last executing test programs:

4.810622336s ago: executing program 1 (id=5367):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d80000001a0081044e81f782db4cb9041c1d0800fe007c05e8fe55a1280001000002020000000000080005007a010401a80016002000034004020000035c0461c900004f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee501534eedba07d6e239b7a1ca16854695d1f79064485e75106300fa125f3d4ece1a0fa80983a3f1fdb3fefe626503fd22d1cc58463d0346a61fde641561ee9c811dc0c1cd706ff2f41398d8e7369039e7ff837d3150d78569e4243b96f7e5080199891344de62a210156a7b0a", 0xd8}], 0x1}, 0x20014000)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x8, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_config_ext={0xffffffffffffff7f}, 0x111311, 0x1, 0x0, 0x1, 0x20000, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x1}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xffffff7f, 0x0, 0x1}, 0x50)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0x4, &(0x7f0000000380)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x39}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
close(r3)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/105, 0x0, &(0x7f0000000580), 0x7, r3, 0x4}, 0x38)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0xd}, 0x0, 0x80000, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000500000003000000010000fd020000000501040000000080050000004d3655070000000000000f01000000b500612e6100d2fd08c3499d6c4e74f01d4e21082b1abb5ea8a506d5d6531d9d5707184c896c7bf8fdbc45"], 0x0, 0x45, 0x0, 0x1, 0x5}, 0x28)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x2000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r5)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)

4.618592502s ago: executing program 0 (id=5371):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040), 0x4)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x20040810}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = perf_event_open(&(0x7f0000000500)={0x3, 0x80, 0x28, 0x1, 0x0, 0x4, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)="cb423a11b33192d673ba4c831a9adca48ca7", &(0x7f0000000640), 0x1003, r3}, 0x38)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r3}, 0x38)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000500)=""/16, 0x46, 0x10, 0x1}, 0x28)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
close(0x3)

2.666619524s ago: executing program 3 (id=5373):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="180000006000000000000000000000009500000000000000c0af93d3b5f2048838ad3e52017750ea7f83ef6d186d59621d48d09b5c249d1a128fca2d1fccf274f1791a5aa5e341c630beee9a9e4e3f08e46613ef2ffae83419aa7a8b8b05657f8750a75cdd1d4f5882ebc55f7f1eb6eeded111601d3a7e99551430bc118879f3afce41f5b824f865e624959cda55a142f791f90a0918994eed0775834f9509a08fe46c1bf3cf715be0060faaf96ccf0dfa7ff7481de46644725d348a0909a57384fd8426960f6012b4438470cf6cb7dffc23354c65a7a67ad2e80d8e63fb8fd0eada62d2152cf66c34aacd39905fe272b60b0000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)

2.663589315s ago: executing program 0 (id=5374):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc786b409ac930c90ff90f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d858952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09e3187a10d905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf44"], &(0x7f0000000340)='syzkaller\x00', 0x3f}, 0x94)
socket$kcm(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000500000400"/18], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007110000002000000850000000500000095000000000000009500a50500000000b041a92006"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x20, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x70)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e0000003e000511d25a80698c6394090124fc602f6e354016000180000000030000000000002cd65c65c3d7", 0x2c}], 0x1, 0x0, 0x0, 0x39c}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x7, &(0x7f00000000c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x9, 0x5c, &(0x7f00000001c0)=""/92, 0x40f00, 0x80, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000009c0)={0x0, 0x3, 0x8, 0x4}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000ac0)=[{0x3, 0x5, 0x2, 0x3}, {0x0, 0x1, 0x4, 0xa}, {0x5, 0x3, 0x7, 0x9}, {0x2, 0x3, 0x10, 0xc}, {0x4, 0x2, 0xc, 0x2}, {0x0, 0x5, 0x0, 0x8}], 0x10, 0x8}, 0x94)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188041f56ecdb4cb9cca7480ef432000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x20000000)

2.662723424s ago: executing program 1 (id=5375):
perf_event_open(&(0x7f0000000380)={0x1, 0x80, 0x0, 0x16, 0x2, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0xca, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x2, 0x922000000001, 0x106)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000001000)='ns/pid_for_children\x00')
syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/cgroup\x00')
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0xfffffffc, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2, 0x1000000000000002, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/uts\x00')
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000200)=ANY=[@ANYRES8=r1, @ANYRES8=r5], 0x12)

2.588340357s ago: executing program 3 (id=5376):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x20040810}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = perf_event_open(&(0x7f0000000500)={0x3, 0x80, 0x28, 0x1, 0x0, 0x4, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)="cb423a11b33192d673ba4c831a9adca48ca7", &(0x7f0000000640), 0x1003, r3}, 0x38)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r3}, 0x38)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000500)=""/16, 0x46, 0x10, 0x1}, 0x28)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
close(0x3)

2.587000507s ago: executing program 2 (id=5377):
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606, 0x3ff, 0xfffffffd, 0x0, 0x5, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x7400}, 0x4050)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00', 0x20})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x84, 0x83, &(0x7f0000000000)=r4, 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f9, &(0x7f0000000080))
r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
socket$kcm(0x2c, 0x3, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0)=r8, 0x4)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x4000}, 0x0, 0xffffffffffffffff, r7, 0x0)
r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x2, 0x0, 0x40000004, 0xa021, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x82, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close(0x3)
r10 = socket$kcm(0x10, 0x3, 0x10)
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000100)=r9, 0x4)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x0, 0x10000, 0x0, 0x5, 0x9, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2a1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$kcm(0x11, 0x2, 0x0)

2.49835885s ago: executing program 1 (id=5378):
close(0x3)
socket$kcm(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100c, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
socket$kcm(0x10, 0x2, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})

2.483961s ago: executing program 0 (id=5379):
perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10040, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x2, 0x20000}, 0x0, 0x0, 0x0, 0x6, 0x7, 0x1, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="7a0a00ff00000000711076000000000095000000000000006e4448521f10d651a78d5b8dda4332edb55d450e1699739eb240046c51efea297d3cfacddbe2"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
close(r0)
perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000), 0x2a979d)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000a40)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xaf\xcc\xeeR\xf2/\x00\x00E>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xcc\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')
socket$kcm(0x29, 0x5, 0x0)
syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071003f00000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000080)='cgroup.freeze\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0x2f4de90d3c4b6629}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000500)=""/114, 0x72}, {0x0, 0xffa1}], 0x3}, 0x120)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000480)=0x1, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)

2.358052114s ago: executing program 3 (id=5380):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d80000001a0081044e81f782db4cb9041c1d0800fe007c05e8fe55a1280001000002020000000000080005007a010401a80016002000034004020000035c0461c900004f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee501534eedba07d6e239b7a1ca16854695d1f79064485e75106300fa125f3d4ece1a0fa80983a3f1fdb3fefe626503fd22d1cc58463d0346a61fde641561ee9c811dc0c1cd706ff2f41398d8e7369039e7ff837d3150d78569e4243b96f7e5080199891344de62a210156a7b0a", 0xd8}], 0x1}, 0x20014000)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x8, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_config_ext={0xffffffffffffff7f}, 0x111311, 0x1, 0x0, 0x1, 0x20000, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x1}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xffffff7f, 0x0, 0x1}, 0x50)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0x4, &(0x7f0000000380)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x39}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
close(r3)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/105, 0x0, &(0x7f0000000580)="bca13f58108937270789108abef62fc69699d33b5b5ef0def2fb77dbb117902c28122e2f2fb8ac793c47db676efd92aeacef4f223cdb490d7eaa0860b0", 0x7, r3, 0x4}, 0x38)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0xd}, 0x0, 0x80000, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000500000003000000010000fd020000000501040000000080050000004d3655070000000000000f01000000b500612e6100d2fd08c3499d6c4e74f01d4e21082b1abb5ea8a506d5d6531d9d5707184c896c7bf8fdbc45"], 0x0, 0x45, 0x0, 0x1, 0x5}, 0x28)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x2000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r5)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)

2.354708874s ago: executing program 1 (id=5381):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r3}, &(0x7f0000000080), &(0x7f0000000780)}, 0x20)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000180)=r5)
write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)

2.269168187s ago: executing program 2 (id=5382):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x15, 0x9, &(0x7f0000000000)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x45c5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000000080)='syzkaller\x00', 0x23, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0xa, 0xfffffffa, 0x927b}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000140)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x10000}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280)={r0, r1}, 0xc)
r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', 0x0, 0x18}, 0x18)
sendmsg(r1, &(0x7f00000005c0)={&(0x7f0000000340)=@l2tp6={0xa, 0x0, 0x5, @remote, 0x1, 0x1}, 0x80, &(0x7f0000000540)=[{&(0x7f00000003c0)="db5d54a363d045024850d80e0be95dd472d9d7b55f44a0cd42dbd788aa045d6ce694a34b7fc7f410a357755e6aa5d65120a785a86bf27e8e8c3fd7a08d61254c2fa19c98e1ca7527a047c066614059b8659854a8bd3905617cca5bee078ab10d01c04818533c3d5af61b49566dbe18ab0ac710d1c5ec4b908bed12380b6803b5ce", 0x81}, {&(0x7f0000000480)="4d98e1568e6ae045ebf18adff9be2900333f40ade33c00d107347a0c7bd1aa66764dbb922be5dc7e541316521b55b657765708e61d407a510d0753fd3a06d5992ff4977c73d84ec6d2fd8da1f8f04fea783771e56efb3072da1014b188ea22a81758a2b20222bed08c1deffd3f97f545f32d7c7992dca1ca97830e70fa3bee47b7e9002d508aafae7299190f8d0d6899d7df0c42967a4faf1c9fad6e4a23", 0x9e}], 0x2, &(0x7f0000000580)}, 0x8010)
r3 = openat$cgroup(r1, &(0x7f0000000600)='syz0\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000740)={@ifindex=<r4=>0x0, 0xd, 0x1, 0xff, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0], &(0x7f0000000700)=[0x0, 0x0], <r5=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={@map=r1, r0, 0x1b, 0x1f, r0, @void, @value=r0, @void, @void, r5}, 0x20)
sendmsg$sock(r1, &(0x7f0000000a00)={&(0x7f00000007c0)=@can={0x1d, r4}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000840)="19e08eb4ce46288d45fd42536bfdb5146f48e99da147436b5305ce06931e5890ddaace3abf387d62f666fc641e0910f3788a3080fbd1357e18e562cdfec4cf84138b764c6de686540215d5ecbe28d7fcaeaa0d302ae5babdadb49c3dbe2023af675488ef76d746845affb7f6132e3f17996087c3b30b28e037f3de6fd4bbc533687ff39dfaa6e958dd795c396904637c0b6f316382994e8ad5", 0x99}, {&(0x7f0000000900)="171fa2b8b360c13579240e837f9ab89bf4974bb28cdada050467b99ecf2e9604f9cdff54160bb4afdbbf880332c034202da7d22a37dab988880cbd548db86171d505654d7ee1e00c9ac6ef5ac2600e7cbbfc1d59", 0x54}], 0x2, &(0x7f00000009c0)=[@txtime={{0x18, 0x1, 0x3d, 0x5}}], 0x18}, 0x4000)
openat$cgroup_pressure(r1, &(0x7f0000000a40)='memory.pressure\x00', 0x2, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000b00)={r2, 0x58, &(0x7f0000000a80)={0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000b40)={r6, 0x81, 0x10}, 0xc)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000b80)={0xfffffffc}, 0x8)
r8 = openat$cgroup_ro(r1, &(0x7f0000000bc0)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$TUNSETCARRIER(r8, 0x400454e2, &(0x7f0000000c00)=0x1)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000c80)=@o_path={&(0x7f0000000c40)='./file0\x00', r8, 0x4000, r3}, 0x18)
r9 = openat$cgroup(r1, &(0x7f0000000cc0)='syz0\x00', 0x200002, 0x0)
openat$cgroup_int(r9, &(0x7f0000000d00)='pids.max\x00', 0x2, 0x0)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000d40)=r2, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000d80)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x8, '\x00', r4, r1, 0x0, 0x3}, 0x50)
r10 = openat$cgroup_ro(r1, &(0x7f0000000e00)='cpuset.memory_pressure\x00', 0x0, 0x0)
ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000e40)=0x1)
ioctl$TUNSETVNETLE(r10, 0x400454dc, &(0x7f0000000e80))
openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000ec0), 0x2, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001000)={@ifindex=r7, 0x2e, 0x0, 0x5, &(0x7f0000000f00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000f40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000f80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000fc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
openat$cgroup_procs(r8, &(0x7f0000001040)='cgroup.procs\x00', 0x2, 0x0)
recvmsg(r10, &(0x7f0000001240)={&(0x7f0000001080)=@isdn, 0x80, &(0x7f0000001200)=[{&(0x7f0000001100)=""/5, 0x5}, {&(0x7f0000001140)=""/161, 0xa1}], 0x2}, 0x10000)
openat$tun(0xffffffffffffff9c, &(0x7f0000001280), 0x90802, 0x0)
recvmsg$unix(r8, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f00000012c0)=""/178, 0xb2}, {&(0x7f0000001380)=""/48, 0x30}, {&(0x7f00000013c0)=""/38, 0x26}, {&(0x7f0000001400)=""/61, 0x3d}, {&(0x7f0000001440)=""/28, 0x1c}, {&(0x7f0000001480)=""/173, 0xad}, {&(0x7f0000001540)=""/24, 0x18}], 0x7, &(0x7f0000001600)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x128}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000017c0)={'dvmrp1\x00', @multicast})

2.096001882s ago: executing program 2 (id=5383):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040), 0x4)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x20040810}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = perf_event_open(&(0x7f0000000500)={0x3, 0x80, 0x28, 0x1, 0x0, 0x4, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)="cb423a11b33192d673ba4c831a9adca48ca7", &(0x7f0000000640), 0x1003, r3}, 0x38)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r3}, 0x38)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000500)=""/16, 0x46, 0x10, 0x1}, 0x28)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
close(0x3)

428.807876ms ago: executing program 3 (id=5384):
r0 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}, 0xffffff7f}}, 0x80, 0x0}, 0x0)

391.637157ms ago: executing program 0 (id=5385):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb01001800000002000000200000002000000002000000000000000100000d0200000000000000000000000000000000000004"], 0x0, 0x3a, 0x0, 0x1}, 0x28)

353.465038ms ago: executing program 1 (id=5386):
r0 = socket$kcm(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x430, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0}, 0xc800, 0x0, 0xfffffffc, 0x9, 0xb0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="13009aa2cc02f39500e5baf9ffffff00000000000400000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0x400c78, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xb, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2ce4}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
setsockopt$sock_attach_bpf(r1, 0x1, 0x14, &(0x7f0000000040)=r3, 0x3b)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="0e00000004000000040000000900000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000000000000000000000000000005045d5039378c4ace3512e52b0b48cc5c955d07925b08a18944c77cfd9fb2070725d1bcdbe0b38072cc91691bce55071582bad69cefe6a41c0adc9870efd66e89dca1c96b8372fa1cdfb6959d1b2b4c567fee8707e41addee90519d2c9d2bb8b6a7f5b12d0e115f84d9ab6fe1d0a30d79fd87b5e2875f15dbefdeb410a5f21bfe99eeb7368faace6d7c9d20eaf4c15f36ad62f25c8eb5ab6e94766578c868906e5cfe78cecd228112f1e0a955bd8c0737ec89d096d5c923273cc9acf15296575fe7c1342190b765388fbfeea9a91c168f4e1cbaa894f71fc49730f04a85f2645d210036b6ec0f0136509f4bf18f5442d4f5e640995316fd4870699ab64e021467e7df7e66a21a7a5b86fe3b616f43dc0b0722e4a501e7e99ab26bfc0f5e17c8e46afae39ccb3b380821414d28fb2829f8677bb2d5ef81f1cba5224e1ad4d1911c664974fea7c20fe48d89c5d7a4f51dc6d0e39bb0d4be1a9dcd70a710d81a4a57c337db22d9ff09a3c325d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000500)={r4, &(0x7f00000004c0)}, 0x20)
r5 = socket$kcm(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x3, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff23, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
bpf$MAP_CREATE(0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="0900000001000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000100008000000b681cb300000000000000cbe7ca791700000000000000000088419a1e340a443ad76e4110426baafd2125f0f252a4c168fb5ddcc1e519fac9507f3a60507f508e601466b31150778083deaa13ae737d38be59bb3ca793c2fe7080c10794225f93a773d00476c475e6e636beb691e2105ad4a53cf1a08cfd1426aeed0538b6a66af8b1e853b4739e2fb3171171f144185506f74ab7a6e22ec705083929ca1116a79e9c131dfe5656ba597e3d00535f31d3bc072e585f677029a7e89192e5388f90aaaf109bfcace1e5e7c41d7d629e4efb37506f6d02d416800a1cb6a7cca44d6bcec2bdf77fdb1d87112319e7d3fc3ad46d2c021713c0e5bb3d6b942254790352955382d1f07c96"], 0x50)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r9 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x7, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r9, 0x40042408, r10)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES64=r4, @ANYRESOCT=r0, @ANYRES32=r9, @ANYRESDEC=r4, @ANYRESHEX=r10], 0x50)
recvmsg$kcm(r5, &(0x7f0000000e00)={&(0x7f00000005c0)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000640)=""/242, 0xf2}, {&(0x7f0000000a40)=""/180, 0xb4}, {&(0x7f0000000b00)=""/247, 0xf7}, {&(0x7f0000000c00)=""/201, 0xc9}], 0x4, &(0x7f0000000d40)=""/191, 0xbf}, 0x60)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r11, <r12=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000005000000000000001000000818110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

352.343948ms ago: executing program 2 (id=5387):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc786b409ac930c90ff90f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d858952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09e3187a10d905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf44"], &(0x7f0000000340)='syzkaller\x00', 0x3f}, 0x94)
socket$kcm(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000500000400"/18], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007110000002000000850000000500000095000000000000009500a50500000000b041a92006"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x20, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x70)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e0000003e000511d25a80698c6394090124fc602f6e354016000180000000030000000000002cd65c65c3d7", 0x2c}], 0x1, 0x0, 0x0, 0x39c}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x7, &(0x7f00000000c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x9, 0x5c, &(0x7f00000001c0)=""/92, 0x40f00, 0x80, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000009c0)={0x0, 0x3, 0x8, 0x4}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000ac0)=[{0x5, 0x5, 0xa, 0x5}, {0x0, 0x1, 0x4, 0xa}, {0x5, 0x3, 0x7, 0x9}, {0x2, 0x3, 0x10, 0xc}, {0x4, 0x2, 0xc, 0x2}, {0x0, 0x5, 0x0, 0x8}], 0x10, 0x8}, 0x94)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188041f56ecdb4cb9cca7480ef432000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x20000000)

269.143081ms ago: executing program 0 (id=5388):
perf_event_open(&(0x7f0000000380)={0x1, 0x80, 0x0, 0x16, 0x2, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0xca, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x2, 0x922000000001, 0x106)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000001000)='ns/pid_for_children\x00')
syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/cgroup\x00')
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0xfffffffc, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x2, 0x1000000000000002, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/uts\x00')
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000200)=ANY=[@ANYRES8=r1, @ANYRES8=r5], 0x12)

