5777] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  310.774443][ T9269] __nla_validate_parse: 2 callbacks suppressed
[  310.774459][ T9269] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1094'.
[  310.803179][ T9269] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1094'.
[  310.813871][ T9269] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1094'.
[  310.823647][ T9269] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1094'.
[  310.837447][ T9271] netlink: 'syz.2.1095': attribute type 10 has an invalid length.
[  310.854450][ T9271] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1095'.
[  310.934201][ T9275] netlink: 'syz.0.1097': attribute type 10 has an invalid length.
[  311.249622][ T9281] netlink: 'syz.2.1098': attribute type 10 has an invalid length.
[  311.258296][ T9281] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1098'.
[  311.477964][ T9287] netlink: 'syz.0.1108': attribute type 10 has an invalid length.
[  311.514815][ T9287] netlink: 'syz.0.1108': attribute type 3 has an invalid length.
[  311.532064][ T9287] netlink: 'syz.0.1108': attribute type 1 has an invalid length.
[  311.541080][ T9287] netlink: 193404 bytes leftover after parsing attributes in process `syz.0.1108'.
[  312.165177][ T9304] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  312.178255][ T9307] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1105'.
[  312.188723][ T9307] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1105'.
[  312.200360][ T9307] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1105'.
[  313.722018][ T9339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.841337][ T9363] validate_nla: 8 callbacks suppressed
[  314.841357][ T9363] netlink: 'syz.3.1124': attribute type 10 has an invalid length.
[  315.024574][ T9365] netlink: 'syz.0.1125': attribute type 10 has an invalid length.
[  315.142068][ T9369] netlink: 'syz.1.1126': attribute type 10 has an invalid length.
[  315.229692][ T9369] netlink: 'syz.1.1126': attribute type 3 has an invalid length.
[  315.238168][ T9369] netlink: 'syz.1.1126': attribute type 1 has an invalid length.
[  315.436116][ T9373] netlink: 'syz.2.1129': attribute type 10 has an invalid length.
[  315.445543][ T9372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  315.519800][ T9376] netlink: 'syz.0.1128': attribute type 10 has an invalid length.
[  316.813448][ T9407] __nla_validate_parse: 17 callbacks suppressed
[  316.813467][ T9407] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1137'.
[  316.985811][ T9401] syzkaller0: entered promiscuous mode
[  316.991608][ T9401] syzkaller0: entered allmulticast mode
[  317.001285][ T9405] netlink: 'syz.1.1136': attribute type 10 has an invalid length.
[  317.012857][ T9405] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1136'.
[  317.022085][ T9407] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1137'.
[  317.042084][ T9410] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1137'.
[  317.337104][ T9420] netlink: 'syz.1.1140': attribute type 3 has an invalid length.
[  317.347028][ T9420] netlink: 'syz.1.1140': attribute type 1 has an invalid length.
[  317.356314][ T9420] netlink: 193404 bytes leftover after parsing attributes in process `syz.1.1140'.
[  317.420447][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  317.429189][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  318.697221][ T9413] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1138'.
[  318.843424][ T9422] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.362573][ T9443] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1148'.
[  319.382865][ T9443] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1148'.
[  319.402946][ T9443] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1148'.
[  319.416690][ T9443] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1148'.
[  319.944673][ T9459] validate_nla: 4 callbacks suppressed
[  319.944694][ T9459] netlink: 'syz.3.1152': attribute type 10 has an invalid length.
[  319.967734][ T9460] netlink: 'syz.2.1151': attribute type 10 has an invalid length.
[  320.007074][ T9461] netlink: 'syz.0.1159': attribute type 10 has an invalid length.
[  320.021193][ T9459] netlink: 'syz.3.1152': attribute type 3 has an invalid length.
[  320.040623][ T9459] netlink: 'syz.3.1152': attribute type 1 has an invalid length.
[  320.466036][ T9467] netlink: 'syz.2.1154': attribute type 10 has an invalid length.
[  320.486897][ T9466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  321.067541][ T9488] netlink: 'syz.2.1162': attribute type 10 has an invalid length.
[  321.359875][ T9500] netlink: 'syz.1.1165': attribute type 10 has an invalid length.
[  321.415623][ T9500] netlink: 'syz.1.1165': attribute type 3 has an invalid length.
[  321.455762][ T9500] netlink: 'syz.1.1165': attribute type 1 has an invalid length.
[  321.949783][ T9506] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  322.357392][ T9521] __nla_validate_parse: 10 callbacks suppressed
[  322.357410][ T9521] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1169'.
[  322.373729][ T9521] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1169'.
[  322.385121][ T9521] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1169'.
[  322.407778][ T9521] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1169'.
[  322.533805][ T9525] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1172'.
[  322.652619][ T9524] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1171'.
[  322.855657][ T9532] syzkaller0: entered promiscuous mode
[  322.861431][ T9532] syzkaller0: entered allmulticast mode
[  322.880188][ T9535] team0: Device veth1_macvtap failed to register rx_handler
[  323.069844][ T9540] netlink: 193404 bytes leftover after parsing attributes in process `syz.3.1176'.
[  324.844355][ T9551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  324.860051][ T9556] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1181'.
[  324.880956][ T9556] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1181'.
[  324.902027][ T9556] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1181'.
[  325.164015][ T9560] validate_nla: 7 callbacks suppressed
[  325.164055][ T9560] netlink: 'syz.0.1183': attribute type 10 has an invalid length.
[  325.518896][ T9569] syzkaller0: entered promiscuous mode
[  325.524723][ T9569] syzkaller0: entered allmulticast mode
[  325.748491][ T9573] netlink: 'syz.0.1186': attribute type 3 has an invalid length.
[  325.772990][ T9573] netlink: 'syz.0.1186': attribute type 1 has an invalid length.
[  327.498832][ T9571] netlink: 'syz.0.1186': attribute type 10 has an invalid length.
[  327.565696][ T9587] __nla_validate_parse: 3 callbacks suppressed
[  327.565715][ T9587] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1188'.
[  327.671451][ T9593] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1190'.
[  327.684449][ T9593] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1190'.
[  327.697689][ T9593] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1190'.
[  327.784574][ T9597] netlink: 'syz.2.1192': attribute type 10 has an invalid length.
[  327.793696][ T9596] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  328.041111][ T9606] netlink: 'syz.3.1194': attribute type 10 has an invalid length.
[  328.049989][ T9606] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1194'.
[  328.471018][ T9615] netlink: 'syz.3.1198': attribute type 10 has an invalid length.
[  328.558386][ T9615] netlink: 'syz.3.1198': attribute type 3 has an invalid length.
[  328.586743][ T9615] netlink: 'syz.3.1198': attribute type 1 has an invalid length.
[  328.625754][ T9615] netlink: 193404 bytes leftover after parsing attributes in process `syz.3.1198'.
[  328.750595][ T9617] syzkaller0: entered promiscuous mode
[  328.757673][ T9617] syzkaller0: entered allmulticast mode
[  329.351461][ T9632] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1204'.
[  330.250090][ T9635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  330.593952][ T9632] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1204'.
[  330.606266][ T9636] netlink: 'syz.3.1205': attribute type 10 has an invalid length.
[  330.760863][ T9642] netlink: 'syz.1.1207': attribute type 10 has an invalid length.
[  330.781951][ T9642] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1207'.
[  330.946537][ T9653] netlink: 'syz.0.1210': attribute type 10 has an invalid length.
[  330.986510][ T9653] netlink: 'syz.0.1210': attribute type 3 has an invalid length.
[  330.996892][ T9653] netlink: 'syz.0.1210': attribute type 1 has an invalid length.
[  331.006244][ T9653] netlink: 193404 bytes leftover after parsing attributes in process `syz.0.1210'.
[  331.616666][ T9667] syzkaller0: entered promiscuous mode
[  331.622275][ T9667] syzkaller0: entered allmulticast mode
[  332.533314][ T9671] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  333.366363][ T9672] netlink: 'syz.0.1217': attribute type 10 has an invalid length.
[  333.526384][ T9686] netlink: 'syz.2.1221': attribute type 10 has an invalid length.
[  333.557073][ T9684] netlink: 'syz.3.1220': attribute type 10 has an invalid length.
[  333.575639][ T9684] __nla_validate_parse: 3 callbacks suppressed
[  333.575703][ T9684] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1220'.
[  333.611819][ T9686] netlink: 'syz.2.1221': attribute type 3 has an invalid length.
[  333.636299][ T9686] netlink: 'syz.2.1221': attribute type 1 has an invalid length.
[  333.675652][ T9686] netlink: 193404 bytes leftover after parsing attributes in process `syz.2.1221'.
[  333.876616][ T9694] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1223'.
[  334.212309][ T9703] syzkaller0: entered promiscuous mode
[  334.220918][ T9703] syzkaller0: entered allmulticast mode
[  335.267423][ T9715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  335.862428][ T9706] syzkaller0: entered promiscuous mode
[  335.868406][ T9706] syzkaller0: entered allmulticast mode
[  335.876550][ T9716] netlink: 'syz.3.1231': attribute type 10 has an invalid length.
[  335.899742][ T9723] netlink: 'syz.2.1233': attribute type 4 has an invalid length.
[  336.186857][ T9729] netlink: 'syz.2.1235': attribute type 3 has an invalid length.
