last executing test programs:

5.998222715s ago: executing program 1 (id=2199):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r0, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x20044850)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x80, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x7400}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000000)={'ipvlan0\x00', @random="0200ff7fffff"})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x20, 0xb, 0x9, 0xfffff00c}, {0x6, 0x0, 0x0, 0xa}]})
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x620, 0x4, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x10506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x1000000000000801, 0x1}, 0x7402, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
close(r2)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r3, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_bp={&(0x7f00000001c0), 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
perf_event_open(&(0x7f00000004c0)={0x3, 0x80, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, @perf_config_ext={0xd, 0x6}, 0x90, 0xa4, 0x6, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

4.642368597s ago: executing program 0 (id=2203):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0xa, 0x300)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

4.415860588s ago: executing program 3 (id=2204):
socket$kcm(0xa, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}}, 0x0, 0x32, 0x0, 0x1}, 0x28)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0xf}, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="001227fc642050120ce90b198531d36ea7008a23f965f463c6159957930000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000300)=ANY=[], 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce818d033200fefdfff500000200875a65969ff57b00000000000000000000000000ac"], 0xfdef)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300040c0)
setsockopt$sock_attach_bpf(r2, 0x6, 0xd, &(0x7f0000000000), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r0, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x57, 0x0, 0x0, &(0x7f0000001080), 0x0, 0x48, 0x0, 0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x108b84, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

3.608998171s ago: executing program 0 (id=2205):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0) (async)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x115905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 64)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0x1b, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@alu={0x7, 0x0, 0x1, 0x4, 0x5, 0x80, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x108}}}, &(0x7f0000000480)='GPL\x00', 0x5, 0x5f, &(0x7f00000004c0)=""/95, 0x41000, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000540)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000580)={0x1, 0x1, 0x2, 0x2}, 0x10, 0x59c8, 0xffffffffffffffff, 0x0, &(0x7f00000005c0)=[r0, 0xffffffffffffffff, r0, r0], 0x0, 0x10, 0x2}, 0x94) (rerun: 64)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socket$kcm(0x2, 0x1000000000000005, 0x0) (async, rerun: 64)
close(0x3) (async, rerun: 64)
socket$kcm(0x2, 0x1, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) (async)
perf_event_open(0x0, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x8) (async)
openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) (async)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5d31, 0x513, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x8f}, 0x104342, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001600)={@fallback=<r4=>r3, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) (async)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = openat$cgroup_devices(r5, &(0x7f0000000200)='devices.allow\x00', 0x2, 0x0) (async)
r7 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_config_ext={0x3, 0x452}, 0x100301, 0x4, 0x0, 0x1, 0x6, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8) (async, rerun: 64)
openat$cgroup_freezer_state(r4, &(0x7f0000000100), 0x2, 0x0) (async, rerun: 64)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))
write$cgroup_devices(r6, 0x0, 0xa) (async)
socket$kcm(0xa, 0x2, 0x88) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002a40)}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x10) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000200000000000000000000437a02800000000000"], &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
sendmsg$kcm(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000003940)=[{&(0x7f0000000500)=""/4086, 0xff6}], 0x1}, 0x0)

3.590328632s ago: executing program 2 (id=2206):
r0 = socket$kcm(0xa, 0x3, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, &(0x7f0000001080)=[{0x0}], 0x1}, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
close(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480))
ioctl$SIOCSIFHWADDR(r1, 0x8b19, 0x0)

3.516456926s ago: executing program 1 (id=2207):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x10, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x38, &(0x7f00000006c0)="0000000000000003", &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

3.460336628s ago: executing program 3 (id=2208):
socket$kcm(0x2, 0x3, 0x84)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0)
socket$kcm(0x2, 0x3, 0x84)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, 0x0, 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000980)=ANY=[], 0xe)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
recvmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2042)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@fallback=r3, 0x22, 0x1, 0xc, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f00000004c0), <r4=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0500000004000000", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="e96cca5414300000000000000040000000009d45d77f426d827dd76cde803a373529845743f819c81781359c494eba18589392c75aae741829897baa9253b6cd72", @ANYRES64=r4], 0x20)
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f00000000c0)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x3, 0x2}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="b38e3f2919a563c8fac106955052f6c2d0ad1178b4125ab805858e8c7a7dbaea6b4409d8ed69f92bd973ce0b0bb0617c04eb36aa56b5001d48ad4b5ca0514c1c300922d7cae223e070393321ec6e18c2a1d3a3b456cfaa1715389141ba611c41b2ef07e68dc3fbce6d210fc7d61d4532659aaaf2cf50f7c38616e78a3223052ad75dd85b6fae404a14c3d686353c04f6fc11f6163f094306c8c895f170250a4ad04b146930650b9fd36d06", 0xab}], 0x1, &(0x7f0000000300)=[{0xa0, 0x88, 0x0, "f0b11ac091f2a2dcf7f5ee50c04ca5eab5d906e162d5b54a2b7d98c323e019fe5c22f0e602bcddf8c1f631ce81a8b01b6dbad18789c8aa0e1da94249234d086c614d241921ac7c4c86dc8c43e4feb7b54a8f78b0ab08a328299fe1019a4d9b5fcfb943dd5e0db66ba9ba67c5e34fc9cf42292b751279484b0cea70a95bbbe9bb6673e231d251590d8cf8"}], 0xa0}, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x0)

3.43991858s ago: executing program 2 (id=2209):
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair(0x1, 0x1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_int(r2, 0x0, 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r3, &(0x7f0000000140), &(0x7f0000000240)=""/154}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x9, 0x0, 0x0, 0xfffffffffff7bbfe, 0x1, 0x3, 0x0, 0x5ff, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000002b80)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@fallback=r4, r4, 0x2f, 0x10, 0xffffffffffffffff, @void, @value=0x0}, 0x20)
mkdir(&(0x7f00000000c0)='./file/file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file/file0/..//file0/file0\x00', 0x0)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f91424fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000100)=0x8000000000000000, 0x12)
ioctl$SIOCSIFHWADDR(r6, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x5c0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x2}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x1, 0x4, 0x100, 0x4, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000008c0), 0x4)

3.367742653s ago: executing program 0 (id=2210):
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {0x0}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0xff00)

3.305796267s ago: executing program 3 (id=2211):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x6c0b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400090000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2e0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000632b77fbac14140ce000036a62079f4b4d2f87e505ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x3f, 0x51, &(0x7f0000000040)="ded6e0966ec1cf6ba4b895a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f91731dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@struct={0x0, 0x2, 0x0, 0x4, 0x1, 0xffff4385, [{0x1, 0x2, 0x6}, {0x0, 0x4, 0x9}]}]}, {0x0, [0x2e, 0x2e]}}, &(0x7f0000000a40)=""/8, 0x40, 0x8, 0x1}, 0x28)
r3 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
write$cgroup_type(r4, &(0x7f0000000300), 0x9)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x28, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50)
socket$kcm(0x10, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="89000000120081ae08060cdc016b3f087f03e3520000000000e2ffca1b1f000000000cc00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120800030004010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

3.24459488s ago: executing program 0 (id=2212):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x48510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x200440e4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, 0x0, 0x40810)
r1 = socket$kcm(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x240440d1)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x88, 0x67, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x4e1f, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast2}}}, @ip_retopts={{0x10}}], 0x30}, 0x844)
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="a6", 0xffffff58}], 0x1}, 0x40001)
recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x10100)

3.115110557s ago: executing program 1 (id=2213):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000b80)=ANY=[], 0xfe33)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x28, &(0x7f0000000dc0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x91, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @generic={0x3, 0xc, 0x0, 0xa, 0xffff}, @ldst={0x3, 0x3, 0x4, 0x0, 0x8, 0x4, 0x4}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x8002}, @tail_call, @cb_func={0x18, 0x1, 0x4, 0x0, 0x3}, @tail_call], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8, 0x4}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0xc2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1600000000000007040000007fffbbddb63d0000ef7127da7e379937f295737e29d863b7748129b13a356e726e2660e3a7fb9b4576d9b96f41bf846aa85738610c72535aca37c29ebb82", @ANYRES32=0x1, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0x4, &(0x7f0000000380)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x39}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
close(r1)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000000000000000000000000105000000100000000000000000000003000000000100000002"], 0x0, 0x53}, 0x28)
r3 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x890b, &(0x7f0000000000))
socket$kcm(0x29, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0xd}, 0x0, 0x80000, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0xb, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
r5 = gettid()
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x10, 0x5, 0x0, 0x72, 0x0, 0x8, 0x4009, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000140), 0xa}, 0x200, 0x0, 0x4, 0x5, 0xfffffffffffffffb, 0x2, 0xfffd, 0x0, 0x7fff, 0x0, 0x6}, r5, 0xa, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001100)={0xffffffffffffffff, 0xe0, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000100), &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x42, &(0x7f0000000200)=[{}, {}, {}, {}], 0x20, 0x0, 0x0, &(0x7f0000000f80), 0x8, 0x12, 0x8, 0x8, &(0x7f0000000fc0)}}, 0x10)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001200)={&(0x7f0000001140)=ANY=[@ANYBLOB="9feb010018000000000000000000000000000800000000000000302e00"], 0x0, 0x1d, 0x0, 0x1, 0x0, 0x10000}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x18, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='GPL\x00', 0x179, 0x0, 0x0, 0x41000, 0x48, '\x00', r6, 0x0, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001280)=[{0x1, 0x2, 0x4000001, 0x9}], 0x10, 0x8}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', r6, r2, 0x4, 0x5}, 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0x8, 0xffffffffffffffff, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="850030000f0000000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)

2.947173965s ago: executing program 2 (id=2214):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x9, 0x5, 0x7, 0xc1}, 0x48) (async, rerun: 32)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x0, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x400200000000003e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async)
r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x18) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x62}, 0x94) (async)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async, rerun: 32)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@ifindex, 0x13, 0x1, 0x46cb, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f0000000300), <r6=>0x0}, 0x40) (rerun: 32)
r7 = socket$kcm(0x29, 0x5, 0x0)
sendmsg(r7, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003140)}, 0x0) (async)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)={0x6, <r8=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={r8}, 0x4) (async)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000540)={@fallback=r7, r4, 0x22, 0x2b, r5, @void, @void, @void, @value=r8, r6}, 0x20) (async, rerun: 64)
r9 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)=@generic={&(0x7f0000000280)='./file0\x00', 0x0, 0x10}, 0x18) (rerun: 64)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@ifindex, r3, 0x29, 0x14, 0x0, @void, @value=r9, @void, @void, r6}, 0x20) (async, rerun: 64)
perf_event_open$cgroup(&(0x7f0000000100)={0x3, 0x80, 0x44, 0x14, 0x7, 0x6, 0x0, 0x9cc, 0x2c0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x100000001, 0xf}, 0x0, 0x1ff, 0x9b, 0x2, 0x7, 0x7, 0xf6c7, 0x0, 0x3, 0x0, 0x2}, r2, 0xd, r1, 0x4) (async, rerun: 64)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)="ed0dddad28616418156ba06e27cee9ab0ad9dc94d02b94bf9ab8e5a556b0e65a8709a78f2405844abc28d7d81bfc8919aeeea8c4fd066c", &(0x7f0000000100), 0x3f, r0}, 0x38) (async)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001880), 0x0, 0x1, r0}, 0x38)

2.692416978s ago: executing program 3 (id=2215):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20002880)
r1 = getpid()
perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x2, 0x3cd, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, r1, 0x0, 0xffffffffffffffff, 0x2)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc81e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}, 0x4846, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab000e271f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1ff032aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e0800000092e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9be7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa5200002fe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb0972d39e4b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e501ddddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b605908000000f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c332c34812382e57c0e0d83f3f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217b6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f2b88cd544b2a8e1b05ea7cf51578169fff7765f9978883b4b5983b42a35a05dabfc325ec2a2ec2f9b0882fdcf5d6f72272d2ff0d8eea60f5494ba42b4d40f144f0ab680a6f40f9094d3afb58a1efd6109894b8605c6b3b3f020c222f6446195b2274f634fbb737948a1f36ea729467e132385e9da614e4625175f4443b97a675934db90010e4b884200c3546c4d86d712c3939e11be3343f693846f509ad4c445ade5cd6d126d5694462ac5d3b527c3bd51c0a715a28d65fe94b255d02cdc1fab99b5b9c352f1b284115e4046285a824d22b6f0afbed8d6096a72fef72ebd6aae78b02fa1993e8fe2020ae93aae2bcfffa40b98549f1fb9fcefa74329909a207336d07f6f59da423ac5fa47852055d5ce6d2c56bdbbcdbf3458ba478c669f39d5272e65c90908ea2cb86d38f8ebf80a8cb85d8399b42403c94b8662af5cf1411526f177b4d476169a5d5a8c37d0d8893a77d0bd47b8a0bba60b3e26094209c889585f997ff556bcd2cc223f9c0c44de9d0fe1b5a8a815f652e79747d3e1f413fa0575d51f652d22883e143065c5ad74bdc864754ba3dad5a8fc8fc2c807d1a51dfb29884adee415c13f2ce14d307bd6165ec6ba68a766adfcbe444ea72d586bb47dd98a225467aab538a77667d19bae2e51727ba6d190e6d7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r5 = socket$kcm(0xa, 0x2, 0x3a)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000340), 0x2a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe40, 0x2b0, &(0x7f0000000100)="b9ff0b078059268cb89e14f088a82de0ffff200000000067000aac14140ce000000d49e832f0", 0x0, 0x28e, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.617705173s ago: executing program 1 (id=2216):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r0, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x20044850)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x80, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x7400}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8918, 0x0)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x20, 0xb, 0x9, 0xfffff00c}, {0x6, 0x0, 0x0, 0xa}]})
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x620, 0x4, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x10506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x1000000000000801, 0x1}, 0x7402, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
close(r2)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={r3, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_bp={&(0x7f00000001c0), 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
perf_event_open(&(0x7f00000004c0)={0x3, 0x80, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, @perf_config_ext={0xd, 0x6}, 0x90, 0xa4, 0x6, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

2.511821428s ago: executing program 2 (id=2217):
r0 = socket$kcm(0xa, 0x3, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, &(0x7f0000001080)=[{0x0}], 0x1}, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
close(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480))
ioctl$SIOCSIFHWADDR(r1, 0x8b19, 0x0)

464.863655ms ago: executing program 0 (id=2218):
socket$kcm(0xa, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}}, 0x0, 0x32, 0x0, 0x1}, 0x28)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0xf}, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="001227fc642050120ce90b198531d36ea7008a23f965f463c6159957930000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000300)=ANY=[], 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce818d033200fefdfff500000200875a65969ff57b00000000000000000000000000ac"], 0xfdef)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300040c0)
setsockopt$sock_attach_bpf(r2, 0x6, 0xd, &(0x7f0000000000), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r0, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x57, 0x0, 0x0, &(0x7f0000001080), 0x0, 0x48, 0x0, 0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x108b84, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

464.666755ms ago: executing program 2 (id=2219):
socket$kcm(0x2, 0x3, 0x84)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0)
socket$kcm(0x2, 0x3, 0x84)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, 0x0, 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000980)=ANY=[], 0xe)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
recvmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2042)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@fallback=r3, 0x22, 0x1, 0xc, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f00000004c0), <r4=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0500000004000000", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="e96cca5414300000000000000040000000009d45d77f426d827dd76cde803a373529845743f819c81781359c494eba18589392c75aae741829897baa9253b6cd72", @ANYRES64=r4], 0x20)
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f00000000c0)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x3, 0x2}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="b38e3f2919a563c8fac106955052f6c2d0ad1178b4125ab805858e8c7a7dbaea6b4409d8ed69f92bd973ce0b0bb0617c04eb36aa56b5001d48ad4b5ca0514c1c300922d7cae223e070393321ec6e18c2a1d3a3b456cfaa1715389141ba611c41b2ef07e68dc3fbce6d210fc7d61d4532659aaaf2cf50f7c38616e78a3223052ad75dd85b6fae404a14c3d686353c04f6fc11f6163f094306c8c895f170250a4ad04b146930650b9fd36d06", 0xab}], 0x1, &(0x7f0000000300)=[{0xa0, 0x88, 0x0, "f0b11ac091f2a2dcf7f5ee50c04ca5eab5d906e162d5b54a2b7d98c323e019fe5c22f0e602bcddf8c1f631ce81a8b01b6dbad18789c8aa0e1da94249234d086c614d241921ac7c4c86dc8c43e4feb7b54a8f78b0ab08a328299fe1019a4d9b5fcfb943dd5e0db66ba9ba67c5e34fc9cf42292b751279484b0cea70a95bbbe9bb6673e231d251590d8cf8"}], 0xa0}, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, 0x0}, 0x0)

462.785815ms ago: executing program 3 (id=2220):
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f00000011c0)}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0xff00)

370.56752ms ago: executing program 1 (id=2221):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x58, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r2)
ioctl$SIOCSIFHWADDR(r2, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}})
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@bloom_filter={0x1e, 0xe, 0x816a, 0xffffa267, 0x1804, r0, 0x62, '\x00', r1, r2, 0x1, 0x2, 0x4, 0xe}, 0x50)
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000003c0), 0x8)
ioctl$TUNSETLINK(r3, 0x400454cd, 0x336)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x10, 0x16, &(0x7f0000000280)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x2, 0x3, 0x4, 0x2, 0xa, 0x0, 0x10}, @map_idx={0x18, 0xb, 0x5, 0x0, 0x3}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0x9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000060001000800000008000000001e0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz1\x00', 0x200002, 0x0)
openat$cgroup_subtree(r6, &(0x7f0000000340), 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002d000b02d25a806f8c6394f9101a04000a740100067402000000000000800c6400f01700d1bd00000000", 0x2e}], 0x1}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r5}, 0x38)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r8, 0xffffffffffffffff, 0x2000000}, 0xc)

280.588675ms ago: executing program 2 (id=2222):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000100000000000000000000850000007500000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000380)=ANY=[@ANYRES16=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702", @ANYRESOCT=r0, @ANYRESHEX=r1, @ANYRESDEC=r1], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a118001500060014ef030000120800040043160000a8001600a400014020000500feffff7fb94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0)
r4 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc81e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4846, 0x0, 0x0, 0x2, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0x2, 0x6, 0x0)
setsockopt$sock_attach_bpf(r6, 0x1, 0xf, &(0x7f0000000000), 0x4)
sendmsg$inet(r6, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x2c, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x2}, 0x8004, 0xce1, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x1, 0x4}, 0x50)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r7}, &(0x7f0000000280), &(0x7f00000002c0)=r9}, 0x20)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xe, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = socket$kcm(0x10, 0x2, 0x10)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000e6ffffff00"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r12, @ANYBLOB="0000000002000000b70500000800000085000000ab00000095"], 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000071043a000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4108, 0x100c}], 0x1}, 0x2002)
socket$kcm(0x10, 0x2, 0x10)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4)

