last executing test programs: 5.470753683s ago: executing program 2 (id=2681): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) socket$kcm(0x2, 0x200000000000001, 0x106) (async) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x15, 0x0, 0x0) (async) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) socket$kcm(0x29, 0x5, 0x0) (async) close(0xffffffffffffffff) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x800, 0x0, 0x0, 0x1e00, 0x4, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x3, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0x10, &(0x7f00000008c0)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.1GB.usage_in_bytes\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4) (async) syz_clone(0x630c0700, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x2ee0}], 0x13, 0x0, 0x0, 0x10000000}, 0x12cd) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r2, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x570cfe67, 0x200, 0x10000, 0x100, 0x1, 0x37, '\x00', r4, r5, 0x5, 0x0, 0x5}, 0x50) 5.119817244s ago: executing program 4 (id=2686): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x58, &(0x7f0000000380)}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@o_path={0x0, 0x0, 0x4000}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)='%-010d \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 5.048750006s ago: executing program 2 (id=2690): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000002c0)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000080)=0x5, 0x12) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@o_path={0x0, 0x0, 0x4000}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)='%-010d \x00'}, 0x20) r5 = socket$kcm(0x2b, 0x1, 0x0) r6 = socket$kcm(0x2b, 0x1, 0x0) close(r6) socket$kcm(0x2, 0x2, 0x88) close(r6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r8) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000840)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r9, &(0x7f0000001180)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) r10 = perf_event_open(&(0x7f0000000700)={0x5, 0x80, 0x98, 0x6, 0x9, 0xf, 0x0, 0xfff, 0x2000, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0xc}, 0xa900, 0x95f, 0xb, 0x4, 0x7, 0x8, 0x15e, 0x0, 0xa546, 0x0, 0xfffffffffffffffd}, 0xffffffffffffffff, 0xfffffffffffffff6, r0, 0x4) perf_event_open$cgroup(&(0x7f00000001c0)={0x7, 0x80, 0x6, 0x9, 0x2, 0x2, 0x0, 0x4, 0x16401, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xff, 0x4, @perf_config_ext={0x1, 0x4}, 0x100, 0x2, 0xf, 0x5, 0x100, 0x5, 0x800, 0x0, 0x60, 0x0, 0xe4}, r9, 0x3, r10, 0x8) recvmsg$unix(r7, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x1c0) setsockopt$sock_attach_bpf(r5, 0x6, 0x1b, &(0x7f0000000100)=r11, 0x4) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd, '\x00', 0x0, r11}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000009c0)=@bpf_tracing={0x1a, 0x3, &(0x7f00000000c0)=@raw=[@cb_func={0x18, 0x4, 0x4, 0x0, 0x7}, @generic={0xa0, 0xa, 0x6, 0xd13f, 0x88}], 0x0, 0x7, 0xa5, &(0x7f00000002c0)=""/165, 0x41000, 0x9, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x3, 0x2, 0x10001, 0x9}, 0x10, 0x14970, r4, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 4.839969833s ago: executing program 4 (id=2693): r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0xff, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x84, 0xfffffffffffffffc}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x3}, 0x0, 0xf, 0xffffffffffffffff, 0x0) socket$kcm(0x23, 0x5, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x100001, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff3, 0x0, @perf_config_ext={0x85, 0xffffffffffffffff}, 0x3212, 0x7, 0x2, 0x2, 0xc, 0x7, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000004c0)='cpu&\t03\t\t') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYRESDEC=r0], &(0x7f0000000300)=""/167, 0x75, 0xa7, 0x1}, 0x28) socket$kcm(0x10, 0x7, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000001340)=@hci={0x1f, 0x1, 0x47}, 0x80, 0x0}, 0x0) socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0xc112, 0xac5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110ca00000000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0}, 0x0) r4 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r4, &(0x7f0000001700)={&(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10, &(0x7f0000001640)=[{&(0x7f0000000100)="ea", 0x1}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x9, &(0x7f0000000000), 0x98) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000200000", @ANYRES32, @ANYBLOB="13000000000000000000400000010000e9f17b3e5403694b86356e59b2479b6f16d7993a4057906928d81f975ab635975110529a333d4060c8bba48cff97712dc02014c5882a15c911c671cf6757cad26e7a69fcea1ba4fa209266a0fa18d5be0dbd44fb9573ba0463b293cdc956ef01e724f9c80dd5bb0e5d2312935d192b0a67b6b0dc1ec997e7a37c4f893caa489bb141d874781ded5cd566538a868022688401ccfc9b391ce58d7563cfca9b0ef4b16abb1abf083acbad6a1efab53fa44df7fb42d7da2c3dcdf9c2b23aa1996a56ff000000de6a99679767adb3da3c45f6be0f95ab770dd3c0077f0a395067a88d407961adbdd43432ad08a10cf7d219d2e1a41f3e802a483e2aa61a7b9cb99544e105155a23aa68eba2a203564a481e24d2c0d4955fc6e421033bc84bdc86991feb968d80de84ead4255408eba4b798c8e38548a80b474cdd859a75739f92bf7e7ade63b5029e1ef8372d29541adaa44c65065f4e4c77da6f99c2f8caad648c3aaf4e2f12dccb24920327bcff3b19e758f67f835ec20f2ca4a18e49e660ccf3aaa1c9605e1fbb2ab58019fd1b416dbbd8405d33999c05fa5502083221c0ba72b1fec5c9aef44c5d679b7fd1d57e45e8d8d311d421d54b9c1977f9698bab2f0b13aa7168a8d2fbb2f44e187a9ec2a0ab402856302c4344ef46682ae9804036cdd29af5931a38ea26e6915590a1caab1ccc649518f546cbdd32ea1aec2211b5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018010000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x8810, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffc}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x4e22, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18001f6f000000001001000001000000dc00000000000000"], 0x18}, 0x2004fc10) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_config_ext={0xff, 0x4}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x1000009, 0x8, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_config_ext={0xff, 0xb}, 0x10, 0x80000001, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000680), 0x0, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) ioctl$TUNSETFILTEREBPF(r8, 0x800454e1, &(0x7f00000000c0)=r2) 4.741492536s ago: executing program 1 (id=2694): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000440), 0x3d) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x87, 0x87, 0x6, [@union={0x3, 0x4, 0x0, 0x5, 0x1, 0x2cf, [{0x1, 0x0, 0x5}, {0x7, 0x0, 0x7}, {0xe, 0x0, 0x1}, {0x8, 0x2, 0xa6}]}, @datasec={0x5, 0x4, 0x0, 0xf, 0x3, [{0x1, 0x2}, {0x2, 0x2, 0x3ff}, {0x4, 0x88b3, 0x2}, {0x2, 0xa}], "d735d5"}, @ptr={0xb}]}, {0x0, [0x2e, 0x0, 0x30, 0x0]}}, &(0x7f0000000100)=""/18, 0xa6, 0x12, 0x8, 0x5, 0x10000}, 0x28) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f00000000c0), 0xb9) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=@base={0xa, 0x16, 0xb4, 0x3}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @generic={0x79}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x1}, 0x94) close(r0) 4.631157279s ago: executing program 2 (id=2696): r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000046000000760000000000000027000000ffffffff9500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x23) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000001, 0x1, @perf_bp={0x0}, 0x8061, 0x3, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000080)) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffdffd, 0x0, 0x0, 0x0, 0x800}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x4a, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000000850000007d"], 0x0}, 0x94) (async) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETSTEERINGEBPF(r6, 0x800454e0, &(0x7f0000000180)=r8) write$cgroup_devices(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) (async) r9 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r9, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000002540)=[{&(0x7f0000000000)="b88a000000f00000000000df8100b1", 0xf}], 0x1}, 0x0) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r1, 0xe, 0x0, 0x10, &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)={@map=r9, r2, 0xb, 0x2000, 0x0, @value=r2, @void, @void, @void, r10}, 0x20) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@map=0x1, r0, 0xf, 0x1, r0, @void, @value=r0, @void, @void, r10}, 0x20) 4.560609671s ago: executing program 1 (id=2697): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@fallback=r0, 0x10, 0x0, 0xde, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000080)=[0x0, 0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x0}, 0x40) r3 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cgroup.kill\x00', 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)={@cgroup=r0, 0xffffffffffffffff, 0xa, 0x2001, 0xffffffffffffffff, @value=r3, @void, @void, @void, r2}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000200)={0x80000000}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r1, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000480)=[0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xee, &(0x7f0000000500)=[{}, {}], 0x10, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x1f, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000740)=0xffffffffffffffff, 0x4) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x1c, 0x8001, 0x8d80, 0x672, 0x5800, r3, 0x1d8, '\x00', 0x0, r3, 0x1, 0x4, 0x2}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x20, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe4c, 0x0, 0x0, 0x0, 0x9}, [@btf_id={0x18, 0xa, 0x3, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x92}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x90000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @map_val={0x18, 0x9, 0x2, 0x0, r1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000340)='GPL\x00', 0x9, 0xa5, &(0x7f0000000380)=""/165, 0x41000, 0x2c, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000780)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x1, 0x9, 0x6, 0x401}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000880)=[r7, r0, r3, r3, r3], &(0x7f00000008c0)=[{0x2, 0x4, 0x6, 0x7}, {0x2, 0x4, 0x5}, {0x3, 0x3, 0x3}], 0x10, 0x4}, 0x94) close(r3) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000009c0)=r5, 0x4) openat$cgroup_freezer_state(r3, &(0x7f0000000a00), 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={r1, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000b80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000bc0)=[0x0], 0x0, 0xd4, &(0x7f0000000c00)=[{}, {}], 0x10, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0xf6, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)={0x1b, 0x0, 0x0, 0x9, 0x0, r3, 0x9, '\x00', r4, r8, 0x2, 0x3}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000f80)={{r3, 0xffffffffffffffff}, &(0x7f0000000f00), &(0x7f0000000f40)='%pS \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000fc0)={r1, 0xffffffffffffffff}, 0x4) r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x18, 0x12, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffa}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @map_val={0x18, 0x3, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000b00)='syzkaller\x00', 0x3ff, 0x0, 0x0, 0x41000, 0x68, '\x00', r9, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000e40)={0x0, 0xb, 0x8, 0x400}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000001000)=[r3, 0xffffffffffffffff, r10, r11, r7, r3, r12], &(0x7f0000001040)=[{0x1, 0x3, 0x9, 0x5}, {0x5, 0x5, 0xc, 0xf}, {0x2, 0x3, 0xb, 0x6}, {0x5, 0x1, 0x3, 0x7}, {0x0, 0x3, 0x2, 0x9}, {0x1, 0x3, 0x10, 0x2}, {0x3, 0x5, 0xa, 0x4}, {0x2, 0x1, 0x3, 0x2}, {0x2, 0x4, 0x3, 0x1}]}, 0x94) r14 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001240)=r5, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=@base={0x2, 0x4, 0xb63000, 0x3, 0x8000, r3, 0x81, '\x00', r4, r3, 0x0, 0x1, 0x3, 0x0, @value=r14}, 0x50) perf_event_open(&(0x7f00000012c0)={0x3, 0x80, 0x3, 0xe, 0xac, 0x2, 0x0, 0x9, 0x4100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000001280), 0x1}, 0x4001, 0xf47, 0x1, 0xc, 0x6, 0x6, 0x2, 0x0, 0x1, 0x0, 0x3}, 0x0, 0xe, 0xffffffffffffffff, 0xa) r15 = openat$cgroup_ro(r3, &(0x7f0000001480)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001500)=@bpf_tracing={0x1a, 0x7, &(0x7f0000001340)=@framed={{0x18, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x9}, [@ldst={0x1, 0x1, 0x2, 0x2, 0x0, 0xc, 0x4}, @generic={0x35, 0x0, 0xd, 0x0, 0x9}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x3}]}, &(0x7f0000001380)='syzkaller\x00', 0xa, 0x66, &(0x7f00000013c0)=""/102, 0x40f00, 0x10, '\x00', 0x0, 0x0, r8, 0x8, &(0x7f0000001440)={0x1, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x1bfa4, r15, 0x1, 0x0, &(0x7f00000014c0)=[{0x5, 0x1, 0xe, 0x9}], 0x10, 0xbf}, 0x94) openat$cgroup_int(r3, &(0x7f00000015c0)='memory.swap.high\x00', 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000019c0)={r13, 0xe0, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001700)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f0000001740)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001780)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcb, &(0x7f00000017c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000001800), &(0x7f0000001840), 0x8, 0x92, 0x8, 0x8, &(0x7f0000001880)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x8, 0x12, &(0x7f0000001600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@call={0x85, 0x0, 0x0, 0x46}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000016c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x4, '\x00', r16, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000001a00)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000001a40)={0x0, 0xf, 0x3, 0x100}, 0x10, r5, r3, 0x5, 0x0, &(0x7f0000001a80)=[{0x4, 0x3, 0x8, 0xc}, {0x5, 0x4, 0x7, 0xb}, {0x2, 0x4, 0x7, 0xb}, {0x3, 0x1, 0x2, 0x1}, {0x5, 0x5, 0x9, 0xa}], 0x10, 0x7}, 0x94) ioctl$SIOCSIFHWADDR(r15, 0x8924, &(0x7f0000001bc0)={'team_slave_0\x00'}) r17 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001c00)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_devices(r17, &(0x7f0000001c40)='devices.allow\x00', 0x2, 0x0) openat$cgroup_pressure(r3, &(0x7f0000001c80)='memory.pressure\x00', 0x2, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000001cc0), 0x2, 0x0) 4.340787878s ago: executing program 1 (id=2700): r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.swap.events\x00', 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x50}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x72, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev={0xfe, 0x80, '\x00', 0x33}, 0x8000000}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000100100000100000000000000000000001000000000000000100100000b"], 0x28}, 0x4044454) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r4, 0x1, 0xc, 0x0, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0700000004000000000900000100000028"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000004000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r7}, 0xc) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r7, 0x0, 0x0}, 0x10) sendmsg$kcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x24000000) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x9, 0x7, 0x3, 0x8, 0x11, 0x1, 0x3, '\x00', r2, 0xffffffffffffffff, 0xff800000, 0x0, 0x3}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000005c0)={r8, &(0x7f00000003c0)="d6f9d8c97119f103eee9c431542af45930b447aae3fa3dda087825201db9d2d729110b60a6d0b83b5774a4831e5ab81386daa3efc99a0b49db9d277ba4e8214174de6c4532720921dc1a3d7bd878569fc35d686ee6cbe99eb6615d4f6cafad46f5e4e461ad16e739f869de6f298bd32dcf69305efb5d4a3055e11921183be9e4016f024514f8ea719597464f19810d5f5ac0a0477fccd132199dc15f433994bce457b98a4e2aec5bffc8c3a195dc8aff6c2cab7c55d37d5d6887c2f2445359dfeacd9e", &(0x7f00000004c0)=""/205, 0x4}, 0x20) 4.030536467s ago: executing program 0 (id=2701): socket$kcm(0xa, 0x5, 0x0) socketpair(0x26, 0x5, 0x0, &(0x7f0000000740)) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x189703, 0x0) ioctl$TUNSETIFF(r0, 0x5452, &(0x7f0000000080)={'syzkaller0\x00', 0x8000}) close(r0) r1 = perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xfb, 0x45, 0x70, 0x0, 0x0, 0x1, 0x65419, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_config_ext={0x5, 0xf48}, 0x102080, 0xc, 0x5, 0x1, 0xfff, 0x8, 0x2, 0x0, 0xc0000000, 0x0, 0xd0}, 0x0, 0x9, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = socket$kcm(0x2, 0x5, 0x84) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x48, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x1, 0x1, 0x0, 0x12, 0x0, 0x0, 0xfffd, 0x0, 0x2}, 0x0, 0x7, 0xffffffffffffffff, 0x0) close(r4) (async) sendmsg$inet(r2, &(0x7f00000007c0)={&(0x7f0000000040)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000240)="cc", 0x1}], 0x1}, 0x24044851) (async) sendmsg$inet(r2, &(0x7f0000000840)={&(0x7f0000000280)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000740)=[{&(0x7f00000002c0)='\'', 0x1}], 0x1}, 0x48000) (async) recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r2, 0x84, 0x11, &(0x7f0000000000)=r5, 0x8) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x80000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r6, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) (async) r7 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) (async) r8 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030040000b05d25a806c8c6394f90324fc60100002000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) (async) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000000) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000000)=r7) r9 = getpid() perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x2, 0x3cd, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, r9, 0x0, 0xffffffffffffffff, 0x2) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) (async) syz_clone(0x41064400, 0x0, 0x0, 0x0, 0x0, 0x0) 3.833489353s ago: executing program 3 (id=2703): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x58, &(0x7f0000000380)}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@o_path={0x0, 0x0, 0x4000}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)='%-010d \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 3.800158294s ago: executing program 4 (id=2704): bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="b40500000000000061107826b1a04c284f1f6641389b68000000000000012d00c6"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', r0, @sk_skb}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="b40500000000000061107826b1a04c284f1f6641389b68000000000000012d00c6"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', r0, @sk_skb}, 0x94) (async) 3.701571177s ago: executing program 3 (id=2705): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x4, &(0x7f0000000000)=@raw=[@map_idx, @generic={0x0, 0x0, 0x0, 0x0, 0x9}, @alu={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}], 0x0}, 0x90) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="25390000290003"], 0x33fe0) (async) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100), 0x12) (async) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x3, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x19, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@call={0x85, 0x0, 0x0, 0xa0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000080)) 3.60957888s ago: executing program 4 (id=2706): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\tw\nm'], 0xa) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_bp={0x0, 0x8}, 0x7602, 0x5, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, &(0x7f0000000380)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x75, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006f87c09e8fe55a10a0015400100142603600e12080002000000040104001600400001", 0x37}], 0x1}, 0x0) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0xa}, 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) 1.539137213s ago: executing program 2 (id=2707): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000440), 0x3d) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x87, 0x87, 0x6, [@union={0x3, 0x4, 0x0, 0x5, 0x1, 0x2cf, [{0x1, 0x0, 0x5}, {0x7, 0x0, 0x7}, {0xe, 0x0, 0x1}, {0x8, 0x2, 0xa6}]}, @datasec={0x5, 0x4, 0x0, 0xf, 0x3, [{0x1, 0x2}, {0x2, 0x2, 0x3ff}, {0x4, 0x88b3, 0x2}, {0x2, 0xa}], "d735d5"}, @ptr={0xb}]}, {0x0, [0x2e, 0x0, 0x30, 0x0]}}, &(0x7f0000000100)=""/18, 0xa6, 0x12, 0x8, 0x5, 0x10000}, 