last executing test programs:

4.805174589s ago: executing program 3 (id=15140):
r0 = getpid()
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x100000010, 0x1d66ef49}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x4, 0x6, 0x2, 0x0, 0x0, 0x0, 0x100000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4fb5b6f85a83c771}, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffff04000000088925423e000000ff01000000000000bbdd4e67f9be0100001080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x40000000)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce810203290800000000000000000000ffffac14140a000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000)
r6 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0xb, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r6, 0x84, 0x64, &(0x7f0000000000)=r8, 0x10)
sendmsg$inet(r6, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

4.803999769s ago: executing program 1 (id=15148):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x820d}, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x7, 0x2}]}}}], 0x18}, 0x4000000)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000032000b07d25a806f8c6394f90824fc60", 0x14}], 0x1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

4.596504983s ago: executing program 2 (id=15142):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x2e, 0x12)
close(r0)
socket$kcm(0x2, 0x922000000001, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c012)
write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB="beaa000000000000791008000000000018120000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000480)='syzkaller\x00'}, 0x94)

4.178425013s ago: executing program 1 (id=15144):
r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000, 0x0, 0x0, 0x0, 0x0, 0xda}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
syz_clone(0xc920000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x2, @perf_bp={0x0, 0x9}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x9, 0x2, 0x812, 0x0, 0x0, 0x0, 0x22009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0xff, 0xfd, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x1, 0x0, 0x6, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x81ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x38)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x9}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000020006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

4.093856517s ago: executing program 2 (id=15146):
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000000a40)=[{&(0x7f0000000dc0)=""/240, 0xf0}, {&(0x7f0000000600)=""/132, 0x84}, {&(0x7f00000006c0)=""/85, 0x55}, {&(0x7f0000000740)=""/85, 0x55}, {&(0x7f00000007c0)=""/221, 0xdd}, {&(0x7f00000008c0)=""/167, 0xa7}, {&(0x7f0000000980)=""/20, 0x14}, {&(0x7f00000002c0)=""/21, 0x15}, {&(0x7f0000000a00)=""/39, 0x27}], 0x9, &(0x7f0000000b00)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {<r0=>0x0}}}], 0x60}, 0x10022)
socket$kcm(0x10, 0x2, 0x0)
getpid()
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf35ed9d13bf18e45, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x32, 0x43a1bd76, 0x7, 0xa, 0x6c9, 0x3, 0x0, 0x0, 0x0, 0x2009}, r0, 0x6, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xed, 0x7, 0x0, 0xfd, 0x0, 0x8, 0x400, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0xffffffffffffff7f}, 0x111311, 0x1, 0x0, 0x1, 0x20000, 0x0, 0x1, 0x0, 0x8000}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="007c81baae2725c00400000000000400040000005e5dddcf63979b7a27f83c54d922d22a7c289fbf79fa247097631ad2fadd6ecda3a183a113a707157e5122168e5363d5664130f647ee0d7a676c7d582245ccd3687b0b443894e65cfee49ac2396e38c87d821960694512a45d47f29774cabda277b3ecbd0e7036ac875304e51ed0c1ee41831f6299140794d197a11291ff54326cfceccc2936a45442a6996f9af4d8243d3eaf890b2f3b66855ebb782a646640a167e0c2e22303029aca469af1058e02fbc76f4c2e09", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0xf}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/105, 0x0, &(0x7f0000000580)="bca13f58108937270789108abef62fc69699d33b5b5ef0def2fb77dbb117902c28122e2f2fb8ac793c47db676efd92aeacef4f223cdb490d7eaa0860b0f1abaaad5a58cd7e5855b48a7272e2854fda05f41a005d555f788cac0ce588812f48ec13a49b934fcfa64f4862f43adc0335ee9a202360de774f6123ff", 0x7, r2, 0x4}, 0x38)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={&(0x7f0000000300), 0x3}, 0x0, 0xbdc4, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
ioctl$TUNSETPERSIST(r3, 0x400454c9, 0x200000000000001)
ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000d700007111b700000000008510000002000000850000000500000095000004400000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x5, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r5)
getpid()

3.755224094s ago: executing program 3 (id=15147):
r0 = getpid()
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x100000010, 0x1d66ef49}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x4, 0x6, 0x2, 0x0, 0x0, 0x0, 0x100000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4fb5b6f85a83c771}, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffff04000000088925423e000000ff01000000000000bbdd4e67f9be0100001080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x40000000)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce810203290800000000000000000000ffffac14140a000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000)
r6 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0xb, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$inet(r6, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

2.811031051s ago: executing program 0 (id=15150):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x2e, 0x12)
close(r0)
socket$kcm(0x2, 0x922000000001, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c012)
write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB="beaa000000000000791008000000000018120000", @ANYRES32=r3], &(0x7f0000000480)='syzkaller\x00'}, 0x94)

2.810492361s ago: executing program 2 (id=15151):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000340)="f2239db6348a13fcbd734f1f9a46f4e673072b1f850eb8e8ddf2766e543a9d480ae5ab72461fd1acbb435e84d668e2ca57e1c62af11449b5a4998294170adc86e2a7b049715c3ee142ddd8033518d6bb63aeb9d3679c34df67b9784a282a3c4bfa763fe42c1cec401722b7b7db7eea5892dda4608d36f1c087517c8e5fe04a6474d2d32bc53ae7d7930e0774f197b2934266bfd9cd972ab8c612cafdc65ac6827260607a0a05bf23a79d89fcd567e7c72ced3de86459714f7e84bccdc06facf115f8b78cd4ef7d74b79ed3fdfbb8d432047ebf00c624f0892ca81493688adc1967d8f3d422ac35a08725059643cbc2175d7631151cae2de251", &(0x7f0000000680)=""/237}, 0x20)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="18f7ffffff000001000000000c0000001811e200", @ANYRES32=r1, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000860000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x2, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x13, 0x4, &(0x7f0000001f40)=ANY=[@ANYBLOB="0015000061114c0000000000850000001c0000009500000000000100baff9317ffac4a1195cbd968667bcceea2e8a5e534a771aa23feff63047094111b2d443dadda240ee3a5f4ce36ca9041107ab000000000"], &(0x7f0000000380)='GPL\x00', 0x5, 0xff92, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x36c, 0x10, &(0x7f0000000000), 0x26}, 0x48)
perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000, 0xa6d}, 0x200, 0xa, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x1}, 0x8e0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
close(r2)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000000040)="ab00000031c203f4b76ffa24fc60100003df0900020005358ac137800500026ced000300"/46, 0x2e}, {&(0x7f0000001fc0)="c51260a8cbfae0c97270d2d9f9e3a774644b37ffa4c38bc5ac41e6569c22f21809625db64973a31652a005a85e988285af8f70ec763129dac5d3c4e5722f651778050e85eebb55b6e28b0023ec39da77a70fcc3a148fa6edc37169089bf94207176394", 0x63}, {&(0x7f00000019c0)="e166186d6cb0b5b1d6ffadb2be01b8263d3abab0c802ff3938203ba118ca79aec5641d631a209c4a807a66d32c93d6258379", 0x32}], 0x3}, 0x0)
r4 = socket$kcm(0x2, 0x200000000000006, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x5452, &(0x7f00000006c0)={<r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r4, 0x1, 0x7, &(0x7f0000000040), 0x4)
recvmsg$kcm(r3, &(0x7f0000000340)={&(0x7f00000000c0)=@ax25={{0x3, @default}, [@rose, @rose, @remote, @remote, @remote, @netrom, @rose, @bcast]}, 0x80, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/215, 0xd7}, {&(0x7f00000013c0)=""/244, 0xf4}, {&(0x7f00000002c0)}, {&(0x7f0000000300)=""/32, 0x20}, {&(0x7f00000014c0)=""/221, 0xdd}, {&(0x7f00000015c0)=""/214, 0xd6}, {&(0x7f00000016c0)=""/181, 0xb5}], 0x8, &(0x7f0000001800)=""/148, 0x94}, 0x2)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x80, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3, 0x30, &(0x7f0000001a40)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001834000005000000000000000000000085000000bd000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000186500000e00000000000000040000001800000002000000000000000000c000bd060c00fcffffff180000008700000000000000040000008cbbfcffffffffff180100002020782500000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x11, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$kcm(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
recvmsg$unix(r5, &(0x7f0000001f00)={0xffffffffffffffff, 0x0, &(0x7f0000001a00)=[{&(0x7f0000002080)=""/1, 0x1}, {&(0x7f0000001cc0)=""/134, 0x86}, {&(0x7f0000001d80)=""/217, 0xd9}], 0x3, &(0x7f0000001e80)=[@rights={{0x2c, 0x1, 0x1, [<r9=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x50}, 0x1)
sendmsg$kcm(r8, &(0x7f0000000040)={0x0, 0xfffffd65, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000b6c8c1200f90429fc5a010f5dd9", 0x14}], 0x1}, 0x0)
close(r8)
ioctl$TUNGETVNETLE(r2, 0x800454dd, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r2, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008d8dff"})
mkdir(&(0x7f0000001980)='./file0\x00', 0x40)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x5, [@var={0x8, 0x0, 0x0, 0xe, 0x9}]}, {0x0, [0x2e, 0x61, 0x30]}}, &(0x7f0000000280)=""/26, 0x2d, 0x1a, 0x1, 0x7, 0x10000, @value=r9}, 0x28)

2.810078482s ago: executing program 3 (id=15152):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, 0x0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r2, 0x0}, 0x20)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$kcm(r3, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x24008010)
setsockopt$sock_attach_bpf(r3, 0x6, 0x1f, 0x0, 0x30)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41ff, 0x2122, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x80000, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffdfffffffffffff, 0xffffffffffffffff, 0x0)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x2, @perf_bp={0x0, 0xa}, 0x104105, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x89fe, &(0x7f0000000680)={'ip6gre0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}})
recvmsg$unix(r4, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
r10 = socket$kcm(0xa, 0x2, 0x88)
setsockopt$sock_attach_bpf(r10, 0x1, 0x41, &(0x7f0000000040)=r9, 0x4)
sendmsg$kcm(r10, &(0x7f0000000580)={&(0x7f00000001c0)=@in6={0xa, 0x4e21, 0x4, @mcast2, 0x9}, 0x80, 0x0}, 0x4000080)
recvmsg$kcm(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/22, 0x8}, 0x40012000)
r11 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800067c00001001a8001600a40003", 0x37}], 0x1}, 0x0)
sendmsg$inet(r11, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a17c45c8d260c9", 0x33fe0}], 0x1}, 0x0)

2.166099128s ago: executing program 3 (id=15153):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x820d}, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x7, 0x2}]}}}], 0x18}, 0x4000000)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000032000b07d25a806f8c6394f90824fc60", 0x14}], 0x1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.694993788s ago: executing program 0 (id=15154):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000009c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, 0x0, 0x10022)
socket$kcm(0x10, 0x2, 0x0)
getpid()
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf35ed9d13bf18e45, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x32, 0x43a1bd76, 0x7, 0xa, 0x6c9, 0x3, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x6, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xed, 0x7, 0x0, 0xfd, 0x0, 0x8, 0x400, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0xffffffffffffff7f}, 0x111311, 0x1, 0x0, 0x1, 0x20000, 0x0, 0x1, 0x0, 0x8000}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="007c81baae2725c00400000000000400040000005e5dddcf63979b7a27f83c54d922d22a7c289fbf79fa247097631ad2fadd6ecda3a183a113a707157e5122168e5363d5664130f647ee0d7a676c7d582245ccd3687b0b443894e65cfee49ac2396e38c87d821960694512a45d47f29774cabda277b3ecbd0e7036ac875304e51ed0c1ee41831f6299140794d197a11291ff54326cfceccc2936a45442a6996f9af4d8243d3eaf890b2f3b66855ebb782a646640a167e0c2e22303029aca469af1058e02fbc76f4c2e09", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0xf}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/105, 0x0, &(0x7f0000000580)="bca13f58108937270789108abef62fc69699d33b5b5ef0def2fb77dbb117902c28122e2f2fb8ac793c47db676efd92aeacef4f223cdb490d7eaa0860b0f1abaaad5a58cd7e5855b48a7272e2854fda05f41a005d555f788cac0ce588812f48ec13a49b934fcfa64f4862f43adc0335ee9a202360de774f6123ff", 0x7, r2, 0x4}, 0x38)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={&(0x7f0000000300), 0x3}, 0x0, 0xbdc4, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
ioctl$TUNSETPERSIST(r3, 0x400454c9, 0x200000000000001)
ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000d700007111b700000000008510000002000000850000000500000095000004400000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x5, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r5)
getpid()

1.635033987s ago: executing program 1 (id=15155):
r0 = getpid()
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x100000010, 0x1d66ef49}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x4, 0x6, 0x2, 0x0, 0x0, 0x0, 0x100000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4fb5b6f85a83c771}, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffff04000000088925423e000000ff01000000000000bbdd4e67f9be0100001080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x40000000)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce810203290800000000000000000000ffffac14140a000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000)
r6 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0xb, 0xc}]}, 0x94)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r6, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10)
sendmsg$inet(r6, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

1.49769616s ago: executing program 3 (id=15156):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x2e, 0x12)
close(r0)
socket$kcm(0x2, 0x922000000001, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c012)
write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB="beaa000000000000791008000000000018120000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000480)='syzkaller\x00'}, 0x94)

1.49662505s ago: executing program 2 (id=15164):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x820d}, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x7, 0x2}]}}}], 0x18}, 0x4000000)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x40009, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0xff, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000032000b07d25a806f8c6394f90824fc60", 0x14}], 0x1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c"], 0xfdef)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.341523936s ago: executing program 0 (id=15157):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x60}, 0x94) (async, rerun: 32)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) (async, rerun: 32)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) (async)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400000000004, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x2, @perf_config_ext={0x0, 0xbf34}, 0x0, 0x32, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r2, 0x110, 0x2, 0x0, 0x4c) (async)
r3 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d32, 0x80, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x4000000005}, 0xc003, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8a10ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 64)
ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x1) (async, rerun: 64)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@o_path={&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x4000, r1}, 0x18) (async, rerun: 64)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) (async, rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1005, 0x0, 0x0, 0x0, 0xa8000}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000}, {0x85, 0x0, 0x0, 0xc8}}]}, &(0x7f00000005c0)='GPL\x00', 0x7, 0x78, &(0x7f0000000b80)=""/120, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8983, &(0x7f0000000080)) (async)
r7 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001900599c6d0e00009bd028ef8020ab0700040005"], 0xfe33)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000f00), 0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf810000000000000708"], 0x0, 0x5}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="8c38f0ff10"], 0x0, 0x42, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1d38}, 0x94) (async, rerun: 64)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa0677"], 0xfdef) (rerun: 64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.165342026s ago: executing program 1 (id=15158):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e", 0x3c0}], 0x1, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3b}}, @ip_tos_u8={{0x11, 0x29, 0x3b}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}], 0x50}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r0, &(0x7f0000000780)}, 0x20)

996.477624ms ago: executing program 2 (id=15159):
r0 = getpid()
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x100000010, 0x1d66ef49}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x4, 0x6, 0x2, 0x0, 0x0, 0x0, 0x100000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4fb5b6f85a83c771}, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffff04000000088925423e000000ff01000000000000bbdd4e67f9be0100001080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x40000000)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce810203290800000000000000000000ffffac14140a000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000)
r6 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0xb, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
close(r8)
recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$inet(r6, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

839.98926ms ago: executing program 0 (id=15160):
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

839.29838ms ago: executing program 1 (id=15161):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x2, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000880)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6}]})
socketpair(0x11, 0x1, 0x4, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x11, 0x2, 0x4, 0x5, 0x24001, r0, 0x3, '\x00', 0x0, r0, 0x4, 0x0, 0x2}, 0x50)
perf_event_open$cgroup(&(0x7f00000001c0)={0x4, 0x80, 0x0, 0x81, 0x6, 0xe, 0x0, 0x8, 0x8000, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40000009, 0x4, @perf_bp={&(0x7f0000000140), 0x8}, 0x0, 0x1, 0x7fffffff, 0x9, 0x3, 0x7fff, 0x7, 0x0, 0x8, 0x0, 0x100000004}, r0, 0x10, r0, 0x2)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b9040a1d08020a000000040000a1180002003f00000000000e1208000f0100810401a80016ea1f1406400303000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08002a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r5 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[], 0xfdef)
r6 = openat$cgroup_ro(r0, &(0x7f0000000600)='cpuacct.usage_sys\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000f5ffc96adcffff0000000008000000183800000300000000000001000000009500000000"], &(0x7f0000000100)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x40f00, 0x9, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x6}, 0x62, 0x10, &(0x7f00000005c0)={0x3, 0x7, 0x9, 0x23}, 0x10, 0xffffffffffffffff, r0, 0x1, &(0x7f0000000640)=[r0, r0, r0, r0, r0, r0, r0, r0, r6, r0], &(0x7f0000000680)=[{0x5, 0x2, 0xb}], 0x10, 0x2}, 0x94)
recvmsg(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002a80)=""/4096, 0xfdef}], 0x1}, 0x10021)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000440)=""/183}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080))
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0xb101, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000800)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x41}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
close(r0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20340, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xb35a, 0x35, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

619.115307ms ago: executing program 0 (id=15162):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x2e, 0x12)
close(r0)
socket$kcm(0x2, 0x922000000001, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c012)
write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB="beaa000000000000791008000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000bf0300000000000085"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)