237.951827ms ago: executing program 3 (id=2223):
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x310c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair(0x1, 0x1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_int(r2, 0x0, 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r3, &(0x7f0000000140), &(0x7f0000000240)=""/154}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x9, 0x0, 0x0, 0xfffffffffff7bbfe, 0x1, 0x3, 0x0, 0x5ff, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000002b80)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@fallback=r4, r4, 0x2f, 0x10, 0xffffffffffffffff, @void, @value=0x0}, 0x20)
mkdir(&(0x7f00000000c0)='./file/file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file/file0/..//file0/file0\x00', 0x0)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f91424fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000100)=0x8000000000000000, 0x12)
ioctl$SIOCSIFHWADDR(r6, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x5c0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x2}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x1, 0x4, 0x100, 0x4, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000008c0), 0x4)

183.58255ms ago: executing program 1 (id=2224):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126121b2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bd9108c0b0b2ea7e556948f0367aff4fbcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6b9db45bad354fc1a3f20407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41fb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090a34aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5dce4d43f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9050000000000000078db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c2060000000000000034b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e0b1d2d62d1e57c9188e4882634476e62ab1b7415a58208eaaf166d14720092f79a6197fe8b4ea7d5485cc6b3630afed8d3403cfa4d7bf48efb371706e0e65901eea3743c98261cbb7a246cf62f99bbc918741d32539ec0754e7d7f08dd45aaf49623342eabf466e54d8da4346e73da54ba2e4b5e2ae2823864d4147b490e55c9509f75c8828500ac32cab11b0262e75fa9e39e3792d01e0b210fdfb686bfffdc677432f6332c1a27502b43997060acdf7784c79fed0325e06f6b64b6434ebf4730509bcf95b9a1d0ba7c469d55351cc1dce6c90f5872e7ad5eed5f850d9d1f928b4e0263b241e8fe03e5e66252c8a3bd320e8deee5b91c653b8f22f58cff36c2ba4d6774f14229939595d2beb998c9312212de00468fc488591aca07ab75fba4a318d3ee4581711927b77a7f14dbcd639892f8cb0000000000000080411736eb1ee86eec338197a56293c9cdb72e84155681553b896d58b62a96852320e74dc4c9b41d6f90d2353dc573a94a092a84209c12da57f8c78e161b0899eb1c8b694d26c5fbf7f65fefacdbf39151f335dddc3b179a13f6de93ffb338e94738c86e35e9fcc654e4d6618dc1201cbd16e1281df911e6c699da16fbbb7a2e5c77966c98d3e7edd58cabfe6bf1bb7f6329084e3e4a2a36da07bbac3ebc00472f55b7966f250109fcce0ad5d4526d20ef74d1a634d724"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r2, 0x20, &(0x7f0000000100)={&(0x7f0000000040)=""/90, 0x5a, 0x0, &(0x7f00000000c0)=""/21, 0x15}}, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0xa, 0x300)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

0s ago: executing program 0 (id=2225):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000b80)=ANY=[], 0xfe33)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x28, &(0x7f0000000dc0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x91, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @generic={0x3, 0xc, 0x0, 0xa, 0xffff}, @ldst={0x3, 0x3, 0x4, 0x0, 0x8, 0x4, 0x4}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x8002}, @tail_call, @cb_func={0x18, 0x1, 0x4, 0x0, 0x3}, @tail_call], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8, 0x4}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0xc2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1600000000000007040000007fffbbddb63d0000ef7127da7e379937f295737e29d863b7748129b13a356e726e2660e3a7fb9b4576d9b96f41bf846aa85738610c72535aca37c29ebb82", @ANYRES32=0x1, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0x4, &(0x7f0000000380)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x39}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
close(r1)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000000000000000000000000105000000100000000000000000000003000000000100000002"], 0x0, 0x53}, 0x28)
r3 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x890b, &(0x7f0000000000))
socket$kcm(0x29, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0xd}, 0x0, 0x80000, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0xb, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
r5 = gettid()
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x10, 0x5, 0x0, 0x72, 0x0, 0x8, 0x4009, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000140), 0xa}, 0x200, 0x0, 0x4, 0x5, 0xfffffffffffffffb, 0x2, 0xfffd, 0x0, 0x7fff, 0x0, 0x6}, r5, 0xa, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001100)={0xffffffffffffffff, 0xe0, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000100), &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x42, &(0x7f0000000200)=[{}, {}, {}, {}], 0x20, 0x0, 0x0, &(0x7f0000000f80), 0x8, 0x12, 0x8, 0x8, &(0x7f0000000fc0)}}, 0x10)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001200)={&(0x7f0000001140)=ANY=[@ANYBLOB="9feb010018000000000000000000000000000800000000000000302e00"], 0x0, 0x1d, 0x0, 0x1, 0x0, 0x10000}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x18, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='GPL\x00', 0x179, 0x0, 0x0, 0x41000, 0x48, '\x00', r6, 0x0, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001280)=[{0x1, 0x2, 0x4000001, 0x9}], 0x10, 0x8}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', r6, r2, 0x4, 0x5}, 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0x8, 0xffffffffffffffff, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="850030000f0000000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)

kernel console output (not intermixed with test programs):