0x28) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f00000000c0), 0xb9) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=@base={0xa, 0x16, 0xb4, 0x3}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @generic={0x79}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x1}, 0x94) close(r0) 1.374851508s ago: executing program 0 (id=2708): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0x6, &(0x7f0000000740), 0x4) 1.31592285s ago: executing program 4 (id=2709): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0600000004000000990500000a"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900), 0x404, r2, 0x0, 0x1ba8847c99}, 0x38) r3 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e22}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000340)="80", 0x1}], 0x1}, 0x40810) recvmsg(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000680)=""/264, 0x108}], 0x1, &(0x7f0000000180)=""/7, 0x7}, 0x40000010) r4 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100fe80000000000000080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) r6 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r7, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000001c0)='\x00'}, 0x11) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0xe1, 0xb, 0x6, 0x78, 0x0, 0x0, 0xe8088, 0xa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff, 0x0, @perf_config_ext={0x40000000000009, 0x3}, 0x10a880, 0x9, 0x3, 0x2, 0x5a6a, 0x127, 0x809, 0x0, 0x0, 0x0, 0x3}, r7, 0x1, r6, 0x9) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r6, 0x2405, r4) sendmsg$sock(r5, &(0x7f0000000ec0)={&(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000700)="b40d15cb1777c673ec78f78b39e65ad9bfb094cc3af551e1ce81dd36d1f46a85c8a139020b0afc2080de93f57a67e289a97eb091f8d4886084b28fed47995305bc2f24f391c943228d657136884a1f8a8dc69105a065cd07776ac6fc5f15703549a1dadabb08b621733c6072f7825f61fb139812aa7b81fa05227b3e2528cc6193752b8b1aa2df024907bb7486", 0x8d}, {&(0x7f00000007c0)="4ee7d56137f4c1b789e8a771daa3cc4c693b073bfc69d9443ac0e39be80de342fcd9b2d07d8db7a2909bcf28eec5c3dc9a29a195bde161cb54f49f4184e756ff612e4da53eab372f02eb8aff857434cfbd5de1371091b2138595f4c3b0d38cd8aee1791b3faf4a573cb7f3709fdab54dc8334ad3a8af14d2b7c97ab6c653100202b2a00556b7fd1043d63905b46b0bd0c33fed987656ca9fb170724435df0a0af8d643f64e1047197020089080c40b0b5ce0c5e96a31197ece021b4b7042f8e6019074", 0xc3}, {&(0x7f00000008c0)="c46359cfef7499e231d9ab53efcd4fef2b062465b856a70308e78f2225e55d5fa53dfb986092c3cde3e2410ca056dfd80afe66bafa86dfdf3b151c24b1430e77daf1315f4085a07f1c71a82f1268ac4b708bf3f843a18a161255e43cdedb290e79c1c7d0243eda86dfd7d5167e78ceb56df86e8630ac25cea42683103d9e9fb98a107e81acbf21886ab6240d091cdb72c9dc33bae93b34d0a2639c7f9c9b4e29a9d440868538c496d2f3b4263668e48c54586004f6476e699b8c71b4534d6c71611cfe49060cf3cd0fce1621536aa9e30540814774a304a632f9281772acb520dfc0fcbde26c5bb19ff246bf400f", 0xee}, {&(0x7f0000000a80)="1c8a5ca291c733f7db2027551fb8a35921fc39693d823acfadf4175c8b683361b0db515a285bf3bcf18a40202ac3a1d0fa87019c8a4a1189d188c92530ef5980251c8e8edbf9a5568d61f29d992a68398fb0f5a8411f32e5f7454118420c519a6856a395c9cfbf0aaa383a34b3cd7a53e8f6b9f5a3b6fb4c5cf7be179ae3df30edfe28421bc13ae7daea6d2929f44faf721aeac555d5f12f389caf9b57407fbcd4173af63345024bb89ef96e41119c2952c5da2bc4de001c0c9fa4ba9904286de49423216e46a8d9cecd66f6b4f59b2ee4f42f2de50c314636b5134a102e", 0xde}, {&(0x7f0000000b80)="119d8a8af44acc71fd63c69116e113072b0b47fa173976ef570a4f833e68346456f0809340e88a4dd4c0da80be02ba1ad37dcd416c7d80c00e6afbfdcecd7510eb76ef3090923dd25f941cb2436544a58715560e9367c4803077d996818d40816af946d169551c81a7ccbf74413673f046241f0f9f05b1b36d26db07cb44e60791cc4018831819e788b9328631d1b5f33745172eac0199b6fe280784a2f980774dae0f9ca7bfe2dc7e1ca374f9891d2c855ebb05e8", 0xb5}, {&(0x7f0000000c40)="e78bc30802fe4d152d1470a53510074b5c4ef2a9cf1a70ee3357c096b36273f4e8b0621b8d81281c4b", 0x29}, {&(0x7f0000000c80)="daf15500487d7fe4a87eea35b4b962fcf42580afe54cdfc46963939c6b25dc52b4b158c947f2b1e9cab9ddbc37be5cac135e01f07e077fa203dfbe46c115477bcbba9d136ff3a59eace73c74ebdb29452a13dc3e740b28be0c135b1a1fcac43bab0709f27462b8676f30e97359f182e3fd9f6153f3b2ffc69548a6c6ecfcb95bb5c660ed98a3248fb7604e3d3e4c66a18309486340e8dc77d61f53fe4de8b6e74397e1d1dbc34594aa2465e341fa09c25253c50dfe", 0xb5}, {&(0x7f0000000d40)="b993829144926d732268f223f61f53cb2672f30879e9385aae30906ba5a34d92ce7aaf39ba143ab4aa3f317e1c8425ee713b8dfe0bd55690d71a084c8d7591fffb6983c791c8209056bd0dac2e1d642f96e0691ed640ad32b1274d4cbf5f1863c4d86be85df6d42336dc006b1c0e75d41418d5ae86317ab144e3e9f479e24af268878df4f62df1a2af5f179feaed48913e2c328321edd9257ce7c6", 0x9b}], 0x8, &(0x7f0000000e80)=[@mark={{0x14, 0x1, 0x24, 0x8000}}, @mark={{0x14, 0x1, 0x24, 0x7ff}}], 0x30}, 0x20000000) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r2, 0x58, &(0x7f00000009c0)}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@o_path={0x0, 0x0, 0x4000}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)='%-010d \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0f00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="fd56ddca5d2d77936fbcffffff00"/29, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) 1.31566728s ago: executing program 3 (id=2710): r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) (async) perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) (async) r1 = socket$kcm(0x29, 0x2, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, &(0x7f00000006c0)=""/196, 0x72, 0xc4, 0x1}, 0x28) (async) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x4d32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000001bc0), 0x4}, 0x100910, 0x2, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$kcm(0x21, 0x2, 0xa) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0f00000004000000080000000100000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50) bpf$MAP_CREATE(0x22, 0x0, 0x0) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x15, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018000000000000000000000000000000950000002304f866"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000240)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe66}, 0x3f) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000080)={r2, r4}) (async) setsockopt$sock_attach_bpf(r2, 0x110, 0x2, &(0x7f0000000000), 0x4) (async) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x77, 0x1, 0x0, 0x0, 0x0, 0x4, 0xc0290, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x800, 0xfffffffe, 0x8, 0x4, 0x3, 0xfffb, 0x0, 0xffffffff, 0x0, 0x4}, 0xffffffffffffffff, 0x0, r0, 0x0) (async) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0) (async) sendmsg$kcm(r1, &(0x7f0000005d00)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000004a80)="8b", 0x1}], 0x1}, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000000)=[{&(0x7f0000004500)="d800000016008111e00212ba0d8105040a601100ff0f040b067c55a1bc0009001e0006990300000015000500fe808178a8021500030001400200000901ac04000bd67f6f9400710016277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad85667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b440431629b0b5aa14c3d21e2fa353905e2a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x0) (async) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e0019000f000000028000001294", 0x2e}], 0x1}, 0x0) (async, rerun: 32) recvmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x40) (rerun: 32) 1.31470166s ago: executing program 1 (id=2711): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4) sendmsg$inet(r1, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="028009000000000000000000000000000055d378d209cddd72a925", @ANYRES16=r0], 0x48) r2 = socket$kcm(0x11, 0x7, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23}, 0x94) r3 = syz_clone(0x30000, &(0x7f0000000800)="85d5a9cd6ddbfae01bf019dab52ff17d9bb972b2166239a4134ece58f45daadd529fcf8edb31c6be91c0c42279e2382cad13ed17d9ebac0c6111b9d5ef8321ed53571941df8274d9e77951af63f144a999a50622d1f5c8f38016d72a08311b9d001e2bdd73b31e97bfce7f0c46f5ce40b0427795f70a000000f0f87136abaef790bab3a0b39f5d2fd43fad5606f27a2b0a3942ed5b86e81310ca6db3d96de014ffaad6db063018165a3f5482bfba716dddb74cc3832120", 0xb7, 0x0, 0x0, &(0x7f00000001c0)="47dd957c332f6e301b70c3fdb38effcbbb8925b3a70b67820b40ce16a2a91358e52aa23be8afaf6e") perf_event_open(0x0, r3, 0x2, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe92f5f45114c79f7}, 0x1003b9, 0x7, 0x2000, 0xa, 0x1, 0x0, 0x9}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x5}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) syz_clone(0x51004600, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20) r4 = socket$kcm(0x29, 0x2, 0x0) close(r4) r5 = socket$kcm(0x2b, 0x1, 0x0) close(r5) r6 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r6, 0x0, 0x40) setsockopt$sock_attach_bpf(r4, 0x1, 0xd, &(0x7f0000000080), 0x2cb) close(r5) setsockopt$sock_attach_bpf(r2, 0x107, 0x2, &(0x7f00000000c0), 0x10) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x20000886) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000611008000000000063000eff000000009507000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x2d) 1.31421536s ago: executing program 2 (id=2712): socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41) recvmsg(r1, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) sendmsg$inet(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x41) recvmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)=""/213, 0xd5}, {&(0x7f00000003c0)=""/43, 0x2b}, {&(0x7f0000000400)}, {&(0x7f0000000440)=""/119, 0x77}], 0x4}, 0x10020) recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x61) socket$kcm(0x2, 0x200000000000001, 0x106) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x7, 0x0, 0x9, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffff8d, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040), 0x4) 1.153523205s ago: executing program 0 (id=2713): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 1.094185467s ago: executing program 1 (id=2714): r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0xff, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x84, 0xfffffffffffffffc}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x3}, 0x0, 0xf, 0xffffffffffffffff, 0x0) socket$kcm(0x23, 0x5, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x100001, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff3, 0x0, @perf_config_ext={0x85, 0xffffffffffffffff}, 0x3212, 0x7, 0x2, 0x2, 0xc, 0x7, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000004c0)='cpu&\t03\t\t') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYRESDEC=r0], &(0x7f0000000300)=""/167, 0x75, 0xa7, 0x1}, 0x28) socket$kcm(0x10, 0x7, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000001340)=@hci={0x1f, 0x1, 0x47}, 0x80, 0x0}, 0x0) socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0xc112, 0xac5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110ca00000000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0}, 0x0) r4 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r4, &(0x7f0000001700)={&(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10, &(0x7f0000001640)=[{&(0x7f0000000100)="ea", 0x1}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x9, &(0x7f0000000000), 0x98) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000200000", @ANYRES32, @ANYBLOB="13000000000000000000400000010000e9f17b3e5403694b86356e59b2479b6f16d7993a4057906928d81f975ab635975110529a333d4060c8bba48cff97712dc02014c5882a15c911c671cf6757cad26e7a69fcea1ba4fa209266a0fa18d5be0dbd44fb9573ba0463b293cdc956ef01e724f9c80dd5bb0e5d2312935d192b0a67b6b0dc1ec997e7a37c4f893caa489bb141d874781ded5cd566538a868022688401ccfc9b391ce58d7563cfca9b0ef4b16abb1abf083acbad6a1efab53fa44df7fb42d7da2c3dcdf9c2b23aa1996a56ff000000de6a99679767adb3da3c45f6be0f95ab770dd3c0077f0a395067a88d407961adbdd43432ad08a10cf7d219d2e1a41f3e802a483e2aa61a7b9cb99544e105155a23aa68eba2a203564a481e24d2c0d4955fc6e421033bc84bdc86991feb968d80de84ead4255408eba4b798c8e38548a80b474cdd859a75739f92bf7e7ade63b5029e1ef8372d29541adaa44c65065f4e4c77da6f99c2f8caad648c3aaf4e2f12dccb24920327bcff3b19e758f67f835ec20f2ca4a18e49e660ccf3aaa1c9605e1fbb2ab58019fd1b416dbbd8405d33999c05fa5502083221c0ba72b1fec5c9aef44c5d679b7fd1d57e45e8d8d311d421d54b9c1977f9698bab2f0b13aa7168a8d2fbb2f44e187a9ec2a0ab402856302c4344ef46682ae9804036cdd29af5931a38ea26e6915590a1caab1ccc649518f546cbdd32ea1aec2211b5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018010000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x8810, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffc}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x4e22, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18001f6f000000001001000001000000dc00000000000000"], 0x18}, 0x2004fc10) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_config_ext={0xff, 0x4}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x1000009, 0x8, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_config_ext={0xff, 0xb}, 0x10, 0x80000001, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4) syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000680), 0x0, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) ioctl$TUNSETFILTEREBPF(r8, 0x800454e1, &(0x7f00000000c0)=r2) 1.054512108s ago: executing program 3 (id=2715): ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x9) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9c, 0x10}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9c, 0x10}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) (async) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) (async) r0 = socket$kcm(0xa, 0x5, 0x0) socket$kcm(0x10, 0x2, 0x0) (async) socket$kcm(0x10, 0x2, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000100), 0x1001) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x2040) (async) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x2040) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}}) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r3, &(0x7f00000002c0)=ANY=[], 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000002000000007df8f1e72b839af0e8920000000000003aee1310b467a07100ad03ecb9cb25b68fba5326a675f2add128f8dad71f98b13b385469427efd982ef39119b480e6338cd12aadfd532ba15e90cc5c8c2e4405ec466598ccf76aede90f1e456049be715ea2daaafcf6722e531bbc4492247cd239d805ebb3490b4245d2a7377d93aebf87ba6391b1b2d81bd27721c20a917d6d506e53210369b4f6fadb7e7c711c671f"], 0x0, 0x4, 0x0, 0x0, 0x41100}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\n'], 0x50) socket$kcm(0x2, 0x5, 0x84) (async) r4 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r4, 0x84, 0x84, &(0x7f0000000000), 0x90) (async) setsockopt$sock_attach_bpf(r4, 0x84, 0x84, &(0x7f0000000000), 0x90) r5 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x6, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000e000001000000000400000007010000080700207500fcff0000000095000000d3031a00041f8ea47c2eb2b7639c2ad3a4c89eb40634ab9b5ade7978eb59ff70cd62adbe9c31865cf39dc9e93813d9433f34dad576b1897b3533f883f9e873d9c435ab89afdd4ff0c24c0053f1721e9dc694f461734e10ea76584696317ca540336bc0e60e7d6d44484e01102b1c830d2630c3932755946ba8848b0d93caec1f4d89f99dcd2e9cb4d3646bc48d7ece5cbb87cdd67955cf5c813c05411a276d6afe065ac5849c64aebf30294fc59168bcb9a25164a1826a81cf45e576ef4dd94e292cbbf69d0787fa4b596ce132d7e976b136871cebb77ad2e34ffcf52557e6a0403769815ed13ca7b6c9f2fd7d11461997a57b35715cee9809008af9df0690f5d42d2e0f2d967aa4bc96a7d4b343411ef4d962699ffc5c434cf53339430fe9d668405875e14bea5c4aea70b9de7b9fb36561bdc896a0cc666f0d9b49832984ed9effda637edfb97defbd3219055f5a7ee877c79ec93133f0109e9746acd0cba749390a9b575a129f1838688c21ea8db8"], &(0x7f0000000100)='GPL\x00', 0x3, 0xfa, &(0x7f0000000140)=""/250}, 0x23) setsockopt$sock_attach_bpf(r5, 0x0, 0x30, 0x0, 0x20000) (async) setsockopt$sock_attach_bpf(r5, 0x0, 0x30, 0x0, 0x20000) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8941, 0x0) 943.035511ms ago: executing program 0 (id=2716): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x58, &(0x7f0000000380)}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@o_path={0x0, 0x0, 0x4000}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)='%-010d \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 818.875255ms ago: executing program 0 (id=2717): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@o_path={0x0, 0x0, 0x4000}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)='%-010d \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1e, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000009c0)=@bpf_tracing={0x1a, 0x3, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x4, 0x4, 0x0, 0x7}, @generic={0xa0, 0xa, 0x6, 0xd13f, 0x8}], 0x0, 0x7, 0xa5, &(0x7f00000002c0)=""/165, 0x41000, 0x9, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x3, 0x6, 0x10001, 0x9}, 0x10, 0x14970, r1, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34, 0x18000000}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 743.338017ms ago: executing program 3 (id=2718): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x5}, 0x50) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x401c5820, &(0x7f0000000000)=0x40) ioctl$TUNSETOFFLOAD(r1, 0x80086601, 0x0) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x0, r0}, 0x18) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r1, 0x58, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0xc, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x16, '\x00', r3, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'dummy0\x00', 0x800}) 605.526711ms ago: executing program 0 (id=2719): syz_clone(0x4104d600, 0x0, 0x0, &(0x7f0000001500), 0x0, &(0x7f0000000140)="62016d916eb0f3057808b933062dbd47a0922421355d42a667b7d8132bf51da06c1d3a157d39d5df212e071ad6a06c22848bb48694617eb3617fd85ff4ca8e2b20e5b9ee9a64003a16f1297bbde351b59557f5c0388cb41dfdf4d214c6cfd5d049650bb9118a0e0d0c3ddbbca3269e5f28fab43b36103c830c6d20c8885b4b345856d4989f414af61f469097a31c858154b4157fa5d8ed232db7a6214a0599c32bdbfdd50bfdeefd488a91c8cc5e3c2e87de34848cc127fcfb6f330f39e2e73997e10938deeab1fc05a365398a76b8d604ff897ea557e466d15a05b1f5a1a303e8c12f0d1137e8414b58cb5aeedf8665d4d9280d3147a6d6ae5874e47a593e00000000000000000023f837744fa0a4f6eac61bf7922d757b0ade064745b055edce42f6cf273b6b08462e87c88a80bb66689cf1830e201b6459d2c7dca544f200e30e4e6097761e047c14929e502d512b72ccf471b7bb0cb563401142870d382984efa964aa73c626fc1822de056f44bd347ac95246b7a68a154027c15dad4f630add349ee08f30a4dbccf41fc3952d9d60e879cbed4281f97dbd1ff1048ef5cbca37719336d71a2649a30e00a8cdf53e28abc1d0c3a4cc3436f35ad99f9b77ab67196069b0929e1af24e4ceb2032097124a7a98289b0ef952313d88947d347e5") syz_clone(0x40003500, 0x0, 0x0, 0x0, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x88) close(0x3) 605.198751ms ago: executing program 3 (id=2720): perf_event_open(&(0x7f0000000080)={0x8, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) openat$cgroup_type(r0, &(0x7f0000000200), 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000004000000040400000900000000000000", @ANYRES32, @ANYBLOB="020000000000000000000000000000c14f0000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20], 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0d0000000300000004000000070000", @ANYRES32=r1, @ANYBLOB="b41500000000", @ANYRES32=0x0, @ANYRES32], 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000240)={&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x7fffffff, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000340)={0x4, 0x80, 0x10, 0xce, 0x3, 0xfb, 0x0, 0x83e, 0x4000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000140), 0x2}, 0x413, 0x2000000, 0xd, 0x4, 0x4, 0x7ff, 0x1, 0x0, 0xfffffffa, 0x0, 0x40}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000002c0)='GPL\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000280)={'wg2\x00'}) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004cd56808dd365a76c2f6f6508ed000000000000000100000000000000ea813259872f5308179945abd580", @ANYRES32, @ANYBLOB="feffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) perf_event_open(&(0x7f0000000100)={0x2, 0xb3, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10480, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x5, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r6, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) r8 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r8, 0x107, 0x12, &(0x7f00000000c0)=r8, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081139000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103500000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xff00, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 209.136733ms ago: executing program 2 (id=2721): socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x31}}, &(0x7f0000000480)='GPL\x00'}, 0x80) perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0xe, 