last executing test programs:

5.680967729s ago: executing program 0 (id=1742):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000220000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8feffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x22, 0x2, 0x21)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

4.97767852s ago: executing program 0 (id=1744):
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000680)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x1}, 0x10c002, 0xac5d, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x0}, 0x94)
perf_event_open(&(0x7f0000004680)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0x10, 0x5, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000003c0), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000540)={0x6, 0x80, 0x0, 0x40, 0x0, 0x0, 0x0, 0x5c35, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_config_ext={0x2, 0x2}, 0x120c, 0x0, 0x0, 0x2, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, r1, 0x0)
r2 = socket$kcm(0x23, 0x5, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x400c84c)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b70200001f000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000040000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d339707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf90a70f2bdf4000200000000b0c2c125080963f63223b7b80197aa3161f45346b100000000000000000089070000009876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13a0100000082c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72705edfa2cddb01f44c850e4ea450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e8894680600000000000000db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534c88d443ac8b3685135dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6faa21b0f5a0fdb6487c51ef12c27b30255bc4f8813be88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387c7acb9bbd1da497611ceda25049e48ddacccbb58dddaf9a3510d65383829a51e0f416661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7ea6a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f0f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459500f024f9b75885cd79ba32776e4a511c8a4ad922b00000000000000a9241220dfbf7d02ef507ec6fc7f5d37d835f7bed71283c431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477e268326af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d136ecc87185f2437c4fce146d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8ea5c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae0000000000007c012779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5fe535ead8857acf0166dbd9f30a9b9c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53d2f64ec521f6fa1cd02843a5e16074d86c9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c005da21073c6d9680d4e547cb727addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cf4eba7ceda6ff8a0c8b18c5e9e2f505e833217557abb257d61af8e8c473a7585436730db75da167481ab8921fe051b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a1167b948247c33abc765a6ba695c3cea5e32a4d1ae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000ff267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfea4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f0000b2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a805e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d04d3fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d01005a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303d000000000000000000000000000000b17fedd6b6501a47d0e5b510f4a4fab5a62d5fa7e8ead851b01dbfdfe5823c2600"/3432], &(0x7f0000000340)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0xf, 0x0, &(0x7f00000000c0)="5aee41dea43e63a3f7fb7f110000c0", 0x0, 0xf004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89ed, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000001800)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18030000feffffff00000000000000008510000006000000181000000adaf6fd3b6a47ec6a9c6c68f08345f12a7eba6be222058ecd7b50adb11676b02d80828cffc073aa5b9ff82f47eac6eb0c2bedf1d8c6953f750917c943b5447198353c6a10e0b5c43e92eb2b773b73cae8ac541587aa746c5f78fca9210d7697f502521e6a316ee166090bc5a0d3f8f7c2ed7ce0c7e65fc2d6c0fd5280b3dac70145b5652255fb8bc447506affcd39f4d6194135edf7466713caa86c2047e35104bce343661230fc", @ANYRES32=r4, @ANYBLOB="0000000000000000250000000000000018000000000000000000000000000000950000000000000057030000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000000}, 0x94)
gettid()
syz_clone(0x410a4400, 0x0, 0xfffffffffffffd56, 0x0, 0x0, 0xffffffffffffffff)
socket$kcm(0x21, 0x7, 0x2)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0/../file0/../file0/file0\x00', 0x8c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0xa, 0x4, &(0x7f0000000100)=ANY=[@ANYRES64=r0], &(0x7f0000000040)='GPL\x00', 0x800, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0xf}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{}, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

3.816780828s ago: executing program 0 (id=1747):
socket$kcm(0x23, 0x7, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="11000000040000000400000001"], 0x48)
r1 = socket$kcm(0x2c, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB='.A'], 0x0}, 0x94)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f00000001c0)=r1}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], 0x48)
r3 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r5, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x14, &(0x7f00000010c0)=ANY=[@ANYRES8=0x0, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000163b00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fffff}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)=@o_path={0x0}, 0x18)
r7 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r7, 0x29, 0x30, &(0x7f0000000100)=r6, 0x33eb)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x8, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0xe, 0x0, &(0x7f0000000040)="e06921e8682d85ff9782762f86dd", 0x0, 0xc7d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket$kcm(0x11, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071100a000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
sendmsg$kcm(r10, &(0x7f00000000c0)={&(0x7f0000000380)=@hci={0x1f, 0xa888, 0x4}, 0x80, &(0x7f0000000540)=[{0x0}], 0x1}, 0x40000)

2.636751382s ago: executing program 0 (id=1751):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x50}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x1, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x7fffffff, 0x20000}, 0x4001, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x115905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x1205000, 0x0, 0x0, &(0x7f00000017c0), 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd6000, 0x4, @perf_bp={0x0, 0x3}, 0x29, 0x0, 0x0, 0x6, 0x9, 0x800000, 0x4, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair(0x1d, 0x2, 0x2, &(0x7f0000000280))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000180)=r0, 0x4)
sendmsg$inet(r1, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="2c000000000000000000000007000000441c0503"], 0x30}, 0x40880)

2.310202742s ago: executing program 1 (id=1753):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x106458, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000f9ffffff8500000028000000180100002020"], 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

1.928825352s ago: executing program 1 (id=1756):
r0 = socket$kcm(0x10, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, &(0x7f0000001040)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tmw'], 0xa)
recvmsg(r0, &(0x7f0000000840)={&(0x7f0000000180)=@x25={0x9, @remote}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000000)=""/38, 0x26}, {&(0x7f0000000200)=""/163, 0xa3}, {&(0x7f00000000c0)=""/38, 0x26}, {&(0x7f0000000880)=""/179, 0xb3}, {&(0x7f0000000400)=""/221, 0xdd}, {&(0x7f0000000500)=""/57, 0x39}, {&(0x7f0000000540)=""/28, 0x1c}, {&(0x7f0000000580)=""/248, 0xf8}, {&(0x7f0000000680)=""/102, 0x66}], 0x9, &(0x7f00000007c0)=""/126, 0x7e}, 0x22)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x6, &(0x7f0000000100)=[{&(0x7f0000000380)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d0048007ea60864160af36504001a0038001d00e517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb000011d600a0680d4bbd6df1db6f1078bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.868722732s ago: executing program 2 (id=1757):
perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x126564, 0x3, 0x0, 0x8, 0xffffffffffffffff, 0x0, 0x7}, 0x0, 0x100000000000007, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000f9ffffff8500000028000000180100002020"], 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000140))
close(r1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000000000000738af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r4}, 0xc)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r1, 0x40047451, &(0x7f0000001a40))
socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
socket$kcm(0x29, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x20000000000005}, 0x100a64, 0xc78, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/cgroup\x00')
ioctl$TUNSETIFF(r5, 0xb701, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x35, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8946, &(0x7f0000000080))

1.80260158s ago: executing program 0 (id=1758):
r0 = socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='..\x16')
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0xe0, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001000)=[0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x4, 0x8, &(0x7f0000001040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000001080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x5f, &(0x7f00000010c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000001140), &(0x7f0000001180), 0x8, 0xfc, 0x8, 0x8, &(0x7f00000011c0)}}, 0x10)
sendmsg$inet(r0, &(0x7f0000001400)={&(0x7f0000000180)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000500)="00ddbbdecbeaf1de826a920ffe5c394b0bab27b3b91075578aefdf39617b330d507cef86434c9de74afe13107de65770f83bca8252a7e2b6fc04bd44840dbe5066adbffa0769a4273179c3ae72b61d1e9a2339897e65cd93698648e292621ecda950548c82b550eca5fe049f581955d21635b5239f57ed1fda3ca7ec63875e4d6f62b03795ccdf23c1688c34aa36bcc1b29c273969dbe531b669c0c531c0d2ac8bc279f59111f7d2f82a839fdd69300cc56abc1c70a3d6d36cecbd069f78ec918e62966014aa99804841dc24299cdda7483aa8e2184476734aa806b8", 0xdc}, {&(0x7f0000000700)="c17e1153ff", 0x5}, {&(0x7f0000000f80)="b87397a274c3a6f31b42a7290973fc743bc6eca9be658cd8cb1e4c739350f106b41ef973315b90e523ddf0a1d575db559d81edb586e5fc60d1ba6beca7b2f04d34", 0x41}], 0x3, &(0x7f0000001340)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xa4d}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_retopts={{0x24, 0x0, 0x7, {[@timestamp={0x44, 0x14, 0x8d, 0x0, 0x1, [0x0, 0x2838, 0x401, 0x10001]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @dev={0xac, 0x14, 0x14, 0x19}, @broadcast}}}], 0x90}, 0x4000000)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x15, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff620af0fff8ffffff71a4f003000000002d040300000000003d030000000000006504000001ed000079102800000000006c440000000000007b0ab0fe000000007913000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae563f721c5363092adaa1d8964162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f75c345edcb84ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f277b8a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba0af35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c320e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0bad3b0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000d0000000000000000000000850000000500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0xe, 0x0, &(0x7f00000001c0)="581f9239658ea95ed371ea3dd361", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000140)={r2, r5})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000010880)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018110000", @ANYRESOCT=r3, @ANYRESHEX=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r7, r6}, 0xc)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="d8000000290081084e81f782db44b904021d080006007c06e8fe55a10a0015400600142603600e120800060000000801a80016000800034003e01100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000c5e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb79104005ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4023f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cade81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x4090)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x702, 0xe, 0x0, &(0x7f0000000380)="e460334470b8d480eb00c1520800", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x8, 0x4, 0xffdffffe, &(0x7f0000000200)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x8946, &(0x7f0000000080))

1.691815059s ago: executing program 3 (id=1759):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x31}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c03000b000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x5e, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r1 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x21, &(0x7f0000000100), 0x120)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @empty, 0x0, 0x1}, 0x80, 0x0}, 0x240440d1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xd, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xa0}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13}, 0x94)

1.552269733s ago: executing program 1 (id=1760):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20140, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x6, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0f020000390005", 0x7}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe00006a"], 0xfe33)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b004f012ba945b9d3a00000ffffffff01000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$kcm(0x29, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000005d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000000000000}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_pid(r3, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af36507001ac0043f020234000c000300010004000000eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.42703437s ago: executing program 2 (id=1761):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r4, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000240)=r3}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x53f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.418864449s ago: executing program 3 (id=1762):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000220000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8feffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x22, 0x2, 0x21)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

1.20447953s ago: executing program 3 (id=1763):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20140, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x6, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0f020000390005", 0x7}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe00006a"], 0xfe33)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b004f012ba945b9d3a00000ffffffff01000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$kcm(0x29, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000005d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000000000000}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_pid(r4, 0x0, 0x0)
sendmsg$unix(r3, 0x0, 0x4040)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xf}, 0x90208, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af36507001ac0043f020234000c000300010004000000eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.203664989s ago: executing program 1 (id=1771):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000220000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8feffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x22, 0x2, 0x21)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

1.197579219s ago: executing program 2 (id=1764):
socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff620af0fff8ffffff71a4f0ff000000002d040300000000003d030000000000006504000001ed000079102800000000006c440000000000007b0ab0fe000000007913000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae563f721c5363092adaa1d8964162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f75c345edcb84ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f277b8a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba0af35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c320e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0bad3b0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

949.558403ms ago: executing program 2 (id=1765):
socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff620af0fff8ffffff71a4f0ff000000002d040300000000003d030000000000006504000001ed000079102800000000006c440000000000007b0ab0fe000000007913000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae563f721c5363092adaa1d8964162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f75c345edcb84ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f277b8a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba0af35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c320e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0bad3b0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) (fail_nth: 1)

921.792868ms ago: executing program 1 (id=1766):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="39000000140081ae10003c000500018311001f", 0x13}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00910c07a551559a257aac81"], 0xfe33)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYRES32=r0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
r4 = socket$kcm(0x10, 0x2, 0x10)
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x83, 0x1, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, @perf_config_ext={0x20000000, 0x7}, 0x0, 0x0, 0x2, 0x9, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f91424fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

595.744059ms ago: executing program 3 (id=1767):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x10}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000220000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8feffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x22, 0x2, 0x21)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000039000000080000000b"], 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

535.072227ms ago: executing program 0 (id=1768):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x50}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x1, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x7fffffff, 0x20000}, 0x4001, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x115905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x1205000, 0x0, 0x0, &(0x7f00000017c0), 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd6000, 0x4, @perf_bp={0x0, 0x3}, 0x29, 0x0, 0x0, 0x6, 0x9, 0x800000, 0x4, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair(0x1d, 0x2, 0x2, &(0x7f0000000280))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000180)=r0, 0x4)
sendmsg$inet(r1, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="2c000000000000000000000007000000441c0503"], 0x30}, 0x40880)

528.830196ms ago: executing program 2 (id=1769):
r0 = socket$kcm(0x10, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, &(0x7f0000001040)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tmw'], 0xa)
recvmsg(r0, &(0x7f0000000840)={&(0x7f0000000180)=@x25={0x9, @remote}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000000)=""/38, 0x26}, {&(0x7f0000000200)=""/163, 0xa3}, {&(0x7f00000000c0)=""/38, 0x26}, {&(0x7f0000000880)=""/179, 0xb3}, {&(0x7f0000000400)=""/221, 0xdd}, {&(0x7f0000000500)=""/57, 0x39}, {&(0x7f0000000540)=""/28, 0x1c}, {&(0x7f0000000580)=""/248, 0xf8}, {&(0x7f0000000680)=""/102, 0x66}], 0x9, &(0x7f00000007c0)=""/126, 0x7e}, 0x22)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x6, &(0x7f0000000100)=[{&(0x7f0000000380)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d0048007ea60864160af36504001a0038001d00e517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb000011d600a0680d4bbd6df1db6f1078bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

432.228659ms ago: executing program 1 (id=1770):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$unix(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="140000000000"], 0x18}, 0x0)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xf}, 0x90208, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x7400}, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x0)
write$cgroup_subtree(r6, &(0x7f0000001ec0)=ANY=[@ANYBLOB="13120000120091ef04e9befbbd"], 0xfe33)
recvmsg$kcm(r6, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000039c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/233, 0xe9}, {&(0x7f00000005c0)=""/194, 0xc2}, {&(0x7f00000006c0)=""/87, 0x57}, {&(0x7f0000000400)=""/211, 0xd3}, {&(0x7f0000000b00)=""/157, 0xffffff8c}, {&(0x7f00000008c0)=""/210, 0xd2}, {&(0x7f0000000280)=""/209, 0xd1}], 0x8}, 0x0)
recvmsg$kcm(r6, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x42)
recvmsg$kcm(r6, &(0x7f0000000cc0)={0x0, 0x0, 0x0}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYRESHEX=r1], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x6}, 0x94)
close(r7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=@framed={{}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}, {0x85, 0x0, 0x0, 0x2d}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r5}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r10}, &(0x7f0000000000), &(0x7f0000000080)=r7}, 0x20)
sendmsg$inet(r9, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r8, 0x0, 0x2142)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
close(r11)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480))
ioctl$SIOCSIFHWADDR(r11, 0x8b19, 0x0)

336.932971ms ago: executing program 3 (id=1772):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20140, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x6, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0f020000390005", 0x7}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe00006a"], 0xfe33)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b004f012ba945b9d3a00000ffffffff01000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$kcm(0x29, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000005d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000000000000}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af36507001ac0043f020234000c000300010004000000eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

255.913736ms ago: executing program 2 (id=1773):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x60}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

0s ago: executing program 3 (id=1774):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r4, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000240)=r3}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x53f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

kernel console output (not intermixed with test programs):