utes in process `syz.0.882'.
[  218.684884][ T8230] bridge0: port 4(veth0_vlan) entered blocking state
[  218.695239][ T8230] bridge0: port 4(veth0_vlan) entered disabled state
[  218.725666][ T8236] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.885'.
[  218.736199][ T8236] openvswitch: netlink: Flow key attribute not present in set flow.
[  218.754108][ T8230] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  219.430586][ T8249] netlink: 'syz.2.890': attribute type 3 has an invalid length.
[  219.451691][ T8249] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.890'.
[  221.803124][ T8259] netlink: 'syz.1.899': attribute type 3 has an invalid length.
[  221.920494][ T8259] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.899'.
[  221.947484][ T1077] wlan1: Trigger new scan to find an IBSS to join
[  222.891954][ T8275] netlink: 'syz.0.892': attribute type 3 has an invalid length.
[  222.900442][ T8275] netlink: 79060 bytes leftover after parsing attributes in process `syz.0.892'.
[  222.910903][ T1077] wlan1: Trigger new scan to find an IBSS to join
[  223.455199][ T8281] netlink: 'syz.2.895': attribute type 39 has an invalid length.
[  223.604801][ T8284] netlink: 830 bytes leftover after parsing attributes in process `syz.1.896'.
[  223.646909][ T8288] netlink: 830 bytes leftover after parsing attributes in process `syz.0.898'.
[  223.688838][ T8286] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.897'.
[  223.713249][ T8286] openvswitch: netlink: Flow key attribute not present in set flow.
[  223.870854][   T12] wlan1: Creating new IBSS network, BSSID f2:17:10:8a:e7:ec
[  225.953962][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  226.957905][   T12] wlan1: Creating new IBSS network, BSSID 86:9e:16:f5:ea:71
[  228.850466][ T8308] netlink: 'syz.2.913': attribute type 10 has an invalid length.
[  228.863524][ T8308] netlink: 40 bytes leftover after parsing attributes in process `syz.2.913'.
[  228.874715][ T8308] bridge0: port 3(veth0_vlan) entered blocking state
[  228.881596][ T8308] bridge0: port 3(veth0_vlan) entered disabled state
[  228.892341][ T8308] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  228.924869][ T8315] netlink: 'syz.1.906': attribute type 10 has an invalid length.
[  228.933205][ T8315] netlink: 40 bytes leftover after parsing attributes in process `syz.1.906'.
[  228.953721][ T8315] veth0_vlan: entered allmulticast mode
[  228.960149][ T8315] bridge0: port 3(veth0_vlan) entered blocking state
[  228.971637][ T8315] bridge0: port 3(veth0_vlan) entered disabled state
[  228.981595][ T8315] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  229.516378][ T3465] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  229.541641][ T8328] netlink: 830 bytes leftover after parsing attributes in process `syz.2.910'.
[  230.040973][ T8335] netlink: 'syz.3.914': attribute type 39 has an invalid length.
[  230.173936][ T8338] netlink: 'syz.2.911': attribute type 10 has an invalid length.
[  230.239345][ T8338] netlink: 40 bytes leftover after parsing attributes in process `syz.2.911'.
[  230.277003][ T8338] bridge0: port 3(veth0_vlan) entered blocking state
[  230.284226][ T8338] bridge0: port 3(veth0_vlan) entered disabled state
[  230.294287][ T8338] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  230.564814][ T8344] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  230.580729][ T8344] netlink: 'syz.0.916': attribute type 3 has an invalid length.
[  230.589220][ T8344] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.916'.
[  231.108471][ T8354] netlink: 'syz.1.919': attribute type 10 has an invalid length.
[  231.148378][ T8354] netlink: 40 bytes leftover after parsing attributes in process `syz.1.919'.
[  231.192750][ T8354] bridge0: port 3(veth0_vlan) entered blocking state
[  231.218045][ T8354] bridge0: port 3(veth0_vlan) entered disabled state
[  231.236340][ T8354] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  231.260787][ T8356] netlink: 830 bytes leftover after parsing attributes in process `syz.2.921'.
[  231.380073][ T8362] netlink: 'syz.3.923': attribute type 10 has an invalid length.
[  231.431844][ T8362] netlink: 40 bytes leftover after parsing attributes in process `syz.3.923'.
[  231.441066][ T8362] bridge0: port 3(veth0_vlan) entered blocking state
[  231.500234][ T8362] bridge0: port 3(veth0_vlan) entered disabled state
[  231.523208][ T8362] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  232.437039][ T8381] netlink: 'syz.2.929': attribute type 39 has an invalid length.
[  232.684412][ T8387] netlink: 'syz.1.931': attribute type 39 has an invalid length.
[  232.755293][ T8390] netlink: 830 bytes leftover after parsing attributes in process `syz.0.932'.
[  232.982517][   T12] wlan1: Trigger new scan to find an IBSS to join
[  233.255339][ T8397] netlink: 'syz.1.936': attribute type 10 has an invalid length.
[  233.312436][ T8397] netlink: 40 bytes leftover after parsing attributes in process `syz.1.936'.
[  233.338968][ T8397] bridge0: port 3(veth0_vlan) entered blocking state
[  233.429996][ T8397] bridge0: port 3(veth0_vlan) entered disabled state
[  233.530706][ T8397] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  233.572713][ T8400] bridge0: port 4(veth0_vlan) entered blocking state
[  233.615591][ T8400] bridge0: port 4(veth0_vlan) entered disabled state
[  233.687631][ T8400] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  233.730182][ T8398] bridge0: port 3(veth0_vlan) entered blocking state
[  233.743807][ T8398] bridge0: port 3(veth0_vlan) entered disabled state
[  233.842067][ T8398] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  234.079303][ T8413] validate_nla: 2 callbacks suppressed
[  234.079317][ T8413] netlink: 'syz.1.939': attribute type 39 has an invalid length.
[  236.077199][ T8438] netlink: 'syz.2.945': attribute type 39 has an invalid length.
[  236.085578][ T8440] __nla_validate_parse: 2 callbacks suppressed
[  236.085595][ T8440] netlink: 830 bytes leftover after parsing attributes in process `syz.1.946'.
[  236.544385][ T8445] netlink: 'syz.2.949': attribute type 10 has an invalid length.
[  236.555615][ T8445] netlink: 40 bytes leftover after parsing attributes in process `syz.2.949'.
[  236.570174][ T8445] bridge0: port 3(veth0_vlan) entered blocking state
[  236.594630][ T8445] bridge0: port 3(veth0_vlan) entered disabled state
[  236.674270][ T8445] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  236.993218][ T8455] netlink: 'syz.0.959': attribute type 39 has an invalid length.
[  237.194130][ T8461] netlink: 'syz.1.953': attribute type 10 has an invalid length.
[  237.225064][ T8461] netlink: 40 bytes leftover after parsing attributes in process `syz.1.953'.
[  237.239640][ T8461] bridge0: port 3(veth0_vlan) entered blocking state
[  237.246824][ T8461] bridge0: port 3(veth0_vlan) entered disabled state
[  237.257548][ T8461] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  237.276689][ T8450] netlink: 'syz.2.951': attribute type 10 has an invalid length.
[  237.286465][ T8450] netlink: 40 bytes leftover after parsing attributes in process `syz.2.951'.
[  237.305026][ T8450] bridge0: port 3(veth0_vlan) entered blocking state
[  237.313934][ T8450] bridge0: port 3(veth0_vlan) entered disabled state
[  237.400257][ T8450] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  237.588857][ T8460] netlink: 'syz.0.954': attribute type 21 has an invalid length.
[  237.964428][ T1077] wlan1: Trigger new scan to find an IBSS to join
[  238.199986][ T8473] netlink: 'syz.0.958': attribute type 10 has an invalid length.
[  238.215141][ T8473] netlink: 40 bytes leftover after parsing attributes in process `syz.0.958'.
[  238.227256][ T8473] bridge0: port 4(veth0_vlan) entered blocking state
[  238.237007][ T8473] bridge0: port 4(veth0_vlan) entered disabled state
[  238.254637][ T8473] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  238.972405][ T1077] wlan1: Creating new IBSS network, BSSID 0e:ef:13:bd:f9:b5
[  239.017020][ T8484] netlink: 'syz.3.961': attribute type 10 has an invalid length.
[  239.047379][ T8484] netlink: 40 bytes leftover after parsing attributes in process `syz.3.961'.
[  239.058014][ T8484] bridge0: port 3(veth0_vlan) entered blocking state
[  239.076927][ T8484] bridge0: port 3(veth0_vlan) entered disabled state
[  239.086797][ T8484] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  239.252851][ T8490] netlink: 'syz.1.963': attribute type 39 has an invalid length.
[  239.944674][ T8504] netlink: 'syz.3.967': attribute type 10 has an invalid length.
[  239.978698][ T8504] netlink: 40 bytes leftover after parsing attributes in process `syz.3.967'.
[  240.000887][ T8504] bridge0: port 3(veth0_vlan) entered blocking state
[  240.032649][ T8504] bridge0: port 3(veth0_vlan) entered disabled state
[  240.044311][ T8504] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  240.069974][ T8511] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  240.198493][ T8511] netlink: 'syz.0.976': attribute type 3 has an invalid length.
[  240.207720][ T8511] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.976'.
[  240.304837][ T8507] netlink: 'syz.1.968': attribute type 21 has an invalid length.
[  242.196204][ T8527] netlink: 'syz.1.974': attribute type 39 has an invalid length.
[  243.002837][ T8546] netlink: 'syz.2.981': attribute type 10 has an invalid length.
[  243.010684][ T8546] netlink: 40 bytes leftover after parsing attributes in process `syz.2.981'.
[  243.143738][ T8546] bridge0: port 3(veth0_vlan) entered blocking state
[  243.160377][ T8546] bridge0: port 3(veth0_vlan) entered disabled state
[  243.190176][ T8546] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  243.257061][ T8544] netlink: 'syz.0.980': attribute type 10 has an invalid length.
[  243.277674][ T8544] netlink: 40 bytes leftover after parsing attributes in process `syz.0.980'.
[  243.288283][ T8544] bridge0: port 4(veth0_vlan) entered blocking state
[  243.298887][ T8544] bridge0: port 4(veth0_vlan) entered disabled state
[  243.326972][ T8544] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  243.380096][ T8550] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  243.428079][ T8550] netlink: 'syz.3.982': attribute type 3 has an invalid length.
[  243.436231][ T8550] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.982'.
[  243.665923][ T8559] netlink: 'syz.0.985': attribute type 39 has an invalid length.
[  243.942125][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  245.961519][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  246.219789][ T8579] syz.1.991 (8579) used greatest stack depth: 19336 bytes left
[  246.382118][ T8591] netlink: 'syz.2.993': attribute type 10 has an invalid length.
[  246.389976][ T8591] netlink: 40 bytes leftover after parsing attributes in process `syz.2.993'.
[  246.454487][ T8591] bridge0: port 3(veth0_vlan) entered blocking state
[  246.466083][ T8591] bridge0: port 3(veth0_vlan) entered disabled state
[  246.478001][ T8591] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  246.657399][ T8600] netlink: 'syz.0.996': attribute type 39 has an invalid length.
[  246.763839][ T8594] netlink: 'syz.3.994': attribute type 10 has an invalid length.
[  246.773792][ T8594] netlink: 40 bytes leftover after parsing attributes in process `syz.3.994'.
[  246.787863][ T8594] bridge0: port 3(veth0_vlan) entered blocking state
[  246.799913][ T8594] bridge0: port 3(veth0_vlan) entered disabled state
[  247.000622][ T8594] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  247.143260][ T8597] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  247.191870][ T8598] netlink: 'syz.1.995': attribute type 3 has an invalid length.
[  247.199684][ T8598] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.995'.
[  247.369106][ T8613] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1000'.
[  248.014367][ T1077] wlan1: Trigger new scan to find an IBSS to join
[  249.942262][ T1077] wlan1: Trigger new scan to find an IBSS to join
[  250.566970][ T3465] wlan1: Creating new IBSS network, BSSID d2:a1:de:0b:ec:07
[  250.661294][ T8624] netlink: 'syz.1.1005': attribute type 39 has an invalid length.
[  250.920221][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  251.085604][ T8636] netlink: 'syz.1.1006': attribute type 10 has an invalid length.
[  251.111914][ T8636] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1006'.
[  251.141984][ T8636] bridge0: port 3(veth0_vlan) entered blocking state
[  251.160393][ T8636] bridge0: port 3(veth0_vlan) entered disabled state
[  251.180816][ T8636] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  252.170614][ T3465] wlan1: Creating new IBSS network, BSSID 02:f0:2d:a0:62:09
[  253.526630][ T8661] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  253.853081][ T8658] netlink: 'syz.2.1010': attribute type 3 has an invalid length.
[  253.932654][ T8658] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1010'.
[  254.444662][ T8670] netlink: 'syz.3.1014': attribute type 39 has an invalid length.
[  254.536441][ T8669] netlink: 'syz.2.1013': attribute type 10 has an invalid length.
[  254.559537][ T8669] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1013'.
[  254.615973][ T8669] bridge0: port 3(veth0_vlan) entered blocking state
[  254.634250][ T8669] bridge0: port 3(veth0_vlan) entered disabled state
[  254.722102][ T8669] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  254.791058][ T8675] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1016'.
[  254.904508][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  255.609448][ T8680] FAULT_INJECTION: forcing a failure.
[  255.609448][ T8680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  255.661896][ T8680] CPU: 0 PID: 8680 Comm: syz.1.1018 Not tainted syzkaller #0
[  255.669450][ T8680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  255.679535][ T8680] Call Trace:
[  255.682847][ T8680]  <TASK>
[  255.685804][ T8680]  dump_stack_lvl+0x18c/0x250
[  255.690529][ T8680]  ? show_regs_print_info+0x20/0x20
[  255.695769][ T8680]  ? load_image+0x420/0x420
[  255.700303][ T8680]  ? __might_fault+0xaa/0x120
[  255.705003][ T8680]  ? __lock_acquire+0x7d40/0x7d40
[  255.710055][ T8680]  should_fail_ex+0x39d/0x4d0
[  255.714772][ T8680]  _copy_from_user+0x2f/0xe0
[  255.719392][ T8680]  __sys_bpf+0x23e/0x890
[  255.723666][ T8680]  ? bpf_link_show_fdinfo+0x390/0x390
[  255.729079][ T8680]  ? lock_chain_count+0x20/0x20
[  255.733987][ T8680]  __x64_sys_bpf+0x7c/0x90
[  255.738430][ T8680]  do_syscall_64+0x55/0xa0
[  255.742865][ T8680]  ? clear_bhb_loop+0x40/0x90
[  255.747577][ T8680]  ? clear_bhb_loop+0x40/0x90
[  255.752274][ T8680]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  255.758211][ T8680] RIP: 0033:0x7f39a7b9cdd9
[  255.762660][ T8680] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  255.782301][ T8680] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  255.790771][ T8680] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  255.798779][ T8680] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  255.806777][ T8680] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  255.814772][ T8680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  255.822953][ T8680] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  255.830985][ T8680]  </TASK>
[  255.857452][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  255.865968][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  255.921230][ T8682] netlink: 'syz.0.1017': attribute type 10 has an invalid length.
[  255.943348][   T12] wlan1: Trigger new scan to find an IBSS to join
[  255.962149][ T8682] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1017'.
[  255.971445][ T8682] bridge0: port 4(veth0_vlan) entered blocking state
[  255.978588][ T8682] bridge0: port 4(veth0_vlan) entered disabled state
[  255.991125][ T8682] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  256.033206][   T59] wlan1: Creating new IBSS network, BSSID fe:ce:9c:c9:d5:16
[  257.389866][ T8699] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  257.428670][ T8701] netlink: 'syz.0.1025': attribute type 39 has an invalid length.
[  257.955297][ T8712] netlink: 'syz.1.1027': attribute type 10 has an invalid length.
[  257.964068][ T8712] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1027'.
[  257.976478][ T8712] bridge0: port 3(veth0_vlan) entered blocking state
[  257.986254][ T8712] bridge0: port 3(veth0_vlan) entered disabled state
[  258.003754][ T8712] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  258.298146][ T8718] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1031'.
[  258.630459][ T8728] netlink: 'syz.3.1034': attribute type 39 has an invalid length.
[  258.684061][ T8722] netlink: 'syz.1.1032': attribute type 10 has an invalid length.
[  258.722036][ T8722] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1032'.
[  258.774995][ T8722] bridge0: port 3(veth0_vlan) entered blocking state
[  258.805002][ T8722] bridge0: port 3(veth0_vlan) entered disabled state
[  258.880905][ T8722] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  259.366408][ T8739] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  259.411878][ T8740] netlink: 'syz.3.1037': attribute type 3 has an invalid length.
[  259.432397][ T8740] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1037'.
[  259.865595][ T8748] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  259.899094][ T8751] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1040'.
[  259.933579][ T8748] netlink: 'syz.3.1039': attribute type 3 has an invalid length.
[  259.958428][ T8748] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1039'.
[  260.057402][ T8751] FAULT_INJECTION: forcing a failure.
[  260.057402][ T8751] name failslab, interval 1, probability 0, space 0, times 0
[  260.071332][ T8751] CPU: 1 PID: 8751 Comm: syz.0.1040 Not tainted syzkaller #0
[  260.078764][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  260.088890][ T8751] Call Trace:
[  260.092203][ T8751]  <TASK>
[  260.095177][ T8751]  dump_stack_lvl+0x18c/0x250
[  260.099924][ T8751]  ? show_regs_print_info+0x20/0x20
[  260.105179][ T8751]  ? load_image+0x420/0x420
[  260.109740][ T8751]  ? __might_sleep+0xe0/0xe0
[  260.114397][ T8751]  ? __lock_acquire+0x7d40/0x7d40
[  260.119483][ T8751]  should_fail_ex+0x39d/0x4d0
[  260.124221][ T8751]  should_failslab+0x9/0x20
[  260.128810][ T8751]  slab_pre_alloc_hook+0x59/0x310
[  260.133900][ T8751]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  260.139671][ T8751]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  260.145434][ T8751]  __kmem_cache_alloc_node+0x53/0x250
[  260.150914][ T8751]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  260.156668][ T8751]  __kmalloc+0xa4/0x230
[  260.160857][ T8751]  tomoyo_realpath_from_path+0xe3/0x5d0
[  260.166443][ T8751]  tomoyo_path_number_perm+0x248/0x620
[  260.171957][ T8751]  ? tomoyo_path_number_perm+0x217/0x620
[  260.177632][ T8751]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  260.183123][ T8751]  ? trace_call_bpf+0xc3/0x6c0
[  260.187922][ T8751]  ? trace_call_bpf+0x5e9/0x6c0
[  260.192840][ T8751]  ? __fget_files+0x28/0x4b0
[  260.197463][ T8751]  ? __fget_files+0x28/0x4b0
[  260.202097][ T8751]  security_file_ioctl+0x70/0xa0
[  260.207080][ T8751]  __se_sys_ioctl+0x48/0x170
[  260.211709][ T8751]  do_syscall_64+0x55/0xa0
[  260.216157][ T8751]  ? clear_bhb_loop+0x40/0x90
[  260.220861][ T8751]  ? clear_bhb_loop+0x40/0x90
[  260.225576][ T8751]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  260.231503][ T8751] RIP: 0033:0x7f307639cdd9
[  260.235965][ T8751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  260.255598][ T8751] RSP: 002b:00007f30772b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.264043][ T8751] RAX: ffffffffffffffda RBX: 00007f3076615fa0 RCX: 00007f307639cdd9
[  260.272045][ T8751] RDX: 0000200000000000 RSI: 0000000000008b19 RDI: 000000000000000e
[  260.280036][ T8751] RBP: 00007f30772b5090 R08: 0000000000000000 R09: 0000000000000000
[  260.288049][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.296043][ T8751] R13: 00007f3076616038 R14: 00007f3076615fa0 R15: 00007fffdaf0c108
[  260.304056][ T8751]  </TASK>
[  260.598152][ T8751] ERROR: Out of memory at tomoyo_realpath_from_path.
[  260.906545][  T145] wlan1: Trigger new scan to find an IBSS to join
[  261.004287][ T8760] netlink: 'syz.2.1041': attribute type 10 has an invalid length.