[  336.202952][ T9729] netlink: 'syz.2.1235': attribute type 1 has an invalid length.
[  336.211131][ T9729] netlink: 193404 bytes leftover after parsing attributes in process `syz.2.1235'.
[  337.461405][ T9725] netlink: 'syz.1.1234': attribute type 10 has an invalid length.
[  337.469710][ T9725] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1234'.
[  337.479196][ T9728] netlink: 'syz.2.1235': attribute type 10 has an invalid length.
[  338.698642][ T9763] netlink: 'syz.2.1244': attribute type 10 has an invalid length.
[  338.722996][ T9763] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1244'.
[  338.953890][ T9766] netlink: 'syz.1.1245': attribute type 4 has an invalid length.
[  338.962456][ T9766] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1245'.
[  339.121435][ T9772] netlink: 'syz.2.1248': attribute type 4 has an invalid length.
[  339.160925][ T9772] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1248'.
[  339.184167][ T9773] netlink: 'syz.0.1247': attribute type 10 has an invalid length.
[  339.226547][ T9771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  339.556368][ T9774] syzkaller0: entered promiscuous mode
[  339.572788][ T9774] syzkaller0: entered allmulticast mode
[  342.915997][ T9803] netlink: 'syz.1.1256': attribute type 10 has an invalid length.
[  342.926361][ T9803] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1256'.
[  343.189592][ T9811] netlink: 'syz.3.1258': attribute type 10 has an invalid length.
[  343.199679][ T9810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.372791][ T9816] FAULT_INJECTION: forcing a failure.
[  343.372791][ T9816] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.411410][ T9816] CPU: 0 PID: 9816 Comm: syz.2.1260 Not tainted syzkaller #0
[  343.418858][ T9816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  343.428940][ T9816] Call Trace:
[  343.432255][ T9816]  <TASK>
[  343.435240][ T9816]  dump_stack_lvl+0x18c/0x250
[  343.439995][ T9816]  ? show_regs_print_info+0x20/0x20
[  343.445251][ T9816]  ? load_image+0x420/0x420
[  343.449821][ T9816]  ? __lock_acquire+0x7d40/0x7d40
[  343.454901][ T9816]  should_fail_ex+0x39d/0x4d0
[  343.459753][ T9816]  _copy_from_user+0x2f/0xe0
[  343.464383][ T9816]  __copy_msghdr+0x3bb/0x580
[  343.469042][ T9816]  ___sys_sendmsg+0x214/0x360
[  343.473757][ T9816]  ? get_pid_task+0x20/0x1e0
[  343.478398][ T9816]  ? __sys_sendmsg+0x2a0/0x2a0
[  343.483220][ T9816]  ? __lock_acquire+0x7d40/0x7d40
[  343.488309][ T9816]  __se_sys_sendmsg+0x1c2/0x2b0
[  343.493251][ T9816]  ? __x64_sys_sendmsg+0x80/0x80
[  343.498249][ T9816]  ? lockdep_hardirqs_on+0x98/0x150
[  343.503490][ T9816]  do_syscall_64+0x55/0xa0
[  343.507992][ T9816]  ? clear_bhb_loop+0x40/0x90
[  343.512727][ T9816]  ? clear_bhb_loop+0x40/0x90
[  343.517456][ T9816]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  343.523386][ T9816] RIP: 0033:0x7fd7f579c819
[  343.527833][ T9816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  343.547466][ T9816] RSP: 002b:00007fd7f6744028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  343.555910][ T9816] RAX: ffffffffffffffda RBX: 00007fd7f5a15fa0 RCX: 00007fd7f579c819
[  343.563909][ T9816] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  343.571903][ T9816] RBP: 00007fd7f6744090 R08: 0000000000000000 R09: 0000000000000000
[  343.579892][ T9816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.587878][ T9816] R13: 00007fd7f5a16038 R14: 00007fd7f5a15fa0 R15: 00007fffebc3f9d8
[  343.595900][ T9816]  </TASK>
[  344.154221][ T9837] netlink: 'syz.2.1266': attribute type 10 has an invalid length.
[  344.162474][ T9837] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1266'.
[  344.315837][ T9835] syzkaller0: entered promiscuous mode
[  344.321416][ T9835] syzkaller0: entered allmulticast mode
[  347.071469][ T9855] netlink: 'syz.3.1271': attribute type 10 has an invalid length.
[  347.082596][ T9854] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  347.782553][ T9883] netlink: 'syz.2.1276': attribute type 10 has an invalid length.
[  347.792047][ T9883] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1276'.
[  348.099988][ T9880] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1277'.
[  348.940664][ T9894] syzkaller0: entered promiscuous mode
[  348.950239][ T9894] syzkaller0: entered allmulticast mode
[  350.186869][ T9907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  350.882620][ T9908] netlink: 'syz.0.1283': attribute type 10 has an invalid length.
[  351.479673][ T9923] netlink: 'syz.1.1288': attribute type 10 has an invalid length.
[  351.498351][ T9923] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1288'.
[  353.208375][ T9959] syzkaller0: entered promiscuous mode
[  353.223587][ T9959] syzkaller0: entered allmulticast mode
[  355.845582][ T9968] netlink: 'syz.3.1298': attribute type 10 has an invalid length.
[  355.853622][ T9968] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1298'.
[  357.434149][T10026] netlink: 'syz.3.1310': attribute type 10 has an invalid length.
[  357.452810][T10026] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1310'.
[  358.550630][T10031] syzkaller0: entered promiscuous mode
[  358.556973][T10031] syzkaller0: entered allmulticast mode
[  361.399848][T10071] netlink: 'syz.1.1321': attribute type 10 has an invalid length.
[  361.424037][T10071] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1321'.
[  362.829742][T10101] syzkaller0: entered promiscuous mode
[  362.860069][T10101] syzkaller0: entered allmulticast mode
[  365.126566][T10111] netlink: 'syz.2.1331': attribute type 10 has an invalid length.
[  365.134595][T10111] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1331'.
[  367.042392][T10150] syzkaller0: entered promiscuous mode
[  367.052017][T10150] syzkaller0: entered allmulticast mode
[  367.114970][T10156] netlink: 'syz.0.1343': attribute type 10 has an invalid length.
[  367.143668][T10156] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1343'.
[  368.367376][T10177] netlink: 'syz.0.1348': attribute type 153 has an invalid length.
[  368.375492][T10177] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1348'.
[  370.086378][T10194] netlink: 'syz.3.1353': attribute type 10 has an invalid length.
[  370.110766][T10194] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1353'.
[  371.441661][T10226] syzkaller0: entered promiscuous mode
[  371.473117][T10226] syzkaller0: entered allmulticast mode
[  373.702497][T10237] netlink: 'syz.0.1363': attribute type 10 has an invalid length.
[  373.710701][T10237] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1363'.
[  374.457703][T10254] syzkaller0: entered promiscuous mode
[  374.464281][T10254] syzkaller0: entered allmulticast mode
[  374.549169][T10265] syzkaller0: entered promiscuous mode
[  374.554863][T10265] syzkaller0: entered allmulticast mode
[  377.391490][T10277] netlink: 'syz.2.1371': attribute type 10 has an invalid length.
[  377.407432][T10276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  378.112223][T10289] syzkaller0: entered promiscuous mode
[  378.118222][T10289] syzkaller0: entered allmulticast mode
[  378.852155][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  378.858853][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  379.332742][T10309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  379.804729][T10308] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1377'.
[  379.814473][T10310] netlink: 'syz.3.1379': attribute type 10 has an invalid length.
[  380.061760][T10320] syzkaller0: entered promiscuous mode
[  380.067467][T10320] syzkaller0: entered allmulticast mode
[  382.610801][T10349] netlink: 'syz.2.1389': attribute type 10 has an invalid length.
[  382.663564][T10349] bridge0: port 3(hsr0) entered disabled state
[  382.673845][T10349] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.686537][T10349] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.150186][T10358] syzkaller0: entered promiscuous mode
[  383.167717][T10358] syzkaller0: entered allmulticast mode
[  384.099723][T10363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  385.598744][T10364] netlink: 'syz.2.1392': attribute type 10 has an invalid length.
[  385.963496][T10392] syzkaller0: entered promiscuous mode
[  385.982763][T10392] syzkaller0: entered allmulticast mode
[  386.022516][T10395] netlink: 'syz.3.1398': attribute type 10 has an invalid length.
[  386.061547][T10394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.483137][T10412] netlink: 'syz.1.1402': attribute type 10 has an invalid length.
[  388.500612][T10412] bridge0: port 3(hsr0) entered disabled state
[  388.507142][T10412] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.515338][T10412] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.391349][T10454] syzkaller0: entered promiscuous mode
[  390.442848][T10454] syzkaller0: entered allmulticast mode
[  390.452401][T10457] netlink: 'syz.2.1414': attribute type 10 has an invalid length.
[  390.464600][T10456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  393.231003][T10470] netlink: 'syz.0.1416': attribute type 10 has an invalid length.
[  393.240373][T10470] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.247802][T10470] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.574452][T10501] netlink: 'syz.3.1424': attribute type 10 has an invalid length.
[  393.644320][T10498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  394.778445][T10526] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1430'.
[  395.161835][T10532] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1431'.