513.630994ms ago: executing program 2 (id=15163):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x65}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e00000009000000090000000180000001690600", @ANYRES32=0x1, @ANYBLOB="c26c0008000007"], 0x50)
write$cgroup_subtree(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="24000000660091ef"], 0xfe33)
r2 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000045c0)={r1, &(0x7f00000025c0)="d20b760ef45bf0c8d7f8d243e8eb4e087d9fbe588823cdbe6860b23bf6b978588002ccbcd996053611b99277d76df28bfb51fd2e4a0b1b9dc5e1cba79c556aca6642ba661c8ecc83ba475992a7313d0dc2ce545fbb9df04d3cb00910799092ae53d1480f254d680662554dd5f457b77dd89e2ae09ee0744b69f273f56d605ca7960adb03a3967fde33135bf734c3fc24f2a98998c5312ff0f3d4b22c0e3e8019c492d10c9d18c46bc1bc1c233070e683fb03ebfd3086a234a2b8b2480fcd0b89c5da2a633db36f6adc00c0655e51d2f1f9c765e038323722014374620a6d153de60a9208023ffa6036f93a1b2e787b2fb9f30001b598d71924f7c464b1bc6042ab0162a1604ab6b7c315241c813bff6d683d9563dfc74bb6e378ef488bd7cdc2467d291ab081f2153510432c31a79db9d2744998fc0ce5c5663f4bd2df917cc6d6411b37b83f780d83dc8db3affec084d7927494f61cf80bd4d5662ea4c205c2a76a55b44a09ff57cfeb3137ad6b5a02b39e9c465cbccbd48ee8fb3bfad92aa2d19e3a4d1d1c400a419e8beedf9b18b12f94a67f80ff8f8d65b9491fdb9149a153eb6d709c1b827359d448ccb3435eb6207516af02caeae10881a80e25ee207bd8dfb02f988600ada340e27c9a966e3d8509baaeed47f2c0cde425e608d7152c287596dad4b0a8a999d1deeb272d3131a17a470f7ccbe6921d0c7eee1240453538b26065562f4e2fe05deebddc0cb27c98ca96a622386683bda40ed4239dbf0d12c4fb9a5afa5afe2d7fc1c0e5876f68b3b12748960c2d3688b66eb53855173cf7059db955755b7d52b602b381a82f642afb06b43030bb8cd743fff322faec93904ea068f0e7e4d004a6184f19f2cb826166c2ddd818c868b7822628f125c3da057f5a75dd62f3dd8e205fd3a9ec6426f3cfcc845939b906ec0d45284349667ef3e9fbc30d4c8349d4bf4cf151199f0c70a84a290e8c69bf2363e4c15c46f1b18769853cfc6bd14c3656579c66dc6bf81a02c04e100cd169a0173650dcf73d0448600c5e446c2626d328dc59aa05fb08d6b10e5c0b03a19c7d4bfdec2aa747f6c47386e5284037a74e3a2faf5ef9c4413823b091ebf864f0e792a5fd8ae8957756c32dd45a91a242837d0a6c25f58eb9d478a433cd921d5c42a2e1cc2dfbc4567245b92987906c642fc2d29c2db384d030f80652512c8f8074171bb36fe1eadb668c9c66ffe7e77ea1fc60812f216755d025b2802f3b9dc848f3efa426e6b511ff8b80735fca2efd79fbae58cf8ede964f4e185782c228591cd9f23f6426b33b670e0685c4d1473de379c1f52604cd3d10687ef2df0658571e3bedf0b456db4776c55c95330ee339aa549a912db748a44f23afe2f8c8405f3531925175907f3c975550de6b501713082b0515ecf4a96d99eedf8d5ed4f98bdf1d47b8eaf4a74ff44422aa778e76fb70c617b12f885d686cda2289af13214029f649549d7e749c20e8534817eca50730ca0f4094f8251a8110721b1c4c527027a96413433b22b62e6b5378e4753cb62d208e08fa5f2c66d0ba5536f56d228971aeb0e4dd73e8bc83905d5c829f5c6fdd63d4f8bf225d83a5fc33bf9e656ba423b0d0831eee2f7a19ccc00d7b8a39cb4709b4d42b964e68c227d3177f8d01b6b4e8b0e7ade6cad69bec076dcddd407b101e8d74e7948ade366dc337b57f5e1e80e26ce3ef13975e8bb1d06ed9c4d65dfe378a06e37fd83dad38a334aefb769bbbd17c8bb7f0914d24aa998c45eca5ce7f94053b3edab6730c64d9a917255703204e54495e52729c5694b2eddae11ece4a2b0f99d28a0017f73f6d3136e14d9a5e558774f7213ae4d1f2171ff5815f58968093af3108778f9fe0376355e955451f671beb37d2fc6e7b8d6eb6874273269904020e183f44f8683cc75e7c8612b9022b0db8af4156f1d9579f7e762c1571c4a05d0edda2b421e033224955e690430283615ee0559ab446d3d18d5141a8ee212e1cf679ada704f3be008d9f99e67b6e29d5e2d0f0edc1ae7c505ba8ebf131798785de9a31b7facea13f599a5c5db5922bd2fd56d16ff06ad2d4c21f9cfeff1ae0649c05576868843e3200aa778c1e50eddbb0ed9890d8c92eab02feddf9ef966a294c1a9687e19c3c011b4f6d45c2a872d36a62f1151e8113e99e7b5e623a7de2437b4d2c8f8305d58691f432393d09381bc3efadd176dc53d5a03f1a1af8eef9e7b52b40c6890881d410e735e0958928d10840b0450ee4f0bea3b46dfd5e71247c07dfe03f965d5b1bcd8b80ce5243e1bded02bf8e383c8be73fedf381838019dc3d410da9c3cbfbe14f91986c3e680df5fa8d523fd509347c3a35fbeec10e11c3f55706701bc5b8eeeddaa4b1cf97854260329b64d66f4636e403db4f149cfd31d041fd56bd7c03b245c8cb7563df2a6b625183ee3b8b2cfec1f9f6cb3b186624911fb45415ed9e9272278a4022b0eb64838a34d28235444bad8ae443d42804c206473c0053ff9d452b8f0093aed74751d733e46c23cda3aacef98fe856e135e7bafeeccf4c8c454a9e1dd97de31de9c5338ee58b1b35d5436056ca8f3774933eff42c8eb7eae8087839bb5b6d6c96b849ea6bc8dea34a10e19fc8d0460298f640fe3f7245273be9ad6c80b701eacc66ddb59527d962a0f49f5aea94e197e527a8f7702d78577a9bc1d203a8de0d8088dd35e7bf27bb5e31ad7d0f1f002befbbc270305e2dfb64197d1248b410d2829fdfbc85475eba9346f76304dca4ad49a945a9f7694cc1236a5b36b1595513fa9b6e11198ee2f151c812972de3c39033c38490406a4cf6eae7554a8893acebe79c504e7b9689be9be2be3b4cf796251cce1dd313238c54035d2ea477160b1fdfee792f734feafd050f8ed1681310d355c25ec09ebdf3bc50dfd442a56447b82b3323d8b6edd3a1f60076a3a1cd997c38285cb8bf74e0f5967d5eed8e3e9e0244f432c97d3a0b5ac5a82866195a54d41f3b79f342d9d292735bd5d874250acd3fdf9c601f815a6655c5c15352a46ee00f041ba07e9d6826bb1a13d28e8e757519a16693d4878b4d94c4afb383b327cd9bfbdb8142405fafc8af3020cb1867a2b9004fcd84914c6cf75e44c3e21e9b332a430dcdc07ead247c401fbf6ffa00e2b9188971a2eaed058f97692a7ed98156b1be6f7efbb5bba2bf76b12c1de1ca547f936c69c43dcad03eae9ab4f974a48df826f1d0b57d52d53d8ac0587669f11e8932c13799508a80c771ad6c69685fcaf2fce288f4df27ab28296c1b88ce41037a0bf776ff8266b68c3cff63af6925de2a64551f1e083cbd8b1d32ef57b3e8982280510005d798354a51560d21bb712e5e7568a699827a052f1851187f4437d9492caea83a1516bcdd204b6ed709831e1bab8f7b3d145a2ebb0fa79efb20e63d7c623d0a092050b58af12f708b81f5bea9099593128c7273461d0e6b1ee12fce85e5d6375a10f399c0aa4f08f1012b0098fa0e7f3fc9b8784694bac57af3f96799f7f8a2f599e15e190baafa545181e61a6210099f1b3267a141797cd35cd711ef9ef4572e136119d45ce3c03b1e0daa103203acb7e2292ef9bbc0d3690a47371dc7d387280427e61c34edd5352b074ac7ceecc8a0d621bdeb22a85eb5be8c5a66511e0c17d7d079734ac089ff5c6e84c70eac47e13c7941add17778075c450d7a7ab2c0b5a7b6d8a049487fe6edd8f56640537433823b9b8278f5cd132cdb511cc794dbe6747f7f14bdf9c93b80178daba7fd4d663dc1679cb162e0d32ec1be513f74466910c6402f21a3596c849d2e55d91aec7eea25f732e9deadaf29944ab2ebd312dd2de7381b6e7327b573c53f09ffd929113cb366f5a682c32e0bde5ad0256a1e009a200e3e07f81d79e9d4086bb5a877306dc0ac783cde2978c9d69b8770f5e4812a58d73c41050d200b2a730dbb2036977db339b9048dbee8a2c0b6aa500f883e045f208d3e7fb2f2044d617a1b959405c53894363be44dcf360dc06341308fa38ddba155544d272847154e08d5c009c1d37a8ff02476de7bc9b0de1833687085ac1ca7f0388670ecbbda3d246c5b783e088ce45360a1ced9e80c62383787ecc4be02f30d3fd56f3562f7ce4e0f5099bb1e2fa7a880c982977c839199a31eeccfccf45da48c251259f8fcec12a65e924ea5ce415d6210fb0d452ccfaeb6e910c4071f604888e6f0592047e2b02b926ca5473306507c86f27bed5d0e5bb8a8133e27f99087310559ccb119e9f66fa097325ab8db0de5a6e33e6017506aa8cfa1a791135b9d97ad59bb7e888fa51d041870f39daee44aac23fe5fc9a068e3f27a578b1783d4081d7ec003a359b0a8df4f41e67c95c53803faa6fb6be76972ce9b3de723419fd12648af411c1822734adfaae5f58cf2dec110740f58f4dd0d2cfe1d22ed5eecd3f4b1fc7963c1102bd02052bedb0653c11bff8b33e2e80507f3738c65eea9293135d6e9e122c43114f028b2f67bfe25b58e8b1dc1bd5e1f6c0b68718b8792f2691ac8eef5f15a9035eaf019391ea22f1c042c6e9f066756d5771449f57e6e9aa5d207e8e64a830ff22b1ca2ffa2a1d94e45fa2d247164ba54f788d124c657b44a45b272936b08b648f60e510f8f8641fa21e8788e7f7b297aa619b7f8aae7fcb13f0377db8e7d3975954e9bcd8856357c355c734fb93b6b783fe146583bb90d67626197b38ed3a0320d03b71af20d2a56cb4b8a9e5e738f1ac6efd961e4baadbd458dd48af3c7ad01f9fef8fe839b7e7e0aaf0275eca3992857dc09f3bd21ddf7dbf12b9e7266bffd43c47bd06ca6636a82ed54bd301e211fa40e24a1ef5844c3740df3c8a56d03aa9bf938b4fa24d51d8f051cf7b196057194a3b69e97c15262dcb6d2330fc633df65cd4bec0b77c7694786829fd4199df8b670ac35e10edab59cf0d838dc3ad3a24da51cc6e9c1df3c64bbefe54872ca87eeffdab5f2afd1aead7b6d14e2cf640aeea29700cc6ed88ddcdd2ef624f4abc535c5db555d2402771c7be1757a9221780ce4bf7649f84a1dbc4c58a49b2d3422965945bb3dd0df2c6c9e8ccb3269570dd4d528895e9c359459de4ef4c1ea8c58554b3ba0ab894e3fb097fca47854e32fb1f94a923cf29054a083edebeb6e706cb391801c5a11232bc7b61d8af581c0ad40d8dfa7a2a17c8a2bca40e54edb5aa2779b5f835430ae70e952e0f816f0c6f06ef5f4a147a49048be2af96fa01edfc235c9d06c0699f60b562e46390fe40940413f99ac2b9a90138350b63b37ecd350dd82f0293af85bcc1b440ff650e4356e29093f773c44dff6b51824cb20e132c715da1b0b70130315135ead12a98987baa0a1e656b418556039cb3d2a63023b7f73503e2e93bed7f356bbd32050b53a96c55f0ee9f78c4006937b1ae7dcc167988c56da3de4d49e2c159532a3279b2f5f4f3948e85d171f252699c2fe2fecbe5e86b5f9eed112e67b46cc61a9fd78338266b64abb26fd83601839267c1fa1cf894969e1e57a39b3df58185f6c6924e405ab4f6f18629f9d68884af5d6c66109f08e87210b50a008deebc37dcfc8ef1d57b62eb641808e9779bc63e14f7b961b8de03857d95be551e5c692b5fd275d10c9c13ec863f78507f0aa68a422dca90c611c4b3356ddf9927c04aeef3891e7ea171549635cdf9e52eea97ff140048203d97c4dbb1edf711843f4a8e0da28248bdeb05e8f05204520821a20465ea8aefb2c6e67408e28068b22170c0e4cf096d1914cbf4c49965b281f89d95ba739eeade1077184eff8d", &(0x7f00000035c0)=""/4096}, 0x20)
sendmsg$kcm(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a00100000000580607ee622", 0x2e}], 0x1}, 0x0)
recvmsg$kcm(r2, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000000)=""/35, 0x23}, {&(0x7f0000000540)=""/4096, 0x1000}], 0x2, &(0x7f0000001580)=""/4096, 0x1000}, 0x0)

464.891042ms ago: executing program 3 (id=15165):
r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000, 0x0, 0x0, 0x0, 0x0, 0xda}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
syz_clone(0xc920000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x2, @perf_bp={0x0, 0x9}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x9, 0x2, 0x812, 0x0, 0x0, 0x0, 0x22009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0xff, 0xfd, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x1, 0x0, 0x6, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x81ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x38)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x9}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000020006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

128.727688ms ago: executing program 1 (id=15166):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000009c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, 0x0, 0x10022)
socket$kcm(0x10, 0x2, 0x0)
getpid()
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf35ed9d13bf18e45, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x32, 0x43a1bd76, 0x7, 0xa, 0x6c9, 0x3, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x6, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xed, 0x7, 0x0, 0xfd, 0x0, 0x8, 0x400, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0xffffffffffffff7f}, 0x111311, 0x1, 0x0, 0x1, 0x20000, 0x0, 0x1, 0x0, 0x8000}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="007c81baae2725c00400000000000400040000005e5dddcf63979b7a27f83c54d922d22a7c289fbf79fa247097631ad2fadd6ecda3a183a113a707157e5122168e5363d5664130f647ee0d7a676c7d582245ccd3687b0b443894e65cfee49ac2396e38c87d821960694512a45d47f29774cabda277b3ecbd0e7036ac875304e51ed0c1ee41831f6299140794d197a11291ff54326cfceccc2936a45442a6996f9af4d8243d3eaf890b2f3b66855ebb782a646640a167e0c2e22303029aca469af1058e02fbc76f4c2e09", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0xf}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/105, 0x0, &(0x7f0000000580)="bca13f58108937270789108abef62fc69699d33b5b5ef0def2fb77dbb117902c28122e2f2fb8ac793c47db676efd92aeacef4f223cdb490d7eaa0860b0f1abaaad5a58cd7e5855b48a7272e2854fda05f41a005d555f788cac0ce588812f48ec13a49b934fcfa64f4862f43adc0335ee9a202360de774f6123ff", 0x7, r2, 0x4}, 0x38)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={&(0x7f0000000300), 0x3}, 0x0, 0xbdc4, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
ioctl$TUNSETPERSIST(r3, 0x400454c9, 0x200000000000001)
ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000d700007111b700000000008510000002000000850000000500000095000004400000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x5, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r5)
getpid()