0x1}, 0x180c, 0x7, 0xffff, 0x7, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b00000009000000030000004f0c000001"], 0x50) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0xfd60, &(0x7f0000000580)="b9ff03076804d773000000000800", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8}, 0x50) 158.643305ms ago: executing program 4 (id=2722): r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9cf3c5bfd9d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de54b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000080)={0x1, 0x41, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x1}, 0x12640, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f92a24fc60", 0x14}], 0x3}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x5}, {0x6, 0x1}]}) 0s ago: executing program 1 (id=2723): bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000fcffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffa902000008000000b7030000000000008500000006000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x100d}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) kernel console output (not intermixed with test programs): attributes in process `syz.2.438'. [ 171.189503][ T6036] netlink: 'syz.2.447': attribute type 21 has an invalid length. [ 171.213286][ T6036] netlink: 128 bytes leftover after parsing attributes in process `syz.2.447'. [ 171.227782][ T6036] netlink: 3 bytes leftover after parsing attributes in process `syz.2.447'. [ 171.583202][ T6048] netlink: 1041 bytes leftover after parsing attributes in process `syz.3.450'. [ 172.744263][ T4301] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 172.800217][ T6072] syzkaller1: tun_chr_ioctl cmd 2147767511 [ 172.883620][ T6074] netlink: 'syz.0.459': attribute type 21 has an invalid length. [ 172.892752][ T6074] netlink: 128 bytes leftover after parsing attributes in process `syz.0.459'. [ 172.989423][ T6070] IPv6: Can't replace route, no match found [ 173.142633][ T6080] netlink: 'syz.1.461': attribute type 10 has an invalid length. [ 173.178681][ T6080] device dummy0 entered promiscuous mode [ 173.201227][ T6080] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 173.736696][ T6109] __nla_validate_parse: 2 callbacks suppressed [ 173.736737][ T6109] netlink: 48 bytes leftover after parsing attributes in process `syz.4.470'. [ 173.802686][ T6112] netlink: 'syz.0.469': attribute type 1 has an invalid length. [ 173.843063][ T6112] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.469'. [ 173.907428][ T6114] netlink: 2 bytes leftover after parsing attributes in process `syz.3.468'. [ 173.971870][ T6114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.051950][ T6114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.070661][ T6114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.081614][ T6114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.102269][ T6114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.178008][ T6114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.216524][ T6114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.253097][ T6114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.276952][ T6114] device batadv_slave_1 entered promiscuous mode [ 174.890496][ T30] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 176.160939][ T6167] netlink: 'syz.0.484': attribute type 3 has an invalid length. [ 176.193261][ T6167] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.484'. [ 176.289150][ T6173] netlink: 10 bytes leftover after parsing attributes in process `syz.2.485'. [ 176.479133][ T6172] device lo entered promiscuous mode [ 176.583717][ T6172] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 177.378752][ T6203] netlink: 'syz.0.496': attribute type 7 has an invalid length. [ 177.466670][ T6207] delete_channel: no stack [ 179.123143][ T6246] Ÿë: port 1(gretap0) entered blocking state [ 179.153092][ T6246] Ÿë: port 1(gretap0) entered disabled state [ 179.216632][ T6246] device gretap0 entered promiscuous mode [ 179.385311][ T6269] netlink: 'syz.3.513': attribute type 1 has an invalid length. [ 179.403296][ T6269] netlink: 'syz.3.513': attribute type 3 has an invalid length. [ 179.412366][ T6269] netlink: 132 bytes leftover after parsing attributes in process `syz.3.513'. [ 180.370966][ T6306] netlink: 14 bytes leftover after parsing attributes in process `syz.4.524'. [ 180.425255][ T6306] device hsr_slave_0 left promiscuous mode [ 181.025787][ T6306] device hsr_slave_1 left promiscuous mode [ 181.208466][ T6312] tap0: tun_chr_ioctl cmd 1074025677 [ 181.218577][ T6312] tap0: linktype set to 270 [ 181.326899][ T6322] netlink: 'syz.0.526': attribute type 10 has an invalid length. [ 181.384550][ T6322] netlink: 40 bytes leftover after parsing attributes in process `syz.0.526'. [ 181.872252][ T6335] netlink: 'syz.0.532': attribute type 2 has an invalid length. [ 181.970763][ T6335] netlink: 'syz.0.532': attribute type 8 has an invalid length. [ 182.011591][ T6335] netlink: 132 bytes leftover after parsing attributes in process `syz.0.532'. [ 184.946725][ T6416] netlink: 'syz.4.555': attribute type 16 has an invalid length. [ 184.958242][ T6416] netlink: 132 bytes leftover after parsing attributes in process `syz.4.555'. [ 185.807545][ T6435] netlink: 180 bytes leftover after parsing attributes in process `syz.2.561'. [ 185.926803][ T6435] netlink: 132 bytes leftover after parsing attributes in process `syz.2.561'. [ 186.172589][ T6435] netlink: 'syz.2.561': attribute type 10 has an invalid length. [ 186.183062][ T6435] netlink: 40 bytes leftover after parsing attributes in process `syz.2.561'. [ 186.223792][ T6435] device macvlan1 entered promiscuous mode [ 186.281144][ T6435] batman_adv: batadv0: Adding interface: macvlan1 [ 186.314514][ T6435] batman_adv: batadv0: The MTU of interface macvlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.468456][ T6435] batman_adv: batadv0: Interface activated: macvlan1 [ 186.906443][ T6447] netlink: 'syz.1.565': attribute type 21 has an invalid length. [ 186.939900][ T6447] netlink: 'syz.1.565': attribute type 1 has an invalid length. [ 186.979112][ T6447] netlink: 132 bytes leftover after parsing attributes in process `syz.1.565'. [ 187.051663][ T6456] netlink: 'syz.0.566': attribute type 10 has an invalid length. [ 187.617649][ T6479] netlink: 'syz.4.575': attribute type 2 has an invalid length. [ 187.634184][ T6479] netlink: 164 bytes leftover after parsing attributes in process `syz.4.575'. [ 188.143448][ T6494] netlink: 'syz.2.578': attribute type 10 has an invalid length. [ 188.151291][ T6494] device hsr0 entered promiscuous mode [ 188.262464][ T6494] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 188.330648][ T6494] netlink: 'syz.2.578': attribute type 10 has an invalid length. [ 188.373165][ T6494] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 188.443323][ T6494] netlink: 'syz.2.578': attribute type 10 has an invalid length. [ 188.488982][ T6494] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 188.679874][ T6494] netlink: 'syz.2.578': attribute type 10 has an invalid length. [ 188.713961][ T6494] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 188.731575][ T6503] netlink: 202920 bytes leftover after parsing attributes in process `syz.0.581'. [ 188.770190][ T6497] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.580'. [ 188.919364][ T6494] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 188.965765][ T6501] netlink: 48 bytes leftover after parsing attributes in process `syz.4.580'. [ 189.978333][ T6529] validate_nla: 3 callbacks suppressed [ 189.978371][ T6529] netlink: 'syz.1.588': attribute type 3 has an invalid length. [ 190.010648][ T6529] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.588'. [ 190.724243][ T6551] netlink: 'syz.2.595': attribute type 3 has an invalid length. [ 190.765207][ T6551] netlink: 'syz.2.595': attribute type 1 has an invalid length. [ 190.845396][ T6551] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.595'. [ 190.910836][ T6552] netlink: 'syz.2.595': attribute type 3 has an invalid length. [ 190.967995][ T6552] netlink: 132 bytes leftover after parsing attributes in process `syz.2.595'. [ 194.284055][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.290489][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.433051][ T6604] netlink: 'syz.0.612': attribute type 21 has an invalid length. [ 196.443161][ T6604] netlink: 128 bytes leftover after parsing attributes in process `syz.0.612'. [ 196.452391][ T6604] netlink: 3 bytes leftover after parsing attributes in process `syz.0.612'. [ 197.466439][ T6647] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 197.504302][ T6647] device netdevsim0 entered promiscuous mode [ 197.734186][ T6657] netlink: 156 bytes leftover after parsing attributes in process `syz.1.628'. [ 200.614864][ T6695] device syzkaller0 entered promiscuous mode [ 200.891440][ T6707] netlink: 'syz.4.641': attribute type 21 has an invalid length. [ 200.973004][ T6707] netlink: 128 bytes leftover after parsing attributes in process `syz.4.641'. [ 200.982099][ T6707] netlink: 3 bytes leftover after parsing attributes in process `syz.4.641'. [ 201.165535][ T6715] netlink: 15039 bytes leftover after parsing attributes in process `syz.0.644'. [ 202.417854][ T4291] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 202.426424][ T4291] Bluetooth: hci3: Invalid handle: 0x85b0 > 0x0eff [ 203.184798][ T6741] netlink: 'syz.3.650': attribute type 2 has an invalid length. [ 203.230401][ T6741] netlink: 199848 bytes leftover after parsing attributes in process `syz.3.650'. [ 204.373486][ T4344] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 205.069866][ T6755] netlink: 'syz.0.657': attribute type 21 has an invalid length. [ 205.100988][ T6755] netlink: 128 bytes leftover after parsing attributes in process `syz.0.657'. [ 205.158429][ T6755] netlink: 3 bytes leftover after parsing attributes in process `syz.0.657'. [ 205.369146][ T6772] netlink: 'syz.4.660': attribute type 29 has an invalid length. [ 205.422058][ T6772] netlink: 'syz.4.660': attribute type 29 has an invalid length. [ 205.452456][ T6771] netlink: 'syz.4.660': attribute type 29 has an invalid length. [ 206.013670][ T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 206.593196][ T4290] Bluetooth: hci3: command 0x0406 tx timeout [ 206.599440][ T4290] Bluetooth: hci4: command 0x0406 tx timeout [ 206.605696][ T4287] Bluetooth: hci2: command 0x0406 tx timeout [ 206.605860][ T4291] Bluetooth: hci0: command 0x0406 tx timeout [ 206.611751][ T4287] Bluetooth: hci1: command 0x0406 tx timeout [ 206.769677][ T6809] netlink: 'syz.4.670': attribute type 39 has an invalid length. [ 206.919631][ T6813] netlink: 'syz.2.668': attribute type 2 has an invalid length. [ 206.994285][ T6813] netlink: 'syz.2.668': attribute type 8 has an invalid length. [ 207.002027][ T6813] netlink: 132 bytes leftover after parsing attributes in process `syz.2.668'. [ 207.263125][ T6819] netlink: 'syz.0.672': attribute type 21 has an invalid length. [ 207.279393][ T6819] netlink: 128 bytes leftover after parsing attributes in process `syz.0.672'. [ 207.296799][ T6819] netlink: 3 bytes leftover after parsing attributes in process `syz.0.672'. [ 207.312417][ T6824] : port 1(ip6gretap0) entered blocking state [ 207.319264][ T6824] : port 1(ip6gretap0) entered disabled state [ 207.328711][ T6824] device ip6gretap0 entered promiscuous mode [ 207.339977][ T6826] device ip6gretap0 left promiscuous mode [ 207.359893][ T6826] : port 1(ip6gretap0) entered disabled state [ 208.180314][ T6853] netlink: 'syz.3.682': attribute type 21 has an invalid length. [ 208.401709][ T6857] netlink: 134056 bytes leftover after parsing attributes in process `syz.0.683'. [ 209.498057][ T6880] netlink: 'syz.4.686': attribute type 21 has an invalid length. [ 209.550945][ T6880] netlink: 128 bytes leftover after parsing attributes in process `syz.4.686'. [ 209.609767][ T6880] netlink: 3 bytes leftover after parsing attributes in process `syz.4.686'. [ 211.286046][ T6923] bridge0: port 3(batadv0) entered blocking state [ 211.325023][ T6923] bridge0: port 3(batadv0) entered disabled state [ 211.385082][ T6923] device batadv0 entered promiscuous mode [ 211.415247][ T6923] bridge0: port 3(batadv0) entered blocking state [ 211.421885][ T6923] bridge0: port 3(batadv0) entered forwarding state [ 211.829943][ T4332] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 211.839648][ T4332] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 211.908207][ T6928] netlink: 'syz.0.702': attribute type 21 has an invalid length. [ 211.967994][ T6928] netlink: 128 bytes leftover after parsing attributes in process `syz.0.702'. [ 212.000894][ T6928] netlink: 3 bytes leftover after parsing attributes in process `syz.0.702'. [ 214.463170][ T6946] netlink: 'syz.2.703': attribute type 12 has an invalid length. [ 214.504010][ T6961] Q±6ã`Ò˜: renamed from lo [ 214.992543][ T6981] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.715'. [ 215.181070][ T6989] FAULT_INJECTION: forcing a failure. [ 215.181070][ T6989] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 215.238514][ T6989] CPU: 0 PID: 6989 Comm: syz.3.719 Not tainted syzkaller #0 [ 215.245913][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 215.256023][ T6989] Call Trace: [ 215.259353][ T6989] [ 215.262321][ T6989] dump_stack_lvl+0x188/0x24e [ 215.267068][ T6989] ? show_regs_print_info+0x12/0x12 [ 215.272312][ T6989] ? load_image+0x410/0x410 [ 215.276870][ T6989] ? __lock_acquire+0x7bd0/0x7bd0 [ 215.281960][ T6989] should_fail_ex+0x390/0x4c0 [ 215.286688][ T6989] _copy_from_user+0x2c/0x170 [ 215.291487][ T6989] __sys_bpf+0x2ea/0x780 [ 215.295788][ T6989] ? bpf_link_show_fdinfo+0x380/0x380 [ 215.301407][ T6989] ? lock_chain_count+0x20/0x20 [ 215.306670][ T6989] __x64_sys_bpf+0x78/0x90 [ 215.311140][ T6989] do_syscall_64+0x4c/0xa0 [ 215.315602][ T6989] ? clear_bhb_loop+0x60/0xb0 [ 215.320325][ T6989] ? clear_bhb_loop+0x60/0xb0 [ 215.325048][ T6989] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 215.331028][ T6989] RIP: 0033:0x7fa1a159ce59 [ 215.335492][ T6989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.355240][ T6989] RSP: 002b:00007fa1a23c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 215.363731][ T6989] RAX: ffffffffffffffda RBX: 00007fa1a1815fa0 RCX: 00007fa1a159ce59 [ 215.371747][ T6989] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005 [ 215.379770][ T6989] RBP: 00007fa1a23c1090 R08: 0000000000000000 R09: 0000000000000000 [ 215.387796][ T6989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.395816][ T6989] R13: 00007fa1a1816038 R14: 00007fa1a1815fa0 R15: 00007fff69bda2c8 [ 215.403853][ T6989] [ 215.857128][ T6997] netlink: 'syz.2.716': attribute type 21 has an invalid length. [ 215.865501][ T6997] netlink: 128 bytes leftover after parsing attributes in process `syz.2.716'. [ 215.902299][ T6997] netlink: 3 bytes leftover after parsing attributes in process `syz.2.716'. [ 216.266121][ T7014] netlink: 76 bytes leftover after parsing attributes in process `syz.2.727'. [ 217.751698][ T7029] netlink: 'syz.2.730': attribute type 10 has an invalid length. [ 217.893252][ T7029] device macvlan0 entered promiscuous mode [ 218.130162][ T7029] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 218.434714][ T7034] netlink: 'syz.4.732': attribute type 10 has an invalid length. [ 219.300323][ T7050] FAULT_INJECTION: forcing a failure. [ 219.300323][ T7050] name failslab, interval 1, probability 0, space 0, times 1 [ 219.366196][ T7050] CPU: 0 PID: 7050 Comm: syz.2.738 Not tainted syzkaller #0 [ 219.373605][ T7050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 219.383907][ T7050] Call Trace: [ 219.387251][ T7050] [ 219.390252][ T7050] dump_stack_lvl+0x188/0x24e [ 219.395019][ T7050] ? show_regs_print_info+0x12/0x12 [ 219.400306][ T7050] ? load_image+0x410/0x410 [ 219.404914][ T7050] ? __might_sleep+0xd0/0xd0 [ 219.409671][ T7050] ? __lock_acquire+0x7bd0/0x7bd0 [ 219.414792][ T7050] ? __might_sleep+0xd0/0xd0 [ 219.419515][ T7050] should_fail_ex+0x390/0x4c0 [ 219.424303][ T7050] should_failslab+0x5/0x20 [ 219.428897][ T7050] slab_pre_alloc_hook+0x59/0x300 [ 219.434011][ T7050] kmem_cache_alloc_lru+0x49/0x2e0 [ 219.439186][ T7050] ? sock_alloc_inode+0x24/0xc0 [ 219.444126][ T7050] sock_alloc_inode+0x24/0xc0 [ 219.448876][ T7050] ? sockfs_init_fs_context+0xa0/0xa0 [ 219.454320][ T7050] new_inode_pseudo+0x5f/0x1c0 [ 219.459156][ T7050] __sock_create+0x129/0x940 [ 219.463816][ T7050] ? __might_fault+0xa6/0x120 [ 219.468576][ T7050] ? __might_fault+0xc2/0x120 [ 219.473323][ T7050] __sys_socketpair+0x1bd/0x540 [ 219.478242][ T7050] __x64_sys_socketpair+0x97/0xb0 [ 219.483332][ T7050] do_syscall_64+0x4c/0xa0 [ 219.487812][ T7050] ? clear_bhb_loop+0x60/0xb0 [ 219.492534][ T7050] ? clear_bhb_loop+0x60/0xb0 [ 219.497295][ T7050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.503279][ T7050] RIP: 0033:0x7fd6a039ce59 [ 219.507757][ T7050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.527426][ T7050] RSP: 002b:00007fd6a1322028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 219.535986][ T7050] RAX: ffffffffffffffda RBX: 00007fd6a0615fa0 RCX: 00007fd6a039ce59 [ 219.544016][ T7050] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000025 [ 219.552136][ T7050] RBP: 00007fd6a1322090 R08: 0000000000000000 R09: 0000000000000000 [ 219.560168][ T7050] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001 [ 219.568200][ T7050] R13: 00007fd6a0616038 R14: 00007fd6a0615fa0 R15: 00007fff5ef36698 [ 219.576298][ T7050] [ 219.647461][ T7059] netlink: 'syz.2.738': attribute type 21 has an invalid length. [ 220.890112][ T7059] netlink: 128 bytes leftover after parsing attributes in process `syz.2.738'. [ 220.910417][ T7059] netlink: 3 bytes leftover after parsing attributes in process `syz.2.738'. [ 220.942118][ T7050] socket: no more sockets [ 221.055398][ T7064] netlink: 'syz.0.740': attribute type 21 has an invalid length. [ 221.137596][ T7064] netlink: 128 bytes leftover after parsing attributes in process `syz.0.740'. [ 221.385820][ T7064] netlink: 3 bytes leftover after parsing attributes in process `syz.0.740'. [ 221.771733][ T7065] netlink: 152 bytes leftover after parsing attributes in process `syz.3.741'. [ 222.290485][ T7078] netlink: 168 bytes leftover after parsing attributes in process `syz.1.744'. [ 223.529298][ T7096] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 223.601820][ T7101] netlink: 'syz.4.751': attribute type 30 has an invalid length. [ 224.018865][ T7114] netlink: 152 bytes leftover after parsing attributes in process `syz.0.757'. [ 224.088349][ T7110] netlink: 'syz.1.755': attribute type 21 has an invalid length. [ 224.109585][ T7110] netlink: 128 bytes leftover after parsing attributes in process `syz.1.755'. [ 224.121639][ T7110] netlink: 3 bytes leftover after parsing attributes in process `syz.1.755'. [ 225.350221][ T7138] netlink: 'syz.2.765': attribute type 29 has an invalid length. [ 225.365789][ T7138] netlink: 'syz.2.765': attribute type 29 has an invalid length. [ 225.379492][ T7138] netlink: 'syz.2.765': attribute type 29 has an invalid length. [ 225.464462][ T4332] tipc: Subscription rejected, illegal request [ 226.049712][ T7155] netlink: 164 bytes leftover after parsing attributes in process `syz.3.771'. [ 226.059023][ T7143] syz.0.766 (7143) used obsolete PPPIOCDETACH ioctl [ 226.303245][ T7157] netlink: 152 bytes leftover after parsing attributes in process `syz.1.770'. [ 226.500038][ T7169] netlink: 'syz.3.774': attribute type 21 has an invalid length. [ 226.523006][ T7169] netlink: 128 bytes leftover after parsing attributes in process `syz.3.774'. [ 226.555574][ T7169] netlink: 3 bytes leftover after parsing attributes in process `syz.3.774'. [ 226.642177][ T7177] netlink: 132 bytes leftover after parsing attributes in process `syz.1.778'. [ 226.941678][ T7171] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.775'. [ 227.118007][ T7189] netlink: 'syz.1.781': attribute type 10 has an invalid length. [ 227.157107][ T7189] team0: Device hsr_slave_0 failed to register rx_handler [ 227.585866][ T7203] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.784'. [ 227.707344][ T7203] netlink: 'syz.3.784': attribute type 10 has an invalid length. [ 227.737869][ T7203] netlink: 40 bytes leftover after parsing attributes in process `syz.3.784'. [ 227.779539][ T7203] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 228.020428][ T7223] netlink: 'syz.1.789': attribute type 11 has an invalid length. [ 228.040861][ T7223] netlink: 140 bytes leftover after parsing attributes in process `syz.1.789'. [ 228.347163][ T7227] netlink: 152 