[  395.636277][T10543] netlink: 'syz.1.1435': attribute type 10 has an invalid length.
[  395.653698][T10542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  397.145250][T10579] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1444'.
[  397.227562][T10583] netlink: 'syz.3.1445': attribute type 10 has an invalid length.
[  397.236579][T10582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  398.246848][T10606] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1450'.
[  399.111217][T10624] netlink: 'syz.3.1455': attribute type 10 has an invalid length.
[  399.122156][T10623] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.658911][T10642] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1459'.
[  401.462578][T10676] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1467'.
[  401.865908][T10686] netlink: 'syz.3.1469': attribute type 10 has an invalid length.
[  401.882423][T10685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  402.732032][T10699] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1473'.
[  403.994400][T10720] netlink: 'syz.2.1479': attribute type 10 has an invalid length.
[  404.025858][T10719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  404.566636][T10731] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1481'.
[  405.562289][T10754] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1486'.
[  405.878296][T10758] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1487'.
[  407.324980][T10776] netlink: 'syz.1.1491': attribute type 10 has an invalid length.
[  407.434459][T10773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  408.680457][T10807] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1499'.
[  408.864607][T10803] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1497'.
[  409.017680][T10811] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1500'.
[  410.476815][T10838] netlink: 'syz.1.1507': attribute type 10 has an invalid length.
[  410.529424][T10837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  410.920786][T10850] delete_channel: no stack
[  411.599947][T10863] syzkaller0: entered promiscuous mode
[  411.632954][T10863] syzkaller0: entered allmulticast mode
[  414.088034][T10891] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  414.418691][T10892] netlink: 'syz.2.1521': attribute type 10 has an invalid length.
[  416.581189][T10940] netlink: 'syz.1.1534': attribute type 5 has an invalid length.
[  416.693397][T10941] netlink: 'syz.0.1533': attribute type 10 has an invalid length.
[  416.724430][T10938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.916966][T10942] syzkaller0: entered promiscuous mode
[  416.933886][T10942] syzkaller0: entered allmulticast mode
[  417.855874][T10966] netlink: 'syz.1.1549': attribute type 10 has an invalid length.
[  417.903988][T10964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  420.271115][T11001] syzkaller0: entered promiscuous mode
[  420.326310][T11001] syzkaller0: entered allmulticast mode
[  421.434374][T11009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  424.250023][T11010] netlink: 'syz.3.1553': attribute type 10 has an invalid length.
[  429.407334][T11076] netlink: 'syz.3.1565': attribute type 10 has an invalid length.
[  429.453564][T11072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  429.660126][T11084] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1569'.
[  430.894764][T11103] syzkaller0: entered promiscuous mode
[  430.900339][T11103] syzkaller0: entered allmulticast mode
[  434.534946][T11118] syzkaller0: entered promiscuous mode
[  434.540528][T11118] syzkaller0: entered allmulticast mode
[  435.606252][T11132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  437.126303][T11133] netlink: 'syz.3.1579': attribute type 10 has an invalid length.
[  437.160518][T11143] netlink: 'syz.1.1580': attribute type 15 has an invalid length.
[  439.093605][T11166] syzkaller0: entered promiscuous mode
[  439.099415][T11166] syzkaller0: entered allmulticast mode
[  440.289032][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  440.295868][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  440.354680][T11201] netlink: 'syz.3.1592': attribute type 27 has an invalid length.
[  440.392872][T11201] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1592'.
[  441.998722][T11209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  443.408068][T11210] netlink: 'syz.0.1593': attribute type 10 has an invalid length.
[  444.319937][T11231] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1598'.
[  445.623503][T11261] netlink: 'syz.3.1606': attribute type 10 has an invalid length.
[  445.643606][T11260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  446.278500][T11279] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1612'.
[  447.211645][T11297] netlink: 'syz.2.1618': attribute type 10 has an invalid length.
[  447.231294][T11296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  448.665831][T11331] netlink: 'syz.3.1629': attribute type 10 has an invalid length.
[  448.693298][T11330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  448.723656][T11326] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1626'.
[  449.645813][T11348] netlink: 'syz.2.1633': attribute type 3 has an invalid length.
[  449.680551][T11348] netlink: 'syz.2.1633': attribute type 1 has an invalid length.
[  449.717522][T11348] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.1633'.
[  450.666521][T11363] netlink: 'syz.3.1639': attribute type 10 has an invalid length.
[  450.691647][T11362] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.543748][T11385] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1643'.
[  452.573275][T11402] netlink: 'syz.1.1649': attribute type 29 has an invalid length.
[  452.637441][T11402] netlink: 'syz.1.1649': attribute type 29 has an invalid length.
[  452.666455][T11400] netlink: 'syz.1.1649': attribute type 29 has an invalid length.
[  452.703974][T11403] netlink: 'syz.1.1649': attribute type 29 has an invalid length.
[  453.338710][T11413] netlink: 'syz.3.1651': attribute type 10 has an invalid length.
[  453.347825][T11412] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  454.218411][T11434] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1658'.
[  455.107721][T11448] FAULT_INJECTION: forcing a failure.
[  455.107721][T11448] name failslab, interval 1, probability 0, space 0, times 0
[  455.182788][T11448] CPU: 0 PID: 11448 Comm: syz.2.1661 Not tainted syzkaller #0
[  455.190342][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  455.200466][T11448] Call Trace:
[  455.203785][T11448]  <TASK>
[  455.206752][T11448]  dump_stack_lvl+0x18c/0x250
[  455.211496][T11448]  ? show_regs_print_info+0x20/0x20
[  455.216758][T11448]  ? load_image+0x420/0x420
[  455.221318][T11448]  ? __might_sleep+0xe0/0xe0
[  455.225967][T11448]  ? __lock_acquire+0x7d40/0x7d40
[  455.231052][T11448]  should_fail_ex+0x39d/0x4d0
[  455.235835][T11448]  should_failslab+0x9/0x20
[  455.240393][T11448]  slab_pre_alloc_hook+0x59/0x310
[  455.245484][T11448]  kmem_cache_alloc+0x5a/0x2d0
[  455.250303][T11448]  ? __anon_vma_prepare+0x68/0x430
[  455.255463][T11448]  __anon_vma_prepare+0x68/0x430
[  455.260444][T11448]  ? _raw_spin_unlock+0x28/0x40
[  455.265341][T11448]  ? __pte_alloc+0x113/0x2a0
[  455.269993][T11448]  handle_mm_fault+0x401d/0x4c00
[  455.275008][T11448]  ? handle_mm_fault+0xe7/0x4c00
[  455.279999][T11448]  ? numa_migrate_prep+0x350/0x350
[  455.285160][T11448]  ? lock_chain_count+0x20/0x20
[  455.290087][T11448]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  455.295426][T11448]  do_user_addr_fault+0x730/0x12c0
[  455.300624][T11448]  exc_page_fault+0x64/0x100
[  455.305275][T11448]  asm_exc_page_fault+0x26/0x30
[  455.310192][T11448] RIP: 0010:__put_user_4+0x11/0x20
[  455.315345][T11448] Code: 01 ca c3 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb
[  455.335008][T11448] RSP: 0018:ffffc90018c5fe80 EFLAGS: 00050202
[  455.341126][T11448] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000200000000280
[  455.349141][T11448] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8e60
[  455.357158][T11448] RBP: 0000000000000004 R08: ffffffff8e8b14ef R09: 1ffffffff1d1629d
[  455.365187][T11448] R10: dffffc0000000000 R11: fffffbfff1d1629e R12: 0000000000000000
[  455.373209][T11448] R13: 0000200000000280 R14: 0000000000000000 R15: 0000000000000004
[  455.381242][T11448]  __sys_socketpair+0xb8/0x550
[  455.386076][T11448]  __x64_sys_socketpair+0x9b/0xb0
[  455.391171][T11448]  do_syscall_64+0x55/0xa0
[  455.395637][T11448]  ? clear_bhb_loop+0x40/0x90
[  455.400365][T11448]  ? clear_bhb_loop+0x40/0x90
[  455.405098][T11448]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  455.411045][T11448] RIP: 0033:0x7fd7f579c819
[  455.415501][T11448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  455.435168][T11448] RSP: 002b:00007fd7f6744028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  455.443635][T11448] RAX: ffffffffffffffda RBX: 00007fd7f5a15fa0 RCX: 00007fd7f579c819
[  455.451652][T11448] RDX: 0000000000000008 RSI: 0000000000000004 RDI: 0000000000000000
[  455.459674][T11448] RBP: 00007fd7f6744090 R08: 0000000000000000 R09: 0000000000000000
[  455.467701][T11448] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  455.475733][T11448] R13: 00007fd7f5a16038 R14: 00007fd7f5a15fa0 R15: 00007fffebc3f9d8
[  455.483782][T11448]  </TASK>
[  455.629248][T11454] netlink: 'syz.1.1664': attribute type 10 has an invalid length.
[  455.663689][T11453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  462.902913][T11549] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1687'.
[  463.707816][T11569] netlink: 'syz.0.1692': attribute type 10 has an invalid length.
[  463.746578][T11568] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  463.877098][T11575] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1694'.
[  465.432237][T11600] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1702'.
[  467.854092][T11637] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1709'.
[  469.619855][T11664] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1717'.
[  472.572945][T11711] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1729'.