0s ago: executing program 0 (id=15167):
r0 = getpid()
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x100000010, 0x1d66ef49}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x4, 0x6, 0x2, 0x0, 0x0, 0x0, 0x100000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4fb5b6f85a83c771}, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffff04000000088925423e000000ff01000000000000bbdd4e67f9be0100001080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x40000000)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce810203290800000000000000000000ffffac14140a000000000000000000000000ac1414aa"], 0xfdef)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0xb, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=r8, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x1}], 0x1}, 0x80d1)

kernel console output (not intermixed with test programs):

ff ff ff f7 d8 64 89 01 48
[ 2567.031030][T14368] RSP: 002b:00007f57f3cdb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2567.039495][T14368] RAX: ffffffffffffffda RBX: 00007f57f3015fa0 RCX: 00007f57f2d9c819
[ 2567.047514][T14368] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 2567.055539][T14368] RBP: 00007f57f3cdb090 R08: 0000000000000000 R09: 0000000000000000
[ 2567.063558][T14368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2567.071569][T14368] R13: 00007f57f3016038 R14: 00007f57f3015fa0 R15: 00007ffe7991e268
[ 2567.079604][T14368]  </TASK>
[ 2567.502711][T14377] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2567.504492][ T8875] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2567.541255][ T8875] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2567.627356][T14377] netlink: 'syz.3.13882': attribute type 3 has an invalid length.
[ 2567.639822][T14377] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.13882'.
[ 2567.902017][T14392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2568.945238][T14415] netlink: 'syz.3.13892': attribute type 21 has an invalid length.
[ 2568.953272][T14415] netlink: 'syz.3.13892': attribute type 20 has an invalid length.
[ 2569.596808][T14432] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2571.911742][T14476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2573.565835][T14516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2574.586200][T14543] netlink: 'syz.2.13941': attribute type 21 has an invalid length.
[ 2574.623600][T14543] netlink: 'syz.2.13941': attribute type 20 has an invalid length.
[ 2575.300325][T14548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2575.414537][T14553] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2575.442000][T14553] netlink: 'syz.2.13944': attribute type 3 has an invalid length.
[ 2575.450860][T14553] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.13944'.
[ 2577.385089][T14585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2577.739174][T14601] netlink: 'syz.3.13960': attribute type 21 has an invalid length.
[ 2577.800415][T14601] netlink: 'syz.3.13960': attribute type 20 has an invalid length.
[ 2578.188665][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2579.510045][T14627] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2581.832874][T14673] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2582.173481][ T8875] wlan1: Trigger new scan to find an IBSS to join
[ 2583.142532][T14705] netlink: 'syz.2.13995': attribute type 21 has an invalid length.
[ 2583.177745][T14705] netlink: 'syz.2.13995': attribute type 20 has an invalid length.
[ 2583.331836][ T8875] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2583.681806][T14717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2584.528517][T14738] netlink: 'syz.2.14007': attribute type 21 has an invalid length.
[ 2584.542503][T14738] netlink: 'syz.2.14007': attribute type 20 has an invalid length.
[ 2586.017089][T14756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2586.439935][T14769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2586.658975][T14777] netlink: 'syz.3.14018': attribute type 21 has an invalid length.
[ 2586.698196][T14777] netlink: 'syz.3.14018': attribute type 20 has an invalid length.
[ 2587.824555][T14791] netlink: 16098 bytes leftover after parsing attributes in process `syz.3.14023'.
[ 2589.090121][T14817] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2589.156050][T14817] netlink: 'syz.2.14030': attribute type 3 has an invalid length.
[ 2589.167349][T14817] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14030'.
[ 2589.480554][T14831] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.14036'.
[ 2590.512175][T14844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2590.731937][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2590.739052][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2591.123752][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2591.239942][T14870] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2591.415911][T14870] netlink: 'syz.2.14051': attribute type 3 has an invalid length.
[ 2591.612744][T14870] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14051'.
[ 2593.476863][T14913] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2593.622781][T14913] netlink: 'syz.2.14063': attribute type 3 has an invalid length.
[ 2593.641566][T14912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2593.664521][T14913] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14063'.
[ 2593.861303][T26550] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2593.861333][T14924] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2593.881819][T26550] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2593.930083][T14924] netlink: 'syz.0.14067': attribute type 3 has an invalid length.
[ 2593.939617][T14924] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14067'.
[ 2595.877442][T14959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2595.979547][T14972] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2596.021489][T14972] netlink: 'syz.2.14082': attribute type 3 has an invalid length.
[ 2596.030432][T14972] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14082'.
[ 2596.176811][ T8873] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2596.191198][T14977] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2596.202469][ T8873] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2596.244475][T14977] netlink: 'syz.3.14084': attribute type 3 has an invalid length.
[ 2596.253760][T14977] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14084'.
[ 2598.090142][T15011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2598.167445][ T8875] wlan1: Trigger new scan to find an IBSS to join
[ 2600.357790][ T6961] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2600.368176][ T6961] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2600.382730][ T6961] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2600.392601][ T6961] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2600.404126][ T6961] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 2600.413133][ T6961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2600.498167][ T8873] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2600.588946][T15066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2600.698969][ T8873] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2600.824229][ T8873] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2601.011758][ T8873] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2601.780773][T15061] chnl_net:caif_netlink_parms(): no params data found
[ 2602.484086][ T1065] Bluetooth: hci1: command tx timeout
[ 2602.779809][T15114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2603.212521][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2603.603796][T15061] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2603.621611][T15061] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2603.705981][T15061] bridge_slave_0: entered allmulticast mode
[ 2603.734861][T15061] bridge_slave_0: entered promiscuous mode
[ 2603.861972][T15061] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2603.888063][T15061] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2603.899488][T15061] bridge_slave_1: entered allmulticast mode
[ 2603.916338][T15061] bridge_slave_1: entered promiscuous mode
[ 2604.051247][T15061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2604.241492][ T8874] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2604.335255][T15061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2604.569589][ T1065] Bluetooth: hci1: command tx timeout
[ 2604.848621][T15061] team0: Port device team_slave_0 added
[ 2604.948819][T15061] team0: Port device team_slave_1 added
[ 2604.998485][T15061] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2605.006564][T15061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2605.038205][T15061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2605.109612][T15061] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2605.128557][T15061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2605.213468][T15061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2605.421526][T15173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2605.619492][T15061] hsr_slave_0: entered promiscuous mode
[ 2605.642834][T15061] hsr_slave_1: entered promiscuous mode
[ 2605.655410][T15061] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2605.666690][T15061] Cannot create hsr debugfs directory
[ 2606.155245][ T8873] vlan0: left allmulticast mode
[ 2606.160244][ T8873] vlan0: left promiscuous mode
[ 2606.188750][ T8873] À: port 1(vlan0) entered disabled state
[ 2606.364730][ T8873] hsr_slave_0: left promiscuous mode
[ 2606.378659][ T8873] hsr_slave_1: left promiscuous mode
[ 2606.439378][ T8873] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2606.463344][ T8873] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2606.485463][ T8873] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2606.492990][ T8873] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2606.542972][ T8873] bridge_slave_1: left allmulticast mode
[ 2606.583474][ T8873] bridge_slave_1: left promiscuous mode
[ 2606.589398][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2606.621768][ T8873] bridge_slave_0: left allmulticast mode
[ 2606.633413][ T8873] bridge_slave_0: left promiscuous mode
[ 2606.639885][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2606.648379][ T1065] Bluetooth: hci1: command tx timeout
[ 2606.744844][ T8873] veth1_macvtap: left promiscuous mode
[ 2606.761743][ T8873] veth0_macvtap: left promiscuous mode
[ 2606.787421][ T8873] veth1_vlan: left promiscuous mode
[ 2606.800537][ T8873] veth0_vlan: left promiscuous mode
[ 2607.935876][ T8873] team0 (unregistering): Port device team_slave_1 removed
[ 2607.999746][ T8873] team0 (unregistering): Port device team_slave_0 removed
[ 2608.062710][ T8873] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2608.127987][ T8873] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2608.585091][ T8873] .` (unregistering): Released all slaves
[ 2608.724225][ T1065] Bluetooth: hci1: command tx timeout
[ 2608.732885][T15207] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2608.783103][T15212] netlink: 'syz.2.14141': attribute type 3 has an invalid length.
[ 2608.801641][T15212] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14141'.
[ 2609.341764][T15228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2610.851248][T15061] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 2610.884923][T15061] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 2610.918465][T15061] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 2610.948283][T15061] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 2611.125531][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2611.403078][T15061] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2611.446617][T15061] 8021q: adding VLAN 0 to HW filter on device team0
[ 2611.500128][ T8874] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2611.507387][ T8874] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2611.539525][ T8874] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2611.546834][ T8874] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2611.911956][T15282] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2611.933467][ T8874] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2611.948426][ T8874] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2611.980094][T15277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2611.997098][T15282] netlink: 'syz.0.14155': attribute type 3 has an invalid length.
[ 2612.008026][T15282] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14155'.
[ 2612.231113][T15061] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2612.336391][T15061] veth0_vlan: entered promiscuous mode
[ 2612.389072][T15061] veth1_vlan: entered promiscuous mode
[ 2612.766895][T15061] veth0_macvtap: entered promiscuous mode
[ 2612.833995][T15061] veth1_macvtap: entered promiscuous mode
[ 2612.960042][T15061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2613.073539][T15061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2613.127195][T15061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2613.175511][T15061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2613.241547][T15061] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2613.286661][T15061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2613.313700][T15061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2613.341965][T15061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2613.363144][T15061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2613.389138][T15061] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2613.421926][T15061] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.452676][T15061] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.483496][T15061] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.492318][T15061] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2613.734098][ T8875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2613.756615][ T8875] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2613.881870][T26550] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2613.890426][T26550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2614.185793][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2614.248013][T15331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2614.370553][T15336] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2614.430884][T15336] netlink: 'syz.1.14103': attribute type 3 has an invalid length.
[ 2614.439492][T15336] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14103'.
[ 2614.529598][T15060] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2614.530061][T15348] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2614.550591][T15060] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2614.601961][T15348] netlink: 'syz.0.14166': attribute type 3 has an invalid length.
[ 2614.618096][T15348] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14166'.
[ 2617.123677][T15060] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2617.215604][T15407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2617.259216][ T8875] wlan1: Trigger new scan to find an IBSS to join
[ 2617.914884][T15423] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2617.980741][T15423] netlink: 'syz.1.14177': attribute type 3 has an invalid length.
[ 2617.994900][T15423] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14177'.
[ 2619.811241][T15449] netlink: 'syz.3.14186': attribute type 3 has an invalid length.
[ 2619.820477][T15449] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14186'.
[ 2622.202433][ T8875] wlan1: Trigger new scan to find an IBSS to join
[ 2631.131244][T15506] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2631.131687][ T8873] wlan1: Creating new IBSS network, BSSID c6:2d:a3:2a:cd:f2
[ 2631.149841][T15188] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2631.162788][T15515] netlink: 'syz.0.14202': attribute type 3 has an invalid length.
[ 2631.167129][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2631.179676][T15515] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14202'.
[ 2632.302925][T15528] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2632.321485][T15534] netlink: 'syz.2.14206': attribute type 3 has an invalid length.
[ 2632.330541][T15534] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14206'.
[ 2633.548192][T15561] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2633.558073][T15188] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2633.566670][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2633.583201][T15561] netlink: 'syz.0.14215': attribute type 3 has an invalid length.
[ 2633.594032][T15561] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14215'.
[ 2635.056763][T15579] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2635.067332][T15060] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2635.088301][T15582] netlink: 'syz.0.14220': attribute type 3 has an invalid length.
[ 2635.089701][T15060] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2635.104942][T15582] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14220'.
[ 2636.169803][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2636.903497][T15612] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2636.925417][ T8875] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2636.952205][ T8875] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2636.960798][T15612] netlink: 'syz.3.14229': attribute type 3 has an invalid length.
[ 2636.973030][T15612] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14229'.
[ 2639.840384][T15666] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2639.853544][T15188] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2639.861931][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2640.176460][T15675] netlink: 'syz.2.14250': attribute type 29 has an invalid length.
[ 2640.208149][T15675] netlink: 'syz.2.14250': attribute type 29 has an invalid length.
[ 2640.243619][T15676] netlink: 'syz.2.14250': attribute type 29 has an invalid length.
[ 2641.214346][T15060] wlan1: Trigger new scan to find an IBSS to join
[ 2642.312010][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2643.379520][T15731] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2643.384698][ T8869] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2643.397990][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2645.717435][T15767] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2645.901775][T15767] netlink: 'syz.1.14277': attribute type 3 has an invalid length.
[ 2645.912604][T15767] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14277'.
[ 2645.992392][T15778] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2646.001028][ T8875] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2646.022309][ T8875] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2648.176360][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2648.448980][T15822] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2648.478582][T15822] netlink: 'syz.1.14293': attribute type 3 has an invalid length.
[ 2648.487468][T15822] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14293'.
[ 2650.885750][T15859] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2650.901910][T15060] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2650.933377][T15060] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2651.131625][T15859] netlink: 'syz.3.14304': attribute type 3 has an invalid length.
[ 2651.200841][T15859] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14304'.
[ 2652.171119][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2652.177901][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2652.551248][T15889] netlink: 'syz.3.14315': attribute type 28 has an invalid length.
[ 2652.559850][T15889] netlink: 'syz.3.14315': attribute type 3 has an invalid length.
[ 2652.579388][T15889] netlink: 132 bytes leftover after parsing attributes in process `syz.3.14315'.
[ 2652.605431][T15889] FAULT_INJECTION: forcing a failure.