[  261.013533][ T8760] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1041'.
[  261.023370][ T8760] bridge0: port 3(veth0_vlan) entered blocking state
[  261.030308][ T8760] bridge0: port 3(veth0_vlan) entered disabled state
[  261.041397][ T8760] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  261.058558][ T8755] netlink: 'syz.0.1040': attribute type 10 has an invalid length.
[  261.096090][ T8755] team0: Port device geneve1 added
[  261.209328][ T8773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1044'.
[  261.237270][ T8773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1044'.
[  261.250898][ T8773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1044'.
[  261.301921][ T8777] netlink: 'syz.1.1045': attribute type 39 has an invalid length.
[  261.475276][ T8783] bˆ¡cÊRݘOC‰ÿæ: renamed from lo (while UP)
[  261.813929][ T8792] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  261.842361][ T8792] netlink: 'syz.1.1051': attribute type 3 has an invalid length.
[  261.908247][   T59] wlan1: Creating new IBSS network, BSSID 16:86:76:71:03:65
[  261.948112][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  262.216898][ T8797] netlink: 'syz.1.1052': attribute type 10 has an invalid length.
[  262.365225][ T8797] team0: Port device geneve1 added
[  262.504659][ T8797] syz.1.1052 (8797) used greatest stack depth: 18728 bytes left
[  262.647857][ T8806] FAULT_INJECTION: forcing a failure.
[  262.647857][ T8806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.671581][ T8806] CPU: 0 PID: 8806 Comm: syz.1.1055 Not tainted syzkaller #0
[  262.679058][ T8806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  262.689165][ T8806] Call Trace:
[  262.692488][ T8806]  <TASK>
[  262.695462][ T8806]  dump_stack_lvl+0x18c/0x250
[  262.700200][ T8806]  ? show_regs_print_info+0x20/0x20
[  262.705451][ T8806]  ? load_image+0x420/0x420
[  262.710012][ T8806]  ? __might_fault+0xaa/0x120
[  262.714740][ T8806]  ? __lock_acquire+0x7d40/0x7d40
[  262.719819][ T8806]  should_fail_ex+0x39d/0x4d0
[  262.724567][ T8806]  _copy_from_user+0x2f/0xe0
[  262.729215][ T8806]  ___sys_sendmsg+0x1c7/0x360
[  262.733962][ T8806]  ? __sys_sendmsg+0x2a0/0x2a0
[  262.738817][ T8806]  ? trace_call_bpf+0xc3/0x6c0
[  262.743663][ T8806]  __se_sys_sendmsg+0x1c2/0x2b0
[  262.748569][ T8806]  ? __x64_sys_sendmsg+0x80/0x80
[  262.753569][ T8806]  ? lockdep_hardirqs_on+0x98/0x150
[  262.758832][ T8806]  do_syscall_64+0x55/0xa0
[  262.763278][ T8806]  ? clear_bhb_loop+0x40/0x90
[  262.768007][ T8806]  ? clear_bhb_loop+0x40/0x90
[  262.772840][ T8806]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  262.778786][ T8806] RIP: 0033:0x7f39a7b9cdd9
[  262.783246][ T8806] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  262.802913][ T8806] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.811393][ T8806] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  262.819413][ T8806] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  262.827432][ T8806] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  262.835457][ T8806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.843469][ T8806] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  262.851505][ T8806]  </TASK>
[  263.953739][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  264.375071][ T8834] __nla_validate_parse: 2 callbacks suppressed
[  264.375089][ T8834] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1065'.
[  264.407685][ T8834] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1065'.
[  264.579380][ T8834] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1065'.
[  264.648029][ T8829] netlink: 'syz.2.1063': attribute type 10 has an invalid length.
[  264.667817][ T8829] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1063'.
[  265.213395][ T8829] bridge0: port 3(veth0_vlan) entered blocking state
[  265.244151][ T8829] bridge0: port 3(veth0_vlan) entered disabled state
[  265.261129][ T8840] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1067'.
[  265.300064][ T8829] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  265.351796][ T8840] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1067'.
[  265.379386][ T8843] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1067'.
[  265.633220][ T8850] netlink: 'syz.3.1070': attribute type 39 has an invalid length.
[  265.955780][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  268.342593][   T48] wlan1: Creating new IBSS network, BSSID 6a:3a:20:75:cd:3e
[  268.980160][ T8878] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1080'.
[  268.989586][   T36] wlan1: Trigger new scan to find an IBSS to join
[  268.996992][ T8878] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1080'.
[  269.016323][ T8878] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1080'.
[  269.247546][ T8876] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  269.301858][ T8879] netlink: 'syz.0.1088': attribute type 3 has an invalid length.
[  269.471371][ T8885] netlink: 'syz.1.1083': attribute type 39 has an invalid length.
[  269.658703][ T8890] __nla_validate_parse: 1 callbacks suppressed
[  269.658744][ T8890] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1086'.
[  269.937360][ T1082] wlan1: Creating new IBSS network, BSSID 3a:2d:35:62:f1:f0
[  271.821443][ T8918] netlink: 'syz.3.1096': attribute type 39 has an invalid length.
[  271.943958][   T12] wlan1: Trigger new scan to find an IBSS to join
[  273.453220][ T8950] netlink: 'syz.2.1106': attribute type 39 has an invalid length.
[  273.496544][ T8955] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1108'.
[  274.165620][ T8971] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1116'.
[  274.748200][ T8979] netlink: 'syz.1.1118': attribute type 28 has an invalid length.
[  274.982550][   T59] wlan1: Trigger new scan to find an IBSS to join
[  276.624935][   T59] wlan1: Creating new IBSS network, BSSID 46:a7:5a:5d:3f:32
[  276.857667][ T8983] netlink: 'syz.1.1119': attribute type 39 has an invalid length.
[  276.963529][ T8988] netlink: zone id is out of range
[  276.968757][ T8988] netlink: set zone limit has 8 unknown bytes
[  277.347519][ T8996] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  277.456585][ T8996] netlink: 'syz.3.1125': attribute type 3 has an invalid length.
[  277.477490][ T8996] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1125'.
[  277.572252][ T9003] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1128'.
[  278.245842][ T9018] netlink: 'syz.2.1132': attribute type 39 has an invalid length.
[  278.310236][ T9022] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1133'.
[  279.918225][ T9045] netlink: 'syz.0.1142': attribute type 39 has an invalid length.
[  279.943125][   T36] wlan1: Trigger new scan to find an IBSS to join
[  282.789901][ T9074] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1151'.
[  282.823626][ T9073] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1150'.
[  283.290605][ T9086] netlink: zone id is out of range
[  283.295997][ T9086] netlink: set zone limit has 8 unknown bytes
[  283.306472][ T9086] FAULT_INJECTION: forcing a failure.
[  283.306472][ T9086] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.326220][ T9086] CPU: 1 PID: 9086 Comm: syz.0.1156 Not tainted syzkaller #0
[  283.333704][ T9086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  283.343851][ T9086] Call Trace:
[  283.347192][ T9086]  <TASK>
[  283.350173][ T9086]  dump_stack_lvl+0x18c/0x250
[  283.354932][ T9086]  ? show_regs_print_info+0x20/0x20
[  283.360202][ T9086]  ? load_image+0x420/0x420
[  283.364777][ T9086]  ? __lock_acquire+0x7d40/0x7d40
[  283.369898][ T9086]  ? snprintf+0xe9/0x140
[  283.374214][ T9086]  should_fail_ex+0x39d/0x4d0
[  283.378967][ T9086]  _copy_to_user+0x2f/0xa0
[  283.383454][ T9086]  simple_read_from_buffer+0xe7/0x150
[  283.388910][ T9086]  proc_fail_nth_read+0x1e8/0x260
[  283.394039][ T9086]  ? proc_fault_inject_write+0x360/0x360
[  283.399749][ T9086]  ? fsnotify_perm+0x271/0x5e0
[  283.404592][ T9086]  ? proc_fault_inject_write+0x360/0x360
[  283.410293][ T9086]  vfs_read+0x28b/0x970
[  283.414524][ T9086]  ? kernel_read+0x1e0/0x1e0
[  283.419183][ T9086]  ? __fget_files+0x28/0x4b0
[  283.423843][ T9086]  ? __fget_files+0x28/0x4b0
[  283.428494][ T9086]  ? __fget_files+0x43d/0x4b0
[  283.433249][ T9086]  ? __fdget_pos+0x2a3/0x330
[  283.437904][ T9086]  ? ksys_read+0x75/0x260
[  283.442304][ T9086]  ksys_read+0x150/0x260
[  283.446623][ T9086]  ? vfs_write+0x990/0x990
[  283.451121][ T9086]  ? lockdep_hardirqs_on+0x98/0x150
[  283.456397][ T9086]  do_syscall_64+0x55/0xa0
[  283.460881][ T9086]  ? clear_bhb_loop+0x40/0x90
[  283.465620][ T9086]  ? clear_bhb_loop+0x40/0x90
[  283.470362][ T9086]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  283.476323][ T9086] RIP: 0033:0x7f307635d60e
[  283.480828][ T9086] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  283.500489][ T9086] RSP: 002b:00007f30772b4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  283.508966][ T9086] RAX: ffffffffffffffda RBX: 00007f30772b56c0 RCX: 00007f307635d60e
[  283.516996][ T9086] RDX: 000000000000000f RSI: 00007f30772b50a0 RDI: 0000000000000005
[  283.525125][ T9086] RBP: 00007f30772b5090 R08: 0000000000000000 R09: 0000000000000000
[  283.533170][ T9086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  283.541202][ T9086] R13: 00007f3076616038 R14: 00007f3076615fa0 R15: 00007fffdaf0c108
[  283.549283][ T9086]  </TASK>
[  284.906125][   T48] wlan1: Trigger new scan to find an IBSS to join
[  285.514885][ T9116] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1168'.
[  285.535309][ T9116] openvswitch: netlink: Flow key attribute not present in set flow.
[  285.717228][ T9121] netlink: zone id is out of range
[  285.727493][ T9121] netlink: set zone limit has 8 unknown bytes
[  285.948345][   T12] wlan1: Creating new IBSS network, BSSID c6:c5:af:94:03:f4
[  286.636245][ T9146] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1179'.
[  286.667422][ T9146] openvswitch: netlink: Flow key attribute not present in set flow.
[  290.271109][ T9172] FAULT_INJECTION: forcing a failure.
[  290.271109][ T9172] name failslab, interval 1, probability 0, space 0, times 0
[  290.301895][ T9172] CPU: 1 PID: 9172 Comm: syz.0.1189 Not tainted syzkaller #0
[  290.309449][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  290.319561][ T9172] Call Trace:
[  290.322889][ T9172]  <TASK>
[  290.325860][ T9172]  dump_stack_lvl+0x18c/0x250
[  290.330606][ T9172]  ? show_regs_print_info+0x20/0x20
[  290.335870][ T9172]  ? load_image+0x420/0x420
[  290.340451][ T9172]  should_fail_ex+0x39d/0x4d0
[  290.345192][ T9172]  should_failslab+0x9/0x20
[  290.349770][ T9172]  slab_pre_alloc_hook+0x59/0x310
[  290.354865][ T9172]  kmem_cache_alloc+0x5a/0x2d0
[  290.359692][ T9172]  ? skb_clone+0x1eb/0x370
[  290.364165][ T9172]  skb_clone+0x1eb/0x370
[  290.368462][ T9172]  __netlink_deliver_tap+0x41c/0x830
[  290.373824][ T9172]  ? netlink_deliver_tap+0x2e/0x1b0
[  290.379085][ T9172]  netlink_deliver_tap+0x19c/0x1b0
[  290.384280][ T9172]  netlink_dump+0x94b/0xe50
[  290.388861][ T9172]  ? netlink_lookup+0x200/0x200
[  290.393791][ T9172]  ? netlink_autobind+0x300/0x300
[  290.398881][ T9172]  ? netlink_lookup+0x30/0x200
[  290.403700][ T9172]  ? netlink_lookup+0x30/0x200
[  290.408533][ T9172]  __netlink_dump_start+0x5f1/0x810
[  290.413806][ T9172]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  290.418975][ T9172]  rtnetlink_rcv_msg+0xe1d/0xfa0
[  290.423971][ T9172]  ? rtnl_stats_get+0x660/0x660
[  290.428891][ T9172]  ? rtnetlink_bind+0x80/0x80
[  290.433647][ T9172]  ? perf_trace_preemptirq_template+0xac/0x330
[  290.439864][ T9172]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  290.445907][ T9172]  ? lock_chain_count+0x20/0x20
[  290.450818][ T9172]  ? __local_bh_enable_ip+0x13a/0x1c0
[  290.456237][ T9172]  ? lockdep_hardirqs_on+0x98/0x150
[  290.461505][ T9172]  ? __local_bh_enable_ip+0x13a/0x1c0
[  290.466931][ T9172]  ? _local_bh_enable+0xa0/0xa0
[  290.471835][ T9172]  ? __dev_queue_xmit+0x265/0x3660
[  290.477000][ T9172]  ? __dev_queue_xmit+0x265/0x3660
[  290.482174][ T9172]  ? __dev_queue_xmit+0x1b2c/0x3660
[  290.487437][ T9172]  ? __dev_queue_xmit+0x265/0x3660
[  290.492611][ T9172]  ? rtnl_stats_get+0x660/0x660
[  290.497520][ T9172]  ? ref_tracker_free+0x690/0x840
[  290.502611][ T9172]  netlink_rcv_skb+0x241/0x4d0
[  290.507442][ T9172]  ? rtnetlink_bind+0x80/0x80
[  290.512171][ T9172]  ? netlink_ack+0x1180/0x1180
[  290.517010][ T9172]  ? __lock_acquire+0x7d40/0x7d40
[  290.522096][ T9172]  ? netlink_deliver_tap+0x2e/0x1b0
[  290.527361][ T9172]  netlink_unicast+0x751/0x8d0
[  290.532209][ T9172]  netlink_sendmsg+0x8d0/0xbf0
[  290.537046][ T9172]  ? netlink_getsockopt+0x590/0x590
[  290.542306][ T9172]  ? aa_sock_msg_perm+0x94/0x150
[  290.547304][ T9172]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  290.552655][ T9172]  ? security_socket_sendmsg+0x80/0xa0
[  290.558164][ T9172]  ? netlink_getsockopt+0x590/0x590
[  290.563429][ T9172]  ____sys_sendmsg+0x5ba/0x960
[  290.568350][ T9172]  ? __asan_memset+0x22/0x40
[  290.572998][ T9172]  ? __sys_sendmsg_sock+0x30/0x30
[  290.578069][ T9172]  ? __import_iovec+0x5f2/0x850
[  290.582984][ T9172]  ? import_iovec+0x73/0xa0
[  290.587553][ T9172]  ___sys_sendmsg+0x2a6/0x360
[  290.592282][ T9172]  ? get_pid_task+0x20/0x1e0
[  290.596935][ T9172]  ? __sys_sendmsg+0x2a0/0x2a0
[  290.601775][ T9172]  ? __lock_acquire+0x7d40/0x7d40
[  290.606865][ T9172]  __se_sys_sendmsg+0x1c2/0x2b0
[  290.611758][ T9172]  ? __x64_sys_sendmsg+0x80/0x80
[  290.616852][ T9172]  ? lockdep_hardirqs_on+0x98/0x150
[  290.622100][ T9172]  do_syscall_64+0x55/0xa0
[  290.626540][ T9172]  ? clear_bhb_loop+0x40/0x90
[  290.631248][ T9172]  ? clear_bhb_loop+0x40/0x90
[  290.635974][ T9172]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  290.641910][ T9172] RIP: 0033:0x7f307639cdd9
[  290.646361][ T9172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  290.666014][ T9172] RSP: 002b:00007f30772b5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  290.674462][ T9172] RAX: ffffffffffffffda RBX: 00007f3076615fa0 RCX: 00007f307639cdd9
[  290.682485][ T9172] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  290.690491][ T9172] RBP: 00007f30772b5090 R08: 0000000000000000 R09: 0000000000000000
[  290.698503][ T9172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.706504][ T9172] R13: 00007f3076616038 R14: 00007f3076615fa0 R15: 00007fffdaf0c108
[  290.714580][ T9172]  </TASK>
[  291.154787][ T9188] netlink: 'syz.0.1195': attribute type 39 has an invalid length.
[  291.600918][ T9194] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1197'.
[  291.613200][ T9194] openvswitch: netlink: Flow key attribute not present in set flow.
[  291.869328][ T9201] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  291.917379][ T9201] netlink: 'syz.1.1200': attribute type 3 has an invalid length.
[  291.963220][ T9201] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1200'.
[  291.990609][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  292.056442][ T9205] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  292.121219][ T9205] netlink: 'syz.0.1202': attribute type 3 has an invalid length.
[  292.169528][ T9205] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1202'.
[  292.407055][ T9217] netlink: 'syz.3.1206': attribute type 39 has an invalid length.
[  292.607391][ T9222] FAULT_INJECTION: forcing a failure.
[  292.607391][ T9222] name failslab, interval 1, probability 0, space 0, times 0
[  292.628333][ T9222] CPU: 0 PID: 9222 Comm: syz.0.1208 Not tainted syzkaller #0
[  292.635799][ T9222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  292.645919][ T9222] Call Trace:
[  292.649251][ T9222]  <TASK>
[  292.652243][ T9222]  dump_stack_lvl+0x18c/0x250
[  292.656997][ T9222]  ? show_regs_print_info+0x20/0x20
[  292.662270][ T9222]  ? load_image+0x420/0x420
[  292.666847][ T9222]  ? __rwlock_init+0x150/0x150
[  292.671723][ T9222]  should_fail_ex+0x39d/0x4d0
[  292.676479][ T9222]  should_failslab+0x9/0x20
[  292.681079][ T9222]  slab_pre_alloc_hook+0x59/0x310
[  292.686208][ T9222]  kmem_cache_alloc_node+0x60/0x320
[  292.691483][ T9222]  ? __alloc_skb+0x103/0x2c0
[  292.696147][ T9222]  __alloc_skb+0x103/0x2c0
[  292.700626][ T9222]  __ipv6_ifa_notify+0x1fc/0xb40
[  292.705637][ T9222]  ? snmp6_fill_stats+0x960/0x960
[  292.710710][ T9222]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  292.716772][ T9222]  ? lock_chain_count+0x20/0x20
[  292.721694][ T9222]  ? __cancel_work+0x1fd/0x2e0
[  292.726537][ T9222]  ? lockdep_hardirqs_on+0x98/0x150
[  292.731815][ T9222]  ? __cancel_work+0x27f/0x2e0
[  292.736654][ T9222]  ? cancel_work+0x20/0x20
[  292.741167][ T9222]  ipv6_del_addr+0x6b2/0x8e0
[  292.745873][ T9222]  inet6_addr_del+0x4d3/0x690
[  292.750697][ T9222]  addrconf_del_ifaddr+0x122/0x180
[  292.755891][ T9222]  ? inet6_addr_add+0xb60/0xb60
[  292.760835][ T9222]  ? __lock_acquire+0x7d40/0x7d40
[  292.765916][ T9222]  ? slab_free_freelist_hook+0x130/0x1a0
[  292.771626][ T9222]  inet6_ioctl+0x11d/0x2d0
[  292.776104][ T9222]  ? inet6_getname+0x650/0x650
[  292.780932][ T9222]  ? tomoyo_path_number_perm+0x5b4/0x620
[  292.786639][ T9222]  ? tomoyo_path_number_perm+0x217/0x620
[  292.792348][ T9222]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  292.797915][ T9222]  sock_do_ioctl+0xfc/0x310
[  292.802523][ T9222]  ? sock_show_fdinfo+0xb0/0xb0
[  292.807486][ T9222]  sock_ioctl+0x5ba/0x7e0
[  292.811943][ T9222]  ? sock_poll+0x3e0/0x3e0
[  292.816444][ T9222]  ? bpf_lsm_file_ioctl+0x9/0x10
[  292.821482][ T9222]  ? security_file_ioctl+0x80/0xa0
[  292.826672][ T9222]  ? sock_poll+0x3e0/0x3e0
[  292.831205][ T9222]  __se_sys_ioctl+0xfd/0x170
[  292.835918][ T9222]  do_syscall_64+0x55/0xa0
[  292.840388][ T9222]  ? clear_bhb_loop+0x40/0x90
[  292.845123][ T9222]  ? clear_bhb_loop+0x40/0x90
[  292.849867][ T9222]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  292.855829][ T9222] RIP: 0033:0x7f307639cdd9
[  292.860304][ T9222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  292.879988][ T9222] RSP: 002b:00007f30772b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  292.888482][ T9222] RAX: ffffffffffffffda RBX: 00007f3076615fa0 RCX: 00007f307639cdd9
[  292.896514][ T9222] RDX: 0000200000000000 RSI: 0000000000008936 RDI: 0000000000000003
[  292.904556][ T9222] RBP: 00007f30772b5090 R08: 0000000000000000 R09: 0000000000000000
[  292.912582][ T9222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  292.920617][ T9222] R13: 00007f3076616038 R14: 00007f3076615fa0 R15: 00007fffdaf0c108
[  292.928702][ T9222]  </TASK>
[  293.290219][ T9233] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.1212'.
[  293.302530][ T9233] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1212'.
[  293.416068][ T9229] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1210'.
[  293.426431][ T9229] openvswitch: netlink: Flow key attribute not present in set flow.
[  293.582911][ T9236] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  293.652340][ T9236] netlink: 'syz.2.1213': attribute type 3 has an invalid length.
[  293.660626][ T9236] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1213'.
[  293.953254][   T59] wlan1: Trigger new scan to find an IBSS to join
[  294.719576][ T9246] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  294.743555][ T9253] netlink: 'syz.1.1217': attribute type 3 has an invalid length.
[  294.761646][ T9253] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1217'.
[  295.094877][ T9273] netlink: 'syz.1.1225': attribute type 39 has an invalid length.
[  295.325449][ T9279] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  295.367117][ T9279] netlink: 'syz.3.1227': attribute type 3 has an invalid length.
[  295.375967][ T9279] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1227'.
[  295.717962][ T9287] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  295.740293][ T9288] netlink: 'syz.3.1230': attribute type 1 has an invalid length.
[  295.753068][ T9287] netlink: 'syz.1.1238': attribute type 3 has an invalid length.
[  295.761429][ T9287] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1238'.
[  295.943035][  T145] wlan1: Trigger new scan to find an IBSS to join