4: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  317.758739][ T8897]  </TASK>
[  318.076739][ T8898] delete_channel: no stack
[  318.668151][ T8900] delete_channel: no stack
[  319.415955][ T8921] netlink: 'syz.3.1000': attribute type 3 has an invalid length.
[  319.464914][ T8921] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1000'.
[  320.168141][ T8934] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  320.502217][ T8933] delete_channel: no stack
[  320.632926][ T8942] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  321.336857][ T8951] netlink: 'syz.2.1010': attribute type 10 has an invalid length.
[  321.445183][ T8951] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  321.517815][ T8947] delete_channel: no stack
[  321.989912][ T8958] netlink: 'syz.3.1013': attribute type 3 has an invalid length.
[  322.031142][ T8958] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1013'.
[  322.640896][ T8967] netlink: 'syz.2.1023': attribute type 3 has an invalid length.
[  322.719659][ T8967] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1023'.
[  322.796553][ T8963] delete_channel: no stack
[  323.775486][ T8980] delete_channel: no stack
[  324.333931][ T8987] netlink: 'syz.1.1022': attribute type 10 has an invalid length.
[  324.439369][ T8987] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  324.637711][ T8995] netlink: 'syz.2.1027': attribute type 3 has an invalid length.
[  324.700847][ T8995] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1027'.
[  324.702520][ T8998] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  325.807836][ T9012] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1034'.
[  325.901859][ T9008] delete_channel: no stack
[  326.696113][ T9023] netlink: 'syz.3.1038': attribute type 3 has an invalid length.
[  326.702317][ T9026] netlink: 'syz.0.1039': attribute type 10 has an invalid length.
[  326.774282][ T9023] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1038'.
[  326.863828][ T9026] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  327.113341][ T9029] FAULT_INJECTION: forcing a failure.
[  327.113341][ T9029] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  327.195378][ T9029] CPU: 1 PID: 9029 Comm: syz.2.1040 Not tainted syzkaller #0
[  327.202831][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  327.212927][ T9029] Call Trace:
[  327.216245][ T9029]  <TASK>
[  327.219216][ T9029]  dump_stack_lvl+0x18c/0x250
[  327.223956][ T9029]  ? show_regs_print_info+0x20/0x20
[  327.229209][ T9029]  ? load_image+0x400/0x400
[  327.233766][ T9029]  ? __might_fault+0xaa/0x120
[  327.238486][ T9029]  ? __lock_acquire+0x7d40/0x7d40
[  327.243557][ T9029]  should_fail_ex+0x39d/0x4d0
[  327.248288][ T9029]  _copy_from_user+0x2f/0xe0
[  327.252918][ T9029]  ___sys_sendmsg+0x1c7/0x360
[  327.257622][ T9029]  ? __sys_sendmsg+0x2a0/0x2a0
[  327.262421][ T9029]  ? __lock_acquire+0x7d40/0x7d40
[  327.267509][ T9029]  __se_sys_sendmsg+0x1c2/0x2b0
[  327.272386][ T9029]  ? __x64_sys_sendmsg+0x80/0x80
[  327.277360][ T9029]  ? lockdep_hardirqs_on+0x98/0x150
[  327.282583][ T9029]  do_syscall_64+0x55/0xa0
[  327.287030][ T9029]  ? clear_bhb_loop+0x40/0x90
[  327.291726][ T9029]  ? clear_bhb_loop+0x40/0x90
[  327.296443][ T9029]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  327.302363][ T9029] RIP: 0033:0x7fd00639c799
[  327.306798][ T9029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  327.326438][ T9029] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.334882][ T9029] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  327.342876][ T9029] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  327.350867][ T9029] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  327.358863][ T9029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.366862][ T9029] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  327.374873][ T9029]  </TASK>
[  328.378897][ T9044] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  329.272323][ T9055] netlink: 'syz.0.1050': attribute type 21 has an invalid length.
[  329.297904][ T9055] netlink: 'syz.0.1050': attribute type 1 has an invalid length.
[  329.375589][ T9055] netlink: 16050 bytes leftover after parsing attributes in process `syz.0.1050'.
[  329.407295][ T9056] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.1050'.
[  329.487066][ T9053] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  330.016805][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  330.188812][ T9066] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1053'.
[  330.339466][ T9065] delete_channel: no stack
[  330.482514][ T9072] bond0: left allmulticast mode
[  330.504319][ T9072] bond_slave_0: left allmulticast mode
[  330.510110][ T9072] bond_slave_1: left allmulticast mode
[  330.557040][ T9072] bridge0: port 3(bond0) entered disabled state
[  330.707952][ T9072] bridge_slave_1: left allmulticast mode
[  330.764327][ T9072] bridge_slave_1: left promiscuous mode
[  330.771327][ T9072] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.926131][ T9075] FAULT_INJECTION: forcing a failure.
[  330.926131][ T9075] name failslab, interval 1, probability 0, space 0, times 0
[  330.977842][ T9072] bridge_slave_0: left allmulticast mode
[  331.018154][ T9075] CPU: 1 PID: 9075 Comm: syz.0.1058 Not tainted syzkaller #0
[  331.025605][ T9075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  331.034764][ T9072] bridge_slave_0: left promiscuous mode
[  331.035685][ T9075] Call Trace:
[  331.035697][ T9075]  <TASK>
[  331.035707][ T9075]  dump_stack_lvl+0x18c/0x250
[  331.035749][ T9075]  ? show_regs_print_info+0x20/0x20
[  331.035783][ T9075]  ? load_image+0x400/0x400
[  331.035814][ T9075]  ? __might_sleep+0xe0/0xe0
[  331.035843][ T9075]  ? __lock_acquire+0x7d40/0x7d40
[  331.035866][ T9075]  ? kvm_sched_clock_read+0x11/0x20
[  331.035898][ T9075]  should_fail_ex+0x39d/0x4d0
[  331.035936][ T9075]  should_failslab+0x9/0x20
[  331.035967][ T9075]  slab_pre_alloc_hook+0x59/0x310
[  331.036006][ T9075]  kmem_cache_alloc+0x5a/0x2d0
[  331.036035][ T9075]  ? getname_flags+0xbb/0x500
[  331.100848][ T9075]  getname_flags+0xbb/0x500
[  331.105387][ T9075]  __x64_sys_mkdir+0x5f/0x80
[  331.109998][ T9075]  do_syscall_64+0x55/0xa0
[  331.114436][ T9075]  ? clear_bhb_loop+0x40/0x90
[  331.119130][ T9075]  ? clear_bhb_loop+0x40/0x90
[  331.123824][ T9075]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  331.129735][ T9075] RIP: 0033:0x7fa8ebd9c799
[  331.134174][ T9075] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  331.153808][ T9075] RSP: 002b:00007fa8ecd1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  331.162248][ T9075] RAX: ffffffffffffffda RBX: 00007fa8ec015fa0 RCX: 00007fa8ebd9c799
[  331.170250][ T9075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  331.178243][ T9075] RBP: 00007fa8ecd1a090 R08: 0000000000000000 R09: 0000000000000000
[  331.186250][ T9075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.194245][ T9075] R13: 00007fa8ec016038 R14: 00007fa8ec015fa0 R15: 00007ffda997e7a8
[  331.202260][ T9075]  </TASK>
[  331.213010][ T9072] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.926820][ T9081] netlink: 'syz.0.1059': attribute type 1 has an invalid length.
[  331.975460][ T9082] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1059'.
[  332.014535][ T9081] netlink: 112865 bytes leftover after parsing attributes in process `syz.0.1059'.
[  332.915065][ T9097] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1063'.
[  333.106298][ T9095] delete_channel: no stack
[  333.810724][ T9107] delete_channel: no stack
[  334.092125][ T9111] syzkaller0: entered promiscuous mode
[  334.144215][ T9111] syzkaller0: entered allmulticast mode
[  336.224965][ T9136] FAULT_INJECTION: forcing a failure.
[  336.224965][ T9136] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  336.284348][ T9136] CPU: 1 PID: 9136 Comm: syz.0.1076 Not tainted syzkaller #0
[  336.291782][ T9136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  336.301874][ T9136] Call Trace:
[  336.305199][ T9136]  <TASK>
[  336.308166][ T9136]  dump_stack_lvl+0x18c/0x250
[  336.312932][ T9136]  ? show_regs_print_info+0x20/0x20
[  336.318180][ T9136]  ? load_image+0x400/0x400
[  336.322752][ T9136]  ? __might_fault+0xaa/0x120
[  336.327469][ T9136]  ? __lock_acquire+0x7d40/0x7d40
[  336.332546][ T9136]  should_fail_ex+0x39d/0x4d0
[  336.337293][ T9136]  _copy_from_user+0x2f/0xe0
[  336.341945][ T9136]  ___sys_recvmsg+0x176/0x590
[  336.346682][ T9136]  ? __sys_recvmsg+0x2a0/0x2a0
[  336.351520][ T9136]  ? ksys_write+0x1c4/0x260
[  336.356112][ T9136]  ? __fget_files+0x43d/0x4b0
[  336.360852][ T9136]  __x64_sys_recvmsg+0x20c/0x2e0
[  336.365839][ T9136]  ? ___sys_recvmsg+0x590/0x590
[  336.370767][ T9136]  ? lockdep_hardirqs_on+0x98/0x150
[  336.376021][ T9136]  do_syscall_64+0x55/0xa0
[  336.380491][ T9136]  ? clear_bhb_loop+0x40/0x90
[  336.385204][ T9136]  ? clear_bhb_loop+0x40/0x90
[  336.389922][ T9136]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  336.395860][ T9136] RIP: 0033:0x7fa8ebd9c799
[  336.400314][ T9136] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  336.419957][ T9136] RSP: 002b:00007fa8ecd1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  336.428447][ T9136] RAX: ffffffffffffffda RBX: 00007fa8ec015fa0 RCX: 00007fa8ebd9c799
[  336.436451][ T9136] RDX: 0000000000010100 RSI: 00002000000002c0 RDI: 0000000000000003
[  336.444459][ T9136] RBP: 00007fa8ecd1a090 R08: 0000000000000000 R09: 0000000000000000
[  336.452461][ T9136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.460464][ T9136] R13: 00007fa8ec016038 R14: 00007fa8ec015fa0 R15: 00007ffda997e7a8
[  336.468486][ T9136]  </TASK>
[  338.996910][ T9140] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1078'.
[  339.077285][ T9139] delete_channel: no stack
[  339.239744][ T9146] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  339.473132][ T9152] FAULT_INJECTION: forcing a failure.
[  339.473132][ T9152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.486573][ T9152] CPU: 1 PID: 9152 Comm: syz.2.1084 Not tainted syzkaller #0
[  339.493989][ T9152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  339.504082][ T9152] Call Trace:
[  339.507393][ T9152]  <TASK>
[  339.510355][ T9152]  dump_stack_lvl+0x18c/0x250
[  339.515082][ T9152]  ? show_regs_print_info+0x20/0x20
[  339.520327][ T9152]  ? load_image+0x400/0x400
[  339.524876][ T9152]  ? __might_fault+0xaa/0x120
[  339.529581][ T9152]  ? __lock_acquire+0x7d40/0x7d40
[  339.534628][ T9152]  should_fail_ex+0x39d/0x4d0
[  339.539336][ T9152]  _copy_from_user+0x2f/0xe0
[  339.543941][ T9152]  __sys_bpf+0x23e/0x890
[  339.548206][ T9152]  ? bpf_link_show_fdinfo+0x390/0x390
[  339.553611][ T9152]  ? lock_chain_count+0x20/0x20
[  339.558500][ T9152]  __x64_sys_bpf+0x7c/0x90
[  339.562968][ T9152]  do_syscall_64+0x55/0xa0
[  339.567411][ T9152]  ? clear_bhb_loop+0x40/0x90
[  339.572109][ T9152]  ? clear_bhb_loop+0x40/0x90
[  339.576822][ T9152]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.582735][ T9152] RIP: 0033:0x7fd00639c799
[  339.587181][ T9152] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  339.606831][ T9152] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  339.615274][ T9152] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  339.623268][ T9152] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  339.631272][ T9152] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  339.639261][ T9152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.647283][ T9152] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  339.655298][ T9152]  </TASK>
[  339.786191][ T9153] delete_channel: no stack
[  340.244732][ T9161] delete_channel: no stack
[  340.879689][ T9174] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1090'.
[  341.001892][ T9173] delete_channel: no stack
[  341.386192][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1096'.
[  341.786084][ T9196] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  342.015533][ T9194] delete_channel: no stack
[  343.267612][ T9212] delete_channel: no stack
[  343.476509][ T9221] FAULT_INJECTION: forcing a failure.
[  343.476509][ T9221] name failslab, interval 1, probability 0, space 0, times 0
[  343.524631][ T9221] CPU: 0 PID: 9221 Comm: syz.1.1105 Not tainted syzkaller #0
[  343.532144][ T9221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  343.542240][ T9221] Call Trace:
[  343.545581][ T9221]  <TASK>
[  343.548544][ T9221]  dump_stack_lvl+0x18c/0x250
[  343.553273][ T9221]  ? show_regs_print_info+0x20/0x20
[  343.558514][ T9221]  ? lockdep_hardirqs_on+0x98/0x150
[  343.563758][ T9221]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  343.569970][ T9221]  should_fail_ex+0x39d/0x4d0
[  343.574700][ T9221]  should_failslab+0x9/0x20
[  343.579251][ T9221]  slab_pre_alloc_hook+0x59/0x310
[  343.584316][ T9221]  ? vfs_write+0x7dd/0x990
[  343.588782][ T9221]  kmem_cache_alloc+0x5a/0x2d0
[  343.593589][ T9221]  ? getname_flags+0xbb/0x500
[  343.598314][ T9221]  getname_flags+0xbb/0x500
[  343.602863][ T9221]  do_sys_openat2+0xda/0x1d0
[  343.607494][ T9221]  ? do_sys_open+0xe0/0xe0
[  343.611951][ T9221]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  343.617991][ T9221]  ? lock_chain_count+0x20/0x20
[  343.622903][ T9221]  __x64_sys_openat+0x139/0x160
[  343.627809][ T9221]  do_syscall_64+0x55/0xa0
[  343.632274][ T9221]  ? clear_bhb_loop+0x40/0x90
[  343.636992][ T9221]  ? clear_bhb_loop+0x40/0x90
[  343.641714][ T9221]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  343.647645][ T9221] RIP: 0033:0x7fa1a719c799
[  343.652087][ T9221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  343.671732][ T9221] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  343.680183][ T9221] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  343.688185][ T9221] RDX: 0000000000200002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  343.696190][ T9221] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  343.704183][ T9221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.712166][ T9221] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  343.720164][ T9221]  </TASK>
[  343.804973][ T9228] netlink: 18187 bytes leftover after parsing attributes in process `syz.3.1108'.
[  344.295651][ T9232] delete_channel: no stack
[  344.536083][ T9238] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  345.490018][ T9249] delete_channel: no stack
[  345.614342][ T9261] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1119'.
[  345.623773][ T9261] openvswitch: netlink: Geneve option length err (len 1788, max 255).
[  345.680023][ T9261] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1119'.
[  345.718367][ T9261] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1119'.
[  345.738158][ T9261] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1119'.
[  346.482925][ T9269] delete_channel: no stack
[  346.959566][ T9274] FAULT_INJECTION: forcing a failure.
[  346.959566][ T9274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.054177][ T9274] CPU: 0 PID: 9274 Comm: syz.3.1124 Not tainted syzkaller #0
[  347.061625][ T9274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  347.071713][ T9274] Call Trace:
[  347.075032][ T9274]  <TASK>
[  347.077992][ T9274]  dump_stack_lvl+0x18c/0x250
[  347.082741][ T9274]  ? show_regs_print_info+0x20/0x20
[  347.087982][ T9274]  ? load_image+0x400/0x400
[  347.092532][ T9274]  ? __might_fault+0xaa/0x120
[  347.097237][ T9274]  ? __lock_acquire+0x7d40/0x7d40
[  347.102309][ T9274]  should_fail_ex+0x39d/0x4d0
[  347.107011][ T9274]  _copy_from_user+0x2f/0xe0
[  347.111616][ T9274]  ___sys_sendmsg+0x1c7/0x360
[  347.116318][ T9274]  ? __sys_sendmsg+0x2a0/0x2a0
[  347.121119][ T9274]  ? __lock_acquire+0x7d40/0x7d40
[  347.126211][ T9274]  __se_sys_sendmsg+0x1c2/0x2b0
[  347.131084][ T9274]  ? __x64_sys_sendmsg+0x80/0x80
[  347.136085][ T9274]  ? lockdep_hardirqs_on+0x98/0x150
[  347.141312][ T9274]  do_syscall_64+0x55/0xa0
[  347.145753][ T9274]  ? clear_bhb_loop+0x40/0x90
[  347.150449][ T9274]  ? clear_bhb_loop+0x40/0x90
[  347.155151][ T9274]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  347.161061][ T9274] RIP: 0033:0x7f692f99c799
[  347.165493][ T9274] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  347.185151][ T9274] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  347.193572][ T9274] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  347.201559][ T9274] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000003
[  347.209552][ T9274] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  347.217550][ T9274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.225571][ T9274] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  347.233574][ T9274]  </TASK>
[  347.428888][ T9282] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  347.699270][ T9286] delete_channel: no stack