[ 2652.605431][T15889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2652.647558][T15889] CPU: 1 PID: 15889 Comm: syz.3.14315 Not tainted syzkaller #0
[ 2652.655237][T15889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2652.665459][T15889] Call Trace:
[ 2652.668817][T15889]  <TASK>
[ 2652.671816][T15889]  dump_stack_lvl+0x18c/0x250
[ 2652.676589][T15889]  ? show_regs_print_info+0x20/0x20
[ 2652.681876][T15889]  ? load_image+0x420/0x420
[ 2652.686476][T15889]  ? __might_fault+0xaa/0x120
[ 2652.691247][T15889]  ? __lock_acquire+0x7d40/0x7d40
[ 2652.696352][T15889]  should_fail_ex+0x39d/0x4d0
[ 2652.701129][T15889]  _copy_from_user+0x2f/0xe0
[ 2652.705802][T15889]  kstrtouint_from_user+0xde/0x170
[ 2652.711071][T15889]  ? kstrtol_from_user+0x190/0x190
[ 2652.716323][T15889]  proc_fail_nth_write+0x8f/0x250
[ 2652.721438][T15889]  ? proc_fail_nth_read+0x260/0x260
[ 2652.726735][T15889]  ? proc_fail_nth_read+0x260/0x260
[ 2652.732023][T15889]  vfs_write+0x296/0x990
[ 2652.736355][T15889]  ? file_end_write+0x250/0x250
[ 2652.741290][T15889]  ? __fget_files+0x28/0x4b0
[ 2652.745984][T15889]  ? __fget_files+0x28/0x4b0
[ 2652.750672][T15889]  ? __fget_files+0x43d/0x4b0
[ 2652.755452][T15889]  ? __fdget_pos+0x2a3/0x330
[ 2652.760115][T15889]  ? ksys_write+0x75/0x260
[ 2652.764636][T15889]  ksys_write+0x150/0x260
[ 2652.769038][T15889]  ? __ia32_sys_read+0x90/0x90
[ 2652.773905][T15889]  ? lockdep_hardirqs_on+0x98/0x150
[ 2652.779180][T15889]  do_syscall_64+0x55/0xa0
[ 2652.783637][T15889]  ? clear_bhb_loop+0x40/0x90
[ 2652.788353][T15889]  ? clear_bhb_loop+0x40/0x90
[ 2652.793084][T15889]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2652.799029][T15889] RIP: 0033:0x7f589915d04e
[ 2652.803508][T15889] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2652.823176][T15889] RSP: 002b:00007f589a064fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2652.831663][T15889] RAX: ffffffffffffffda RBX: 00007f589a0656c0 RCX: 00007f589915d04e
[ 2652.839706][T15889] RDX: 0000000000000001 RSI: 00007f589a0650a0 RDI: 0000000000000004
[ 2652.847843][T15889] RBP: 00007f589a065090 R08: 0000000000000000 R09: 0000000000000000
[ 2652.855868][T15889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2652.863895][T15889] R13: 00007f5899416038 R14: 00007f5899415fa0 R15: 00007ffff87aed68
[ 2652.871947][T15889]  </TASK>
[ 2653.214391][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2653.262317][T15901] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2653.326139][T15901] netlink: 'syz.1.14318': attribute type 3 has an invalid length.
[ 2653.347374][T15901] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14318'.
[ 2653.861026][ T8869] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2653.869249][T15914] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2653.882286][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2654.537332][T15925] netlink: 'syz.0.14328': attribute type 12 has an invalid length.
[ 2654.552432][T15925] netlink: 132 bytes leftover after parsing attributes in process `syz.0.14328'.
[ 2655.109326][T15947] syz.2.14335 (15947) used obsolete PPPIOCDETACH ioctl
[ 2655.155758][T15950] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2655.244652][T15950] netlink: 'syz.1.14336': attribute type 3 has an invalid length.
[ 2655.310031][T15950] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14336'.
[ 2656.912602][T15991] netlink: 'syz.0.14348': attribute type 29 has an invalid length.
[ 2656.925198][T15991] netlink: 'syz.0.14348': attribute type 29 has an invalid length.
[ 2656.942800][T15991] netlink: 'syz.0.14348': attribute type 29 has an invalid length.
[ 2656.964377][T15991] netlink: 'syz.0.14348': attribute type 29 has an invalid length.
[ 2656.996052][T15991] netlink: 'syz.0.14348': attribute type 29 has an invalid length.
[ 2657.285444][T15999] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2657.291308][T15188] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2657.323683][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2657.465414][T16006] netlink: 'syz.0.14351': attribute type 3 has an invalid length.
[ 2657.474267][T16006] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14351'.
[ 2658.174273][T16031] netlink: 'syz.1.14360': attribute type 21 has an invalid length.
[ 2658.186593][T16031] netlink: 'syz.1.14360': attribute type 4 has an invalid length.
[ 2658.195525][T16031] netlink: 156 bytes leftover after parsing attributes in process `syz.1.14360'.
[ 2658.872404][T16053] netlink: 'syz.3.14366': attribute type 29 has an invalid length.
[ 2658.884959][T16053] netlink: 'syz.3.14366': attribute type 29 has an invalid length.
[ 2658.899496][T16053] FAULT_INJECTION: forcing a failure.
[ 2658.899496][T16053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2658.919594][T16053] CPU: 0 PID: 16053 Comm: syz.3.14366 Not tainted syzkaller #0
[ 2658.927355][T16053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2658.937505][T16053] Call Trace:
[ 2658.940848][T16053]  <TASK>
[ 2658.943836][T16053]  dump_stack_lvl+0x18c/0x250
[ 2658.948602][T16053]  ? show_regs_print_info+0x20/0x20
[ 2658.953869][T16053]  ? load_image+0x420/0x420
[ 2658.958442][T16053]  ? __might_fault+0xaa/0x120
[ 2658.963179][T16053]  should_fail_ex+0x39d/0x4d0
[ 2658.967958][T16053]  copyout+0x1a/0x90
[ 2658.971908][T16053]  _copy_to_iter+0x432/0x1120
[ 2658.976661][T16053]  ? iov_iter_init+0x1e0/0x1e0
[ 2658.981547][T16053]  ? __virt_addr_valid+0x18c/0x540
[ 2658.986709][T16053]  ? __virt_addr_valid+0x469/0x540
[ 2658.991889][T16053]  ? __phys_addr_symbol+0x2f/0x70
[ 2658.996976][T16053]  __skb_datagram_iter+0xdb/0x780
[ 2659.002058][T16053]  ? skb_copy_datagram_iter+0x200/0x200
[ 2659.007658][T16053]  skb_copy_datagram_iter+0xb1/0x200
[ 2659.013004][T16053]  netlink_recvmsg+0x2d4/0xe60
[ 2659.017826][T16053]  ? netlink_sendmsg+0xbf0/0xbf0
[ 2659.022827][T16053]  ? aa_af_perm+0x330/0x330
[ 2659.027395][T16053]  ? __lock_acquire+0x1273/0x7d40
[ 2659.032523][T16053]  ? verify_lock_unused+0x140/0x140
[ 2659.037780][T16053]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[ 2659.043118][T16053]  ? security_socket_recvmsg+0x89/0xb0
[ 2659.048662][T16053]  ? netlink_sendmsg+0xbf0/0xbf0
[ 2659.053658][T16053]  ____sys_recvmsg+0x2ce/0x5e0
[ 2659.058492][T16053]  ? __sys_recvmsg_sock+0x50/0x50
[ 2659.063569][T16053]  ? import_iovec+0x73/0xa0
[ 2659.068126][T16053]  ___sys_recvmsg+0x216/0x590
[ 2659.072872][T16053]  ? __sys_recvmsg+0x2a0/0x2a0
[ 2659.077686][T16053]  ? ksys_write+0x1c4/0x260
[ 2659.082258][T16053]  ? __fget_files+0x43d/0x4b0
[ 2659.087003][T16053]  __x64_sys_recvmsg+0x20c/0x2e0
[ 2659.091994][T16053]  ? ___sys_recvmsg+0x590/0x590
[ 2659.096907][T16053]  ? lockdep_hardirqs_on+0x98/0x150
[ 2659.102157][T16053]  do_syscall_64+0x55/0xa0
[ 2659.106625][T16053]  ? clear_bhb_loop+0x40/0x90
[ 2659.111353][T16053]  ? clear_bhb_loop+0x40/0x90
[ 2659.116093][T16053]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2659.122062][T16053] RIP: 0033:0x7f589919c819
[ 2659.126526][T16053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2659.146195][T16053] RSP: 002b:00007f589a065028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 2659.154668][T16053] RAX: ffffffffffffffda RBX: 00007f5899415fa0 RCX: 00007f589919c819
[ 2659.162684][T16053] RDX: 0000000000000002 RSI: 0000200000001c80 RDI: 0000000000000003
[ 2659.170701][T16053] RBP: 00007f589a065090 R08: 0000000000000000 R09: 0000000000000000
[ 2659.178723][T16053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2659.186746][T16053] R13: 00007f5899416038 R14: 00007f5899415fa0 R15: 00007ffff87aed68
[ 2659.194786][T16053]  </TASK>
[ 2659.199297][ T8875] wlan1: Trigger new scan to find an IBSS to join
[ 2659.538745][T16057] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2659.550172][ T8869] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2659.568555][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2659.651834][T16057] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14368'.
[ 2659.932173][T16070] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.14372'.
[ 2659.942466][T16070] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.14372'.
[ 2659.956838][T16070] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.14372'.
[ 2662.091499][T16113] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2662.110899][T16112] validate_nla: 8 callbacks suppressed
[ 2662.110919][T16112] netlink: 'syz.1.14386': attribute type 3 has an invalid length.
[ 2662.136140][T16112] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14386'.
[ 2662.261499][T16119] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14388'.
[ 2662.273477][T16119] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14388'.
[ 2662.287178][T16119] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14388'.
[ 2664.006526][T16152] netlink: 144316 bytes leftover after parsing attributes in process `syz.3.14397'.
[ 2664.112428][T16155] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2664.164166][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2664.183639][T16155] netlink: 'syz.2.14398': attribute type 3 has an invalid length.
[ 2664.191890][T16155] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14398'.
[ 2664.699841][T16167] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14402'.
[ 2664.712034][T16167] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14402'.
[ 2664.728855][T16167] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14402'.
[ 2664.839333][T16169] netlink: 'syz.1.14403': attribute type 10 has an invalid length.
[ 2665.678331][T16169] team0: Device wg1 is of different type
[ 2665.998860][T16186] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2666.011662][ T8873] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2666.065791][ T8873] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2666.097469][T16186] netlink: 'syz.3.14407': attribute type 3 has an invalid length.
[ 2666.133507][T16186] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14407'.
[ 2666.164501][T15060] wlan1: Trigger new scan to find an IBSS to join
[ 2668.173493][T15060] wlan1: Trigger new scan to find an IBSS to join
[ 2668.282212][T16215] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14416'.
[ 2668.293203][T16215] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14416'.
[ 2668.310569][T16215] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14416'.
[ 2669.665068][T16240] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2669.741108][T16240] netlink: 'syz.1.14422': attribute type 3 has an invalid length.
[ 2669.763974][T16240] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14422'.
[ 2669.855768][T16249] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2669.931293][T16249] netlink: 'syz.2.14425': attribute type 3 has an invalid length.
[ 2669.954379][T16249] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14425'.
[ 2671.291919][T16265] netlink: 'syz.2.14429': attribute type 10 has an invalid length.
[ 2672.112521][T16265] team0: Device wg1 is of different type
[ 2672.163685][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2672.170346][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2672.299229][T16280] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14434'.
[ 2672.310004][T16280] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14434'.
[ 2672.331627][T16280] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14434'.
[ 2672.957055][T16297] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2673.035582][T16297] netlink: 'syz.2.14438': attribute type 3 has an invalid length.
[ 2673.044623][T16297] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14438'.
[ 2673.225906][T16304] netlink: 'syz.0.14440': attribute type 3 has an invalid length.
[ 2673.240706][T16304] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14440'.
[ 2673.601940][T16311] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2673.737088][T16311] netlink: 'syz.1.14441': attribute type 3 has an invalid length.
[ 2673.757383][T16311] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14441'.
[ 2675.032526][T16332] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14448'.
[ 2675.045539][T16332] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14448'.
[ 2675.056844][T16332] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14448'.
[ 2675.123430][T15060] wlan1: Trigger new scan to find an IBSS to join
[ 2675.517267][T16343] netlink: 'syz.3.14451': attribute type 10 has an invalid length.
[ 2675.695034][T16343] team0: Device wg1 is of different type
[ 2676.135667][T16356] FAULT_INJECTION: forcing a failure.
[ 2676.135667][T16356] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2676.159398][T16356] CPU: 1 PID: 16356 Comm: syz.1.14463 Not tainted syzkaller #0
[ 2676.167079][T16356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2676.177202][T16356] Call Trace:
[ 2676.180539][T16356]  <TASK>
[ 2676.183540][T16356]  dump_stack_lvl+0x18c/0x250
[ 2676.188313][T16356]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2676.194578][T16356]  ? show_regs_print_info+0x20/0x20
[ 2676.199863][T16356]  ? load_image+0x420/0x420
[ 2676.204468][T16356]  should_fail_ex+0x39d/0x4d0
[ 2676.209239][T16356]  _copy_from_user+0x2f/0xe0
[ 2676.213910][T16356]  __sys_bpf+0x23e/0x890
[ 2676.218231][T16356]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2676.223692][T16356]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2676.229934][T16356]  __x64_sys_bpf+0x7c/0x90
[ 2676.234435][T16356]  do_syscall_64+0x55/0xa0
[ 2676.238930][T16356]  ? clear_bhb_loop+0x40/0x90
[ 2676.243690][T16356]  ? clear_bhb_loop+0x40/0x90
[ 2676.248458][T16356]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2676.254428][T16356] RIP: 0033:0x7f2c51d9c819
[ 2676.258937][T16356] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2676.278631][T16356] RSP: 002b:00007f2c52bc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2676.287120][T16356] RAX: ffffffffffffffda RBX: 00007f2c52015fa0 RCX: 00007f2c51d9c819
[ 2676.295372][T16356] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a
[ 2676.303403][T16356] RBP: 00007f2c52bc1090 R08: 0000000000000000 R09: 0000000000000000
[ 2676.311444][T16356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2676.319537][T16356] R13: 00007f2c52016038 R14: 00007f2c52015fa0 R15: 00007ffd74109ed8
[ 2676.327610][T16356]  </TASK>
[ 2676.347721][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2677.257401][T16376] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14462'.
[ 2678.112805][T16388] netlink: 'syz.0.14464': attribute type 10 has an invalid length.
[ 2678.163946][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2678.321582][T16388] team0: Device wg1 is of different type
[ 2678.750980][T16398] FAULT_INJECTION: forcing a failure.
[ 2678.750980][T16398] name failslab, interval 1, probability 0, space 0, times 0
[ 2678.773705][T16398] CPU: 1 PID: 16398 Comm: syz.3.14468 Not tainted syzkaller #0
[ 2678.781368][T16398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2678.791666][T16398] Call Trace:
[ 2678.795009][T16398]  <TASK>
[ 2678.798012][T16398]  dump_stack_lvl+0x18c/0x250
[ 2678.802788][T16398]  ? show_regs_print_info+0x20/0x20
[ 2678.808075][T16398]  ? load_image+0x420/0x420
[ 2678.812663][T16398]  ? __might_sleep+0xe0/0xe0
[ 2678.817331][T16398]  ? __lock_acquire+0x7d40/0x7d40
[ 2678.822430][T16398]  should_fail_ex+0x39d/0x4d0
[ 2678.827195][T16398]  should_failslab+0x9/0x20
[ 2678.831784][T16398]  slab_pre_alloc_hook+0x59/0x310
[ 2678.836888][T16398]  ? bpf_prog_test_run_skb+0x238/0x12b0
[ 2678.842509][T16398]  ? bpf_prog_test_run_skb+0x238/0x12b0
[ 2678.848135][T16398]  __kmem_cache_alloc_node+0x53/0x250
[ 2678.853598][T16398]  ? bpf_prog_test_run_skb+0x238/0x12b0
[ 2678.859217][T16398]  __kmalloc+0xa4/0x230
[ 2678.863448][T16398]  bpf_prog_test_run_skb+0x238/0x12b0
[ 2678.868886][T16398]  ? lockdep_hardirqs_on+0x98/0x150
[ 2678.874157][T16398]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2678.880407][T16398]  ? cpu_online+0x60/0x60
[ 2678.884812][T16398]  ? cpu_online+0x60/0x60
[ 2678.889206][T16398]  bpf_prog_test_run+0x321/0x390
[ 2678.894221][T16398]  __sys_bpf+0x49d/0x890
[ 2678.898567][T16398]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2678.904037][T16398]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2678.910282][T16398]  __x64_sys_bpf+0x7c/0x90
[ 2678.914774][T16398]  do_syscall_64+0x55/0xa0
[ 2678.919251][T16398]  ? clear_bhb_loop+0x40/0x90
[ 2678.924000][T16398]  ? clear_bhb_loop+0x40/0x90
[ 2678.928759][T16398]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2678.934717][T16398] RIP: 0033:0x7f589919c819
[ 2678.939199][T16398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2678.958868][T16398] RSP: 002b:00007f589a065028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2678.967350][T16398] RAX: ffffffffffffffda RBX: 00007f5899415fa0 RCX: 00007f589919c819
[ 2678.975390][T16398] RDX: 0000000000000050 RSI: 00002000000011c0 RDI: 000000000000000a
[ 2678.983451][T16398] RBP: 00007f589a065090 R08: 0000000000000000 R09: 0000000000000000
[ 2678.991483][T16398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2678.999525][T16398] R13: 00007f5899416038 R14: 00007f5899415fa0 R15: 00007ffff87aed68
[ 2679.008114][T16398]  </TASK>
[ 2679.400726][T16412] netlink: 'syz.3.14471': attribute type 12 has an invalid length.
[ 2679.450078][T16412] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.14471'.
[ 2679.758721][T16418] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2679.907405][T16418] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.14473'.
[ 2681.571619][T16443] netlink: 'syz.3.14478': attribute type 4 has an invalid length.
[ 2681.587362][T16443] netlink: 152 bytes leftover after parsing attributes in process `syz.3.14478'.
[ 2681.630690][T16443] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[ 2682.165022][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2682.175162][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2683.166021][ T8874] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2683.325492][T16477] mac80211_hwsim hwsim573 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2683.337842][T26550] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2683.355757][T26550] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2683.441159][T16477] netlink: 16098 bytes leftover after parsing attributes in process `syz.3.14487'.
[ 2685.820297][T16538] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14505'.
[ 2689.370028][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2689.811119][T16551] netlink: 'syz.2.14511': attribute type 10 has an invalid length.
[ 2689.881624][T16551] bond0: (slave bond_slave_0): Releasing backup interface
[ 2691.314085][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2696.838579][T16650] netlink: 'syz.1.14535': attribute type 3 has an invalid length.
[ 2696.969541][T16650] netlink: 'syz.1.14535': attribute type 6 has an invalid length.
[ 2697.273194][T16650] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.14535'.
[ 2697.536779][ T1065] Bluetooth: hci1: Malformed Event: 0x13
[ 2699.076154][T16655] netlink: 'syz.2.14537': attribute type 4 has an invalid length.
[ 2699.118245][T16655] netlink: 152 bytes leftover after parsing attributes in process `syz.2.14537'.
[ 2699.220628][T16655] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[ 2700.412854][T16684] netlink: 'syz.3.14543': attribute type 3 has an invalid length.
[ 2700.443389][T16684] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14543'.
[ 2700.940365][T16700] netlink: 'syz.0.14549': attribute type 3 has an invalid length.
[ 2700.952008][T16700] netlink: 'syz.0.14549': attribute type 6 has an invalid length.
[ 2700.999271][T16700] netlink: 144448 bytes leftover after parsing attributes in process `syz.0.14549'.
[ 2701.192189][ T1065] Bluetooth: hci4: Malformed Event: 0x13
[ 2701.780964][T16718] netlink: 'syz.0.14552': attribute type 3 has an invalid length.
[ 2701.797998][T16718] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14552'.
[ 2703.503557][T16747] netlink: 'syz.3.14561': attribute type 3 has an invalid length.