[  295.949670][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  296.057086][ T9292] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  297.365292][ T9315] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  297.401999][ T9324] validate_nla: 13 callbacks suppressed
[  297.402016][ T9324] netlink: 'syz.1.1243': attribute type 3 has an invalid length.
[  297.422567][ T9324] __nla_validate_parse: 2 callbacks suppressed
[  297.422585][ T9324] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1243'.
[  297.444888][ T9327] netlink: 'syz.2.1247': attribute type 39 has an invalid length.
[  297.747190][ T9337] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1248'.
[  298.451501][ T9355] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  298.488255][ T9355] netlink: 'syz.0.1258': attribute type 3 has an invalid length.
[  298.511190][ T9355] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1258'.
[  299.945993][   T36] wlan1: Trigger new scan to find an IBSS to join
[  299.947497][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  300.114170][ T9383] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  300.129409][ T9388] netlink: 'syz.2.1270': attribute type 3 has an invalid length.
[  300.149058][ T9388] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1270'.
[  300.835557][ T9401] FAULT_INJECTION: forcing a failure.
[  300.835557][ T9401] name failslab, interval 1, probability 0, space 0, times 0
[  300.870609][ T9401] CPU: 1 PID: 9401 Comm: syz.1.1277 Not tainted syzkaller #0
[  300.878087][ T9401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  300.888194][ T9401] Call Trace:
[  300.891521][ T9401]  <TASK>
[  300.894498][ T9401]  dump_stack_lvl+0x18c/0x250
[  300.899341][ T9401]  ? show_regs_print_info+0x20/0x20
[  300.904698][ T9401]  ? load_image+0x420/0x420
[  300.909262][ T9401]  ? __might_sleep+0xe0/0xe0
[  300.913913][ T9401]  ? __lock_acquire+0x7d40/0x7d40
[  300.918998][ T9401]  should_fail_ex+0x39d/0x4d0
[  300.923758][ T9401]  should_failslab+0x9/0x20
[  300.928331][ T9401]  slab_pre_alloc_hook+0x59/0x310
[  300.933436][ T9401]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  300.939215][ T9401]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  300.944985][ T9401]  __kmem_cache_alloc_node+0x53/0x250
[  300.950417][ T9401]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  300.956181][ T9401]  __kmalloc+0xa4/0x230
[  300.960410][ T9401]  tomoyo_realpath_from_path+0xe3/0x5d0
[  300.966042][ T9401]  tomoyo_path_number_perm+0x248/0x620
[  300.971578][ T9401]  ? tomoyo_path_number_perm+0x217/0x620
[  300.977284][ T9401]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  300.982814][ T9401]  ? ktime_get+0x7f/0x280
[  300.987229][ T9401]  ? __fget_files+0x28/0x4b0
[  300.991900][ T9401]  ? __fget_files+0x28/0x4b0
[  300.996558][ T9401]  security_file_ioctl+0x70/0xa0
[  301.001558][ T9401]  __se_sys_ioctl+0x48/0x170
[  301.006219][ T9401]  do_syscall_64+0x55/0xa0
[  301.010685][ T9401]  ? clear_bhb_loop+0x40/0x90
[  301.015516][ T9401]  ? clear_bhb_loop+0x40/0x90
[  301.020251][ T9401]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  301.026202][ T9401] RIP: 0033:0x7f39a7b9cdd9
[  301.030678][ T9401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  301.050429][ T9401] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  301.058904][ T9401] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  301.066926][ T9401] RDX: 00002000000013c0 RSI: 000000000000541b RDI: 0000000000000006
[  301.074950][ T9401] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  301.082961][ T9401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.090987][ T9401] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  301.099030][ T9401]  </TASK>
[  301.117067][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  301.172001][ T9401] ERROR: Out of memory at tomoyo_realpath_from_path.
[  301.296806][ T9411] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1281'.
[  301.429046][ T9414] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1283'.
[  302.982331][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  303.810152][ T9430] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  303.877277][ T9430] netlink: 'syz.0.1286': attribute type 3 has an invalid length.
[  303.903895][ T9430] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1286'.
[  303.946778][   T36] wlan1: Trigger new scan to find an IBSS to join
[  303.966010][ T3465] wlan1: Creating new IBSS network, BSSID c2:df:47:72:51:87
[  304.151938][ T9439] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1293'.
[  304.912180][   T12] wlan1: Trigger new scan to find an IBSS to join
[  305.625586][ T9466] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  305.669957][ T9468] netlink: 'syz.1.1302': attribute type 3 has an invalid length.
[  305.718956][ T9468] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1302'.
[  305.769285][ T9473] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1304'.
[  305.944917][   T36] wlan1: Trigger new scan to find an IBSS to join
[  306.554854][ T9495] netlink: 'syz.3.1313': attribute type 39 has an invalid length.
[  306.802927][ T9503] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1316'.
[  307.942114][   T12] wlan1: Trigger new scan to find an IBSS to join
[  308.088001][ T9523] netlink: 'syz.0.1324': attribute type 39 has an invalid length.
[  308.450734][ T5777] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  308.540091][ T9537] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1329'.
[  308.575248][ T9539] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1330'.
[  308.813582][ T9544] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1332'.
[  308.824823][ T9544] openvswitch: netlink: Flow key attribute not present in set flow.
[  308.943391][   T36] wlan1: Trigger new scan to find an IBSS to join
[  308.997326][   T36] wlan1: Creating new IBSS network, BSSID 32:88:26:75:26:16
[  309.043725][ T9551] netlink: 'syz.1.1335': attribute type 39 has an invalid length.
[  309.646008][ T9571] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1343'.
[  309.760027][ T9579] netlink: 'syz.3.1345': attribute type 39 has an invalid length.
[  309.943866][  T145] wlan1: Trigger new scan to find an IBSS to join
[  310.508347][ T5783] Bluetooth: hci1: command 0x0406 tx timeout
[  311.195411][ T9609] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1355'.
[  311.646799][   T59] wlan1: Creating new IBSS network, BSSID 76:fc:6d:0a:fa:aa
[  311.836599][ T9613] netlink: 'syz.3.1357': attribute type 33 has an invalid length.
[  311.865521][ T9613] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1357'.
[  311.877102][ T9615] netlink: 'syz.1.1358': attribute type 39 has an invalid length.
[  311.954531][   T36] wlan1: Trigger new scan to find an IBSS to join
[  312.225874][ T9628] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  312.256080][ T9628] netlink: 'syz.0.1362': attribute type 3 has an invalid length.
[  312.264688][ T9628] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1362'.
[  312.453727][ T9638] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1368'.
[  312.516960][ T9634] FAULT_INJECTION: forcing a failure.
[  312.516960][ T9634] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  312.530526][ T9634] CPU: 1 PID: 9634 Comm: syz.1.1366 Not tainted syzkaller #0
[  312.538007][ T9634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  312.548120][ T9634] Call Trace:
[  312.551455][ T9634]  <TASK>
[  312.554445][ T9634]  dump_stack_lvl+0x18c/0x250
[  312.559201][ T9634]  ? show_regs_print_info+0x20/0x20
[  312.564468][ T9634]  ? load_image+0x420/0x420
[  312.569046][ T9634]  ? __might_fault+0xaa/0x120
[  312.573769][ T9634]  ? __lock_acquire+0x7d40/0x7d40
[  312.578844][ T9634]  should_fail_ex+0x39d/0x4d0
[  312.583590][ T9634]  _copy_to_iter+0x1ce/0x1120
[  312.588420][ T9634]  ? mark_lock+0x94/0x320
[  312.592814][ T9634]  ? iov_iter_init+0x1e0/0x1e0
[  312.597636][ T9634]  ? __virt_addr_valid+0x18c/0x540
[  312.602817][ T9634]  ? __virt_addr_valid+0x469/0x540
[  312.607992][ T9634]  ? __phys_addr_symbol+0x2f/0x70
[  312.613120][ T9634]  ? __check_object_size+0x506/0xa20
[  312.618465][ T9634]  __skb_datagram_iter+0xdb/0x780
[  312.623553][ T9634]  ? tsk_importance+0x150/0x150
[  312.628468][ T9634]  ? skb_copy_datagram_iter+0x200/0x200
[  312.634084][ T9634]  skb_copy_datagram_iter+0xb1/0x200
[  312.639472][ T9634]  tipc_recvstream+0x72b/0xe70
[  312.644313][ T9634]  ? tipc_sendstream+0x70/0x70
[  312.649143][ T9634]  ____sys_recvmsg+0x2ce/0x5e0
[  312.653953][ T9634]  ? __sys_recvmsg_sock+0x50/0x50
[  312.659038][ T9634]  ? import_iovec+0x73/0xa0
[  312.663579][ T9634]  ___sys_recvmsg+0x216/0x590
[  312.668294][ T9634]  ? __sys_recvmsg+0x2a0/0x2a0
[  312.673099][ T9634]  ? ksys_write+0x1c4/0x260
[  312.677643][ T9634]  ? __fget_files+0x43d/0x4b0
[  312.682375][ T9634]  __x64_sys_recvmsg+0x20c/0x2e0
[  312.687346][ T9634]  ? perf_trace_preemptirq_template+0x269/0x330
[  312.693632][ T9634]  ? ___sys_recvmsg+0x590/0x590
[  312.698530][ T9634]  ? lockdep_hardirqs_on+0x98/0x150
[  312.703765][ T9634]  do_syscall_64+0x55/0xa0
[  312.708206][ T9634]  ? clear_bhb_loop+0x40/0x90
[  312.712910][ T9634]  ? clear_bhb_loop+0x40/0x90
[  312.717615][ T9634]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  312.723557][ T9634] RIP: 0033:0x7f39a7b9cdd9
[  312.727996][ T9634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  312.747644][ T9634] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  312.756113][ T9634] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  312.764122][ T9634] RDX: 0000000000000100 RSI: 0000200000000400 RDI: 0000000000000004
[  312.772126][ T9634] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  312.780138][ T9634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  312.788142][ T9634] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  312.796171][ T9634]  </TASK>
[  312.905257][ T9643] netlink: 'syz.2.1370': attribute type 39 has an invalid length.
[  313.142152][   T12] wlan1: Creating new IBSS network, BSSID 02:02:d9:c5:7a:ab
[  313.184817][ T9652] netlink: 'syz.2.1381': attribute type 39 has an invalid length.
[  313.545766][ T9661] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  313.578127][ T9665] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1378'.
[  313.626441][ T9661] netlink: 'syz.2.1376': attribute type 3 has an invalid length.
[  313.643554][ T9661] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1376'.
[  313.846451][ T9673] FAULT_INJECTION: forcing a failure.
[  313.846451][ T9673] name failslab, interval 1, probability 0, space 0, times 0
[  313.902054][ T9673] CPU: 1 PID: 9673 Comm: syz.3.1380 Not tainted syzkaller #0
[  313.909525][ T9673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  313.919635][ T9673] Call Trace:
[  313.922958][ T9673]  <TASK>
[  313.925967][ T9673]  dump_stack_lvl+0x18c/0x250
[  313.930714][ T9673]  ? show_regs_print_info+0x20/0x20
[  313.936005][ T9673]  ? load_image+0x420/0x420
[  313.940566][ T9673]  ? __might_sleep+0xe0/0xe0
[  313.945205][ T9673]  ? __lock_acquire+0x7d40/0x7d40
[  313.950290][ T9673]  should_fail_ex+0x39d/0x4d0
[  313.955032][ T9673]  should_failslab+0x9/0x20
[  313.959602][ T9673]  slab_pre_alloc_hook+0x59/0x310
[  313.964680][ T9673]  ? perf_trace_run_bpf_submit+0xf4/0x1c0
[  313.970456][ T9673]  kmem_cache_alloc+0x5a/0x2d0
[  313.975277][ T9673]  ? getname_flags+0xbb/0x500
[  313.980015][ T9673]  getname_flags+0xbb/0x500
[  313.984585][ T9673]  do_sys_openat2+0xda/0x1d0
[  313.989251][ T9673]  ? do_sys_open+0xe0/0xe0
[  313.993733][ T9673]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  313.999949][ T9673]  __x64_sys_openat+0x139/0x160
[  314.004865][ T9673]  do_syscall_64+0x55/0xa0
[  314.009335][ T9673]  ? clear_bhb_loop+0x40/0x90
[  314.014063][ T9673]  ? clear_bhb_loop+0x40/0x90
[  314.018799][ T9673]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  314.024741][ T9673] RIP: 0033:0x7f3955d5d60e
[  314.029196][ T9673] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  314.048854][ T9673] RSP: 002b:00007f3956c74ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  314.057344][ T9673] RAX: ffffffffffffffda RBX: 00007f3956c756c0 RCX: 00007f3955d5d60e
[  314.065395][ T9673] RDX: 0000000000000002 RSI: 00007f3956c74f90 RDI: ffffffffffffff9c
[  314.073419][ T9673] RBP: 00007f3956c75090 R08: 0000000000000000 R09: 0000000000000000
[  314.081444][ T9673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  314.089464][ T9673] R13: 00007f3956016038 R14: 00007f3956015fa0 R15: 00007ffc4c2bcbd8
[  314.097553][ T9673]  </TASK>
[  314.253472][ T9685] netlink: 'syz.1.1385': attribute type 39 has an invalid length.
[  314.527645][ T9690] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1388'.
[  314.563822][ T9690] openvswitch: netlink: Flow key attribute not present in set flow.
[  314.621450][ T9695] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1389'.
[  314.809502][ T9701] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  314.875168][ T9701] netlink: 'syz.3.1391': attribute type 3 has an invalid length.
[  314.903050][ T9701] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1391'.
[  314.904499][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  315.330580][ T9718] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1398'.
[  315.795132][ T9725] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1401'.
[  315.813181][ T9725] openvswitch: netlink: Flow key attribute not present in set flow.
[  315.942492][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  316.151085][ T9735] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  316.202783][ T9735] netlink: 'syz.1.1406': attribute type 3 has an invalid length.
[  316.241924][ T9735] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1406'.
[  316.366647][ T9743] netlink: 'syz.0.1408': attribute type 33 has an invalid length.
[  316.417742][ T9743] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1408'.
[  316.519955][ T9744] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  316.527246][ T9744] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode
[  316.913116][   T12] wlan1: Trigger new scan to find an IBSS to join
[  317.038663][ T9759] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1413'.
[  317.049917][ T9759] openvswitch: netlink: Flow key attribute not present in set flow.
[  317.231316][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  317.237790][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  317.430570][ T9771] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  317.452089][ T9771] netlink: 'syz.3.1419': attribute type 3 has an invalid length.
[  317.460173][ T9771] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1419'.
[  317.624590][ T9773] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  317.680901][ T9773] netlink: 'syz.0.1420': attribute type 3 has an invalid length.
[  317.709253][ T9773] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1420'.
[  317.750311][ T9777] netlink: 'syz.3.1422': attribute type 10 has an invalid length.
[  317.824356][ T9779] netlink: 'syz.3.1422': attribute type 9 has an invalid length.
[  317.855626][ T9779] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1422'.
[  318.202010][ T9783] netlink: 'syz.3.1422': attribute type 9 has an invalid length.
[  318.212405][ T9783] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1422'.
[  318.388583][ T9788] openvswitch: netlink: Flow key attribute not present in set flow.
[  318.556585][ T9793] netlink: 'syz.1.1426': attribute type 33 has an invalid length.
[  318.983331][   T12] wlan1: Trigger new scan to find an IBSS to join
[  319.942141][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  319.948776][  T145] wlan1: Trigger new scan to find an IBSS to join
[  319.956696][   T12] wlan1: Trigger new scan to find an IBSS to join
[  320.623181][ T9819] __nla_validate_parse: 2 callbacks suppressed
[  320.623222][ T9819] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1438'.
[  320.662869][ T9819] openvswitch: netlink: Flow key attribute not present in set flow.
[  320.951320][ T9832] netlink: 'syz.2.1440': attribute type 33 has an invalid length.
[  320.992076][ T9832] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1440'.
[  321.962371][ T1082] wlan1: Creating new IBSS network, BSSID e2:f2:bf:75:a2:d1
[  322.984865][   T36] wlan1: Trigger new scan to find an IBSS to join
[  322.991559][   T36] wlan1: Trigger new scan to find an IBSS to join
[  323.011837][   T12] wlan1: Trigger new scan to find an IBSS to join
[  323.134396][ T9854] netlink: 'syz.1.1450': attribute type 10 has an invalid length.
[  323.215528][ T9857] netlink: 'syz.1.1450': attribute type 9 has an invalid length.
[  323.232746][ T9857] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1450'.
[  323.931249][ T9858] netlink: 'syz.1.1450': attribute type 9 has an invalid length.
[  323.956967][ T9858] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1450'.
[  324.017500][  T145] wlan1: Creating new IBSS network, BSSID ba:bb:de:85:3d:95
[  324.679078][ T9884] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1461'.
[  324.705341][ T9884] openvswitch: netlink: Flow key attribute not present in set flow.
[  324.734513][ T9886] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  324.796152][ T9888] netlink: 'syz.2.1462': attribute type 39 has an invalid length.
[  324.824733][ T9886] netlink: 'syz.0.1460': attribute type 3 has an invalid length.
[  324.847902][ T9886] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1460'.
[  325.029553][ T9894] netlink: 'syz.1.1471': attribute type 39 has an invalid length.
[  325.599194][ T9907] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1467'.
[  325.942388][ T1082] wlan1: Creating new IBSS network, BSSID 1a:ed:d5:3b:00:1f
[  326.732144][ T9923] netlink: 'syz.0.1474': attribute type 39 has an invalid length.
[  326.982593][  T145] wlan1: Trigger new scan to find an IBSS to join
[  328.493850][ T9938] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1481'.
[  328.513336][ T9938] openvswitch: netlink: Flow key attribute not present in set flow.
[  328.758084][ T9945] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  328.824584][ T9945] netlink: 'syz.1.1483': attribute type 3 has an invalid length.
[  328.853697][ T9945] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1483'.
[  329.065762][ T9955] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1486'.
[  329.854435][ T9978] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  329.914625][ T9978] netlink: 'syz.2.1499': attribute type 3 has an invalid length.
[  329.939465][ T9978] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1499'.
[  329.958343][ T9980] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1500'.
[  330.955173][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  331.187646][T10011] netlink: 'syz.1.1512': attribute type 10 has an invalid length.
[  331.232194][T10011] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  331.260533][T10013] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  331.292742][T10015] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1514'.
[  331.308967][T10013] netlink: 'syz.0.1513': attribute type 3 has an invalid length.
[  331.327333][T10013] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1513'.
[  331.572979][T10026] netlink: 'syz.0.1519': attribute type 39 has an invalid length.
[  331.947194][   T59] wlan1: Trigger new scan to find an IBSS to join
[  331.957043][T10039] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1524'.
[  331.975975][T10039] openvswitch: netlink: Flow key attribute not present in set flow.
[  332.259445][T10049] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  332.290389][T10051] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  332.310098][T10049] netlink: 'syz.0.1528': attribute type 3 has an invalid length.
[  332.332710][T10049] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1528'.
[  332.366086][T10051] netlink: 'syz.2.1529': attribute type 3 has an invalid length.
[  332.383128][T10051] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1529'.
[  332.397906][T10054] netlink: 'syz.3.1530': attribute type 39 has an invalid length.
[  333.038287][T10069] openvswitch: netlink: Flow key attribute not present in set flow.
[  333.302432][T10079] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  333.319373][T10078] netlink: 'syz.0.1540': attribute type 39 has an invalid length.