[  348.286965][ T9295] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1132'.
[  348.317323][ T9295] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1132'.
[  348.374407][ T9297] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1132'.
[  348.426760][ T9295] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1132'.
[  349.227369][ T9305] delete_channel: no stack
[  349.305071][ T9309] FAULT_INJECTION: forcing a failure.
[  349.305071][ T9309] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.360020][ T9309] CPU: 0 PID: 9309 Comm: syz.2.1136 Not tainted syzkaller #0
[  349.367462][ T9309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  349.377552][ T9309] Call Trace:
[  349.380859][ T9309]  <TASK>
[  349.383825][ T9309]  dump_stack_lvl+0x18c/0x250
[  349.388557][ T9309]  ? show_regs_print_info+0x20/0x20
[  349.393810][ T9309]  ? load_image+0x400/0x400
[  349.398370][ T9309]  ? __might_fault+0xaa/0x120
[  349.403090][ T9309]  ? __lock_acquire+0x7d40/0x7d40
[  349.408160][ T9309]  should_fail_ex+0x39d/0x4d0
[  349.412895][ T9309]  _copy_from_user+0x2f/0xe0
[  349.417535][ T9309]  ___sys_sendmsg+0x1c7/0x360
[  349.422255][ T9309]  ? __sys_sendmsg+0x2a0/0x2a0
[  349.427092][ T9309]  ? __lock_acquire+0x7d40/0x7d40
[  349.432197][ T9309]  __se_sys_sendmsg+0x1c2/0x2b0
[  349.437094][ T9309]  ? __x64_sys_sendmsg+0x80/0x80
[  349.442084][ T9309]  ? lockdep_hardirqs_on+0x98/0x150
[  349.447345][ T9309]  do_syscall_64+0x55/0xa0
[  349.451813][ T9309]  ? clear_bhb_loop+0x40/0x90
[  349.456540][ T9309]  ? clear_bhb_loop+0x40/0x90
[  349.461274][ T9309]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  349.467215][ T9309] RIP: 0033:0x7fd00639c799
[  349.471663][ T9309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  349.478910][ T9312] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  349.491287][ T9309] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  349.491314][ T9309] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  349.491328][ T9309] RDX: 0000000004004800 RSI: 0000200000000600 RDI: 0000000000000005
[  349.491341][ T9309] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  349.491354][ T9309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.491366][ T9309] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  349.491399][ T9309]  </TASK>
[  349.877742][ T9318] delete_channel: no stack
[  350.095749][ T9323] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  350.287730][ T9329] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1144'.
[  351.097255][ T9336] FAULT_INJECTION: forcing a failure.
[  351.097255][ T9336] name failslab, interval 1, probability 0, space 0, times 0
[  351.134148][ T9336] CPU: 1 PID: 9336 Comm: syz.3.1147 Not tainted syzkaller #0
[  351.141580][ T9336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  351.151669][ T9336] Call Trace:
[  351.154985][ T9336]  <TASK>
[  351.157982][ T9336]  dump_stack_lvl+0x18c/0x250
[  351.162712][ T9336]  ? show_regs_print_info+0x20/0x20
[  351.167954][ T9336]  ? load_image+0x400/0x400
[  351.172508][ T9336]  ? __might_sleep+0xe0/0xe0
[  351.177140][ T9336]  ? __lock_acquire+0x7d40/0x7d40
[  351.182209][ T9336]  ? perf_trace_lock+0xfc/0x3b0
[  351.187118][ T9336]  should_fail_ex+0x39d/0x4d0
[  351.191862][ T9336]  should_failslab+0x9/0x20
[  351.196422][ T9336]  slab_pre_alloc_hook+0x59/0x310
[  351.201504][ T9336]  ? __get_vm_area_node+0x125/0x370
[  351.206757][ T9336]  __kmem_cache_alloc_node+0x53/0x250
[  351.212183][ T9336]  ? __get_vm_area_node+0x125/0x370
[  351.217427][ T9336]  kmalloc_node_trace+0x26/0xe0
[  351.222321][ T9336]  __get_vm_area_node+0x125/0x370
[  351.227395][ T9336]  __vmalloc_node_range+0x36e/0x1330
[  351.232717][ T9336]  ? netlink_sendmsg+0x602/0xbf0
[  351.237708][ T9336]  ? netlink_insert+0x109f/0x13a0
[  351.242809][ T9336]  ? netlink_data_ready+0x10/0x10
[  351.247877][ T9336]  ? free_vm_area+0x50/0x50
[  351.252432][ T9336]  ? netlink_sendmsg+0x602/0xbf0
[  351.257420][ T9336]  vmalloc+0x79/0x90
[  351.261370][ T9336]  ? netlink_sendmsg+0x602/0xbf0
[  351.266360][ T9336]  netlink_sendmsg+0x602/0xbf0
[  351.271189][ T9336]  ? netlink_getsockopt+0x590/0x590
[  351.276448][ T9336]  ? aa_sock_msg_perm+0x94/0x150
[  351.281432][ T9336]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  351.286773][ T9336]  ? security_socket_sendmsg+0x80/0xa0
[  351.292289][ T9336]  sock_write_iter+0x2df/0x420
[  351.297095][ T9336]  ? sock_read_iter+0x3e0/0x3e0
[  351.302005][ T9336]  ? common_file_perm+0x198/0x1f0
[  351.307096][ T9336]  vfs_write+0x46c/0x990
[  351.311390][ T9336]  ? file_end_write+0x250/0x250
[  351.316293][ T9336]  ? __fget_files+0x43d/0x4b0
[  351.321109][ T9336]  ? __fdget_pos+0x1d8/0x330
[  351.325743][ T9336]  ? ksys_write+0x75/0x260
[  351.330219][ T9336]  ksys_write+0x150/0x260
[  351.334598][ T9336]  ? __ia32_sys_read+0x90/0x90
[  351.339410][ T9336]  ? lockdep_hardirqs_on+0x98/0x150
[  351.344651][ T9336]  do_syscall_64+0x55/0xa0
[  351.349120][ T9336]  ? clear_bhb_loop+0x40/0x90
[  351.353861][ T9336]  ? clear_bhb_loop+0x40/0x90
[  351.358584][ T9336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  351.364518][ T9336] RIP: 0033:0x7f692f99c799
[  351.368971][ T9336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  351.388625][ T9336] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  351.397073][ T9336] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  351.405072][ T9336] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003
[  351.413074][ T9336] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  351.421073][ T9336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.429080][ T9336] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  351.437113][ T9336]  </TASK>
[  351.519222][ T9336] syz.3.1147: vmalloc error: size 65408, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  351.564132][ T9336] CPU: 1 PID: 9336 Comm: syz.3.1147 Not tainted syzkaller #0
[  351.571546][ T9336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  351.581634][ T9336] Call Trace:
[  351.584941][ T9336]  <TASK>
[  351.587915][ T9336]  dump_stack_lvl+0x18c/0x250
[  351.592639][ T9336]  ? show_regs_print_info+0x20/0x20
[  351.597890][ T9336]  ? load_image+0x400/0x400
[  351.602432][ T9336]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  351.608887][ T9336]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  351.615431][ T9336]  warn_alloc+0x246/0x340
[  351.619822][ T9336]  ? __get_vm_area_node+0x125/0x370
[  351.625140][ T9336]  ? zone_watermark_ok_safe+0x230/0x230
[  351.630754][ T9336]  ? rcu_is_watching+0x15/0xb0
[  351.635593][ T9336]  ? __get_vm_area_node+0x356/0x370
[  351.640847][ T9336]  __vmalloc_node_range+0x393/0x1330
[  351.646186][ T9336]  ? netlink_insert+0x109f/0x13a0
[  351.651292][ T9336]  ? netlink_data_ready+0x10/0x10
[  351.656454][ T9336]  ? free_vm_area+0x50/0x50
[  351.661036][ T9336]  ? netlink_sendmsg+0x602/0xbf0
[  351.666033][ T9336]  vmalloc+0x79/0x90
[  351.669986][ T9336]  ? netlink_sendmsg+0x602/0xbf0
[  351.674984][ T9336]  netlink_sendmsg+0x602/0xbf0
[  351.679823][ T9336]  ? netlink_getsockopt+0x590/0x590
[  351.685074][ T9336]  ? aa_sock_msg_perm+0x94/0x150
[  351.690064][ T9336]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  351.695419][ T9336]  ? security_socket_sendmsg+0x80/0xa0
[  351.700931][ T9336]  sock_write_iter+0x2df/0x420
[  351.705743][ T9336]  ? sock_read_iter+0x3e0/0x3e0
[  351.710663][ T9336]  ? common_file_perm+0x198/0x1f0
[  351.715753][ T9336]  vfs_write+0x46c/0x990
[  351.720054][ T9336]  ? file_end_write+0x250/0x250
[  351.724962][ T9336]  ? __fget_files+0x43d/0x4b0
[  351.729693][ T9336]  ? __fdget_pos+0x1d8/0x330
[  351.734331][ T9336]  ? ksys_write+0x75/0x260
[  351.738802][ T9336]  ksys_write+0x150/0x260
[  351.743180][ T9336]  ? __ia32_sys_read+0x90/0x90
[  351.747995][ T9336]  ? lockdep_hardirqs_on+0x98/0x150
[  351.753237][ T9336]  do_syscall_64+0x55/0xa0
[  351.757696][ T9336]  ? clear_bhb_loop+0x40/0x90
[  351.762410][ T9336]  ? clear_bhb_loop+0x40/0x90
[  351.767131][ T9336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  351.773093][ T9336] RIP: 0033:0x7f692f99c799
[  351.777704][ T9336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  351.797619][ T9336] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  351.806084][ T9336] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  351.814097][ T9336] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003
[  351.822108][ T9336] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  351.830128][ T9336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.838138][ T9336] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  351.846170][ T9336]  </TASK>
[  351.913319][ T9339] delete_channel: no stack
[  351.945701][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  351.996192][ T9336] Mem-Info:
[  352.003841][ T9336] active_anon:54775 inactive_anon:0 isolated_anon:0
[  352.003841][ T9336]  active_file:19081 inactive_file:40035 isolated_file:0
[  352.003841][ T9336]  unevictable:768 dirty:233 writeback:0
[  352.003841][ T9336]  slab_reclaimable:10740 slab_unreclaimable:90345
[  352.003841][ T9336]  mapped:34745 shmem:50677 pagetables:713
[  352.003841][ T9336]  sec_pagetables:0 bounce:0
[  352.003841][ T9336]  kernel_misc_reclaimable:0
[  352.003841][ T9336]  free:1297990 free_pcp:9383 free_cma:0
[  352.192692][ T9336] Node 0 active_anon:219500kB inactive_anon:0kB active_file:76324kB inactive_file:159936kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140580kB dirty:932kB writeback:0kB shmem:201472kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10500kB pagetables:2852kB sec_pagetables:0kB all_unreclaimable? no
[  352.254956][ T9336] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  352.324109][ T9336] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  352.384108][ T9336] lowmem_reserve[]: 0 2521 2522 2522 2522
[  352.389977][ T9336] Node 0 DMA32 free:1283476kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:217460kB inactive_anon:0kB active_file:76324kB inactive_file:159112kB unevictable:1536kB writepending:932kB present:3129332kB managed:2586964kB mlocked:0kB bounce:0kB free_pcp:21604kB local_pcp:20252kB free_cma:0kB
[  352.484194][ T9336] lowmem_reserve[]: 0 0 0 0 0
[  352.488978][ T9336] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  352.554108][ T9336] lowmem_reserve[]: 0 0 0 0 0
[  352.558896][ T9336] Node 1 Normal free:3890856kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20096kB local_pcp:8640kB free_cma:0kB
[  352.654120][ T9336] lowmem_reserve[]: 0 0 0 0 0
[  352.658922][ T9336] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  352.698612][ T9336] Node 0 DMA32: 53*4kB (UE) 590*8kB (UE) 834*16kB (UME) 423*32kB (UME) 1398*64kB (UME) 644*128kB (UM) 201*256kB (UM) 37*512kB (UME) 6*1024kB (ME) 1*2048kB (M) 248*4096kB (UM) = 1298116kB
[  352.739776][ T9336] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  352.770741][ T9336] Node 1 Normal: 204*4kB (UM) 47*8kB (UME) 42*16kB (UME) 77*32kB (UME) 27*64kB (UE) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 1*2048kB (E) 947*4096kB (M) = 3890856kB
[  352.814118][ T9336] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  352.848063][ T9336] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  352.871472][ T9348] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  352.881370][ T9336] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  352.904385][ T9336] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  352.924703][ T9336] 109767 total pagecache pages
[  352.929512][ T9336] 0 pages in swap cache
[  352.933689][ T9336] Free swap  = 124996kB
[  352.964200][ T9336] Total swap = 124996kB
[  352.968492][ T9336] 2097051 pages RAM
[  352.993266][ T9336] 0 pages HighMem/MovableOnly
[  353.004146][ T9336] 416924 pages reserved
[  353.008458][ T9336] 0 pages cma reserved
[  353.139748][ T9350] delete_channel: no stack
[  353.475374][ T9357] syzkaller0: entered promiscuous mode
[  353.494209][ T9357] syzkaller0: entered allmulticast mode
[  354.987465][   T49] wlan1: Trigger new scan to find an IBSS to join
[  356.915014][   T49] wlan1: Trigger new scan to find an IBSS to join
[  357.838301][   T12] wlan1: Creating new IBSS network, BSSID 3e:dd:b7:1a:51:2b
[  357.921693][ T9360] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  357.945774][ T9369] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  358.307053][ T9375] delete_channel: no stack
[  358.591052][ T9381] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  358.729139][ T9384] delete_channel: no stack
[  359.168218][ T9401] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  359.271255][ T9400] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  359.954188][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  360.119318][ T9408] FAULT_INJECTION: forcing a failure.
[  360.119318][ T9408] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.159726][ T9408] CPU: 1 PID: 9408 Comm: syz.1.1167 Not tainted syzkaller #0
[  360.167175][ T9408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  360.177261][ T9408] Call Trace:
[  360.180566][ T9408]  <TASK>
[  360.183532][ T9408]  dump_stack_lvl+0x18c/0x250
[  360.188265][ T9408]  ? show_regs_print_info+0x20/0x20
[  360.193518][ T9408]  ? load_image+0x400/0x400
[  360.198066][ T9408]  ? __might_fault+0xaa/0x120
[  360.202796][ T9408]  ? __lock_acquire+0x7d40/0x7d40
[  360.207949][ T9408]  should_fail_ex+0x39d/0x4d0
[  360.212676][ T9408]  _copy_from_user+0x2f/0xe0
[  360.217307][ T9408]  ___sys_sendmsg+0x1c7/0x360
[  360.222028][ T9408]  ? __sys_sendmsg+0x2a0/0x2a0
[  360.226875][ T9408]  ? __lock_acquire+0x7d40/0x7d40
[  360.231962][ T9408]  __se_sys_sendmsg+0x1c2/0x2b0
[  360.236868][ T9408]  ? __x64_sys_sendmsg+0x80/0x80
[  360.241868][ T9408]  ? lockdep_hardirqs_on+0x98/0x150
[  360.247110][ T9408]  do_syscall_64+0x55/0xa0
[  360.251567][ T9408]  ? clear_bhb_loop+0x40/0x90
[  360.256288][ T9408]  ? clear_bhb_loop+0x40/0x90
[  360.261005][ T9408]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.266933][ T9408] RIP: 0033:0x7fa1a719c799
[  360.271380][ T9408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  360.291029][ T9408] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.299485][ T9408] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  360.307491][ T9408] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000003
[  360.315544][ T9408] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  360.323571][ T9408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.331582][ T9408] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  360.339607][ T9408]  </TASK>
[  360.431857][ T9409] delete_channel: no stack
[  360.707453][ T9413] delete_channel: no stack
[  360.909736][   T12] wlan1: Trigger new scan to find an IBSS to join
[  360.981830][ T9422] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  361.721783][ T9443] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  361.773038][ T9445] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  361.945586][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  363.250699][ T9460] FAULT_INJECTION: forcing a failure.
[  363.250699][ T9460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.264277][ T9460] CPU: 1 PID: 9460 Comm: syz.3.1184 Not tainted syzkaller #0
[  363.271697][ T9460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  363.281783][ T9460] Call Trace:
[  363.285091][ T9460]  <TASK>
[  363.288040][ T9460]  dump_stack_lvl+0x18c/0x250
[  363.292759][ T9460]  ? show_regs_print_info+0x20/0x20
[  363.298004][ T9460]  ? load_image+0x400/0x400
[  363.302532][ T9460]  ? __might_fault+0xaa/0x120
[  363.307242][ T9460]  ? __lock_acquire+0x7d40/0x7d40
[  363.312308][ T9460]  should_fail_ex+0x39d/0x4d0
[  363.317028][ T9460]  _copy_from_user+0x2f/0xe0
[  363.321644][ T9460]  __sys_bpf+0x23e/0x890
[  363.325914][ T9460]  ? bpf_link_show_fdinfo+0x390/0x390
[  363.331322][ T9460]  ? lock_chain_count+0x20/0x20
[  363.336209][ T9460]  __x64_sys_bpf+0x7c/0x90
[  363.340654][ T9460]  do_syscall_64+0x55/0xa0
[  363.345102][ T9460]  ? clear_bhb_loop+0x40/0x90
[  363.349811][ T9460]  ? clear_bhb_loop+0x40/0x90
[  363.354509][ T9460]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  363.360423][ T9460] RIP: 0033:0x7f692f99c799
[  363.364858][ T9460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  363.384476][ T9460] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  363.392919][ T9460] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  363.401007][ T9460] RDX: 0000000000000015 RSI: 00002000000002c0 RDI: 000000000000000a
[  363.409006][ T9460] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  363.416998][ T9460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.425011][ T9460] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  363.433047][ T9460]  </TASK>
[  363.475633][ T9457] delete_channel: no stack
[  363.621428][ T9461] delete_channel: no stack