268.896221ms ago: executing program 3 (id=5389):
close(0x3)
socket$kcm(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100c, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
socket$kcm(0x10, 0x2, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})

166.688674ms ago: executing program 2 (id=5390):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x20702, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x20040810}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r2 = perf_event_open(&(0x7f0000000500)={0x3, 0x80, 0x28, 0x1, 0x0, 0x4, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)="cb423a11b33192d673ba4c831a9adca48ca7", &(0x7f0000000640), 0x1003, r4}, 0x38)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r4}, 0x38)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000500)=""/16, 0x46, 0x10, 0x1}, 0x28)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
close(0x3)

88.308687ms ago: executing program 1 (id=5391):
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606, 0x3ff, 0xfffffffd, 0x0, 0x5, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x7400}, 0x4050)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00', 0x20})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x84, 0x83, &(0x7f0000000000)=r4, 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f9, &(0x7f0000000080))
r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
socket$kcm(0x2c, 0x3, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0)=r8, 0x4)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x4000}, 0x0, 0xffffffffffffffff, r7, 0x0)
r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x2, 0x0, 0x40000004, 0xa021, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x82, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close(0x3)
r10 = socket$kcm(0x10, 0x3, 0x10)
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000100)=r9, 0x4)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x0, 0x10000, 0x0, 0x5, 0x9, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2a1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$kcm(0x11, 0x2, 0x0)

88.011307ms ago: executing program 3 (id=5392):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d00"], 0x0, 0x34}, 0x28)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x1512b, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x1, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x20, &(0x7f0000000680)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d0802010000000500f0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x20004800)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x0, 0x3ff78000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_config_ext={0x8, 0x92}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0100000004000000060000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000640), &(0x7f0000000680)=r2}, 0x20)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x2, &(0x7f0000000000)=@raw=[@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x16}], &(0x7f00000000c0)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x41100, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000b00)={0x213d}, 0x8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000180)=r8, 0x4)
sendmsg$inet(r10, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
sendmsg(r10, &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000075c0)=ANY=[@ANYBLOB="1010000000000000000000000100000091b37bd10cc95e9c128ca28686bd1ac17bfc95f84b88c12671395f2a3fa4e9aef09d520f0ff86e19e1e1255826bb013e9a98531d036a32689e880c8e6e7488f8469632a5d80b726f7200e462680753cdb0824725972f97b3f7fd22aa30e5c3824e703de71d63851e129ca0e9381f37ed14c68a6d806feca0de5f33116813c20c65df9ad1c22258c419b2ea0e0bd05a237349e33ac392ed2bb990df8f637733720e700d490bcee0bebfbeb48578875ee8cfc1cf3f9f45d51f92029f82b83eaf8dc8b9f202722abf44740907798314c31d5e24027b592c1714ad308b2f1a3dab336d4493516422fe2f03c9f1d5e49f5dcc4c87c84c9e50c27cf5e6378b52a75a362ac7c9009295e408d704f711dac8d10d4b77d11e6e31a01701b6ea68ab75485d28b27ff1bb5d2cbc13fdbb27fbb75a4992c8e56f88b2c4aaeca9ea5c0ad728bb3d35f77cdc9528402760e258dffe189dba93bcb4cf68d38e049a053427c36d1460937b9ec51d3e724dad361809d80cb82d14d8a9462d6a5ad96b90b9480e035e2099a53a16f3804e27fceefa0414b9d217719f246453b58b71d838d21c187960f872833681042516d6d6f316745502bd9e7131263411b65f2c687ce498fc010e39ec89a8efe74b1025f77c8bc45bb00a9f8ad57af285f6a06ec168fb0ff3f4f22e7e22d840464e7f917714cb7008e176d56ccd19929389fe258f357df36cb9e1211f760fc0e878013e8a7ba93325cc031b759a97b5c322ea61479bf5bb27b9b14cac2b3b2f9e341810b49ca218cd6692065bf096d0e793445704566a4d36ce28a7b3a946d3796ebaf5f025c75e6e9c81eaaef5fe6b3c627f324ac7f5410f47aa513564c87d2e04e61aa7218bf24184e810f68bc7268744b0abacd775bcf287fc558023e7a1b5474b3bffc3b775494d9df774b6a9a4485b1ed6348a5c6e8d0cff694a167730d6c2278b553aa1d96fe62ae240971b6619b81d14f88024fc38d7502ddb594e8aba30c9fccd51b404cfea16d5c4590917db8829705909e49f876816ea395c989d4a490f5358cf73cb6917683c11b9e56a2d71070f71077843a47befe6e3b6d8e7735249bcda15ad05515589a2f15e155496080b03de0d33e8e3b395bc0e780cc1740797f468c11f0a7e4518d64f28846847b3e1499ce3b6dfc300d3d79aac55b9ce16970d49d93a09ab021baf6f00489796f564a02c7c786fb8a4c748b4af88934f453a842a5ba1be131c92212353d2fa1e45059c050fcd013a9fad9b8fe74724534357ad67d4d22d163c19c53af0ac99665f33f4265bce8f9d058ad3eef0923fcc88837fb98c695b872bc69325ffe6df0364c7c291896165478347bd5ede5d38a48c05ca4a118afc08f0056506859f7cf41509348d8699c3082e0baf7bfe70fd982ab0265e530ef958598087895ec1eb53d6bae78c2aec8c45c90fdbbf483bea904448de02887cce45611a601809eaea9ed27fb139beadaa06608f752c994dfda0a72d038069d18f99ee522091886a91b81576585d63d013ff707397f92768cbb7c645595e6854bfc13ad640a4b33ee943cc3c2742c7cca7c38d2433257ec031109734ee1cd6b09e3bbbc03de24b654bb63aa681202017c977c4683f4c5f82712f3756ba38a8289a68cca5088c26b82fb8979b5c03d12208fc3fe3cc6f80c325082055241aeeba3c2b1ff039c9ed5ccfa14cbbcd47afce79a2317dfcf7ee7d14e3ea7f6ee41c7ba3e930943d492504e47c5538b2a1bfcd7d8305458689ee2755c43f5009f844fbe310a6257f6624a3b858b701e4b0bbc29c0658c2ca9e008f98ae7b620f222d045b726fac5073daaf54a2ad58415e2684b4a6968ff5b96793a51a67cf4c03eec37d941c3553ce36b12986ca17860c650858f7afd88c7d2a25b4dbc769cf28d02f392a68ac8550df92963dbed6b660d7abf93bb021b9f67d9bb13b8c89163cf0cc1efc4c3015993bd357391b9b12fc4fbe9451d177ceb5ef0dd9534e2e0f423f2a950f909bb867d1c8ca251181f29dee88ec9a3ca440b4e1df86454fa4e5353edbcd0b18ee52ccb718591b6cc182a1935e72e1f367a4e95281ac15dcd0e529e86ee1953552a04fcae99b59e986847db11eb64297cb2425904a5728d4029f8674ede4b99dca807635888db4f7347765c7d399e89b7a1470f9647041dc37ba71191649c7cdece8ca84e093fd753df39983934cdfb92d0a2ed01254e0a778a252e9238da5acfc957b58e388ba249c5cd29cb1cbab9fccb1523e334a5336f076da1b5e61b2773761eb3e16788b95aff5f9145c74033a436bce8cc922db859cd93fdda6f15b551039c3e1673984ba3ec2d5ea9ad27e8cc25cafe63974ff661e1b7ccede5782a4f109561f81c5efc9a68b7312532a06832794dfcf9c7f916a6adf5af2ad4926707d49f3f3ca23538277e7ac02e69e5b2f5314d18de828f14f5bdd5852319a2ea1304aef4e9e37e7bc5df00540b2e5a6fe759f00d23c18d2afa3be2ca64b8683e89f584bddbf02efc4300671a87de9239c693a013a5a90ae0a1c4f651f03ffb8d8d44302ccc906bcfda97e6a3f93b97b44c9e3d64798c47d7de4211015277c7c74f7763033b58fa918591a621f67a792eb328584a2ada7c70b2d95a0cd80c271d11e32d5f5f78c01541ba1319cb764ba7442d5627ad7c4f3eda5d123fe6fcee4af8ab6467de06bd033c6fb00c3924d88ea4bcaa1578782a1540642b098672eefb4df9192610fbf3f17ed2b808527d6065a306e347cd45c8d5898ce5ca24c7d92b30977747166d93e6721cbb706ebe9f9472a74c68fa406afdd99b3d77820e3eb8b45ec50a5e521438c62582d16e6836ba670e53afd28f28615cba03030d6c17541b6dc70c89c612953a241adb592e6c3272854392b64055293a966454c76890112ef36f1199476fd6f8cbee2c492e4f2207cbd968379dee28de3d366d82128efcde518aebfe2f1ad030161d32ecb6a1448991d067a8bde64acb8e08e4f0421445d6ca9ba0c30629ffc82935c7366685debe68f2b3a653968380f8cba47e57e32a65d0c59420dd43a31e03e55b64b4f8811b9b88759d1c11348d618e5245037f98480c62385df42a63eb0d8df626413cebb6531d0c6ab63f6308dc746dee7d94d3dbc1bad4af55ff13c4e92e3b9174fb7d61fd7033d94415fda4160a85ef8473e0a81ee562ec829c0ee9f6e9d724b9f6fade8f5d38919e48862a7df260c6e68275cafc604bbc317bc2ca13fb3845bdc459dd695ac0c482dcb9433fd345bfeb85740701c47044eb888c97b55682bead1b95426c0c4da4185c5594de410145ec186225a6c0b35bb609a407ee81319bec727646de6eaead8b4a151c22e081eb54e52b4a0e4fac67c7aa295b229890c3927beae976de3159dde6dbc4be8b360731e40312fe95cf440213612b679cc4d0160c3fb8a3353f1068a511e53f0547c33c7c37f87e9ec3ce87ada6d6239384ccbe3232b090469d02da74dd4d351a65f24d6e5eded3b26c752adb711d1be63fd43a24e90131e96840fe94c970e71915388fbfe418c6554e4a9647525d642233aab803189d42246ddb16a7dc731500705a03a544e3e7b56e34959fb768d27644de375c358cbe343d917507055fbfee2ff01ed8f4e144a0712e68695ed5feb032044f70082b437abec0afe95217d53ce890ed55cfe417666a9fc851128b17bfbf797c967f607a46a3427417666e0af19eadb3408dd40ddae874b0107439370e39a0578767b08da0f5fcccf0e4bfbf776ff953b39ade48987778b9a4df97b2eac4645653ebdefc66cd5d322ae19e51d52ed76f02ea91439f335e3b48e5380261f20e6470f5c9c8e64781b4d26934df1893c6d10408fd5c4119933cca4cf672fc40cc781c2cc7c19758c01bbe5c79e8c06497c7648ab9c6c61a359491a2cd56328dca2100db8fa13be25a6bcad4b3ebb667472a405b250f7a7261f57a82da010b26c196ef5ba800e4101463f89893dd4064c2631b37f74782e3938098cbee8dfb7f94fb8c3ae2518879b544561d64d0849fc67830181700a667416cbec358f1ac519287d8345f314007f8e85e7b907d787695fbf2517bd0c5f2d4be46e18a6933374c620d1de73eceaf7b417963b41c7cbe2525cb9e69850de5d17549889a1642261d14e90606ea963c8fd51f39bde8b420a07cb87a929fbfb28366e622c02f93711b49d559c8fff23cbea840550828844d46e39fcb0419755e0f2bde2d9bdd7fdc2642bbed8fcb8daae77a189f0b81b8f372b08b3f1b5d80eb5ae37cd9c416ada08aa4071d3def05d672eab686d1d2ae05ca4668f95a2e750a79f812a10857708325795d00fb7b9c8d4cd6c2c7b7e466fd642fe5ce3f5a7d693aefe515a47a1d24aee74c1c69e0afd3d2284a09b307a323ff54ef9501479fd3100c96a37197143f47c990cd5a4b6e717de93921d85972066547dccc1c04af749d98afb75e16b246ade2317f0fb01e5777dbc396a1688933462566ee6287affd07d4904f52644e710d953de6d1e433de95bac7515dd6fed31372e4dd1d7d4535f4e0f79a416da82d9d36ec28f4e932f2369acd543db1ce31245bd7b96793e866fcdf2c898c066234a4de5b5048a50f721af0009ded033d793fd9ed9a36183306649c59a041e6461d49d6ac5a2b822aee1d85c51b3ba935850f8d9e9860cd126401cbcffe9943c4ac7a3b4c32c24065f6cf4c51477010eb376429824a5d4c853fba1723c93ab4353365804cbd8fd6b33d74e94c5f0e64eea4ec036205e32ffae56873db176fe5956d5500206f464d29ea4eead15a9f380e6b699824b5dcd4cdc076f87c1322e380339d549374ccf014b3e8862133849e8b74b9b92a38c69293a1d800a7b2249ce82e2ec260594ffb0165415de2052fe6f404f93dbd54e7784b853b448e20530a28816aeba7341e6d754e1e435c8807c9e43e299f9857f9caec17b07d7c57bd70f91aa32179bee8364353a87632d09608c4876a607cc4d5568ad0e75488aab42f394a8e18dfe474cc44c2eb83d617990616e68a02514ef9db34ae5033b8954acf1a40cee4e757985309d10c5220d8272d911b9009f6404c479e7512ad79fd14fffd018a20170215eae77ca9c2b62f4af3b7b7f3f0bf680b10b21e10f1c31065bc056948e320afe4f9067dc02f0abcfa0deb5fb3be098a9dbb5793e2518bd9a20fcb23e4b699102169521aa749b0240789d0f4538312d2df4a595fa3cdabc5bd91c32a6c05d58419666665ca221a5ac9c7b0e7731e677190dfce1161e801639c34164bde89fb179055f9b97e74666679c5009dd937b7b338bdd202d6ce0aba9eca1092205b1ea818181253e374142db046b43f400a1fdc4698234b3848b59534e489c22c98474ea91935109bbeb5d671a3025cbd62f5fd51ca0249a3d32e27753133a42d762b46283cdd7b392257e65719003eac969e4eeb70b9f6a028ebbcde895235f9eb6a4ee55bb9b965233b66f042692ceb67ba4d2a58f15c09037308158101018e904aeaea25fedfa3e60cfec9ab3104f6d78b816d075d1839901d93f0ceba559afff0cbcaf3a216e043a90bfa8d472f5d6700e65ca6991c31db02fae84cbd4674a030a2a99277ce48f01cba2aac46af3dde0bb8a4145bded995497a305f3505e7a38dbdbecaca1d0c3342a0ab9a9f7fd4033fc7ec6e2670a1ea978949fa08adf27cac74a35d71ca98f8018f592a4eca5b4a83d53aabb9fa648b3638baa864d301b0635fd757fd74a91a4dd57c38f972ffd9ed3ec6e49e705519df08e0aa346d4854a7045ac101000"], 0x2020}, 0x20040000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r12 = openat$cgroup_subtree(r11, &(0x7f0000000200), 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r3, 0xc008240a, &(0x7f00000005c0)={0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
write$cgroup_subtree(r12, &(0x7f0000000700)={[{0x2b, 'cpu'}, {0x2d, 'io'}, {0x2b, 'pids'}]}, 0xf)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)

42.708728ms ago: executing program 2 (id=5393):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d80000001a0081044e81f782db4cb9041c1d0800fe007c05e8fe55a1280001000002020000000000080005007a010401a80016002000034004020000035c0461c900004f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee501534eedba07d6e239b7a1ca16854695d1f79064485e75106300fa125f3d4ece1a0fa80983a3f1fdb3fefe626503fd22d1cc58463d0346a61fde641561ee9c811dc0c1cd706ff2f41398d8e7369039e7ff837d3150d78569e4243b96f7e5080199891344de62a210156a7b0a", 0xd8}], 0x1}, 0x20014000)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x8, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_config_ext={0xffffffffffffff7f}, 0x111311, 0x1, 0x0, 0x1, 0x20000, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x1}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xffffff7f, 0x0, 0x1}, 0x50)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0x4, &(0x7f0000000380)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x39}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
close(r3)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/105, 0x0, &(0x7f0000000580)="bca13f58108937270789108abef62fc69699d33b5b5ef0def2fb77dbb117902c28122e2f2fb8ac793c47db676efd92aeacef4f223cdb490d7eaa0860b0", 0x7, r3, 0x4}, 0x38)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0xd}, 0x0, 0x80000, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100e000000103600e12080005007a010401a8001600200003400400", 0x3a}], 0x1}, 0x4000000)
r4 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001900599c6d0e00009bd028ef8020ab0700040005234538ba55"], 0xfe33)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000500000003000000010000fd020000000501040000000080050000004d3655070000000000000f01000000b500612e6100d2fd08c3499d6c4e74f01d4e21082b1abb5ea8a506d5d6531d9d5707184c896c7bf8fdbc45"], 0x0, 0x45, 0x0, 0x1, 0x5}, 0x28)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x2000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r5)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)

0s ago: executing program 0 (id=5394):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r3}, &(0x7f0000000080), &(0x7f0000000780)}, 0x20)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000180)=r5)
write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd)

kernel console output (not intermixed with test programs):