[  474.005137][T11729] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1742'.
[  474.981713][T11755] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1748'.
[  477.872294][T11809] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1756'.
[  479.428267][T11842] syzkaller0: entered promiscuous mode
[  479.452636][T11842] syzkaller0: entered allmulticast mode
[  482.244932][T11873] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1771'.
[  483.061544][T11884] syzkaller0: entered promiscuous mode
[  483.124364][T11884] syzkaller0: entered allmulticast mode
[  484.742851][T11903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.762850][T11904] netlink: 'syz.2.1780': attribute type 10 has an invalid length.
[  485.883941][T11913] FAULT_INJECTION: forcing a failure.
[  485.883941][T11913] name failslab, interval 1, probability 0, space 0, times 0
[  485.944257][T11913] CPU: 1 PID: 11913 Comm: syz.1.1781 Not tainted syzkaller #0
[  485.951794][T11913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  485.961918][T11913] Call Trace:
[  485.965235][T11913]  <TASK>
[  485.968241][T11913]  dump_stack_lvl+0x18c/0x250
[  485.972993][T11913]  ? show_regs_print_info+0x20/0x20
[  485.978259][T11913]  ? load_image+0x420/0x420
[  485.982825][T11913]  ? __might_sleep+0xe0/0xe0
[  485.987468][T11913]  ? __lock_acquire+0x7d40/0x7d40
[  485.992537][T11913]  should_fail_ex+0x39d/0x4d0
[  485.997282][T11913]  should_failslab+0x9/0x20
[  486.001839][T11913]  slab_pre_alloc_hook+0x59/0x310
[  486.006933][T11913]  ? __lock_acquire+0x7d40/0x7d40
[  486.012070][T11913]  kmem_cache_alloc_node+0x60/0x320
[  486.017330][T11913]  ? __alloc_skb+0x103/0x2c0
[  486.021971][T11913]  __alloc_skb+0x103/0x2c0
[  486.026433][T11913]  netlink_sendmsg+0x66a/0xbf0
[  486.031253][T11913]  ? netlink_getsockopt+0x590/0x590
[  486.036505][T11913]  ? aa_sock_msg_perm+0x94/0x150
[  486.041505][T11913]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  486.046845][T11913]  ? security_socket_sendmsg+0x80/0xa0
[  486.052351][T11913]  ? netlink_getsockopt+0x590/0x590
[  486.057619][T11913]  ____sys_sendmsg+0x5ba/0x960
[  486.062449][T11913]  ? __asan_memset+0x22/0x40
[  486.067214][T11913]  ? __sys_sendmsg_sock+0x30/0x30
[  486.073408][T11913]  ? __import_iovec+0x5f2/0x850
[  486.079193][T11913]  ? import_iovec+0x73/0xa0
[  486.083924][T11913]  ___sys_sendmsg+0x2a6/0x360
[  486.088646][T11913]  ? get_pid_task+0x20/0x1e0
[  486.093297][T11913]  ? __sys_sendmsg+0x2a0/0x2a0
[  486.098142][T11913]  ? __lock_acquire+0x7d40/0x7d40
[  486.103258][T11913]  __se_sys_sendmsg+0x1c2/0x2b0
[  486.108181][T11913]  ? __x64_sys_sendmsg+0x80/0x80
[  486.113240][T11913]  ? lockdep_hardirqs_on+0x98/0x150
[  486.118502][T11913]  do_syscall_64+0x55/0xa0
[  486.122963][T11913]  ? clear_bhb_loop+0x40/0x90
[  486.127697][T11913]  ? clear_bhb_loop+0x40/0x90
[  486.132457][T11913]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  486.138396][T11913] RIP: 0033:0x7f9ec779c819
[  486.142849][T11913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  486.162550][T11913] RSP: 002b:00007f9ec86d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.171067][T11913] RAX: ffffffffffffffda RBX: 00007f9ec7a15fa0 RCX: 00007f9ec779c819
[  486.179074][T11913] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000004
[  486.187076][T11913] RBP: 00007f9ec86d1090 R08: 0000000000000000 R09: 0000000000000000
[  486.195104][T11913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.203120][T11913] R13: 00007f9ec7a16038 R14: 00007f9ec7a15fa0 R15: 00007ffe02dec298
[  486.211152][T11913]  </TASK>
[  486.804312][T11926] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1785'.
[  487.677448][T11948] netlink: 'syz.1.1792': attribute type 10 has an invalid length.
[  487.696428][T11946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.993521][T11954] hsr0: left allmulticast mode
[  488.009503][T11954] hsr_slave_0: left allmulticast mode
[  488.024891][T11954] hsr_slave_1: left allmulticast mode
[  488.038732][T11954] bridge0: port 3(hsr0) entered disabled state
[  488.057972][T11954] bridge_slave_1: left allmulticast mode
[  488.088137][T11954] bridge_slave_1: left promiscuous mode
[  488.124064][T11954] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.250730][T11954] bridge_slave_0: left allmulticast mode
[  488.272713][T11954] bridge_slave_0: left promiscuous mode
[  488.278556][T11954] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.856568][T11973] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1799'.
[  489.084261][T11977] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1800'.
[  491.743579][T12037] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1815'.
[  491.957730][T12042] netlink: 'syz.2.1817': attribute type 10 has an invalid length.
[  492.005869][T12042] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1817'.
[  492.073506][T12042] dummy0: entered promiscuous mode
[  492.085491][T12042] dummy0: entered allmulticast mode
[  492.098539][T12042] bridge0: port 4(dummy0) entered blocking state
[  492.117289][T12042] bridge0: port 4(dummy0) entered disabled state
[  492.748380][T12057] FAULT_INJECTION: forcing a failure.
[  492.748380][T12057] name failslab, interval 1, probability 0, space 0, times 0
[  492.802618][T12057] CPU: 0 PID: 12057 Comm: syz.3.1823 Not tainted syzkaller #0
[  492.810161][T12057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  492.820262][T12057] Call Trace:
[  492.823583][T12057]  <TASK>
[  492.826549][T12057]  dump_stack_lvl+0x18c/0x250
[  492.831298][T12057]  ? show_regs_print_info+0x20/0x20
[  492.836558][T12057]  ? load_image+0x420/0x420
[  492.841102][T12057]  ? __might_sleep+0xe0/0xe0
[  492.845745][T12057]  ? __lock_acquire+0x7d40/0x7d40
[  492.850821][T12057]  ? mark_lock+0x94/0x320
[  492.855190][T12057]  should_fail_ex+0x39d/0x4d0
[  492.859909][T12057]  should_failslab+0x9/0x20
[  492.864443][T12057]  slab_pre_alloc_hook+0x59/0x310
[  492.869494][T12057]  ? __local_bh_enable_ip+0x13a/0x1c0
[  492.874883][T12057]  ? pneigh_lookup+0x221/0x4e0
[  492.879669][T12057]  ? pneigh_lookup+0x221/0x4e0
[  492.884449][T12057]  __kmem_cache_alloc_node+0x53/0x250
[  492.889848][T12057]  ? __local_bh_enable_ip+0x13a/0x1c0
[  492.895262][T12057]  ? pneigh_lookup+0x221/0x4e0
[  492.900054][T12057]  __kmalloc+0xa4/0x230
[  492.904241][T12057]  pneigh_lookup+0x221/0x4e0
[  492.908864][T12057]  neigh_add+0x6d7/0xe50
[  492.913153][T12057]  ? neigh_proc_dointvec_unres_qlen+0x2a0/0x2a0
[  492.919431][T12057]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  492.924560][T12057]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  492.929691][T12057]  ? neigh_proc_dointvec_unres_qlen+0x2a0/0x2a0
[  492.935964][T12057]  rtnetlink_rcv_msg+0x869/0xfa0
[  492.940936][T12057]  ? rtnetlink_bind+0x80/0x80
[  492.945633][T12057]  ? mark_lock+0x94/0x320
[  492.949991][T12057]  ? __lock_acquire+0x1273/0x7d40
[  492.955040][T12057]  ? __kernel_text_address+0xd/0x30
[  492.960291][T12057]  ? mark_lock+0x94/0x320
[  492.964650][T12057]  ? mark_lock+0x94/0x320
[  492.969025][T12057]  ? __lock_acquire+0x1273/0x7d40
[  492.974104][T12057]  ? perf_trace_lock+0xfc/0x3b0
[  492.978965][T12057]  ? verify_lock_unused+0x140/0x140
[  492.984180][T12057]  ? verify_lock_unused+0x140/0x140
[  492.989399][T12057]  ? perf_trace_lock+0xfc/0x3b0
[  492.994444][T12057]  ? perf_trace_lock+0xfc/0x3b0
[  492.999321][T12057]  netlink_rcv_skb+0x241/0x4d0
[  493.004125][T12057]  ? rtnetlink_bind+0x80/0x80
[  493.008822][T12057]  ? netlink_ack+0x1180/0x1180
[  493.013626][T12057]  ? __lock_acquire+0x7d40/0x7d40
[  493.018675][T12057]  ? net_generic+0x1e/0x240
[  493.023230][T12057]  ? netlink_deliver_tap+0x2e/0x1b0
[  493.028467][T12057]  netlink_unicast+0x751/0x8d0
[  493.033298][T12057]  netlink_sendmsg+0x8d0/0xbf0
[  493.038105][T12057]  ? netlink_getsockopt+0x590/0x590
[  493.043334][T12057]  ? aa_sock_msg_perm+0x94/0x150
[  493.048320][T12057]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  493.053629][T12057]  ? security_socket_sendmsg+0x80/0xa0
[  493.059196][T12057]  ? netlink_getsockopt+0x590/0x590
[  493.064430][T12057]  ____sys_sendmsg+0x5ba/0x960
[  493.069313][T12057]  ? __asan_memset+0x22/0x40
[  493.074020][T12057]  ? __sys_sendmsg_sock+0x30/0x30
[  493.079084][T12057]  ? __import_iovec+0x5f2/0x850
[  493.083980][T12057]  ? import_iovec+0x73/0xa0
[  493.088522][T12057]  ___sys_sendmsg+0x2a6/0x360
[  493.093253][T12057]  ? __sys_sendmsg+0x2a0/0x2a0
[  493.098058][T12057]  ? trace_call_bpf+0xc3/0x6c0
[  493.102880][T12057]  __se_sys_sendmsg+0x1c2/0x2b0
[  493.107779][T12057]  ? __x64_sys_sendmsg+0x80/0x80
[  493.112767][T12057]  ? lockdep_hardirqs_on+0x98/0x150
[  493.117988][T12057]  do_syscall_64+0x55/0xa0
[  493.122422][T12057]  ? clear_bhb_loop+0x40/0x90
[  493.127129][T12057]  ? clear_bhb_loop+0x40/0x90
[  493.131832][T12057]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  493.137843][T12057] RIP: 0033:0x7f585099c819
[  493.142290][T12057] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  493.161930][T12057] RSP: 002b:00007f5851779028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  493.170381][T12057] RAX: ffffffffffffffda RBX: 00007f5850c15fa0 RCX: 00007f585099c819
[  493.178385][T12057] RDX: 0000000000008000 RSI: 0000200000000600 RDI: 0000000000000003
[  493.186371][T12057] RBP: 00007f5851779090 R08: 0000000000000000 R09: 0000000000000000
[  493.194370][T12057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.202369][T12057] R13: 00007f5850c16038 R14: 00007f5850c15fa0 R15: 00007ffd60ae15e8
[  493.210384][T12057]  </TASK>
[  493.874259][T12075] netlink: 'syz.1.1829': attribute type 10 has an invalid length.