[  363.760875][ T9465] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  363.948979][   T12] wlan1: Trigger new scan to find an IBSS to join
[  363.949459][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  364.827606][ T9491] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  364.957326][ T9487] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  365.428004][ T9498] delete_channel: no stack
[  365.737010][ T9500] delete_channel: no stack
[  365.945562][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  366.241124][ T9517] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.1201'.
[  366.524872][ T9520] FAULT_INJECTION: forcing a failure.
[  366.524872][ T9520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  366.657881][ T9520] CPU: 1 PID: 9520 Comm: syz.2.1203 Not tainted syzkaller #0
[  366.665343][ T9520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  366.675433][ T9520] Call Trace:
[  366.678740][ T9520]  <TASK>
[  366.681698][ T9520]  dump_stack_lvl+0x18c/0x250
[  366.686425][ T9520]  ? show_regs_print_info+0x20/0x20
[  366.691667][ T9520]  ? load_image+0x400/0x400
[  366.696203][ T9520]  ? __might_fault+0xaa/0x120
[  366.700915][ T9520]  ? __lock_acquire+0x7d40/0x7d40
[  366.705987][ T9520]  should_fail_ex+0x39d/0x4d0
[  366.710706][ T9520]  _copy_from_user+0x2f/0xe0
[  366.715358][ T9520]  ___sys_sendmsg+0x1c7/0x360
[  366.720071][ T9520]  ? __sys_sendmsg+0x2a0/0x2a0
[  366.724905][ T9520]  ? __lock_acquire+0x7d40/0x7d40
[  366.729977][ T9520]  __se_sys_sendmsg+0x1c2/0x2b0
[  366.734880][ T9520]  ? __x64_sys_sendmsg+0x80/0x80
[  366.739866][ T9520]  ? lockdep_hardirqs_on+0x98/0x150
[  366.745100][ T9520]  do_syscall_64+0x55/0xa0
[  366.749554][ T9520]  ? clear_bhb_loop+0x40/0x90
[  366.754262][ T9520]  ? clear_bhb_loop+0x40/0x90
[  366.758984][ T9520]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  366.764907][ T9520] RIP: 0033:0x7fd00639c799
[  366.769350][ T9520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  366.788976][ T9520] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  366.797412][ T9520] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  366.805416][ T9520] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  366.813407][ T9520] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  366.821404][ T9520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  366.829398][ T9520] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  366.837400][ T9520]  </TASK>
[  366.984825][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  367.226798][ T9524] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  367.841639][ T9536] delete_channel: no stack
[  368.032489][ T9540] delete_channel: no stack
[  368.069728][   T34] wlan1: Creating new IBSS network, BSSID fe:e9:92:b2:5e:4f
[  368.906718][   T34] wlan1: Trigger new scan to find an IBSS to join
[  368.963632][ T9552] delete_channel: no stack
[  369.949388][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  370.628409][ T9574] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  370.988767][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  370.999780][ T9578] delete_channel: no stack
[  372.135990][   T12] wlan1: Creating new IBSS network, BSSID 4a:3c:e7:a1:ac:ad
[  372.668200][ T9600] delete_channel: no stack
[  373.944480][   T49] wlan1: Trigger new scan to find an IBSS to join
[  374.708596][ T9620] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  374.904498][   T34] wlan1: Trigger new scan to find an IBSS to join
[  374.951410][ T9615] delete_channel: no stack
[  375.036687][   T12] wlan1: Creating new IBSS network, BSSID 02:ba:94:79:52:a0
[  375.595793][ T9625] delete_channel: no stack
[  376.984437][ T3453] wlan1: Trigger new scan to find an IBSS to join
[  377.600204][ T9650] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  377.962710][   T49] wlan1: Creating new IBSS network, BSSID 56:ae:63:d9:f4:84
[  378.135595][ T9646] delete_channel: no stack
[  378.505006][ T9657] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1240'.
[  378.671254][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  378.678079][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  378.988419][ T9659] delete_channel: no stack
[  379.234549][ T9666] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  379.958921][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  381.046872][ T9683] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  381.945313][   T12] wlan1: Trigger new scan to find an IBSS to join
[  382.520268][ T9698] FAULT_INJECTION: forcing a failure.
[  382.520268][ T9698] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  382.634226][ T9698] CPU: 1 PID: 9698 Comm: syz.0.1251 Not tainted syzkaller #0
[  382.641684][ T9698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  382.651784][ T9698] Call Trace:
[  382.655125][ T9698]  <TASK>
[  382.658146][ T9698]  dump_stack_lvl+0x18c/0x250
[  382.662883][ T9698]  ? show_regs_print_info+0x20/0x20
[  382.668143][ T9698]  ? load_image+0x400/0x400
[  382.672691][ T9698]  ? __might_fault+0xaa/0x120
[  382.677431][ T9698]  ? __lock_acquire+0x7d40/0x7d40
[  382.682501][ T9698]  should_fail_ex+0x39d/0x4d0
[  382.687241][ T9698]  _copy_from_user+0x2f/0xe0
[  382.691886][ T9698]  ___sys_sendmsg+0x1c7/0x360
[  382.696625][ T9698]  ? __sys_sendmsg+0x2a0/0x2a0
[  382.701471][ T9698]  ? __lock_acquire+0x7d40/0x7d40
[  382.706575][ T9698]  __se_sys_sendmsg+0x1c2/0x2b0
[  382.711475][ T9698]  ? __x64_sys_sendmsg+0x80/0x80
[  382.716480][ T9698]  ? lockdep_hardirqs_on+0x98/0x150
[  382.721724][ T9698]  do_syscall_64+0x55/0xa0
[  382.726209][ T9698]  ? clear_bhb_loop+0x40/0x90
[  382.730938][ T9698]  ? clear_bhb_loop+0x40/0x90
[  382.735664][ T9698]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  382.741589][ T9698] RIP: 0033:0x7fa8ebd9c799
[  382.746034][ T9698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  382.765680][ T9698] RSP: 002b:00007fa8ecd1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  382.774148][ T9698] RAX: ffffffffffffffda RBX: 00007fa8ec015fa0 RCX: 00007fa8ebd9c799
[  382.782139][ T9698] RDX: 00000000000480c0 RSI: 0000200000000200 RDI: 0000000000000003
[  382.790130][ T9698] RBP: 00007fa8ecd1a090 R08: 0000000000000000 R09: 0000000000000000
[  382.798114][ T9698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.806108][ T9698] R13: 00007fa8ec016038 R14: 00007fa8ec015fa0 R15: 00007ffda997e7a8
[  382.814137][ T9698]  </TASK>
[  383.290733][ T2943] wlan1: Creating new IBSS network, BSSID b2:ed:bb:b0:4c:76
[  383.936195][ T9701] delete_channel: no stack
[  384.745853][ T9712] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  384.925236][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  385.832819][ T9717] delete_channel: no stack
[  386.005838][ T2943] wlan1: Creating new IBSS network, BSSID 56:df:d3:82:f3:33
[  386.362356][ T9728] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  387.311563][ T9737] FAULT_INJECTION: forcing a failure.
[  387.311563][ T9737] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.405275][ T9737] CPU: 1 PID: 9737 Comm: syz.0.1262 Not tainted syzkaller #0
[  387.412719][ T9737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  387.422799][ T9737] Call Trace:
[  387.426119][ T9737]  <TASK>
[  387.429074][ T9737]  dump_stack_lvl+0x18c/0x250
[  387.433793][ T9737]  ? show_regs_print_info+0x20/0x20
[  387.439015][ T9737]  ? load_image+0x400/0x400
[  387.443560][ T9737]  ? __might_fault+0xaa/0x120
[  387.448260][ T9737]  ? __lock_acquire+0x7d40/0x7d40
[  387.453323][ T9737]  should_fail_ex+0x39d/0x4d0
[  387.458028][ T9737]  _copy_from_user+0x2f/0xe0
[  387.462671][ T9737]  __sys_bpf+0x23e/0x890
[  387.466959][ T9737]  ? bpf_link_show_fdinfo+0x390/0x390
[  387.472370][ T9737]  ? lock_chain_count+0x20/0x20
[  387.477253][ T9737]  __x64_sys_bpf+0x7c/0x90
[  387.481692][ T9737]  do_syscall_64+0x55/0xa0
[  387.486155][ T9737]  ? clear_bhb_loop+0x40/0x90
[  387.490865][ T9737]  ? clear_bhb_loop+0x40/0x90
[  387.495611][ T9737]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  387.501534][ T9737] RIP: 0033:0x7fa8ebd9c799
[  387.505973][ T9737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  387.525615][ T9737] RSP: 002b:00007fa8eccf9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  387.534063][ T9737] RAX: ffffffffffffffda RBX: 00007fa8ec016090 RCX: 00007fa8ebd9c799
[  387.542090][ T9737] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  387.550080][ T9737] RBP: 00007fa8eccf9090 R08: 0000000000000000 R09: 0000000000000000
[  387.558072][ T9737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  387.566068][ T9737] R13: 00007fa8ec016128 R14: 00007fa8ec016090 R15: 00007ffda997e7a8
[  387.574085][ T9737]  </TASK>
[  387.881288][ T9740] raw_sendmsg: syz.1.1264 forgot to set AF_INET. Fix it!
[  388.291887][ T9743] delete_channel: no stack
[  389.684669][ T9753] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  389.838164][ T9754] delete_channel: no stack
[  392.985706][ T9787] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1274'.
[  393.807532][ T9784] delete_channel: no stack
[  394.381482][ T9796] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  395.289260][ T9808] syzkaller1: tun_chr_ioctl cmd 1074025677
[  395.338496][ T9808] syzkaller1: linktype set to 786
[  395.376071][ T9812] FAULT_INJECTION: forcing a failure.
[  395.376071][ T9812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.483327][ T9812] CPU: 1 PID: 9812 Comm: syz.1.1283 Not tainted syzkaller #0
[  395.490781][ T9812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  395.500871][ T9812] Call Trace:
[  395.504179][ T9812]  <TASK>
[  395.507137][ T9812]  dump_stack_lvl+0x18c/0x250
[  395.511856][ T9812]  ? show_regs_print_info+0x20/0x20
[  395.517098][ T9812]  ? load_image+0x400/0x400
[  395.521635][ T9812]  ? __might_fault+0xaa/0x120
[  395.526343][ T9812]  ? __lock_acquire+0x7d40/0x7d40
[  395.531402][ T9812]  should_fail_ex+0x39d/0x4d0
[  395.536120][ T9812]  _copy_from_user+0x2f/0xe0
[  395.540753][ T9812]  ___sys_sendmsg+0x1c7/0x360
[  395.545461][ T9812]  ? __sys_sendmsg+0x2a0/0x2a0
[  395.550294][ T9812]  ? __lock_acquire+0x7d40/0x7d40
[  395.555387][ T9812]  __se_sys_sendmsg+0x1c2/0x2b0
[  395.560272][ T9812]  ? __x64_sys_sendmsg+0x80/0x80
[  395.565255][ T9812]  ? lockdep_hardirqs_on+0x98/0x150
[  395.570495][ T9812]  do_syscall_64+0x55/0xa0
[  395.574941][ T9812]  ? clear_bhb_loop+0x40/0x90
[  395.579645][ T9812]  ? clear_bhb_loop+0x40/0x90
[  395.584360][ T9812]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  395.590323][ T9812] RIP: 0033:0x7fa1a719c799
[  395.594774][ T9812] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  395.614421][ T9812] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.622868][ T9812] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  395.630876][ T9812] RDX: 000000000000fffe RSI: 0000200000007940 RDI: 0000000000000004
[  395.638875][ T9812] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  395.646884][ T9812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.654896][ T9812] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  395.662916][ T9812]  </TASK>
[  395.809596][ T9804] delete_channel: no stack
[  396.462305][ T9824] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1284'.
[  396.904170][   T49] wlan1: Trigger new scan to find an IBSS to join
[  397.279352][ T9830] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1288'.
[  397.419543][ T9829] delete_channel: no stack
[  398.125715][ T2943] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  398.398245][ T9836] netlink: 'syz.1.1290': attribute type 3 has an invalid length.
[  398.453448][ T9836] netlink: 'syz.1.1290': attribute type 1 has an invalid length.
[  399.268690][ T9849] delete_channel: no stack
[  399.816732][ T9853] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  399.944392][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  400.221345][ T9862] netlink: 'syz.3.1298': attribute type 3 has an invalid length.
[  400.306665][ T9862] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1298'.
[  401.242757][ T9873] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  401.285897][ T9876] FAULT_INJECTION: forcing a failure.
[  401.285897][ T9876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.340237][ T9876] CPU: 0 PID: 9876 Comm: syz.3.1304 Not tainted syzkaller #0
[  401.347716][ T9876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  401.357816][ T9876] Call Trace:
[  401.361130][ T9876]  <TASK>
[  401.364103][ T9876]  dump_stack_lvl+0x18c/0x250
[  401.368862][ T9876]  ? show_regs_print_info+0x20/0x20
[  401.374119][ T9876]  ? load_image+0x400/0x400
[  401.378684][ T9876]  ? __might_fault+0xaa/0x120
[  401.383404][ T9876]  ? __lock_acquire+0x7d40/0x7d40
[  401.388479][ T9876]  should_fail_ex+0x39d/0x4d0
[  401.393216][ T9876]  _copy_from_user+0x2f/0xe0
[  401.397856][ T9876]  ___sys_sendmsg+0x1c7/0x360
[  401.402587][ T9876]  ? __sys_sendmsg+0x2a0/0x2a0
[  401.407420][ T9876]  ? __lock_acquire+0x7d40/0x7d40
[  401.412519][ T9876]  __se_sys_sendmsg+0x1c2/0x2b0
[  401.417421][ T9876]  ? __x64_sys_sendmsg+0x80/0x80
[  401.422418][ T9876]  ? lockdep_hardirqs_on+0x98/0x150
[  401.427669][ T9876]  do_syscall_64+0x55/0xa0
[  401.432131][ T9876]  ? clear_bhb_loop+0x40/0x90
[  401.436847][ T9876]  ? clear_bhb_loop+0x40/0x90
[  401.441573][ T9876]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  401.447507][ T9876] RIP: 0033:0x7f692f99c799
[  401.451964][ T9876] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  401.471612][ T9876] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  401.480083][ T9876] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  401.488085][ T9876] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  401.496089][ T9876] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  401.504100][ T9876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.512110][ T9876] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  401.520142][ T9876]  </TASK>
[  401.584597][ T9872] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1303'.
[  401.691033][ T9870] delete_channel: no stack
[  401.944734][   T49] wlan1: Trigger new scan to find an IBSS to join
[  402.049280][ T9878] delete_channel: no stack
[  402.950042][ T9891] netlink: 'syz.1.1309': attribute type 10 has an invalid length.
[  402.986672][ T3453] wlan1: Trigger new scan to find an IBSS to join
[  403.308913][ T9890] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  403.463289][ T9897] netlink: 'syz.3.1312': attribute type 3 has an invalid length.
[  403.511684][ T9897] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1312'.
[  404.033504][ T3453] wlan1: Creating new IBSS network, BSSID b6:ca:ed:f1:cf:e2
[  404.139135][ T9906] delete_channel: no stack
[  404.237908][ T9905] syzkaller1: tun_chr_ioctl cmd 1074025677
[  404.294649][ T9905] syzkaller1: linktype set to 786
[  404.786707][ T9916] netlink: 'syz.1.1318': attribute type 10 has an invalid length.
[  405.949962][   T11] wlan1: Trigger new scan to find an IBSS to join
[  407.094786][ T9940] netlink: 'syz.3.1327': attribute type 3 has an invalid length.
[  407.102580][ T9940] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1327'.
[  407.555413][ T9943] delete_channel: no stack
[  407.603419][ T9951] FAULT_INJECTION: forcing a failure.
[  407.603419][ T9951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.637235][ T9951] CPU: 0 PID: 9951 Comm: syz.3.1329 Not tainted syzkaller #0
[  407.644681][ T9951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  407.654818][ T9951] Call Trace:
[  407.658137][ T9951]  <TASK>
[  407.661125][ T9951]  dump_stack_lvl+0x18c/0x250
[  407.665873][ T9951]  ? show_regs_print_info+0x20/0x20
[  407.671143][ T9951]  ? load_image+0x400/0x400
[  407.675714][ T9951]  ? __might_fault+0xaa/0x120
[  407.680440][ T9951]  ? __lock_acquire+0x7d40/0x7d40
[  407.685522][ T9951]  should_fail_ex+0x39d/0x4d0
[  407.690295][ T9951]  _copy_from_user+0x2f/0xe0
[  407.694937][ T9951]  mptcp_setsockopt+0x182a/0x3390
[  407.700046][ T9951]  ? __fget_files+0x28/0x4b0
[  407.704682][ T9951]  ? pm_nl_exit_net+0x230/0x230
[  407.709595][ T9951]  ? aa_af_perm+0x330/0x330
[  407.714165][ T9951]  ? __fget_files+0x28/0x4b0
[  407.718801][ T9951]  ? __fget_files+0x28/0x4b0
[  407.723439][ T9951]  ? aa_sock_opt_perm+0x74/0x100
[  407.728422][ T9951]  ? sock_common_setsockopt+0x36/0xc0
[  407.733842][ T9951]  ? sock_common_recvmsg+0x190/0x190
[  407.739175][ T9951]  do_sock_setsockopt+0x175/0x1a0
[  407.744234][ T9951]  ? __fdget+0x180/0x210
[  407.748528][ T9951]  __x64_sys_setsockopt+0x182/0x200
[  407.753777][ T9951]  do_syscall_64+0x55/0xa0
[  407.758240][ T9951]  ? clear_bhb_loop+0x40/0x90
[  407.762966][ T9951]  ? clear_bhb_loop+0x40/0x90
[  407.767691][ T9951]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  407.773624][ T9951] RIP: 0033:0x7f692f99c799