bytes leftover after parsing attributes in process `syz.4.788'. [ 228.522348][ T7227] bond0: (slave bond_slave_0): Releasing backup interface [ 229.439316][ T7227] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 229.489013][ T7240] netlink: 'syz.1.792': attribute type 20 has an invalid length. [ 229.504495][ T7251] netlink: 'syz.1.792': attribute type 5 has an invalid length. [ 230.046459][ T7283] netlink: 'syz.4.803': attribute type 21 has an invalid length. [ 230.253459][ T7285] netlink: 'syz.0.804': attribute type 27 has an invalid length. [ 230.956859][ T7292] netlink: 'syz.0.807': attribute type 29 has an invalid length. [ 230.977835][ T7292] netlink: 'syz.0.807': attribute type 29 has an invalid length. [ 231.705353][ T7307] validate_nla: 2 callbacks suppressed [ 231.705374][ T7307] netlink: 'syz.1.812': attribute type 1 has an invalid length. [ 231.750941][ T7307] __nla_validate_parse: 3 callbacks suppressed [ 231.750962][ T7307] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.812'. [ 231.798138][ T7309] netlink: 463 bytes leftover after parsing attributes in process `syz.2.811'. [ 232.299974][ T7316] netlink: 'syz.0.813': attribute type 21 has an invalid length. [ 232.336079][ T7316] netlink: 128 bytes leftover after parsing attributes in process `syz.0.813'. [ 232.376610][ T7316] netlink: 'syz.0.813': attribute type 4 has an invalid length. [ 232.386121][ T7322] device wlan1 entered promiscuous mode [ 237.136506][ T4332] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 239.682631][ T7368] netlink: 180 bytes leftover after parsing attributes in process `syz.1.828'. [ 239.702387][ T7396] netlink: 'syz.4.835': attribute type 12 has an invalid length. [ 239.711132][ T7396] netlink: 132 bytes leftover after parsing attributes in process `syz.4.835'. [ 239.819164][ T7403] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 239.842916][ T7405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.837'. [ 240.205463][ T7409] netlink: 48 bytes leftover after parsing attributes in process `syz.1.838'. [ 240.238569][ T7409] netlink: 4 bytes leftover after parsing attributes in process `syz.1.838'. [ 240.348908][ T7425] netlink: 'syz.0.842': attribute type 10 has an invalid length. [ 241.072231][ T7446] netlink: 16410 bytes leftover after parsing attributes in process `syz.4.850'. [ 241.514969][ T7439] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.845'. [ 241.611851][ T7447] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.848'. [ 241.883689][ T4301] wlan1: Trigger new scan to find an IBSS to join [ 243.523714][ T7463] netlink: 'syz.1.854': attribute type 11 has an invalid length. [ 243.573387][ T7463] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.854'. [ 245.597270][ T7462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.632067][ T7463] netlink: 'syz.1.854': attribute type 39 has an invalid length. [ 245.641706][ T7463] device veth0_macvtap left promiscuous mode [ 245.873043][ T4332] wlan1: Trigger new scan to find an IBSS to join [ 246.042387][ T7496] netlink: 4079 bytes leftover after parsing attributes in process `syz.2.861'. [ 246.099776][ T7506] netlink: 'syz.2.861': attribute type 6 has an invalid length. [ 246.128821][ T7506] netlink: 164 bytes leftover after parsing attributes in process `syz.2.861'. [ 246.168522][ T7501] netlink: 'syz.2.861': attribute type 6 has an invalid length. [ 246.188858][ T7501] netlink: 164 bytes leftover after parsing attributes in process `syz.2.861'. [ 246.522634][ T7511] netlink: 'syz.3.865': attribute type 21 has an invalid length. [ 246.545803][ T7511] netlink: 128 bytes leftover after parsing attributes in process `syz.3.865'. [ 246.572888][ T7511] netlink: 3 bytes leftover after parsing attributes in process `syz.3.865'. [ 246.851691][ T56] wlan1: Creating new IBSS network, BSSID 12:ca:73:57:be:02 [ 247.134060][ T7526] netlink: 'syz.0.869': attribute type 5 has an invalid length. [ 247.265291][ T7533] netlink: 154020 bytes leftover after parsing attributes in process `syz.2.871'. [ 247.286392][ T7533] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 247.408723][ T7529] netlink: 132 bytes leftover after parsing attributes in process `syz.2.871'. [ 247.894480][ T7543] netlink: 126288 bytes leftover after parsing attributes in process `syz.3.875'. [ 248.109987][ T7544] device wlan1 entered promiscuous mode [ 248.152365][ T7533] netlink: 'syz.2.871': attribute type 2 has an invalid length. [ 248.171305][ T7547] netlink: 144 bytes leftover after parsing attributes in process `syz.3.875'. [ 248.200574][ T7533] netlink: 'syz.2.871': attribute type 3 has an invalid length. [ 248.229691][ T7545] netlink: 'syz.4.874': attribute type 3 has an invalid length. [ 248.244199][ T7533] netlink: 132 bytes leftover after parsing attributes in process `syz.2.871'. [ 248.285211][ T7543] netlink: 'syz.3.875': attribute type 275 has an invalid length. [ 248.440732][ T7549] device syzkaller0 entered promiscuous mode [ 252.339617][ T7585] delete_channel: no stack [ 253.818571][ T7616] netlink: 'syz.2.895': attribute type 21 has an invalid length. [ 253.854000][ T7616] __nla_validate_parse: 3 callbacks suppressed [ 253.854019][ T7616] netlink: 128 bytes leftover after parsing attributes in process `syz.2.895'. [ 253.901181][ T7616] netlink: 3 bytes leftover after parsing attributes in process `syz.2.895'. [ 254.212174][ T7627] netlink: 'syz.1.898': attribute type 21 has an invalid length. [ 254.225372][ T7627] netlink: 128 bytes leftover after parsing attributes in process `syz.1.898'. [ 254.241090][ T7627] netlink: 3 bytes leftover after parsing attributes in process `syz.1.898'. [ 254.761350][ T7642] device syzkaller0 entered promiscuous mode [ 255.784450][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.790847][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.046909][ T7665] netlink: 'syz.3.911': attribute type 21 has an invalid length. [ 256.082991][ T7665] netlink: 128 bytes leftover after parsing attributes in process `syz.3.911'. [ 256.108825][ T7665] netlink: 3 bytes leftover after parsing attributes in process `syz.3.911'. [ 256.586841][ T7677] netlink: 'syz.1.913': attribute type 3 has an invalid length. [ 256.639770][ T7677] netlink: 114680 bytes leftover after parsing attributes in process `syz.1.913'. [ 256.760874][ T7678] netlink: 'syz.0.915': attribute type 21 has an invalid length. [ 256.907560][ T7678] netlink: 128 bytes leftover after parsing attributes in process `syz.0.915'. [ 256.932376][ T7678] netlink: 3 bytes leftover after parsing attributes in process `syz.0.915'. [ 261.690780][ T7709] tun0: tun_chr_ioctl cmd 1074025675 [ 261.702050][ T7709] tun0: persist enabled [ 261.706928][ T7711] tun0: tun_chr_ioctl cmd 1074025675 [ 261.719408][ T7711] tun0: persist enabled [ 262.213161][ T7726] netlink: 'syz.4.926': attribute type 21 has an invalid length. [ 262.231759][ T7726] netlink: 128 bytes leftover after parsing attributes in process `syz.4.926'. [ 262.262164][ T7726] netlink: 3 bytes leftover after parsing attributes in process `syz.4.926'. [ 262.555093][ T7736] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.929'. [ 262.572218][ T7736] netlink: zone id is out of range [ 262.578227][ T7736] netlink: zone id is out of range [ 262.591031][ T7736] netlink: zone id is out of range [ 262.597334][ T7736] netlink: zone id is out of range [ 262.616488][ T7736] netlink: del zone limit has 4 unknown bytes [ 263.291516][ T7744] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.933'. [ 263.952707][ T7756] netlink: 'syz.2.937': attribute type 10 has an invalid length. [ 264.136962][ T7756] team0: Port device geneve1 added [ 264.170961][ T7766] netlink: 40 bytes leftover after parsing attributes in process `syz.1.938'. [ 264.232087][ T7766] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.938'. [ 264.910423][ T7790] delete_channel: no stack [ 265.450679][ T7786] netlink: 'syz.2.946': attribute type 21 has an invalid length. [ 265.473877][ T7786] netlink: 128 bytes leftover after parsing attributes in process `syz.2.946'. [ 265.503955][ T7786] netlink: 3 bytes leftover after parsing attributes in process `syz.2.946'. [ 265.762138][ T7798] netlink: 'syz.1.949': attribute type 29 has an invalid length. [ 265.864805][ T7798] netlink: 'syz.1.949': attribute type 29 has an invalid length. [ 265.957951][ T7807] netlink: 'syz.1.949': attribute type 29 has an invalid length. [ 266.300741][ T7818] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.955'. [ 267.705945][ T7850] netlink: 'syz.3.961': attribute type 21 has an invalid length. [ 267.720390][ T7850] netlink: 128 bytes leftover after parsing attributes in process `syz.3.961'. [ 267.762857][ T7850] netlink: 3 bytes leftover after parsing attributes in process `syz.3.961'. [ 267.782008][ T7855] netlink: 'syz.0.964': attribute type 17 has an invalid length. [ 267.871147][ T4291] Bluetooth: hci2: ISO packet for unknown connection handle 2622 [ 268.032355][ T7866] netlink: 177648 bytes leftover after parsing attributes in process `syz.2.969'. [ 268.065242][ T30] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 268.088453][ T7865] delete_channel: no stack [ 268.195318][ T7872] netlink: 'syz.3.970': attribute type 29 has an invalid length. [ 268.230868][ T7872] netlink: 'syz.3.970': attribute type 29 has an invalid length. [ 268.274827][ T7873] netlink: 'syz.3.970': attribute type 29 has an invalid length. [ 268.285854][ T7872] netlink: 'syz.3.970': attribute type 29 has an invalid length. [ 268.368007][ T7878] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 268.375617][ T7878] IPv6: NLM_F_CREATE should be set when creating new route [ 268.383347][ T7878] IPv6: NLM_F_CREATE should be set when creating new route [ 268.391001][ T7878] IPv6: NLM_F_CREATE should be set when creating new route [ 269.644341][ T7909] netlink: 'syz.1.981': attribute type 2 has an invalid length. [ 270.766359][ T7951] netlink: 'syz.1.994': attribute type 21 has an invalid length. [ 270.820721][ T7951] IPv6: NLM_F_CREATE should be specified when creating new route [ 270.842743][ T7958] netlink: 'syz.1.994': attribute type 1 has an invalid length. [ 270.852558][ T7951] IPv6: Can't replace route, no match found [ 270.869102][ T7958] netlink: 13439 bytes leftover after parsing attributes in process `syz.1.994'. [ 270.966713][ T7962] netlink: 'syz.2.997': attribute type 29 has an invalid length. [ 272.700520][ T7997] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.1008'. [ 272.892127][ T8005] validate_nla: 5 callbacks suppressed [ 272.892309][ T8005] netlink: 'syz.4.1011': attribute type 17 has an invalid length. [ 273.209604][ T8016] netlink: 'syz.2.1014': attribute type 27 has an invalid length. [ 273.267875][ T8016] bond0: (slave bond_slave_0): Releasing backup interface [ 273.285536][ T8016] device bond_slave_0 left promiscuous mode [ 273.438939][ T8023] netlink: 'syz.0.1016': attribute type 3 has an invalid length. [ 273.451172][ T8023] netlink: 'syz.0.1016': attribute type 1 has an invalid length. [ 273.461041][ T8023] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.1016'. [ 275.181886][ T8054] netlink: 'syz.4.1026': attribute type 9 has an invalid length. [ 275.207202][ T8054] netlink: 61951 bytes leftover after parsing attributes in process `syz.4.1026'. [ 278.879671][ T8110] netlink: 'syz.1.1043': attribute type 3 has an invalid length. [ 278.928771][ T8110] netlink: 199824 bytes leftover after parsing attributes in process `syz.1.1043'. [ 279.149828][ T8127] netlink: 'syz.0.1042': attribute type 21 has an invalid length. [ 279.191279][ T8127] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1042'. [ 279.263464][ T8127] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1042'. [ 279.395707][ T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 281.580071][ T8192] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1063'. [ 282.088447][ T8201] netlink: 'syz.2.1068': attribute type 9 has an invalid length. [ 282.104659][ T8201] netlink: 104700 bytes leftover after parsing attributes in process `syz.2.1068'. [ 282.493743][ T8209] netlink: 'syz.1.1070': attribute type 1 has an invalid length. [ 282.529846][ T8209] netlink: 13695 bytes leftover after parsing attributes in process `syz.1.1070'. [ 282.895019][ T8219] netlink: 'syz.4.1073': attribute type 2 has an invalid length. [ 282.937060][ T8219] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1073'. [ 285.139763][ T8247] netlink: 'syz.0.1077': attribute type 21 has an invalid length. [ 285.153558][ T8247] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1077'. [ 285.172935][ T8247] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1077'. [ 285.390002][ T8256] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 285.426596][ T8261] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1081'. [ 285.474189][ T8254] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1081'. [ 285.546482][ T8256] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.1080'. [ 285.628931][ T8256] debugfs: Directory '!!!' with parent 'ieee80211' already present! [ 286.774051][ T8301] netlink: 'syz.2.1095': attribute type 21 has an invalid length. [ 286.791610][ T8301] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1095'. [ 286.817804][ T8301] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1095'. [ 287.216028][ T8307] netlink: 'syz.4.1098': attribute type 3 has an invalid length. [ 287.235995][ T8307] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1098'. [ 287.637849][ T8312] netlink: 'syz.2.1099': attribute type 2 has an invalid length. [ 287.767663][ T8312] device 1 entered promiscuous mode [ 289.709555][ T8324] netlink: 'syz.0.1102': attribute type 1 has an invalid length. [ 289.720045][ T8324] netlink: 116376 bytes leftover after parsing attributes in process `syz.0.1102'. [ 289.745607][ T8324] netlink: 'syz.0.1102': attribute type 29 has an invalid length. [ 289.758754][ T8324] netlink: 'syz.0.1102': attribute type 29 has an invalid length. [ 289.784724][ T8324] netlink: 'syz.0.1102': attribute type 29 has an invalid length. [ 290.237062][ T8335] netlink: 212168 bytes leftover after parsing attributes in process `syz.2.1106'. [ 290.277153][ T8338] netlink: 'syz.2.1106': attribute type 10 has an invalid length. [ 290.327177][ T8338] device hsr0 left promiscuous mode [ 290.510877][ T8338] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 293.686818][ T8354] netlink: 65043 bytes leftover after parsing attributes in process `syz.2.1114'. [ 293.706352][ T8357] netlink: 'syz.1.1113': attribute type 2 has an invalid length. [ 293.717418][ T8354] netlink: 'syz.2.1114': attribute type 21 has an invalid length. [ 293.726282][ T8354] netlink: 14548 bytes leftover after parsing attributes in process `syz.2.1114'. [ 293.762024][ T8354] netlink: 'syz.2.1114': attribute type 3 has an invalid length. [ 293.777198][ T8357] device 1 entered promiscuous mode [ 293.790441][ T8354] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1114'. [ 293.802325][ T8358] netlink: 'syz.1.1113': attribute type 16 has an invalid length. [ 293.821244][ T8358] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1113'. [ 294.567677][ T8363] netlink: 'syz.0.1115': attribute type 9 has an invalid length. [ 294.581294][ T8363] netlink: 108816 bytes leftover after parsing attributes in process `syz.0.1115'. [ 294.925674][ T8375] netlink: 'syz.3.1121': attribute type 27 has an invalid length. [ 295.035070][ T8385] netlink: 'syz.0.1124': attribute type 1 has an invalid length. [ 295.081675][ T8375] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1121'. [ 295.114652][ T8385] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1124'. [ 296.372706][ T8395] netlink: 'syz.0.1127': attribute type 2 has an invalid length. [ 296.410781][ T8395] netlink: 'syz.0.1127': attribute type 1 has an invalid length. [ 296.506515][ T8407] netlink: 'syz.3.1130': attribute type 28 has an invalid length. [ 296.548456][ T8407] netlink: 'syz.3.1130': attribute type 29 has an invalid length. [ 296.614722][ T8408] netlink: 'syz.4.1126': attribute type 21 has an invalid length. [ 296.633355][ T8408] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1126'. [ 296.642530][ T8408] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1126'. [ 296.663307][ T8407] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1130'. [ 297.239945][ T8422] netlink: 3748 bytes leftover after parsing attributes in process `syz.4.1133'. [ 297.623563][ T8434] netlink: 'syz.3.1135': attribute type 9 has an invalid length. [ 297.648097][ T8434] netlink: 108816 bytes leftover after parsing attributes in process `syz.3.1135'. [ 297.910753][ T8437] netlink: 'syz.4.1138': attribute type 21 has an invalid length. [ 297.998372][ T8437] IPv6: NLM_F_CREATE should be specified when creating new route [ 298.827779][ T8448] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.1140'. [ 298.941059][ T8452] netlink: 'syz.4.1140': attribute type 21 has an invalid length. [ 299.108359][ T8458] netlink: 'syz.3.1145': attribute type 21 has an invalid length. [ 299.154324][ T8458] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1145'. [ 299.175636][ T8458] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1145'. [ 299.324391][ T8461] netlink: 'syz.2.1146': attribute type 28 has an invalid length. [ 299.348287][ T8461] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1146'. [ 299.709495][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 301.391139][ T8498] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1157'. [ 301.431260][ T8498] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 301.809557][ T8511] validate_nla: 3 callbacks suppressed [ 301.809696][ T8511] netlink: 'syz.0.1161': attribute type 21 has an invalid length. [ 301.893446][ T8511] __nla_validate_parse: 2 callbacks suppressed [ 301.893503][ T8511] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1161'. [ 301.934149][ T8511] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1161'. [ 302.059356][ T8520] netlink: 'syz.4.1164': attribute type 28 has an invalid length. [ 302.094481][ T8524] À: port 1(vlan0) entered blocking state [ 302.110776][ T8524] À: port 1(vlan0) entered disabled state [ 302.118483][ T8520] netlink: 'syz.4.1164': attribute type 29 has an invalid length. [ 302.127635][ T8524] device vlan0 entered promiscuous mode [ 302.177896][ T8520] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1164'. [ 302.244032][ T8524] À: port 1(vlan0) entered blocking state [ 302.250397][ T8524] À: port 1(vlan0) entered forwarding state [ 302.328935][ T8524] delete_channel: no stack [ 302.366662][ T8524] delete_channel: no stack [ 303.233074][ T4301] IPv6: ADDRCONF(NETDEV_CHANGE): À: link becomes ready [ 304.360774][ T8567] netlink: 'syz.0.1178': attribute type 21 has an invalid length. [ 304.382906][ T8567] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1178'. [ 304.433779][ T8567] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1178'. [ 307.304758][ T8641] netlink: 'syz.1.1200': attribute type 21 has an invalid length. [ 307.325331][ T8641] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1200'. [ 307.349271][ T8641] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1200'. [ 307.534530][ T8619] netlink: 'syz.4.1191': attribute type 7 has an invalid length. [ 307.586321][ T8619] netlink: 'syz.4.1191': attribute type 1 has an invalid length. [ 307.612838][ T8619] netlink: 184904 bytes leftover after parsing attributes in process `syz.4.1191'. [ 307.639097][ T8644] netlink: 'syz.2.1202': attribute type 4 has an invalid length. [ 307.706740][ T8644] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1202'. [ 308.023000][ T8659] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 308.032108][ T8659] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 308.218199][ T8666] sctp: [Deprecated]: syz.1.1205 (pid 8666) Use of struct sctp_assoc_value in delayed_ack socket option. [ 308.218199][ T8666] Use struct sctp_sack_info instead [ 309.230014][ T8685] netlink: 125520 bytes leftover after parsing attributes in process `syz.3.1212'. [ 310.475536][ T8691] netlink: 'syz.2.1215': attribute type 7 has an invalid length. [ 310.493682][ T8691] netlink: 'syz.2.1215': attribute type 1 has an invalid length. [ 310.501721][ T8691] netlink: 184904 bytes leftover after parsing attributes in process `syz.2.1215'. [ 310.605468][ T8710] netlink: 'syz.1.1219': attribute type 28 has an invalid length. [ 311.399440][ T9] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 311.490313][ T8741] netlink: 'syz.1.1229': attribute type 3 has an invalid length. [ 311.707335][ T8741] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 