_lookup_down+0x130/0x130
[ 1114.903044][T20557]  path_openat+0x293/0x3230
[ 1114.907577][T20557]  ? do_sys_openat2+0xda/0x1d0
[ 1114.912340][T20557]  ? verify_lock_unused+0x140/0x140
[ 1114.917536][T20557]  ? do_filp_open+0x430/0x430
[ 1114.922301][T20557]  ? __virt_addr_valid+0x18c/0x540
[ 1114.927418][T20557]  do_filp_open+0x1f5/0x430
[ 1114.931918][T20557]  ? vfs_tmpfile+0x490/0x490
[ 1114.936510][T20557]  ? noop_direct_IO+0x20/0x20
[ 1114.941188][T20557]  ? _raw_spin_unlock+0x28/0x40
[ 1114.946057][T20557]  ? alloc_fd+0x58f/0x630
[ 1114.950388][T20557]  do_sys_openat2+0x134/0x1d0
[ 1114.955060][T20557]  ? do_sys_open+0xe0/0xe0
[ 1114.959479][T20557]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1114.965458][T20557]  ? lock_chain_count+0x20/0x20
[ 1114.970313][T20557]  __x64_sys_openat+0x139/0x160
[ 1114.975165][T20557]  do_syscall_64+0x55/0xb0
[ 1114.979579][T20557]  ? clear_bhb_loop+0x40/0x90
[ 1114.984248][T20557]  ? clear_bhb_loop+0x40/0x90
[ 1114.988917][T20557]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1114.994895][T20557] RIP: 0033:0x7f95f3d5d68e
[ 1114.999302][T20557] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1115.018899][T20557] RSP: 002b:00007f95f4cc9ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1115.027311][T20557] RAX: ffffffffffffffda RBX: 00007f95f4cca6c0 RCX: 00007f95f3d5d68e
[ 1115.035275][T20557] RDX: 0000000000000002 RSI: 00007f95f4cc9f90 RDI: ffffffffffffff9c
[ 1115.043240][T20557] RBP: 00007f95f4cca090 R08: 0000000000000000 R09: 0000000000000000
[ 1115.051214][T20557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1115.059176][T20557] R13: 00007f95f4016038 R14: 00007f95f4015fa0 R15: 00007ffd990c4eb8
[ 1115.067161][T20557]  </TASK>
[ 1115.099031][T20565] netlink: 'syz.3.4720': attribute type 10 has an invalid length.
[ 1115.163054][T20565] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4720'.
[ 1115.958863][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.975591][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.591979][T20587] netlink: 'syz.3.4727': attribute type 33 has an invalid length.
[ 1116.610557][T20587] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4727'.
[ 1116.637592][T20587] `: renamed from syz_tun (while UP)
[ 1116.671882][T20587] FAULT_INJECTION: forcing a failure.
[ 1116.671882][T20587] name failslab, interval 1, probability 0, space 0, times 0
[ 1116.693836][T20587] CPU: 1 PID: 20587 Comm: syz.3.4727 Not tainted syzkaller #0
[ 1116.701356][T20587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1116.711447][T20587] Call Trace:
[ 1116.714765][T20587]  <TASK>
[ 1116.717732][T20587]  dump_stack_lvl+0x18c/0x250
[ 1116.722466][T20587]  ? show_regs_print_info+0x20/0x20
[ 1116.727695][T20587]  ? load_image+0x420/0x420
[ 1116.732249][T20587]  ? __might_sleep+0xe0/0xe0
[ 1116.736893][T20587]  ? __lock_acquire+0x7d40/0x7d40
[ 1116.741983][T20587]  should_fail_ex+0x39d/0x4d0
[ 1116.746820][T20587]  should_failslab+0x9/0x20
[ 1116.751389][T20587]  slab_pre_alloc_hook+0x59/0x310
[ 1116.756489][T20587]  ? kernfs_rename_ns+0x3b1/0x810
[ 1116.761574][T20587]  ? kernfs_rename_ns+0x3b1/0x810
[ 1116.766649][T20587]  __kmem_cache_alloc_node+0x53/0x250
[ 1116.772093][T20587]  ? kernfs_rename_ns+0x3b1/0x810
[ 1116.777168][T20587]  __kmalloc_node_track_caller+0xa2/0x230
[ 1116.782956][T20587]  kstrdup+0x3b/0x80
[ 1116.786912][T20587]  kernfs_rename_ns+0x3b1/0x810
[ 1116.791839][T20587]  sysfs_rename_link_ns+0x175/0x1b0
[ 1116.797100][T20587]  device_rename+0x110/0x1e0
[ 1116.801757][T20587]  dev_change_name+0x307/0x8c0
[ 1116.806586][T20587]  ? irq_work_queue+0xbc/0x140
[ 1116.811418][T20587]  ? vprintk_emit+0x53d/0x610
[ 1116.816152][T20587]  ? dev_alloc_name+0x1d0/0x1d0
[ 1116.821055][T20587]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1116.827022][T20587]  ? nla_strscpy+0x109/0x160
[ 1116.831678][T20587]  do_setlink+0x9fc/0x4130
[ 1116.836143][T20587]  ? arch_stack_walk+0x160/0x190
[ 1116.841141][T20587]  ? load_image+0x420/0x420
[ 1116.845699][T20587]  ? nlmsg_parse_deprecated_strict+0x110/0x110
[ 1116.851900][T20587]  ? rcu_is_watching+0x15/0xb0
[ 1116.856710][T20587]  ? do_trace_netlink_extack+0x7e/0x1a0
[ 1116.862307][T20587]  ? __nla_validate_parse+0x262c/0x2ea0
[ 1116.867971][T20587]  ? __nla_validate+0x50/0x50
[ 1116.872785][T20587]  ? validate_linkmsg+0x719/0x910
[ 1116.877844][T20587]  rtnl_newlink+0x17da/0x20a0
[ 1116.882597][T20587]  ? rtnl_newlink+0x511/0x20a0
[ 1116.887448][T20587]  ? rtnl_setlink+0x4e0/0x4e0
[ 1116.892150][T20587]  ? trace_raw_output_contention_end+0xd0/0xd0
[ 1116.898345][T20587]  ? rcu_is_watching+0x15/0xb0
[ 1116.903165][T20587]  ? trace_contention_end+0x39/0xe0
[ 1116.908413][T20587]  ? __mutex_lock+0x315/0xcc0
[ 1116.913219][T20587]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1116.918386][T20587]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1116.923540][T20587]  ? rtnl_setlink+0x4e0/0x4e0
[ 1116.928266][T20587]  rtnetlink_rcv_msg+0x869/0xfa0
[ 1116.933284][T20587]  ? rtnetlink_bind+0x80/0x80
[ 1116.938019][T20587]  ? trace_call_bpf+0xc3/0x6c0
[ 1116.942867][T20587]  ? trace_call_bpf+0xc3/0x6c0
[ 1116.947689][T20587]  ? __lock_acquire+0x7d40/0x7d40
[ 1116.952757][T20587]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1116.958205][T20587]  ? trace_call_bpf+0xc3/0x6c0
[ 1116.963019][T20587]  ? trace_call_bpf+0xc3/0x6c0
[ 1116.967834][T20587]  ? trace_call_bpf+0x5e9/0x6c0
[ 1116.972729][T20587]  ? __dev_queue_xmit+0x265/0x3660
[ 1116.977884][T20587]  ? trace_call_bpf+0xc3/0x6c0
[ 1116.982702][T20587]  ? __dev_queue_xmit+0x1b2c/0x3660
[ 1116.988139][T20587]  ? __bpf_trace_bpf_trace_printk+0x100/0x100
[ 1116.994300][T20587]  ? perf_trace_run_bpf_submit+0x125/0x1c0
[ 1117.000167][T20587]  ? perf_trace_lock+0x304/0x3b0
[ 1117.005196][T20587]  netlink_rcv_skb+0x241/0x4d0
[ 1117.010027][T20587]  ? rtnetlink_bind+0x80/0x80
[ 1117.014763][T20587]  ? netlink_ack+0x1180/0x1180
[ 1117.019615][T20587]  ? __lock_acquire+0x7d40/0x7d40
[ 1117.024714][T20587]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1117.029978][T20587]  netlink_unicast+0x751/0x8d0
[ 1117.034834][T20587]  netlink_sendmsg+0x8d0/0xbf0
[ 1117.039622][T20587]  ? perf_trace_lock+0x304/0x3b0
[ 1117.044621][T20587]  ? netlink_getsockopt+0x590/0x590
[ 1117.049887][T20587]  ? aa_sock_msg_perm+0x94/0x150
[ 1117.054882][T20587]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1117.060205][T20587]  ? security_socket_sendmsg+0x80/0xa0
[ 1117.065703][T20587]  ? netlink_getsockopt+0x590/0x590
[ 1117.070955][T20587]  ____sys_sendmsg+0x5ba/0x960
[ 1117.075789][T20587]  ? __asan_memset+0x22/0x40
[ 1117.080692][T20587]  ? __sys_sendmsg_sock+0x30/0x30
[ 1117.085752][T20587]  ? __import_iovec+0x5f2/0x850
[ 1117.090678][T20587]  ? import_iovec+0x73/0xa0
[ 1117.095242][T20587]  ___sys_sendmsg+0x2a6/0x360
[ 1117.099995][T20587]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1117.104883][T20587]  ? __lock_acquire+0x7d40/0x7d40
[ 1117.110051][T20587]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1117.114957][T20587]  ? __x64_sys_sendmsg+0x80/0x80
[ 1117.119999][T20587]  ? lockdep_hardirqs_on+0x98/0x150
[ 1117.125264][T20587]  do_syscall_64+0x55/0xb0
[ 1117.129724][T20587]  ? clear_bhb_loop+0x40/0x90
[ 1117.134436][T20587]  ? clear_bhb_loop+0x40/0x90
[ 1117.139157][T20587]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1117.145224][T20587] RIP: 0033:0x7fb98319ce59
[ 1117.149693][T20587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1117.169781][T20587] RSP: 002b:00007fb984047028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1117.178249][T20587] RAX: ffffffffffffffda RBX: 00007fb983415fa0 RCX: 00007fb98319ce59
[ 1117.186260][T20587] RDX: 0000000004004084 RSI: 0000200000000100 RDI: 0000000000000008
[ 1117.194274][T20587] RBP: 00007fb984047090 R08: 0000000000000000 R09: 0000000000000000
[ 1117.202290][T20587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1117.210301][T20587] R13: 00007fb983416038 R14: 00007fb983415fa0 R15: 00007fffea6eda58
[ 1117.218375][T20587]  </TASK>
[ 1117.266022][T20596] netlink: 'syz.0.4730': attribute type 10 has an invalid length.
[ 1117.280309][T20596] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4730'.
[ 1117.439076][T20600] netlink: 144756 bytes leftover after parsing attributes in process `syz.2.4733'.
[ 1119.012233][T20619] netlink: 21 bytes leftover after parsing attributes in process `syz.1.4739'.
[ 1119.024323][T20619] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[ 1119.193102][T20621] netlink: 'syz.2.4741': attribute type 10 has an invalid length.
[ 1119.595253][T20640] netlink: 'syz.1.4745': attribute type 10 has an invalid length.
[ 1119.629982][T20640] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4745'.
[ 1120.750418][T20660] FAULT_INJECTION: forcing a failure.
[ 1120.750418][T20660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1120.783680][T20660] CPU: 1 PID: 20660 Comm: syz.2.4752 Not tainted syzkaller #0
[ 1120.791201][T20660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1120.801273][T20660] Call Trace:
[ 1120.804579][T20660]  <TASK>
[ 1120.807520][T20660]  dump_stack_lvl+0x18c/0x250
[ 1120.812221][T20660]  ? show_regs_print_info+0x20/0x20
[ 1120.817445][T20660]  ? load_image+0x420/0x420
[ 1120.821962][T20660]  ? __lock_acquire+0x7d40/0x7d40
[ 1120.827010][T20660]  should_fail_ex+0x39d/0x4d0
[ 1120.831718][T20660]  _copy_from_user+0x2f/0xe0
[ 1120.836329][T20660]  __copy_msghdr+0x3bb/0x580
[ 1120.840948][T20660]  ___sys_sendmsg+0x214/0x360
[ 1120.845653][T20660]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1120.850544][T20660]  ? seqcount_lockdep_reader_access+0x17b/0x1d0
[ 1120.856822][T20660]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1120.861691][T20660]  ? __x64_sys_sendmsg+0x80/0x80
[ 1120.866665][T20660]  ? lockdep_hardirqs_on+0x98/0x150
[ 1120.871888][T20660]  do_syscall_64+0x55/0xb0
[ 1120.876327][T20660]  ? clear_bhb_loop+0x40/0x90
[ 1120.881018][T20660]  ? clear_bhb_loop+0x40/0x90
[ 1120.885716][T20660]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1120.891629][T20660] RIP: 0033:0x7f95f3d9ce59
[ 1120.896056][T20660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1120.915676][T20660] RSP: 002b:00007f95f4cca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1120.924113][T20660] RAX: ffffffffffffffda RBX: 00007f95f4015fa0 RCX: 00007f95f3d9ce59
[ 1120.932103][T20660] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000007
[ 1120.940087][T20660] RBP: 00007f95f4cca090 R08: 0000000000000000 R09: 0000000000000000
[ 1120.948069][T20660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1120.956054][T20660] R13: 00007f95f4016038 R14: 00007f95f4015fa0 R15: 00007ffd990c4eb8
[ 1120.964050][T20660]  </TASK>
[ 1120.995218][T20664] netlink: 'syz.1.4754': attribute type 1 has an invalid length.
[ 1121.015498][T20664] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.4754'.
[ 1121.988063][T20673] netlink: 'syz.2.4758': attribute type 10 has an invalid length.
[ 1122.092861][T20673] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4758'.
[ 1122.636369][T20695] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4765'.
[ 1122.718658][T20695] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1124.338765][T20717] netlink: 'syz.2.4773': attribute type 10 has an invalid length.
[ 1124.367622][T20717] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4773'.
[ 1124.558689][T20719] netlink: 'syz.1.4774': attribute type 3 has an invalid length.
[ 1124.578716][T20722] FAULT_INJECTION: forcing a failure.
[ 1124.578716][T20722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1124.606237][T20719] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.4774'.
[ 1124.617804][T20722] CPU: 1 PID: 20722 Comm: syz.0.4783 Not tainted syzkaller #0
[ 1124.625293][T20722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1124.635359][T20722] Call Trace:
[ 1124.638659][T20722]  <TASK>
[ 1124.641605][T20722]  dump_stack_lvl+0x18c/0x250
[ 1124.646307][T20722]  ? show_regs_print_info+0x20/0x20
[ 1124.651526][T20722]  ? load_image+0x420/0x420
[ 1124.656045][T20722]  ? __might_fault+0xaa/0x120
[ 1124.660736][T20722]  should_fail_ex+0x39d/0x4d0
[ 1124.665446][T20722]  copyin+0x1a/0x90
[ 1124.669277][T20722]  _copy_from_iter+0x404/0x12e0
[ 1124.674141][T20722]  ? slab_post_alloc_hook+0x8a/0x4b0
[ 1124.679435][T20722]  ? __virt_addr_valid+0x18c/0x540
[ 1124.684819][T20722]  ? __lock_acquire+0x7d40/0x7d40
[ 1124.689861][T20722]  ? copyout_mc+0x70/0x70
[ 1124.694200][T20722]  ? __virt_addr_valid+0x18c/0x540
[ 1124.699319][T20722]  ? __virt_addr_valid+0x18c/0x540
[ 1124.704440][T20722]  ? __virt_addr_valid+0x469/0x540
[ 1124.709562][T20722]  ? __check_object_size+0x506/0xa20
[ 1124.714861][T20722]  netlink_sendmsg+0x76b/0xbf0
[ 1124.719643][T20722]  ? netlink_getsockopt+0x590/0x590
[ 1124.724848][T20722]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1124.730837][T20722]  ? aa_sock_msg_perm+0x94/0x150
[ 1124.735832][T20722]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1124.741125][T20722]  ? security_socket_sendmsg+0x80/0xa0
[ 1124.746592][T20722]  ? netlink_getsockopt+0x590/0x590
[ 1124.751799][T20722]  ____sys_sendmsg+0x5ba/0x960
[ 1124.756573][T20722]  ? __asan_memset+0x22/0x40
[ 1124.761186][T20722]  ? __sys_sendmsg_sock+0x30/0x30
[ 1124.766230][T20722]  ? __import_iovec+0x3fa/0x850
[ 1124.771108][T20722]  ? import_iovec+0x73/0xa0
[ 1124.775631][T20722]  ___sys_sendmsg+0x2a6/0x360
[ 1124.780327][T20722]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1124.785124][T20722]  ? trace_call_bpf+0xc3/0x6c0
[ 1124.789922][T20722]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1124.794794][T20722]  ? __x64_sys_sendmsg+0x80/0x80
[ 1124.799753][T20722]  ? lockdep_hardirqs_on+0x98/0x150
[ 1124.804967][T20722]  do_syscall_64+0x55/0xb0
[ 1124.809389][T20722]  ? clear_bhb_loop+0x40/0x90
[ 1124.814068][T20722]  ? clear_bhb_loop+0x40/0x90
[ 1124.818747][T20722]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1124.824653][T20722] RIP: 0033:0x7fcfd3d9ce59
[ 1124.829073][T20722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1124.848689][T20722] RSP: 002b:00007fcfd1ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1124.857115][T20722] RAX: ffffffffffffffda RBX: 00007fcfd4015fa0 RCX: 00007fcfd3d9ce59
[ 1124.865167][T20722] RDX: 0000000000040000 RSI: 0000200000000080 RDI: 000000000000000e
[ 1124.873148][T20722] RBP: 00007fcfd1ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1124.881127][T20722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1124.889102][T20722] R13: 00007fcfd4016038 R14: 00007fcfd4015fa0 R15: 00007ffedfc2b518
[ 1124.897095][T20722]  </TASK>
[ 1125.133164][ T5808] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec
[ 1125.697010][T20747] netlink: 'syz.3.4785': attribute type 10 has an invalid length.
[ 1125.718060][T20747] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4785'.
[ 1126.636969][T20758] FAULT_INJECTION: forcing a failure.
[ 1126.636969][T20758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1126.667430][T20758] CPU: 0 PID: 20758 Comm: syz.2.4789 Not tainted syzkaller #0
[ 1126.674926][T20758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1126.684976][T20758] Call Trace:
[ 1126.688246][T20758]  <TASK>
[ 1126.691165][T20758]  dump_stack_lvl+0x18c/0x250
[ 1126.695841][T20758]  ? show_regs_print_info+0x20/0x20
[ 1126.701029][T20758]  ? load_image+0x420/0x420
[ 1126.705529][T20758]  ? __might_fault+0xaa/0x120
[ 1126.710201][T20758]  should_fail_ex+0x39d/0x4d0
[ 1126.714895][T20758]  copyin+0x1a/0x90
[ 1126.718703][T20758]  _copy_from_iter+0x404/0x12e0
[ 1126.723553][T20758]  ? copyin+0x70/0x90
[ 1126.727540][T20758]  ? copyout_mc+0x70/0x70
[ 1126.731871][T20758]  ? copyout_mc+0x70/0x70
[ 1126.736195][T20758]  ? __virt_addr_valid+0x18c/0x540
[ 1126.741320][T20758]  ? page_copy_sane+0x16a/0x270
[ 1126.746180][T20758]  copy_page_from_iter+0x7b/0x100
[ 1126.751201][T20758]  skb_copy_datagram_from_iter+0x2e4/0x6e0
[ 1126.757024][T20758]  packet_sendmsg+0x33ff/0x4c30
[ 1126.761897][T20758]  ? __might_sleep+0xe0/0xe0
[ 1126.766487][T20758]  ? mark_lock+0x94/0x320
[ 1126.770814][T20758]  ? __lock_acquire+0x1273/0x7d40
[ 1126.775851][T20758]  ? verify_lock_unused+0x140/0x140
[ 1126.781047][T20758]  ? aa_sk_perm+0x83c/0x970
[ 1126.785543][T20758]  ? packet_getsockopt+0xad0/0xad0
[ 1126.790648][T20758]  ? tomoyo_path_number_perm+0x6/0x620
[ 1126.796099][T20758]  ? aa_sock_msg_perm+0x94/0x150
[ 1126.801031][T20758]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1126.806308][T20758]  ? security_socket_sendmsg+0x80/0xa0
[ 1126.811757][T20758]  ? packet_getsockopt+0xad0/0xad0
[ 1126.816865][T20758]  ____sys_sendmsg+0x5ba/0x960
[ 1126.821622][T20758]  ? __lock_acquire+0x7d40/0x7d40
[ 1126.826764][T20758]  ? __asan_memset+0x22/0x40
[ 1126.831386][T20758]  ? __sys_sendmsg_sock+0x30/0x30
[ 1126.836414][T20758]  ? __import_iovec+0x3fa/0x850
[ 1126.841281][T20758]  ? import_iovec+0x73/0xa0
[ 1126.845789][T20758]  ___sys_sendmsg+0x2a6/0x360
[ 1126.850462][T20758]  ? get_pid_task+0x20/0x1e0
[ 1126.855049][T20758]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1126.859822][T20758]  ? __lock_acquire+0x7d40/0x7d40
[ 1126.864854][T20758]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1126.869699][T20758]  ? __x64_sys_sendmsg+0x80/0x80
[ 1126.874641][T20758]  ? lockdep_hardirqs_on+0x98/0x150
[ 1126.879926][T20758]  do_syscall_64+0x55/0xb0
[ 1126.884335][T20758]  ? clear_bhb_loop+0x40/0x90
[ 1126.889021][T20758]  ? clear_bhb_loop+0x40/0x90
[ 1126.893689][T20758]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1126.899577][T20758] RIP: 0033:0x7f95f3d9ce59
[ 1126.903985][T20758] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1126.923585][T20758] RSP: 002b:00007f95f4cca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1126.931990][T20758] RAX: ffffffffffffffda RBX: 00007f95f4015fa0 RCX: 00007f95f3d9ce59
[ 1126.939957][T20758] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1126.947919][T20758] RBP: 00007f95f4cca090 R08: 0000000000000000 R09: 0000000000000000
[ 1126.955879][T20758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1126.963838][T20758] R13: 00007f95f4016038 R14: 00007f95f4015fa0 R15: 00007ffd990c4eb8
[ 1126.971810][T20758]  </TASK>
[ 1127.251143][T20769] FAULT_INJECTION: forcing a failure.
[ 1127.251143][T20769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1127.302962][T20769] CPU: 0 PID: 20769 Comm: syz.2.4792 Not tainted syzkaller #0
[ 1127.310487][T20769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1127.320683][T20769] Call Trace:
[ 1127.323977][T20769]  <TASK>
[ 1127.326924][T20769]  dump_stack_lvl+0x18c/0x250
[ 1127.331631][T20769]  ? show_regs_print_info+0x20/0x20
[ 1127.336846][T20769]  ? load_image+0x420/0x420
[ 1127.341366][T20769]  ? __lock_acquire+0x7d40/0x7d40
[ 1127.346411][T20769]  ? snprintf+0xe9/0x140
[ 1127.350680][T20769]  should_fail_ex+0x39d/0x4d0
[ 1127.355383][T20769]  _copy_to_user+0x2f/0xa0
[ 1127.359823][T20769]  simple_read_from_buffer+0xe7/0x150
[ 1127.365221][T20769]  proc_fail_nth_read+0x1e8/0x260
[ 1127.370266][T20769]  ? proc_fault_inject_write+0x360/0x360
[ 1127.375921][T20769]  ? fsnotify_perm+0x271/0x5e0
[ 1127.380694][T20769]  ? proc_fault_inject_write+0x360/0x360
[ 1127.386356][T20769]  vfs_read+0x28b/0x970
[ 1127.390539][T20769]  ? kernel_read+0x1e0/0x1e0
[ 1127.395145][T20769]  ? __fget_files+0x28/0x4b0
[ 1127.399756][T20769]  ? __fget_files+0x28/0x4b0
[ 1127.404367][T20769]  ? __fget_files+0x43d/0x4b0
[ 1127.409080][T20769]  ? __fdget_pos+0x2a3/0x330
[ 1127.413682][T20769]  ? ksys_read+0x75/0x260
[ 1127.418033][T20769]  ksys_read+0x150/0x260