[  407.778073][ T9951] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  407.797730][ T9951] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  407.806189][ T9951] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  407.814207][ T9951] RDX: 0000000000000004 RSI: 0000000000000006 RDI: 0000000000000004
[  407.822222][ T9951] RBP: 00007f69308ef090 R08: 0000000000000004 R09: 0000000000000000
[  407.830234][ T9951] R10: 0000200000000b80 R11: 0000000000000246 R12: 0000000000000001
[  407.838250][ T9951] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  407.846291][ T9951]  </TASK>
[  408.756717][ T9965] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  408.876849][ T9972] syzkaller1: tun_chr_ioctl cmd 1074025677
[  408.956106][ T9972] syzkaller1: linktype set to 786
[  409.175531][ T9976] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  409.252522][ T9981] netlink: 'syz.1.1339': attribute type 3 has an invalid length.
[  409.273934][ T9981] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1339'.
[  409.487385][ T9982] delete_channel: no stack
[  410.984616][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  411.946454][   T49] wlan1: Trigger new scan to find an IBSS to join
[  412.016409][   T49] wlan1: Creating new IBSS network, BSSID e6:9c:cd:c3:65:6a
[  412.047293][T10006] netlink: 'syz.3.1350': attribute type 3 has an invalid length.
[  412.092283][T10006] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1350'.
[  412.408679][T10016] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  413.369037][ T3453] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  414.682176][T10025] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  414.737147][T10023] delete_channel: no stack
[  415.066212][T10031] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  415.396169][T10030] netlink: 'syz.0.1354': attribute type 1 has an invalid length.
[  415.574166][T10030] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.1354'.
[  415.604980][T10035] veth1_to_bond: entered allmulticast mode
[  416.029543][T10047] netlink: 'syz.3.1361': attribute type 3 has an invalid length.
[  416.134881][T10047] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1361'.
[  416.994220][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  417.047761][T10051] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.1362'.
[  417.058767][T10049] delete_channel: no stack
[  418.400464][ T2943] wlan1: Creating new IBSS network, BSSID 7e:b0:4d:5a:5e:e5
[  418.971976][T10063] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  418.987663][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  419.107317][T10066] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  419.573906][T10073] netlink: 'syz.0.1371': attribute type 3 has an invalid length.
[  419.593877][T10073] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1371'.
[  419.745330][T10074] delete_channel: no stack
[  419.956985][T10078] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  420.127966][   T34] tipc: Subscription rejected, illegal request
[  420.138668][T10086] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  421.029220][T10101] netlink: 'syz.1.1383': attribute type 3 has an invalid length.
[  421.037199][T10101] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1383'.
[  421.455408][T10102] delete_channel: no stack
[  421.618870][T10113] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  422.176175][T10117] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  422.217869][T10120] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  422.600271][T10129] netlink: 'syz.0.1393': attribute type 3 has an invalid length.
[  422.619084][T10129] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1393'.
[  422.811608][T10131] delete_channel: no stack
[  422.841380][T10126] delete_channel: no stack
[  423.343533][T10140] netlink: 'syz.1.1396': attribute type 1 has an invalid length.
[  423.370327][T10140] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.1396'.
[  423.476033][T10140] veth1_to_bond: entered allmulticast mode
[  423.768055][T10150] FAULT_INJECTION: forcing a failure.
[  423.768055][T10150] name failslab, interval 1, probability 0, space 0, times 0
[  423.820151][T10150] CPU: 0 PID: 10150 Comm: syz.3.1398 Not tainted syzkaller #0
[  423.827696][T10150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  423.837800][T10150] Call Trace:
[  423.841121][T10150]  <TASK>
[  423.844092][T10150]  dump_stack_lvl+0x18c/0x250
[  423.848843][T10150]  ? show_regs_print_info+0x20/0x20
[  423.854103][T10150]  ? load_image+0x400/0x400
[  423.858650][T10150]  ? __might_sleep+0xe0/0xe0
[  423.863284][T10150]  ? __lock_acquire+0x7d40/0x7d40
[  423.868359][T10150]  should_fail_ex+0x39d/0x4d0
[  423.873109][T10150]  should_failslab+0x9/0x20
[  423.877662][T10150]  slab_pre_alloc_hook+0x59/0x310
[  423.882735][T10150]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  423.888503][T10150]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  423.894251][T10150]  __kmem_cache_alloc_node+0x53/0x250
[  423.899655][T10150]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  423.905392][T10150]  __kmalloc+0xa4/0x230
[  423.909574][T10150]  tomoyo_realpath_from_path+0xe3/0x5d0
[  423.915167][T10150]  tomoyo_path_number_perm+0x248/0x620
[  423.920677][T10150]  ? tomoyo_path_number_perm+0x217/0x620
[  423.926346][T10150]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  423.931868][T10150]  ? ksys_write+0x1c4/0x260
[  423.936447][T10150]  ? __fget_files+0x28/0x4b0
[  423.941070][T10150]  ? __fget_files+0x28/0x4b0
[  423.945711][T10150]  security_file_ioctl+0x70/0xa0
[  423.950707][T10150]  __se_sys_ioctl+0x48/0x170
[  423.955337][T10150]  do_syscall_64+0x55/0xa0
[  423.959788][T10150]  ? clear_bhb_loop+0x40/0x90
[  423.964521][T10150]  ? clear_bhb_loop+0x40/0x90
[  423.969235][T10150]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  423.975153][T10150] RIP: 0033:0x7f692f99c799
[  423.979588][T10150] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  423.999229][T10150] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  424.007674][T10150] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  424.015672][T10150] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000004
[  424.023676][T10150] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  424.031675][T10150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.039667][T10150] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  424.047684][T10150]  </TASK>
[  424.054221][   T34] wlan1: Trigger new scan to find an IBSS to join
[  424.103764][T10154] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  424.119578][T10150] ERROR: Out of memory at tomoyo_realpath_from_path.
[  424.135050][T10150] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  424.474848][T10160] netlink: 'syz.3.1403': attribute type 3 has an invalid length.
[  424.482680][T10160] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1403'.
[  424.715672][T10161] delete_channel: no stack
[  424.768177][T10162] delete_channel: no stack
[  424.903687][T10167] netlink: 16410 bytes leftover after parsing attributes in process `syz.1.1406'.
[  424.913518][ T3453] wlan1: Trigger new scan to find an IBSS to join
[  424.913635][ T3453] wlan1: Trigger new scan to find an IBSS to join
[  425.210882][T10174] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  425.450556][T10172] netlink: 'syz.3.1408': attribute type 1 has an invalid length.
[  425.541428][T10172] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.1408'.
[  425.590054][T10177] veth1_to_bond: entered allmulticast mode
[  425.735902][T10185] FAULT_INJECTION: forcing a failure.
[  425.735902][T10185] name failslab, interval 1, probability 0, space 0, times 0
[  425.807812][T10185] CPU: 0 PID: 10185 Comm: syz.1.1412 Not tainted syzkaller #0
[  425.815361][T10185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  425.825462][T10185] Call Trace:
[  425.828778][T10185]  <TASK>
[  425.831740][T10185]  dump_stack_lvl+0x18c/0x250
[  425.836482][T10185]  ? show_regs_print_info+0x20/0x20
[  425.841741][T10185]  ? load_image+0x400/0x400
[  425.846298][T10185]  ? __might_sleep+0xe0/0xe0
[  425.850938][T10185]  ? __lock_acquire+0x7d40/0x7d40
[  425.856011][T10185]  should_fail_ex+0x39d/0x4d0
[  425.860745][T10185]  should_failslab+0x9/0x20
[  425.865295][T10185]  slab_pre_alloc_hook+0x59/0x310
[  425.870368][T10185]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  425.876156][T10185]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  425.881922][T10185]  __kmem_cache_alloc_node+0x53/0x250
[  425.887350][T10185]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  425.893150][T10185]  __kmalloc+0xa4/0x230
[  425.897354][T10185]  tomoyo_realpath_from_path+0xe3/0x5d0
[  425.902970][T10185]  tomoyo_path_number_perm+0x248/0x620
[  425.908497][T10185]  ? tomoyo_path_number_perm+0x217/0x620
[  425.914186][T10185]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  425.919694][T10185]  ? ksys_write+0x1c4/0x260
[  425.924296][T10185]  ? __fget_files+0x28/0x4b0
[  425.928930][T10185]  ? __fget_files+0x28/0x4b0
[  425.933585][T10185]  security_file_ioctl+0x70/0xa0
[  425.938580][T10185]  __se_sys_ioctl+0x48/0x170
[  425.943225][T10185]  do_syscall_64+0x55/0xa0
[  425.947695][T10185]  ? clear_bhb_loop+0x40/0x90
[  425.952418][T10185]  ? clear_bhb_loop+0x40/0x90
[  425.957139][T10185]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  425.963072][T10185] RIP: 0033:0x7fa1a719c799
[  425.967524][T10185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  425.987165][T10185] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  425.995622][T10185] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  426.003632][T10185] RDX: 0000200000000080 RSI: 00000000000089f0 RDI: 0000000000000004
[  426.011643][T10185] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  426.019653][T10185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.027659][T10185] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  426.035693][T10185]  </TASK>
[  426.134290][T10185] ERROR: Out of memory at tomoyo_realpath_from_path.
[  426.461156][T10195] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  427.093149][T10196] delete_channel: no stack
[  427.128713][T10199] delete_channel: no stack
[  427.151637][T10201] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1416'.
[  427.321765][T10197] delete_channel: no stack
[  428.653623][T10206] netlink: 16410 bytes leftover after parsing attributes in process `syz.3.1419'.
[  428.792476][T10209] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1428'.
[  428.896672][T10208] delete_channel: no stack
[  428.914525][   T12] wlan1: Trigger new scan to find an IBSS to join
[  428.989680][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  429.002760][ T3453] wlan1: Trigger new scan to find an IBSS to join
[  430.065611][   T11] wlan1: Creating new IBSS network, BSSID 22:dd:e3:fe:91:d0
[  430.159686][   T49] wlan1: Creating new IBSS network, BSSID 6a:d5:7a:6e:60:fb
[  430.159828][   T12] wlan1: Creating new IBSS network, BSSID 0e:90:98:35:1c:1e
[  430.643915][T10226] delete_channel: no stack
[  430.785857][T10234] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  432.641729][T10250] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  432.825545][T10248] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  434.060393][T10256] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1433'.
[  434.259185][T10260] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  434.310099][T10255] delete_channel: no stack
[  434.557910][T10269] FAULT_INJECTION: forcing a failure.
[  434.557910][T10269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.639252][T10269] CPU: 0 PID: 10269 Comm: syz.1.1436 Not tainted syzkaller #0
[  434.646879][T10269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  434.656990][T10269] Call Trace:
[  434.660304][T10269]  <TASK>
[  434.663265][T10269]  dump_stack_lvl+0x18c/0x250
[  434.667999][T10269]  ? show_regs_print_info+0x20/0x20
[  434.673258][T10269]  ? load_image+0x400/0x400
[  434.677815][T10269]  ? __might_fault+0xaa/0x120
[  434.682538][T10269]  ? __lock_acquire+0x7d40/0x7d40
[  434.687613][T10269]  should_fail_ex+0x39d/0x4d0
[  434.692435][T10269]  _copy_from_user+0x2f/0xe0
[  434.697067][T10269]  __sys_bpf+0x23e/0x890
[  434.701355][T10269]  ? bpf_link_show_fdinfo+0x390/0x390
[  434.706820][T10269]  ? lock_chain_count+0x20/0x20
[  434.711729][T10269]  __x64_sys_bpf+0x7c/0x90
[  434.716189][T10269]  do_syscall_64+0x55/0xa0
[  434.720653][T10269]  ? clear_bhb_loop+0x40/0x90
[  434.725370][T10269]  ? clear_bhb_loop+0x40/0x90
[  434.730107][T10269]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  434.736044][T10269] RIP: 0033:0x7fa1a719c799
[  434.740499][T10269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  434.760139][T10269] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  434.768572][T10269] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  434.776571][T10269] RDX: 0000000000000094 RSI: 00002000000002c0 RDI: 0000000000000005
[  434.784564][T10269] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  434.792546][T10269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.800544][T10269] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  434.808555][T10269]  </TASK>
[  435.168404][T10270] delete_channel: no stack
[  435.516541][T10273] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  436.985210][   T12] wlan1: Trigger new scan to find an IBSS to join
[  438.479664][T10303] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1447'.
[  438.672296][T10305] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1448'.
[  438.717718][T10304] delete_channel: no stack
[  438.728320][T10301] delete_channel: no stack
[  438.955897][T10312] netlink: 'syz.3.1451': attribute type 3 has an invalid length.
[  438.992379][T10312] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1451'.
[  439.459887][T10315] delete_channel: no stack
[  439.984592][T10323] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  440.109879][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  440.116408][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  441.345735][T10338] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  441.606404][T10346] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  441.767087][T10344] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  442.260420][T10354] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1461'.
[  442.355262][T10350] delete_channel: no stack
[  442.405228][T10353] netlink: 'syz.1.1460': attribute type 3 has an invalid length.
[  442.413037][T10353] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1460'.
[  442.495661][T10355] delete_channel: no stack
[  443.401877][T10367] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  443.813332][T10372] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  443.959585][T10221] wlan1: Trigger new scan to find an IBSS to join
[  445.494661][T10389] netlink: 'syz.1.1470': attribute type 1 has an invalid length.
[  445.569711][T10396] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1471'.
[  445.676430][T10393] delete_channel: no stack
[  445.945671][   T34] wlan1: Trigger new scan to find an IBSS to join
[  446.499993][T10403] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  446.780944][T10404] delete_channel: no stack
[  447.618245][T10411] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  447.845442][T10421] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  447.916838][T10420] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  448.914188][   T11] wlan1: Trigger new scan to find an IBSS to join
[  448.987437][   T34] wlan1: Trigger new scan to find an IBSS to join
[  449.166166][T10433] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  449.964421][   T11] wlan1: Trigger new scan to find an IBSS to join
[  450.023922][   T12] wlan1: Creating new IBSS network, BSSID d6:bc:36:14:2f:10
[  451.500846][T10449] delete_channel: no stack
[  452.755196][T10462] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  453.154540][T10474] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  454.985417][   T12] wlan1: Trigger new scan to find an IBSS to join
[  454.992171][   T12] wlan1: Trigger new scan to find an IBSS to join
[  456.094733][   T11] wlan1: Creating new IBSS network, BSSID a2:ae:ef:9b:64:b7
[  456.649185][T10502] delete_channel: no stack
[  457.118393][T10507] netlink: 'syz.2.1500': attribute type 22 has an invalid length.
[  457.529359][T10512] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  458.862982][T10521] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.977636][   T34] wlan1: Trigger new scan to find an IBSS to join
[  459.984300][T10221] wlan1: Trigger new scan to find an IBSS to join