[  493.892855][T12075] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1829'.
[  494.270898][T12085] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1831'.
[  495.223935][T12101] netlink: 'syz.2.1836': attribute type 3 has an invalid length.
[  495.242393][T12101] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1836'.
[  496.333499][T12122] netlink: 'syz.2.1841': attribute type 10 has an invalid length.
[  496.373070][T12122] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1841'.
[  497.028080][T12135] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1845'.
[  498.129917][T12159] netlink: 'syz.1.1851': attribute type 29 has an invalid length.
[  498.142240][T12159] netlink: 'syz.1.1851': attribute type 29 has an invalid length.
[  499.195016][T12186] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1859'.
[  501.287399][T12215] netlink: 'syz.3.1867': attribute type 10 has an invalid length.
[  501.302911][T12214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.733328][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  501.739779][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  502.583445][T12237] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1870'.
[  503.596085][T12248] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1873'.
[  507.526686][T12290] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1885'.
[  509.968115][T12334] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1898'.
[  509.982489][T12339] netlink: 'syz.2.1899': attribute type 6 has an invalid length.
[  510.013134][T12339] netlink: 'syz.2.1899': attribute type 15 has an invalid length.
[  510.027690][T12339] netlink: 'syz.2.1899': attribute type 16 has an invalid length.
[  510.044708][T12339] netlink: 'syz.2.1899': attribute type 20 has an invalid length.
[  510.062125][T12339] netlink: 'syz.2.1899': attribute type 21 has an invalid length.
[  510.084920][T12339] netlink: 'syz.2.1899': attribute type 23 has an invalid length.
[  510.101802][T12339] netlink: 'syz.2.1899': attribute type 25 has an invalid length.
[  510.132826][T12339] netlink: 'syz.2.1899': attribute type 27 has an invalid length.
[  510.154869][T12339] netlink: 'syz.2.1899': attribute type 28 has an invalid length.
[  510.182231][T12339] netlink: 'syz.2.1899': attribute type 29 has an invalid length.
[  513.165521][T12393] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1911'.
[  514.225099][T12412] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1916'.
[  516.434661][T12450] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1927'.
[  519.570011][T12508] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1940'.
[  519.757123][T12507] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1941'.
[  521.030625][T12535] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1950'.
[  521.286345][T12537] validate_nla: 1 callbacks suppressed
[  521.286382][T12537] netlink: 'syz.0.1951': attribute type 10 has an invalid length.
[  521.316640][T12537] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1951'.
[  521.431817][T12540] netlink: 'syz.1.1952': attribute type 10 has an invalid length.
[  521.458635][T12539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  522.338497][T12556] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1957'.
[  522.693193][T12563] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1959'.
[  522.927067][T12568] netlink: 'syz.2.1962': attribute type 10 has an invalid length.
[  522.943855][T12568] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1962'.
[  523.153518][T12572] netlink: 'syz.3.1963': attribute type 10 has an invalid length.
[  523.183433][T12571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.443080][T12578] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1965'.
[  523.813916][T12591] netlink: 'syz.2.1968': attribute type 10 has an invalid length.
[  523.829057][T12591] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1968'.
[  523.984181][T12594] netlink: 'syz.2.1972': attribute type 10 has an invalid length.
[  523.993768][T12594] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1972'.
[  524.905843][T12622] ±ÿÿÿÿa–ïD: renamed from lo (while UP)
[  525.036539][T12624] netlink: 'syz.0.1980': attribute type 21 has an invalid length.
[  525.073484][T12624] __nla_validate_parse: 1 callbacks suppressed
[  525.073500][T12624] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1980'.
[  525.123597][T12627] netlink: 'syz.2.1981': attribute type 10 has an invalid length.
[  525.152305][T12627] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1981'.
[  526.426170][T12665] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.1991'.
[  526.451143][T12665] bridge_slave_1: default FDB implementation only supports local addresses
[  526.524445][T12672] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1993'.
[  526.561456][T12673] netlink: 'syz.2.1994': attribute type 10 has an invalid length.
[  526.624620][T12671] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  526.695627][T12679] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1996'.
[  527.046913][T12691] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2000'.
[  527.377821][T12695] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2001'.
[  527.547438][T12711] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2006'.
[  527.609044][T12711] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2006'.
[  527.651659][T12712] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2006'.
[  530.092353][T12774] __nla_validate_parse: 3 callbacks suppressed
[  530.092392][T12774] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2022'.
[  530.447112][T12778] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2024'.
[  530.632526][T12782] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2026'.
[  532.257842][T12810] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2032'.
[  532.649540][T12824] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2037'.
[  533.034014][T12831] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2040'.
[  533.184543][T12830] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2039'.
[  534.126688][T12848] netlink: 'syz.1.2045': attribute type 10 has an invalid length.
[  534.187825][T12847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  535.440267][T12868] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2052'.
[  535.662272][T12866] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2051'.
[  536.056455][T12877] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2055'.
[  536.240985][T12882] netlink: 'syz.2.2056': attribute type 10 has an invalid length.
[  536.272032][T12881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.939210][T12896] FAULT_INJECTION: forcing a failure.