311.778587][ T8741] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 311.840309][ T8741] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 311.863201][ T8741] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 311.926431][ T8752] netlink: 'syz.4.1232': attribute type 4 has an invalid length. [ 312.000703][ T8752] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1232'. [ 312.466590][ T8761] netlink: 'syz.0.1235': attribute type 10 has an invalid length. [ 312.522254][ T8761] device dummy0 left promiscuous mode [ 312.538256][ T8761] bridge0: port 4(dummy0) entered disabled state [ 312.569774][ T8761] team0: Device dummy0 is up. Set it down before adding it as a team port [ 314.005045][ T8792] device veth1_macvtap left promiscuous mode [ 314.111554][ T8794] netlink: 'syz.2.1244': attribute type 10 has an invalid length. [ 314.198844][ T8794] bridge0: port 3(bond0) entered disabled state [ 314.206796][ T8794] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.214571][ T8794] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.286448][ T8794] bridge0: port 3(bond0) entered blocking state [ 314.293263][ T8794] bridge0: port 3(bond0) entered forwarding state [ 314.301789][ T8794] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.309101][ T8794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.316758][ T8794] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.324123][ T8794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.455771][ T8794] team0: Port device bridge0 added [ 314.482457][ T8796] netlink: 'syz.2.1244': attribute type 39 has an invalid length. [ 314.542126][ T8787] device veth1_macvtap entered promiscuous mode [ 314.671600][ T8787] device macsec0 entered promiscuous mode [ 314.752298][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 314.939208][ T8817] netlink: 'syz.3.1247': attribute type 4 has an invalid length. [ 314.973184][ T8817] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1247'. [ 315.828859][ T8836] netlink: 'syz.1.1263': attribute type 3 has an invalid length. [ 315.960809][ T8836] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.1263'. [ 316.852136][ T8875] netlink: 'syz.3.1268': attribute type 19 has an invalid length. [ 316.861951][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 316.877720][ T8875] netlink: 'syz.3.1268': attribute type 19 has an invalid length. [ 316.886648][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 316.902708][ T8875] netlink: 'syz.3.1268': attribute type 19 has an invalid length. [ 316.918837][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 316.939276][ T8875] netlink: 'syz.3.1268': attribute type 19 has an invalid length. [ 316.949724][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 316.968209][ T8875] netlink: 'syz.3.1268': attribute type 19 has an invalid length. [ 316.984130][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 317.002611][ T8880] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1266'. [ 317.064675][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 317.110510][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1268'. [ 317.165202][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.171574][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.388119][ T8889] bridge0: port 3(batadv0) entered disabled state [ 317.394985][ T8889] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.403446][ T8889] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.527899][ T8889] bridge0: port 3(batadv0) entered blocking state [ 317.534698][ T8889] bridge0: port 3(batadv0) entered forwarding state [ 317.543132][ T8889] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.550279][ T8889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.557804][ T8889] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.565058][ T8889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.784392][ T8889] team0: Port device bridge0 added [ 317.827644][ T8892] validate_nla: 30 callbacks suppressed [ 317.827663][ T8892] netlink: 'syz.3.1272': attribute type 39 has an invalid length. [ 317.890334][ T8916] tap0: tun_chr_ioctl cmd 1074025675 [ 317.897907][ T8916] tap0: persist disabled [ 317.952514][ T8917] bridge0: port 3(bond0) entered disabled state [ 317.959219][ T8917] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.966505][ T8917] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.049813][ T8908] bridge0: port 3(bond0) entered disabled state [ 318.068129][ T8908] device bridge_slave_1 left promiscuous mode [ 318.103915][ T8908] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.123852][ T8908] device bridge_slave_0 left promiscuous mode [ 318.130138][ T8908] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.245682][ T8908] team0: Port device bridge0 removed [ 318.409769][ T8931] device pim6reg1 entered promiscuous mode [ 319.089971][ T8948] netlink: 'syz.3.1287': attribute type 21 has an invalid length. [ 320.188559][ T8972] netlink: 'syz.3.1302': attribute type 10 has an invalid length. [ 320.235979][ T8972] __nla_validate_parse: 27 callbacks suppressed [ 320.236001][ T8972] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1302'. [ 320.326529][ T8977] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1302'. [ 320.608132][ T8977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 320.711623][ T8977] bond0 (unregistering): Released all slaves [ 320.897461][ T8972] netlink: 'syz.3.1302': attribute type 10 has an invalid length. [ 320.988920][ T8972] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1302'. [ 321.085269][ T9000] netlink: 'syz.2.1299': attribute type 10 has an invalid length. [ 321.093953][ T9000] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1299'. [ 321.474802][ T9011] netlink: 'syz.1.1305': attribute type 21 has an invalid length. [ 321.505060][ T9011] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1305'. [ 321.990702][ T9023] delete_channel: no stack [ 322.199140][ T9027] netlink: 'syz.2.1310': attribute type 21 has an invalid length. [ 322.302534][ T9027] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1310'. [ 322.353673][ T9031] netlink: 'syz.0.1311': attribute type 9 has an invalid length. [ 322.362270][ T9031] netlink: 39787 bytes leftover after parsing attributes in process `syz.0.1311'. [ 322.513685][ T9035] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.1312'. [ 323.267696][ T9065] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1321'. [ 323.383933][ T9069] netlink: 'syz.4.1320': attribute type 2 has an invalid length. [ 323.462309][ T9069] netlink: 'syz.4.1320': attribute type 8 has an invalid length. [ 323.523866][ T9069] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1320'. [ 324.736189][ T9098] netlink: 'syz.1.1331': attribute type 10 has an invalid length. [ 324.800125][ T9098] team0: Device hsr_slave_0 failed to register rx_handler [ 327.595838][ T9125] netlink: 'syz.0.1339': attribute type 21 has an invalid length. [ 327.616905][ T9125] netlink: 'syz.0.1339': attribute type 6 has an invalid length. [ 327.636574][ T9125] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1339'. [ 327.665496][ T9120] netlink: 'syz.3.1337': attribute type 21 has an invalid length. [ 327.682670][ T9120] netlink: 'syz.3.1337': attribute type 6 has an invalid length. [ 327.707823][ T9120] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1337'. [ 328.529958][ T9140] netlink: 134056 bytes leftover after parsing attributes in process `syz.0.1343'. [ 329.861639][ T9176] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 331.186410][ T9207] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 331.247123][ T9207] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 331.271608][ T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 331.289160][ T9209] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 331.691409][ T9214] netlink: 1034 bytes leftover after parsing attributes in process `syz.0.1363'. [ 331.733787][ T9212] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.1363'. [ 333.409550][ T9244] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1375'. [ 333.883090][ T56] wlan1: Trigger new scan to find an IBSS to join [ 334.663992][ T9244] team0: Port device team_slave_0 removed [ 334.727099][ T9245] netlink: 'syz.2.1372': attribute type 10 has an invalid length. [ 335.270236][ T9255] netlink: 'syz.1.1376': attribute type 12 has an invalid length. [ 335.293548][ T9255] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1376'. [ 336.096923][ T9284] netlink: 'syz.4.1383': attribute type 2 has an invalid length. [ 336.180163][ T9284] netlink: 'syz.4.1383': attribute type 1 has an invalid length. [ 336.202149][ T9284] netlink: 170140 bytes leftover after parsing attributes in process `syz.4.1383'. [ 336.913930][ T9] wlan1: Creating new IBSS network, BSSID 00:00:00:08:00:00 [ 337.006863][ T9304] netlink: 'syz.1.1389': attribute type 10 has an invalid length. [ 337.015718][ T9304] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1389'. [ 337.033386][ T9304] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 337.453893][ T9316] netlink: 'syz.1.1392': attribute type 21 has an invalid length. [ 337.467427][ T9316] netlink: 'syz.1.1392': attribute type 6 has an invalid length. [ 337.476288][ T9316] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1392'. [ 338.367190][ T9352] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1403'. [ 338.460739][ T9352] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1403'. [ 338.522072][ T9364] netlink: 'syz.3.1406': attribute type 7 has an invalid length. [ 338.639996][ T9366] netlink: 26 bytes leftover after parsing attributes in process `syz.0.1407'. [ 339.869353][ T9386] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1411'. [ 340.374310][ T9397] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1414'. [ 340.430037][ T9397] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1414'. [ 340.469439][ T9396] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1415'. [ 340.493340][ T9398] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1414'. [ 340.712132][ T9406] netlink: 'syz.4.1416': attribute type 2 has an invalid length. [ 340.767327][ T9411] netlink: 16399 bytes leftover after parsing attributes in process `syz.4.1416'. [ 340.829130][ T9406] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1416'. [ 342.603067][ T9435] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1425'. [ 342.702438][ T9435] device syzkaller0 entered promiscuous mode [ 342.717246][ T9435] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487 [ 343.867551][ T9458] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1432'. [ 345.115698][ T9465] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1435'. [ 345.146739][ T9478] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.349040][ T9478] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 345.431654][ T4291] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4 [ 345.449654][ T9478] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 345.600002][ T9478] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.267573][ T9492] delete_channel: no stack [ 346.687553][ T9503] delete_channel: no stack [ 349.139728][ T9533] device syzkaller0 entered promiscuous mode [ 349.163066][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1460'. [ 349.183577][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'. [ 349.199203][ T9537] netlink: 33 bytes leftover after parsing attributes in process `syz.2.1460'. [ 349.222909][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'. [ 349.242208][ T9537] netlink: 33 bytes leftover after parsing attributes in process `syz.2.1460'. [ 349.262220][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'. [ 349.295354][ T9537] netlink: 33 bytes leftover after parsing attributes in process `syz.2.1460'. [ 351.347163][ T9535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1460'. [ 351.356678][ T9535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'. [ 351.366040][ T9535] netlink: 33 bytes leftover after parsing attributes in process `syz.2.1460'. [ 351.386783][ T9564] netlink: 'syz.3.1467': attribute type 39 has an invalid length. [ 353.690138][ T9613] sysfs: cannot create duplicate filename '/class/ieee80211/!!!' [ 353.700502][ T9613] CPU: 0 PID: 9613 Comm: syz.0.1483 Not tainted syzkaller #0 [ 353.707963][ T9613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 353.718062][ T9613] Call Trace: [ 353.721390][ T9613] [ 353.724369][ T9613] dump_stack_lvl+0x188/0x24e [ 353.729121][ T9613] ? show_regs_print_info+0x12/0x12 [ 353.734379][ T9613] ? load_image+0x410/0x410 [ 353.739055][ T9613] sysfs_warn_dup+0x8a/0xa0 [ 353.743631][ T9613] sysfs_do_create_link_sd+0xc0/0x110 [ 353.749099][ T9613] device_add+0x83b/0x1050 [ 353.753575][ T9613] wiphy_register+0x1d8b/0x2aa0 [ 353.758513][ T9613] ? cfg80211_event_work+0x40/0x40 [ 353.763683][ T9613] ? minstrel_ht_alloc+0x894/0xa20 [ 353.768888][ T9613] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 353.775013][ T9613] ieee80211_register_hw+0x2d48/0x39f0 [ 353.780521][ T9613] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 353.786753][ T9613] ? ieee80211_register_hw+0xed1/0x39f0 [ 353.792359][ T9613] ? ieee80211_register_hw+0xed1/0x39f0 [ 353.797973][ T9613] ? ieee80211_tasklet_handler+0x20/0x20 [ 353.803664][ T9613] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 353.809641][ T9613] ? __debug_object_init+0xed/0x440 [ 353.814914][ T9613] ? memset+0x1e/0x40 [ 353.818948][ T9613] ? __hrtimer_init+0x189/0x270 [ 353.823855][ T9613] mac80211_hwsim_new_radio+0x2927/0x4cd0 [ 353.829684][ T9613] hwsim_new_radio_nl+0xab7/0xc90 [ 353.834787][ T9613] genl_family_rcv_msg_doit+0x22f/0x350 [ 353.840390][ T9613] ? end_current_label_crit_section+0x170/0x170 [ 353.846700][ T9613] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 353.852676][ T9613] ? bpf_lsm_capable+0x5/0x10 [ 353.857406][ T9613] ? security_capable+0x85/0xb0 [ 353.862320][ T9613] genl_rcv_msg+0x601/0x790 [ 353.866876][ T9613] ? lock_chain_count+0x20/0x20 [ 353.871790][ T9613] ? genl_bind+0x360/0x360 [ 353.876265][ T9613] ? hwsim_tx_info_frame_received_nl+0xe30/0xe30 [ 353.882661][ T9613] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 353.888712][ T9613] netlink_rcv_skb+0x1ef/0x440 [ 353.893534][ T9613] ? genl_bind+0x360/0x360 [ 353.898008][ T9613] ? netlink_ack+0x1160/0x1160 [ 353.902828][ T9613] ? genl_bind+0x360/0x360 [ 353.907299][ T9613] genl_rcv+0x24/0x40 [ 353.911326][ T9613] netlink_unicast+0x7ad/0x920 [ 353.916149][ T9613] netlink_sendmsg+0x8ad/0xbd0 [ 353.920985][ T9613] ? netlink_getsockopt+0x550/0x550 [ 353.926240][ T9613] ? aa_sock_msg_perm+0x94/0x150 [ 353.931238][ T9613] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 353.936578][ T9613] ? security_socket_sendmsg+0x7c/0xa0 [ 353.942083][ T9613] ? netlink_getsockopt+0x550/0x550 [ 353.947332][ T9613] ____sys_sendmsg+0x5ed/0x9a0 [ 353.952154][ T9613] ? __sys_sendmsg_sock+0x30/0x30 [ 353.957231][ T9613] ? __import_iovec+0x306/0x510 [ 353.962141][ T9613] ? import_iovec+0x6f/0xa0 [ 353.966706][ T9613] ___sys_sendmsg+0x2a2/0x360 [ 353.971443][ T9613] ? __sys_sendmsg+0x2a0/0x2a0 [ 353.976308][ T9613] __se_sys_sendmsg+0x1c3/0x2b0 [ 353.981251][ T9613] ? __x64_sys_sendmsg+0x80/0x80 [ 353.986260][ T9613] ? syscall_enter_from_user_mode+0x2a/0x80 [ 353.992209][ T9613] do_syscall_64+0x4c/0xa0 [ 353.996674][ T9613] ? clear_bhb_loop+0x60/0xb0 [ 354.001405][ T9613] ? clear_bhb_loop+0x60/0xb0 [ 354.006136][ T9613] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 354.012089][ T9613] RIP: 0033:0x7f1037b9ce59 [ 354.016549][ T9613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 354.036211][ T9613] RSP: 002b:00007f1038a3b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 354.044676][ T9613] RAX: ffffffffffffffda RBX: 00007f1037e16180 RCX: 00007f1037b9ce59 [ 354.052693][ T9613] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008 [ 354.060717][ T9613] RBP: 00007f1037c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 354.068743][ T9613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.076781][ T9613] R13: 00007f1037e16218 R14: 00007f1037e16180 R15: 00007ffc2bc49888 [ 354.084825][ T9613] [ 354.328973][ T9618] __nla_validate_parse: 8 callbacks suppressed [ 354.328991][ T9618] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.1484'. [ 354.579433][ T9618] device pim6reg1 entered promiscuous mode [ 354.724847][ T9628] netlink: 1034 bytes leftover after parsing attributes in process `syz.2.1486'. [ 354.880354][ T9626] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1486'. [ 355.445072][ T9639] netlink: 'syz.4.1491': attribute type 10 has an invalid length. [ 355.740153][ T9642] netlink: 'syz.0.1492': attribute type 3 has an invalid length. [ 355.767353][ T9642] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1492'. [ 355.773734][ T9647] netlink: 'syz.2.1494': attribute type 29 has an invalid length. [ 356.175542][ T9647] netlink: 'syz.2.1494': attribute type 29 has an invalid length. [ 356.198066][ T9650] netlink: 'syz.2.1494': attribute type 29 has an invalid length. [ 359.981593][ T9691] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1509'. [ 360.034311][ T9691] netlink: 'syz.0.1509': attribute type 21 has an invalid length. [ 360.341986][ T9699] netlink: 'syz.0.1509': attribute type 3 has an invalid length. [ 360.369264][ T9699] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1509'. [ 360.550740][ T9710] netlink: 16211 bytes leftover after parsing attributes in process `syz.1.1512'. [ 360.588272][ T9710] netlink: 134268 bytes leftover after parsing attributes in process `syz.1.1512'. [ 360.615656][ T4291] Bluetooth: hci2: Unknown advertising packet type: 0x1e [ 360.615734][ T4291] Bluetooth: hci2: Malformed LE Event: 0x0d [ 361.855784][ T9734] delete_channel: no stack [ 362.095904][ T9739] netlink: 'syz.1.1524': attribute type 16 has an invalid length. [ 362.108646][ T9739] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1524'. [ 362.917457][ T9771] netlink: 'syz.1.1532': attribute type 2 has an invalid length. [ 362.959248][ T9771] netlink: 'syz.1.1532': attribute type 3 has an invalid length. [ 362.993237][ T9771] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1532'. [ 363.190900][ T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 363.724827][ T9784] netlink: 'syz.2.1539': attribute type 33 has an invalid length. [ 363.749618][ T9784] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1539'. [ 363.839330][ T9788] raw_sendmsg: syz.2.1539 forgot to set AF_INET. Fix it! [ 365.448622][ T9812] netlink: 'syz.2.1548': attribute type 11 has an invalid length. [ 367.121682][ T9823] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1551'. [ 367.343645][ T9828] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.1552'. [ 367.529204][ T9829] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.1552'. [ 367.614943][ T9829] sysfs: cannot create duplicate filename '/class/ieee80211/.! 