[  460.057259][T10531] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  461.173177][T10549] netlink: 'syz.0.1509': attribute type 29 has an invalid length.
[  461.228284][T10545] delete_channel: no stack
[  461.275931][T10550] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  461.444347][T10549] netlink: 'syz.0.1509': attribute type 29 has an invalid length.
[  461.484642][T10552] netlink: 'syz.0.1509': attribute type 29 has an invalid length.
[  461.593187][T10553] netlink: 'syz.0.1509': attribute type 29 has an invalid length.
[  461.764823][T10556] netlink: 'syz.0.1509': attribute type 29 has an invalid length.
[  461.844680][T10549] netlink: 'syz.0.1509': attribute type 29 has an invalid length.
[  462.437368][T10565] netlink: 'syz.0.1515': attribute type 29 has an invalid length.
[  462.516563][T10565] netlink: 'syz.0.1515': attribute type 29 has an invalid length.
[  462.674305][T10567] netlink: 'syz.0.1515': attribute type 29 has an invalid length.
[  462.745802][T10570] netlink: 'syz.0.1515': attribute type 29 has an invalid length.
[  462.774191][T10569] netlink: 'syz.0.1515': attribute type 29 has an invalid length.
[  462.787280][T10565] netlink: 'syz.0.1515': attribute type 29 has an invalid length.
[  463.715613][T10578] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1517'.
[  464.495904][T10584] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  464.615432][T10581] delete_channel: no stack
[  464.915304][   T34] wlan1: Trigger new scan to find an IBSS to join
[  464.921896][   T34] wlan1: Trigger new scan to find an IBSS to join
[  465.779417][T10603] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  466.050791][T10221] wlan1: Creating new IBSS network, BSSID ce:18:3f:93:7e:89
[  466.050791][   T12] wlan1: Creating new IBSS network, BSSID 02:8f:62:d3:33:fc
[  466.769998][T10608] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  466.861323][T10611] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1525'.
[  466.965666][T10610] delete_channel: no stack
[  468.405210][T10625] delete_channel: no stack
[  469.141372][T10629] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  469.918986][T10643] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  471.010065][T10656] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1538'.
[  471.146441][T10655] delete_channel: no stack
[  471.944495][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  472.334249][T10665] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1541'.
[  472.467284][T10665] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1541'.
[  472.507925][T10669] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1541'.
[  472.578858][T10666] delete_channel: no stack
[  473.512196][T10677] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  473.804888][T10683] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1545'.
[  473.909959][T10684] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  473.969566][T10683] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1545'.
[  474.077041][T10689] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1545'.
[  474.374842][T10695] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1549'.
[  474.553283][T10694] delete_channel: no stack
[  475.954920][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  476.609647][T10712] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.914548][T10221] wlan1: Trigger new scan to find an IBSS to join
[  477.241570][T10718] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  477.642869][T10726] netlink: 'syz.1.1558': attribute type 10 has an invalid length.
[  477.670244][T10726] 8021q: adding VLAN 0 to HW filter on device bond0
[  477.738800][T10726] team0: Port device bond0 added
[  477.824261][T10723] delete_channel: no stack
[  478.021517][   T34] wlan1: Creating new IBSS network, BSSID 16:cb:ee:8d:5b:22
[  478.335102][T10732] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  478.408025][T10740] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1560'.
[  478.470266][T10738] delete_channel: no stack
[  480.442345][T10752] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.925988][T10756] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  482.003695][T10767] FAULT_INJECTION: forcing a failure.
[  482.003695][T10767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  482.044490][T10767] CPU: 0 PID: 10767 Comm: syz.2.1569 Not tainted syzkaller #0
[  482.052024][T10767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  482.062113][T10767] Call Trace:
[  482.065427][T10767]  <TASK>
[  482.068394][T10767]  dump_stack_lvl+0x18c/0x250
[  482.073130][T10767]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  482.079325][T10767]  ? show_regs_print_info+0x20/0x20
[  482.084579][T10767]  ? load_image+0x400/0x400
[  482.089161][T10767]  should_fail_ex+0x39d/0x4d0
[  482.093888][T10767]  _copy_from_user+0x2f/0xe0
[  482.098525][T10767]  ___sys_sendmsg+0x1c7/0x360
[  482.103260][T10767]  ? __sys_sendmsg+0x2a0/0x2a0
[  482.108089][T10767]  ? __lock_acquire+0x7d40/0x7d40
[  482.113179][T10767]  __se_sys_sendmsg+0x1c2/0x2b0
[  482.118070][T10767]  ? __x64_sys_sendmsg+0x80/0x80
[  482.123077][T10767]  ? syscall_enter_from_user_mode+0x2e/0x80
[  482.129006][T10767]  do_syscall_64+0x55/0xa0
[  482.133467][T10767]  ? clear_bhb_loop+0x40/0x90
[  482.138191][T10767]  ? clear_bhb_loop+0x40/0x90
[  482.142914][T10767]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  482.148864][T10767] RIP: 0033:0x7fd00639c799
[  482.153312][T10767] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  482.172956][T10767] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  482.181412][T10767] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  482.189419][T10767] RDX: 0000000000000084 RSI: 0000200000000600 RDI: 000000000000000b
[  482.197423][T10767] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  482.205427][T10767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.213428][T10767] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  482.221485][T10767]  </TASK>
[  482.325791][T10765] delete_channel: no stack
[  482.717894][T10773] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1570'.
[  482.879985][T10772] delete_channel: no stack
[  482.973939][T10774] delete_channel: no stack
[  482.985539][   T11] wlan1: Trigger new scan to find an IBSS to join
[  483.416759][T10779] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  483.976912][T10780] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  485.377045][T10800] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  485.471941][T10811] FAULT_INJECTION: forcing a failure.
[  485.471941][T10811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  485.509399][T10811] CPU: 1 PID: 10811 Comm: syz.1.1584 Not tainted syzkaller #0
[  485.516937][T10811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  485.527115][T10811] Call Trace:
[  485.530426][T10811]  <TASK>
[  485.533402][T10811]  dump_stack_lvl+0x18c/0x250
[  485.538136][T10811]  ? show_regs_print_info+0x20/0x20
[  485.543381][T10811]  ? load_image+0x400/0x400
[  485.547917][T10811]  ? __might_fault+0xaa/0x120
[  485.552614][T10811]  ? __lock_acquire+0x7d40/0x7d40
[  485.557664][T10811]  should_fail_ex+0x39d/0x4d0
[  485.562375][T10811]  _copy_from_user+0x2f/0xe0
[  485.566989][T10811]  ___sys_sendmsg+0x1c7/0x360
[  485.571700][T10811]  ? __sys_sendmsg+0x2a0/0x2a0
[  485.576514][T10811]  ? __lock_acquire+0x7d40/0x7d40
[  485.581590][T10811]  __se_sys_sendmsg+0x1c2/0x2b0
[  485.586469][T10811]  ? __x64_sys_sendmsg+0x80/0x80
[  485.591438][T10811]  ? lockdep_hardirqs_on+0x98/0x150
[  485.596662][T10811]  do_syscall_64+0x55/0xa0
[  485.601118][T10811]  ? clear_bhb_loop+0x40/0x90
[  485.605815][T10811]  ? clear_bhb_loop+0x40/0x90
[  485.610516][T10811]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  485.616443][T10811] RIP: 0033:0x7fa1a719c799
[  485.620882][T10811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  485.640513][T10811] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  485.648948][T10811] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  485.656945][T10811] RDX: 0000000004040880 RSI: 0000200000000080 RDI: 0000000000000003
[  485.664945][T10811] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  485.672943][T10811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  485.680957][T10811] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  485.688973][T10811]  </TASK>
[  486.076488][T10814] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1585'.
[  486.316407][T10813] delete_channel: no stack
[  486.796685][T10818] delete_channel: no stack
[  486.914184][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  487.850885][T10834] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  487.954273][   T34] wlan1: Trigger new scan to find an IBSS to join
[  488.037436][T10835] delete_channel: no stack
[  488.634438][T10840] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  488.996236][T10848] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  489.481239][T10858] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1598'.
[  489.666092][T10857] delete_channel: no stack
[  490.181152][T10869] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1610'.
[  490.277480][T10868] delete_channel: no stack
[  490.490010][T10870] delete_channel: no stack
[  490.907968][   T34] wlan1: Trigger new scan to find an IBSS to join
[  491.319576][T10881] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  492.496071][T10890] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  492.571771][T10895] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  492.917232][   T12] wlan1: Trigger new scan to find an IBSS to join
[  493.457415][T10905] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1612'.
[  493.577754][T10906] delete_channel: no stack
[  493.596545][T10904] delete_channel: no stack
[  493.609343][T10910] FAULT_INJECTION: forcing a failure.
[  493.609343][T10910] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.654427][T10910] CPU: 1 PID: 10910 Comm: syz.2.1614 Not tainted syzkaller #0
[  493.661957][T10910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  493.672044][T10910] Call Trace:
[  493.675361][T10910]  <TASK>
[  493.678332][T10910]  dump_stack_lvl+0x18c/0x250
[  493.683064][T10910]  ? show_regs_print_info+0x20/0x20
[  493.688307][T10910]  ? load_image+0x400/0x400
[  493.692842][T10910]  ? __lock_acquire+0x7d40/0x7d40
[  493.697900][T10910]  ? snprintf+0xe9/0x140
[  493.702170][T10910]  should_fail_ex+0x39d/0x4d0
[  493.706896][T10910]  _copy_to_user+0x2f/0xa0
[  493.711338][T10910]  simple_read_from_buffer+0xe7/0x150
[  493.716751][T10910]  proc_fail_nth_read+0x1e8/0x260
[  493.721827][T10910]  ? proc_fault_inject_write+0x360/0x360
[  493.727498][T10910]  ? fsnotify_perm+0x271/0x5e0
[  493.732313][T10910]  ? proc_fault_inject_write+0x360/0x360
[  493.737972][T10910]  vfs_read+0x28b/0x970
[  493.742154][T10910]  ? kernel_read+0x1e0/0x1e0
[  493.746769][T10910]  ? __fget_files+0x28/0x4b0
[  493.751394][T10910]  ? __fget_files+0x28/0x4b0
[  493.756012][T10910]  ? __fget_files+0x43d/0x4b0
[  493.760726][T10910]  ? __fdget_pos+0x2a3/0x330
[  493.765347][T10910]  ? ksys_read+0x75/0x260
[  493.769698][T10910]  ksys_read+0x150/0x260
[  493.773969][T10910]  ? vfs_write+0x990/0x990
[  493.778417][T10910]  ? lockdep_hardirqs_on+0x98/0x150
[  493.783639][T10910]  do_syscall_64+0x55/0xa0
[  493.788086][T10910]  ? clear_bhb_loop+0x40/0x90
[  493.792788][T10910]  ? clear_bhb_loop+0x40/0x90
[  493.797487][T10910]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  493.803403][T10910] RIP: 0033:0x7fd00635cfce
[  493.807850][T10910] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  493.827467][T10910] RSP: 002b:00007fd007327fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  493.835903][T10910] RAX: ffffffffffffffda RBX: 00007fd0073286c0 RCX: 00007fd00635cfce
[  493.843983][T10910] RDX: 000000000000000f RSI: 00007fd0073280a0 RDI: 0000000000000004
[  493.851977][T10910] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  493.859988][T10910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.867982][T10910] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  493.875992][T10910]  </TASK>
[  493.947550][   T12] wlan1: Trigger new scan to find an IBSS to join
[  494.153105][T10911] delete_channel: no stack
[  494.805256][T10923] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  494.996577][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  495.330389][T10926] FAULT_INJECTION: forcing a failure.
[  495.330389][T10926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  495.390633][T10926] CPU: 0 PID: 10926 Comm: syz.1.1620 Not tainted syzkaller #0
[  495.398168][T10926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  495.408253][T10926] Call Trace:
[  495.411549][T10926]  <TASK>
[  495.414496][T10926]  dump_stack_lvl+0x18c/0x250
[  495.419205][T10926]  ? show_regs_print_info+0x20/0x20
[  495.424435][T10926]  ? load_image+0x400/0x400
[  495.428957][T10926]  ? __might_fault+0xaa/0x120
[  495.433648][T10926]  ? __lock_acquire+0x7d40/0x7d40
[  495.438710][T10926]  should_fail_ex+0x39d/0x4d0
[  495.443419][T10926]  _copy_from_user+0x2f/0xe0
[  495.448055][T10926]  ___sys_recvmsg+0x176/0x590
[  495.452759][T10926]  ? __sys_recvmsg+0x2a0/0x2a0
[  495.457549][T10926]  ? ksys_write+0x1c4/0x260
[  495.462092][T10926]  ? __fget_files+0x43d/0x4b0
[  495.466842][T10926]  __x64_sys_recvmsg+0x20c/0x2e0
[  495.471795][T10926]  ? perf_trace_preemptirq_template+0x269/0x330
[  495.478068][T10926]  ? ___sys_recvmsg+0x590/0x590
[  495.482945][T10926]  ? lockdep_hardirqs_on+0x98/0x150
[  495.488169][T10926]  do_syscall_64+0x55/0xa0
[  495.492632][T10926]  ? clear_bhb_loop+0x40/0x90
[  495.497332][T10926]  ? clear_bhb_loop+0x40/0x90
[  495.502118][T10926]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  495.508048][T10926] RIP: 0033:0x7fa1a719c799
[  495.512484][T10926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  495.532302][T10926] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  495.540731][T10926] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  495.548723][T10926] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 000000000000000a
[  495.556716][T10926] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  495.564715][T10926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.572699][T10926] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  495.580695][T10926]  </TASK>
[  496.034751][T10934] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  496.442519][T10936] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.895282][T10941] delete_channel: no stack
[  496.912932][ T2990] wlan1: Creating new IBSS network, BSSID ca:40:99:f4:ea:82
[  497.203463][T10947] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1626'.
[  497.405566][T10946] delete_channel: no stack
[  498.419260][T10952] delete_channel: no stack
[  498.512198][T10959] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  498.904938][   T34] wlan1: Trigger new scan to find an IBSS to join
[  498.958778][T10964] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  499.225561][T10968] FAULT_INJECTION: forcing a failure.
[  499.225561][T10968] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  499.314264][T10968] CPU: 1 PID: 10968 Comm: syz.0.1633 Not tainted syzkaller #0
[  499.321817][T10968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  499.331967][T10968] Call Trace:
[  499.335306][T10968]  <TASK>
[  499.338297][T10968]  dump_stack_lvl+0x18c/0x250
[  499.343066][T10968]  ? show_regs_print_info+0x20/0x20
[  499.348350][T10968]  ? load_image+0x400/0x400
[  499.352933][T10968]  ? __might_fault+0xaa/0x120
[  499.357693][T10968]  ? __lock_acquire+0x7d40/0x7d40
[  499.362807][T10968]  should_fail_ex+0x39d/0x4d0
[  499.367582][T10968]  _copy_from_user+0x2f/0xe0
[  499.372249][T10968]  ___sys_sendmsg+0x1c7/0x360
[  499.376968][T10968]  ? get_pid_task+0x20/0x1e0
[  499.381617][T10968]  ? __sys_sendmsg+0x2a0/0x2a0
[  499.386482][T10968]  ? __lock_acquire+0x7d40/0x7d40
[  499.391609][T10968]  __se_sys_sendmsg+0x1c2/0x2b0
[  499.396511][T10968]  ? __x64_sys_sendmsg+0x80/0x80
[  499.401535][T10968]  ? lockdep_hardirqs_on+0x98/0x150
[  499.406826][T10968]  do_syscall_64+0x55/0xa0
[  499.411284][T10968]  ? clear_bhb_loop+0x40/0x90
[  499.416002][T10968]  ? clear_bhb_loop+0x40/0x90
[  499.420727][T10968]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  499.426669][T10968] RIP: 0033:0x7fa8ebd9c799
[  499.431126][T10968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  499.450764][T10968] RSP: 002b:00007fa8ecd1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  499.459219][T10968] RAX: ffffffffffffffda RBX: 00007fa8ec015fa0 RCX: 00007fa8ebd9c799
[  499.467226][T10968] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000005
[  499.475240][T10968] RBP: 00007fa8ecd1a090 R08: 0000000000000000 R09: 0000000000000000