[  333.343360][T10076] netlink: 'syz.2.1539': attribute type 3 has an invalid length.
[  333.620313][T10083] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  333.702596][T10083] netlink: 'syz.3.1541': attribute type 3 has an invalid length.
[  333.728509][T10083] __nla_validate_parse: 2 callbacks suppressed
[  333.728551][T10083] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1541'.
[  333.782565][T10097] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1546'.
[  333.795888][T10099] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1546'.
[  333.819796][T10098] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1546'.
[  334.330722][T10105] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1550'.
[  334.689068][T10111] netlink: 'syz.2.1552': attribute type 39 has an invalid length.
[  334.912495][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  335.942294][  T145] wlan1: Trigger new scan to find an IBSS to join
[  335.949104][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  335.958900][T10114] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  335.978397][T10115] netlink: 'syz.2.1553': attribute type 3 has an invalid length.
[  336.039642][T10115] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1553'.
[  336.265841][T10120] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  336.300587][T10120] netlink: 'syz.0.1555': attribute type 3 has an invalid length.
[  336.317009][T10120] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1555'.
[  336.537546][T10132] netlink: 'syz.1.1561': attribute type 39 has an invalid length.
[  338.106880][ T1082] wlan1: Creating new IBSS network, BSSID 1e:21:03:34:4c:ce
[  338.121607][T10144] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  338.135159][T10145] netlink: 'syz.3.1565': attribute type 3 has an invalid length.
[  338.162119][T10145] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1565'.
[  338.324626][T10150] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1567'.
[  338.442826][T10152] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  338.477364][T10152] netlink: 'syz.1.1568': attribute type 3 has an invalid length.
[  338.508224][T10152] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1568'.
[  338.556807][T10156] netlink: 'syz.2.1570': attribute type 39 has an invalid length.
[  338.987814][   T12] wlan1: Trigger new scan to find an IBSS to join
[  339.041656][T10177] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  339.066573][T10177] netlink: 'syz.3.1577': attribute type 3 has an invalid length.
[  339.077358][T10177] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1577'.
[  339.942033][  T145] wlan1: Trigger new scan to find an IBSS to join
[  340.903125][   T12] wlan1: Trigger new scan to find an IBSS to join
[  342.901920][   T12] wlan1: Trigger new scan to find an IBSS to join
[  342.983454][  T145] wlan1: Trigger new scan to find an IBSS to join
[  343.340507][T10231] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1597'.
[  344.164961][T10241] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1600'.
[  344.760364][   T59] wlan1: Creating new IBSS network, BSSID d6:be:03:df:b1:86
[  344.983080][  T145] wlan1: Trigger new scan to find an IBSS to join
[  344.987118][   T59] wlan1: Trigger new scan to find an IBSS to join
[  345.180131][T10253] FAULT_INJECTION: forcing a failure.
[  345.180131][T10253] name failslab, interval 1, probability 0, space 0, times 0
[  345.218518][T10255] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1607'.
[  345.229652][T10253] CPU: 0 PID: 10253 Comm: syz.3.1606 Not tainted syzkaller #0
[  345.237192][T10253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  345.247299][T10253] Call Trace:
[  345.250622][T10253]  <TASK>
[  345.253600][T10253]  dump_stack_lvl+0x18c/0x250
[  345.258345][T10253]  ? show_regs_print_info+0x20/0x20
[  345.263610][T10253]  ? load_image+0x420/0x420
[  345.268170][T10253]  ? __lock_acquire+0x7d40/0x7d40
[  345.273242][T10253]  ? __fget_files+0x28/0x4b0
[  345.277926][T10253]  should_fail_ex+0x39d/0x4d0
[  345.282669][T10253]  should_failslab+0x9/0x20
[  345.287264][T10253]  slab_pre_alloc_hook+0x59/0x310
[  345.292356][T10253]  ? bpf_test_init+0x9f/0x140
[  345.297085][T10253]  ? bpf_test_init+0x9f/0x140
[  345.301814][T10253]  __kmem_cache_alloc_node+0x53/0x250
[  345.307290][T10253]  ? bpf_test_init+0x9f/0x140
[  345.312017][T10253]  __kmalloc+0xa4/0x230
[  345.316239][T10253]  bpf_test_init+0x9f/0x140
[  345.320875][T10253]  bpf_prog_test_run_xdp+0x4d1/0x10e0
[  345.326321][T10253]  ? dev_put+0x80/0x80
[  345.330417][T10253]  ? dev_put+0x80/0x80
[  345.334557][T10253]  bpf_prog_test_run+0x321/0x390
[  345.339554][T10253]  __sys_bpf+0x49d/0x890
[  345.343836][T10253]  ? bpf_link_show_fdinfo+0x390/0x390
[  345.349247][T10253]  ? lock_chain_count+0x20/0x20
[  345.354128][T10253]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  345.360173][T10253]  __x64_sys_bpf+0x7c/0x90
[  345.364653][T10253]  do_syscall_64+0x55/0xa0
[  345.369204][T10253]  ? clear_bhb_loop+0x40/0x90
[  345.373956][T10253]  ? clear_bhb_loop+0x40/0x90
[  345.378675][T10253]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  345.384657][T10253] RIP: 0033:0x7f3955d9cdd9
[  345.389128][T10253] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  345.408794][T10253] RSP: 002b:00007f3956c75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  345.417267][T10253] RAX: ffffffffffffffda RBX: 00007f3956015fa0 RCX: 00007f3955d9cdd9
[  345.425552][T10253] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  345.433576][T10253] RBP: 00007f3956c75090 R08: 0000000000000000 R09: 0000000000000000
[  345.441597][T10253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.449740][T10253] R13: 00007f3956016038 R14: 00007f3956015fa0 R15: 00007ffc4c2bcbd8
[  345.458219][T10253]  </TASK>
[  346.982164][   T59] wlan1: Trigger new scan to find an IBSS to join
[  347.041375][ T1082] wlan1: Creating new IBSS network, BSSID ee:8b:92:c5:63:08
[  347.050677][  T145] wlan1: Creating new IBSS network, BSSID d6:e9:8c:21:22:82
[  347.065062][T10265] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1611'.
[  347.479429][T10283] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1619'.
[  348.795820][  T145] wlan1: Creating new IBSS network, BSSID 9a:90:07:b2:a6:4e
[  348.921516][T10294] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1623'.
[  349.136063][T10300] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  349.183230][T10300] netlink: 'syz.2.1625': attribute type 3 has an invalid length.
[  349.205406][T10300] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1625'.
[  349.360523][T10310] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1629'.
[  352.503164][T10339] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  352.546372][T10344] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1642'.
[  352.656954][T10339] netlink: 'syz.0.1641': attribute type 3 has an invalid length.
[  352.724124][T10339] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1641'.
[  352.903862][   T59] wlan1: Trigger new scan to find an IBSS to join
[  353.005038][T10357] FAULT_INJECTION: forcing a failure.
[  353.005038][T10357] name failslab, interval 1, probability 0, space 0, times 0
[  353.025507][T10357] CPU: 1 PID: 10357 Comm: syz.1.1650 Not tainted syzkaller #0
[  353.033070][T10357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  353.043254][T10357] Call Trace:
[  353.046568][T10357]  <TASK>
[  353.049535][T10357]  dump_stack_lvl+0x18c/0x250
[  353.054277][T10357]  ? show_regs_print_info+0x20/0x20
[  353.059533][T10357]  ? load_image+0x420/0x420
[  353.064101][T10357]  ? __might_sleep+0xe0/0xe0
[  353.068754][T10357]  ? __lock_acquire+0x7d40/0x7d40
[  353.073831][T10357]  ? trace_contention_end+0x39/0xe0
[  353.079165][T10357]  should_fail_ex+0x39d/0x4d0
[  353.083903][T10357]  should_failslab+0x9/0x20
[  353.088466][T10357]  slab_pre_alloc_hook+0x59/0x310
[  353.093559][T10357]  ? mutex_lock_nested+0x20/0x20
[  353.098578][T10357]  ? tcx_link_attach+0x168/0x900
[  353.103574][T10357]  __kmem_cache_alloc_node+0x53/0x250
[  353.109029][T10357]  ? tcx_link_attach+0x168/0x900
[  353.114025][T10357]  kmalloc_trace+0x2a/0xe0
[  353.118534][T10357]  tcx_link_attach+0x168/0x900
[  353.123361][T10357]  ? tcx_prog_query+0x140/0x140
[  353.128259][T10357]  ? __fget_files+0x43d/0x4b0
[  353.132998][T10357]  ? bpf_prog_attach_check_attach_type+0x188/0x440
[  353.139557][T10357]  link_create+0x390/0x720
[  353.144028][T10357]  __sys_bpf+0x4d7/0x890
[  353.148325][T10357]  ? bpf_link_show_fdinfo+0x390/0x390
[  353.153742][T10357]  ? lock_chain_count+0x20/0x20
[  353.158634][T10357]  __x64_sys_bpf+0x7c/0x90
[  353.163101][T10357]  do_syscall_64+0x55/0xa0
[  353.167574][T10357]  ? clear_bhb_loop+0x40/0x90
[  353.172311][T10357]  ? clear_bhb_loop+0x40/0x90
[  353.177061][T10357]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  353.183011][T10357] RIP: 0033:0x7f39a7b9cdd9
[  353.187483][T10357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  353.207143][T10357] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  353.215620][T10357] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  353.223681][T10357] RDX: 0000000000000020 RSI: 00002000000002c0 RDI: 000000000000001c
[  353.231712][T10357] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  353.239767][T10357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.247795][T10357] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  353.255845][T10357]  </TASK>
[  353.449398][T10366] netlink: 140 bytes leftover after parsing attributes in process `syz.3.1652'.
[  353.512501][T10366] netlink: 137436 bytes leftover after parsing attributes in process `syz.3.1652'.
[  353.620500][T10372] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1655'.
[  354.311162][T10384] netlink: 'syz.2.1662': attribute type 2 has an invalid length.
[  354.322711][T10384] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1662'.
[  354.772003][T10388] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1662'.
[  354.985487][   T48] wlan1: Trigger new scan to find an IBSS to join
[  357.943384][   T36] wlan1: Trigger new scan to find an IBSS to join
[  357.953970][  T145] wlan1: Trigger new scan to find an IBSS to join
[  359.277750][   T48] wlan1: Creating new IBSS network, BSSID 62:1c:8e:5c:aa:e8
[  360.190210][T10458] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  360.232702][T10458] netlink: 'syz.2.1692': attribute type 3 has an invalid length.
[  360.251171][T10458] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1692'.
[  360.776126][T10469] FAULT_INJECTION: forcing a failure.
[  360.776126][T10469] name failslab, interval 1, probability 0, space 0, times 0
[  360.809193][T10469] CPU: 0 PID: 10469 Comm: syz.1.1698 Not tainted syzkaller #0
[  360.816741][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  360.826843][T10469] Call Trace:
[  360.830146][T10469]  <TASK>
[  360.833134][T10469]  dump_stack_lvl+0x18c/0x250
[  360.837861][T10469]  ? show_regs_print_info+0x20/0x20
[  360.843107][T10469]  ? load_image+0x420/0x420
[  360.847650][T10469]  ? __might_sleep+0xe0/0xe0
[  360.852314][T10469]  ? __lock_acquire+0x7d40/0x7d40
[  360.857368][T10469]  ? __mutex_lock+0x315/0xcc0
[  360.862083][T10469]  should_fail_ex+0x39d/0x4d0
[  360.866820][T10469]  should_failslab+0x9/0x20
[  360.871821][T10469]  slab_pre_alloc_hook+0x59/0x310
[  360.876895][T10469]  ? kernfs_fop_open+0x7d7/0xcc0
[  360.881959][T10469]  __kmem_cache_alloc_node+0x53/0x250
[  360.887390][T10469]  ? kernfs_fop_open+0x7d7/0xcc0
[  360.892365][T10469]  kmalloc_trace+0x2a/0xe0
[  360.896829][T10469]  kernfs_fop_open+0x7d7/0xcc0
[  360.901646][T10469]  ? kernfs_fop_mmap+0x550/0x550
[  360.906627][T10469]  do_dentry_open+0x8c6/0x1500
[  360.911437][T10469]  path_openat+0x27f1/0x3230
[  360.916086][T10469]  ? do_filp_open+0x430/0x430
[  360.920799][T10469]  ? mark_lock+0x94/0x320
[  360.925173][T10469]  do_filp_open+0x1f5/0x430
[  360.929712][T10469]  ? vfs_tmpfile+0x490/0x490
[  360.934359][T10469]  ? _raw_spin_unlock+0x28/0x40
[  360.939244][T10469]  ? alloc_fd+0x58f/0x630
[  360.943619][T10469]  do_sys_openat2+0x134/0x1d0
[  360.948356][T10469]  ? perf_trace_preemptirq_template+0x269/0x330
[  360.954649][T10469]  ? do_sys_open+0xe0/0xe0
[  360.959103][T10469]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  360.965124][T10469]  ? lock_chain_count+0x20/0x20
[  360.970003][T10469]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  360.976021][T10469]  __x64_sys_openat+0x139/0x160
[  360.980907][T10469]  do_syscall_64+0x55/0xa0
[  360.985349][T10469]  ? clear_bhb_loop+0x40/0x90
[  360.990065][T10469]  ? clear_bhb_loop+0x40/0x90
[  360.994809][T10469]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  361.000738][T10469] RIP: 0033:0x7f39a7b9cdd9
[  361.005180][T10469] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  361.024831][T10469] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  361.033370][T10469] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  361.041370][T10469] RDX: 000000000000275a RSI: 0000200000000040 RDI: 0000000000000005
[  361.049369][T10469] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  361.057372][T10469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  361.065398][T10469] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  361.073416][T10469]  </TASK>
[  361.771086][T10494] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  361.790901][T10494] netlink: 'syz.0.1706': attribute type 3 has an invalid length.
[  361.799083][T10494] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1706'.
[  362.912157][   T12] wlan1: Trigger new scan to find an IBSS to join
[  363.861423][T10517] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1713'.
[  363.946447][T10517] openvswitch: netlink: Flow key attribute not present in set flow.
[  363.957988][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  364.513399][T10524] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  364.560922][T10524] netlink: 'syz.0.1718': attribute type 3 has an invalid length.
[  364.593927][T10524] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1718'.
[  364.684368][T10535] netlink: 'syz.2.1722': attribute type 39 has an invalid length.
[  365.080395][T10547] netlink: 'syz.3.1727': attribute type 25 has an invalid length.
[  365.089191][T10547] netlink: 'syz.3.1727': attribute type 28 has an invalid length.
[  365.948735][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  366.018094][T10566] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  366.034101][T10566] netlink: 'syz.3.1732': attribute type 3 has an invalid length.
[  366.051906][T10566] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1732'.
[  366.083948][T10568] netlink: 'syz.2.1733': attribute type 39 has an invalid length.
[  367.942314][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  368.344880][ T4677] wlan1: Trigger new scan to find an IBSS to join
[  368.396583][   T12] wlan1: Creating new IBSS network, BSSID fa:26:23:5e:02:20
[  371.489662][T10605] netlink: 'syz.0.1742': attribute type 25 has an invalid length.
[  371.512569][T10605] netlink: 'syz.0.1742': attribute type 28 has an invalid length.
[  372.235520][T10611] netlink: 'syz.2.1745': attribute type 39 has an invalid length.
[  372.556029][T10617] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1747'.
[  372.589574][T10617] openvswitch: netlink: Flow key attribute not present in set flow.
[  373.985658][   T36] wlan1: Trigger new scan to find an IBSS to join
[  373.992285][   T48] wlan1: Trigger new scan to find an IBSS to join
[  374.589583][T10637] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  374.691614][T10637] netlink: 'syz.1.1744': attribute type 3 has an invalid length.
[  374.751343][T10637] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1744'.
[  374.768208][T10640] netlink: 'syz.3.1755': attribute type 39 has an invalid length.
[  375.201284][T10652] netlink: 'syz.1.1759': attribute type 22 has an invalid length.
[  375.210407][T10652] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1759'.
[  375.237718][T10652] netlink: 'syz.1.1759': attribute type 22 has an invalid length.
[  375.253059][T10652] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1759'.
[  375.268276][ T3465] wlan1: Creating new IBSS network, BSSID 0a:f9:8f:95:87:b1
[  375.276906][   T36] wlan1: Creating new IBSS network, BSSID 9a:d1:bd:a2:31:e8
[  375.582290][T10656] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1760'.
[  375.613173][T10656] openvswitch: netlink: Flow key attribute not present in set flow.
[  376.024013][T10668] FAULT_INJECTION: forcing a failure.
[  376.024013][T10668] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.057157][T10670] netlink: 'syz.0.1766': attribute type 39 has an invalid length.
[  376.079463][T10668] CPU: 0 PID: 10668 Comm: syz.1.1765 Not tainted syzkaller #0
[  376.087025][T10668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  376.097146][T10668] Call Trace:
[  376.100467][T10668]  <TASK>
[  376.103442][T10668]  dump_stack_lvl+0x18c/0x250
[  376.108185][T10668]  ? show_regs_print_info+0x20/0x20
[  376.113467][T10668]  ? load_image+0x420/0x420
[  376.118116][T10668]  ? __might_fault+0xaa/0x120
[  376.122867][T10668]  ? __lock_acquire+0x7d40/0x7d40
[  376.127956][T10668]  should_fail_ex+0x39d/0x4d0
[  376.132708][T10668]  _copy_from_user+0x2f/0xe0
[  376.137343][T10668]  dev_ethtool+0xc6/0x18d0
[  376.141859][T10668]  ? ethtool_get_module_eeprom_call+0x170/0x170
[  376.148142][T10668]  ? __lock_acquire+0x7d40/0x7d40
[  376.153192][T10668]  ? __might_fault+0xaa/0x120
[  376.157889][T10668]  ? full_name_hash+0x92/0xe0
[  376.162596][T10668]  ? dev_load+0x21/0x1f0
[  376.166886][T10668]  dev_ioctl+0x392/0x1140
[  376.171252][T10668]  sock_do_ioctl+0x239/0x310
[  376.175962][T10668]  ? sock_show_fdinfo+0xb0/0xb0
[  376.180857][T10668]  sock_ioctl+0x5ba/0x7e0
[  376.185228][T10668]  ? sock_poll+0x3e0/0x3e0
[  376.189716][T10668]  ? bpf_lsm_file_ioctl+0x9/0x10
[  376.194724][T10668]  ? security_file_ioctl+0x80/0xa0
[  376.199894][T10668]  ? sock_poll+0x3e0/0x3e0
[  376.204364][T10668]  __se_sys_ioctl+0xfd/0x170
[  376.209012][T10668]  do_syscall_64+0x55/0xa0
[  376.213470][T10668]  ? clear_bhb_loop+0x40/0x90
[  376.218325][T10668]  ? clear_bhb_loop+0x40/0x90
[  376.223059][T10668]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  376.229008][T10668] RIP: 0033:0x7f39a7b9cdd9
[  376.233474][T10668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  376.253149][T10668] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  376.261690][T10668] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  376.269717][T10668] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000027
[  376.277721][T10668] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  376.285747][T10668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.293772][T10668] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  376.301784][T10668]  </TASK>
[  376.357490][T10672] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  376.402136][T10672] netlink: 'syz.2.1767': attribute type 3 has an invalid length.
[  376.434427][T10672] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1767'.
[  376.982163][   T36] wlan1: Trigger new scan to find an IBSS to join
[  377.109274][T10693] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1772'.
[  377.144100][T10693] openvswitch: netlink: Flow key attribute not present in set flow.
[  378.282893][T10707] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  378.348096][T10707] netlink: 'syz.0.1780': attribute type 3 has an invalid length.
[  378.393366][T10707] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1780'.
[  379.272644][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  379.281791][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  379.392263][T10728] netlink: 'syz.0.1785': attribute type 6 has an invalid length.
[  379.404664][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  379.468196][T10728] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1785'.
[  379.494847][T10725] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1784'.
[  379.536730][T10725] openvswitch: netlink: Flow key attribute not present in set flow.
[  380.497882][T10747] netlink: 'syz.3.1791': attribute type 39 has an invalid length.
[  380.692554][T10749] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  380.751337][T10749] netlink: 'syz.3.1793': attribute type 3 has an invalid length.