[ 1127.422298][T20769]  ? vfs_write+0x990/0x990
[ 1127.426765][T20769]  ? lockdep_hardirqs_on+0x98/0x150
[ 1127.431993][T20769]  do_syscall_64+0x55/0xb0
[ 1127.436419][T20769]  ? clear_bhb_loop+0x40/0x90
[ 1127.441106][T20769]  ? clear_bhb_loop+0x40/0x90
[ 1127.445798][T20769]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1127.451709][T20769] RIP: 0033:0x7f95f3d5d68e
[ 1127.456139][T20769] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1127.475766][T20769] RSP: 002b:00007f95f4cc9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1127.484196][T20769] RAX: ffffffffffffffda RBX: 00007f95f4cca6c0 RCX: 00007f95f3d5d68e
[ 1127.492179][T20769] RDX: 000000000000000f RSI: 00007f95f4cca0a0 RDI: 0000000000000005
[ 1127.500161][T20769] RBP: 00007f95f4cca090 R08: 0000000000000000 R09: 0000000000000000
[ 1127.508243][T20769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1127.516236][T20769] R13: 00007f95f4016038 R14: 00007f95f4015fa0 R15: 00007ffd990c4eb8
[ 1127.524268][T20769]  </TASK>
[ 1127.575308][T20763] netlink: 'syz.0.4791': attribute type 2 has an invalid length.
[ 1127.600618][T20763] netlink: 'syz.0.4791': attribute type 8 has an invalid length.
[ 1127.608717][T20763] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4791'.
[ 1127.696799][T20773] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.4793'.
[ 1127.723043][T20777] netlink: 'syz.1.4794': attribute type 10 has an invalid length.
[ 1127.735961][T20777] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4794'.
[ 1128.965011][T20802] netlink: 'syz.2.4801': attribute type 1 has an invalid length.
[ 1129.034551][T20802] mac80211_hwsim hwsim29 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1129.088771][T20802] netlink: 'syz.2.4801': attribute type 3 has an invalid length.
[ 1129.115499][T20802] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.4801'.
[ 1129.327497][T20810] netlink: 'syz.0.4805': attribute type 10 has an invalid length.
[ 1129.342911][T20810] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4805'.
[ 1129.374821][T20809] netlink: 'syz.1.4804': attribute type 2 has an invalid length.
[ 1129.413080][T20809] netlink: 'syz.1.4804': attribute type 8 has an invalid length.
[ 1129.421073][T20809] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4804'.
[ 1129.785283][T19423] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1129.795847][T19423] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1129.811410][T19423] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1129.841975][T19423] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1129.864839][T19423] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1129.879540][T19423] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1131.418348][T20233] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.539791][T20233] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.678049][T20233] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.720461][T20840] netlink: 'syz.0.4813': attribute type 10 has an invalid length.
[ 1131.735533][T20840] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4813'.
[ 1131.750917][T20815] chnl_net:caif_netlink_parms(): no params data found
[ 1131.803505][T20233] bond0: (slave netdevsim0): Releasing backup interface
[ 1131.818380][T20233] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.919090][T20843] netlink: 'syz.1.4814': attribute type 1 has an invalid length.
[ 1131.934259][T19423] Bluetooth: hci0: command tx timeout
[ 1131.958769][T20846] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1132.686757][T20843] netlink: 'syz.1.4814': attribute type 3 has an invalid length.
[ 1132.695698][T20843] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.4814'.
[ 1132.793020][T20815] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1132.800160][T20815] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1132.815875][T20815] bridge_slave_0: entered allmulticast mode
[ 1132.823373][T20815] bridge_slave_0: entered promiscuous mode
[ 1132.894494][T20815] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1132.901661][T20815] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1132.929874][T20815] bridge_slave_1: entered allmulticast mode
[ 1132.939661][T20815] bridge_slave_1: entered promiscuous mode
[ 1132.972991][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1133.085338][T20815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1133.119739][T20815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1133.191602][T20872] netlink: 'syz.1.4823': attribute type 10 has an invalid length.
[ 1133.214387][T20872] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4823'.
[ 1133.297959][T20815] team0: Port device team_slave_0 added
[ 1133.328111][T20815] team0: Port device team_slave_1 added
[ 1133.339846][T20880] netlink: 'syz.2.4825': attribute type 1 has an invalid length.
[ 1133.423127][T20815] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1133.452621][T20815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.483127][T20815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1133.768579][T20883] mac80211_hwsim hwsim29 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1133.833242][T20815] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1133.845941][T20815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.872866][T20815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1133.896686][T20885] netlink: 'syz.2.4825': attribute type 3 has an invalid length.
[ 1133.936430][T20885] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.4825'.
[ 1133.962245][T20233] tipc: Left network mode
[ 1134.012897][T19423] Bluetooth: hci0: command tx timeout
[ 1134.329890][T20815] hsr_slave_0: entered promiscuous mode
[ 1134.344698][T20815] hsr_slave_1: entered promiscuous mode
[ 1134.361712][T20815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1134.376920][T20815] Cannot create hsr debugfs directory
[ 1134.578483][T20909] syzkaller0: entered promiscuous mode
[ 1134.585539][T20909] syzkaller0: entered allmulticast mode
[ 1135.935128][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1136.094941][T19423] Bluetooth: hci0: command tx timeout
[ 1136.620556][T20927] netlink: 'syz.1.4833': attribute type 10 has an invalid length.
[ 1136.628495][T20927] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4833'.
[ 1136.903306][T14526] wlan1: Trigger new scan to find an IBSS to join
[ 1137.012176][T20943] netlink: 'syz.0.4836': attribute type 21 has an invalid length.
[ 1137.087731][T20943] netlink: 'syz.0.4836': attribute type 6 has an invalid length.
[ 1137.118246][T20943] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4836'.
[ 1137.597539][T20949] netlink: 'syz.1.4837': attribute type 1 has an invalid length.
[ 1137.629225][T20954] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1137.711897][T20951] netlink: 'syz.1.4837': attribute type 3 has an invalid length.
[ 1137.728831][T20951] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.4837'.
[ 1138.176694][T19423] Bluetooth: hci0: command tx timeout
[ 1138.191926][T20978] netlink: 'syz.1.4842': attribute type 10 has an invalid length.
[ 1138.202591][T20978] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4842'.
[ 1138.298153][T20975] syzkaller0: entered promiscuous mode
[ 1138.313399][T20975] syzkaller0: entered allmulticast mode
[ 1139.933251][ T2925] wlan1: Trigger new scan to find an IBSS to join
[ 1139.939803][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1140.157563][T20984] netlink: 'syz.1.4844': attribute type 1 has an invalid length.
[ 1140.179704][T20985] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1140.196097][T20988] netlink: 'syz.1.4844': attribute type 3 has an invalid length.
[ 1140.209340][T20988] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.4844'.
[ 1140.301097][T20233] hsr_slave_0: left promiscuous mode
[ 1140.308265][T20233] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1140.330983][T20233] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1140.405162][T20233] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1140.413113][T20233] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1141.150500][T20233] bridge0: port 4(team0) entered disabled state
[ 1141.173564][ T2925] wlan1: Creating new IBSS network, BSSID 3e:ec:00:1d:a9:17
[ 1141.192660][T20233] batadv0: left allmulticast mode
[ 1141.198046][T20233] batadv0: left promiscuous mode
[ 1141.224374][T20233] bridge0: port 3(batadv0) entered disabled state
[ 1141.234175][T20233] bridge_slave_1: left allmulticast mode
[ 1141.248941][T20233] bridge_slave_1: left promiscuous mode
[ 1141.259943][T20233] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1141.272095][T20233] bridge_slave_0: left allmulticast mode
[ 1141.277998][T20233] bridge_slave_0: left promiscuous mode
[ 1141.285806][T20233] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1141.315243][T20233] veth1_macvtap: left promiscuous mode
[ 1141.541922][T20233] geneve1 (unregistering): left promiscuous mode
[ 1141.549494][T20233] geneve1 (unregistering): left allmulticast mode
[ 1141.558984][T20233] team0 (unregistering): Port device geneve1 removed
[ 1141.791333][T20233] team_slave_1 (unregistering): left promiscuous mode
[ 1141.798276][T20233] team_slave_1 (unregistering): left allmulticast mode
[ 1141.806380][T20233] team0 (unregistering): Port device team_slave_1 removed
[ 1141.852033][T20233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1141.899539][T20233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1142.223200][T20233] bond0 (unregistering): Released all slaves
[ 1142.322094][T21004] netlink: 'syz.0.4849': attribute type 1 has an invalid length.
[ 1142.342054][T21006] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1142.354138][T21007] netlink: 'syz.0.4849': attribute type 3 has an invalid length.
[ 1142.381390][T21007] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.4849'.
[ 1142.403224][T20815] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1142.435687][T20815] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1142.457750][T20815] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1142.495757][T20815] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1142.704188][T20815] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1142.753378][T20815] 8021q: adding VLAN 0 to HW filter on device team0
[ 1143.113224][T21031] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4854'.
[ 1143.461097][T21031] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4854'.
[ 1143.503534][T21026] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4854'.
[ 1143.550724][T21030] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4854'.
[ 1143.562142][T14526] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1143.569612][T14526] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1143.619199][T14526] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1143.626375][T14526] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1143.824279][T21044] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4856'.
[ 1143.860867][T21046] netlink: 'syz.1.4857': attribute type 10 has an invalid length.
[ 1143.891571][T21046] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4857'.
[ 1143.901213][T21049] netlink: 'syz.0.4856': attribute type 19 has an invalid length.
[ 1143.933994][T14526] wlan1: Trigger new scan to find an IBSS to join
[ 1143.954709][T21044] debugfs: Directory '!!ô!' with parent 'ieee80211' already present!
[ 1144.285772][T21060] netlink: 'syz.1.4859': attribute type 1 has an invalid length.
[ 1144.332138][T21063] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1144.409426][T21060] netlink: 'syz.1.4859': attribute type 3 has an invalid length.
[ 1144.428179][T14526] .3ãc¤±: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1144.464179][T21060] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.4859'.
[ 1144.596951][T20815] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1144.726351][T20815] veth0_vlan: entered promiscuous mode
[ 1144.782035][T20815] veth1_vlan: entered promiscuous mode
[ 1144.847337][T20815] veth0_macvtap: entered promiscuous mode
[ 1144.858732][T20815] veth1_macvtap: entered promiscuous mode
[ 1144.892295][T20815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1144.952446][T20815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1144.971550][T20815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1144.985609][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1144.999725][T20815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.022761][T20815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1145.037291][T20815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.057099][T20815] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1145.072493][T21085] netlink: 'syz.0.4861': attribute type 1 has an invalid length.
[ 1145.119497][T20815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.136738][T20815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.155887][T20815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.176760][T20815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.190979][T20815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.206453][T20815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.218089][T20815] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1145.498399][T21085] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1145.543725][T21091] netlink: 'syz.0.4861': attribute type 3 has an invalid length.
[ 1145.554917][T21091] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.4861'.
[ 1145.626936][T20815] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.640129][T20815] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.651541][T20815] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.666660][T20815] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.980071][T20232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1146.022482][T20232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1146.064221][ T2943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1146.089099][ T2943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1146.261749][T21117] netlink: 'syz.1.4866': attribute type 10 has an invalid length.
[ 1146.292745][T21117] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4866'.
[ 1146.588019][T21120] delete_channel: no stack
[ 1146.651552][T21124] netlink: 'syz.3.4802': attribute type 3 has an invalid length.
[ 1146.712872][T21124] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.4802'.
[ 1146.826746][T21127] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!'
[ 1146.863371][T21127] CPU: 0 PID: 21127 Comm: syz.1.4869 Not tainted syzkaller #0
[ 1146.870885][T21127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1146.880960][T21127] Call Trace:
[ 1146.884256][T21127]  <TASK>
[ 1146.887199][T21127]  dump_stack_lvl+0x18c/0x250
[ 1146.891911][T21127]  ? show_regs_print_info+0x20/0x20
[ 1146.897141][T21127]  ? load_image+0x420/0x420
[ 1146.901682][T21127]  sysfs_warn_dup+0x8e/0xa0
[ 1146.906211][T21127]  sysfs_do_create_link_sd+0xc0/0x110
[ 1146.911608][T21127]  device_add_class_symlinks+0x1cf/0x240
[ 1146.917276][T21127]  device_add+0x507/0xc50
[ 1146.921645][T21127]  wiphy_register+0x1dad/0x2ae0
[ 1146.926548][T21127]  ? cfg80211_event_work+0x40/0x40
[ 1146.931679][T21127]  ? minstrel_ht_alloc+0x88a/0x990
[ 1146.936876][T21127]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[ 1146.943003][T21127]  ieee80211_register_hw+0x3464/0x4250
[ 1146.948479][T21127]  ? ieee80211_tasklet_handler+0x20/0x20
[ 1146.954113][T21127]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1146.960008][T21127]  ? __debug_object_init+0xec/0x450
[ 1146.965213][T21127]  ? __asan_memset+0x22/0x40
[ 1146.969801][T21127]  ? __hrtimer_init+0x186/0x270
[ 1146.974658][T21127]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[ 1146.980486][T21127]  ? mac80211_hwsim_free+0x220/0x220
[ 1146.985769][T21127]  ? rcu_is_watching+0x15/0xb0
[ 1146.990535][T21127]  ? kstrndup+0xbd/0x140
[ 1146.994788][T21127]  hwsim_new_radio_nl+0xdc9/0x1a90
[ 1146.999908][T21127]  ? __nla_validate+0x50/0x50
[ 1147.004591][T21127]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[ 1147.011009][T21127]  ? __nla_parse+0x24/0x50
[ 1147.015427][T21127]  ? __nla_parse+0x40/0x50
[ 1147.019841][T21127]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[ 1147.026174][T21127]  genl_family_rcv_msg_doit+0x211/0x310
[ 1147.031729][T21127]  ? end_current_label_crit_section+0x170/0x170
[ 1147.037972][T21127]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[ 1147.043871][T21127]  ? bpf_lsm_capable+0x9/0x10
[ 1147.048549][T21127]  ? security_capable+0x89/0xb0
[ 1147.053407][T21127]  genl_rcv_msg+0x619/0x7a0
[ 1147.057915][T21127]  ? genl_bind+0x360/0x360
[ 1147.062332][T21127]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[ 1147.068660][T21127]  ? perf_trace_run_bpf_submit+0x125/0x1c0
[ 1147.074476][T21127]  netlink_rcv_skb+0x241/0x4d0
[ 1147.079239][T21127]  ? genl_bind+0x360/0x360
[ 1147.083654][T21127]  ? netlink_ack+0x1180/0x1180
[ 1147.088430][T21127]  ? down_read+0x1ac/0x2e0
[ 1147.092850][T21127]  genl_rcv+0x28/0x40
[ 1147.096829][T21127]  netlink_unicast+0x751/0x8d0
[ 1147.101599][T21127]  netlink_sendmsg+0x8d0/0xbf0
[ 1147.106360][T21127]  ? perf_trace_run_bpf_submit+0x125/0x1c0
[ 1147.112167][T21127]  ? netlink_getsockopt+0x590/0x590
[ 1147.117360][T21127]  ? perf_trace_preemptirq_template+0xac/0x330
[ 1147.123519][T21127]  ? aa_sock_msg_perm+0x94/0x150
[ 1147.128457][T21127]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1147.133740][T21127]  ? security_socket_sendmsg+0x80/0xa0
[ 1147.139207][T21127]  ? netlink_getsockopt+0x590/0x590
[ 1147.144439][T21127]  ____sys_sendmsg+0x5ba/0x960
[ 1147.149210][T21127]  ? __asan_memset+0x22/0x40
[ 1147.153803][T21127]  ? __sys_sendmsg_sock+0x30/0x30
[ 1147.158824][T21127]  ? __import_iovec+0x5f2/0x850
[ 1147.163680][T21127]  ? import_iovec+0x73/0xa0
[ 1147.168528][T21127]  ___sys_sendmsg+0x2a6/0x360
[ 1147.173208][T21127]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1147.178012][T21127]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1147.182863][T21127]  ? __x64_sys_sendmsg+0x80/0x80
[ 1147.187812][T21127]  ? syscall_enter_from_user_mode+0x2e/0x80
[ 1147.193717][T21127]  do_syscall_64+0x55/0xb0
[ 1147.198139][T21127]  ? clear_bhb_loop+0x40/0x90
[ 1147.202813][T21127]  ? clear_bhb_loop+0x40/0x90
[ 1147.207485][T21127]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1147.213551][T21127] RIP: 0033:0x7f1d9d79ce59
[ 1147.217963][T21127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1147.237573][T21127] RSP: 002b:00007f1d9e58c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1147.245991][T21127] RAX: ffffffffffffffda RBX: 00007f1d9da15fa0 RCX: 00007f1d9d79ce59
[ 1147.253958][T21127] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[ 1147.261922][T21127] RBP: 00007f1d9d832e6f R08: 0000000000000000 R09: 0000000000000000
[ 1147.269890][T21127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1147.277854][T21127] R13: 00007f1d9da16038 R14: 00007f1d9da15fa0 R15: 00007ffe5ff96118
[ 1147.285835][T21127]  </TASK>
[ 1147.393082][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1147.558174][T21139] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1147.573044][T21138] netlink: 'syz.0.4870': attribute type 3 has an invalid length.
[ 1147.864160][ T5772] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1147.892166][ T5772] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1147.928673][ T5772] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1148.027993][ T5772] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1148.083487][ T5772] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1148.112494][ T5772] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1148.682518][T21161] __nla_validate_parse: 2 callbacks suppressed