[  536.939210][T12896] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  536.979879][T12896] CPU: 0 PID: 12896 Comm: syz.2.2060 Not tainted syzkaller #0
[  536.987421][T12896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  536.997554][T12896] Call Trace:
[  537.001050][T12896]  <TASK>
[  537.004021][T12896]  dump_stack_lvl+0x18c/0x250
[  537.008768][T12896]  ? show_regs_print_info+0x20/0x20
[  537.014032][T12896]  ? load_image+0x420/0x420
[  537.018589][T12896]  ? __might_fault+0xaa/0x120
[  537.023314][T12896]  ? __lock_acquire+0x7d40/0x7d40
[  537.028385][T12896]  should_fail_ex+0x39d/0x4d0
[  537.033121][T12896]  _copy_from_iter+0x1d9/0x12e0
[  537.038041][T12896]  ? __virt_addr_valid+0x18c/0x540
[  537.043213][T12896]  ? __lock_acquire+0x7d40/0x7d40
[  537.048302][T12896]  ? mark_lock+0x94/0x320
[  537.052697][T12896]  ? copyout_mc+0x70/0x70
[  537.057088][T12896]  ? __virt_addr_valid+0x18c/0x540
[  537.062255][T12896]  ? __virt_addr_valid+0x18c/0x540
[  537.067425][T12896]  ? __virt_addr_valid+0x469/0x540
[  537.072593][T12896]  ? __check_object_size+0x506/0xa20
[  537.077925][T12896]  skb_copy_datagram_from_iter+0xf4/0x6e0
[  537.083709][T12896]  ? napi_get_frags+0xbb/0x150
[  537.088517][T12896]  tun_get_user+0x15db/0x3ca0
[  537.093352][T12896]  ? rcu_read_unlock+0xa0/0xa0
[  537.098173][T12896]  ? tun_get+0x1c/0x2e0
[  537.102464][T12896]  ? __lock_acquire+0x7d40/0x7d40
[  537.107554][T12896]  ? tun_get+0x1c/0x2e0
[  537.111783][T12896]  tun_chr_write_iter+0x119/0x200
[  537.116889][T12896]  vfs_write+0x46c/0x990
[  537.121192][T12896]  ? file_end_write+0x250/0x250
[  537.126112][T12896]  ? __fget_files+0x43d/0x4b0
[  537.130880][T12896]  ? __fdget_pos+0x1d8/0x330
[  537.135536][T12896]  ? ksys_write+0x75/0x260
[  537.140021][T12896]  ksys_write+0x150/0x260
[  537.144412][T12896]  ? __ia32_sys_read+0x90/0x90
[  537.149235][T12896]  ? lockdep_hardirqs_on+0x98/0x150
[  537.154485][T12896]  do_syscall_64+0x55/0xa0
[  537.158935][T12896]  ? clear_bhb_loop+0x40/0x90
[  537.163666][T12896]  ? clear_bhb_loop+0x40/0x90
[  537.168397][T12896]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  537.174368][T12896] RIP: 0033:0x7fd7f579c819
[  537.178834][T12896] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  537.199119][T12896] RSP: 002b:00007fd7f6723028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  537.207587][T12896] RAX: ffffffffffffffda RBX: 00007fd7f5a16090 RCX: 00007fd7f579c819
[  537.215618][T12896] RDX: 0000000000000280 RSI: 0000200000000700 RDI: 0000000000000003
[  537.223635][T12896] RBP: 00007fd7f6723090 R08: 0000000000000000 R09: 0000000000000000
[  537.231644][T12896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  537.239652][T12896] R13: 00007fd7f5a16128 R14: 00007fd7f5a16090 R15: 00007fffebc3f9d8
[  537.247681][T12896]  </TASK>
[  539.425697][T12912] macsec0: entered promiscuous mode
[  539.431231][T12912] macsec0: entered allmulticast mode
[  539.436685][T12912] veth1_macvtap: entered allmulticast mode
[  539.783965][T12923] netlink: 'syz.0.2066': attribute type 10 has an invalid length.
[  539.803871][T12921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  539.924558][T12929] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2068'.
[  540.607961][T12948] netlink: 'syz.1.2074': attribute type 29 has an invalid length.
[  540.620213][T12948] netlink: 'syz.1.2074': attribute type 29 has an invalid length.
[  540.631210][T12948] netlink: 'syz.1.2074': attribute type 29 has an invalid length.
[  541.230144][T12967] ªªªªªª: renamed from lo (while UP)
[  541.339953][T12967] netlink: 146488 bytes leftover after parsing attributes in process `syz.1.2080'.
[  541.360794][T12967] netlink: 6324 bytes leftover after parsing attributes in process `syz.1.2080'.
[  541.381091][T12973] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2079'.
[  541.869711][T12982] netlink: 'syz.1.2084': attribute type 10 has an invalid length.
[  541.878576][T12982] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2084'.
[  545.284486][T13022] netlink: 'syz.0.2094': attribute type 10 has an invalid length.
[  545.292346][T13022] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2094'.
[  545.496023][T13028] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2096'.
[  548.826480][T13064] netlink: 'syz.2.2105': attribute type 10 has an invalid length.
[  548.834885][T13064] netlink: 55 bytes leftover after parsing attributes in process `syz.2.2105'.
[  550.792325][T13119] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2120'.
[  550.912504][T13121] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2121'.
[  552.876327][T13183] netlink: 'syz.0.2137': attribute type 10 has an invalid length.
[  552.884952][T13183] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2137'.
[  552.937651][T13184] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2138'.
[  553.229971][T13190] netlink: 'syz.0.2141': attribute type 10 has an invalid length.
[  553.251215][T13188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.901455][T13232] netlink: 'syz.1.2155': attribute type 10 has an invalid length.
[  554.923788][T13231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.955521][T13239] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2156'.
[  556.364043][T13278] netlink: 'syz.3.2169': attribute type 3 has an invalid length.
[  556.382967][T13277] netlink: 'syz.3.2169': attribute type 3 has an invalid length.
[  556.390862][T13277] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2169'.
[  556.409727][T13278] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2169'.
[  556.629682][T13281] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  556.638173][T13281] IPv6: NLM_F_CREATE should be set when creating new route
[  556.646423][T13281] IPv6: NLM_F_CREATE should be set when creating new route
[  556.654444][T13281] IPv6: NLM_F_CREATE should be set when creating new route
[  556.694702][T13285] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2172'.
[  557.966807][T13305] FAULT_INJECTION: forcing a failure.
[  557.966807][T13305] name failslab, interval 1, probability 0, space 0, times 0
[  558.009951][T13305] CPU: 0 PID: 13305 Comm: syz.3.2179 Not tainted syzkaller #0
[  558.017527][T13305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  558.027630][T13305] Call Trace:
[  558.030948][T13305]  <TASK>
[  558.033922][T13305]  dump_stack_lvl+0x18c/0x250
[  558.038670][T13305]  ? show_regs_print_info+0x20/0x20
[  558.043925][T13305]  ? load_image+0x420/0x420
[  558.048590][T13305]  ? __might_sleep+0xe0/0xe0
[  558.053260][T13305]  ? __lock_acquire+0x7d40/0x7d40
[  558.058343][T13305]  should_fail_ex+0x39d/0x4d0
[  558.063085][T13305]  should_failslab+0x9/0x20
[  558.067638][T13305]  slab_pre_alloc_hook+0x59/0x310
[  558.072724][T13305]  ? tomoyo_encode+0x28b/0x540
[  558.077551][T13305]  ? tomoyo_encode+0x28b/0x540
[  558.082384][T13305]  __kmem_cache_alloc_node+0x53/0x250
[  558.087815][T13305]  ? tomoyo_encode+0x28b/0x540
[  558.092719][T13305]  __kmalloc+0xa4/0x230
[  558.096950][T13305]  tomoyo_encode+0x28b/0x540
[  558.101601][T13305]  tomoyo_realpath_from_path+0x592/0x5d0
[  558.107298][T13305]  tomoyo_path_number_perm+0x248/0x620
[  558.112808][T13305]  ? tomoyo_path_number_perm+0x217/0x620
[  558.118480][T13305]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  558.124010][T13305]  ? __fget_files+0x28/0x4b0
[  558.128642][T13305]  ? __fget_files+0x28/0x4b0
[  558.133281][T13305]  security_file_ioctl+0x70/0xa0
[  558.138245][T13305]  __se_sys_ioctl+0x48/0x170
[  558.142884][T13305]  do_syscall_64+0x55/0xa0
[  558.147332][T13305]  ? clear_bhb_loop+0x40/0x90
[  558.152052][T13305]  ? clear_bhb_loop+0x40/0x90
[  558.156847][T13305]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  558.162768][T13305] RIP: 0033:0x7f585099c819
[  558.167205][T13305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  558.186839][T13305] RSP: 002b:00007f5851779028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  558.195288][T13305] RAX: ffffffffffffffda RBX: 00007f5850c15fa0 RCX: 00007f585099c819
[  558.203294][T13305] RDX: 0000200000000000 RSI: 0000000000008b1a RDI: 0000000000000003
[  558.211303][T13305] RBP: 00007f5851779090 R08: 0000000000000000 R09: 0000000000000000
[  558.219326][T13305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  558.227309][T13305] R13: 00007f5850c16038 R14: 00007f5850c15fa0 R15: 00007ffd60ae15e8
[  558.235331][T13305]  </TASK>
[  558.295119][T13305] ERROR: Out of memory at tomoyo_realpath_from_path.
[  559.256004][T13332] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2185'.
[  559.350033][T13335] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2186'.
[  560.423227][T13362] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2204'.
[  561.196590][T13374] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2199'.
[  561.275928][T13362] syz.1.2204 (13362) used greatest stack depth: 19752 bytes left
[  561.411802][T13378] netlink: 'syz.0.2200': attribute type 10 has an invalid length.
[  561.440722][T13378] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2200'.
[  561.916120][T13393] syzkaller0: entered promiscuous mode
[  561.929330][T13393] syzkaller0: entered allmulticast mode
[  563.173509][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  563.179925][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  563.327588][T13405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  564.190830][T13406] netlink: 'syz.0.2210': attribute type 10 has an invalid length.
[  564.211233][T13414] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2211'.
[  564.650698][T13429] netlink: 'syz.1.2215': attribute type 10 has an invalid length.
[  564.663170][T13429] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2215'.
[  565.034120][T13436] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  565.041682][T13436] IPv6: NLM_F_CREATE should be set when creating new route
[  565.049608][T13436] IPv6: NLM_F_CREATE should be set when creating new route
[  565.057311][T13436] IPv6: NLM_F_CREATE should be set when creating new route
[  566.785517][T13463] netlink: 'syz.0.2224': attribute type 10 has an invalid length.
[  567.125324][T13477] netlink: 'syz.1.2228': attribute type 10 has an invalid length.
[  567.156827][T13476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  568.028278][T13508] netlink: 'syz.2.2236': attribute type 10 has an invalid length.
[  568.348274][T13522] netlink: 'syz.1.2241': attribute type 10 has an invalid length.
[  568.384638][T13521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  568.748652][T13531] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2243'.