5‚Á7>7H€' [ 367.719464][ T9829] CPU: 0 PID: 9829 Comm: syz.3.1552 Not tainted syzkaller #0 [ 367.726943][ T9829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 367.737055][ T9829] Call Trace: [ 367.740375][ T9829] [ 367.743356][ T9829] dump_stack_lvl+0x188/0x24e [ 367.748097][ T9829] ? show_regs_print_info+0x12/0x12 [ 367.753358][ T9829] ? load_image+0x410/0x410 [ 367.757942][ T9829] sysfs_warn_dup+0x8a/0xa0 [ 367.762501][ T9829] sysfs_do_create_link_sd+0xc0/0x110 [ 367.767939][ T9829] device_add+0x83b/0x1050 [ 367.772415][ T9829] wiphy_register+0x1d8b/0x2aa0 [ 367.777337][ T9829] ? cfg80211_event_work+0x40/0x40 [ 367.782513][ T9829] ? minstrel_ht_alloc+0x894/0xa20 [ 367.787683][ T9829] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 367.793819][ T9829] ieee80211_register_hw+0x2d48/0x39f0 [ 367.799348][ T9829] ? ieee80211_register_hw+0xed1/0x39f0 [ 367.804949][ T9829] ? ieee80211_register_hw+0xed1/0x39f0 [ 367.810558][ T9829] ? ieee80211_tasklet_handler+0x20/0x20 [ 367.816290][ T9829] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 367.822241][ T9829] ? __debug_object_init+0xed/0x440 [ 367.827511][ T9829] ? memset+0x1e/0x40 [ 367.831521][ T9829] ? __hrtimer_init+0x189/0x270 [ 367.836404][ T9829] mac80211_hwsim_new_radio+0x2927/0x4cd0 [ 367.842245][ T9829] ? memcpy+0x3c/0x60 [ 367.846262][ T9829] hwsim_new_radio_nl+0xab7/0xc90 [ 367.851327][ T9829] genl_family_rcv_msg_doit+0x22f/0x350 [ 367.856902][ T9829] ? end_current_label_crit_section+0x170/0x170 [ 367.863183][ T9829] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 367.869201][ T9829] ? bpf_lsm_capable+0x5/0x10 [ 367.873908][ T9829] ? security_capable+0x85/0xb0 [ 367.878789][ T9829] genl_rcv_msg+0x601/0x790 [ 367.883329][ T9829] ? genl_bind+0x360/0x360 [ 367.887779][ T9829] ? hwsim_tx_info_frame_received_nl+0xe30/0xe30 [ 367.894150][ T9829] netlink_rcv_skb+0x1ef/0x440 [ 367.898938][ T9829] ? genl_bind+0x360/0x360 [ 367.903390][ T9829] ? netlink_ack+0x1160/0x1160 [ 367.908192][ T9829] ? down_read+0x1a8/0x2d0 [ 367.912642][ T9829] genl_rcv+0x24/0x40 [ 367.916657][ T9829] netlink_unicast+0x7ad/0x920 [ 367.921459][ T9829] netlink_sendmsg+0x8ad/0xbd0 [ 367.926264][ T9829] ? netlink_getsockopt+0x550/0x550 [ 367.931498][ T9829] ? aa_sock_msg_perm+0x94/0x150 [ 367.936463][ T9829] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 367.941768][ T9829] ? security_socket_sendmsg+0x7c/0xa0 [ 367.947251][ T9829] ? netlink_getsockopt+0x550/0x550 [ 367.952475][ T9829] ____sys_sendmsg+0x5ed/0x9a0 [ 367.957279][ T9829] ? __sys_sendmsg_sock+0x30/0x30 [ 367.962329][ T9829] ? __import_iovec+0x306/0x510 [ 367.967212][ T9829] ? import_iovec+0x6f/0xa0 [ 367.971751][ T9829] ___sys_sendmsg+0x2a2/0x360 [ 367.976465][ T9829] ? __sys_sendmsg+0x2a0/0x2a0 [ 367.981301][ T9829] __se_sys_sendmsg+0x1c3/0x2b0 [ 367.986191][ T9829] ? __x64_sys_sendmsg+0x80/0x80 [ 367.991173][ T9829] ? lockdep_hardirqs_on+0x94/0x140 [ 367.996413][ T9829] do_syscall_64+0x4c/0xa0 [ 368.000854][ T9829] ? clear_bhb_loop+0x60/0xb0 [ 368.005557][ T9829] ? clear_bhb_loop+0x60/0xb0 [ 368.010268][ T9829] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 368.016194][ T9829] RIP: 0033:0x7fa1a159ce59 [ 368.020638][ T9829] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 368.040266][ T9829] RSP: 002b:00007fa1a23a0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 368.048713][ T9829] RAX: ffffffffffffffda RBX: 00007fa1a1816090 RCX: 00007fa1a159ce59 [ 368.056715][ T9829] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 368.064716][ T9829] RBP: 00007fa1a1632e6f R08: 0000000000000000 R09: 0000000000000000 [ 368.072712][ T9829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.080719][ T9829] R13: 00007fa1a1816128 R14: 00007fa1a1816090 R15: 00007fff69bda2c8 [ 368.088727][ T9829] [ 369.003231][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 370.786536][ T9894] netlink: 'syz.2.1569': attribute type 2 has an invalid length. [ 370.808645][ T9894] netlink: 'syz.2.1569': attribute type 1 has an invalid length. [ 370.816562][ T9894] netlink: 170140 bytes leftover after parsing attributes in process `syz.2.1569'. [ 370.955271][ T9894] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.1569'. [ 371.857577][ T9921] device sit0 entered promiscuous mode [ 373.168927][ T9954] netlink: 'syz.0.1587': attribute type 3 has an invalid length. [ 373.192339][ T9954] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1587'. [ 373.221152][ T9958] netlink: 'syz.1.1588': attribute type 21 has an invalid length. [ 373.256164][ T9958] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1588'. [ 373.303587][ T4291] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 373.418694][ T9963] netlink: 140 bytes leftover after parsing attributes in process `syz.3.1590'. [ 373.570810][ T9968] netlink: 'syz.0.1591': attribute type 13 has an invalid length. [ 373.620827][ T9968] netlink: 'syz.0.1591': attribute type 58 has an invalid length. [ 373.639725][ T9968] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1591'. [ 376.025436][T10030] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1613'. [ 376.253151][T10050] netlink: 134268 bytes leftover after parsing attributes in process `syz.3.1620'. [ 376.264331][T10051] netlink: 134268 bytes leftover after parsing attributes in process `syz.3.1620'. [ 377.283409][T10061] netlink: 64535 bytes leftover after parsing attributes in process `syz.4.1622'. [ 377.771448][T10081] netlink: 'syz.0.1629': attribute type 4 has an invalid length. [ 378.608722][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.615270][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.043986][T10105] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1638'. [ 380.434679][T10121] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1645'. [ 380.449126][T10123] netlink: 126632 bytes leftover after parsing attributes in process `syz.3.1643'. [ 380.497321][T10123] netlink: 8192 bytes leftover after parsing attributes in process `syz.3.1643'. [ 380.980882][T10140] netlink: 'syz.0.1651': attribute type 21 has an invalid length. [ 381.272080][T10148] netlink: 'syz.4.1653': attribute type 21 has an invalid length. [ 381.378548][T10148] netlink: 'syz.4.1653': attribute type 6 has an invalid length. [ 381.455356][T10148] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1653'. [ 382.706314][T10175] netlink: 'syz.3.1663': attribute type 29 has an invalid length. [ 382.735160][T10175] netlink: 'syz.3.1663': attribute type 29 has an invalid length. [ 382.785041][T10175] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1663'. [ 383.218635][T10186] netlink: 'syz.0.1666': attribute type 21 has an invalid length. [ 383.250452][T10186] netlink: 'syz.0.1666': attribute type 1 has an invalid length. [ 383.272275][T10186] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1666'. [ 383.755198][T10203] netlink: 'syz.0.1671': attribute type 3 has an invalid length. [ 383.772893][T10203] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1671'. [ 385.223065][T10226] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1678'. [ 385.472254][T10234] netlink: 'syz.0.1682': attribute type 10 has an invalid length. [ 386.408207][T10234] team0 (unregistering): Port device team_slave_0 removed [ 386.490308][T10244] netlink: 'syz.3.1685': attribute type 3 has an invalid length. [ 386.509981][T10244] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1685'. [ 386.543951][T10234] team0 (unregistering): Port device team_slave_1 removed [ 386.901233][T10262] netlink: 'syz.0.1690': attribute type 2 has an invalid length. [ 386.957056][T10262] device 0 entered promiscuous mode [ 386.978349][T10260] netlink: 'syz.0.1690': attribute type 1 has an invalid length. [ 387.008377][T10260] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1690'. [ 387.673698][T10279] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.1694'. [ 388.825163][T10295] netlink: 'syz.1.1701': attribute type 2 has an invalid length. [ 389.011959][T10295] device 2 entered promiscuous mode [ 389.248127][T10306] netlink: 'syz.3.1706': attribute type 1 has an invalid length. [ 389.273228][T10309] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.1705'. [ 389.448954][T10312] netlink: 763 bytes leftover after parsing attributes in process `syz.3.1706'. [ 390.418742][T10322] bridge0: port 3(hsr0) entered disabled state [ 391.022332][T10322] device bridge_slave_1 left promiscuous mode [ 391.028856][T10322] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.053009][T10322] device bridge_slave_0 left promiscuous mode [ 391.066386][T10322] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.403509][T10392] tc_dump_action: action bad kind [ 393.669098][T10404] netlink: 'syz.0.1735': attribute type 1 has an invalid length. [ 393.703125][T10404] netlink: 'syz.0.1735': attribute type 4 has an invalid length. [ 393.711861][T10404] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1735'. [ 394.135230][T10422] netlink: 'syz.1.1738': attribute type 29 has an invalid length. [ 394.203311][T10422] netlink: 'syz.1.1738': attribute type 29 has an invalid length. [ 394.216496][T10389] delete_channel: no stack [ 394.420284][T10430] netlink: 'syz.1.1738': attribute type 29 has an invalid length. [ 394.645030][T10438] netlink: 126632 bytes leftover after parsing attributes in process `syz.2.1742'. [ 394.740048][T10438] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.1742'. [ 395.037683][T10440] netlink: 'syz.2.1743': attribute type 22 has an invalid length. [ 395.057944][T10440] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1743'. [ 396.075761][T10464] device wlan1 entered promiscuous mode [ 396.140373][T10464] netlink: 'syz.0.1751': attribute type 11 has an invalid length. [ 396.178156][ T4287] Bluetooth: hci4: ISO packet for unknown connection handle 2366 [ 396.208395][T10464] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1751'. [ 396.251785][T10463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.481061][T10478] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.1755'. [ 396.982172][ T30] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 398.140883][T10513] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.1767'. [ 398.241386][T10517] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.1768'. [ 398.365057][T10517] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.1768'. [ 399.002371][T10539] netlink: 'syz.2.1773': attribute type 20 has an invalid length. [ 399.274628][T10548] netlink: 'syz.0.1777': attribute type 16 has an invalid length. [ 399.282539][T10548] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1777'. [ 399.344774][T10547] netlink: 'syz.0.1777': attribute type 16 has an invalid length. [ 399.397694][T10547] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1777'. [ 400.369119][T10567] netlink: 763 bytes leftover after parsing attributes in process `syz.1.1784'. [ 400.474970][T10574] netlink: 'syz.2.1785': attribute type 1 has an invalid length. [ 400.487882][T10574] netlink: 14719 bytes leftover after parsing attributes in process `syz.2.1785'. [ 402.057990][T10617] netlink: 'syz.0.1802': attribute type 29 has an invalid length. [ 402.123602][T10617] netlink: 'syz.0.1802': attribute type 29 has an invalid length. [ 402.254641][T10621] netlink: 'syz.0.1802': attribute type 29 has an invalid length. [ 402.297748][T10617] netlink: 'syz.0.1802': attribute type 29 has an invalid length. [ 402.355604][T10610] can: request_module (can-proto-3) failed. [ 403.009955][T10636] netlink: 'syz.4.1809': attribute type 10 has an invalid length. [ 403.026280][T10636] netlink: 65015 bytes leftover after parsing attributes in process `syz.4.1809'. [ 403.222193][T10646] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.1811'. [ 403.331602][T10646] netlink: 6955 bytes leftover after parsing attributes in process `syz.3.1811'. [ 404.420123][ T4287] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 404.428569][ T4287] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 404.438348][ T4287] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 407.345829][T10686] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1825'. [ 407.405059][T10686] netlink: 'syz.2.1825': attribute type 10 has an invalid length. [ 407.413632][T10686] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1825'. [ 407.708281][T10702] netlink: 'syz.2.1830': attribute type 21 has an invalid length. [ 407.984675][T10711] netlink: 'syz.3.1837': attribute type 2 has an invalid length. [ 408.001973][T10711] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1837'. [ 408.938964][T10749] netlink: 'syz.0.1843': attribute type 2 has an invalid length. [ 409.130368][T10749] device .*! entered promiscuous mode [ 409.391563][T10768] netlink: 'syz.4.1851': attribute type 19 has an invalid length. [ 409.403274][T10768] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1851'. [ 409.666617][T10779] netlink: 'syz.4.1854': attribute type 2 has an invalid length. [ 409.737674][T10779] device 0 entered promiscuous mode [ 409.812233][T10781] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.1856'. [ 411.390729][T10827] IPv6: NLM_F_CREATE should be specified when creating new route [ 414.706976][T10866] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1884'. [ 414.927308][ T4291] Bluetooth: hci2: unexpected event 0x01 length: 15 > 1 [ 415.518007][T10902] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1897'. [ 415.746927][T10913] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1901'. [ 415.822056][T10918] syz.0.1900[10918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 415.907978][T10918] syz.0.1900[10918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 416.280501][T10926] netlink: 'syz.3.1903': attribute type 29 has an invalid length. [ 416.362915][T10926] netlink: 'syz.3.1903': attribute type 29 has an invalid length. [ 417.412506][T10965] netlink: 'syz.0.1915': attribute type 11 has an invalid length. [ 417.450865][T10965] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1915'. [ 417.547496][T10967] tun0: tun_chr_ioctl cmd 1074025673 [ 422.273855][T11087] Ÿë: port 1(gretap0) entered blocking state [ 422.313068][T11087] Ÿë: port 1(gretap0) entered disabled state [ 422.328369][T11087] device gretap0 entered promiscuous mode [ 422.368423][T11091] Ÿë: port 2(veth0_to_team) entered blocking state [ 422.444150][T11091] Ÿë: port 2(veth0_to_team) entered disabled state [ 422.524378][T11091] device veth0_to_team entered promiscuous mode [ 422.934725][T11128] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.1970'. [ 422.973762][T11128] sysfs: cannot create duplicate filename '/class/ieee80211/!!!' [ 423.026326][T11128] CPU: 1 PID: 11128 Comm: syz.3.1970 Not tainted syzkaller #0 [ 423.033922][T11128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 423.044065][T11128] Call Trace: [ 423.047442][T11128] [ 423.050458][T11128] dump_stack_lvl+0x188/0x24e [ 423.055252][T11128] ? show_regs_print_info+0x12/0x12 [ 423.060570][T11128] ? load_image+0x410/0x410 [ 423.065218][T11128] sysfs_warn_dup+0x8a/0xa0 [ 423.069814][T11128] sysfs_do_create_link_sd+0xc0/0x110 [ 423.075283][T11128] device_add+0x83b/0x1050 [ 423.079807][T11128] wiphy_register+0x1d8b/0x2aa0 [ 423.084826][T11128] ? cfg80211_event_work+0x40/0x40 [ 423.090014][T11128] ? minstrel_ht_alloc+0x894/0xa20 [ 423.095239][T11128] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 423.101418][T11128] ieee80211_register_hw+0x2d48/0x39f0 [ 423.107010][T11128] ? ieee80211_register_hw+0xed1/0x39f0 [ 423.112725][T11128] ? ieee80211_register_hw+0xed1/0x39f0 [ 423.118468][T11128] ? ieee80211_tasklet_handler+0x20/0x20 [ 423.124182][T11128] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 423.130177][T11128] ? __debug_object_init+0xed/0x440 [ 423.135476][T11128] ? memset+0x1e/0x40 [ 423.139548][T11128] ? __hrtimer_init+0x189/0x270 [ 423.144501][T11128] mac80211_hwsim_new_radio+0x2927/0x4cd0 [ 423.150337][T11128] ? memcpy+0x3c/0x60 [ 423.154434][T11128] hwsim_new_radio_nl+0xab7/0xc90 [ 423.159598][T11128] genl_family_rcv_msg_doit+0x22f/0x350 [ 423.165233][T11128] ? end_current_label_crit_section+0x170/0x170 [ 423.171577][T11128] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 423.177598][T11128] ? bpf_lsm_capable+0x5/0x10 [ 423.182361][T11128] ? security_capable+0x85/0xb0 [ 423.187335][T11128] genl_rcv_msg+0x601/0x790 [ 423.191969][T11128] ? genl_bind+0x360/0x360 [ 423.196466][T11128] ? hwsim_tx_info_frame_received_nl+0xe30/0xe30 [ 423.202938][T11128] netlink_rcv_skb+0x1ef/0x440 [ 423.207792][T11128] ? genl_bind+0x360/0x360 [ 423.212304][T11128] ? netlink_ack+0x1160/0x1160 [ 423.217229][T11128] ? down_read+0x1a8/0x2d0 [ 423.221766][T11128] genl_rcv+0x24/0x40 [ 423.225834][T11128] netlink_unicast+0x7ad/0x920 [ 423.230731][T11128] netlink_sendmsg+0x8ad/0xbd0 [ 423.235622][T11128] ? netlink_getsockopt+0x550/0x550 [ 423.240913][T11128] ? aa_sock_msg_perm+0x94/0x150 [ 423.245947][T11128] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 423.251320][T11128] ? security_socket_sendmsg+0x7c/0xa0 [ 423.256864][T11128] ? netlink_getsockopt+0x550/0x550 [ 423.262163][T11128] ____sys_sendmsg+0x5ed/0x9a0 [ 423.267051][T11128] ? __sys_sendmsg_sock+0x30/0x30 [ 423.272156][T11128] ? __import_iovec+0x306/0x510 [ 423.277127][T11128] ? import_iovec+0x6f/0xa0 [ 423.281736][T11128] ___sys_sendmsg+0x2a2/0x360 [ 423.286550][T11128] ? __sys_sendmsg+0x2a0/0x2a0 [ 423.291576][T11128] __se_sys_sendmsg+0x1c3/0x2b0 [ 423.296535][T11128] ? __x64_sys_sendmsg+0x80/0x80 [ 423.301625][T11128] ? lockdep_hardirqs_on+0x94/0x140 [ 423.306938][T11128] do_syscall_64+0x4c/0xa0 [ 423.311435][T11128] ? clear_bhb_loop+0x60/0xb0 [ 423.316188][T11128] ? clear_bhb_loop+0x60/0xb0 [ 423.320951][T11128] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 423.326938][T11128] RIP: 0033:0x7fa1a159ce59 [ 423.331435][T11128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 423.351128][T11128] RSP: 002b:00007fa1a23c1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 423.359638][T11128] RAX: ffffffffffffffda RBX: 00007fa1a1815fa0 RCX: 00007fa1a159ce59 [ 423.367698][T11128] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 423.375768][T11128] RBP: 00007fa1a1632e6f R08: 0000000000000000 R09: 0000000000000000 [ 423.383824][T11128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.391876][T11128] R13: 00007fa1a1816038 R14: 00007fa1a1815fa0 R15: 00007fff69bda2c8 [ 423.399992][T11128] [ 424.454640][T11159] netlink: 'syz.3.1980': attribute type 4 has an invalid length. [ 424.463269][T11159] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1980'. [ 424.799033][T11169] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1983'. [ 424.831172][T11169] openvswitch: netlink: Message has 6 unknown bytes. [ 425.757341][T11181] netlink: 'syz.0.1988': attribute type 4 has an invalid length. [ 425.764653][T11190] netlink: 180 bytes leftover after parsing attributes in process `syz.4.1991'. [ 425.789881][T11181] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1988'. [ 425.800624][T11190] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1991'. [ 426.760998][T11237] netlink: 'syz.1.2005': attribute type 7 has an invalid length. [ 427.087596][T11242] netlink: 'syz.3.2007': attribute type 3 has an invalid length. [ 427.117192][T11242] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2007'. [ 428.010728][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 428.345035][T11279] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2019'. [ 428.369100][T11279] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2019'. [ 428.393421][T11279] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2019'. [ 428.423481][T11279] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2019'. [ 428.459028][T11279] netlink: 'syz.3.2019': attribute type 3 has an invalid length. [ 428.497106][T11279] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2019'. [ 429.818024][T11312] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2029'. [ 430.201497][T11321] -1: renamed from syzkaller0 [ 431.451025][T11369] netlink: 'syz.1.2046': attribute type 28 has an invalid length. [ 431.533271][T11376] netlink: 194236 bytes leftover after parsing attributes in process `syz.0.2048'. [ 431.573184][T11376] netlink: zone id is out of range [ 431.598778][T11376] netlink: zone id is out of range [ 431.619563][T11376] netlink: zone id is out of range [ 431.629133][T11376] netlink: zone id is out of range [ 431.639227][T11376] netlink: zone id is out of range [ 431.669798][T11376] netlink: zone id is out of range [ 431.700232][T11376] netlink: zone id is out of range [ 431.710366][T11376] netlink: zone id is out of range [ 431.717562][T11376] netlink: zone id is out of range [ 431.756668][T11376] netlink: zone id is out of range [ 432.462912][T11398] netlink: 'syz.4.2057': attribute type 16 has an invalid length. [ 432.473011][T11398] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2057'. [ 433.411515][T11428] netlink: 'syz.0.2068': attribute type 3 has an invalid length. [ 433.474188][T11428] netlink: 13435 bytes leftover after parsing attributes in process `syz.0.2068'. [ 434.062607][T11446] netlink: 'syz.3.2075': attribute type 3 has an invalid length. [ 434.098726][T11447] netlink: 'syz.3.2075': attribute type 3 has an invalid length. [ 434.121548][T11446] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2075'. [ 434.160678][T11447] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2075'. [ 434.613688][T11463] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 434.621841][T11463] device syzkaller0 entered promiscuous mode [ 434.674427][T11464] netlink: 'syz.3.2080': attribute type 2 has an invalid length. [ 434.697923][T11464] netlink: 'syz.3.2080': attribute type 8 has an invalid length. [ 434.718566][ T4291] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 434.726291][T11464] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2080'. [ 434.729496][ T4291] Bluetooth: hci0: Invalid handle: 0xffff > 0x0eff [ 435.334591][T11478] tipc: Started in network mode [ 435.339719][T11478] tipc: Node identity 9215a268, cluster identity 4711 [ 435.402109][T11478] tipc: Node number set to 2450891368 [ 436.217746][T11515] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2095'. [ 436.245802][T11515] netlink: 180 bytes leftover after parsing attributes in process `syz.4.2095'. [ 436.628206][T11530] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2103'. [ 