[ 1148.682536][T21161] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.4874'.
[ 1148.725968][T21162] netlink: 'syz.3.4873': attribute type 1 has an invalid length.
[ 1148.801684][T21162] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1148.869323][T14526] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.909936][T21166] netlink: 'syz.1.4876': attribute type 10 has an invalid length.
[ 1148.917980][T21166] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4876'.
[ 1148.956329][T14526] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.046771][T14526] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.115026][T21173] netlink: 'syz.0.4884': attribute type 10 has an invalid length.
[ 1149.149371][T21173] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4884'.
[ 1149.181928][T14526] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1149.206988][T21147] chnl_net:caif_netlink_parms(): no params data found
[ 1149.271764][T21147] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1149.279620][T21147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1149.286894][T21147] bridge_slave_0: entered allmulticast mode
[ 1149.295130][T21147] bridge_slave_0: entered promiscuous mode
[ 1149.311835][T21147] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1149.321537][T21147] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1149.333118][T21147] bridge_slave_1: entered allmulticast mode
[ 1149.347416][T21147] bridge_slave_1: entered promiscuous mode
[ 1149.399117][T21179] netlink: 'syz.0.4886': attribute type 10 has an invalid length.
[ 1149.408221][T21179] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4886'.
[ 1149.420960][T21147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1149.442379][T21147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1149.545305][T21180] delete_channel: no stack
[ 1149.579862][T21147] team0: Port device team_slave_0 added
[ 1149.626344][T21147] team0: Port device team_slave_1 added
[ 1149.683141][T21186] netlink: 'syz.0.4879': attribute type 1 has an invalid length.
[ 1149.763964][T21147] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1149.776275][T21147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1149.807150][T21147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1149.933683][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1150.173263][T19423] Bluetooth: hci1: command tx timeout
[ 1150.407786][T21186] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1150.434926][T21147] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1150.453184][T21147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1150.505587][T21147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1150.522545][T21189] netlink: 'syz.0.4879': attribute type 3 has an invalid length.
[ 1150.530707][T21189] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.4879'.
[ 1150.578932][T21194] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4882'.
[ 1150.717035][T21197] netlink: 'syz.3.4882': attribute type 19 has an invalid length.
[ 1150.891875][T21194] debugfs: Directory '!!ô!' with parent 'ieee80211' already present!
[ 1150.900828][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1150.975320][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1151.015993][T21147] hsr_slave_0: entered promiscuous mode
[ 1151.029680][T21147] hsr_slave_1: entered promiscuous mode
[ 1151.039396][T21147] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1151.056519][T21147] Cannot create hsr debugfs directory
[ 1151.509431][T21217] syzkaller0: entered promiscuous mode
[ 1151.533124][T21217] syzkaller0: entered allmulticast mode
[ 1151.917936][T20233] wlan1: Creating new IBSS network, BSSID ca:8a:b6:47:90:47
[ 1152.252788][T19423] Bluetooth: hci1: command tx timeout
[ 1152.974040][ T2925] wlan1: Trigger new scan to find an IBSS to join
[ 1153.318408][T21223] netlink: 'syz.1.4888': attribute type 10 has an invalid length.
[ 1153.326923][T21223] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4888'.
[ 1153.466786][T21232] netlink: 'syz.1.4889': attribute type 1 has an invalid length.
[ 1153.661068][T21232] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1153.847151][T21236] delete_channel: no stack
[ 1153.933141][ T2925] wlan1: Trigger new scan to find an IBSS to join
[ 1154.334045][T19423] Bluetooth: hci1: command tx timeout
[ 1154.388011][T21147] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1154.542835][T21147] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1154.571663][T21147] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1154.606193][T21147] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1154.621756][T21261] netlink: 'syz.1.4903': attribute type 1 has an invalid length.
[ 1154.806147][T21264] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1154.917658][T14526] hsr_slave_0: left promiscuous mode
[ 1154.976345][T14526] veth1_macvtap: left promiscuous mode
[ 1154.992901][T14526] veth0_macvtap: left promiscuous mode
[ 1155.350325][T14526] team0 (unregistering): Port device geneve1 removed
[ 1155.649995][T14526] team0 (unregistering): Port device team_slave_1 removed
[ 1155.691887][T14526] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1155.739453][T14526] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1155.933321][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1156.026293][T14526] bond0 (unregistering): Released all slaves
[ 1156.068420][T21271] netlink: 'syz.3.4898': attribute type 10 has an invalid length.
[ 1156.078540][T21271] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4898'.
[ 1156.422786][T19423] Bluetooth: hci1: command tx timeout
[ 1156.447696][T21147] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1156.511446][T21147] 8021q: adding VLAN 0 to HW filter on device team0
[ 1156.590943][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.598168][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1156.624735][   T79] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1156.631941][   T79] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1156.839155][T21147] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1156.904411][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1156.973080][T20232] wlan1: Creating new IBSS network, BSSID b2:ab:a7:58:4c:fb
[ 1157.149991][T21301] netlink: 'syz.0.4909': attribute type 3 has an invalid length.
[ 1157.189997][T21301] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.4909'.
[ 1157.360856][T21310] netlink: 'syz.1.4917': attribute type 10 has an invalid length.
[ 1157.479474][T21310] 8021q: adding VLAN 0 to HW filter on device team0
[ 1157.522552][T21310] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1157.548314][T21313] netlink: 'syz.1.4917': attribute type 10 has an invalid length.
[ 1157.563555][T21313] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4917'.
[ 1157.573794][T21313] team0: entered promiscuous mode
[ 1157.578959][T21313] team_slave_1: entered promiscuous mode
[ 1157.585601][T21313] dummy0: entered promiscuous mode
[ 1157.591107][T21313] geneve1: entered promiscuous mode
[ 1157.597268][T21313] team0: entered allmulticast mode
[ 1157.602519][T21313] team_slave_1: entered allmulticast mode
[ 1157.624479][T21313] dummy0: entered allmulticast mode
[ 1157.629930][T21313] geneve1: entered allmulticast mode
[ 1157.643652][T21313] bond0: (slave team0): Releasing backup interface
[ 1157.659465][T21313] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1157.678720][T21316] netlink: 'syz.0.4911': attribute type 10 has an invalid length.
[ 1157.705311][T21316] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4911'.
[ 1157.717556][T21317] netlink: 'syz.3.4910': attribute type 1 has an invalid length.
[ 1157.794074][T21318] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1157.813462][T21322] netlink: 'syz.3.4910': attribute type 3 has an invalid length.
[ 1157.836047][T21322] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.4910'.
[ 1157.905322][T21147] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1158.060475][T21147] veth0_vlan: entered promiscuous mode
[ 1158.116151][T21147] veth1_vlan: entered promiscuous mode
[ 1158.741839][T21147] veth0_macvtap: entered promiscuous mode
[ 1158.765705][T21147] veth1_macvtap: entered promiscuous mode
[ 1158.843201][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1158.882938][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1158.919090][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1158.948298][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1158.973762][ T2943] wlan1: Creating new IBSS network, BSSID 66:1c:3c:8f:a6:c9
[ 1158.984144][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1159.008344][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1159.028799][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1159.051692][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1159.080988][T21147] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1159.130670][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1159.149632][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1159.159927][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1159.170675][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1159.187768][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1159.199519][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1159.215892][T21147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1159.229771][T21147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1159.243650][T21147] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1159.258472][T21147] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1159.267687][T21147] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1159.277552][T21147] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1159.322799][T21147] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1159.492430][T21363] netlink: 'syz.3.4919': attribute type 3 has an invalid length.
[ 1159.527521][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1159.532113][T21363] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.4919'.
[ 1159.554683][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1159.622271][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1159.655987][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1159.693620][T21369] netlink: 144 bytes leftover after parsing attributes in process `syz.0.4920'.
[ 1159.744705][T21369] netlink: 'syz.0.4920': attribute type 21 has an invalid length.
[ 1159.776185][T21369] netlink: 'syz.0.4920': attribute type 4 has an invalid length.
[ 1159.805925][T21374] netlink: 'syz.3.4921': attribute type 10 has an invalid length.
[ 1159.822973][T21374] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4921'.
[ 1159.933311][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1159.961864][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1160.153476][T21383] netlink: 'syz.3.4922': attribute type 10 has an invalid length.
[ 1160.167471][T21383] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4922'.
[ 1161.256654][T21407] netlink: 'syz.1.4935': attribute type 10 has an invalid length.
[ 1161.270131][T21407] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4935'.
[ 1161.281418][T21409] netlink: 'syz.2.4924': attribute type 1 has an invalid length.
[ 1161.423804][T21409] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1161.466570][T21414] netlink: 'syz.2.4924': attribute type 3 has an invalid length.
[ 1161.474953][T21414] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.4924'.
[ 1161.701883][T21419] netlink: 'syz.3.4929': attribute type 9 has an invalid length.
[ 1161.716406][T21419] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.4929'.
[ 1161.762076][T21421] netlink: 'syz.0.4930': attribute type 3 has an invalid length.
[ 1161.792604][T21421] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.4930'.
[ 1161.922517][T21423] netlink: 'syz.1.4931': attribute type 10 has an invalid length.
[ 1161.976308][T21423] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4931'.
[ 1162.252448][T19423] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[ 1162.515281][T21439] mac80211_hwsim hwsim31 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1162.529017][T21444] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.4939'.
[ 1162.603121][T21447] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.4943'.
[ 1162.710905][T21450] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4944'.
[ 1162.836509][T21455] netlink: 55 bytes leftover after parsing attributes in process `syz.2.4946'.
[ 1163.271311][T21469] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1163.299885][T21469] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.4947'.
[ 1163.934656][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1164.565686][T21506] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1164.874570][T21519] validate_nla: 15 callbacks suppressed
[ 1164.874590][T21519] netlink: 'syz.2.4968': attribute type 10 has an invalid length.
[ 1164.903440][ T2925] wlan1: Trigger new scan to find an IBSS to join
[ 1165.184933][T21525] FAULT_INJECTION: forcing a failure.
[ 1165.184933][T21525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1165.211677][T21525] CPU: 0 PID: 21525 Comm: syz.1.4971 Not tainted syzkaller #0
[ 1165.219199][T21525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1165.229290][T21525] Call Trace:
[ 1165.232597][T21525]  <TASK>
[ 1165.235571][T21525]  dump_stack_lvl+0x18c/0x250
[ 1165.240285][T21525]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1165.246477][T21525]  ? show_regs_print_info+0x20/0x20
[ 1165.251705][T21525]  ? load_image+0x420/0x420
[ 1165.256262][T21525]  should_fail_ex+0x39d/0x4d0
[ 1165.260979][T21525]  _copy_from_user+0x2f/0xe0
[ 1165.265603][T21525]  ___sys_sendmsg+0x1c7/0x360
[ 1165.270325][T21525]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1165.275163][T21525]  ? __lock_acquire+0x7d40/0x7d40
[ 1165.280262][T21525]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1165.285134][T21525]  ? __x64_sys_sendmsg+0x80/0x80
[ 1165.290172][T21525]  ? lockdep_hardirqs_on+0x98/0x150
[ 1165.295396][T21525]  do_syscall_64+0x55/0xb0
[ 1165.299837][T21525]  ? clear_bhb_loop+0x40/0x90
[ 1165.304520][T21525]  ? clear_bhb_loop+0x40/0x90
[ 1165.309187][T21525]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1165.315075][T21525] RIP: 0033:0x7f1d9d79ce59
[ 1165.319512][T21525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1165.339122][T21525] RSP: 002b:00007f1d9e58c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1165.347558][T21525] RAX: ffffffffffffffda RBX: 00007f1d9da15fa0 RCX: 00007f1d9d79ce59
[ 1165.355576][T21525] RDX: 0200000000000000 RSI: 0000200000000000 RDI: 000000000000000a
[ 1165.363575][T21525] RBP: 00007f1d9e58c090 R08: 0000000000000000 R09: 0000000000000000
[ 1165.371574][T21525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1165.379574][T21525] R13: 00007f1d9da16038 R14: 00007f1d9da15fa0 R15: 00007ffe5ff96118
[ 1165.387608][T21525]  </TASK>
[ 1165.530691][T21533] netlink: 'syz.3.4975': attribute type 10 has an invalid length.
[ 1165.574103][T21533] batman_adv: batadv0: Adding interface: veth0_vlan
[ 1165.582363][T21533] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1165.612253][T21533] batman_adv: batadv0: Interface activated: veth0_vlan
[ 1165.687516][T21539] syzkaller0: entered promiscuous mode
[ 1165.693297][T21539] syzkaller0: entered allmulticast mode
[ 1165.729044][T21543] netlink: 'syz.0.4978': attribute type 10 has an invalid length.
[ 1165.795434][T21541] netlink: 'syz.2.4977': attribute type 3 has an invalid length.
[ 1165.950928][ T2925] wlan1: Trigger new scan to find an IBSS to join
[ 1166.310577][T21556] netlink: 'syz.2.4983': attribute type 3 has an invalid length.
[ 1166.319119][T21556] netlink: 'syz.2.4983': attribute type 1 has an invalid length.
[ 1166.327541][T21556] __nla_validate_parse: 13 callbacks suppressed
[ 1166.327582][T21556] netlink: 193404 bytes leftover after parsing attributes in process `syz.2.4983'.
[ 1166.902899][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1166.975247][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1168.660097][T21569] netlink: 'syz.2.4989': attribute type 3 has an invalid length.
[ 1168.671666][T21571] netlink: 'syz.1.4988': attribute type 10 has an invalid length.
[ 1168.682131][T21571] netlink: 55 bytes leftover after parsing attributes in process `syz.1.4988'.
[ 1168.692830][T21569] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.4989'.
[ 1168.973676][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1169.159628][T21583] netlink: 'syz.2.4993': attribute type 3 has an invalid length.
[ 1169.221908][T21583] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.4993'.
[ 1170.163564][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1170.164205][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1170.641665][T14526] wlan1: Creating new IBSS network, BSSID a2:f6:bf:f1:42:c7
[ 1170.842371][T21599] netlink: 'syz.1.5000': attribute type 10 has an invalid length.
[ 1170.878045][T21599] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5000'.
[ 1171.087708][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1171.181095][T21611] netlink: 'syz.3.5001': attribute type 3 has an invalid length.
[ 1171.239831][T21611] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.5001'.
[ 1171.296597][T20233] wlan1: Creating new IBSS network, BSSID c6:f1:8f:ee:62:ae
[ 1171.934856][ T5772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1171.945172][ T5772] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1171.953323][ T5772] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1171.994806][ T5772] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1171.999292][T21624] netdevsim netdevsim3: Direct firmware load for {‰ failed with error -2
[ 1172.021458][T21624] netdevsim netdevsim3: Falling back to sysfs fallback for: {‰
[ 1172.042969][ T5772] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1172.053399][ T5772] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1172.067108][T14526] wlan1: Creating new IBSS network, BSSID fe:ac:cf:c2:84:50
[ 1172.124679][ T2943] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1172.237631][ T2943] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1172.334093][ T2943] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1172.454665][ T2943] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1172.591100][T21622] chnl_net:caif_netlink_parms(): no params data found
[ 1173.270701][T21622] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1173.314620][T21622] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1173.373672][T21622] bridge_slave_0: entered allmulticast mode
[ 1173.408591][T21622] bridge_slave_0: entered promiscuous mode
[ 1173.458581][T21622] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1173.508048][T21622] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1173.535595][T21622] bridge_slave_1: entered allmulticast mode
[ 1173.545727][T21622] bridge_slave_1: entered promiscuous mode
[ 1173.594088][ T2943] tipc: Left network mode
[ 1173.849471][T21622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1173.879119][T21622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1173.944712][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1174.050479][T21622] team0: Port device team_slave_0 added