[  499.483243][T10968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.491250][T10968] R13: 00007fa8ec016038 R14: 00007fa8ec015fa0 R15: 00007ffda997e7a8
[  499.499319][T10968]  </TASK>
[  499.907953][T10971] delete_channel: no stack
[  499.944964][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  500.141143][T10983] netlink: 'syz.2.1639': attribute type 3 has an invalid length.
[  500.154169][T10983] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1639'.
[  500.364902][T10987] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1638'.
[  500.433246][T10985] delete_channel: no stack
[  501.551056][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  501.557795][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  501.706970][T10996] delete_channel: no stack
[  501.885415][T11009] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  502.406947][T11016] FAULT_INJECTION: forcing a failure.
[  502.406947][T11016] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  502.446782][T11016] CPU: 0 PID: 11016 Comm: syz.0.1647 Not tainted syzkaller #0
[  502.454325][T11016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  502.464406][T11016] Call Trace:
[  502.467736][T11016]  <TASK>
[  502.470696][T11016]  dump_stack_lvl+0x18c/0x250
[  502.475402][T11016]  ? show_regs_print_info+0x20/0x20
[  502.480617][T11016]  ? load_image+0x400/0x400
[  502.485138][T11016]  ? __might_fault+0xaa/0x120
[  502.489835][T11016]  ? __lock_acquire+0x7d40/0x7d40
[  502.494884][T11016]  should_fail_ex+0x39d/0x4d0
[  502.499585][T11016]  _copy_from_user+0x2f/0xe0
[  502.504196][T11016]  ___sys_sendmsg+0x1c7/0x360
[  502.508891][T11016]  ? __sys_sendmsg+0x2a0/0x2a0
[  502.513771][T11016]  ? __lock_acquire+0x7d40/0x7d40
[  502.518851][T11016]  __se_sys_sendmsg+0x1c2/0x2b0
[  502.523731][T11016]  ? __x64_sys_sendmsg+0x80/0x80
[  502.528703][T11016]  ? lockdep_hardirqs_on+0x98/0x150
[  502.533934][T11016]  do_syscall_64+0x55/0xa0
[  502.538381][T11016]  ? clear_bhb_loop+0x40/0x90
[  502.543077][T11016]  ? clear_bhb_loop+0x40/0x90
[  502.547792][T11016]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  502.553712][T11016] RIP: 0033:0x7fa8ebd9c799
[  502.558157][T11016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  502.577801][T11016] RSP: 002b:00007fa8ecd1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  502.586249][T11016] RAX: ffffffffffffffda RBX: 00007fa8ec015fa0 RCX: 00007fa8ebd9c799
[  502.594340][T11016] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000007
[  502.602333][T11016] RBP: 00007fa8ecd1a090 R08: 0000000000000000 R09: 0000000000000000
[  502.610323][T11016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.618313][T11016] R13: 00007fa8ec016038 R14: 00007fa8ec015fa0 R15: 00007ffda997e7a8
[  502.626326][T11016]  </TASK>
[  502.914540][   T34] wlan1: Trigger new scan to find an IBSS to join
[  502.939087][T11018] delete_channel: no stack
[  503.214896][T11026] netlink: 'syz.2.1651': attribute type 10 has an invalid length.
[  503.287834][T11026] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  504.252026][T11036] delete_channel: no stack
[  504.914301][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  504.936936][T11047] bridge0: port 1(bridge_slave_0) entered forwarding state
[  505.026098][T11052] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  505.603178][T11054] delete_channel: no stack
[  505.897575][   T34] wlan1: Creating new IBSS network, BSSID 86:a3:31:5a:9f:2b
[  505.945458][   T34] wlan1: Trigger new scan to find an IBSS to join
[  506.051258][T11070] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  506.075290][T11066] netlink: 'syz.3.1661': attribute type 3 has an invalid length.
[  506.146407][T11066] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1661'.
[  506.847551][   T49] wlan1: Creating new IBSS network, BSSID 42:44:bb:0e:ad:0d
[  506.903755][T11080] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  507.991565][T11092] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  508.273077][T11096] netlink: 'syz.3.1668': attribute type 10 has an invalid length.
[  508.384199][T11096] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1668'.
[  508.626749][T11107] netlink: 'syz.1.1670': attribute type 3 has an invalid length.
[  508.639772][T11107] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1670'.
[  509.144299][T11111] syz.1.1672 (11111) used obsolete PPPIOCDETACH ioctl
[  510.209328][T11115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  510.249550][T11124] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  512.050923][T11138] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  512.417126][T11149] pim6reg1: entered promiscuous mode
[  512.422507][T11149] pim6reg1: entered allmulticast mode
[  512.778471][T11152] FAULT_INJECTION: forcing a failure.
[  512.778471][T11152] name failslab, interval 1, probability 0, space 0, times 0
[  512.881369][T11152] CPU: 0 PID: 11152 Comm: syz.1.1683 Not tainted syzkaller #0
[  512.888985][T11152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  512.899094][T11152] Call Trace:
[  512.902414][T11152]  <TASK>
[  512.905380][T11152]  dump_stack_lvl+0x18c/0x250
[  512.910124][T11152]  ? show_regs_print_info+0x20/0x20
[  512.915416][T11152]  ? load_image+0x400/0x400
[  512.920003][T11152]  ? __might_sleep+0xe0/0xe0
[  512.924667][T11152]  ? __lock_acquire+0x7d40/0x7d40
[  512.929802][T11152]  should_fail_ex+0x39d/0x4d0
[  512.934551][T11152]  should_failslab+0x9/0x20
[  512.939130][T11152]  slab_pre_alloc_hook+0x59/0x310
[  512.944222][T11152]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  512.949998][T11152]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  512.955771][T11152]  __kmem_cache_alloc_node+0x53/0x250
[  512.961208][T11152]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  512.966979][T11152]  __kmalloc+0xa4/0x230
[  512.971187][T11152]  tomoyo_realpath_from_path+0xe3/0x5d0
[  512.976795][T11152]  tomoyo_path_number_perm+0x248/0x620
[  512.982312][T11152]  ? tomoyo_path_number_perm+0x217/0x620
[  512.988042][T11152]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  512.993570][T11152]  ? ksys_write+0x1c4/0x260
[  512.998229][T11152]  ? __fget_files+0x28/0x4b0
[  513.002892][T11152]  ? __fget_files+0x28/0x4b0
[  513.007563][T11152]  security_file_ioctl+0x70/0xa0
[  513.012559][T11152]  __se_sys_ioctl+0x48/0x170
[  513.017204][T11152]  do_syscall_64+0x55/0xa0
[  513.021676][T11152]  ? clear_bhb_loop+0x40/0x90
[  513.026403][T11152]  ? clear_bhb_loop+0x40/0x90
[  513.031164][T11152]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  513.037103][T11152] RIP: 0033:0x7fa1a719c799
[  513.041549][T11152] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  513.061184][T11152] RSP: 002b:00007fa1a7fb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  513.069630][T11152] RAX: ffffffffffffffda RBX: 00007fa1a7415fa0 RCX: 00007fa1a719c799
[  513.077636][T11152] RDX: 0000200000000080 RSI: 0000000000008983 RDI: 000000000000000b
[  513.085645][T11152] RBP: 00007fa1a7fb6090 R08: 0000000000000000 R09: 0000000000000000
[  513.093653][T11152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.101656][T11152] R13: 00007fa1a7416038 R14: 00007fa1a7415fa0 R15: 00007ffe88b0a028
[  513.109684][T11152]  </TASK>
[  513.124522][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  513.295554][T11152] ERROR: Out of memory at tomoyo_realpath_from_path.
[  513.454680][T11155] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  513.843292][T11163] netlink: 'syz.2.1687': attribute type 3 has an invalid length.
[  513.879555][T11163] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1687'.
[  514.085245][T11166] netlink: 'syz.1.1688': attribute type 21 has an invalid length.
[  514.114419][T11166] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1688'.
[  514.624458][T11169] syzkaller0: entered promiscuous mode
[  514.650606][T11169] syzkaller0: entered allmulticast mode
[  514.736083][T11174] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.801654][T11170] delete_channel: no stack
[  515.954936][   T49] wlan1: Trigger new scan to find an IBSS to join
[  517.959507][   T49] wlan1: Trigger new scan to find an IBSS to join
[  517.979687][T11199] netlink: 'syz.1.1699': attribute type 3 has an invalid length.
[  518.012490][T11199] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1699'.
[  518.915188][ T2990] wlan1: Creating new IBSS network, BSSID 46:3e:8a:65:bd:bc
[  518.926477][T11184] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  518.954429][T11187] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  518.986843][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  519.205368][T11204] delete_channel: no stack
[  519.209628][T11208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  519.538937][T11211] delete_channel: no stack
[  519.625808][T11216] FAULT_INJECTION: forcing a failure.
[  519.625808][T11216] name failslab, interval 1, probability 0, space 0, times 0
[  519.675815][T11216] CPU: 1 PID: 11216 Comm: syz.2.1706 Not tainted syzkaller #0
[  519.683360][T11216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  519.693451][T11216] Call Trace:
[  519.696789][T11216]  <TASK>
[  519.699769][T11216]  dump_stack_lvl+0x18c/0x250
[  519.704498][T11216]  ? show_regs_print_info+0x20/0x20
[  519.709743][T11216]  ? load_image+0x400/0x400
[  519.714301][T11216]  ? __might_sleep+0xe0/0xe0
[  519.718941][T11216]  ? __lock_acquire+0x7d40/0x7d40
[  519.724019][T11216]  should_fail_ex+0x39d/0x4d0
[  519.728747][T11216]  should_failslab+0x9/0x20
[  519.733356][T11216]  slab_pre_alloc_hook+0x59/0x310
[  519.738425][T11216]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  519.744189][T11216]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  519.749948][T11216]  __kmem_cache_alloc_node+0x53/0x250
[  519.755380][T11216]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  519.761140][T11216]  __kmalloc+0xa4/0x230
[  519.765351][T11216]  tomoyo_realpath_from_path+0xe3/0x5d0
[  519.770954][T11216]  tomoyo_path_number_perm+0x248/0x620
[  519.776473][T11216]  ? tomoyo_path_number_perm+0x217/0x620
[  519.782181][T11216]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  519.787705][T11216]  ? ksys_write+0x1c4/0x260
[  519.792280][T11216]  ? __fget_files+0x28/0x4b0
[  519.796913][T11216]  ? __fget_files+0x28/0x4b0
[  519.801553][T11216]  security_file_ioctl+0x70/0xa0
[  519.806596][T11216]  __se_sys_ioctl+0x48/0x170
[  519.811246][T11216]  do_syscall_64+0x55/0xa0
[  519.815710][T11216]  ? clear_bhb_loop+0x40/0x90
[  519.820437][T11216]  ? clear_bhb_loop+0x40/0x90
[  519.825180][T11216]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  519.831116][T11216] RIP: 0033:0x7fd00639c799
[  519.835567][T11216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  519.855230][T11216] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  519.863679][T11216] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  519.871691][T11216] RDX: 0000200000000000 RSI: 0000000000008b32 RDI: 0000000000000003
[  519.879707][T11216] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  519.887717][T11216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  519.895728][T11216] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  519.903766][T11216]  </TASK>
[  519.924837][T11216] ERROR: Out of memory at tomoyo_realpath_from_path.
[  520.393570][T11223] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  520.791213][T11230] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  520.831627][T11229] netlink: 'syz.2.1710': attribute type 3 has an invalid length.
[  520.847287][T11229] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1710'.
[  520.878396][T11234] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  521.041547][T11237] FAULT_INJECTION: forcing a failure.
[  521.041547][T11237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  521.073106][T11237] CPU: 1 PID: 11237 Comm: syz.2.1712 Not tainted syzkaller #0
[  521.080613][T11237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  521.090693][T11237] Call Trace:
[  521.094027][T11237]  <TASK>
[  521.097030][T11237]  dump_stack_lvl+0x18c/0x250
[  521.101760][T11237]  ? show_regs_print_info+0x20/0x20
[  521.107009][T11237]  ? load_image+0x400/0x400
[  521.111555][T11237]  ? __might_fault+0xaa/0x120
[  521.116281][T11237]  ? __lock_acquire+0x7d40/0x7d40
[  521.121356][T11237]  should_fail_ex+0x39d/0x4d0
[  521.126088][T11237]  _copy_from_user+0x2f/0xe0
[  521.130728][T11237]  __sys_bpf+0x23e/0x890
[  521.135006][T11237]  ? bpf_link_show_fdinfo+0x390/0x390
[  521.140438][T11237]  ? lock_chain_count+0x20/0x20
[  521.145355][T11237]  __x64_sys_bpf+0x7c/0x90
[  521.149806][T11237]  do_syscall_64+0x55/0xa0
[  521.154252][T11237]  ? clear_bhb_loop+0x40/0x90
[  521.158950][T11237]  ? clear_bhb_loop+0x40/0x90
[  521.163646][T11237]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  521.169565][T11237] RIP: 0033:0x7fd00639c799
[  521.174091][T11237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  521.193726][T11237] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  521.202163][T11237] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  521.210148][T11237] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[  521.218131][T11237] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  521.226131][T11237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.234127][T11237] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  521.242131][T11237]  </TASK>
[  521.380608][T11239] bridge0: port 1(bridge_slave_0) entered forwarding state
[  521.600287][T11243] delete_channel: no stack
[  521.609569][T11246] netlink: 'syz.1.1717': attribute type 29 has an invalid length.
[  521.644911][T11246] netlink: 'syz.1.1717': attribute type 29 has an invalid length.
[  521.695871][T11248] FAULT_INJECTION: forcing a failure.
[  521.695871][T11248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  521.762716][T11248] CPU: 0 PID: 11248 Comm: syz.0.1718 Not tainted syzkaller #0
[  521.770228][T11248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  521.780309][T11248] Call Trace:
[  521.783617][T11248]  <TASK>
[  521.786587][T11248]  dump_stack_lvl+0x18c/0x250
[  521.791322][T11248]  ? show_regs_print_info+0x20/0x20
[  521.796578][T11248]  ? load_image+0x400/0x400
[  521.801130][T11248]  ? __might_fault+0xaa/0x120
[  521.805858][T11248]  ? __lock_acquire+0x7d40/0x7d40
[  521.810947][T11248]  should_fail_ex+0x39d/0x4d0
[  521.815691][T11248]  _copy_from_user+0x2f/0xe0
[  521.820377][T11248]  ___sys_sendmsg+0x1c7/0x360
[  521.825102][T11248]  ? __sys_sendmsg+0x2a0/0x2a0
[  521.829940][T11248]  ? __lock_acquire+0x7d40/0x7d40
[  521.835034][T11248]  __se_sys_sendmsg+0x1c2/0x2b0
[  521.839933][T11248]  ? __x64_sys_sendmsg+0x80/0x80
[  521.844932][T11248]  ? lockdep_hardirqs_on+0x98/0x150
[  521.850184][T11248]  do_syscall_64+0x55/0xa0
[  521.854650][T11248]  ? clear_bhb_loop+0x40/0x90
[  521.859370][T11248]  ? clear_bhb_loop+0x40/0x90
[  521.864091][T11248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  521.870018][T11248] RIP: 0033:0x7fa8ebd9c799
[  521.874502][T11248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  521.894164][T11248] RSP: 002b:00007fa8ecd1a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  521.902606][T11248] RAX: ffffffffffffffda RBX: 00007fa8ec015fa0 RCX: 00007fa8ebd9c799
[  521.910615][T11248] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  521.918648][T11248] RBP: 00007fa8ecd1a090 R08: 0000000000000000 R09: 0000000000000000
[  521.926652][T11248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.934663][T11248] R13: 00007fa8ec016038 R14: 00007fa8ec015fa0 R15: 00007ffda997e7a8
[  521.942669][T11248]  </TASK>
[  522.006121][T11250] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  522.330017][T11263] netlink: 'syz.3.1722': attribute type 3 has an invalid length.
[  522.364372][T11263] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1722'.
[  522.595351][T11272] FAULT_INJECTION: forcing a failure.
[  522.595351][T11272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  522.664495][T11272] CPU: 0 PID: 11272 Comm: syz.3.1725 Not tainted syzkaller #0
[  522.672014][T11272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  522.682103][T11272] Call Trace:
[  522.685424][T11272]  <TASK>
[  522.688385][T11272]  dump_stack_lvl+0x18c/0x250
[  522.693124][T11272]  ? show_regs_print_info+0x20/0x20
[  522.698389][T11272]  ? load_image+0x400/0x400
[  522.702946][T11272]  ? __might_fault+0xaa/0x120
[  522.707662][T11272]  ? __lock_acquire+0x7d40/0x7d40
[  522.712752][T11272]  should_fail_ex+0x39d/0x4d0
[  522.717506][T11272]  _copy_from_user+0x2f/0xe0
[  522.722141][T11272]  __sys_bpf+0x23e/0x890
[  522.726430][T11272]  ? bpf_link_show_fdinfo+0x390/0x390
[  522.731864][T11272]  ? lock_chain_count+0x20/0x20
[  522.736769][T11272]  __x64_sys_bpf+0x7c/0x90
[  522.741231][T11272]  do_syscall_64+0x55/0xa0