436.947522][T11534] netlink: 'syz.0.2104': attribute type 3 has an invalid length. [ 437.010445][T11540] netlink: 'syz.0.2104': attribute type 21 has an invalid length. [ 437.015727][T11534] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2104'. [ 437.054636][T11540] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2104'. [ 437.188115][T11540] netlink: 'syz.0.2104': attribute type 4 has an invalid length. [ 437.216476][T11540] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2104'. [ 440.035883][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.042283][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.157830][T11640] netlink: 'syz.0.2136': attribute type 19 has an invalid length. [ 442.176607][T11640] __nla_validate_parse: 1 callbacks suppressed [ 442.176643][T11640] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2136'. [ 442.601321][T11663] netlink: 'syz.0.2142': attribute type 21 has an invalid length. [ 444.613858][T11721] netlink: 'syz.4.2157': attribute type 29 has an invalid length. [ 444.682204][T11719] can: request_module (can-proto-0) failed. [ 444.706003][T11721] netlink: 'syz.4.2157': attribute type 29 has an invalid length. [ 444.760059][T11724] netlink: 'syz.4.2157': attribute type 29 has an invalid length. [ 444.822048][T11727] netlink: 'syz.2.2162': attribute type 10 has an invalid length. [ 444.850961][T11727] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2162'. [ 444.922394][T11728] netlink: 'syz.4.2157': attribute type 29 has an invalid length. [ 444.960884][T11731] netlink: 16399 bytes leftover after parsing attributes in process `syz.0.2161'. [ 447.570294][T11775] netlink: 'syz.2.2178': attribute type 11 has an invalid length. [ 447.596779][T11775] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2178'. [ 447.676480][T11776] netlink: 'syz.1.2179': attribute type 1 has an invalid length. [ 447.708547][T11776] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.2179'. [ 447.761862][T11775] netlink: 'syz.2.2178': attribute type 11 has an invalid length. [ 447.816942][T11775] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2178'. [ 448.364508][T11772] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 450.377599][T11776] : port 1(ip6gretap0) entered blocking state [ 450.384120][T11776] : port 1(ip6gretap0) entered disabled state [ 450.404112][T11776] device ip6gretap0 entered promiscuous mode [ 450.428071][T11781] device ip6gretap0 left promiscuous mode [ 450.464842][T11781] : port 1(ip6gretap0) entered disabled state [ 450.638827][T11796] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.2182'. [ 451.134656][T11810] netlink: 'syz.4.2191': attribute type 2 has an invalid length. [ 451.765498][T11810] device 1 entered promiscuous mode [ 451.952504][T11829] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2195'. [ 451.971300][T11828] delete_channel: no stack [ 452.376970][T11845] netlink: 'syz.1.2202': attribute type 2 has an invalid length. [ 452.464176][T11845] device 3 entered promiscuous mode [ 452.795710][T11859] netlink: 'syz.1.2209': attribute type 3 has an invalid length. [ 452.857518][T11859] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2209'. [ 452.969277][T11865] netlink: 'syz.1.2209': attribute type 21 has an invalid length. [ 453.026156][T11865] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2209'. [ 458.148023][T11930] netlink: 'syz.3.2227': attribute type 4 has an invalid length. [ 458.431874][T11938] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2232'. [ 458.601589][T11940] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.2234'. [ 459.038809][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 460.102462][T11977] netlink: 'syz.4.2245': attribute type 39 has an invalid length. [ 460.672827][T12004] netlink: 172 bytes leftover after parsing attributes in process `syz.2.2253'. [ 460.739703][T12004] netlink: 'syz.2.2253': attribute type 21 has an invalid length. [ 462.003427][T12042] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2266'. [ 462.270465][T12042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.309744][T12042] bond0 (unregistering): Released all slaves [ 468.130297][T12085] netlink: 'syz.1.2278': attribute type 10 has an invalid length. [ 468.200028][T12085] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2278'. [ 468.223248][T12085] net_ratelimit: 5 callbacks suppressed [ 468.223267][T12085] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 468.637026][T12105] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2285'. [ 468.722551][T12105] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 468.800457][T12105] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 468.881888][T12102] netlink: 'syz.1.2284': attribute type 21 has an invalid length. [ 468.904660][T12102] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2284'. [ 468.944242][T12102] netlink: 'syz.1.2284': attribute type 4 has an invalid length. [ 468.987604][T12102] netlink: 'syz.1.2284': attribute type 5 has an invalid length. [ 469.009030][T12102] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2284'. [ 471.094945][T12150] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2298'. [ 471.151478][T12149] netlink: 'syz.3.2297': attribute type 19 has an invalid length. [ 471.174516][T12149] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2297'. [ 473.244377][T12203] netlink: 'syz.2.2317': attribute type 19 has an invalid length. [ 473.265693][T12203] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2317'. [ 475.893485][T12263] netlink: 'syz.3.2336': attribute type 2 has an invalid length. [ 476.111016][T12263] device 0 entered promiscuous mode [ 477.818890][T12299] netlink: 16054 bytes leftover after parsing attributes in process `syz.3.2352'. [ 478.297964][T12314] netlink: 'syz.2.2357': attribute type 27 has an invalid length. [ 478.346438][T12314] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2357'. [ 480.068958][T12343] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.2368'. [ 480.424164][T12351] netlink: 'syz.4.2372': attribute type 16 has an invalid length. [ 480.432139][T12351] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2372'. [ 480.740628][T12358] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2373'. [ 482.974203][T12402] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 484.190609][T12412] netlink: 'syz.2.2394': attribute type 2 has an invalid length. [ 484.291680][T12412] device 2 entered promiscuous mode [ 486.398110][T12474] netlink: 'syz.1.2412': attribute type 2 has an invalid length. [ 486.423101][T12474] netlink: 196452 bytes leftover after parsing attributes in process `syz.1.2412'. [ 487.189934][T12503] netlink: 'syz.1.2422': attribute type 10 has an invalid length. [ 489.254320][T12504] netlink: 'syz.1.2422': attribute type 21 has an invalid length. [ 489.276935][T12504] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2422'. [ 489.292857][T12504] netlink: 'syz.1.2422': attribute type 5 has an invalid length. [ 489.300672][T12504] netlink: 'syz.1.2422': attribute type 6 has an invalid length. [ 489.330702][T12504] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2422'. [ 490.064501][ T4893] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 490.132620][T12537] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.2436'. [ 490.210817][T12537] sysfs: cannot create duplicate filename '/class/ieee80211/!!!' [ 490.231870][T12537] CPU: 1 PID: 12537 Comm: syz.3.2436 Not tainted syzkaller #0 [ 490.239447][T12537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 490.249561][T12537] Call Trace: [ 490.252900][T12537] [ 490.255877][T12537] dump_stack_lvl+0x188/0x24e [ 490.260613][T12537] ? show_regs_print_info+0x12/0x12 [ 490.265868][T12537] ? load_image+0x410/0x410 [ 490.270450][T12537] sysfs_warn_dup+0x8a/0xa0 [ 490.275018][T12537] sysfs_do_create_link_sd+0xc0/0x110 [ 490.280805][T12537] device_add+0x83b/0x1050 [ 490.285281][T12537] wiphy_register+0x1d8b/0x2aa0 [ 490.290226][T12537] ? cfg80211_event_work+0x40/0x40 [ 490.295399][T12537] ? minstrel_ht_alloc+0x894/0xa20 [ 490.300580][T12537] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 490.306715][T12537] ieee80211_register_hw+0x2d48/0x39f0 [ 490.312244][T12537] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 490.318482][T12537] ? ieee80211_register_hw+0xed1/0x39f0 [ 490.324086][T12537] ? ieee80211_register_hw+0xed1/0x39f0 [ 490.329710][T12537] ? ieee80211_tasklet_handler+0x20/0x20 [ 490.335409][T12537] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 490.341377][T12537] ? __debug_object_init+0xed/0x440 [ 490.346683][T12537] ? memset+0x1e/0x40 [ 490.350730][T12537] ? __hrtimer_init+0x189/0x270 [ 490.355650][T12537] mac80211_hwsim_new_radio+0x2927/0x4cd0 [ 490.361442][T12537] ? memcpy+0x3c/0x60 [ 490.365491][T12537] hwsim_new_radio_nl+0xab7/0xc90 [ 490.370595][T12537] genl_family_rcv_msg_doit+0x22f/0x350 [ 490.376214][T12537] ? end_current_label_crit_section+0x170/0x170 [ 490.382525][T12537] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 490.388497][T12537] ? bpf_lsm_capable+0x5/0x10 [ 490.393241][T12537] ? security_capable+0x85/0xb0 [ 490.398187][T12537] genl_rcv_msg+0x601/0x790 [ 490.402763][T12537] ? genl_bind+0x360/0x360 [ 490.407293][T12537] ? hwsim_tx_info_frame_received_nl+0xe30/0xe30 [ 490.413703][T12537] netlink_rcv_skb+0x1ef/0x440 [ 490.418569][T12537] ? genl_bind+0x360/0x360 [ 490.423051][T12537] ? netlink_ack+0x1160/0x1160 [ 490.427889][T12537] ? down_read+0x1a8/0x2d0 [ 490.432366][T12537] genl_rcv+0x24/0x40 [ 490.436409][T12537] netlink_unicast+0x7ad/0x920 [ 490.441246][T12537] netlink_sendmsg+0x8ad/0xbd0 [ 490.446078][T12537] ? netlink_getsockopt+0x550/0x550 [ 490.451344][T12537] ? aa_sock_msg_perm+0x94/0x150 [ 490.456339][T12537] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 490.461680][T12537] ? security_socket_sendmsg+0x7c/0xa0 [ 490.467219][T12537] ? netlink_getsockopt+0x550/0x550 [ 490.472474][T12537] ____sys_sendmsg+0x5ed/0x9a0 [ 490.477309][T12537] ? __sys_sendmsg_sock+0x30/0x30 [ 490.482389][T12537] ? __import_iovec+0x306/0x510 [ 490.487306][T12537] ? import_iovec+0x6f/0xa0 [ 490.491862][T12537] ___sys_sendmsg+0x2a2/0x360 [ 490.496600][T12537] ? __sys_sendmsg+0x2a0/0x2a0 [ 490.501474][T12537] __se_sys_sendmsg+0x1c3/0x2b0 [ 490.506393][T12537] ? perf_trace_preemptirq_template+0x268/0x320 [ 490.512707][T12537] ? __x64_sys_sendmsg+0x80/0x80 [ 490.517720][T12537] ? lockdep_hardirqs_on+0x94/0x140 [ 490.522983][T12537] do_syscall_64+0x4c/0xa0 [ 490.527492][T12537] ? clear_bhb_loop+0x60/0xb0 [ 490.532223][T12537] ? clear_bhb_loop+0x60/0xb0 [ 490.536954][T12537] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 490.542912][T12537] RIP: 0033:0x7fa1a159ce59 [ 490.547382][T12537] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 490.567053][T12537] RSP: 002b:00007fa1a23c1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 490.575531][T12537] RAX: ffffffffffffffda RBX: 00007fa1a1815fa0 RCX: 00007fa1a159ce59 [ 490.583651][T12537] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 490.591685][T12537] RBP: 00007fa1a1632e6f R08: 0000000000000000 R09: 0000000000000000 [ 490.599745][T12537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.607770][T12537] R13: 00007fa1a1816038 R14: 00007fa1a1815fa0 R15: 00007fff69bda2c8 [ 490.615796][T12537] [ 490.711407][T12549] netlink: 'syz.0.2441': attribute type 10 has an invalid length. [ 492.145816][T12588] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2456'. [ 492.227414][T12588] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2456'. [ 492.308003][T12592] netlink: 'syz.3.2456': attribute type 29 has an invalid length. [ 492.351818][T12592] netlink: 'syz.3.2456': attribute type 29 has an invalid length. [ 492.432529][T12594] netlink: 'syz.3.2456': attribute type 29 has an invalid length. [ 492.467524][T12588] netlink: 'syz.3.2456': attribute type 29 has an invalid length. [ 492.537071][T12592] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2456'. [ 492.813688][T12606] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.2460'. [ 492.878697][T12606] sysfs: cannot create duplicate filename '/class/ieee80211/!!!' [ 492.891460][T12606] CPU: 1 PID: 12606 Comm: syz.4.2460 Not tainted syzkaller #0 [ 492.899003][T12606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 492.909107][T12606] Call Trace: [ 492.912430][T12606] [ 492.915400][T12606] dump_stack_lvl+0x188/0x24e [ 492.920135][T12606] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 492.926354][T12606] ? show_regs_print_info+0x12/0x12 [ 492.931599][T12606] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 492.937818][T12606] ? dump_stack+0x5/0x12 [ 492.942122][T12606] sysfs_warn_dup+0x8a/0xa0 [ 492.946692][T12606] sysfs_do_create_link_sd+0xc0/0x110 [ 492.952132][T12606] device_add+0x83b/0x1050 [ 492.956605][T12606] wiphy_register+0x1d8b/0x2aa0 [ 492.961532][T12606] ? cfg80211_event_work+0x40/0x40 [ 492.966690][T12606] ? minstrel_ht_alloc+0x894/0xa20 [ 492.971860][T12606] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 492.977985][T12606] ieee80211_register_hw+0x2d48/0x39f0 [ 492.983509][T12606] ? ieee80211_register_hw+0xed1/0x39f0 [ 492.989100][T12606] ? ieee80211_register_hw+0xed1/0x39f0 [ 492.994712][T12606] ? ieee80211_tasklet_handler+0x20/0x20 [ 493.000391][T12606] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 493.006359][T12606] ? __debug_object_init+0xed/0x440 [ 493.011619][T12606] ? memset+0x1e/0x40 [ 493.015651][T12606] ? __hrtimer_init+0x189/0x270 [ 493.020553][T12606] mac80211_hwsim_new_radio+0x2927/0x4cd0 [ 493.026376][T12606] ? memcpy+0x3c/0x60 [ 493.030440][T12606] hwsim_new_radio_nl+0xab7/0xc90 [ 493.035553][T12606] genl_family_rcv_msg_doit+0x22f/0x350 [ 493.041179][T12606] ? rcu_is_watching+0x11/0xa0 [ 493.046024][T12606] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 493.051976][T12606] ? lockdep_hardirqs_on+0x94/0x140 [ 493.057252][T12606] ? genl_rcv_msg+0x5d9/0x790 [ 493.062001][T12606] genl_rcv_msg+0x601/0x790 [ 493.066594][T12606] ? genl_bind+0x360/0x360 [ 493.071088][T12606] ? hwsim_tx_info_frame_received_nl+0xe30/0xe30 [ 493.077516][T12606] netlink_rcv_skb+0x1ef/0x440 [ 493.082350][T12606] ? genl_bind+0x360/0x360 [ 493.086867][T12606] ? netlink_ack+0x1160/0x1160 [ 493.091691][T12606] ? down_read+0x1a8/0x2d0 [ 493.096162][T12606] genl_rcv+0x24/0x40 [ 493.100204][T12606] netlink_unicast+0x7ad/0x920 [ 493.105052][T12606] netlink_sendmsg+0x8ad/0xbd0 [ 493.109886][T12606] ? netlink_getsockopt+0x550/0x550 [ 493.115148][T12606] ? aa_sock_msg_perm+0x94/0x150 [ 493.120153][T12606] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 493.125491][T12606] ? security_socket_sendmsg+0x7c/0xa0 [ 493.131007][T12606] ? netlink_getsockopt+0x550/0x550 [ 493.136256][T12606] ____sys_sendmsg+0x5ed/0x9a0 [ 493.141080][T12606] ? __sys_sendmsg_sock+0x30/0x30 [ 493.146153][T12606] ? __import_iovec+0x306/0x510 [ 493.151069][T12606] ? import_iovec+0x6f/0xa0 [ 493.155623][T12606] ___sys_sendmsg+0x2a2/0x360 [ 493.160370][T12606] ? __sys_sendmsg+0x2a0/0x2a0 [ 493.165265][T12606] __se_sys_sendmsg+0x1c3/0x2b0 [ 493.170188][T12606] ? __x64_sys_sendmsg+0x80/0x80 [ 493.175217][T12606] do_syscall_64+0x4c/0xa0 [ 493.179703][T12606] ? clear_bhb_loop+0x60/0xb0 [ 493.184455][T12606] ? clear_bhb_loop+0x60/0xb0 [ 493.189193][T12606] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 493.195191][T12606] RIP: 0033:0x7fb0a3b9ce59 [ 493.199660][T12606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 493.219319][T12606] RSP: 002b:00007fb0a4ac9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 493.227805][T12606] RAX: ffffffffffffffda RBX: 00007fb0a3e16090 RCX: 00007fb0a3b9ce59 [ 493.235837][T12606] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 493.243858][T12606] RBP: 00007fb0a3c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 493.251873][T12606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 493.259886][T12606] R13: 00007fb0a3e16128 R14: 00007fb0a3e16090 R15: 00007ffeeb36a5e8 [ 493.267922][T12606] [ 494.015824][T12624] delete_channel: no stack [ 494.195302][T12628] netlink: 'syz.4.2469': attribute type 10 has an invalid length. [ 494.228202][T12631] netlink: 'syz.2.2470': attribute type 2 has an invalid length. [ 494.299105][T12628] device wlan1 left promiscuous mode [ 494.528278][T12628] team0: Port device wlan1 added [ 494.550463][T12634] netlink: 'syz.2.2470': attribute type 10 has an invalid length. [ 495.101504][T12631] device 0 entered promiscuous mode [ 495.389600][T12644] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2475'. [ 495.435957][T12646] netlink: 'syz.3.2474': attribute type 10 has an invalid length. [ 496.173909][T12657] netlink: 'syz.2.2477': attribute type 21 has an invalid length. [ 496.181858][T12657] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2477'. [ 496.526526][T12674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2481'. [ 496.583112][T12674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2481'. [ 496.913251][ T4332] wlan1: Trigger new scan to find an IBSS to join [ 499.877583][ T9] wlan1: Trigger new scan to find an IBSS to join [ 501.160196][T12746] netlink: 65027 bytes leftover after parsing attributes in process `syz.0.2509'. [ 501.449162][T12773] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 501.475995][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.482384][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.507655][T12773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2506'. [ 501.871850][T12791] netlink: 'syz.3.2514': attribute type 2 has an invalid length. [ 502.014307][T12799] netlink: 180900 bytes leftover after parsing attributes in process `syz.4.2517'. [ 502.033047][T12799] openvswitch: netlink: Flow actions attr not present in new flow. [ 502.287311][T12811] netlink: 'syz.2.2519': attribute type 2 has an invalid length. [ 502.327529][T12791] device 0 entered promiscuous mode [ 502.336758][T12811] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2519'. [ 502.353560][T12794] netlink: 'syz.3.2514': attribute type 10 has an invalid length. [ 502.484588][T12794] team0: Port device veth0_to_bond added [ 502.520169][T12799] netlink: 'syz.4.2517': attribute type 22 has an invalid length. [ 502.537360][T12799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2517'. [ 502.923968][ T9] wlan1: Trigger new scan to find an IBSS to join [ 503.102215][T12824] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2526'. [ 503.138351][T12824] openvswitch: netlink: Flow key attr not present in new flow. [ 503.691600][T12846] netlink: 'syz.3.2532': attribute type 29 has an invalid length. [ 503.710274][T12846] netlink: 'syz.3.2532': attribute type 29 has an invalid length. [ 503.750065][T12852] netlink: 'syz.3.2532': attribute type 29 has an invalid length. [ 503.776318][T12846] netlink: 'syz.3.2532': attribute type 29 has an invalid length. [ 503.968444][ T4332] wlan1: Creating new IBSS network, BSSID be:4a:04:c3:c0:47 [ 503.978247][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 504.167423][T12864] netlink: 'syz.1.2538': attribute type 29 has an invalid length. [ 504.176148][T12864] netlink: 'syz.1.2538': attribute type 29 has an invalid length. [ 504.609283][T12881] tap0: tun_chr_ioctl cmd 1074025694 [ 506.065854][T12939] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.2563'. [ 507.156731][T12979] FAULT_INJECTION: forcing a failure. [ 507.156731][T12979] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 507.187653][T12979] CPU: 1 PID: 12979 Comm: syz.2.2576 Not tainted syzkaller #0 [ 507.195218][T12979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 507.205331][T12979] Call Trace: [ 507.208649][T12979] [ 507.211615][T12979] dump_stack_lvl+0x188/0x24e [ 507.216357][T12979] ? show_regs_print_info+0x12/0x12 [ 507.221615][T12979] ? load_image+0x410/0x410 [ 507.226181][T12979] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 507.232420][T12979] should_fail_ex+0x390/0x4c0 [ 507.237166][T12979] _copy_from_user+0x2c/0x170 [ 507.241915][T12979] __sys_bpf+0x2ea/0x780 [ 507.246251][T12979] ? bpf_link_show_fdinfo+0x380/0x380 [ 507.251708][T12979] ? lock_chain_count+0x20/0x20 [ 507.256626][T12979] __x64_sys_bpf+0x78/0x90 [ 507.261103][T12979] do_syscall_64+0x4c/0xa0 [ 507.265573][T12979] ? clear_bhb_loop+0x60/0xb0 [ 507.270387][T12979] ? clear_bhb_loop+0x60/0xb0 [ 507.275131][T12979] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 507.281097][T12979] RIP: 0033:0x7fd6a039ce59 [ 507.285571][T12979] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 507.305235][T12979] RSP: 002b:00007fd6a1322028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 507.313711][T12979] RAX: ffffffffffffffda