[ 1174.109747][T21622] team0: Port device team_slave_1 added
[ 1174.185958][T19423] Bluetooth: hci3: command tx timeout
[ 1174.268423][T21663] netlink: 'syz.3.5012': attribute type 3 has an invalid length.
[ 1174.277762][T21663] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.5012'.
[ 1174.439972][T21622] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1174.466754][T21622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1174.587637][T21622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1174.619139][T21622] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1174.626244][T21622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1174.653263][T21622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1174.883141][   T79] wlan1: Creating new IBSS network, BSSID c2:10:1c:2e:c4:cc
[ 1175.106409][T21622] hsr_slave_0: entered promiscuous mode
[ 1175.122991][T21622] hsr_slave_1: entered promiscuous mode
[ 1175.150782][T21622] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1175.174616][T21622] Cannot create hsr debugfs directory
[ 1175.560267][   T59] .3ãc¤±: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1176.151873][T21699] netdevsim netdevsim0: Direct firmware load for {‰ failed with error -2
[ 1176.222791][T21699] netdevsim netdevsim0: Falling back to sysfs fallback for: {‰
[ 1176.253992][T19423] Bluetooth: hci3: command tx timeout
[ 1176.979468][T21700] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1177.158261][T21710] netlink: 'syz.2.5021': attribute type 3 has an invalid length.
[ 1177.205787][T21710] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.5021'.
[ 1177.382998][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.389389][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.550472][T21720] netlink: 'syz.0.5031': attribute type 3 has an invalid length.
[ 1177.591182][T21720] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5031'.
[ 1178.337828][T19423] Bluetooth: hci3: command tx timeout
[ 1178.590325][ T2943] hsr_slave_0: left promiscuous mode
[ 1178.654422][ T2943] hsr_slave_1: left promiscuous mode
[ 1178.696673][ T2943] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1178.772852][ T2943] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1179.495002][T21748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1179.516137][ T2943] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1179.530204][ T2943] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1179.574271][ T2943] veth1_macvtap: left promiscuous mode
[ 1179.579863][ T2943] veth0_macvtap: left promiscuous mode
[ 1179.674880][ T2943] geneve1 (unregistering): left promiscuous mode
[ 1179.682465][ T2943] geneve1 (unregistering): left allmulticast mode
[ 1179.695860][ T2943] team0 (unregistering): Port device geneve1 removed
[ 1179.966785][ T2943] team_slave_1 (unregistering): left promiscuous mode
[ 1179.975193][ T2943] team_slave_1 (unregistering): left allmulticast mode
[ 1179.983488][ T2943] team0 (unregistering): Port device team_slave_1 removed
[ 1180.026248][ T2943] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1180.069183][ T2943] bond0 (unregistering): (slave 
3
0
): Releasing backup interface
[ 1180.320446][ T2943] dummy0 (unregistering): left promiscuous mode
[ 1180.326901][ T2943] dummy0 (unregistering): left allmulticast mode
[ 1180.337671][ T2943] team0 (unregistering): Port device dummy0 removed
[ 1180.384307][ T2943] bond0 (unregistering): Released all slaves
[ 1180.412905][T19423] Bluetooth: hci3: command tx timeout
[ 1180.469951][T21622] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1180.491885][T21622] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1180.541396][T21622] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1180.578610][T21622] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1180.792287][T21622] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1180.835456][T21622] 8021q: adding VLAN 0 to HW filter on device team0
[ 1180.878483][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1180.885729][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1180.922196][T21762] netlink: 'syz.0.5034': attribute type 3 has an invalid length.
[ 1180.940850][T21762] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5034'.
[ 1180.967966][ T2925] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1180.975136][ T2925] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1181.338459][T21622] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1181.429499][T21622] veth0_vlan: entered promiscuous mode
[ 1181.442312][T21622] veth1_vlan: entered promiscuous mode
[ 1181.500714][T21622] veth0_macvtap: entered promiscuous mode
[ 1181.515739][T21622] veth1_macvtap: entered promiscuous mode
[ 1181.537253][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1181.555579][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.566096][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1181.577257][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.587552][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1181.599877][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.609768][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1181.620656][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.632380][T21622] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1181.649741][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1181.660472][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.670520][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1181.684142][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.694101][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1181.705515][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.715455][T21622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1181.725951][T21622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1181.736998][T21622] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1181.750372][T21622] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.759910][T21622] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.774594][T21622] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.785517][T21622] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.899348][T20232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1181.923487][T20232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1181.941918][T14526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1181.954321][T14526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1182.077026][T21796] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.5003'.
[ 1182.155781][T21803] netlink: 'syz.0.5044': attribute type 1 has an invalid length.
[ 1182.163267][T21794] netlink: 'syz.2.5045': attribute type 3 has an invalid length.
[ 1182.187346][T21794] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.5045'.
[ 1182.266359][T21800] FAULT_INJECTION: forcing a failure.
[ 1182.266359][T21800] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1182.290165][T21800] CPU: 0 PID: 21800 Comm: syz.3.5046 Not tainted syzkaller #0
[ 1182.297670][T21800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1182.307744][T21800] Call Trace:
[ 1182.311043][T21800]  <TASK>
[ 1182.313995][T21800]  dump_stack_lvl+0x18c/0x250
[ 1182.318708][T21800]  ? show_regs_print_info+0x20/0x20
[ 1182.323937][T21800]  ? load_image+0x420/0x420
[ 1182.328469][T21800]  ? __might_fault+0xaa/0x120
[ 1182.333175][T21800]  ? __lock_acquire+0x7d40/0x7d40
[ 1182.338232][T21800]  should_fail_ex+0x39d/0x4d0
[ 1182.342947][T21800]  _copy_to_user+0x2f/0xa0
[ 1182.347391][T21800]  bpf_test_finish+0x25a/0x650
[ 1182.352198][T21800]  ? dst_hold+0x70/0x70
[ 1182.356387][T21800]  ? convert_skb_to___skb+0x420/0x420
[ 1182.361797][T21800]  ? slab_build_skb+0x25f/0x3f0
[ 1182.366677][T21800]  bpf_prog_test_run_skb+0x1122/0x18c0
[ 1182.372185][T21800]  ? cpu_online+0x60/0x60
[ 1182.376543][T21800]  bpf_prog_test_run+0x321/0x390
[ 1182.381510][T21800]  __sys_bpf+0x49d/0x890
[ 1182.385784][T21800]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1182.391198][T21800]  ? lock_chain_count+0x20/0x20
[ 1182.396525][T21800]  __x64_sys_bpf+0x7c/0x90
[ 1182.400977][T21800]  do_syscall_64+0x55/0xb0
[ 1182.405421][T21800]  ? clear_bhb_loop+0x40/0x90
[ 1182.410118][T21800]  ? clear_bhb_loop+0x40/0x90
[ 1182.414802][T21800]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1182.420704][T21800] RIP: 0033:0x7fe7f779ce59
[ 1182.425130][T21800] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1182.444744][T21800] RSP: 002b:00007fe7f870f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1182.453163][T21800] RAX: ffffffffffffffda RBX: 00007fe7f7a15fa0 RCX: 00007fe7f779ce59
[ 1182.461137][T21800] RDX: 0000000000000050 RSI: 0000200000000540 RDI: 000000000000000a
[ 1182.469107][T21800] RBP: 00007fe7f870f090 R08: 0000000000000000 R09: 0000000000000000
[ 1182.477092][T21800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1182.485071][T21800] R13: 00007fe7f7a16038 R14: 00007fe7f7a15fa0 R15: 00007ffca821f2a8
[ 1182.493059][T21800]  </TASK>
[ 1182.514580][T21803] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1182.592536][T21806] netlink: 'syz.0.5044': attribute type 3 has an invalid length.
[ 1182.622869][T21806] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.5044'.
[ 1183.310639][T21818] netlink: 'syz.2.5039': attribute type 10 has an invalid length.
[ 1183.332941][T21818] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5039'.
[ 1183.661155][T21837] netlink: 'syz.0.5043': attribute type 1 has an invalid length.
[ 1183.718923][T21837] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1183.767246][T21837] netlink: 'syz.0.5043': attribute type 3 has an invalid length.
[ 1183.788722][T21837] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.5043'.
[ 1184.219771][T21852] netlink: 'syz.1.5050': attribute type 3 has an invalid length.
[ 1184.240723][T21852] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.5050'.
[ 1184.626568][T21867] netlink: 'syz.2.5052': attribute type 1 has an invalid length.
[ 1185.501649][T21860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1185.541459][T21867] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1185.554083][T21871] netlink: 'syz.2.5052': attribute type 3 has an invalid length.
[ 1185.595627][T21871] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.5052'.
[ 1185.626353][T21877] netlink: 'syz.0.5055': attribute type 10 has an invalid length.
[ 1185.645183][T21877] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5055'.
[ 1185.871353][T21896] netlink: 'syz.0.5058': attribute type 12 has an invalid length.
[ 1185.889673][T21896] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5058'.
[ 1185.943244][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1187.148093][T21923] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5067'.
[ 1187.361900][T21916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1187.508623][T21930] validate_nla: 1 callbacks suppressed
[ 1187.508639][T21930] netlink: 'syz.0.5077': attribute type 10 has an invalid length.
[ 1187.523104][T21930] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5077'.
[ 1187.540430][T21931] netlink: 'syz.3.5069': attribute type 1 has an invalid length.
[ 1187.599463][T21931] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1187.630439][T21931] netlink: 'syz.3.5069': attribute type 3 has an invalid length.
[ 1187.662949][T21931] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.5069'.
[ 1187.704200][T21937] netlink: 60243 bytes leftover after parsing attributes in process `syz.1.5071'.
[ 1187.730272][T21937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5071'.
[ 1187.748702][T21940] netlink: 'syz.0.5081': attribute type 10 has an invalid length.
[ 1187.757600][T21940] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5081'.
[ 1187.933326][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1189.083479][T21959] syz.3.5082: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[ 1189.109592][T21959] CPU: 0 PID: 21959 Comm: syz.3.5082 Not tainted syzkaller #0
[ 1189.117109][T21959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1189.127194][T21959] Call Trace:
[ 1189.130501][T21959]  <TASK>
[ 1189.133463][T21959]  dump_stack_lvl+0x18c/0x250
[ 1189.138176][T21959]  ? show_regs_print_info+0x20/0x20
[ 1189.143391][T21959]  ? load_image+0x420/0x420
[ 1189.147910][T21959]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1189.154351][T21959]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1189.160894][T21959]  warn_alloc+0x246/0x340
[ 1189.165256][T21959]  ? stack_trace_save+0xaa/0x100
[ 1189.170218][T21959]  ? zone_watermark_ok_safe+0x230/0x230
[ 1189.175797][T21959]  ? kasan_set_track+0x5f/0x70
[ 1189.180579][T21959]  ? kasan_set_track+0x4e/0x70
[ 1189.185353][T21959]  ? __kasan_kmalloc+0x8f/0xa0
[ 1189.190123][T21959]  ? xsk_init_queue+0xad/0x100
[ 1189.194901][T21959]  ? xsk_setsockopt+0x4e5/0x760
[ 1189.199754][T21959]  ? do_sock_setsockopt+0x175/0x1a0
[ 1189.204996][T21959]  ? __x64_sys_setsockopt+0x182/0x200
[ 1189.210407][T21959]  __vmalloc_node_range+0x126/0x1330
[ 1189.215761][T21959]  ? free_vm_area+0x50/0x50
[ 1189.220306][T21959]  vmalloc_user+0x74/0x80
[ 1189.224671][T21959]  ? xskq_create+0xbf/0x170
[ 1189.229190][T21959]  xskq_create+0xbf/0x170
[ 1189.233535][T21959]  xsk_init_queue+0xad/0x100
[ 1189.238163][T21959]  xsk_setsockopt+0x4e5/0x760
[ 1189.242872][T21959]  ? xsk_poll+0x680/0x680
[ 1189.247233][T21959]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1189.253412][T21959]  ? xsk_poll+0x680/0x680
[ 1189.257752][T21959]  ? do_sock_setsockopt+0x15e/0x1a0
[ 1189.262968][T21959]  ? xsk_poll+0x680/0x680
[ 1189.267311][T21959]  do_sock_setsockopt+0x175/0x1a0
[ 1189.272349][T21959]  ? __fdget+0x180/0x210
[ 1189.276626][T21959]  __x64_sys_setsockopt+0x182/0x200
[ 1189.281933][T21959]  do_syscall_64+0x55/0xb0
[ 1189.286362][T21959]  ? clear_bhb_loop+0x40/0x90
[ 1189.291058][T21959]  ? clear_bhb_loop+0x40/0x90
[ 1189.295760][T21959]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1189.301670][T21959] RIP: 0033:0x7fe7f779ce59
[ 1189.306106][T21959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1189.325733][T21959] RSP: 002b:00007fe7f870f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1189.334168][T21959] RAX: ffffffffffffffda RBX: 00007fe7f7a15fa0 RCX: 00007fe7f779ce59
[ 1189.342153][T21959] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000051
[ 1189.350163][T21959] RBP: 00007fe7f7832e6f R08: 0000000000000004 R09: 0000000000000000
[ 1189.358583][T21959] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[ 1189.366563][T21959] R13: 00007fe7f7a16038 R14: 00007fe7f7a15fa0 R15: 00007ffca821f2a8
[ 1189.374579][T21959]  </TASK>
[ 1189.427663][T21959] Mem-Info:
[ 1189.432163][T21959] active_anon:21668 inactive_anon:0 isolated_anon:0
[ 1189.432163][T21959]  active_file:13471 inactive_file:46572 isolated_file:0
[ 1189.432163][T21959]  unevictable:768 dirty:165 writeback:0
[ 1189.432163][T21959]  slab_reclaimable:10812 slab_unreclaimable:95504
[ 1189.432163][T21959]  mapped:26303 shmem:1361 pagetables:544
[ 1189.432163][T21959]  sec_pagetables:0 bounce:0
[ 1189.432163][T21959]  kernel_misc_reclaimable:0
[ 1189.432163][T21959]  free:1326699 free_pcp:7992 free_cma:0
[ 1189.511638][T21959] Node 0 active_anon:86572kB inactive_anon:0kB active_file:53884kB inactive_file:186088kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105212kB dirty:656kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10460kB pagetables:2076kB sec_pagetables:0kB all_unreclaimable? no
[ 1189.533110][T21971] netlink: 'syz.1.5084': attribute type 10 has an invalid length.
[ 1189.550529][T21959] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1189.593482][T21959] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1189.597225][T21971] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5084'.
[ 1189.641490][T21959] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1189.651636][T21959] Node 0 DMA32 free:1378604kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:88236kB inactive_anon:0kB active_file:53884kB inactive_file:185252kB unevictable:1536kB writepending:652kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:23192kB local_pcp:4416kB free_cma:0kB
[ 1189.713548][T21959] lowmem_reserve[]: 0 0 0 0 0
[ 1189.718457][T21959] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:836kB unevictable:0kB writepending:4kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1189.747419][T21959] lowmem_reserve[]: 0 0 0 0 0
[ 1189.752289][T21959] Node 1 Normal free:3912328kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:7876kB local_pcp:5380kB free_cma:0kB
[ 1189.797563][T21959] lowmem_reserve[]: 0 0 0 0 0
[ 1189.802541][T21959] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1189.821908][T21959] Node 0 DMA32: 0*4kB 503*8kB (ME) 702*16kB (UM) 1441*32kB (UME) 2502*64kB (UME) 1030*128kB (UM) 218*256kB (UM) 52*512kB (UM) 10*1024kB (M) 7*2048kB (M) 224*4096kB (ME) = 1377848kB
[ 1189.846730][T21959] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1189.876027][T21959] Node 1 Normal: 206*4kB (UE) 50*8kB (UE) 28*16kB (UE) 236*32kB (U) 78*64kB (UME) 20*128kB (UME) 3*256kB (UE) 3*512kB (UME) 2*1024kB (UE) 2*2048kB (UE) 949*4096kB (M) = 3912328kB
[ 1189.895444][T21959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1189.906338][T21959] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1189.916589][T21959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1189.927568][T21959] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1189.932977][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1189.943461][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1189.947879][T21959] 62088 total pagecache pages
[ 1189.964630][T21959] 0 pages in swap cache
[ 1189.969209][T21959] Free swap  = 124728kB
[ 1189.974049][T21959] Total swap = 124996kB
[ 1189.978329][T21959] 2097051 pages RAM
[ 1189.982253][T21959] 0 pages HighMem/MovableOnly
[ 1189.988899][T21959] 416933 pages reserved
[ 1190.012057][T21959] 0 pages cma reserved
[ 1190.933662][T14526] wlan1: Creating new IBSS network, BSSID 62:a1:02:3b:4c:59
[ 1190.957514][T21998] netlink: 'syz.0.5100': attribute type 3 has an invalid length.
[ 1190.963318][T22001] netlink: 'syz.1.5092': attribute type 1 has an invalid length.
[ 1190.979606][T21998] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5100'.
[ 1191.070156][T22001] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1191.094104][T22005] netlink: 'syz.1.5092': attribute type 3 has an invalid length.
[ 1191.102358][T22005] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.5092'.
[ 1191.568765][T22018] netlink: 'syz.2.5096': attribute type 1 has an invalid length.
[ 1191.605659][T22018] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1191.636678][T22018] netlink: 'syz.2.5096': attribute type 3 has an invalid length.
[ 1191.653013][T22018] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.5096'.
[ 1192.818289][T22030] __nla_validate_parse: 1 callbacks suppressed
[ 1192.818307][T22030] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.5103'.
[ 1193.307892][T22046] validate_nla: 1 callbacks suppressed
[ 1193.307929][T22046] netlink: 'syz.2.5105': attribute type 3 has an invalid length.
[ 1193.326671][T22046] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.5105'.
[ 1193.674840][T22056] netlink: 'syz.2.5109': attribute type 10 has an invalid length.
[ 1193.703161][T22056] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5109'.
[ 1193.934390][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1194.066623][T22064] netlink: 'syz.1.5112': attribute type 1 has an invalid length.