[ 2703.511939][T16747] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14561'.
[ 2704.014005][T16762] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2704.017770][ T8874] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2704.041788][ T8874] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2704.316779][T16762] netlink: 'syz.0.14573': attribute type 3 has an invalid length.
[ 2704.341994][T16762] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14573'.
[ 2705.215403][T16787] netlink: 'syz.1.14572': attribute type 3 has an invalid length.
[ 2705.231924][T16787] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14572'.
[ 2705.698788][T16800] mac80211_hwsim hwsim576 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2705.709462][ T8873] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2705.722998][ T8873] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2705.784441][T16800] netlink: 'syz.0.14578': attribute type 3 has an invalid length.
[ 2705.797452][T16800] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14578'.
[ 2705.825839][T16804] netlink: 'syz.3.14579': attribute type 10 has an invalid length.
[ 2705.860364][T16804] 8021q: adding VLAN 0 to HW filter on device team0
[ 2705.906329][T16804] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2707.247143][ T6961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2707.268580][ T6961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2707.281666][ T6961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2707.314250][ T6961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2707.328205][ T6961] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 2707.343695][ T6961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2707.467775][ T8874] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2707.838367][ T8874] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2708.092006][ T8874] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2708.147586][T16854] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2708.252509][ T8874] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2708.269823][T16854] netlink: 'syz.2.14595': attribute type 3 has an invalid length.
[ 2708.278323][T16854] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14595'.
[ 2708.332136][T16838] chnl_net:caif_netlink_parms(): no params data found
[ 2708.490629][T16838] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2708.498650][T16838] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2708.511037][T16838] bridge_slave_0: entered allmulticast mode
[ 2708.524357][T16838] bridge_slave_0: entered promiscuous mode
[ 2708.564493][ T8874] tipc: Left network mode
[ 2708.569371][T16838] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2708.581346][T16838] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2708.589826][T16838] bridge_slave_1: entered allmulticast mode
[ 2708.599583][T16838] bridge_slave_1: entered promiscuous mode
[ 2708.709469][T16838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2708.724897][T16838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2708.775372][T16838] team0: Port device team_slave_0 added
[ 2708.848595][T16838] team0: Port device team_slave_1 added
[ 2708.971130][T16838] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2708.978490][T16838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2709.014103][T16838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2709.028887][T16838] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2709.036635][T16838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2709.064505][T16838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2709.097624][T16877] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2709.237859][T16838] hsr_slave_0: entered promiscuous mode
[ 2709.258083][T16838] hsr_slave_1: entered promiscuous mode
[ 2709.270376][T16877] netlink: 'syz.1.14603': attribute type 3 has an invalid length.
[ 2709.292410][T16877] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14603'.
[ 2709.443813][ T1065] Bluetooth: hci2: command tx timeout
[ 2710.167644][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2711.060463][T16838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2711.166755][T16838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2711.190944][T16838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2711.206879][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2711.230410][T16838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2711.271230][T16921] mac80211_hwsim hwsim567 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2711.341568][ T8874] hsr_slave_0: left promiscuous mode
[ 2711.358903][ T8874] hsr_slave_1: left promiscuous mode
[ 2711.376399][ T8874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2711.390925][ T8874] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2711.408573][ T8874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2711.429293][ T8874] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2711.449044][ T8874] bridge_slave_1: left allmulticast mode
[ 2711.457628][ T8874] bridge_slave_1: left promiscuous mode
[ 2711.474008][ T8874] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2711.490780][ T8874] bridge_slave_0: left allmulticast mode
[ 2711.502590][ T8874] bridge_slave_0: left promiscuous mode
[ 2711.519950][ T8874] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2711.533830][ T1065] Bluetooth: hci2: command tx timeout
[ 2711.602777][ T8874] veth1_macvtap: left promiscuous mode
[ 2711.617277][ T8874] veth0_macvtap: left promiscuous mode
[ 2711.633677][ T8874] veth1_vlan: left promiscuous mode
[ 2711.648845][ T8874] veth0_vlan: left promiscuous mode
[ 2713.634084][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2713.640498][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2713.665737][ T1065] Bluetooth: hci2: command tx timeout
[ 2715.203683][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2715.492792][ T8874] team0 (unregistering): Port device team_slave_1 removed
[ 2715.560868][ T8874] team0 (unregistering): Port device team_slave_0 removed
[ 2715.627231][ T8874] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2715.691149][ T1065] Bluetooth: hci2: command tx timeout
[ 2715.699637][ T8874] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2716.158924][ T8874] .` (unregistering): Released all slaves
[ 2716.284610][T16931] netlink: 'syz.2.14608': attribute type 3 has an invalid length.
[ 2716.292536][T16931] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14608'.
[ 2716.315836][T16951] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.14614'.
[ 2717.053856][T16838] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2717.118516][T16959] netlink: 'syz.1.14617': attribute type 10 has an invalid length.
[ 2717.209192][ T8875] wlan1: Trigger new scan to find an IBSS to join
[ 2717.601109][T16959] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2717.948695][T16959] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 2717.977920][T16966] netlink: 60 bytes leftover after parsing attributes in process `syz.1.14617'.
[ 2718.005294][T16966] team0: entered promiscuous mode
[ 2718.010481][T16966] team_slave_0: entered promiscuous mode
[ 2718.023984][T16966] team_slave_1: entered promiscuous mode
[ 2718.034239][T16966] team0: entered allmulticast mode
[ 2718.039485][T16966] team_slave_0: entered allmulticast mode
[ 2718.063905][T16966] team_slave_1: entered allmulticast mode
[ 2718.087296][T16973] netlink: 'syz.1.14617': attribute type 10 has an invalid length.
[ 2718.151947][T16973] geneve1: entered promiscuous mode
[ 2718.157972][T16973] geneve1: entered allmulticast mode
[ 2718.164424][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2718.172139][T16973] team0: Port device geneve1 added
[ 2718.275074][T16838] 8021q: adding VLAN 0 to HW filter on device team0
[ 2718.334473][ T8866] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2718.357385][T26550] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2718.364808][T26550] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2718.422417][T26550] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2718.429851][T26550] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2718.719007][ T1065] Bluetooth: hci3: unexpected event 0x04 length: 151 > 10
[ 2719.257364][ T8873] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2719.331548][T16838] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2719.427382][T16838] veth0_vlan: entered promiscuous mode
[ 2719.450168][T16838] veth1_vlan: entered promiscuous mode
[ 2719.512226][T16838] veth0_macvtap: entered promiscuous mode
[ 2719.548110][T16838] veth1_macvtap: entered promiscuous mode
[ 2719.592231][T16838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2719.621697][T16838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2719.652269][T16838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2719.680569][T16838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2719.707430][T16838] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2719.740687][T16838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2719.759164][T16838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2719.783572][T16838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2719.799826][T16838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2719.819571][T16838] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2719.848635][T16838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2719.861691][T16838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2719.880993][T16838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2719.891994][T16838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2720.152127][ T8874] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2720.198331][ T8874] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2720.346074][ T8874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2720.365936][ T8874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2720.723887][ T1065] Bluetooth: hci3: command 0x0406 tx timeout
[ 2722.714106][ T6961] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2722.734006][ T6961] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2722.745906][ T6961] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2722.760557][ T6961] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2722.769965][ T6961] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2722.777997][ T6961] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2723.209462][ T8873] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2723.282050][T17068] netlink: 830 bytes leftover after parsing attributes in process `syz.1.14643'.
[ 2723.358812][ T8873] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2723.494849][ T8873] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2723.597692][ T8873] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2723.770050][T17058] chnl_net:caif_netlink_parms(): no params data found
[ 2723.954327][T17058] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2723.964680][T17058] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2723.972280][T17058] bridge_slave_0: entered allmulticast mode
[ 2723.981568][T17058] bridge_slave_0: entered promiscuous mode
[ 2724.007176][T17058] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2724.035196][T17058] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2724.042566][T17058] bridge_slave_1: entered allmulticast mode
[ 2724.070672][T17058] bridge_slave_1: entered promiscuous mode
[ 2724.428302][T17058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2724.706268][T17058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2724.866564][T17058] team0: Port device team_slave_0 added
[ 2724.893725][ T6961] Bluetooth: hci4: command tx timeout
[ 2725.295047][T17058] team0: Port device team_slave_1 added
[ 2725.785856][T17058] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2725.818993][T17058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2725.928310][ T6961] Bluetooth: hci1: command 0x0406 tx timeout
[ 2725.962644][T17058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2725.999156][T17058] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2726.038767][T17058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2726.137983][T17058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2726.342932][T17115] syzkaller0: entered promiscuous mode
[ 2726.381844][T17115] syzkaller0: entered allmulticast mode
[ 2726.973455][ T1065] Bluetooth: hci4: command tx timeout
[ 2729.052039][ T1065] Bluetooth: hci4: command tx timeout
[ 2730.542067][T17058] hsr_slave_0: entered promiscuous mode
[ 2730.555233][T17058] hsr_slave_1: entered promiscuous mode
[ 2730.562166][T17058] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2730.570037][T17058] Cannot create hsr debugfs directory
[ 2731.138090][ T1065] Bluetooth: hci4: command tx timeout
[ 2731.459421][T17058] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 2731.495257][T17058] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 2731.512309][T17058] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 2731.530552][T17058] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 2731.752353][T17058] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2731.868280][T17058] 8021q: adding VLAN 0 to HW filter on device team0
[ 2731.939641][ T8875] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2731.946952][ T8875] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2731.970719][ T8875] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2731.978057][ T8875] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2732.118559][ T8873] hsr_slave_0: left promiscuous mode
[ 2732.128413][ T8873] hsr_slave_1: left promiscuous mode
[ 2732.146677][ T8873] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2732.155566][ T8873] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2732.164307][ T8873] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2732.171814][ T8873] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2732.190787][ T8873] hsr0: left allmulticast mode
[ 2732.197175][ T8873] bridge0: port 3(hsr0) entered disabled state
[ 2732.212716][ T8873] bridge_slave_1: left allmulticast mode
[ 2732.218832][ T8873] bridge_slave_1: left promiscuous mode
[ 2732.229899][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2732.239810][ T8873] bridge_slave_0: left allmulticast mode
[ 2732.251310][ T8873] bridge_slave_0: left promiscuous mode
[ 2732.258450][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2732.297628][ T8873] veth1_macvtap: left promiscuous mode
[ 2732.304836][ T8873] veth0_macvtap: left promiscuous mode
[ 2732.310721][ T8873] veth0_vlan: left promiscuous mode
[ 2733.423168][ T8873] team0 (unregistering): Port device team_slave_1 removed
[ 2733.499895][ T8873] team0 (unregistering): Port device C removed
[ 2733.561555][ T8873] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2734.049091][ T8873] team0 (unregistering): Port device bridge0 removed
[ 2734.101039][ T8873] bond0 (unregistering): Released all slaves
[ 2734.707492][T17058] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2734.783795][T17058] veth0_vlan: entered promiscuous mode
[ 2734.809691][T17058] veth1_vlan: entered promiscuous mode
[ 2734.858719][T17058] veth0_macvtap: entered promiscuous mode
[ 2734.872112][T17058] veth1_macvtap: entered promiscuous mode
[ 2734.901449][T17058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2734.913482][T17058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2734.926785][T17058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2734.938840][T17058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2734.956838][T17058] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2734.985175][T17058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2734.995828][T17058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2735.006627][T17058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2735.018081][T17058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2735.031060][T17058] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2735.044806][T17058] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2735.053912][T17058] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2735.062743][T17058] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2735.071731][T17058] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2735.157727][ T8874] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2735.174888][ T8874] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2735.203123][ T8874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2735.211332][ T8874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2735.434774][T17213] netlink: 'syz.1.14669': attribute type 3 has an invalid length.
[ 2735.454185][T17213] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14669'.
[ 2735.507113][T17212] netlink: 'syz.0.14668': attribute type 3 has an invalid length.
[ 2735.541309][T17212] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14668'.
[ 2736.574006][T17231] netlink: 'syz.0.14664': attribute type 10 has an invalid length.
[ 2736.617514][T17231] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2736.667973][T17231] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 2736.684502][T17226] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14664'.
[ 2736.703572][T17226] team0: entered promiscuous mode
[ 2736.714034][T17226] team_slave_0: entered promiscuous mode
[ 2736.721146][T17226] team_slave_1: entered promiscuous mode
[ 2736.767372][T17226] team0: entered allmulticast mode
[ 2736.796082][T17226] team_slave_0: entered allmulticast mode
[ 2736.823789][T17226] team_slave_1: entered allmulticast mode
[ 2736.884600][T17231] netlink: 'syz.0.14664': attribute type 10 has an invalid length.
[ 2737.277831][T17231] geneve1: entered promiscuous mode
[ 2737.428162][T17231] geneve1: entered allmulticast mode
[ 2737.512881][T17231] team0: Port device geneve1 added
[ 2737.949367][T17245] netlink: 'syz.3.14674': attribute type 1 has an invalid length.
[ 2737.959923][T17245] netlink: 191376 bytes leftover after parsing attributes in process `syz.3.14674'.
[ 2738.624791][T17257] netlink: 'syz.3.14679': attribute type 3 has an invalid length.
[ 2738.633985][T17257] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14679'.
[ 2738.904799][T17264] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2739.680995][ T1065] Bluetooth: hci2: unexpected event 0x04 length: 151 > 10
[ 2739.812973][T17277] netlink: 'syz.3.14685': attribute type 41 has an invalid length.
[ 2740.261919][T17277] netlink: 'syz.3.14685': attribute type 1 has an invalid length.
[ 2740.276227][T17277] netlink: 191376 bytes leftover after parsing attributes in process `syz.3.14685'.
[ 2740.697372][T17295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2741.268049][T17307] netlink: 'syz.0.14696': attribute type 3 has an invalid length.
[ 2741.322440][T17307] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14696'.
[ 2741.748883][ T1065] Bluetooth: hci2: command tx timeout
[ 2743.604561][T17329] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.14703'.
[ 2743.644453][T17329] netlink: 6324 bytes leftover after parsing attributes in process `syz.2.14703'.
[ 2743.693399][T17329] netlink: 2 bytes leftover after parsing attributes in process `syz.2.14703'.
[ 2744.044129][T17334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2744.237719][ T6961] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2744.248848][ T6961] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2744.258418][ T6961] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2744.271938][ T6961] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2744.340443][ T6961] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2744.348190][ T6961] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2746.048307][T17352] netlink: 'syz.0.14710': attribute type 3 has an invalid length.
[ 2746.065166][T17352] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14710'.
[ 2746.205645][ T8874] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2746.417113][ T1065] Bluetooth: hci0: command tx timeout