[  568.764273][T13531] Ù: renamed from bond_slave_1
[  568.851503][T13514] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2237'.
[  569.056911][T13538] netlink: 'syz.0.2253': attribute type 10 has an invalid length.
[  569.092789][T13538] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2253'.
[  569.716523][T13561] netlink: 'syz.3.2250': attribute type 10 has an invalid length.
[  569.773953][T13561] bridge0: port 3(hsr0) entered disabled state
[  569.781391][T13561] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.790742][T13561] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.944493][T13565] netlink: 'syz.0.2252': attribute type 10 has an invalid length.
[  569.996222][T13564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  570.953934][T13580] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  570.964592][T13580] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  570.981495][T13580] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  570.998581][T13580] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  571.012895][T13580] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  571.022960][T13580] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  571.108068][T13577] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2258'.
[  571.218311][ T2961] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.386657][ T2961] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.615562][ T2961] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.920483][ T2961] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.007611][T13602] netlink: 'syz.0.2266': attribute type 10 has an invalid length.
[  572.016637][T13601] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  572.109314][T13579] chnl_net:caif_netlink_parms(): no params data found
[  572.488832][T13579] bridge0: port 1(bridge_slave_0) entered blocking state
[  572.496190][T13579] bridge0: port 1(bridge_slave_0) entered disabled state
[  572.503800][T13579] bridge_slave_0: entered allmulticast mode
[  572.511333][T13579] bridge_slave_0: entered promiscuous mode
[  572.843048][T13579] bridge0: port 2(bridge_slave_1) entered blocking state
[  572.850267][T13579] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.887069][T13579] bridge_slave_1: entered allmulticast mode
[  572.905882][T13579] bridge_slave_1: entered promiscuous mode
[  572.976954][T13623] FAULT_INJECTION: forcing a failure.
[  572.976954][T13623] name failslab, interval 1, probability 0, space 0, times 0
[  573.027173][T13623] CPU: 1 PID: 13623 Comm: syz.0.2269 Not tainted syzkaller #0
[  573.034736][T13623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  573.044852][T13623] Call Trace:
[  573.048173][T13623]  <TASK>
[  573.051143][T13623]  dump_stack_lvl+0x18c/0x250
[  573.055910][T13623]  ? show_regs_print_info+0x20/0x20
[  573.061175][T13623]  ? load_image+0x420/0x420
[  573.065747][T13623]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  573.071963][T13623]  ? lock_chain_count+0x20/0x20
[  573.076872][T13623]  should_fail_ex+0x39d/0x4d0
[  573.081610][T13623]  should_failslab+0x9/0x20
[  573.086162][T13623]  slab_pre_alloc_hook+0x59/0x310
[  573.091273][T13623]  kmem_cache_alloc+0x5a/0x2d0
[  573.096096][T13623]  ? slab_build_skb+0x2b/0x3f0
[  573.100922][T13623]  slab_build_skb+0x2b/0x3f0
[  573.105555][T13623]  bpf_prog_test_run_skb+0x3c8/0x12b0
[  573.110966][T13623]  ? __fget_files+0x28/0x4b0
[  573.115600][T13623]  ? __fget_files+0x28/0x4b0
[  573.120325][T13623]  ? __fget_files+0x43d/0x4b0
[  573.125092][T13623]  ? cpu_online+0x60/0x60
[  573.129470][T13623]  bpf_prog_test_run+0x321/0x390
[  573.134448][T13623]  __sys_bpf+0x49d/0x890
[  573.138756][T13623]  ? bpf_link_show_fdinfo+0x390/0x390
[  573.144153][T13623]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  573.150346][T13623]  __x64_sys_bpf+0x7c/0x90
[  573.154779][T13623]  do_syscall_64+0x55/0xa0
[  573.159217][T13623]  ? clear_bhb_loop+0x40/0x90
[  573.163944][T13623]  ? clear_bhb_loop+0x40/0x90
[  573.168650][T13623]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  573.174568][T13623] RIP: 0033:0x7f8dce19c819
[  573.179022][T13623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  573.198649][T13623] RSP: 002b:00007f8dcf099028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  573.207088][T13623] RAX: ffffffffffffffda RBX: 00007f8dce415fa0 RCX: 00007f8dce19c819
[  573.215079][T13623] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a
[  573.223068][T13623] RBP: 00007f8dcf099090 R08: 0000000000000000 R09: 0000000000000000
[  573.231050][T13623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  573.239039][T13623] R13: 00007f8dce416038 R14: 00007f8dce415fa0 R15: 00007fff2cfdb208
[  573.247042][T13623]  </TASK>
[  573.278861][T13579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  573.292746][T13580] Bluetooth: hci1: command tx timeout
[  573.325279][T13579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  573.471469][T13632] netlink: 830 bytes leftover after parsing attributes in process `syz.1.2270'.
[  573.636015][T13579] team0: Port device team_slave_0 added
[  573.663641][T13579] team0: Port device team_slave_1 added
[  573.880583][T13579] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.909113][T13579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  573.983565][T13579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  574.020038][T13579] batman_adv: batadv0: Adding interface: batadv_slave_1
[  574.048471][T13579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  574.139078][T13579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  574.266780][T13653] netlink: 'syz.3.2275': attribute type 10 has an invalid length.
[  574.279732][T13652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.577825][T13579] hsr_slave_0: entered promiscuous mode
[  574.596709][T13579] hsr_slave_1: entered promiscuous mode
[  574.664722][T13579] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  574.672378][T13579] Cannot create hsr debugfs directory
[  575.153960][T13671] netlink: 'syz.0.2279': attribute type 10 has an invalid length.
[  575.192511][T13671] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2279'.
[  575.324462][T13580] Bluetooth: hci1: command tx timeout
[  575.688595][ T2961] 
[  575.691089][ T2961] ======================================================
[  575.698140][ T2961] WARNING: possible circular locking dependency detected
[  575.705203][ T2961] syzkaller #0 Not tainted
[  575.709670][ T2961] ------------------------------------------------------
[  575.716735][ T2961] kworker/u4:8/2961 is trying to acquire lock:
[  575.722915][ T2961] ffff88807b630d00 (team->team_lock_key){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[  575.732377][ T2961] 
[  575.732377][ T2961] but task is already holding lock:
[  575.739773][ T2961] ffff88801db38768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  575.750258][ T2961] 
[  575.750258][ T2961] which lock already depends on the new lock.
[  575.750258][ T2961] 
[  575.760697][ T2961] 
[  575.760697][ T2961] the existing dependency chain (in reverse order) is:
[  575.769738][ T2961] 
[  575.769738][ T2961] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[  575.777613][ T2961]        __mutex_lock+0x136/0xcc0
[  575.782690][ T2961]        ieee80211_open+0x144/0x200
[  575.787924][ T2961]        __dev_open+0x2cb/0x430
[  575.792812][ T2961]        dev_open+0xab/0x190
[  575.797449][ T2961]        team_add_slave+0x75f/0x29a0
[  575.802766][ T2961]        do_setlink+0xdfe/0x4130
[  575.807724][ T2961]        rtnl_newlink+0x17da/0x20a0
[  575.812928][ T2961]        rtnetlink_rcv_msg+0x869/0xfa0
[  575.818419][ T2961]        netlink_rcv_skb+0x241/0x4d0
[  575.823725][ T2961]        netlink_unicast+0x751/0x8d0
[  575.829033][ T2961]        netlink_sendmsg+0x8d0/0xbf0
[  575.834337][ T2961]        ____sys_sendmsg+0x5ba/0x960
[  575.839631][ T2961]        ___sys_sendmsg+0x2a6/0x360
[  575.844853][ T2961]        __se_sys_sendmsg+0x1c2/0x2b0
[  575.850245][ T2961]        do_syscall_64+0x55/0xa0
[  575.855203][ T2961]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  575.861651][ T2961] 
[  575.861651][ T2961] -> #0 (team->team_lock_key){+.+.}-{3:3}:
[  575.869915][ T2961]        __lock_acquire+0x2df1/0x7d40
[  575.875316][ T2961]        lock_acquire+0x19e/0x420
[  575.880363][ T2961]        __mutex_lock+0x136/0xcc0
[  575.885402][ T2961]        team_del_slave+0x32/0x1c0
[  575.890623][ T2961]        team_device_event+0x28d/0xa20
[  575.896108][ T2961]        notifier_call_chain+0x197/0x380
[  575.901857][ T2961]        unregister_netdevice_many_notify+0x100d/0x1900
[  575.908832][ T2961]        unregister_netdevice_queue+0x32c/0x370
[  575.915259][ T2961]        _cfg80211_unregister_wdev+0x16b/0x580
[  575.921442][ T2961]        ieee80211_remove_interfaces+0x49e/0x690