[  380.789135][T10749] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.1793'.
[  380.872875][T10752] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1794'.
[  380.884637][T10752] openvswitch: netlink: Flow key attribute not present in set flow.
[  380.982061][ T4677] wlan1: Trigger new scan to find an IBSS to join
[  381.045164][T10760] netlink: 'syz.0.1797': attribute type 13 has an invalid length.
[  381.059451][T10760] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1797'.
[  381.070968][T10760] 
: renamed from syz_tun (while UP)
[  381.942070][   T36] wlan1: Trigger new scan to find an IBSS to join
[  382.066440][T10768] netlink: 'syz.1.1801': attribute type 39 has an invalid length.
[  382.711094][T10782] netlink: 'syz.1.1806': attribute type 6 has an invalid length.
[  382.744280][T10782] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1806'.
[  382.907310][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  382.982324][  T145] wlan1: Trigger new scan to find an IBSS to join
[  383.272069][T10793] netlink: 'syz.0.1810': attribute type 39 has an invalid length.
[  383.720843][T10798] netlink: set zone limit has 8 unknown bytes
[  383.941967][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  384.116565][ T1082] wlan1: Creating new IBSS network, BSSID 5e:79:b8:51:37:09
[  384.125290][ T4677] wlan1: Creating new IBSS network, BSSID 1a:41:de:5f:55:94
[  385.392444][T10833] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1826'.
[  385.422692][T10833] openvswitch: netlink: Flow key attribute not present in set flow.
[  385.768971][T10847] netlink: set zone limit has 8 unknown bytes
[  386.105254][T10860] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1836'.
[  386.118802][T10860] openvswitch: netlink: Flow key attribute not present in set flow.
[  386.162907][T10863] FAULT_INJECTION: forcing a failure.
[  386.162907][T10863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.181048][T10863] CPU: 1 PID: 10863 Comm: syz.0.1837 Not tainted syzkaller #0
[  386.188691][T10863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  386.198800][T10863] Call Trace:
[  386.202132][T10863]  <TASK>
[  386.205113][T10863]  dump_stack_lvl+0x18c/0x250
[  386.209856][T10863]  ? show_regs_print_info+0x20/0x20
[  386.215122][T10863]  ? load_image+0x420/0x420
[  386.219685][T10863]  ? __might_fault+0xaa/0x120
[  386.224406][T10863]  ? __lock_acquire+0x7d40/0x7d40
[  386.229557][T10863]  should_fail_ex+0x39d/0x4d0
[  386.234323][T10863]  _copy_from_user+0x2f/0xe0
[  386.238972][T10863]  kstrtouint_from_user+0xde/0x170
[  386.244179][T10863]  ? kstrtol_from_user+0x190/0x190
[  386.249347][T10863]  proc_fail_nth_write+0x8f/0x250
[  386.254431][T10863]  ? proc_fail_nth_read+0x260/0x260
[  386.259699][T10863]  ? proc_fail_nth_read+0x260/0x260
[  386.265568][T10863]  vfs_write+0x296/0x990
[  386.269969][T10863]  ? file_end_write+0x250/0x250
[  386.274884][T10863]  ? __fget_files+0x28/0x4b0
[  386.279526][T10863]  ? __fget_files+0x28/0x4b0
[  386.284163][T10863]  ? __fget_files+0x43d/0x4b0
[  386.288904][T10863]  ? __fdget_pos+0x2a3/0x330
[  386.293550][T10863]  ? ksys_write+0x75/0x260
[  386.298039][T10863]  ksys_write+0x150/0x260
[  386.302433][T10863]  ? __ia32_sys_read+0x90/0x90
[  386.307263][T10863]  ? lockdep_hardirqs_on+0x98/0x150
[  386.312636][T10863]  do_syscall_64+0x55/0xa0
[  386.317106][T10863]  ? clear_bhb_loop+0x40/0x90
[  386.321838][T10863]  ? clear_bhb_loop+0x40/0x90
[  386.326566][T10863]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  386.332526][T10863] RIP: 0033:0x7f307635d60e
[  386.337012][T10863] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  386.356680][T10863] RSP: 002b:00007f30772b4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  386.365153][T10863] RAX: ffffffffffffffda RBX: 00007f30772b56c0 RCX: 00007f307635d60e
[  386.373172][T10863] RDX: 0000000000000001 RSI: 00007f30772b50a0 RDI: 0000000000000005
[  386.381230][T10863] RBP: 00007f30772b5090 R08: 0000000000000000 R09: 0000000000000000
[  386.389250][T10863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  386.397270][T10863] R13: 00007f3076616038 R14: 00007f3076615fa0 R15: 00007fffdaf0c108
[  386.405314][T10863]  </TASK>
[  386.912392][ T3465] wlan1: Creating new IBSS network, BSSID 56:76:fb:79:a5:0d
[  386.920032][  T145] wlan1: Trigger new scan to find an IBSS to join
[  387.157537][T10883] netlink: 'syz.3.1845': attribute type 3 has an invalid length.
[  387.188227][T10883] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1845'.
[  387.269888][T10885] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1846'.
[  387.316005][T10885] openvswitch: netlink: Tunnel attr 0 has unexpected len 1788 expected 8
[  387.695770][T10891] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1849'.
[  387.710690][T10891] openvswitch: netlink: Flow key attribute not present in set flow.
[  387.860405][   T12] wlan1: Creating new IBSS network, BSSID 6e:67:bc:50:af:80
[  388.010928][T10903] netlink: set zone limit has 8 unknown bytes
[  388.355133][T10916] FAULT_INJECTION: forcing a failure.
[  388.355133][T10916] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.401840][T10916] CPU: 0 PID: 10916 Comm: syz.3.1859 Not tainted syzkaller #0
[  388.409398][T10916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  388.419502][T10916] Call Trace:
[  388.422833][T10916]  <TASK>
[  388.425812][T10916]  dump_stack_lvl+0x18c/0x250
[  388.430560][T10916]  ? show_regs_print_info+0x20/0x20
[  388.435828][T10916]  ? load_image+0x420/0x420
[  388.440401][T10916]  ? __might_fault+0xaa/0x120
[  388.445126][T10916]  ? __lock_acquire+0x7d40/0x7d40
[  388.450202][T10916]  should_fail_ex+0x39d/0x4d0
[  388.454948][T10916]  _copy_from_user+0x2f/0xe0
[  388.459597][T10916]  generic_map_update_batch+0x54b/0x810
[  388.465277][T10916]  ? rcu_read_unlock+0xa0/0xa0
[  388.470105][T10916]  ? __fdget+0x180/0x210
[  388.474493][T10916]  ? rcu_read_unlock+0xa0/0xa0
[  388.479353][T10916]  bpf_map_do_batch+0x3d7/0x610
[  388.484256][T10916]  __sys_bpf+0x381/0x890
[  388.488546][T10916]  ? bpf_link_show_fdinfo+0x390/0x390
[  388.494070][T10916]  ? lock_chain_count+0x20/0x20
[  388.498976][T10916]  __x64_sys_bpf+0x7c/0x90
[  388.503437][T10916]  do_syscall_64+0x55/0xa0
[  388.507891][T10916]  ? clear_bhb_loop+0x40/0x90
[  388.512610][T10916]  ? clear_bhb_loop+0x40/0x90
[  388.517325][T10916]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  388.523247][T10916] RIP: 0033:0x7f3955d9cdd9
[  388.527689][T10916] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  388.547417][T10916] RSP: 002b:00007f3956c75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  388.555860][T10916] RAX: ffffffffffffffda RBX: 00007f3956015fa0 RCX: 00007f3955d9cdd9
[  388.563861][T10916] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a
[  388.571942][T10916] RBP: 00007f3956c75090 R08: 0000000000000000 R09: 0000000000000000
[  388.579947][T10916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  388.587966][T10916] R13: 00007f3956016038 R14: 00007f3956015fa0 R15: 00007ffc4c2bcbd8
[  388.595980][T10916]  </TASK>
[  388.675552][T10913] netlink: 'syz.2.1858': attribute type 21 has an invalid length.
[  388.687711][T10913] IPv6: NLM_F_CREATE should be specified when creating new route
[  388.697610][T10913] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  388.705400][T10913] IPv6: NLM_F_CREATE should be set when creating new route
[  388.712834][T10913] IPv6: NLM_F_CREATE should be set when creating new route
[  388.720122][T10913] IPv6: NLM_F_CREATE should be set when creating new route
[  389.069836][T10926] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1863'.
[  389.091896][T10926] openvswitch: netlink: Flow key attribute not present in set flow.
[  389.308081][T10931] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  389.362047][T10931] netlink: 'syz.2.1864': attribute type 3 has an invalid length.
[  389.370185][T10931] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1864'.
[  389.940552][T10950] sock: sock_timestamping_bind_phc: sock not bind to device
[  391.133139][T10957] netlink: 'syz.0.1874': attribute type 21 has an invalid length.
[  391.335536][T10963] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1876'.
[  391.357363][T10963] openvswitch: netlink: Flow key attribute not present in set flow.
[  391.523615][T10971] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  391.555651][T10971] netlink: 'syz.0.1879': attribute type 3 has an invalid length.
[  391.571842][T10971] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1879'.
[  391.943486][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  392.357224][T10997] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1890'.
[  392.380552][T10997] openvswitch: netlink: Flow key attribute not present in set flow.
[  393.869483][T11002] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  393.934024][T11002] netlink: 'syz.1.1892': attribute type 3 has an invalid length.
[  393.952564][ T4677] wlan1: Trigger new scan to find an IBSS to join
[  394.015585][T11002] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.1892'.
[  394.736205][T11025] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1900'.
[  394.822265][T11025] openvswitch: netlink: Tunnel attr 0 has unexpected len 1788 expected 8
[  395.349728][T11040] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  395.381636][T11040] netlink: 'syz.2.1906': attribute type 3 has an invalid length.
[  395.401041][T11040] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.1906'.
[  395.953802][   T12] wlan1: Trigger new scan to find an IBSS to join
[  396.053832][T11056] netlink: 'syz.2.1911': attribute type 3 has an invalid length.
[  396.083722][T11056] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1911'.
[  396.244862][T11058] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  396.285493][T11062] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1914'.
[  396.331121][T11062] FAULT_INJECTION: forcing a failure.
[  396.331121][T11062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.348216][T11062] CPU: 0 PID: 11062 Comm: syz.0.1914 Not tainted syzkaller #0
[  396.355774][T11062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  396.365885][T11062] Call Trace:
[  396.369208][T11062]  <TASK>
[  396.372179][T11062]  dump_stack_lvl+0x18c/0x250
[  396.376940][T11062]  ? show_regs_print_info+0x20/0x20
[  396.382201][T11062]  ? load_image+0x420/0x420
[  396.386769][T11062]  ? __might_fault+0xaa/0x120
[  396.391498][T11062]  ? __lock_acquire+0x7d40/0x7d40
[  396.396575][T11062]  should_fail_ex+0x39d/0x4d0
[  396.401314][T11062]  _copy_from_user+0x2f/0xe0
[  396.405963][T11062]  ___sys_sendmsg+0x1c7/0x360
[  396.410689][T11062]  ? __sys_sendmsg+0x2a0/0x2a0
[  396.415523][T11062]  __se_sys_sendmsg+0x1c2/0x2b0
[  396.420387][T11062]  ? __x64_sys_sendmsg+0x80/0x80
[  396.425344][T11062]  ? lockdep_hardirqs_on+0x98/0x150
[  396.430576][T11062]  do_syscall_64+0x55/0xa0
[  396.435004][T11062]  ? clear_bhb_loop+0x40/0x90
[  396.439699][T11062]  ? clear_bhb_loop+0x40/0x90
[  396.444395][T11062]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  396.450312][T11062] RIP: 0033:0x7f307639cdd9
[  396.454784][T11062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  396.474551][T11062] RSP: 002b:00007f30772b5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  396.483199][T11062] RAX: ffffffffffffffda RBX: 00007f3076615fa0 RCX: 00007f307639cdd9
[  396.491208][T11062] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000010
[  396.499204][T11062] RBP: 00007f30772b5090 R08: 0000000000000000 R09: 0000000000000000
[  396.507309][T11062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.515320][T11062] R13: 00007f3076616038 R14: 00007f3076615fa0 R15: 00007fffdaf0c108
[  396.523352][T11062]  </TASK>
[  397.952559][   T12] wlan1: Trigger new scan to find an IBSS to join
[  398.837394][T11110] netlink: 'syz.1.1934': attribute type 39 has an invalid length.
[  398.986742][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  399.027462][T11116] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1935'.
[  399.125627][T11116] netlink: 'syz.2.1935': attribute type 10 has an invalid length.
[  399.341609][T11122] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1938'.
[  399.368879][T11116] team0: Port device geneve1 added
[  399.392112][T11122] openvswitch: netlink: Flow key attribute not present in set flow.
[  400.037442][   T36] wlan1: Creating new IBSS network, BSSID 52:c6:54:de:09:0d
[  400.051562][T11143] netlink: 'syz.1.1945': attribute type 39 has an invalid length.
[  400.068808][T11144] netlink: 'syz.3.1946': attribute type 10 has an invalid length.
[  400.819318][T11144] team0: Device xfrm0 is of different type
[  400.826082][T11152] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1948'.
[  400.828822][T11152] openvswitch: netlink: Flow key attribute not present in set flow.
[  400.910723][   T36] wlan1: Trigger new scan to find an IBSS to join
[  401.093503][T11159] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1952'.
[  401.147709][T11159] netlink: 'syz.0.1952': attribute type 10 has an invalid length.
[  401.329571][T11164] netlink: 14975 bytes leftover after parsing attributes in process `syz.1.1954'.
[  401.934023][ T1082] wlan1: Creating new IBSS network, BSSID d6:68:b3:16:b4:23
[  402.640074][T11187] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1962'.
[  402.673505][T11187] openvswitch: netlink: Flow key attribute not present in set flow.
[  402.982551][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  402.993857][T11189] netlink: 'syz.0.1961': attribute type 15 has an invalid length.
[  403.022261][T11189] netlink: 'syz.0.1961': attribute type 7 has an invalid length.
[  403.203231][T11202] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.1966'.
[  403.244470][T11202] netlink: 'syz.1.1966': attribute type 10 has an invalid length.
[  403.267533][T11202] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.289385][T11202] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.309378][T11202] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.320197][T11202] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.374421][T11207] FAULT_INJECTION: forcing a failure.
[  403.374421][T11207] name failslab, interval 1, probability 0, space 0, times 0
[  403.388557][T11207] CPU: 0 PID: 11207 Comm: syz.2.1969 Not tainted syzkaller #0
[  403.396089][T11207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  403.406194][T11207] Call Trace:
[  403.409509][T11207]  <TASK>
[  403.412572][T11207]  dump_stack_lvl+0x18c/0x250
[  403.417318][T11207]  ? show_regs_print_info+0x20/0x20
[  403.422575][T11207]  ? load_image+0x420/0x420
[  403.427132][T11207]  ? __might_sleep+0xe0/0xe0
[  403.431764][T11207]  ? __lock_acquire+0x7d40/0x7d40
[  403.436839][T11207]  should_fail_ex+0x39d/0x4d0
[  403.441572][T11207]  should_failslab+0x9/0x20
[  403.446125][T11207]  slab_pre_alloc_hook+0x59/0x310
[  403.451197][T11207]  kmem_cache_alloc_node+0x60/0x320
[  403.456435][T11207]  ? __alloc_skb+0x103/0x2c0
[  403.461053][T11207]  __alloc_skb+0x103/0x2c0
[  403.465498][T11207]  ovs_ct_limit_cmd_set+0xfb/0xaf0
[  403.470658][T11207]  ? __nla_parse+0x40/0x50
[  403.475127][T11207]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  403.481500][T11207]  ? genl_family_rcv_msg_attrs_parse+0x20a/0x290
[  403.487870][T11207]  genl_family_rcv_msg_doit+0x211/0x310
[  403.493454][T11207]  ? end_current_label_crit_section+0x170/0x170
[  403.499730][T11207]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  403.505658][T11207]  ? bpf_lsm_capable+0x9/0x10
[  403.510371][T11207]  ? security_capable+0x89/0xb0
[  403.515263][T11207]  genl_rcv_msg+0x619/0x7a0
[  403.519809][T11207]  ? genl_bind+0x360/0x360
[  403.524255][T11207]  ? ovs_nat_update_key+0x920/0x920
[  403.529488][T11207]  ? ref_tracker_free+0x690/0x840
[  403.534564][T11207]  netlink_rcv_skb+0x241/0x4d0
[  403.539370][T11207]  ? genl_bind+0x360/0x360
[  403.543822][T11207]  ? netlink_ack+0x1180/0x1180
[  403.548638][T11207]  ? __lock_acquire+0x7d40/0x7d40
[  403.553703][T11207]  ? down_read+0x1ac/0x2e0
[  403.558149][T11207]  genl_rcv+0x28/0x40
[  403.562180][T11207]  netlink_unicast+0x751/0x8d0
[  403.566994][T11207]  netlink_sendmsg+0x8d0/0xbf0
[  403.571806][T11207]  ? netlink_getsockopt+0x590/0x590
[  403.577037][T11207]  ? aa_sock_msg_perm+0x94/0x150
[  403.582015][T11207]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  403.587332][T11207]  ? security_socket_sendmsg+0x80/0xa0
[  403.592819][T11207]  ? netlink_getsockopt+0x590/0x590
[  403.598074][T11207]  ____sys_sendmsg+0x5ba/0x960
[  403.602885][T11207]  ? __asan_memset+0x22/0x40
[  403.607508][T11207]  ? __sys_sendmsg_sock+0x30/0x30
[  403.612560][T11207]  ? __import_iovec+0x5f2/0x850
[  403.617444][T11207]  ? import_iovec+0x73/0xa0
[  403.621979][T11207]  ___sys_sendmsg+0x2a6/0x360
[  403.626689][T11207]  ? get_pid_task+0x20/0x1e0
[  403.631310][T11207]  ? __sys_sendmsg+0x2a0/0x2a0
[  403.636121][T11207]  ? __lock_acquire+0x7d40/0x7d40
[  403.641197][T11207]  __se_sys_sendmsg+0x1c2/0x2b0
[  403.646082][T11207]  ? __x64_sys_sendmsg+0x80/0x80
[  403.651065][T11207]  ? lockdep_hardirqs_on+0x98/0x150
[  403.656321][T11207]  do_syscall_64+0x55/0xa0
[  403.660766][T11207]  ? clear_bhb_loop+0x40/0x90
[  403.665477][T11207]  ? clear_bhb_loop+0x40/0x90
[  403.670183][T11207]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  403.676111][T11207] RIP: 0033:0x7f49cf19cdd9
[  403.680555][T11207] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  403.700213][T11207] RSP: 002b:00007f49d0028028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  403.708658][T11207] RAX: ffffffffffffffda RBX: 00007f49cf415fa0 RCX: 00007f49cf19cdd9
[  403.716655][T11207] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003
[  403.724653][T11207] RBP: 00007f49d0028090 R08: 0000000000000000 R09: 0000000000000000
[  403.732647][T11207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.740637][T11207] R13: 00007f49cf416038 R14: 00007f49cf415fa0 R15: 00007ffd8d0c3918
[  403.748651][T11207]  </TASK>
[  405.410858][ T1082] wlan1: Creating new IBSS network, BSSID 1e:7d:a5:ca:b1:ea
[  405.592634][T11223] netlink: 'syz.1.1975': attribute type 25 has an invalid length.
[  405.600574][T11223] netlink: 'syz.1.1975': attribute type 28 has an invalid length.
[  405.688097][T11226] netlink: 'syz.2.1978': attribute type 2 has an invalid length.
[  405.706936][T11224] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  405.750034][T11226] netlink: 'syz.2.1978': attribute type 1 has an invalid length.
[  405.772127][T11224] netlink: 'syz.0.1976': attribute type 3 has an invalid length.
[  405.780306][T11224] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.1976'.
[  405.823878][T11226] netlink: 'syz.2.1978': attribute type 1 has an invalid length.
[  405.848335][T11226] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.1978'.
[  406.123492][T11240] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1982'.
[  406.138322][T11240] openvswitch: netlink: Flow key attribute not present in set flow.
[  407.965825][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  410.512615][T11298] netlink: 'syz.0.2002': attribute type 2 has an invalid length.
[  410.532166][T11301] netlink: 'syz.0.2002': attribute type 1 has an invalid length.
[  410.733681][T11298] netlink: 'syz.0.2002': attribute type 1 has an invalid length.
[  410.770522][T11298] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.2002'.
[  410.997899][T11309] netlink: 'syz.2.2007': attribute type 39 has an invalid length.
[  411.352807][T11327] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  411.373815][T11328] netlink: 'syz.2.2013': attribute type 13 has an invalid length.
[  411.382622][T11328] netlink: 160 bytes leftover after parsing attributes in process `syz.2.2013'.
[  411.422677][T11328] erspan0: refused to change device tx_queue_len
[  411.443054][T11328] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  411.465792][T11327] netlink: 'syz.1.2014': attribute type 3 has an invalid length.
[  411.481513][T11327] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.2014'.
[  411.720573][T11335] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2015'.
[  412.252221][T11344] netlink: 'syz.3.2020': attribute type 39 has an invalid length.