[ 2746.440886][ T8874] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2746.606983][ T8874] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2746.628062][T17366] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.14714'.
[ 2746.653028][T17366] netlink: 6324 bytes leftover after parsing attributes in process `syz.0.14714'.
[ 2746.677567][T17366] netlink: 2 bytes leftover after parsing attributes in process `syz.0.14714'.
[ 2746.751992][ T8874] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2746.787037][T17339] chnl_net:caif_netlink_parms(): no params data found
[ 2747.095974][T17373] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14717'.
[ 2747.171116][T17370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2747.330288][T17339] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2747.337725][T17339] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2747.345777][T17339] bridge_slave_0: entered allmulticast mode
[ 2747.366356][T17339] bridge_slave_0: entered promiscuous mode
[ 2747.391938][T17339] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2747.440931][T17339] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2747.519798][T17339] bridge_slave_1: entered allmulticast mode
[ 2747.554961][T17339] bridge_slave_1: entered promiscuous mode
[ 2747.752723][T17339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2747.871879][T17339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2748.334334][ T8873] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2748.547820][ T1065] Bluetooth: hci0: command tx timeout
[ 2748.686048][T17339] team0: Port device team_slave_0 added
[ 2748.698211][T17339] team0: Port device team_slave_1 added
[ 2748.914742][T17339] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2748.921787][T17339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2749.064419][T17339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2749.143570][T17339] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2749.173522][T17339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2749.272834][T17339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2750.567683][ T1065] Bluetooth: hci0: command tx timeout
[ 2750.741080][T17339] hsr_slave_0: entered promiscuous mode
[ 2750.788409][T17339] hsr_slave_1: entered promiscuous mode
[ 2750.806907][T17339] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2750.818090][T17339] Cannot create hsr debugfs directory
[ 2750.844039][T17414] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14726'.
[ 2750.883158][ T8874] tipc: Left network mode
[ 2751.184971][T17425] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2752.654099][ T1065] Bluetooth: hci0: command tx timeout
[ 2753.754671][T17472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2754.750251][T17475] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.14741'.
[ 2754.937752][T17492] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14742'.
[ 2755.319878][T17489] pim6reg: tun_chr_ioctl cmd 2147767521
[ 2755.478107][T17492] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14742'.
[ 2755.555712][T17494] netlink: 60 bytes leftover after parsing attributes in process `syz.0.14742'.
[ 2755.684915][T17339] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2755.792650][T17339] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2755.890244][T17339] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2755.908649][T17339] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2756.689121][T17339] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2756.896660][T17339] 8021q: adding VLAN 0 to HW filter on device team0
[ 2756.931988][ T8873] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2756.939289][ T8873] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2757.043795][T17526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2757.106212][ T8869] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2757.113592][ T8869] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2757.487555][T17537] FAULT_INJECTION: forcing a failure.
[ 2757.487555][T17537] name failslab, interval 1, probability 0, space 0, times 0
[ 2757.529554][T17537] CPU: 0 PID: 17537 Comm: syz.2.14753 Not tainted syzkaller #0
[ 2757.537222][T17537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2757.547335][T17537] Call Trace:
[ 2757.550659][T17537]  <TASK>
[ 2757.553634][T17537]  dump_stack_lvl+0x18c/0x250
[ 2757.558384][T17537]  ? show_regs_print_info+0x20/0x20
[ 2757.563654][T17537]  ? load_image+0x420/0x420
[ 2757.568233][T17537]  ? __might_sleep+0xe0/0xe0
[ 2757.572876][T17537]  ? __lock_acquire+0x7d40/0x7d40
[ 2757.577955][T17537]  should_fail_ex+0x39d/0x4d0
[ 2757.582776][T17537]  should_failslab+0x9/0x20
[ 2757.587339][T17537]  slab_pre_alloc_hook+0x59/0x310
[ 2757.592435][T17537]  ? tomoyo_encode+0x28b/0x540
[ 2757.597248][T17537]  ? tomoyo_encode+0x28b/0x540
[ 2757.602065][T17537]  __kmem_cache_alloc_node+0x53/0x250
[ 2757.607512][T17537]  ? tomoyo_encode+0x28b/0x540
[ 2757.612330][T17537]  __kmalloc+0xa4/0x230
[ 2757.616548][T17537]  tomoyo_encode+0x28b/0x540
[ 2757.621208][T17537]  tomoyo_realpath_from_path+0x592/0x5d0
[ 2757.626906][T17537]  tomoyo_path_number_perm+0x248/0x620
[ 2757.632450][T17537]  ? tomoyo_path_number_perm+0x217/0x620
[ 2757.638162][T17537]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 2757.643686][T17537]  ? ksys_write+0x1c4/0x260
[ 2757.648283][T17537]  ? __fget_files+0x28/0x4b0
[ 2757.652930][T17537]  ? __fget_files+0x28/0x4b0
[ 2757.657591][T17537]  security_file_ioctl+0x70/0xa0
[ 2757.662636][T17537]  __se_sys_ioctl+0x48/0x170
[ 2757.667289][T17537]  do_syscall_64+0x55/0xa0
[ 2757.671765][T17537]  ? clear_bhb_loop+0x40/0x90
[ 2757.676502][T17537]  ? clear_bhb_loop+0x40/0x90
[ 2757.681247][T17537]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2757.687198][T17537] RIP: 0033:0x7f91df59c819
[ 2757.691680][T17537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2757.711356][T17537] RSP: 002b:00007f91e037e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2757.719932][T17537] RAX: ffffffffffffffda RBX: 00007f91df815fa0 RCX: 00007f91df59c819
[ 2757.728060][T17537] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000003
[ 2757.736076][T17537] RBP: 00007f91e037e090 R08: 0000000000000000 R09: 0000000000000000
[ 2757.744096][T17537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2757.752116][T17537] R13: 00007f91df816038 R14: 00007f91df815fa0 R15: 00007ffd000efbc8
[ 2757.760172][T17537]  </TASK>
[ 2757.768842][T17537] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2757.845804][ T8874] hsr_slave_0: left promiscuous mode
[ 2757.852149][ T8874] hsr_slave_1: left promiscuous mode
[ 2757.864745][ T8874] hsr0: left allmulticast mode
[ 2757.869844][ T8874] bridge0: port 3(hsr0) entered disabled state
[ 2757.895527][ T8874] bridge_slave_1: left allmulticast mode
[ 2757.901312][ T8874] bridge_slave_1: left promiscuous mode
[ 2757.914216][ T8874] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2757.949437][ T8874] bridge_slave_0: left allmulticast mode
[ 2757.961113][ T8874] bridge_slave_0: left promiscuous mode
[ 2757.972733][ T8874] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2758.062600][ T8874] veth1_macvtap: left promiscuous mode
[ 2758.075398][ T8874] veth0_macvtap: left promiscuous mode
[ 2758.081118][ T8874] veth1_vlan: left promiscuous mode
[ 2758.093843][ T8874] veth0_vlan: left promiscuous mode
[ 2759.377219][ T8874] team0 (unregistering): Port device team_slave_1 removed
[ 2759.472806][ T8874] team0 (unregistering): Port device team_slave_0 removed
[ 2759.550492][ T8874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2759.622124][ T8874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2760.058971][ T8874] bond0 (unregistering): (slave team0): Releasing backup interface
[ 2760.113739][ T8874] bond0 (unregistering): Released all slaves
[ 2760.235439][T17539] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2760.255166][T17547] netlink: 'syz.0.14752': attribute type 3 has an invalid length.
[ 2760.269415][T17547] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14752'.
[ 2760.840067][T17339] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2760.894116][T17582] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2761.118078][T17574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2761.179362][T17583] netlink: 'syz.0.14761': attribute type 3 has an invalid length.
[ 2761.215515][T17583] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14761'.
[ 2761.436218][T17339] veth0_vlan: entered promiscuous mode
[ 2761.462521][T17339] veth1_vlan: entered promiscuous mode
[ 2761.594534][T17339] veth0_macvtap: entered promiscuous mode
[ 2761.659761][T17339] veth1_macvtap: entered promiscuous mode
[ 2761.805757][T17339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2761.867920][T17339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2761.911832][T17339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2761.988640][T17339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2762.021694][T17339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2762.048332][T17339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2762.071377][T17339] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2762.561041][T17339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2762.580369][T17339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2762.599001][T17339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2762.666707][T17339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2762.696588][T17339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2762.707530][T17339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2762.719429][T17339] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2762.824209][T17339] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2762.833436][T17339] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2762.842215][T17339] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2762.851258][T17339] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2763.124589][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2763.596788][T15190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2763.620528][T15190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2763.680869][ T8873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2763.698003][ T8873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2764.035076][T17636] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2764.658881][T17646] FAULT_INJECTION: forcing a failure.
[ 2764.658881][T17646] name failslab, interval 1, probability 0, space 0, times 0
[ 2764.696389][T17648] netlink: 1772 bytes leftover after parsing attributes in process `syz.1.14772'.
[ 2764.743691][T17646] CPU: 1 PID: 17646 Comm: syz.3.14702 Not tainted syzkaller #0
[ 2764.751395][T17646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2764.761548][T17646] Call Trace:
[ 2764.764926][T17646]  <TASK>
[ 2764.767954][T17646]  dump_stack_lvl+0x18c/0x250
[ 2764.772779][T17646]  ? show_regs_print_info+0x20/0x20
[ 2764.778108][T17646]  ? load_image+0x420/0x420
[ 2764.782758][T17646]  ? __might_sleep+0xe0/0xe0
[ 2764.787472][T17646]  ? __lock_acquire+0x7d40/0x7d40
[ 2764.792647][T17646]  should_fail_ex+0x39d/0x4d0
[ 2764.797485][T17646]  should_failslab+0x9/0x20
[ 2764.802128][T17646]  slab_pre_alloc_hook+0x59/0x310
[ 2764.807386][T17646]  ? update_flag+0xa3/0x570
[ 2764.812005][T17646]  ? update_flag+0xa3/0x570
[ 2764.816620][T17646]  __kmem_cache_alloc_node+0x53/0x250
[ 2764.822130][T17646]  ? __mutex_trylock_common+0x159/0x260
[ 2764.827817][T17646]  ? update_flag+0xa3/0x570
[ 2764.832431][T17646]  __kmalloc_node_track_caller+0xa2/0x230
[ 2764.838305][T17646]  kmemdup+0x2b/0x70
[ 2764.842320][T17646]  update_flag+0xa3/0x570
[ 2764.846797][T17646]  ? update_prstate+0x760/0x760
[ 2764.851774][T17646]  ? cpuset_write_u64+0x56/0x250
[ 2764.856850][T17646]  ? mutex_lock_nested+0x20/0x20
[ 2764.861906][T17646]  ? rcu_read_lock_any_held+0xb4/0x140
[ 2764.867482][T17646]  ? rcu_read_lock_bh_held+0x100/0x100
[ 2764.873069][T17646]  ? _parse_integer_limit+0x19c/0x1e0
[ 2764.878611][T17646]  cpuset_write_u64+0x1fd/0x250
[ 2764.883605][T17646]  cgroup_file_write+0x599/0x690
[ 2764.888666][T17646]  ? read_lock_is_recursive+0x20/0x20
[ 2764.894190][T17646]  ? cgroup_seqfile_stop+0xd0/0xd0
[ 2764.899458][T17646]  ? cgroup_seqfile_stop+0xd0/0xd0
[ 2764.904710][T17646]  kernfs_fop_write_iter+0x3b6/0x520
[ 2764.910147][T17646]  vfs_write+0x46c/0x990
[ 2764.914537][T17646]  ? file_end_write+0x250/0x250
[ 2764.919531][T17646]  ? __fget_files+0x43d/0x4b0
[ 2764.924358][T17646]  ? __fdget_pos+0x2a3/0x330
[ 2764.929067][T17646]  ? ksys_write+0x75/0x260
[ 2764.933601][T17646]  ksys_write+0x150/0x260
[ 2764.938067][T17646]  ? __ia32_sys_read+0x90/0x90
[ 2764.942979][T17646]  ? lockdep_hardirqs_on+0x98/0x150
[ 2764.948325][T17646]  do_syscall_64+0x55/0xa0
[ 2764.952853][T17646]  ? clear_bhb_loop+0x40/0x90
[ 2764.957636][T17646]  ? clear_bhb_loop+0x40/0x90
[ 2764.962429][T17646]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2764.968429][T17646] RIP: 0033:0x7f98bc79c819
[ 2764.972953][T17646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2764.983513][T17648] netlink: 'syz.1.14772': attribute type 10 has an invalid length.
[ 2764.992622][T17646] RSP: 002b:00007f98bd652028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2765.009223][T17646] RAX: ffffffffffffffda RBX: 00007f98bca15fa0 RCX: 00007f98bc79c819
[ 2765.017292][T17646] RDX: 0000000000000012 RSI: 00002000000000c0 RDI: 0000000000000006
[ 2765.025365][T17646] RBP: 00007f98bd652090 R08: 0000000000000000 R09: 0000000000000000
[ 2765.033428][T17646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2765.041497][T17646] R13: 00007f98bca16038 R14: 00007f98bca15fa0 R15: 00007ffdf8011d28
[ 2765.049642][T17646]  </TASK>
[ 2765.174675][T17648] netlink: 55 bytes leftover after parsing attributes in process `syz.1.14772'.
[ 2765.703755][T17659] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2765.855106][T17661] mac80211_hwsim hwsim609 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2765.919978][T17661] netlink: 'syz.3.14774': attribute type 3 has an invalid length.
[ 2765.943673][T17661] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14774'.
[ 2766.240182][T17673] FAULT_INJECTION: forcing a failure.
[ 2766.240182][T17673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2766.283398][T17673] CPU: 0 PID: 17673 Comm: syz.0.14777 Not tainted syzkaller #0
[ 2766.291063][T17673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2766.301194][T17673] Call Trace:
[ 2766.304532][T17673]  <TASK>
[ 2766.307527][T17673]  dump_stack_lvl+0x18c/0x250
[ 2766.312329][T17673]  ? show_regs_print_info+0x20/0x20
[ 2766.317639][T17673]  ? load_image+0x420/0x420
[ 2766.322253][T17673]  ? __might_fault+0xaa/0x120
[ 2766.327004][T17673]  ? __lock_acquire+0x7d40/0x7d40
[ 2766.332200][T17673]  should_fail_ex+0x39d/0x4d0
[ 2766.336980][T17673]  _copy_from_user+0x2f/0xe0
[ 2766.341655][T17673]  __sys_bpf+0x23e/0x890
[ 2766.345981][T17673]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2766.351469][T17673]  ? lock_chain_count+0x20/0x20
[ 2766.356392][T17673]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 2766.362434][T17673]  __x64_sys_bpf+0x7c/0x90
[ 2766.366910][T17673]  do_syscall_64+0x55/0xa0
[ 2766.371368][T17673]  ? clear_bhb_loop+0x40/0x90
[ 2766.376109][T17673]  ? clear_bhb_loop+0x40/0x90
[ 2766.380842][T17673]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2766.386793][T17673] RIP: 0033:0x7f60b999c819
[ 2766.391258][T17673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2766.410924][T17673] RSP: 002b:00007f60ba828028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2766.419394][T17673] RAX: ffffffffffffffda RBX: 00007f60b9c15fa0 RCX: 00007f60b999c819
[ 2766.427421][T17673] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[ 2766.435438][T17673] RBP: 00007f60ba828090 R08: 0000000000000000 R09: 0000000000000000
[ 2766.443476][T17673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2766.451596][T17673] R13: 00007f60b9c16038 R14: 00007f60b9c15fa0 R15: 00007ffd949c8638
[ 2766.459669][T17673]  </TASK>
[ 2767.124453][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2767.870088][T17704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2768.170543][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2768.188089][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2768.514947][T17710] mac80211_hwsim hwsim609 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2768.639993][T17710] netlink: 'syz.3.14788': attribute type 3 has an invalid length.
[ 2768.917629][T17710] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14788'.
[ 2770.212373][T17747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2770.384997][T17751] FAULT_INJECTION: forcing a failure.
[ 2770.384997][T17751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2770.406974][T17751] CPU: 0 PID: 17751 Comm: syz.2.14803 Not tainted syzkaller #0
[ 2770.414632][T17751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2770.424770][T17751] Call Trace:
[ 2770.428105][T17751]  <TASK>
[ 2770.431070][T17751]  dump_stack_lvl+0x18c/0x250
[ 2770.435801][T17751]  ? show_regs_print_info+0x20/0x20
[ 2770.441048][T17751]  ? load_image+0x420/0x420
[ 2770.445596][T17751]  ? __might_fault+0xaa/0x120
[ 2770.450330][T17751]  ? __lock_acquire+0x7d40/0x7d40
[ 2770.455414][T17751]  should_fail_ex+0x39d/0x4d0
[ 2770.460154][T17751]  _copy_from_user+0x2f/0xe0
[ 2770.464792][T17751]  ___sys_sendmsg+0x1c7/0x360
[ 2770.469516][T17751]  ? get_pid_task+0x20/0x1e0
[ 2770.474159][T17751]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2770.478980][T17751]  ? __lock_acquire+0x7d40/0x7d40
[ 2770.484069][T17751]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2770.489002][T17751]  ? __x64_sys_sendmsg+0x80/0x80
[ 2770.493999][T17751]  ? lockdep_hardirqs_on+0x98/0x150
[ 2770.499264][T17751]  do_syscall_64+0x55/0xa0
[ 2770.503729][T17751]  ? clear_bhb_loop+0x40/0x90
[ 2770.508457][T17751]  ? clear_bhb_loop+0x40/0x90
[ 2770.513190][T17751]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2770.519147][T17751] RIP: 0033:0x7f91df59c819
[ 2770.523603][T17751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2770.543267][T17751] RSP: 002b:00007f91e037e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2770.551767][T17751] RAX: ffffffffffffffda RBX: 00007f91df815fa0 RCX: 00007f91df59c819
[ 2770.559801][T17751] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 2770.567816][T17751] RBP: 00007f91e037e090 R08: 0000000000000000 R09: 0000000000000000
[ 2770.575831][T17751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2770.583847][T17751] R13: 00007f91df816038 R14: 00007f91df815fa0 R15: 00007ffd000efbc8
[ 2770.591894][T17751]  </TASK>
[ 2771.280988][T17763] netlink: 'syz.1.14806': attribute type 3 has an invalid length.
[ 2771.324141][T17763] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14806'.
[ 2772.189051][T17798] netlink: 'syz.2.14818': attribute type 13 has an invalid length.
[ 2772.198101][T17798] netlink: 160 bytes leftover after parsing attributes in process `syz.2.14818'.
[ 2772.281297][T17798] erspan0: refused to change device tx_queue_len
[ 2772.306332][T17798] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[ 2773.332891][T17815] FAULT_INJECTION: forcing a failure.
[ 2773.332891][T17815] name failslab, interval 1, probability 0, space 0, times 0
[ 2773.351119][T17815] CPU: 0 PID: 17815 Comm: syz.3.14821 Not tainted syzkaller #0
[ 2773.358779][T17815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2773.368933][T17815] Call Trace:
[ 2773.372260][T17815]  <TASK>
[ 2773.375240][T17815]  dump_stack_lvl+0x18c/0x250
[ 2773.379988][T17815]  ? show_regs_print_info+0x20/0x20
[ 2773.385264][T17815]  ? load_image+0x420/0x420
[ 2773.389872][T17815]  ? __lock_acquire+0x7d40/0x7d40
[ 2773.394973][T17815]  ? kobject_set_name_vargs+0x61/0x110
[ 2773.400512][T17815]  ? rcu_is_watching+0x15/0xb0
[ 2773.405376][T17815]  should_fail_ex+0x39d/0x4d0
[ 2773.410129][T17815]  should_failslab+0x9/0x20