[ 1194.097957][T22064] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1194.128482][T22064] netlink: 'syz.1.5112': attribute type 3 has an invalid length.
[ 1194.139082][T22064] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.5112'.
[ 1194.895161][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1195.438598][T22068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1195.739153][T22083] netlink: 'syz.3.5121': attribute type 10 has an invalid length.
[ 1195.752397][T22083] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1195.761878][T22083] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1195.821004][T20232] wlan1: Creating new IBSS network, BSSID 7e:bd:8e:8d:85:0d
[ 1195.878655][T22083] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1195.886767][T22083] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1195.896740][T22083] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1195.904634][T22083] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1196.159670][T22083] team0: Port device bridge0 added
[ 1196.213227][T22085] netlink: 'syz.1.5120': attribute type 10 has an invalid length.
[ 1196.238808][T22085] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5120'.
[ 1196.571212][T22093] netlink: 'syz.0.5124': attribute type 10 has an invalid length.
[ 1196.609110][T22093] team0: Device ipvlan1 failed to register rx_handler
[ 1197.336289][T22103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1197.377306][T22107] netlink: 'syz.2.5128': attribute type 1 has an invalid length.
[ 1197.410210][T22109] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1197.426694][T22110] netlink: 'syz.2.5128': attribute type 3 has an invalid length.
[ 1197.435216][T22110] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.5128'.
[ 1197.560384][T22115] FAULT_INJECTION: forcing a failure.
[ 1197.560384][T22115] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1197.574606][T22115] CPU: 0 PID: 22115 Comm: syz.2.5130 Not tainted syzkaller #0
[ 1197.582118][T22115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1197.592191][T22115] Call Trace:
[ 1197.595488][T22115]  <TASK>
[ 1197.598437][T22115]  dump_stack_lvl+0x18c/0x250
[ 1197.603142][T22115]  ? show_regs_print_info+0x20/0x20
[ 1197.608361][T22115]  ? load_image+0x420/0x420
[ 1197.612883][T22115]  ? __lock_acquire+0x7d40/0x7d40
[ 1197.617932][T22115]  should_fail_ex+0x39d/0x4d0
[ 1197.622660][T22115]  prepare_alloc_pages+0x1e2/0x5f0
[ 1197.627797][T22115]  __alloc_pages+0x134/0x460
[ 1197.632407][T22115]  ? zone_statistics+0x170/0x170
[ 1197.637366][T22115]  ? mt_find+0x169/0x650
[ 1197.641626][T22115]  ? alloc_pages+0x4dc/0x740
[ 1197.646234][T22115]  __pud_alloc+0x3a/0x1f0
[ 1197.650589][T22115]  handle_mm_fault+0x36a8/0x4c00
[ 1197.655547][T22115]  ? handle_mm_fault+0xe7/0x4c00
[ 1197.660517][T22115]  ? numa_migrate_prep+0x350/0x350
[ 1197.665656][T22115]  ? lock_chain_count+0x20/0x20
[ 1197.670535][T22115]  ? lock_mm_and_find_vma+0x9c/0x2f0
[ 1197.675839][T22115]  do_user_addr_fault+0x730/0x12c0
[ 1197.680986][T22115]  exc_page_fault+0x64/0x100
[ 1197.685609][T22115]  asm_exc_page_fault+0x26/0x30
[ 1197.690481][T22115] RIP: 0010:__put_user_4+0x11/0x20
[ 1197.695614][T22115] Code: 01 ca c3 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb
[ 1197.715244][T22115] RSP: 0018:ffffc9000509fe80 EFLAGS: 00050206
[ 1197.721328][T22115] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000200000000300
[ 1197.729317][T22115] RDX: 0000000000000000 RSI: ffffffff8acadd60 RDI: ffffffff8b1c9c20
[ 1197.737309][T22115] RBP: 0000000000000004 R08: ffffffff8e8b666f R09: 1ffffffff1d16ccd
[ 1197.745300][T22115] R10: dffffc0000000000 R11: fffffbfff1d16cce R12: 0000000000000000
[ 1197.753290][T22115] R13: 0000200000000300 R14: 000000000000001d R15: 0000000000000002
[ 1197.761296][T22115]  __sys_socketpair+0xb8/0x550
[ 1197.766095][T22115]  __x64_sys_socketpair+0x9b/0xb0
[ 1197.771144][T22115]  do_syscall_64+0x55/0xb0
[ 1197.775584][T22115]  ? clear_bhb_loop+0x40/0x90
[ 1197.780278][T22115]  ? clear_bhb_loop+0x40/0x90
[ 1197.784972][T22115]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1197.790887][T22115] RIP: 0033:0x7f620639ce59
[ 1197.795320][T22115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1197.814944][T22115] RSP: 002b:00007f62071e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[ 1197.823380][T22115] RAX: ffffffffffffffda RBX: 00007f6206615fa0 RCX: 00007f620639ce59
[ 1197.831381][T22115] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d
[ 1197.839376][T22115] RBP: 00007f62071e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1197.847370][T22115] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[ 1197.855364][T22115] R13: 00007f6206616038 R14: 00007f6206615fa0 R15: 00007ffcd2f38ac8
[ 1197.863376][T22115]  </TASK>
[ 1197.933076][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1199.934024][ T8072] wlan1: Trigger new scan to find an IBSS to join
[ 1200.205135][T22123] netlink: 'syz.1.5133': attribute type 10 has an invalid length.
[ 1200.213973][T22123] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5133'.
[ 1200.455943][T22140] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1200.467026][T22145] netlink: 'syz.2.5138': attribute type 1 has an invalid length.
[ 1200.594556][T22145] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1200.636562][T22149] netlink: 'syz.2.5138': attribute type 3 has an invalid length.
[ 1200.670032][T22149] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.5138'.
[ 1201.589656][T22160] netlink: 'syz.3.5144': attribute type 3 has an invalid length.
[ 1201.622852][T22165] netlink: 'syz.2.5146': attribute type 10 has an invalid length.
[ 1201.630720][T22165] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5146'.
[ 1201.645920][T22160] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.5144'.
[ 1201.926173][T22170] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1202.227472][T22177] netlink: 'syz.2.5152': attribute type 3 has an invalid length.
[ 1202.236526][T22177] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.5152'.
[ 1202.278913][   T59] hsr_slave_0: left promiscuous mode
[ 1202.296846][   T59] hsr_slave_1: left promiscuous mode
[ 1202.309455][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1202.322877][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1202.341378][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1202.344312][T22187] netlink: 'syz.3.5151': attribute type 29 has an invalid length.
[ 1202.361376][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1202.384123][   T59] batadv0: left allmulticast mode
[ 1202.390791][   T59] batadv0: left promiscuous mode
[ 1202.405591][   T59] bridge0: port 3(batadv0) entered disabled state
[ 1202.443608][   T59] bridge_slave_1: left allmulticast mode
[ 1202.466411][   T59] bridge_slave_1: left promiscuous mode
[ 1202.481219][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1202.501528][   T59] bridge_slave_0: left allmulticast mode
[ 1202.507370][   T59] bridge_slave_0: left promiscuous mode
[ 1202.513453][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1202.555090][   T59] veth1_macvtap: left promiscuous mode
[ 1202.560794][   T59] veth0_macvtap: left promiscuous mode
[ 1202.791499][   T59] team0 (unregistering): Port device geneve1 removed
[ 1202.980961][   T11] wlan1: Trigger new scan to find an IBSS to join
[ 1202.994067][ T2943] wlan1: Trigger new scan to find an IBSS to join
[ 1203.261904][   T59] team0 (unregistering): Port device team_slave_1 removed
[ 1203.348557][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1203.420451][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1203.821936][   T59] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1203.872129][   T59] bond0 (unregistering): Released all slaves
[ 1203.941977][T20233] wlan1: Creating new IBSS network, BSSID e2:0a:54:4d:0a:d5
[ 1204.012760][T22181] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.5151'.
[ 1204.022342][T22180] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.5153'.
[ 1204.040066][T22188] netlink: 'syz.0.5154': attribute type 1 has an invalid length.
[ 1204.062822][T22187] netlink: 'syz.3.5151': attribute type 29 has an invalid length.
[ 1204.081643][T22190] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1204.102242][T22193] netlink: 'syz.0.5154': attribute type 3 has an invalid length.
[ 1204.110209][T22193] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.5154'.
[ 1204.274599][T22200] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5158'.
[ 1204.288578][T22198] FAULT_INJECTION: forcing a failure.
[ 1204.288578][T22198] name failslab, interval 1, probability 0, space 0, times 0
[ 1204.306623][T22198] CPU: 1 PID: 22198 Comm: syz.2.5157 Not tainted syzkaller #0
[ 1204.314113][T22198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1204.324180][T22198] Call Trace:
[ 1204.327467][T22198]  <TASK>
[ 1204.330409][T22198]  dump_stack_lvl+0x18c/0x250
[ 1204.335112][T22198]  ? show_regs_print_info+0x20/0x20
[ 1204.340326][T22198]  ? load_image+0x420/0x420
[ 1204.344853][T22198]  ? __might_sleep+0xe0/0xe0
[ 1204.349461][T22198]  ? __lock_acquire+0x7d40/0x7d40
[ 1204.354288][T22201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1204.354488][T22198]  should_fail_ex+0x39d/0x4d0
[ 1204.368878][T22198]  should_failslab+0x9/0x20
[ 1204.373397][T22198]  slab_pre_alloc_hook+0x59/0x310
[ 1204.378437][T22198]  ? kvmalloc_node+0x70/0x180
[ 1204.383124][T22198]  ? kvmalloc_node+0x70/0x180
[ 1204.387797][T22198]  __kmem_cache_alloc_node+0x53/0x250
[ 1204.393169][T22198]  ? kvmalloc_node+0x70/0x180
[ 1204.397849][T22198]  __kmalloc_node+0xa4/0x230
[ 1204.402439][T22198]  kvmalloc_node+0x70/0x180
[ 1204.406937][T22198]  page_pool_create+0x1eb/0x5c0
[ 1204.411790][T22198]  bpf_test_run_xdp_live+0x203/0x1b20
[ 1204.417165][T22198]  ? 0xffffffffa0004740
[ 1204.421314][T22198]  ? 0xffffffffa0004740
[ 1204.425467][T22198]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 1204.431354][T22198]  ? 0xffffffffa0004740
[ 1204.435502][T22198]  ? xdp_convert_md_to_buff+0x330/0x330
[ 1204.441066][T22198]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 1204.447303][T22198]  ? _copy_from_user+0xa5/0xe0
[ 1204.452066][T22198]  ? bpf_test_init+0x119/0x140
[ 1204.456823][T22198]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1204.462275][T22198]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 1204.467653][T22198]  ? dev_put+0x80/0x80
[ 1204.471726][T22198]  ? dev_put+0x80/0x80
[ 1204.475792][T22198]  bpf_prog_test_run+0x321/0x390
[ 1204.480726][T22198]  __sys_bpf+0x49d/0x890
[ 1204.484964][T22198]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1204.490344][T22198]  ? lock_chain_count+0x20/0x20
[ 1204.495192][T22198]  __x64_sys_bpf+0x7c/0x90
[ 1204.499605][T22198]  do_syscall_64+0x55/0xb0
[ 1204.504014][T22198]  ? clear_bhb_loop+0x40/0x90
[ 1204.508689][T22198]  ? clear_bhb_loop+0x40/0x90
[ 1204.513359][T22198]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1204.519247][T22198] RIP: 0033:0x7f620639ce59
[ 1204.523658][T22198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1204.543279][T22198] RSP: 002b:00007f62071e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1204.551693][T22198] RAX: ffffffffffffffda RBX: 00007f6206615fa0 RCX: 00007f620639ce59
[ 1204.559679][T22198] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1204.567659][T22198] RBP: 00007f62071e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1204.575631][T22198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1204.583601][T22198] R13: 00007f6206616038 R14: 00007f6206615fa0 R15: 00007ffcd2f38ac8
[ 1204.591584][T22198]  </TASK>
[ 1204.618584][T22198] page_pool_create() gave up with errno -12
[ 1205.163205][T22208] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.5161'.
[ 1205.495969][T22222] validate_nla: 2 callbacks suppressed
[ 1205.495985][T22222] netlink: 'syz.3.5166': attribute type 1 has an invalid length.
[ 1205.543920][T22222] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1205.741279][T22222] netlink: 'syz.3.5166': attribute type 3 has an invalid length.
[ 1205.753715][T22222] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.5166'.
[ 1205.765677][T22228] netlink: 'syz.2.5170': attribute type 10 has an invalid length.
[ 1205.774177][T22228] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5170'.
[ 1205.890883][T22233] netlink: 'syz.2.5171': attribute type 10 has an invalid length.
[ 1206.435046][T22233] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1206.444311][T22233] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1206.547190][T22233] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1206.555648][T22233] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1206.570129][T22233] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1206.581959][T22233] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1206.703857][T22240] netlink: 135856 bytes leftover after parsing attributes in process `syz.3.5173'.
[ 1206.713722][T22240] netlink: 8442 bytes leftover after parsing attributes in process `syz.3.5173'.
[ 1206.733988][T22233] team0: Port device bridge0 added
[ 1206.923794][T22247] netlink: 'syz.2.5176': attribute type 21 has an invalid length.
[ 1206.963127][T22247] netlink: 'syz.2.5176': attribute type 1 has an invalid length.
[ 1206.970923][T22247] FAULT_INJECTION: forcing a failure.
[ 1206.970923][T22247] name failslab, interval 1, probability 0, space 0, times 0
[ 1206.990692][T22247] CPU: 0 PID: 22247 Comm: syz.2.5176 Not tainted syzkaller #0
[ 1206.998196][T22247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1207.008878][T22247] Call Trace:
[ 1207.012185][T22247]  <TASK>
[ 1207.015134][T22247]  dump_stack_lvl+0x18c/0x250
[ 1207.019839][T22247]  ? show_regs_print_info+0x20/0x20
[ 1207.025156][T22247]  ? load_image+0x420/0x420
[ 1207.029693][T22247]  ? __nla_validate+0x50/0x50
[ 1207.034390][T22247]  ? ip_tun_parse_opts+0x117/0x1050
[ 1207.039616][T22247]  should_fail_ex+0x39d/0x4d0
[ 1207.044329][T22247]  should_failslab+0x9/0x20
[ 1207.048855][T22247]  slab_pre_alloc_hook+0x59/0x310
[ 1207.053905][T22247]  ? ip6_tun_build_state+0x14e/0x6a0
[ 1207.059209][T22247]  ? ip6_tun_build_state+0x14e/0x6a0
[ 1207.064513][T22247]  __kmem_cache_alloc_node+0x53/0x250
[ 1207.069914][T22247]  ? ip6_tun_build_state+0x14e/0x6a0
[ 1207.075226][T22247]  __kmalloc+0xa4/0x230
[ 1207.079413][T22247]  ip6_tun_build_state+0x14e/0x6a0
[ 1207.084549][T22247]  ? ip_tun_fill_encap_opts+0xe60/0xe60
[ 1207.090150][T22247]  lwtunnel_build_state+0x37e/0x4b0
[ 1207.095489][T22247]  ? lwtunnel_build_state+0xe2/0x4b0
[ 1207.100800][T22247]  fib_nh_common_init+0x143/0x410
[ 1207.105857][T22247]  ? ip_fib_metrics_init+0x422/0x710
[ 1207.111170][T22247]  ? fib_dump_info+0x1070/0x1070
[ 1207.116138][T22247]  ? skb_gro_incr_csum_unnecessary+0x300/0x300
[ 1207.122317][T22247]  fib_nh_init+0x9e/0x410
[ 1207.126687][T22247]  fib_create_info+0xf05/0x2460
[ 1207.131586][T22247]  fib_table_insert+0xc6/0x1b20
[ 1207.136470][T22247]  ? fib_trie_table+0x138/0x1c0
[ 1207.141327][T22247]  ? fib_new_table+0x27f/0x2d0
[ 1207.146105][T22247]  inet_rtm_newroute+0x14b/0x240
[ 1207.151075][T22247]  ? rcu_read_unlock+0xa0/0xa0
[ 1207.155878][T22247]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1207.161012][T22247]  ? rtnetlink_rcv_msg+0x221/0xfa0
[ 1207.166143][T22247]  ? rcu_read_unlock+0xa0/0xa0
[ 1207.170929][T22247]  rtnetlink_rcv_msg+0x869/0xfa0
[ 1207.175893][T22247]  ? lockdep_hardirqs_on+0x98/0x150
[ 1207.181116][T22247]  ? rtnetlink_bind+0x80/0x80
[ 1207.185829][T22247]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1207.191840][T22247]  ? lock_chain_count+0x20/0x20
[ 1207.196716][T22247]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1207.202107][T22247]  ? lockdep_hardirqs_on+0x98/0x150
[ 1207.207333][T22247]  ? __local_bh_enable_ip+0x13a/0x1c0
[ 1207.212725][T22247]  ? _local_bh_enable+0xa0/0xa0
[ 1207.217604][T22247]  ? __dev_queue_xmit+0x265/0x3660
[ 1207.222916][T22247]  ? __dev_queue_xmit+0x265/0x3660
[ 1207.228058][T22247]  ? __dev_queue_xmit+0x1b2c/0x3660
[ 1207.233292][T22247]  ? __dev_queue_xmit+0x265/0x3660
[ 1207.238443][T22247]  ? ref_tracker_free+0x690/0x840
[ 1207.243504][T22247]  netlink_rcv_skb+0x241/0x4d0
[ 1207.248382][T22247]  ? rtnetlink_bind+0x80/0x80
[ 1207.253085][T22247]  ? netlink_ack+0x1180/0x1180
[ 1207.257885][T22247]  ? __lock_acquire+0x7d40/0x7d40
[ 1207.262940][T22247]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1207.268163][T22247]  netlink_unicast+0x751/0x8d0
[ 1207.272959][T22247]  netlink_sendmsg+0x8d0/0xbf0
[ 1207.277750][T22247]  ? netlink_getsockopt+0x590/0x590
[ 1207.282969][T22247]  ? aa_sock_msg_perm+0x94/0x150
[ 1207.287933][T22247]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1207.293242][T22247]  ? security_socket_sendmsg+0x80/0xa0
[ 1207.298724][T22247]  ? netlink_getsockopt+0x590/0x590
[ 1207.303946][T22247]  ____sys_sendmsg+0x5ba/0x960
[ 1207.308747][T22247]  ? __asan_memset+0x22/0x40
[ 1207.313362][T22247]  ? __sys_sendmsg_sock+0x30/0x30
[ 1207.318408][T22247]  ? __import_iovec+0x5f2/0x850
[ 1207.323290][T22247]  ? import_iovec+0x73/0xa0
[ 1207.327821][T22247]  ___sys_sendmsg+0x2a6/0x360
[ 1207.332519][T22247]  ? get_pid_task+0x20/0x1e0
[ 1207.337138][T22247]  ? __sys_sendmsg+0x2a0/0x2a0
[ 1207.341947][T22247]  ? __lock_acquire+0x7d40/0x7d40
[ 1207.347027][T22247]  __se_sys_sendmsg+0x1c2/0x2b0
[ 1207.351906][T22247]  ? __x64_sys_sendmsg+0x80/0x80
[ 1207.356884][T22247]  ? lockdep_hardirqs_on+0x98/0x150
[ 1207.362110][T22247]  do_syscall_64+0x55/0xb0
[ 1207.366545][T22247]  ? clear_bhb_loop+0x40/0x90
[ 1207.371239][T22247]  ? clear_bhb_loop+0x40/0x90
[ 1207.375936][T22247]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1207.381850][T22247] RIP: 0033:0x7f620639ce59
[ 1207.386289][T22247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1207.405913][T22247] RSP: 002b:00007f62071e6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1207.414349][T22247] RAX: ffffffffffffffda RBX: 00007f6206615fa0 RCX: 00007f620639ce59
[ 1207.422339][T22247] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[ 1207.430335][T22247] RBP: 00007f62071e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1207.438331][T22247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1207.446327][T22247] R13: 00007f6206616038 R14: 00007f6206615fa0 R15: 00007ffcd2f38ac8
[ 1207.454340][T22247]  </TASK>
[ 1207.560415][T22251] netlink: 'syz.0.5177': attribute type 3 has an invalid length.
[ 1207.592136][T22251] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5177'.
[ 1207.742393][T22257] netlink: 'syz.2.5179': attribute type 10 has an invalid length.
[ 1207.762822][T22257] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5179'.
[ 1207.932993][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1207.941045][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1207.948664][   T11] wlan1: Trigger new scan to find an IBSS to join
[ 1207.963577][T22264] netlink: 'syz.3.5181': attribute type 1 has an invalid length.
[ 1208.606712][T22267] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1208.662965][T22268] netlink: 'syz.3.5181': attribute type 3 has an invalid length.
[ 1208.670905][T22268] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.5181'.
[ 1208.994613][T19423] Bluetooth: hci1: unexpected event 0x10 length: 15 > 1
[ 1208.996123][T19423] Bluetooth: hci1: hardware error 0x00
[ 1209.017326][   T59] wlan1: Creating new IBSS network, BSSID a2:07:2b:e1:8d:39
[ 1209.068534][T22279] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5186'.
[ 1209.221325][T22286] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1209.244917][T22286] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.5188'.