[  575.927797][ T2961]        ieee80211_unregister_hw+0x5d/0x2a0
[  575.933717][ T2961]        mac80211_hwsim_del_radio+0x289/0x480
[  575.939804][ T2961]        hwsim_exit_net+0x58d/0x650
[  575.945013][ T2961]        cleanup_net+0x70a/0xbb0
[  575.950021][ T2961]        process_scheduled_works+0xa5d/0x15d0
[  575.956193][ T2961]        worker_thread+0xa55/0xfc0
[  575.961329][ T2961]        kthread+0x2fa/0x390
[  575.965938][ T2961]        ret_from_fork+0x48/0x80
[  575.970900][ T2961]        ret_from_fork_asm+0x11/0x20
[  575.976224][ T2961] 
[  575.976224][ T2961] other info that might help us debug this:
[  575.976224][ T2961] 
[  575.986493][ T2961]  Possible unsafe locking scenario:
[  575.986493][ T2961] 
[  575.993943][ T2961]        CPU0                    CPU1
[  575.999313][ T2961]        ----                    ----
[  576.004676][ T2961]   lock(&rdev->wiphy.mtx);
[  576.009195][ T2961]                                lock(team->team_lock_key);
[  576.016513][ T2961]                                lock(&rdev->wiphy.mtx);
[  576.023550][ T2961]   lock(team->team_lock_key);
[  576.028322][ T2961] 
[  576.028322][ T2961]  *** DEADLOCK ***
[  576.028322][ T2961] 
[  576.036490][ T2961] 5 locks held by kworker/u4:8/2961:
[  576.041772][ T2961]  #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  576.052663][ T2961]  #1: ffffc9000c217d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  576.063219][ T2961]  #2: ffffffff8e3b5710 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0
[  576.072647][ T2961]  #3: ffffffff8e3c2748 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[  576.082506][ T2961]  #4: ffff88801db38768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  576.093329][ T2961] 
[  576.093329][ T2961] stack backtrace:
[  576.099236][ T2961] CPU: 1 PID: 2961 Comm: kworker/u4:8 Not tainted syzkaller #0
[  576.106803][ T2961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  576.116881][ T2961] Workqueue: netns cleanup_net
[  576.121727][ T2961] Call Trace:
[  576.125024][ T2961]  <TASK>
[  576.128004][ T2961]  dump_stack_lvl+0x18c/0x250
[  576.132710][ T2961]  ? load_image+0x420/0x420
[  576.137242][ T2961]  ? show_regs_print_info+0x20/0x20
[  576.142472][ T2961]  ? print_circular_bug+0x12b/0x1a0
[  576.147704][ T2961]  check_noncircular+0x2fc/0x400
[  576.152664][ T2961]  ? print_deadlock_bug+0x5d0/0x5d0
[  576.157881][ T2961]  ? lockdep_lock+0xf5/0x230
[  576.162489][ T2961]  ? __lock_acquire+0x1273/0x7d40
[  576.167564][ T2961]  ? _find_first_zero_bit+0xd3/0x100
[  576.172875][ T2961]  __lock_acquire+0x2df1/0x7d40
[  576.177767][ T2961]  ? verify_lock_unused+0x140/0x140
[  576.182992][ T2961]  ? verify_lock_unused+0x140/0x140
[  576.188216][ T2961]  lock_acquire+0x19e/0x420
[  576.192738][ T2961]  ? team_del_slave+0x32/0x1c0
[  576.197525][ T2961]  ? __might_sleep+0xe0/0xe0
[  576.202143][ T2961]  ? read_lock_is_recursive+0x20/0x20
[  576.207540][ T2961]  __mutex_lock+0x136/0xcc0
[  576.212054][ T2961]  ? team_del_slave+0x32/0x1c0
[  576.216826][ T2961]  ? __lock_acquire+0x7d40/0x7d40
[  576.221862][ T2961]  ? rcu_is_watching+0x15/0xb0
[  576.226651][ T2961]  ? trace_contention_end+0x39/0xe0
[  576.231862][ T2961]  ? __mutex_lock+0x315/0xcc0
[  576.236541][ T2961]  ? team_del_slave+0x32/0x1c0
[  576.241312][ T2961]  ? mutex_lock_nested+0x20/0x20
[  576.246268][ T2961]  ? bond_netdev_event+0xeb/0xf20
[  576.251323][ T2961]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  576.257039][ T2961]  team_del_slave+0x32/0x1c0
[  576.261668][ T2961]  team_device_event+0x28d/0xa20
[  576.266642][ T2961]  notifier_call_chain+0x197/0x380
[  576.271780][ T2961]  unregister_netdevice_many_notify+0x100d/0x1900
[  576.278227][ T2961]  ? lock_chain_count+0x20/0x20
[  576.283129][ T2961]  ? unregister_netdevice_many+0x20/0x20
[  576.288797][ T2961]  ? kernfs_remove_by_name_ns+0x117/0x150
[  576.294533][ T2961]  ? __lock_acquire+0x7d40/0x7d40
[  576.299585][ T2961]  unregister_netdevice_queue+0x32c/0x370
[  576.305321][ T2961]  ? list_netdevice+0x730/0x730
[  576.310205][ T2961]  ? kernfs_remove_by_name_ns+0x117/0x150
[  576.315960][ T2961]  _cfg80211_unregister_wdev+0x16b/0x580
[  576.321613][ T2961]  ieee80211_remove_interfaces+0x49e/0x690
[  576.327437][ T2961]  ? ieee80211_do_stop+0x1e20/0x1e20
[  576.332818][ T2961]  ? rcu_is_watching+0x15/0xb0
[  576.337608][ T2961]  ieee80211_unregister_hw+0x5d/0x2a0
[  576.343009][ T2961]  mac80211_hwsim_del_radio+0x289/0x480
[  576.348572][ T2961]  ? rhashtable_remove_fast+0xc00/0xc00
[  576.354131][ T2961]  hwsim_exit_net+0x58d/0x650
[  576.358832][ T2961]  ? hwsim_init_net+0x90/0x90
[  576.363533][ T2961]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[  576.369351][ T2961]  cleanup_net+0x70a/0xbb0
[  576.373780][ T2961]  ? ops_free_list+0x3b0/0x3b0
[  576.378557][ T2961]  ? _raw_spin_unlock_irq+0x23/0x50
[  576.383771][ T2961]  ? process_scheduled_works+0x96f/0x15d0
[  576.389526][ T2961]  ? process_scheduled_works+0x96f/0x15d0
[  576.395266][ T2961]  process_scheduled_works+0xa5d/0x15d0
[  576.400845][ T2961]  ? worker_attach_to_pool+0x380/0x380
[  576.406321][ T2961]  ? assign_work+0x3d2/0x5d0
[  576.410933][ T2961]  worker_thread+0xa55/0xfc0
[  576.415552][ T2961]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  576.421473][ T2961]  ? _raw_spin_unlock+0x40/0x40
[  576.426375][ T2961]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  576.432317][ T2961]  kthread+0x2fa/0x390
[  576.436431][ T2961]  ? pr_cont_work+0x560/0x560
[  576.441156][ T2961]  ? kthread_blkcg+0xd0/0xd0
[  576.445775][ T2961]  ret_from_fork+0x48/0x80
[  576.450222][ T2961]  ? kthread_blkcg+0xd0/0xd0
[  576.454851][ T2961]  ret_from_fork_asm+0x11/0x20
[  576.459652][ T2961]  </TASK>
[  576.678287][ T2961] team0: Port device wlan1 removed
[  576.900253][ T2961] hsr_slave_0: left promiscuous mode
[  576.908583][ T2961] hsr_slave_1: left promiscuous mode
[  576.917528][ T2961] bridge0: port 4(dummy0) entered disabled state
[  576.931040][ T2961] hsr0: left allmulticast mode
[  576.936292][ T2961] bridge0: port 3(hsr0) entered disabled state
[  576.944496][ T2961] bridge_slave_1: left allmulticast mode
[  576.950226][ T2961] bridge_slave_1: left promiscuous mode
[  576.956312][ T2961] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.965521][ T2961] bridge_slave_0: left allmulticast mode
[  576.971252][ T2961] bridge_slave_0: left promiscuous mode
[  576.978198][ T2961] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.991785][ T2961] veth1_macvtap: left promiscuous mode
[  576.997509][ T2961] veth0_macvtap: left promiscuous mode
[  577.208057][ T2961] team0 (unregistering): Port device team_slave_1 removed
[  577.248957][ T2961] team0 (unregistering): Port device team_slave_0 removed
[  577.404249][T13580] Bluetooth: hci1: command tx timeout
[  577.665115][T13579] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  577.681614][T13579] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  577.696228][T13579] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  577.707334][T13579] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  577.811265][T13579] 8021q: adding VLAN 0 to HW filter on device bond0
[  577.844789][T13579] 8021q: adding VLAN 0 to HW filter on device team0
[  577.856507][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.863669][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.880291][ T2119] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.887476][ T2119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  577.937913][T13579] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  577.948873][T13579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  578.128216][T13579] 8021q: adding VLAN 0 to HW filter on device batadv0
[  578.201455][T13579] veth0_vlan: entered promiscuous mode
[  578.221548][T13579] veth1_vlan: entered promiscuous mode
[  578.270763][T13579] veth0_macvtap: entered promiscuous mode
[  578.281174][T13579] veth1_macvtap: entered promiscuous mode
[  578.312803][T13579] batman_adv: batadv0: Interface activated: batadv_slave_0
[  578.327879][T13579] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.353583][T13579] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  578.362374][T13579] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  578.374122][T13579] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  578.383487][T13579] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  578.432519][T13579] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht'
[  578.478872][  T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.505072][  T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.513777][T13579] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht'
[  578.597007][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.615304][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  579.482786][T13580] Bluetooth: hci1: command tx timeout