[  412.467413][T11354] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  412.507151][T11354] netlink: 'syz.3.2023': attribute type 3 has an invalid length.
[  412.520269][T11354] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.2023'.
[  413.951410][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  413.958115][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  414.332529][T11375] netlink: 'syz.3.2029': attribute type 13 has an invalid length.
[  414.340819][T11375] netlink: 160 bytes leftover after parsing attributes in process `syz.3.2029'.
[  414.398374][T11375] erspan0: refused to change device tx_queue_len
[  414.426618][T11375] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  414.453673][T11374] netlink: 'syz.0.2031': attribute type 39 has an invalid length.
[  414.468582][T11377] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2032'.
[  414.486454][T11377] openvswitch: netlink: Flow key attribute not present in set flow.
[  414.664321][T11386] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  414.695781][T11386] netlink: 'syz.0.2034': attribute type 3 has an invalid length.
[  414.706684][T11386] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.2034'.
[  414.903221][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  416.422002][T11404] netlink: 'syz.2.2042': attribute type 39 has an invalid length.
[  416.809014][T11415] netlink: 'syz.1.2051': attribute type 39 has an invalid length.
[  416.850402][T11412] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2044'.
[  416.866163][T11412] openvswitch: netlink: Flow key attribute not present in set flow.
[  417.064101][   T36] wlan1: Trigger new scan to find an IBSS to join
[  417.081789][   T12] wlan1: Trigger new scan to find an IBSS to join
[  417.197915][T11421] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  417.237252][T11421] netlink: 'syz.2.2046': attribute type 3 has an invalid length.
[  417.251055][T11421] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.2046'.
[  417.591630][T11436] netlink: 'syz.1.2050': attribute type 13 has an invalid length.
[  417.610722][T11436] netlink: 160 bytes leftover after parsing attributes in process `syz.1.2050'.
[  417.654137][T11436] erspan0: refused to change device tx_queue_len
[  417.660629][T11436] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  418.396255][   T36] wlan1: Creating new IBSS network, BSSID 16:71:79:0f:f7:d3
[  418.769868][T11449] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  418.848817][T11449] netlink: 'syz.3.2057': attribute type 3 has an invalid length.
[  418.877116][T11449] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.2057'.
[  419.120970][T11466] netlink: 'syz.2.2072': attribute type 39 has an invalid length.
[  419.407430][T11473] netlink: 'syz.2.2075': attribute type 39 has an invalid length.
[  419.950230][   T12] wlan1: Trigger new scan to find an IBSS to join
[  420.812525][T11493] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  420.919081][T11493] netlink: 'syz.0.2073': attribute type 3 has an invalid length.
[  420.931625][T11493] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.2073'.
[  421.159994][T11500] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2077'.
[  421.298530][T11508] netlink: 'syz.0.2078': attribute type 39 has an invalid length.
[  421.711499][   T48] wlan1: Trigger new scan to find an IBSS to join
[  422.903893][   T12] wlan1: Trigger new scan to find an IBSS to join
[  423.955652][   T48] wlan1: Trigger new scan to find an IBSS to join
[  424.654921][T11532] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  424.690788][T11539] netlink: 'syz.1.2088': attribute type 39 has an invalid length.
[  424.720683][T11535] netlink: 'syz.2.2093': attribute type 10 has an invalid length.
[  424.736048][T11535] veth0_vlan: left allmulticast mode
[  424.813870][T11535] veth0_vlan: left promiscuous mode
[  424.841301][T11535] veth0_vlan: entered promiscuous mode
[  424.876904][T11535] team0: Device veth0_vlan failed to register rx_handler
[  424.931309][   T12] wlan1: Creating new IBSS network, BSSID 3e:90:1b:9e:79:5d
[  424.972184][T11532] netlink: 'syz.3.2085': attribute type 3 has an invalid length.
[  425.012014][T11532] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.2085'.
[  425.085168][T11544] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  425.132199][T11545] netlink: 'syz.0.2087': attribute type 3 has an invalid length.
[  425.148012][T11545] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.2087'.
[  425.332479][T11552] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2091'.
[  425.738332][T11560] tap0: tun_chr_ioctl cmd 1074812118
[  425.858048][T11564] netlink: 'syz.0.2094': attribute type 10 has an invalid length.
[  426.929249][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  427.006990][T11577] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2102'.
[  427.042037][T11577] openvswitch: netlink: Flow key attribute not present in set flow.
[  428.911968][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  429.376452][T11584] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  429.387052][T11586] netlink: 'syz.0.2103': attribute type 3 has an invalid length.
[  429.395893][T11586] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.2103'.
[  429.415683][T11592] netlink: 'syz.1.2105': attribute type 10 has an invalid length.
[  429.454650][T11592] veth0_vlan: left allmulticast mode
[  429.544481][T11592] veth0_vlan: left promiscuous mode
[  429.557827][T11592] veth0_vlan: entered promiscuous mode
[  429.569730][T11592] team0: Device veth0_vlan failed to register rx_handler
[  429.857934][T11606] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2111'.
[  429.944277][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  430.092853][T11613] netlink: 'syz.1.2109': attribute type 10 has an invalid length.
[  430.406068][T11618] tap0: tun_chr_ioctl cmd 1074812118
[  430.973268][T11634] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  430.993894][T11634] netlink: 'syz.3.2116': attribute type 3 has an invalid length.
[  431.004966][T11634] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.2116'.
[  431.952085][   T12] wlan1: Trigger new scan to find an IBSS to join
[  432.841271][T11640] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2122'.
[  433.128372][T11647] tap0: tun_chr_ioctl cmd 1074812118
[  433.178483][T11646] netlink: 'syz.3.2124': attribute type 10 has an invalid length.
[  433.198536][T11646] veth0_vlan: left allmulticast mode
[  433.431417][T11646] veth0_vlan: left promiscuous mode
[  433.471275][T11646] veth0_vlan: entered promiscuous mode
[  433.525691][T11646] team0: Device veth0_vlan failed to register rx_handler
[  433.757609][T11657] netlink: 'syz.2.2126': attribute type 10 has an invalid length.
[  433.887944][T11663] netlink: 'syz.1.2130': attribute type 39 has an invalid length.
[  433.931813][T11646] syz.3.2124 (11646) used greatest stack depth: 18664 bytes left
[  434.318301][T11674] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2133'.
[  434.532966][T11678] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  434.554791][T11678] netlink: 'syz.2.2136': attribute type 3 has an invalid length.
[  434.586513][T11678] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.2136'.
[  434.917075][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  434.925758][   T36] wlan1: Trigger new scan to find an IBSS to join
[  435.159306][T11688] FAULT_INJECTION: forcing a failure.
[  435.159306][T11688] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  435.173257][T11688] CPU: 0 PID: 11688 Comm: syz.1.2139 Not tainted syzkaller #0
[  435.180794][T11688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  435.190911][T11688] Call Trace:
[  435.194247][T11688]  <TASK>
[  435.197228][T11688]  dump_stack_lvl+0x18c/0x250
[  435.201988][T11688]  ? show_regs_print_info+0x20/0x20
[  435.207267][T11688]  ? load_image+0x420/0x420
[  435.211835][T11688]  ? __might_fault+0xaa/0x120
[  435.216581][T11688]  ? __lock_acquire+0x7d40/0x7d40
[  435.221662][T11688]  ? __kasan_slab_alloc+0x6c/0x80
[  435.226764][T11688]  should_fail_ex+0x39d/0x4d0
[  435.231535][T11688]  strncpy_from_user+0x36/0x2d0
[  435.236472][T11688]  getname_flags+0xf6/0x500
[  435.241058][T11688]  __x64_sys_mkdirat+0x7c/0xa0
[  435.245890][T11688]  do_syscall_64+0x55/0xa0
[  435.250366][T11688]  ? clear_bhb_loop+0x40/0x90
[  435.255109][T11688]  ? clear_bhb_loop+0x40/0x90
[  435.259863][T11688]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  435.265830][T11688] RIP: 0033:0x7f39a7b9cdd9
[  435.270314][T11688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  435.289999][T11688] RSP: 002b:00007f39a8a99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  435.298489][T11688] RAX: ffffffffffffffda RBX: 00007f39a7e15fa0 RCX: 00007f39a7b9cdd9
[  435.306524][T11688] RDX: 00000000000001ff RSI: 0000200000000340 RDI: 000000000000000c
[  435.314569][T11688] RBP: 00007f39a8a99090 R08: 0000000000000000 R09: 0000000000000000
[  435.322613][T11688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.330652][T11688] R13: 00007f39a7e16038 R14: 00007f39a7e15fa0 R15: 00007ffc8d637038
[  435.338730][T11688]  </TASK>
[  435.439128][T11691] netlink: 'syz.2.2141': attribute type 39 has an invalid length.
[  435.702978][T11695] netlink: 'syz.0.2140': attribute type 10 has an invalid length.
[  435.744114][T11695] veth0_vlan: left allmulticast mode
[  435.903383][T11695] veth0_vlan: left promiscuous mode
[  435.934747][T11695] veth0_vlan: entered promiscuous mode
[  435.987221][T11695] team0: Device veth0_vlan failed to register rx_handler
[  436.118991][T11704] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2145'.
[  436.130334][T11697] netlink: 'syz.3.2143': attribute type 10 has an invalid length.
[  436.269934][T11695] syz.0.2140 (11695) used greatest stack depth: 18600 bytes left
[  437.211808][   T12] wlan1: Trigger new scan to find an IBSS to join
[  437.941952][ T3465] wlan1: Creating new IBSS network, BSSID d2:6a:6a:9c:24:d0
[  438.233922][T11731] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2155'.
[  438.319345][T11731] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2155'.
[  438.328709][T11734] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2156'.
[  438.342123][T11735] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2155'.
[  438.383400][T11731] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2155'.
[  439.025860][   T12] wlan1: Trigger new scan to find an IBSS to join
[  439.167913][T11746] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  439.195087][T11746] netlink: 'syz.2.2160': attribute type 3 has an invalid length.
[  439.207782][T11746] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.2160'.
[  439.254577][T11748] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2161'.
[  439.271964][T11748] openvswitch: netlink: Flow key attribute not present in set flow.
[  440.008430][T11772] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2168'.
[  440.106373][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  440.161830][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  440.203001][ T1082] wlan1: Creating new IBSS network, BSSID 2a:5e:bc:7f:dc:4e
[  440.237559][T11776] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2169'.
[  440.798817][T11784] openvswitch: netlink: Flow key attribute not present in set flow.
[  440.851286][T11786] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  440.880032][T11786] netlink: 'syz.1.2172': attribute type 3 has an invalid length.
[  441.426646][T11805] __nla_validate_parse: 5 callbacks suppressed
[  441.426665][T11805] netlink: 830 bytes leftover after parsing attributes in process `syz.0.2179'.
[  441.707355][T11811] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2182'.
[  441.716973][T11811] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2182'.
[  441.733430][T11811] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2182'.
[  441.749201][T11811] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2182'.
[  442.397305][   T12] wlan1: Trigger new scan to find an IBSS to join
[  442.543886][T11814] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2183'.
[  442.560947][T11814] openvswitch: netlink: Flow key attribute not present in set flow.
[  442.969070][T11828] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  442.983698][   T48] wlan1: Trigger new scan to find an IBSS to join
[  443.148943][T11828] netlink: 'syz.0.2189': attribute type 3 has an invalid length.
[  443.172412][T11828] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.2189'.
[  444.982335][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  445.243806][T11847] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2194'.
[  445.261830][T11847] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2194'.
[  445.274409][T11847] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2194'.
[  445.786700][T11856] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  445.851577][T11856] netlink: 'syz.2.2198': attribute type 3 has an invalid length.
[  446.109796][T11863] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  446.119206][T11864] netlink: 'syz.3.2200': attribute type 3 has an invalid length.
[  447.943042][   T48] wlan1: Trigger new scan to find an IBSS to join
[  448.475290][T11894] netlink: 'syz.2.2209': attribute type 3 has an invalid length.
[  448.501671][T11894] __nla_validate_parse: 3 callbacks suppressed
[  448.501689][T11894] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2209'.
[  448.795397][T11904] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  448.836777][T11904] netlink: 'syz.1.2213': attribute type 3 has an invalid length.
[  448.868527][T11904] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.2213'.
[  450.845248][ T3465] wlan1: Trigger new scan to find an IBSS to join
[  450.861893][   T48] wlan1: Trigger new scan to find an IBSS to join
[  451.125768][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  451.132548][ T1082] wlan1: Trigger new scan to find an IBSS to join
[  451.535354][T11930] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2222'.
[  451.552103][T11930] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  451.786208][T11935] netlink: 'syz.3.2223': attribute type 3 has an invalid length.
[  451.807832][T11935] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2223'.
[  452.870617][   T36] wlan1: Creating new IBSS network, BSSID 22:1b:ee:07:05:78
[  452.880081][   T48] wlan1: Creating new IBSS network, BSSID b2:fd:2a:67:87:77
[  452.889722][T11940] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  452.902642][   T59] ------------[ cut here ]------------
[  452.908573][   T59] WARNING: CPU: 1 PID: 59 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440
[  452.918696][   T59] Modules linked in:
[  452.922717][   T59] CPU: 1 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0
[  452.930145][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  452.940343][   T59] Workqueue: cfg80211 cfg80211_event_work
[  452.946376][   T59] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[  452.952734][   T59] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e7 8d a0 f7 0f 0b eb bb e8 de 8d a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 d0 8d a0 f7 0f 0b e9 e0 fd ff ff e8
[  452.972481][   T59] RSP: 0018:ffffc900015a7a20 EFLAGS: 00010293
[  452.978612][   T59] RAX: ffffffff89e69422 RBX: dffffc0000000000 RCX: ffff88801cec3c00
[  452.986689][   T59] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8fe0
[  452.994012][T11941] netlink: 'syz.0.2225': attribute type 3 has an invalid length.
[  452.996083][   T59] RBP: ffffc900015a7af8 R08: ffffffff911c656f R09: 1ffffffff2238cad
[  453.010594][   T59] R10: dffffc0000000000 R11: fffffbfff2238cae R12: ffff88805de28c90
[  453.018679][   T59] R13: 1ffff920002b4f4c R14: ffff88802149b5b8 R15: 000000000000001f
[  453.026751][   T59] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  453.029619][T11941] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.2225'.
[  453.035847][   T59] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  453.035869][   T59] CR2: 0000001b2d611ff8 CR3: 000000003166f000 CR4: 00000000003506e0
[  453.059838][   T59] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  453.068342][   T59] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  453.076413][   T59] Call Trace:
[  453.079742][   T59]  <TASK>
[  453.082783][   T59]  ? mutex_lock_nested+0x20/0x20
[  453.087784][   T59]  ? trace_rdev_return_void+0x1c0/0x1c0
[  453.093426][   T59]  cfg80211_process_wdev_events+0x3bc/0x550
[  453.099388][   T59]  cfg80211_process_rdev_events+0xa1/0x110
[  453.105305][   T59]  cfg80211_event_work+0x2f/0x40
[  453.110301][   T59]  ? process_scheduled_works+0x96f/0x15d0
[  453.116112][   T59]  process_scheduled_works+0xa5d/0x15d0
[  453.121818][   T59]  ? worker_attach_to_pool+0x380/0x380
[  453.127341][   T59]  ? assign_work+0x3d2/0x5d0
[  453.132021][   T59]  worker_thread+0xa55/0xfc0
[  453.136698][   T59]  kthread+0x2fa/0x390
[  453.140824][   T59]  ? pr_cont_work+0x560/0x560
[  453.145862][   T59]  ? kthread_blkcg+0xd0/0xd0
[  453.150515][   T59]  ret_from_fork+0x48/0x80
[  453.155138][   T59]  ? kthread_blkcg+0xd0/0xd0
[  453.159784][   T59]  ret_from_fork_asm+0x11/0x20
[  453.164686][   T59]  </TASK>
[  453.167770][   T59] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  453.175084][   T59] CPU: 1 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0
[  453.182513][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  453.192609][   T59] Workqueue: cfg80211 cfg80211_event_work
[  453.198387][   T59] Call Trace:
[  453.201697][   T59]  <TASK>
[  453.204663][   T59]  dump_stack_lvl+0x18c/0x250
[  453.209401][   T59]  ? show_regs_print_info+0x20/0x20
[  453.214655][   T59]  ? load_image+0x420/0x420
[  453.219224][   T59]  panic+0x2dc/0x730
[  453.223190][   T59]  ? bpf_jit_dump+0xd0/0xd0
[  453.227760][   T59]  ? ret_from_fork_asm+0x11/0x20
[  453.232765][   T59]  __warn+0x2e0/0x470
[  453.236794][   T59]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  453.242388][   T59]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  453.247978][   T59]  report_bug+0x2be/0x4f0
[  453.252349][   T59]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  453.257962][   T59]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  453.263566][   T59]  ? __cfg80211_ibss_joined+0x3d4/0x440
[  453.269167][   T59]  handle_bug+0xcf/0x120
[  453.273457][   T59]  exc_invalid_op+0x1a/0x50
[  453.278006][   T59]  asm_exc_invalid_op+0x1a/0x20
[  453.282904][   T59] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[  453.289139][   T59] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e7 8d a0 f7 0f 0b eb bb e8 de 8d a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 d0 8d a0 f7 0f 0b e9 e0 fd ff ff e8
[  453.308798][   T59] RSP: 0018:ffffc900015a7a20 EFLAGS: 00010293
[  453.314925][   T59] RAX: ffffffff89e69422 RBX: dffffc0000000000 RCX: ffff88801cec3c00
[  453.322949][   T59] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8fe0
[  453.331000][   T59] RBP: ffffc900015a7af8 R08: ffffffff911c656f R09: 1ffffffff2238cad
[  453.339020][   T59] R10: dffffc0000000000 R11: fffffbfff2238cae R12: ffff88805de28c90
[  453.347048][   T59] R13: 1ffff920002b4f4c R14: ffff88802149b5b8 R15: 000000000000001f
[  453.355083][   T59]  ? __cfg80211_ibss_joined+0x3d2/0x440
[  453.360687][   T59]  ? mutex_lock_nested+0x20/0x20
[  453.365664][   T59]  ? trace_rdev_return_void+0x1c0/0x1c0
[  453.371268][   T59]  cfg80211_process_wdev_events+0x3bc/0x550
[  453.377207][   T59]  cfg80211_process_rdev_events+0xa1/0x110
[  453.383043][   T59]  cfg80211_event_work+0x2f/0x40
[  453.388012][   T59]  ? process_scheduled_works+0x96f/0x15d0
[  453.393763][   T59]  process_scheduled_works+0xa5d/0x15d0
[  453.399378][   T59]  ? worker_attach_to_pool+0x380/0x380
[  453.404880][   T59]  ? assign_work+0x3d2/0x5d0
[  453.409511][   T59]  worker_thread+0xa55/0xfc0
[  453.414151][   T59]  kthread+0x2fa/0x390
[  453.418254][   T59]  ? pr_cont_work+0x560/0x560
[  453.422959][   T59]  ? kthread_blkcg+0xd0/0xd0
[  453.427580][   T59]  ret_from_fork+0x48/0x80
[  453.432022][   T59]  ? kthread_blkcg+0xd0/0xd0
[  453.436637][   T59]  ret_from_fork_asm+0x11/0x20
[  453.441467][   T59]  </TASK>
[  453.445093][   T59] Kernel Offset: disabled
[  453.449513][   T59] Rebooting in 86400 seconds..