[ 2773.414708][T17815]  slab_pre_alloc_hook+0x59/0x310
[ 2773.419808][T17815]  ? device_add+0xbe/0xc20
[ 2773.424285][T17815]  __kmem_cache_alloc_node+0x53/0x250
[ 2773.429740][T17815]  ? device_add+0xbe/0xc20
[ 2773.434233][T17815]  kmalloc_trace+0x2a/0xe0
[ 2773.438727][T17815]  device_add+0xbe/0xc20
[ 2773.443039][T17815]  ? device_initialize+0x24b/0x440
[ 2773.448224][T17815]  netdev_register_kobject+0x188/0x320
[ 2773.453784][T17815]  register_netdevice+0x12ee/0x1bb0
[ 2773.459068][T17815]  ? kvmalloc_node+0x70/0x180
[ 2773.463843][T17815]  ? netif_stacked_transfer_operstate+0x210/0x210
[ 2773.470339][T17815]  ? __asan_memset+0x22/0x40
[ 2773.475008][T17815]  ? tun_net_initialize+0x1ac/0x480
[ 2773.480282][T17815]  ? tun_not_capable+0x1f0/0x1f0
[ 2773.485280][T17815]  ? alloc_netdev_mqs+0xc34/0x1040
[ 2773.490476][T17815]  tun_set_iff+0x848/0xed0
[ 2773.494963][T17815]  __tun_chr_ioctl+0x7ee/0x2000
[ 2773.499903][T17815]  ? tun_flow_create+0x310/0x310
[ 2773.504953][T17815]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2773.509968][T17815]  ? security_file_ioctl+0x80/0xa0
[ 2773.515146][T17815]  ? tun_chr_poll+0x630/0x630
[ 2773.519904][T17815]  __se_sys_ioctl+0xfd/0x170
[ 2773.524587][T17815]  do_syscall_64+0x55/0xa0
[ 2773.529081][T17815]  ? clear_bhb_loop+0x40/0x90
[ 2773.533822][T17815]  ? clear_bhb_loop+0x40/0x90
[ 2773.538572][T17815]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2773.544560][T17815] RIP: 0033:0x7f98bc79c819
[ 2773.549048][T17815] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2773.568728][T17815] RSP: 002b:00007f98bd652028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2773.577231][T17815] RAX: ffffffffffffffda RBX: 00007f98bca15fa0 RCX: 00007f98bc79c819
[ 2773.585259][T17815] RDX: 0000200000000080 RSI: 00000000400454ca RDI: 0000000000000003
[ 2773.593308][T17815] RBP: 00007f98bd652090 R08: 0000000000000000 R09: 0000000000000000
[ 2773.601356][T17815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2773.609444][T17815] R13: 00007f98bca16038 R14: 00007f98bca15fa0 R15: 00007ffdf8011d28
[ 2773.617502][T17815]  </TASK>
[ 2773.676376][ T1065] Bluetooth: hci2: unexpected event 0x04 length: 151 > 10
[ 2774.051216][T17835] netlink: 'syz.3.14824': attribute type 4 has an invalid length.
[ 2774.103955][T17835] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.14824'.
[ 2774.166093][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2774.363079][T17838] netlink: 'syz.0.14826': attribute type 21 has an invalid length.
[ 2774.372291][T17838] netlink: 'syz.0.14826': attribute type 20 has an invalid length.
[ 2774.767669][T17843] netlink: 'syz.1.14827': attribute type 3 has an invalid length.
[ 2774.780581][T17843] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14827'.
[ 2775.049725][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2775.056980][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2775.313902][T17866] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.14836'.
[ 2775.351184][T17866] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.14836'.
[ 2775.385237][T17868] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.14836'.
[ 2775.685472][ T1065] Bluetooth: hci2: command tx timeout
[ 2775.989449][T17879] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.14839'.
[ 2776.478674][T17887] netlink: 'syz.2.14842': attribute type 4 has an invalid length.
[ 2776.523603][T17887] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.14842'.
[ 2776.881921][T17890] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14844'.
[ 2776.897741][T17890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14844'.
[ 2777.256724][T17896] netlink: 'syz.1.14845': attribute type 3 has an invalid length.
[ 2777.267420][T17896] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14845'.
[ 2777.522484][T17907] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14848'.
[ 2777.536930][T17907] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14848'.
[ 2777.562087][T17907] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14848'.
[ 2777.991881][T17918] netlink: 15999 bytes leftover after parsing attributes in process `syz.2.14852'.
[ 2778.419427][T17929] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14858'.
[ 2778.429200][T17929] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14858'.
[ 2778.493986][T17927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2779.132645][ T8866] wlan1: Trigger new scan to find an IBSS to join
[ 2779.297821][T17940] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2779.379647][T17940] netlink: 'syz.1.14861': attribute type 3 has an invalid length.
[ 2779.458305][T17946] FAULT_INJECTION: forcing a failure.
[ 2779.458305][T17946] name failslab, interval 1, probability 0, space 0, times 0
[ 2779.491355][T17946] CPU: 1 PID: 17946 Comm: syz.2.14864 Not tainted syzkaller #0
[ 2779.499049][T17946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2779.509229][T17946] Call Trace:
[ 2779.512600][T17946]  <TASK>
[ 2779.515622][T17946]  dump_stack_lvl+0x18c/0x250
[ 2779.520427][T17946]  ? show_regs_print_info+0x20/0x20
[ 2779.525743][T17946]  ? load_image+0x420/0x420
[ 2779.530361][T17946]  ? __might_sleep+0xe0/0xe0
[ 2779.535065][T17946]  ? __lock_acquire+0x7d40/0x7d40
[ 2779.540227][T17946]  should_fail_ex+0x39d/0x4d0
[ 2779.545060][T17946]  should_failslab+0x9/0x20
[ 2779.549668][T17946]  slab_pre_alloc_hook+0x59/0x310
[ 2779.554804][T17946]  ? sk_prot_alloc+0xe7/0x210
[ 2779.559581][T17946]  ? sk_prot_alloc+0xe7/0x210
[ 2779.564360][T17946]  __kmem_cache_alloc_node+0x53/0x250
[ 2779.569864][T17946]  ? sk_prot_alloc+0xe7/0x210
[ 2779.574645][T17946]  __kmalloc+0xa4/0x230
[ 2779.578915][T17946]  sk_prot_alloc+0xe7/0x210
[ 2779.583516][T17946]  ? sk_alloc+0x24/0x360
[ 2779.587873][T17946]  sk_alloc+0x3a/0x360
[ 2779.592013][T17946]  ? bpf_ctx_init+0x163/0x1a0
[ 2779.596768][T17946]  ? bpf_prog_test_run_skb+0x273/0x12b0
[ 2779.602399][T17946]  bpf_prog_test_run_skb+0x3a5/0x12b0
[ 2779.607847][T17946]  ? __fget_files+0x28/0x4b0
[ 2779.612544][T17946]  ? __fget_files+0x28/0x4b0
[ 2779.617210][T17946]  ? __fget_files+0x43d/0x4b0
[ 2779.621991][T17946]  ? cpu_online+0x60/0x60
[ 2779.626394][T17946]  bpf_prog_test_run+0x321/0x390
[ 2779.631416][T17946]  __sys_bpf+0x49d/0x890
[ 2779.635744][T17946]  ? bpf_link_show_fdinfo+0x390/0x390
[ 2779.641238][T17946]  ? lock_chain_count+0x20/0x20
[ 2779.646194][T17946]  __x64_sys_bpf+0x7c/0x90
[ 2779.650688][T17946]  do_syscall_64+0x55/0xa0
[ 2779.655175][T17946]  ? clear_bhb_loop+0x40/0x90
[ 2779.659949][T17946]  ? clear_bhb_loop+0x40/0x90
[ 2779.664720][T17946]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2779.670725][T17946] RIP: 0033:0x7f91df59c819
[ 2779.675216][T17946] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2779.694898][T17946] RSP: 002b:00007f91e037e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2779.703409][T17946] RAX: ffffffffffffffda RBX: 00007f91df815fa0 RCX: 00007f91df59c819
[ 2779.711537][T17946] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[ 2779.719586][T17946] RBP: 00007f91e037e090 R08: 0000000000000000 R09: 0000000000000000
[ 2779.727632][T17946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2779.735669][T17946] R13: 00007f91df816038 R14: 00007f91df815fa0 R15: 00007ffd000efbc8
[ 2779.743754][T17946]  </TASK>
[ 2780.184227][ T8874] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2781.594838][T17986] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2781.765516][T17986] netlink: 'syz.1.14878': attribute type 3 has an invalid length.
[ 2781.784485][T17986] __nla_validate_parse: 5 callbacks suppressed
[ 2781.784594][T17986] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14878'.
[ 2782.322582][T18000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2782.779928][T18015] FAULT_INJECTION: forcing a failure.
[ 2782.779928][T18015] name failslab, interval 1, probability 0, space 0, times 0
[ 2782.792748][T18015] CPU: 0 PID: 18015 Comm: syz.3.14889 Not tainted syzkaller #0
[ 2782.800359][T18015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2782.810479][T18015] Call Trace:
[ 2782.813847][T18015]  <TASK>
[ 2782.816849][T18015]  dump_stack_lvl+0x18c/0x250
[ 2782.821682][T18015]  ? show_regs_print_info+0x20/0x20
[ 2782.826961][T18015]  ? load_image+0x420/0x420
[ 2782.831546][T18015]  ? __might_sleep+0xe0/0xe0
[ 2782.836206][T18015]  ? __lock_acquire+0x7d40/0x7d40
[ 2782.841313][T18015]  should_fail_ex+0x39d/0x4d0
[ 2782.846084][T18015]  should_failslab+0x9/0x20
[ 2782.850708][T18015]  slab_pre_alloc_hook+0x59/0x310
[ 2782.855829][T18015]  ? kernfs_fop_write_iter+0x159/0x520
[ 2782.861367][T18015]  ? kernfs_fop_write_iter+0x159/0x520
[ 2782.866909][T18015]  __kmem_cache_alloc_node+0x53/0x250
[ 2782.872368][T18015]  ? kernfs_fop_write_iter+0x159/0x520
[ 2782.877903][T18015]  __kmalloc+0xa4/0x230
[ 2782.882129][T18015]  kernfs_fop_write_iter+0x159/0x520
[ 2782.887497][T18015]  vfs_write+0x46c/0x990
[ 2782.891820][T18015]  ? file_end_write+0x250/0x250
[ 2782.896744][T18015]  ? __fget_files+0x43d/0x4b0
[ 2782.901514][T18015]  ? __fdget_pos+0x2a3/0x330
[ 2782.906187][T18015]  ? ksys_write+0x75/0x260
[ 2782.910692][T18015]  ksys_write+0x150/0x260
[ 2782.915103][T18015]  ? __ia32_sys_read+0x90/0x90
[ 2782.919941][T18015]  ? lockdep_hardirqs_on+0x98/0x150
[ 2782.925223][T18015]  do_syscall_64+0x55/0xa0
[ 2782.929704][T18015]  ? clear_bhb_loop+0x40/0x90
[ 2782.934468][T18015]  ? clear_bhb_loop+0x40/0x90
[ 2782.939219][T18015]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2782.945185][T18015] RIP: 0033:0x7f98bc79c819
[ 2782.949669][T18015] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2782.969356][T18015] RSP: 002b:00007f98bd652028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2782.977853][T18015] RAX: ffffffffffffffda RBX: 00007f98bca15fa0 RCX: 00007f98bc79c819
[ 2782.985905][T18015] RDX: 0000000000000031 RSI: 0000200000001140 RDI: 0000000000000004
[ 2782.993946][T18015] RBP: 00007f98bd652090 R08: 0000000000000000 R09: 0000000000000000
[ 2783.001985][T18015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2783.010026][T18015] R13: 00007f98bca16038 R14: 00007f98bca15fa0 R15: 00007ffdf8011d28
[ 2783.018138][T18015]  </TASK>
[ 2784.178028][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2784.232213][T18030] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.14894'.
[ 2784.574319][T18030] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.14894'.
[ 2784.695651][T18040] mac80211_hwsim hwsim606 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2784.755373][T18040] netlink: 'syz.2.14895': attribute type 3 has an invalid length.
[ 2784.794619][T18040] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14895'.
[ 2784.914923][T18043] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.14890'.
[ 2784.929822][T18043] bridge_slave_1: default FDB implementation only supports local addresses
[ 2785.334257][T18052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2785.839329][T18060] FAULT_INJECTION: forcing a failure.
[ 2785.839329][T18060] name failslab, interval 1, probability 0, space 0, times 0
[ 2785.853253][T18060] CPU: 0 PID: 18060 Comm: syz.2.14900 Not tainted syzkaller #0
[ 2785.860881][T18060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2785.871014][T18060] Call Trace:
[ 2785.874359][T18060]  <TASK>
[ 2785.877346][T18060]  dump_stack_lvl+0x18c/0x250
[ 2785.882080][T18060]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2785.888288][T18060]  ? show_regs_print_info+0x20/0x20
[ 2785.893554][T18060]  ? load_image+0x420/0x420
[ 2785.898120][T18060]  should_fail_ex+0x39d/0x4d0
[ 2785.902851][T18060]  should_failslab+0x9/0x20
[ 2785.907405][T18060]  slab_pre_alloc_hook+0x59/0x310
[ 2785.912493][T18060]  ? do_raw_spin_lock+0x11f/0x2c0
[ 2785.917573][T18060]  ? reuseport_alloc+0x11f/0x430
[ 2785.922595][T18060]  __kmem_cache_alloc_node+0x53/0x250
[ 2785.928041][T18060]  ? reuseport_alloc+0x11f/0x430
[ 2785.933032][T18060]  kmalloc_trace+0x2a/0xe0
[ 2785.937509][T18060]  reuseport_alloc+0x11f/0x430
[ 2785.942333][T18060]  udp_lib_get_port+0xf81/0x1c70
[ 2785.947335][T18060]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2785.953553][T18060]  ? raw_sysctl_init+0x50/0x50
[ 2785.958400][T18060]  ? udp_v4_get_port+0x72/0x210
[ 2785.963316][T18060]  ? udp_v4_get_port+0xb4/0x210
[ 2785.968229][T18060]  inet_sendmsg+0x1ec/0x2f0
[ 2785.972788][T18060]  ? inet_send_prepare+0x260/0x260
[ 2785.977961][T18060]  ____sys_sendmsg+0x5ba/0x960
[ 2785.982784][T18060]  ? __asan_memset+0x22/0x40
[ 2785.987422][T18060]  ? __sys_sendmsg_sock+0x30/0x30
[ 2785.992500][T18060]  ? __import_iovec+0x3fa/0x850
[ 2785.997403][T18060]  ? import_iovec+0x73/0xa0
[ 2786.001950][T18060]  ___sys_sendmsg+0x2a6/0x360
[ 2786.006702][T18060]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2786.011557][T18060]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2786.016461][T18060]  ? __x64_sys_sendmsg+0x80/0x80
[ 2786.021473][T18060]  ? syscall_enter_from_user_mode+0x2e/0x80
[ 2786.027430][T18060]  do_syscall_64+0x55/0xa0
[ 2786.031900][T18060]  ? clear_bhb_loop+0x40/0x90
[ 2786.036629][T18060]  ? clear_bhb_loop+0x40/0x90
[ 2786.041380][T18060]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2786.047334][T18060] RIP: 0033:0x7f91df59c819
[ 2786.051803][T18060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2786.071476][T18060] RSP: 002b:00007f91dd7f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2786.079950][T18060] RAX: ffffffffffffffda RBX: 00007f91df816090 RCX: 00007f91df59c819
[ 2786.087990][T18060] RDX: 0000000004008040 RSI: 0000200000000c40 RDI: 0000000000000007
[ 2786.096018][T18060] RBP: 00007f91dd7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2786.104040][T18060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2786.112060][T18060] R13: 00007f91df816128 R14: 00007f91df816090 R15: 00007ffd000efbc8
[ 2786.120095][T18060]  </TASK>
[ 2786.566471][T18077] sctp: [Deprecated]: syz.3.14905 (pid 18077) Use of int in maxseg socket option.
[ 2786.566471][T18077] Use struct sctp_assoc_value instead
[ 2786.804171][T18086] mac80211_hwsim hwsim606 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2786.851905][T18086] netlink: 'syz.2.14908': attribute type 3 has an invalid length.
[ 2786.866045][T18086] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14908'.
[ 2787.057535][T18088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2788.174578][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2789.142016][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2789.212572][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2791.036767][T18117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2791.330774][T18126] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2791.471462][T18126] netlink: 'syz.0.14922': attribute type 3 has an invalid length.
[ 2791.503598][T18126] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14922'.
[ 2791.616385][T18139] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14926'.
[ 2791.690334][T18139] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14926'.
[ 2791.745741][T18141] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14926'.
[ 2793.035162][T18162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2793.124660][T18159] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2793.266298][T18157] netlink: 'syz.1.14931': attribute type 3 has an invalid length.
[ 2793.303818][T18157] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14931'.
[ 2794.163999][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2794.405671][T18181] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14938'.
[ 2794.436449][T18181] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14938'.
[ 2794.476488][T18181] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.14938'.
[ 2795.134893][ T8866] wlan1: Trigger new scan to find an IBSS to join
[ 2795.141702][ T8866] wlan1: Trigger new scan to find an IBSS to join
[ 2795.197806][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2795.436917][T18193] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2796.412976][T18199] mac80211_hwsim hwsim609 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2796.569608][T18199] netlink: 'syz.3.14944': attribute type 3 has an invalid length.
[ 2796.624772][T18199] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14944'.
[ 2797.865157][T18214] netlink: 'syz.2.14948': attribute type 3 has an invalid length.
[ 2797.873138][T18214] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14948'.
[ 2798.335014][T18222] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14952'.
[ 2798.366053][T18222] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14952'.
[ 2798.404493][T18222] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14952'.
[ 2799.134753][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2799.141629][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2799.147418][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2799.165971][T18230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2799.916063][T18227] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.14953'.
[ 2799.983581][T18227] bridge_slave_1: default FDB implementation only supports local addresses
[ 2800.165368][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2800.207245][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2801.069266][T18247] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2801.199476][T18239] hsr0: entered promiscuous mode
[ 2801.223740][T18239] hsr0: entered allmulticast mode
[ 2801.228906][T18239] hsr_slave_0: entered allmulticast mode
[ 2801.263705][T18239] hsr_slave_1: entered allmulticast mode
[ 2801.368375][T18247] netlink: 'syz.1.14960': attribute type 3 has an invalid length.
[ 2801.416619][T18247] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.14960'.
[ 2802.236186][T18256] FAULT_INJECTION: forcing a failure.
[ 2802.236186][T18256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2802.273778][T18256] CPU: 0 PID: 18256 Comm: syz.2.14964 Not tainted syzkaller #0
[ 2802.281444][T18256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2802.291578][T18256] Call Trace:
[ 2802.294936][T18256]  <TASK>
[ 2802.298044][T18256]  dump_stack_lvl+0x18c/0x250
[ 2802.302813][T18256]  ? show_regs_print_info+0x20/0x20
[ 2802.308155][T18256]  ? load_image+0x420/0x420
[ 2802.312746][T18256]  ? __lock_acquire+0x7d40/0x7d40
[ 2802.317848][T18256]  ? snprintf+0xe9/0x140
[ 2802.322178][T18256]  should_fail_ex+0x39d/0x4d0
[ 2802.326971][T18256]  _copy_to_user+0x2f/0xa0
[ 2802.331483][T18256]  simple_read_from_buffer+0xe7/0x150
[ 2802.336963][T18256]  proc_fail_nth_read+0x1e8/0x260
[ 2802.342134][T18256]  ? proc_fault_inject_write+0x360/0x360
[ 2802.347890][T18256]  ? fsnotify_perm+0x271/0x5e0
[ 2802.352740][T18256]  ? proc_fault_inject_write+0x360/0x360
[ 2802.358454][T18256]  vfs_read+0x28b/0x970
[ 2802.362721][T18256]  ? kernel_read+0x1e0/0x1e0
[ 2802.367391][T18256]  ? __fget_files+0x28/0x4b0
[ 2802.372056][T18256]  ? __fget_files+0x28/0x4b0
[ 2802.376735][T18256]  ? __fget_files+0x43d/0x4b0
[ 2802.381511][T18256]  ? __fdget_pos+0x2a3/0x330
[ 2802.386178][T18256]  ? ksys_read+0x75/0x260
[ 2802.390630][T18256]  ksys_read+0x150/0x260
[ 2802.394964][T18256]  ? vfs_write+0x990/0x990
[ 2802.399523][T18256]  ? lockdep_hardirqs_on+0x98/0x150
[ 2802.404812][T18256]  do_syscall_64+0x55/0xa0
[ 2802.409300][T18256]  ? clear_bhb_loop+0x40/0x90
[ 2802.414046][T18256]  ? clear_bhb_loop+0x40/0x90
[ 2802.418800][T18256]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2802.424770][T18256] RIP: 0033:0x7f91df55d04e
[ 2802.429266][T18256] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2802.448988][T18256] RSP: 002b:00007f91e037dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2802.457490][T18256] RAX: ffffffffffffffda RBX: 00007f91e037e6c0 RCX: 00007f91df55d04e
[ 2802.465538][T18256] RDX: 000000000000000f RSI: 00007f91e037e0a0 RDI: 000000000000000b
[ 2802.473592][T18256] RBP: 00007f91e037e090 R08: 0000000000000000 R09: 0000000000000000
[ 2802.481742][T18256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2802.489805][T18256] R13: 00007f91df816038 R14: 00007f91df815fa0 R15: 00007ffd000efbc8