RBX: 00007fd6a0615fa0 RCX: 00007fd6a039ce59 [ 507.321738][T12979] RDX: 0000000000000052 RSI: 000020000000e000 RDI: 0000000000000005 [ 507.329774][T12979] RBP: 00007fd6a1322090 R08: 0000000000000000 R09: 0000000000000000 [ 507.337804][T12979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 507.345835][T12979] R13: 00007fd6a0616038 R14: 00007fd6a0615fa0 R15: 00007fff5ef36698 [ 507.353871][T12979] [ 508.205818][T13010] validate_nla: 3 callbacks suppressed [ 508.205838][T13010] netlink: 'syz.3.2585': attribute type 5 has an invalid length. [ 508.265838][T13010] netlink: 'syz.3.2585': attribute type 30 has an invalid length. [ 508.322773][T13003] -1: renamed from syzkaller0 [ 508.618581][T13029] FAULT_INJECTION: forcing a failure. [ 508.618581][T13029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 508.656599][T13029] CPU: 0 PID: 13029 Comm: syz.2.2591 Not tainted syzkaller #0 [ 508.664157][T13029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 508.674256][T13029] Call Trace: [ 508.677581][T13029] [ 508.680551][T13029] dump_stack_lvl+0x188/0x24e [ 508.685290][T13029] ? show_regs_print_info+0x12/0x12 [ 508.690546][T13029] ? load_image+0x410/0x410 [ 508.695107][T13029] ? __lock_acquire+0x7bd0/0x7bd0 [ 508.700186][T13029] should_fail_ex+0x390/0x4c0 [ 508.704915][T13029] strncpy_from_user+0x32/0x340 [ 508.709858][T13029] bpf_prog_load+0x200/0x1530 [ 508.714582][T13029] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 508.720598][T13029] ? map_freeze+0x390/0x390 [ 508.725148][T13029] ? __sys_bpf+0x360/0x780 [ 508.729596][T13029] __sys_bpf+0x5b8/0x780 [ 508.733878][T13029] ? bpf_link_show_fdinfo+0x380/0x380 [ 508.739294][T13029] ? lock_chain_count+0x20/0x20 [ 508.744181][T13029] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 508.750195][T13029] __x64_sys_bpf+0x78/0x90 [ 508.754643][T13029] do_syscall_64+0x4c/0xa0 [ 508.759082][T13029] ? clear_bhb_loop+0x60/0xb0 [ 508.763781][T13029] ? clear_bhb_loop+0x60/0xb0 [ 508.768487][T13029] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 508.774410][T13029] RIP: 0033:0x7fd6a039ce59 [ 508.778846][T13029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.798474][T13029] RSP: 002b:00007fd6a1322028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 508.806927][T13029] RAX: ffffffffffffffda RBX: 00007fd6a0615fa0 RCX: 00007fd6a039ce59 [ 508.814933][T13029] RDX: 0000000000000052 RSI: 000020000000e000 RDI: 0000000000000005 [ 508.822935][T13029] RBP: 00007fd6a1322090 R08: 0000000000000000 R09: 0000000000000000 [ 508.830933][T13029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.838971][T13029] R13: 00007fd6a0616038 R14: 00007fd6a0615fa0 R15: 00007fff5ef36698 [ 508.846982][T13029] [ 509.381549][T13044] netlink: 'syz.2.2596': attribute type 21 has an invalid length. [ 509.397434][T13044] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2596'. [ 509.483971][T13040] cgroup: fork rejected by pids controller in /syz0 [ 510.022368][T13166] delete_channel: no stack [ 512.820447][T13181] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2607'. [ 513.595329][T13201] netlink: 'syz.2.2612': attribute type 41 has an invalid length. [ 514.772542][ T4287] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 514.801121][T13216] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 514.817454][T13216] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 514.835292][T13216] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 514.852157][T13216] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 514.868854][T13216] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 516.147378][T13209] netlink: 'syz.1.2615': attribute type 10 has an invalid length. [ 516.187921][T13209] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 516.594685][T13220] device wg2 entered promiscuous mode [ 516.992952][ T4291] Bluetooth: hci1: command 0x0409 tx timeout [ 517.029889][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.126101][T13214] chnl_net:caif_netlink_parms(): no params data found [ 517.405502][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.687601][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.727414][T13253] netlink: 'syz.1.2625': attribute type 153 has an invalid length. [ 517.782723][T13253] netlink: 69544 bytes leftover after parsing attributes in process `syz.1.2625'. [ 517.939517][T13214] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.971505][T13214] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.014867][T13214] device bridge_slave_0 entered promiscuous mode [ 518.209031][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.301647][T13214] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.322891][T13214] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.344053][T13214] device bridge_slave_1 entered promiscuous mode [ 518.453819][T13214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 518.497675][T13214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.632073][T13214] team0: Port device team_slave_0 added [ 518.688110][T13214] team0: Port device team_slave_1 added [ 518.711631][ T9] device 0 left promiscuous mode [ 518.933368][ T9] device .*! left promiscuous mode [ 518.976832][T13214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.991505][T13214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.073187][ T4291] Bluetooth: hci1: command 0x041b tx timeout [ 519.164580][T13214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 519.205197][T13214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 519.232290][T13214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.296079][T13214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.347966][T13283] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2634'. [ 519.373955][ T9] tipc: Left network mode [ 519.394980][T13284] netlink: 'syz.4.2634': attribute type 21 has an invalid length. [ 519.462830][T13284] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2634'. [ 520.027208][T13214] device hsr_slave_0 entered promiscuous mode [ 520.053951][T13214] device hsr_slave_1 entered promiscuous mode [ 520.094980][T13214] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 520.113958][T13214] Cannot create hsr debugfs directory [ 520.677616][T13310] can: request_module (can-proto-0) failed. [ 521.106886][ T9] device gretap0 left promiscuous mode [ 521.147842][ T9] Ÿë: port 1(gretap0) entered disabled state [ 521.153039][ T4291] Bluetooth: hci1: command 0x040f tx timeout [ 521.491012][T13332] netlink: 'syz.4.2645': attribute type 4 has an invalid length. [ 521.506431][T13332] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2645'. [ 522.213788][T13214] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 522.289417][ T9] device veth0_to_team left promiscuous mode [ 522.302033][ T9] Ÿë: port 2(veth0_to_team) entered disabled state [ 522.370336][ T9] device hsr_slave_0 left promiscuous mode [ 522.402062][ T9] device hsr_slave_1 left promiscuous mode [ 522.430186][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 522.456173][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.486483][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 522.518109][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 522.603260][ T9] device veth1_macvtap left promiscuous mode [ 522.625830][ T9] device veth0_macvtap left promiscuous mode [ 522.646966][ T9] device veth1_vlan left promiscuous mode [ 522.673042][ T9] device veth0_vlan left promiscuous mode [ 523.232986][ T4291] Bluetooth: hci1: command 0x0419 tx timeout [ 525.286248][T13214] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 525.303501][T13372] netlink: 'syz.2.2652': attribute type 21 has an invalid length. [ 525.381468][T13373] netlink: 'syz.2.2652': attribute type 1 has an invalid length. [ 525.440837][T13373] netlink: 'syz.2.2652': attribute type 4 has an invalid length. [ 525.473071][T13373] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2652'. [ 525.503866][T13214] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 525.528188][T13214] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 525.863181][T13214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 525.924000][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 525.942053][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 525.979204][T13214] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.024324][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 526.067895][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 526.103855][T12238] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.112105][T12238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.175665][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 526.224272][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 526.247234][T12238] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.254515][T12238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.274223][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 526.315645][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 526.342253][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 526.470584][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 526.496133][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 526.534466][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 526.597472][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 526.649783][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 526.900322][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 526.934404][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 527.014860][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 527.076522][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 527.125117][T13214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 527.248064][T13400] netlink: 63579 bytes leftover after parsing attributes in process `syz.2.2656'. [ 528.045576][T13408] netlink: 'syz.3.2662': attribute type 29 has an invalid length. [ 528.126424][T13408] netlink: 'syz.3.2662': attribute type 29 has an invalid length. [ 528.147915][T13411] netlink: 'syz.3.2662': attribute type 29 has an invalid length. [ 528.665730][T13427] netlink: 'syz.4.2665': attribute type 29 has an invalid length. [ 528.687277][T13427] netlink: 'syz.4.2665': attribute type 29 has an invalid length. [ 528.699968][T13427] netlink: 'syz.4.2665': attribute type 29 has an invalid length. [ 528.754132][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 528.771109][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 528.809577][T13214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 528.882837][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 528.891785][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 528.967043][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 528.977105][T12238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 529.001672][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 529.025245][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 529.047043][T13214] device veth0_vlan entered promiscuous mode [ 529.082514][T13214] device veth1_vlan entered promiscuous mode [ 529.131835][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 529.157697][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 529.171383][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 529.172297][T13437] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 529.196288][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 529.219766][T13214] device veth0_macvtap entered promiscuous mode [ 529.240518][T13214] device veth1_macvtap entered promiscuous mode [ 529.279160][T13214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.292433][T13214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.302977][T13214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.322895][T13214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.344779][T13214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 529.373941][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 529.389071][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 529.434460][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 529.453607][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 529.464076][T13441] delete_channel: no stack [ 529.495549][T13214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.516785][T13214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.541016][T13214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.563210][T13214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.591860][T13214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 529.620760][T13214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.636775][T13214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.649624][T13214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.661085][T13214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.674787][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 529.693647][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 529.767383][T13446] netlink: 57923 bytes leftover after parsing attributes in process `syz.4.2673'. [ 529.878924][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.914330][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.940050][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 529.962269][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 529.974069][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 529.989326][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 530.874769][T13485] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2683'. [ 531.574952][T13216] Bluetooth: hci1: unknown advertising packet type: 0xaa [ 531.805387][T13524] device syzkaller0 entered promiscuous mode [ 531.841054][T13529] netlink: 'syz.3.2698': attribute type 21 has an invalid length. [ 531.862079][T13533] netlink: 'syz.3.2698': attribute type 2 has an invalid length. [ 531.881657][T13529] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2698'. [ 531.900002][T13533] netlink: 'syz.3.2698': attribute type 1 has an invalid length. [ 531.924656][T13533] netlink: 170140 bytes leftover after parsing attributes in process `syz.3.2698'. [ 531.927931][T13528] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2698'. [ 534.463932][T13534] netlink: 'syz.1.2700': attribute type 10 has an invalid length. [ 534.528343][T13534] team0 (unregistering): Port device team_slave_0 removed [ 534.558406][T13534] team0 (unregistering): Port device team_slave_1 removed [ 534.585781][T13534] team0 (unregistering): Port device macvlan0 removed [ 534.612797][T13550] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.2705'. [ 534.637265][T13557] netlink: 'syz.4.2706': attribute type 21 has an invalid length. [ 534.649484][T13557] netlink: 'syz.4.2706': attribute type 1 has an invalid length. [ 534.657606][T13557] netlink: 16098 bytes leftover after parsing attributes in process `syz.4.2706'. [ 535.176321][T13570] netlink: 'syz.4.2709': attribute type 3 has an invalid length. [ 535.198502][T13570] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2709'. [ 535.667184][T13599] device wg2 entered promiscuous mode [ 536.022377][T13597] device wg2 left promiscuous mode [ 536.183566][T13605] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 536.191472][T13605] #PF: supervisor instruction fetch in kernel mode [ 536.198024][T13605] #PF: error_code(0x0010) - not-present page [ 536.204070][T13605] PGD 582fe067 P4D 582fe067 PUD 0 [ 536.209265][T13605] Oops: 0010 [#1] PREEMPT SMP KASAN [ 536.214559][T13605] CPU: 0 PID: 13605 Comm: syz.2.2721 Not tainted syzkaller #0 [ 536.222071][T13605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 536.232175][T13605] RIP: 0010:0x0 [ 536.235696][T13605] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 536.243120][T13605] RSP: 0018:ffffc90004a2f498 EFLAGS: 00010246 [ 536.249241][T13605] RAX: 1ffffffff1629bbb RBX: 1ffff92000945ea4 RCX: 0000000000000001 [ 536.257269][T13605] RDX: ffffc90004a2f540 RSI: 0000000000000001 RDI: ffff88802737a000 [ 536.265345][T13605] RBP: ffffc90004a2f5b0 R08: ffff88802737a03f R09: 1ffff11004e6f407 [ 536.273464][T13605] R10: dffffc0000000000 R11: ffffed1004e6f408 R12: ffffe8ffffc46fa0 [ 536.281490][T13605] R13: ffffffff8b14ddd8 R14: 0000000000000000 R15: ffff88802737a000 [ 536.289529][T13605] FS: 00007fd6a13226c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 536.298520][T13605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 536.305136][T13605] CR2: ffffffffffffffd6 CR3: 0000000059c51000 CR4: 00000000003506f0 [ 536.313139][T13605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 536.321140][T13605] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 536.329138][T13605] Call Trace: [ 536.332438][T13605] [ 536.335392][T13605] bond_xdp_xmit+0x31e/0x550 [ 536.340025][T13605] ? bond_xdp_xmit+0x94/0x550 [ 536.344748][T13605] ? bond_xdp+0x8c0/0x8c0 [ 536.349115][T13605] ? page_pool_put_defragged_page+0x426/0x680 [ 536.355225][T13605] bq_xmit_all+0xca9/0x1120 [ 536.359772][T13605] ? perf_trace_run_bpf_submit+0xf3/0x1c0 [ 536.365537][T13605] ? __dev_flush+0x1b0/0x1b0 [ 536.370166][T13605] ? irqentry_enter+0x33/0x50 [ 536.374879][T13605] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 536.380890][T13605] ? lock_chain_count+0x20/0x20 [ 536.385772][T13605] ? lock_chain_count+0x20/0x20 [ 536.390660][T13605] ? bq_enqueue+0x2ef/0x3d0 [ 536.395203][T13605] ? rcu_is_watching+0x11/0xa0 [ 536.400003][T13605] ? trace_xdp_redirect+0xb3/0x2b0 [ 536.405157][T13605] __dev_flush+0xbf/0x1b0 [ 536.409523][T13605] xdp_do_flush+0xa/0x20 [ 536.413797][T13605] bpf_test_run_xdp_live+0x1549/0x1a90 [ 536.419290][T13605] ? 0xffffffffa00041c0 [ 536.423472][T13605] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 536.429670][T13605] ? bpf_test_run_xdp_live+0x515/0x1a90 [ 536.435262][T13605] ? xdp_convert_md_to_buff+0x330/0x330 [ 536.440858][T13605] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 536.447047][T13605] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 536.453346][T13605] bpf_prog_test_run_xdp+0x757/0xf80 [ 536.458686][T13605] ? __lock_acquire+0x7bd0/0x7bd0 [ 536.463765][T13605] ? dev_put+0x80/0x80 [ 536.467883][T13605] ? dev_put+0x80/0x80 [ 536.471988][T13605] bpf_prog_test_run+0x31c/0x390 [ 536.476967][T13605] __sys_bpf+0x62b/0x780 [ 536.481244][T13605] ? bpf_link_show_fdinfo+0x380/0x380 [ 536.486656][T13605] ? lock_chain_count+0x20/0x20 [ 536.491543][T13605] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 536.497588][T13605] __x64_sys_bpf+0x78/0x90 [ 536.502043][T13605] do_syscall_64+0x4c/0xa0 [ 536.506491][T13605] ? clear_bhb_loop+0x60/0xb0 [ 536.511192][T13605] ? clear_bhb_loop+0x60/0xb0 [ 536.515897][T13605] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 536.521849][T13605] RIP: 0033:0x7fd6a039ce59 [ 536.526292][T13605] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.545928][T13605] RSP: 002b:00007fd6a1322028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 536.554369][T13605] RAX: ffffffffffffffda RBX: 00007fd6a0615fa0 RCX: 00007fd6a039ce59 [ 536.562367][T13605] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a [ 536.570360][T13605] RBP: 00007fd6a0432e6f R08: 0000000000000000 R09: 0000000000000000 [ 536.578353][T13605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 536.586345][T13605] R13: 00007fd6a0616038 R14: 00007fd6a0615fa0 R15: 00007fff5ef36698 [ 536.594356][T13605] [ 536.597413][T13605] Modules linked in: [ 536.601341][T13605] CR2: 0000000000000000 [ 536.605523][T13605] ---[ end trace 0000000000000000 ]--- [ 536.611082][T13605] RIP: 0010:0x0 [ 536.614573][T13605] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 536.621961][T13605] RSP: 0018:ffffc90004a2f498 EFLAGS: 00010246 [ 536.628064][T13605] RAX: 1ffffffff1629bbb RBX: 1ffff92000945ea4 RCX: 0000000000000001 [ 536.636062][T13605] RDX: ffffc90004a2f540 RSI: 0000000000000001 RDI: ffff88802737a000 [ 536.644059][T13605] RBP: ffffc90004a2f5b0 R08: ffff88802737a03f R09: 1ffff11004e6f407 [ 536.652056][T13605] R10: dffffc0000000000 R11: ffffed1004e6f408 R12: ffffe8ffffc46fa0 [ 536.660060][T13605] R13: ffffffff8b14ddd8 R14: 0000000000000000 R15: ffff88802737a000 [ 536.668055][T13605] FS: 00007fd6a13226c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 536.677009][T13605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 536.683620][T13605] CR2: ffffffffffffffd6 CR3: 0000000059c51000 CR4: 00000000003506f0 [ 536.691623][T13605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 536.699636][T13605] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 536.707639][T13605] Kernel panic - not syncing: Fatal exception in interrupt [ 536.715427][T13605] Kernel Offset: disabled [ 536.719764][T13605] Rebooting in 86400 seconds..