[  522.745703][T11272]  ? clear_bhb_loop+0x40/0x90
[  522.750437][T11272]  ? clear_bhb_loop+0x40/0x90
[  522.755197][T11272]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  522.761133][T11272] RIP: 0033:0x7f692f99c799
[  522.765579][T11272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  522.785257][T11272] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  522.793707][T11272] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  522.801718][T11272] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  522.809722][T11272] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  522.817726][T11272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  522.825736][T11272] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  522.833767][T11272]  </TASK>
[  522.909569][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  522.916390][ T2990] wlan1: Trigger new scan to find an IBSS to join
[  523.170933][T11280] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  523.370999][T11286] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  523.599167][T11284] delete_channel: no stack
[  523.672965][T11293] netlink: 'syz.0.1732': attribute type 29 has an invalid length.
[  523.683081][T11293] netlink: 'syz.0.1732': attribute type 29 has an invalid length.
[  523.941920][T11297] netlink: 'syz.0.1734': attribute type 3 has an invalid length.
[  523.983397][T11297] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1734'.
[  524.474724][T11306] netlink: 'syz.0.1736': attribute type 29 has an invalid length.
[  524.483500][T11306] netlink: 'syz.0.1736': attribute type 29 has an invalid length.
[  524.565173][T11301] netlink: 'syz.0.1736': attribute type 29 has an invalid length.
[  525.377148][T11314] FAULT_INJECTION: forcing a failure.
[  525.377148][T11314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  525.457481][T11314] CPU: 1 PID: 11314 Comm: syz.2.1738 Not tainted syzkaller #0
[  525.465006][T11314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  525.475112][T11314] Call Trace:
[  525.478420][T11314]  <TASK>
[  525.481389][T11314]  dump_stack_lvl+0x18c/0x250
[  525.486133][T11314]  ? show_regs_print_info+0x20/0x20
[  525.491389][T11314]  ? load_image+0x400/0x400
[  525.496015][T11314]  ? __might_fault+0xaa/0x120
[  525.500741][T11314]  ? __lock_acquire+0x7d40/0x7d40
[  525.505826][T11314]  should_fail_ex+0x39d/0x4d0
[  525.510583][T11314]  _copy_from_user+0x2f/0xe0
[  525.515235][T11314]  ___sys_sendmsg+0x1c7/0x360
[  525.519987][T11314]  ? __sys_sendmsg+0x2a0/0x2a0
[  525.524821][T11314]  ? __lock_acquire+0x7d40/0x7d40
[  525.529921][T11314]  __se_sys_sendmsg+0x1c2/0x2b0
[  525.534817][T11314]  ? __x64_sys_sendmsg+0x80/0x80
[  525.539819][T11314]  ? lockdep_hardirqs_on+0x98/0x150
[  525.545068][T11314]  do_syscall_64+0x55/0xa0
[  525.549532][T11314]  ? clear_bhb_loop+0x40/0x90
[  525.554251][T11314]  ? clear_bhb_loop+0x40/0x90
[  525.558969][T11314]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  525.564939][T11314] RIP: 0033:0x7fd00639c799
[  525.569390][T11314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  525.589031][T11314] RSP: 002b:00007fd007307028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  525.597481][T11314] RAX: ffffffffffffffda RBX: 00007fd006616090 RCX: 00007fd00639c799
[  525.605485][T11314] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000008
[  525.613527][T11314] RBP: 00007fd007307090 R08: 0000000000000000 R09: 0000000000000000
[  525.621533][T11314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  525.629535][T11314] R13: 00007fd006616128 R14: 00007fd006616090 R15: 00007fff33d68e18
[  525.637659][T11314]  </TASK>
[  525.789540][T11320] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  525.944221][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  525.974839][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  526.796237][T11328] delete_channel: no stack
[  527.689473][T11339] netlink: 'syz.1.1745': attribute type 3 has an invalid length.
[  527.713415][T11339] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1745'.
[  527.950475][   T34] wlan1: Trigger new scan to find an IBSS to join
[  528.597005][T11343] netlink: 'syz.1.1746': attribute type 33 has an invalid length.
[  528.658890][T11343] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1746'.
[  528.968666][T11354] FAULT_INJECTION: forcing a failure.
[  528.968666][T11354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  528.997597][T11354] CPU: 0 PID: 11354 Comm: syz.3.1749 Not tainted syzkaller #0
[  529.005123][T11354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  529.015254][T11354] Call Trace:
[  529.018596][T11354]  <TASK>
[  529.021603][T11354]  dump_stack_lvl+0x18c/0x250
[  529.026374][T11354]  ? show_regs_print_info+0x20/0x20
[  529.031646][T11354]  ? load_image+0x400/0x400
[  529.036225][T11354]  ? __might_fault+0xaa/0x120
[  529.040961][T11354]  ? __lock_acquire+0x7d40/0x7d40
[  529.046042][T11354]  should_fail_ex+0x39d/0x4d0
[  529.050790][T11354]  _copy_from_user+0x2f/0xe0
[  529.055431][T11354]  __sys_bpf+0x23e/0x890
[  529.059728][T11354]  ? bpf_link_show_fdinfo+0x390/0x390
[  529.065184][T11354]  ? lock_chain_count+0x20/0x20
[  529.070084][T11354]  __x64_sys_bpf+0x7c/0x90
[  529.074536][T11354]  do_syscall_64+0x55/0xa0
[  529.078985][T11354]  ? clear_bhb_loop+0x40/0x90
[  529.083699][T11354]  ? clear_bhb_loop+0x40/0x90
[  529.088421][T11354]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  529.094341][T11354] RIP: 0033:0x7f692f99c799
[  529.098791][T11354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  529.118431][T11354] RSP: 002b:00007f69308ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  529.126892][T11354] RAX: ffffffffffffffda RBX: 00007f692fc15fa0 RCX: 00007f692f99c799
[  529.134889][T11354] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000002
[  529.142888][T11354] RBP: 00007f69308ef090 R08: 0000000000000000 R09: 0000000000000000
[  529.150890][T11354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.158899][T11354] R13: 00007f692fc16038 R14: 00007f692fc15fa0 R15: 00007fffd9b10ae8
[  529.166953][T11354]  </TASK>
[  529.430634][T11357] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  529.667125][T11361] delete_channel: no stack
[  530.027708][T11368] netlink: 'syz.2.1754': attribute type 3 has an invalid length.
[  530.039839][T11368] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1754'.
[  530.148057][T11369] delete_channel: no stack
[  530.334789][T11378] netlink: 'syz.1.1756': attribute type 29 has an invalid length.
[  530.349880][T11378] netlink: 'syz.1.1756': attribute type 29 has an invalid length.
[  530.360761][T11374] netlink: 'syz.1.1756': attribute type 29 has an invalid length.
[  530.410556][T11379] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1758'.
[  530.563517][T11383] bridge0: port 1(bridge_slave_0) entered forwarding state
[  530.689922][T11386] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  530.703503][T11384] delete_channel: no stack
[  530.899127][T11389] delete_channel: no stack
[  530.909253][ T2943] wlan1: Trigger new scan to find an IBSS to join
[  530.952713][T11394] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.107470][T11396] FAULT_INJECTION: forcing a failure.
[  531.107470][T11396] name failslab, interval 1, probability 0, space 0, times 0
[  531.124193][T11396] CPU: 0 PID: 11396 Comm: syz.2.1765 Not tainted syzkaller #0
[  531.131695][T11396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  531.141785][T11396] Call Trace:
[  531.145088][T11396]  <TASK>
[  531.148038][T11396]  dump_stack_lvl+0x18c/0x250
[  531.152758][T11396]  ? show_regs_print_info+0x20/0x20
[  531.157987][T11396]  ? load_image+0x400/0x400
[  531.162517][T11396]  ? __might_sleep+0xe0/0xe0
[  531.167135][T11396]  ? __lock_acquire+0x7d40/0x7d40
[  531.172175][T11396]  should_fail_ex+0x39d/0x4d0
[  531.176882][T11396]  should_failslab+0x9/0x20
[  531.181424][T11396]  slab_pre_alloc_hook+0x59/0x310
[  531.186482][T11396]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  531.192219][T11396]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  531.197953][T11396]  __kmem_cache_alloc_node+0x53/0x250
[  531.203344][T11396]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  531.209078][T11396]  __kmalloc+0xa4/0x230
[  531.213257][T11396]  tomoyo_realpath_from_path+0xe3/0x5d0
[  531.218825][T11396]  tomoyo_path_number_perm+0x248/0x620
[  531.224306][T11396]  ? tomoyo_path_number_perm+0x217/0x620
[  531.229961][T11396]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  531.235472][T11396]  ? __fget_files+0x28/0x4b0
[  531.240096][T11396]  ? __fget_files+0x28/0x4b0
[  531.244720][T11396]  security_file_ioctl+0x70/0xa0
[  531.249681][T11396]  __se_sys_ioctl+0x48/0x170
[  531.254292][T11396]  do_syscall_64+0x55/0xa0
[  531.258724][T11396]  ? clear_bhb_loop+0x40/0x90
[  531.263412][T11396]  ? clear_bhb_loop+0x40/0x90
[  531.268108][T11396]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  531.274024][T11396] RIP: 0033:0x7fd00639c799
[  531.278458][T11396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  531.298096][T11396] RSP: 002b:00007fd007328028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  531.306521][T11396] RAX: ffffffffffffffda RBX: 00007fd006615fa0 RCX: 00007fd00639c799
[  531.314507][T11396] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 000000000000000b
[  531.322484][T11396] RBP: 00007fd007328090 R08: 0000000000000000 R09: 0000000000000000
[  531.330459][T11396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.338447][T11396] R13: 00007fd006616038 R14: 00007fd006615fa0 R15: 00007fff33d68e18
[  531.346452][T11396]  </TASK>
[  531.380862][T11398] netlink: 'syz.1.1766': attribute type 3 has an invalid length.
[  531.391971][T11396] ERROR: Out of memory at tomoyo_realpath_from_path.
[  531.443705][T11398] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1766'.
[  531.543423][T11399] delete_channel: no stack
[  531.601369][T11405] netlink: 'syz.2.1769': attribute type 29 has an invalid length.
[  531.635307][T11405] netlink: 'syz.2.1769': attribute type 29 has an invalid length.
[  531.644891][T11404] netlink: 'syz.2.1769': attribute type 29 has an invalid length.
[  531.723928][T11407] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1770'.
[  531.765410][T11407] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1770'.
[  531.805119][T11410] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1770'.
[  531.846545][T11409] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.875702][T11407] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1770'.
[  531.947491][T11410] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1770'.
[  532.223610][   T49] wlan1: Creating new IBSS network, BSSID ca:c9:25:6a:44:d5
[  532.238055][ T2943] ------------[ cut here ]------------
[  532.243781][ T2943] WARNING: CPU: 1 PID: 2943 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440
[  532.253735][ T2943] Modules linked in:
[  532.253961][T11416] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  532.258071][ T2943] CPU: 1 PID: 2943 Comm: kworker/u4:7 Not tainted syzkaller #0
[  532.258118][ T2943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  532.258132][ T2943] Workqueue: cfg80211 cfg80211_event_work
[  532.258159][ T2943] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[  532.258187][ T2943] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 47 d3 a1 f7 0f 0b eb bb e8 3e d3 a1 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 30 d3 a1 f7 0f 0b e9 e0 fd ff ff e8
[  532.258205][ T2943] RSP: 0018:ffffc9000c047a20 EFLAGS: 00010293
[  532.258226][ T2943] RAX: ffffffff89e54922 RBX: dffffc0000000000 RCX: ffff88802c02da00
[  532.258243][ T2943] RDX: 0000000000000000 RSI: ffffffff8acac960 RDI: ffffffff8b1c85a0
[  532.258275][ T2943] RBP: ffffc9000c047af8 R08: ffffffff911c156f R09: 1ffffffff22382ad
[  532.258291][ T2943] R10: dffffc0000000000 R11: fffffbfff22382ae R12: ffff88805d484c90
[  532.258307][ T2943] R13: 1ffff92001808f4c R14: ffff88801e75b5b8 R15: 000000000000001f
[  532.258324][ T2943] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  532.258342][ T2943] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  532.258357][ T2943] CR2: 00002000000029c0 CR3: 0000000030bbd000 CR4: 00000000003506e0
[  532.258376][ T2943] DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000
[  532.258391][ T2943] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  532.258406][ T2943] Call Trace:
[  532.258415][ T2943]  <TASK>
[  532.258426][ T2943]  ? mutex_lock_nested+0x20/0x20
[  532.258465][ T2943]  ? trace_rdev_return_void+0x1c0/0x1c0
[  532.258505][ T2943]  cfg80211_process_wdev_events+0x3bc/0x550
[  532.258545][ T2943]  cfg80211_process_rdev_events+0xa1/0x110
[  532.258574][ T2943]  cfg80211_event_work+0x2f/0x40
[  532.258595][ T2943]  ? process_scheduled_works+0x96f/0x15d0
[  532.258622][ T2943]  process_scheduled_works+0xa5d/0x15d0
[  532.258686][ T2943]  ? worker_attach_to_pool+0x380/0x380
[  532.258722][ T2943]  ? assign_work+0x3d2/0x5d0
[  532.258757][ T2943]  worker_thread+0xa55/0xfc0
[  532.258786][ T2943]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  532.258812][ T2943]  ? _raw_spin_unlock+0x40/0x40
[  532.258834][ T2943]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  532.258886][ T2943]  kthread+0x2fa/0x390
[  532.258906][ T2943]  ? pr_cont_work+0x560/0x560
[  532.258933][ T2943]  ? kthread_blkcg+0xd0/0xd0
[  532.258955][ T2943]  ret_from_fork+0x48/0x80
[  532.258980][ T2943]  ? kthread_blkcg+0xd0/0xd0
[  532.259003][ T2943]  ret_from_fork_asm+0x11/0x20
[  532.259052][ T2943]  </TASK>
[  532.259063][ T2943] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  532.259073][ T2943] CPU: 1 PID: 2943 Comm: kworker/u4:7 Not tainted syzkaller #0
[  532.259089][ T2943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  532.259100][ T2943] Workqueue: cfg80211 cfg80211_event_work
[  532.259119][ T2943] Call Trace:
[  532.259126][ T2943]  <TASK>
[  532.259133][ T2943]  dump_stack_lvl+0x18c/0x250
[  532.259166][ T2943]  ? show_regs_print_info+0x20/0x20
[  532.259196][ T2943]  ? load_image+0x400/0x400
[  532.259237][ T2943]  panic+0x2dc/0x730
[  532.259274][ T2943]  ? bpf_jit_dump+0xd0/0xd0
[  532.259311][ T2943]  ? ret_from_fork_asm+0x11/0x20
[  532.259419][ T2943]  __warn+0x2e0/0x470
[  532.259473][ T2943]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  532.259549][ T2943]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  532.259613][ T2943]  report_bug+0x2be/0x4f0
[  532.259658][ T2943]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  532.259714][ T2943]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  532.259770][ T2943]  ? __cfg80211_ibss_joined+0x3d4/0x440
[  532.259825][ T2943]  handle_bug+0xcf/0x120
[  532.259898][ T2943]  exc_invalid_op+0x1a/0x50
[  532.259971][ T2943]  asm_exc_invalid_op+0x1a/0x20
[  532.260019][ T2943] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[  532.260082][ T2943] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 47 d3 a1 f7 0f 0b eb bb e8 3e d3 a1 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 30 d3 a1 f7 0f 0b e9 e0 fd ff ff e8
[  532.260119][ T2943] RSP: 0018:ffffc9000c047a20 EFLAGS: 00010293
[  532.260164][ T2943] RAX: ffffffff89e54922 RBX: dffffc0000000000 RCX: ffff88802c02da00
[  532.260199][ T2943] RDX: 0000000000000000 RSI: ffffffff8acac960 RDI: ffffffff8b1c85a0
[  532.260228][ T2943] RBP: ffffc9000c047af8 R08: ffffffff911c156f R09: 1ffffffff22382ad
[  532.260265][ T2943] R10: dffffc0000000000 R11: fffffbfff22382ae R12: ffff88805d484c90
[  532.260302][ T2943] R13: 1ffff92001808f4c R14: ffff88801e75b5b8 R15: 000000000000001f
[  532.260359][ T2943]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  532.260439][ T2943]  ? mutex_lock_nested+0x20/0x20
[  532.260525][ T2943]  ? trace_rdev_return_void+0x1c0/0x1c0
[  532.260616][ T2943]  cfg80211_process_wdev_events+0x3bc/0x550
[  532.260701][ T2943]  cfg80211_process_rdev_events+0xa1/0x110
[  532.260770][ T2943]  cfg80211_event_work+0x2f/0x40
[  532.260834][ T2943]  ? process_scheduled_works+0x96f/0x15d0
[  532.260907][ T2943]  process_scheduled_works+0xa5d/0x15d0
[  532.261063][ T2943]  ? worker_attach_to_pool+0x380/0x380
[  532.261145][ T2943]  ? assign_work+0x3d2/0x5d0
[  532.261226][ T2943]  worker_thread+0xa55/0xfc0
[  532.261300][ T2943]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  532.261357][ T2943]  ? _raw_spin_unlock+0x40/0x40
[  532.261404][ T2943]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  532.261520][ T2943]  kthread+0x2fa/0x390
[  532.261560][ T2943]  ? pr_cont_work+0x560/0x560
[  532.261625][ T2943]  ? kthread_blkcg+0xd0/0xd0
[  532.261671][ T2943]  ret_from_fork+0x48/0x80
[  532.261726][ T2943]  ? kthread_blkcg+0xd0/0xd0
[  532.261773][ T2943]  ret_from_fork_asm+0x11/0x20
[  532.261886][ T2943]  </TASK>
[  532.268785][ T2943] Kernel Offset: disabled