[ 2802.497892][T18256]  </TASK>
[ 2802.638711][T18260] netlink: 'syz.0.14963': attribute type 3 has an invalid length.
[ 2802.676248][T18260] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14963'.
[ 2802.911973][T18263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2803.124634][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2804.178889][T15190] wlan1: Trigger new scan to find an IBSS to join
[ 2805.360420][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2805.957467][T18286] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2805.998914][T18290] netlink: 'syz.0.14974': attribute type 3 has an invalid length.
[ 2806.014434][T18290] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.14974'.
[ 2806.386355][T18287] mac80211_hwsim hwsim609 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2807.020377][T18300] netlink: 'syz.3.14973': attribute type 3 has an invalid length.
[ 2807.066834][T18300] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.14973'.
[ 2807.133622][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2808.003229][T18308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2808.181937][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2808.209861][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2809.130777][T18321] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.14983'.
[ 2809.209004][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2809.222133][T18321] bridge_slave_1: default FDB implementation only supports local addresses
[ 2809.727723][T18334] mac80211_hwsim hwsim606 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2809.839684][T18333] netlink: 'syz.2.14986': attribute type 3 has an invalid length.
[ 2809.869895][T18333] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.14986'.
[ 2810.261957][T18343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2810.598478][T18353] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.14996'.
[ 2810.670487][T18353] bridge_slave_1: default FDB implementation only supports local addresses
[ 2812.191752][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2813.133611][ T8874] wlan1: Trigger new scan to find an IBSS to join
[ 2813.391804][T18380] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.15006'.
[ 2813.410216][T18380] bridge_slave_1: default FDB implementation only supports local addresses
[ 2813.489762][T18377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2814.168326][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2815.315964][ T8866] wlan1: Trigger new scan to find an IBSS to join
[ 2815.736437][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2815.757265][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2818.176127][ T8869] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2818.608499][T18432] bridge0: entered promiscuous mode
[ 2818.622214][T18432] bridge0: entered allmulticast mode
[ 2819.085414][T18435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2820.045770][T18446] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15029'.
[ 2820.342878][T18451] netlink: 'syz.1.15031': attribute type 9 has an invalid length.
[ 2820.352881][T18451] netlink: 181560 bytes leftover after parsing attributes in process `syz.1.15031'.
[ 2820.444060][ T1065] Bluetooth: hci4: ISO packet for unknown connection handle 7
[ 2820.488006][T18456] FAULT_INJECTION: forcing a failure.
[ 2820.488006][T18456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2820.524375][T18456] CPU: 0 PID: 18456 Comm: syz.2.15033 Not tainted syzkaller #0
[ 2820.532119][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2820.542300][T18456] Call Trace:
[ 2820.545687][T18456]  <TASK>
[ 2820.548724][T18456]  dump_stack_lvl+0x18c/0x250
[ 2820.553544][T18456]  ? show_regs_print_info+0x20/0x20
[ 2820.558960][T18456]  ? load_image+0x420/0x420
[ 2820.563609][T18456]  ? __might_fault+0xaa/0x120
[ 2820.568465][T18456]  ? __lock_acquire+0x7d40/0x7d40
[ 2820.573652][T18456]  should_fail_ex+0x39d/0x4d0
[ 2820.578492][T18456]  _copy_from_iter+0x1d9/0x12e0
[ 2820.583461][T18456]  ? slab_post_alloc_hook+0x8a/0x4b0
[ 2820.588866][T18456]  ? __virt_addr_valid+0x18c/0x540
[ 2820.594096][T18456]  ? __lock_acquire+0x7d40/0x7d40
[ 2820.599212][T18456]  ? rcu_is_watching+0x15/0xb0
[ 2820.604094][T18456]  ? copyout_mc+0x70/0x70
[ 2820.608524][T18456]  ? __virt_addr_valid+0x18c/0x540
[ 2820.613731][T18456]  ? __virt_addr_valid+0x18c/0x540
[ 2820.618945][T18456]  ? __virt_addr_valid+0x469/0x540
[ 2820.624182][T18456]  ? __check_object_size+0x506/0xa20
[ 2820.629585][T18456]  netlink_sendmsg+0x76b/0xbf0
[ 2820.634459][T18456]  ? perf_trace_lock+0x304/0x3b0
[ 2820.639542][T18456]  ? netlink_getsockopt+0x590/0x590
[ 2820.644954][T18456]  ? aa_sock_msg_perm+0x94/0x150
[ 2820.650004][T18456]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2820.655384][T18456]  ? security_socket_sendmsg+0x80/0xa0
[ 2820.660951][T18456]  ? netlink_getsockopt+0x590/0x590
[ 2820.666264][T18456]  ____sys_sendmsg+0x5ba/0x960
[ 2820.671141][T18456]  ? __asan_memset+0x22/0x40
[ 2820.675823][T18456]  ? __sys_sendmsg_sock+0x30/0x30
[ 2820.680941][T18456]  ? __import_iovec+0x5f2/0x850
[ 2820.685918][T18456]  ? import_iovec+0x73/0xa0
[ 2820.690522][T18456]  ___sys_sendmsg+0x2a6/0x360
[ 2820.695317][T18456]  ? __sys_sendmsg+0x2a0/0x2a0
[ 2820.700257][T18456]  ? __lock_acquire+0x7d40/0x7d40
[ 2820.705471][T18456]  __se_sys_sendmsg+0x1c2/0x2b0
[ 2820.710427][T18456]  ? __x64_sys_sendmsg+0x80/0x80
[ 2820.715514][T18456]  ? lockdep_hardirqs_on+0x98/0x150
[ 2820.720815][T18456]  do_syscall_64+0x55/0xa0
[ 2820.725328][T18456]  ? clear_bhb_loop+0x40/0x90
[ 2820.730099][T18456]  ? clear_bhb_loop+0x40/0x90
[ 2820.734881][T18456]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2820.740863][T18456] RIP: 0033:0x7f91df59c819
[ 2820.745385][T18456] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2820.765084][T18456] RSP: 002b:00007f91e037e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2820.773592][T18456] RAX: ffffffffffffffda RBX: 00007f91df815fa0 RCX: 00007f91df59c819
[ 2820.781642][T18456] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b
[ 2820.789693][T18456] RBP: 00007f91e037e090 R08: 0000000000000000 R09: 0000000000000000
[ 2820.797801][T18456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2820.805848][T18456] R13: 00007f91df816038 R14: 00007f91df815fa0 R15: 00007ffd000efbc8
[ 2820.814064][T18456]  </TASK>
[ 2821.070765][T18460] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2821.462626][T18460] netlink: 'syz.0.15034': attribute type 3 has an invalid length.
[ 2821.484094][T18460] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.15034'.
[ 2823.136273][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2823.753343][T18492] netlink: 'syz.1.15045': attribute type 39 has an invalid length.
[ 2824.157268][T18499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2824.267677][T18497] mac80211_hwsim hwsim609 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2824.841161][T18506] netlink: 'syz.2.15049': attribute type 10 has an invalid length.
[ 2824.926048][T18506] team0: Device wg1 is of different type
[ 2825.950409][T18522] mac80211_hwsim hwsim606 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2826.144376][T18522] netlink: 'syz.2.15055': attribute type 3 has an invalid length.
[ 2826.152820][T18522] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.15055'.
[ 2827.452784][T18546] mac80211_hwsim hwsim606 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2827.616827][T18549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2827.794308][T18546] netlink: 'syz.2.15060': attribute type 3 has an invalid length.
[ 2827.926583][T18546] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.15060'.
[ 2828.169740][T15190] wlan1: Trigger new scan to find an IBSS to join
[ 2828.176637][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2829.351212][T15190] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2829.636200][T18581] netlink: 'syz.0.15072': attribute type 10 has an invalid length.
[ 2829.948444][T18581] wg1: entered promiscuous mode
[ 2829.955032][T18581] wg1: entered allmulticast mode
[ 2829.960192][T18581] team0: Device wg1 is of different type
[ 2829.994645][T18587] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2830.164117][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2830.724177][T18595] mac80211_hwsim hwsim609 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2830.760502][T18594] netlink: 'syz.3.15077': attribute type 3 has an invalid length.
[ 2830.784008][T18594] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.15077'.
[ 2832.875418][T18611] netlink: 'syz.3.15082': attribute type 39 has an invalid length.
[ 2833.123727][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2833.454264][ T6961] Bluetooth: hci2: command 0x0406 tx timeout
[ 2834.537218][T18602] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.15076'.
[ 2834.572042][T18602] bridge_slave_1: default FDB implementation only supports local addresses
[ 2835.125919][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2835.515052][T18623] netlink: 'syz.3.15084': attribute type 10 has an invalid length.
[ 2836.237379][T18623] team0: Device wg1 is of different type
[ 2836.424388][ T8873] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2836.542610][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2836.549302][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2836.971613][T18628] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.15092'.
[ 2837.091716][T18628] bridge_slave_1: default FDB implementation only supports local addresses
[ 2837.171422][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2837.674219][T18637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2838.117316][T18647] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2838.204324][ T8873] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2838.282377][T18647] netlink: 'syz.1.15088': attribute type 3 has an invalid length.
[ 2838.339812][T18647] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.15088'.
[ 2840.166597][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2841.670049][T18671] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.15099'.
[ 2841.703752][T18671] bridge_slave_1: default FDB implementation only supports local addresses
[ 2841.950176][T18688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2841.985575][T18682] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2843.096272][T18702] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2844.166378][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2844.314767][T18716] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.15110'.
[ 2844.353463][T18716] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.15110'.
[ 2844.377876][T18717] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.15110'.
[ 2844.539223][T18705] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.15105'.
[ 2844.579601][T18705] bridge_slave_1: default FDB implementation only supports local addresses
[ 2845.124779][ T8869] wlan1: Trigger new scan to find an IBSS to join
[ 2845.352586][T18724] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2845.466851][T18730] netlink: 'syz.1.15114': attribute type 3 has an invalid length.
[ 2845.500902][T18730] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.15114'.
[ 2846.040746][T18741] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2846.976986][T18751] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.15120'.
[ 2847.018156][T18751] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.15120'.
[ 2847.063714][T18754] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.15120'.
[ 2847.880264][T18766] netlink: 763 bytes leftover after parsing attributes in process `syz.1.15127'.
[ 2847.937560][T18765] netlink: 'syz.1.15127': attribute type 17 has an invalid length.
[ 2848.326571][T18768] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.15128'.
[ 2848.362330][T18768] bridge_slave_1: default FDB implementation only supports local addresses
[ 2848.591900][T18775] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2848.782238][T18785] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.15133'.
[ 2848.806686][ T1065] Bluetooth: hci4: command 0x0406 tx timeout
[ 2848.820422][T18785] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.15133'.
[ 2848.862638][T18785] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.15133'.
[ 2849.124932][ T8873] wlan1: Trigger new scan to find an IBSS to join
[ 2850.167739][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2850.285063][T15188] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2851.372413][T18822] mac80211_hwsim hwsim606 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2851.556496][T18822] netlink: 'syz.2.15146': attribute type 3 has an invalid length.
[ 2851.587987][T18822] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.15146'.
[ 2852.946883][T18841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2852.969209][T18817] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.15144'.
[ 2853.034737][T18817] bridge_slave_1: default FDB implementation only supports local addresses
[ 2853.619876][T18849] mac80211_hwsim hwsim604 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2853.658467][T18849] netlink: 'syz.0.15154': attribute type 3 has an invalid length.
[ 2853.679152][T18849] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.15154'.
[ 2854.171843][T15188] wlan1: Trigger new scan to find an IBSS to join
[ 2854.178524][T26550] wlan1: Trigger new scan to find an IBSS to join
[ 2854.569185][T18870] netlink: 164 bytes leftover after parsing attributes in process `syz.1.15161'.
[ 2854.866415][T18875] netlink: 'syz.2.15163': attribute type 10 has an invalid length.
[ 2854.876463][T18875] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2854.884811][T18875] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2854.926494][T18875] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2854.934426][T18875] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2854.943694][T18875] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2854.950991][T18875] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2855.063721][T18875] team0: Port device bridge0 added
[ 2855.210646][T26550] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2855.254767][T18881] mac80211_hwsim hwsim602 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2855.266871][ T8869] ------------[ cut here ]------------
[ 2855.272955][ T8869] WARNING: CPU: 1 PID: 8869 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440
[ 2855.283088][ T8869] Modules linked in:
[ 2855.287495][ T8869] CPU: 1 PID: 8869 Comm: kworker/u4:13 Not tainted syzkaller #0
[ 2855.295393][ T8869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2855.305729][ T8869] Workqueue: cfg80211 cfg80211_event_work
[ 2855.311819][ T8869] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[ 2855.318138][ T8869] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 57 a4 a0 f7 0f 0b eb bb e8 4e a4 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 40 a4 a0 f7 0f 0b e9 e0 fd ff ff e8
[ 2855.338271][ T8869] RSP: 0018:ffffc90004147a20 EFLAGS: 00010293
[ 2855.344601][ T8869] RAX: ffffffff89e67db2 RBX: dffffc0000000000 RCX: ffff888022acbc00
[ 2855.352662][ T8869] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60
[ 2855.361075][ T8869] RBP: ffffc90004147af8 R08: ffffffff911c556f R09: 1ffffffff2238aad
[ 2855.369320][ T8869] R10: dffffc0000000000 R11: fffffbfff2238aae R12: ffff88805ca48c90
[ 2855.377435][ T8869] R13: 1ffff92000828f4c R14: ffff88806869b5b8 R15: 000000000000001f
[ 2855.385524][ T8869] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 2855.394669][ T8869] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2855.401341][ T8869] CR2: 00007f60ba7456b8 CR3: 000000000cf32000 CR4: 00000000003506e0
[ 2855.409432][ T8869] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2855.417522][ T8869] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 2855.425665][ T8869] Call Trace:
[ 2855.429022][ T8869]  <TASK>
[ 2855.432013][ T8869]  ? mutex_lock_nested+0x20/0x20
[ 2855.437110][ T8869]  ? trace_rdev_return_void+0x1c0/0x1c0
[ 2855.443018][ T8869]  cfg80211_process_wdev_events+0x3bc/0x550
[ 2855.449180][ T8869]  cfg80211_process_rdev_events+0xa1/0x110
[ 2855.455145][ T8869]  cfg80211_event_work+0x2f/0x40
[ 2855.460181][ T8869]  ? process_scheduled_works+0x96f/0x15d0
[ 2855.466064][ T8869]  process_scheduled_works+0xa5d/0x15d0
[ 2855.471814][ T8869]  ? worker_attach_to_pool+0x380/0x380
[ 2855.477464][ T8869]  ? assign_work+0x3d2/0x5d0
[ 2855.482164][ T8869]  worker_thread+0xa55/0xfc0
[ 2855.487008][ T8869]  kthread+0x2fa/0x390
[ 2855.491163][ T8869]  ? pr_cont_work+0x560/0x560
[ 2855.496043][ T8869]  ? kthread_blkcg+0xd0/0xd0
[ 2855.500714][ T8869]  ret_from_fork+0x48/0x80
[ 2855.505281][ T8869]  ? kthread_blkcg+0xd0/0xd0
[ 2855.509958][ T8869]  ret_from_fork_asm+0x11/0x20
[ 2855.514893][ T8869]  </TASK>
[ 2855.517997][ T8869] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2855.525347][ T8869] CPU: 1 PID: 8869 Comm: kworker/u4:13 Not tainted syzkaller #0
[ 2855.533078][ T8869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 2855.543197][ T8869] Workqueue: cfg80211 cfg80211_event_work
[ 2855.548991][ T8869] Call Trace:
[ 2855.552324][ T8869]  <TASK>
[ 2855.555311][ T8869]  dump_stack_lvl+0x18c/0x250
[ 2855.560075][ T8869]  ? show_regs_print_info+0x20/0x20
[ 2855.565356][ T8869]  ? load_image+0x420/0x420
[ 2855.569953][ T8869]  panic+0x2dc/0x730
[ 2855.573935][ T8869]  ? bpf_jit_dump+0xd0/0xd0
[ 2855.578534][ T8869]  ? ret_from_fork_asm+0x11/0x20
[ 2855.583564][ T8869]  __warn+0x2e0/0x470
[ 2855.587625][ T8869]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2855.593260][ T8869]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2855.598881][ T8869]  report_bug+0x2be/0x4f0
[ 2855.603267][ T8869]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2855.608875][ T8869]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2855.614487][ T8869]  ? __cfg80211_ibss_joined+0x3d4/0x440
[ 2855.620096][ T8869]  handle_bug+0xcf/0x120
[ 2855.624390][ T8869]  exc_invalid_op+0x1a/0x50
[ 2855.628947][ T8869]  asm_exc_invalid_op+0x1a/0x20
[ 2855.633848][ T8869] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[ 2855.640065][ T8869] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 57 a4 a0 f7 0f 0b eb bb e8 4e a4 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 40 a4 a0 f7 0f 0b e9 e0 fd ff ff e8
[ 2855.659726][ T8869] RSP: 0018:ffffc90004147a20 EFLAGS: 00010293
[ 2855.665850][ T8869] RAX: ffffffff89e67db2 RBX: dffffc0000000000 RCX: ffff888022acbc00
[ 2855.673882][ T8869] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60
[ 2855.681920][ T8869] RBP: ffffc90004147af8 R08: ffffffff911c556f R09: 1ffffffff2238aad
[ 2855.689953][ T8869] R10: dffffc0000000000 R11: fffffbfff2238aae R12: ffff88805ca48c90
[ 2855.698152][ T8869] R13: 1ffff92000828f4c R14: ffff88806869b5b8 R15: 000000000000001f
[ 2855.706196][ T8869]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 2855.711894][ T8869]  ? mutex_lock_nested+0x20/0x20
[ 2855.716903][ T8869]  ? trace_rdev_return_void+0x1c0/0x1c0
[ 2855.722526][ T8869]  cfg80211_process_wdev_events+0x3bc/0x550
[ 2855.728521][ T8869]  cfg80211_process_rdev_events+0xa1/0x110
[ 2855.734484][ T8869]  cfg80211_event_work+0x2f/0x40
[ 2855.739471][ T8869]  ? process_scheduled_works+0x96f/0x15d0
[ 2855.745248][ T8869]  process_scheduled_works+0xa5d/0x15d0
[ 2855.750872][ T8869]  ? worker_attach_to_pool+0x380/0x380
[ 2855.756408][ T8869]  ? assign_work+0x3d2/0x5d0
[ 2855.761063][ T8869]  worker_thread+0xa55/0xfc0
[ 2855.765729][ T8869]  kthread+0x2fa/0x390
[ 2855.769853][ T8869]  ? pr_cont_work+0x560/0x560
[ 2855.774588][ T8869]  ? kthread_blkcg+0xd0/0xd0
[ 2855.779230][ T8869]  ret_from_fork+0x48/0x80
[ 2855.783700][ T8869]  ? kthread_blkcg+0xd0/0xd0
[ 2855.788355][ T8869]  ret_from_fork_asm+0x11/0x20
[ 2855.793198][ T8869]  </TASK>
[ 2855.796856][ T8869] Kernel Offset: disabled
[ 2855.801314][ T8869] Rebooting in 86400 seconds..