[ 1210.400932][T22299] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1210.428906][T22300] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.5192'.
[ 1210.585296][T22309] validate_nla: 6 callbacks suppressed
[ 1210.585312][T22309] netlink: 'syz.0.5195': attribute type 1 has an invalid length.
[ 1210.655332][T22309] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1210.690707][T22309] netlink: 'syz.0.5195': attribute type 3 has an invalid length.
[ 1210.923551][T22316] __nla_validate_parse: 2 callbacks suppressed
[ 1210.923565][T22316] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.5198'.
[ 1210.962901][T22316] bridge: RTM_NEWNEIGH with invalid state 0x1
[ 1211.052924][T19423] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1211.265526][T22324] netlink: 135856 bytes leftover after parsing attributes in process `syz.3.5200'.
[ 1211.310543][T22326] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.5201'.
[ 1211.338694][T22327] netlink: 'syz.1.5199': attribute type 3 has an invalid length.
[ 1211.362927][T22327] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.5199'.
[ 1211.942111][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1212.515924][T22340] netlink: 'syz.3.5205': attribute type 10 has an invalid length.
[ 1212.542888][T22340] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5205'.
[ 1212.805953][T22350] netlink: 'syz.2.5208': attribute type 1 has an invalid length.
[ 1212.907426][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1212.915411][   T11] wlan1: Trigger new scan to find an IBSS to join
[ 1213.029222][T22350] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1213.057597][T22349] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.5209'.
[ 1213.084881][T22350] netlink: 'syz.2.5208': attribute type 3 has an invalid length.
[ 1213.108631][T22350] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.5208'.
[ 1213.137798][T22349] netlink: 'syz.3.5209': attribute type 39 has an invalid length.
[ 1213.524056][T22363] netlink: 'syz.1.5212': attribute type 1 has an invalid length.
[ 1214.248355][T22364] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1214.304101][T22365] netlink: 'syz.1.5212': attribute type 3 has an invalid length.
[ 1214.318583][T22365] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.5212'.
[ 1214.477637][T22375] netlink: 'syz.1.5216': attribute type 4 has an invalid length.
[ 1214.507137][T22375] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5216'.
[ 1214.681533][T22379] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5217'.
[ 1215.293751][ T5772] Bluetooth: hci2: command 0x0406 tx timeout
[ 1215.670377][T22392] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1215.709688][T22392] validate_nla: 3 callbacks suppressed
[ 1215.709705][T22392] netlink: 'syz.0.5221': attribute type 3 has an invalid length.
[ 1216.033798][T22403] netlink: 'syz.1.5224': attribute type 1 has an invalid length.
[ 1216.505739][T22403] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1216.547722][T22404] netlink: 'syz.1.5224': attribute type 3 has an invalid length.
[ 1216.555575][T22404] __nla_validate_parse: 2 callbacks suppressed
[ 1216.555588][T22404] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.5224'.
[ 1216.579436][T22408] netlink: 'syz.0.5225': attribute type 1 has an invalid length.
[ 1216.691364][T22408] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1216.736237][T22408] netlink: 'syz.0.5225': attribute type 3 has an invalid length.
[ 1216.744850][T22408] netlink: 16066 bytes leftover after parsing attributes in process `syz.0.5225'.
[ 1216.895028][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1216.973951][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1217.427533][T22416] netlink: 'syz.1.5228': attribute type 10 has an invalid length.
[ 1217.489605][T22416] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5228'.
[ 1217.757843][T22424] netlink: 'syz.0.5233': attribute type 3 has an invalid length.
[ 1217.766937][T22424] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5233'.
[ 1217.796513][T22426] netlink: 'syz.1.5234': attribute type 8 has an invalid length.
[ 1217.812928][T22426] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5234'.
[ 1218.066419][ T7772] wlan1: Creating new IBSS network, BSSID 32:8d:0a:26:e5:69
[ 1218.325200][T22439] netlink: 'syz.0.5237': attribute type 1 has an invalid length.
[ 1218.405972][T22439] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1218.841781][T22448] netlink: 'syz.3.5241': attribute type 3 has an invalid length.
[ 1218.852090][T22448] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.5241'.
[ 1218.897741][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1219.277936][T22441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1219.460140][T22454] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5242'.
[ 1219.628436][T22459] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.5245'.
[ 1219.932975][ T7772] wlan1: Trigger new scan to find an IBSS to join
[ 1220.076011][T22474] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1220.888201][T22472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1220.977907][ T7772] wlan1: Trigger new scan to find an IBSS to join
[ 1221.087616][T22482] validate_nla: 3 callbacks suppressed
[ 1221.087633][T22482] netlink: 'syz.2.5255': attribute type 10 has an invalid length.
[ 1221.108132][T22482] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5255'.
[ 1221.212773][T22488] netlink: 'syz.3.5263': attribute type 1 has an invalid length.
[ 1221.267671][T22488] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1221.271304][T22485] netlink: 'syz.0.5254': attribute type 3 has an invalid length.
[ 1221.285571][T22485] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.5254'.
[ 1221.952784][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1222.008145][T22507] FAULT_INJECTION: forcing a failure.
[ 1222.008145][T22507] name failslab, interval 1, probability 0, space 0, times 0
[ 1222.032532][T22507] CPU: 0 PID: 22507 Comm: syz.1.5265 Not tainted syzkaller #0
[ 1222.040311][T22507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1222.050372][T22507] Call Trace:
[ 1222.053650][T22507]  <TASK>
[ 1222.056582][T22507]  dump_stack_lvl+0x18c/0x250
[ 1222.061264][T22507]  ? show_regs_print_info+0x20/0x20
[ 1222.066457][T22507]  ? load_image+0x420/0x420
[ 1222.070957][T22507]  ? __might_sleep+0xe0/0xe0
[ 1222.075543][T22507]  ? __lock_acquire+0x7d40/0x7d40
[ 1222.080569][T22507]  should_fail_ex+0x39d/0x4d0
[ 1222.085245][T22507]  should_failslab+0x9/0x20
[ 1222.089743][T22507]  slab_pre_alloc_hook+0x59/0x310
[ 1222.094773][T22507]  ? __lock_acquire+0x7d40/0x7d40
[ 1222.099788][T22507]  ? kvmalloc_node+0x70/0x180
[ 1222.104462][T22507]  ? kvmalloc_node+0x70/0x180
[ 1222.109134][T22507]  __kmem_cache_alloc_node+0x53/0x250
[ 1222.114598][T22507]  ? __schedule_delayed_monitor_work+0x200/0x200
[ 1222.120933][T22507]  ? kvmalloc_node+0x70/0x180
[ 1222.125603][T22507]  __kmalloc_node+0xa4/0x230
[ 1222.130195][T22507]  kvmalloc_node+0x70/0x180
[ 1222.134695][T22507]  bpf_test_run_xdp_live+0x1c2/0x1b20
[ 1222.140067][T22507]  ? 0xffffffffa0004740
[ 1222.144212][T22507]  ? 0xffffffffa0004740
[ 1222.148360][T22507]  ? bpf_dispatcher_change_prog+0xcbf/0xf10
[ 1222.154264][T22507]  ? 0xffffffffa0004740
[ 1222.158587][T22507]  ? xdp_convert_md_to_buff+0x330/0x330
[ 1222.164153][T22507]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[ 1222.170392][T22507]  ? _copy_from_user+0xa5/0xe0
[ 1222.175157][T22507]  ? bpf_test_init+0x119/0x140
[ 1222.179915][T22507]  ? xdp_convert_md_to_buff+0x5b/0x330
[ 1222.185371][T22507]  bpf_prog_test_run_xdp+0x7ca/0x10e0
[ 1222.190752][T22507]  ? dev_put+0x80/0x80
[ 1222.194824][T22507]  ? dev_put+0x80/0x80
[ 1222.198885][T22507]  bpf_prog_test_run+0x321/0x390
[ 1222.203818][T22507]  __sys_bpf+0x49d/0x890
[ 1222.208054][T22507]  ? bpf_link_show_fdinfo+0x390/0x390
[ 1222.213431][T22507]  ? lock_chain_count+0x20/0x20
[ 1222.218271][T22507]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1222.224251][T22507]  __x64_sys_bpf+0x7c/0x90
[ 1222.228662][T22507]  do_syscall_64+0x55/0xb0
[ 1222.233071][T22507]  ? clear_bhb_loop+0x40/0x90
[ 1222.237735][T22507]  ? clear_bhb_loop+0x40/0x90
[ 1222.242412][T22507]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1222.248299][T22507] RIP: 0033:0x7fc06ad9ce59
[ 1222.252711][T22507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1222.272325][T22507] RSP: 002b:00007fc06bbd7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1222.280735][T22507] RAX: ffffffffffffffda RBX: 00007fc06b015fa0 RCX: 00007fc06ad9ce59
[ 1222.288714][T22507] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[ 1222.296687][T22507] RBP: 00007fc06bbd7090 R08: 0000000000000000 R09: 0000000000000000
[ 1222.304665][T22507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1222.312651][T22507] R13: 00007fc06b016038 R14: 00007fc06b015fa0 R15: 00007ffe48092178
[ 1222.320636][T22507]  </TASK>
[ 1222.407874][T22511] netlink: 'syz.0.5266': attribute type 10 has an invalid length.
[ 1222.428281][T22511] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5266'.
[ 1222.789768][T22536] netlink: 'syz.2.5275': attribute type 1 has an invalid length.
[ 1222.863588][T22536] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1223.204981][T22549] netlink: 'syz.1.5281': attribute type 10 has an invalid length.
[ 1223.217142][T22549] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5281'.
[ 1223.381155][T22551] syzkaller0: entered promiscuous mode
[ 1223.394324][T22551] syzkaller0: entered allmulticast mode
[ 1223.531186][T20233] wlan1: Creating new IBSS network, BSSID 2a:dd:ed:ec:d6:f7
[ 1223.935854][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1224.976524][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1225.574329][T22570] netlink: 'syz.0.5290': attribute type 10 has an invalid length.
[ 1225.582212][T22570] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5290'.
[ 1225.944436][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1226.476862][T22585] netlink: 'syz.0.5293': attribute type 1 has an invalid length.
[ 1226.553487][T22585] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1226.601834][T22590] 
@ÿ: renamed from bond_slave_0 (while UP)
[ 1226.719230][T22592] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.5298'.
[ 1226.974564][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1228.539062][T22600] netlink: 'syz.0.5301': attribute type 10 has an invalid length.
[ 1228.600394][T22600] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5301'.
[ 1228.814664][T22609] netlink: 'syz.1.5304': attribute type 1 has an invalid length.
[ 1228.826009][T22609] netlink: 154788 bytes leftover after parsing attributes in process `syz.1.5304'.
[ 1228.854741][T22609] netlink: 'syz.1.5304': attribute type 10 has an invalid length.
[ 1228.875584][T22609] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5304'.
[ 1228.892907][   T11] wlan1: Trigger new scan to find an IBSS to join
[ 1228.916616][T22609] caif0: entered promiscuous mode
[ 1228.924519][T22609] caif0: entered allmulticast mode
[ 1228.950450][T22609] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1229.933014][ T7772] wlan1: Trigger new scan to find an IBSS to join
[ 1229.942849][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1230.358601][ T2943] wlan1: Creating new IBSS network, BSSID 5a:4c:40:e3:65:0a
[ 1230.489945][T22627] netlink: 'syz.1.5309': attribute type 1 has an invalid length.
[ 1230.830792][T22628] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1230.857674][T22629] netlink: 'syz.0.5310': attribute type 9 has an invalid length.
[ 1230.886347][ T2943] wlan1: Creating new IBSS network, BSSID de:27:46:ce:1c:a9
[ 1231.006852][T22635] netlink: 763 bytes leftover after parsing attributes in process `syz.2.5312'.
[ 1231.021337][T22640] netlink: 'syz.3.5313': attribute type 10 has an invalid length.
[ 1231.061335][T22640] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5313'.
[ 1231.289139][T22644] syzkaller0: entered promiscuous mode
[ 1231.296040][T22644] syzkaller0: entered allmulticast mode
[ 1232.975155][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1232.981781][   T79] wlan1: Trigger new scan to find an IBSS to join
[ 1233.301241][T22667] netlink: 'syz.2.5321': attribute type 1 has an invalid length.
[ 1233.387625][T22667] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1233.410352][T22669] netlink: 'syz.1.5324': attribute type 1 has an invalid length.
[ 1233.440648][T22667] netlink: 16098 bytes leftover after parsing attributes in process `syz.2.5321'.
[ 1233.542403][T22672] syzkaller0: entered promiscuous mode
[ 1233.568367][T22672] syzkaller0: entered allmulticast mode
[ 1233.710848][T22669] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1234.207854][   T11] wlan1: Creating new IBSS network, BSSID 7a:99:33:19:65:54
[ 1234.460104][T22682] netlink: 'syz.1.5327': attribute type 21 has an invalid length.
[ 1234.478607][T22683] netlink: 'syz.1.5327': attribute type 21 has an invalid length.
[ 1235.935975][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1236.456703][T22700] syzkaller0: entered promiscuous mode
[ 1236.468901][T22700] syzkaller0: entered allmulticast mode
[ 1236.972866][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1238.819076][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.828365][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1241.942950][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1241.949493][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1242.147527][T22718] netlink: 'syz.3.5337': attribute type 1 has an invalid length.
[ 1242.163294][T22720] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1242.416619][T22737] netlink: 'syz.0.5343': attribute type 3 has an invalid length.
[ 1242.442810][T22737] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.5343'.
[ 1242.491213][T22734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1242.695051][T22749] netlink: 'syz.2.5347': attribute type 1 has an invalid length.
[ 1242.984294][T22752] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1243.003243][   T11] wlan1: Creating new IBSS network, BSSID 26:a4:39:c0:91:5f
[ 1243.004724][T22747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1243.083044][T22753] netlink: 'syz.2.5347': attribute type 3 has an invalid length.
[ 1243.090975][T22753] netlink: 16066 bytes leftover after parsing attributes in process `syz.2.5347'.
[ 1243.235669][T22758] syzkaller0: entered promiscuous mode
[ 1243.241340][T22758] syzkaller0: entered allmulticast mode
[ 1243.828807][T22773] netlink: 'syz.2.5357': attribute type 3 has an invalid length.
[ 1243.840889][T22773] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.5357'.
[ 1244.638365][T22770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1244.972924][   T11] wlan1: Trigger new scan to find an IBSS to join
[ 1245.934055][ T7772] wlan1: Trigger new scan to find an IBSS to join
[ 1246.474426][T22782] netlink: 'syz.3.5360': attribute type 3 has an invalid length.
[ 1246.502965][T22782] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.5360'.
[ 1246.766594][T22791] netlink: 'syz.0.5364': attribute type 10 has an invalid length.
[ 1246.783567][T22791] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5364'.
[ 1246.925997][T22780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1247.060999][T22800] netlink: 'syz.1.5367': attribute type 1 has an invalid length.
[ 1247.208848][T22800] mac80211_hwsim hwsim53 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1247.265058][T22805] syzkaller0: entered promiscuous mode
[ 1247.273749][T22805] syzkaller0: entered allmulticast mode
[ 1247.281135][T22800] netlink: 'syz.1.5367': attribute type 3 has an invalid length.
[ 1247.289754][T22800] netlink: 16066 bytes leftover after parsing attributes in process `syz.1.5367'.
[ 1247.934344][T20232] wlan1: Trigger new scan to find an IBSS to join
[ 1248.975342][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1249.220667][T22819] netlink: 'syz.0.5374': attribute type 10 has an invalid length.
[ 1249.230900][T22819] netlink: 55 bytes leftover after parsing attributes in process `syz.0.5374'.
[ 1249.315723][T22823] netlink: 'syz.2.5377': attribute type 3 has an invalid length.
[ 1249.330160][T22823] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.5377'.
[ 1249.527364][T22831] syzkaller0: entered promiscuous mode
[ 1249.540402][T22831] syzkaller0: entered allmulticast mode
[ 1249.549125][T22838] netlink: 'syz.3.5380': attribute type 1 has an invalid length.
[ 1249.661240][T22838] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1249.937868][T20233] wlan1: Trigger new scan to find an IBSS to join
[ 1251.288193][T22838] netlink: 'syz.3.5380': attribute type 3 has an invalid length.
[ 1251.296158][T22838] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.5380'.
[ 1251.489328][T22853] netlink: 'syz.2.5387': attribute type 10 has an invalid length.
[ 1251.505064][T22853] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5387'.
[ 1251.753629][T22861] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5392'.
[ 1251.808008][T22863] netlink: 'syz.1.5391': attribute type 3 has an invalid length.
[ 1251.820339][T22863] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.5391'.
[ 1251.865331][T22868] netlink: 'syz.2.5393': attribute type 1 has an invalid length.
[ 1251.919366][T22867] syzkaller0: entered promiscuous mode
[ 1251.926054][T22867] syzkaller0: entered allmulticast mode
[ 1251.934846][ T7772] wlan1: Creating new IBSS network, BSSID e2:16:76:39:7b:c9
[ 1251.943504][   T59] wlan1: Trigger new scan to find an IBSS to join
[ 1251.958089][T22868] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 1251.968455][ T7772] ------------[ cut here ]------------
[ 1251.974380][ T7772] WARNING: CPU: 1 PID: 7772 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440
[ 1251.984454][ T7772] Modules linked in:
[ 1251.988377][ T7772] CPU: 1 PID: 7772 Comm: kworker/u4:11 Not tainted syzkaller #0
[ 1251.996090][ T7772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1252.006207][ T7772] Workqueue: cfg80211 cfg80211_event_work
[ 1252.011982][ T7772] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[ 1252.018389][ T7772] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a7 c1 9e f7 0f 0b eb bb e8 9e c1 9e f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 90 c1 9e f7 0f 0b e9 e0 fd ff ff e8
[ 1252.038203][ T7772] RSP: 0018:ffffc9000bd7fa20 EFLAGS: 00010293
[ 1252.044553][ T7772] RAX: ffffffff89e869f2 RBX: dffffc0000000000 RCX: ffff88802dfe0000
[ 1252.053086][ T7772] RDX: 0000000000000000 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9c20
[ 1252.061163][ T7772] RBP: ffffc9000bd7faf8 R08: ffffffff911cd56f R09: 1ffffffff2239aad
[ 1252.069265][ T7772] R10: dffffc0000000000 R11: fffffbfff2239aae R12: ffff888025d08d10
[ 1252.077311][ T7772] R13: 1ffff920017aff4c R14: ffff8880598b3618 R15: 000000000000001f
[ 1252.085385][ T7772] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1252.095085][ T7772] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1252.101714][ T7772] CR2: 0000001b2d713ff8 CR3: 0000000059f24000 CR4: 00000000003506e0
[ 1252.109906][ T7772] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000200000000300
[ 1252.117995][ T7772] DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 1252.126033][ T7772] Call Trace:
[ 1252.129339][ T7772]  <TASK>
[ 1252.132298][ T7772]  ? mutex_lock_nested+0x20/0x20
[ 1252.137340][ T7772]  ? trace_rdev_return_void+0x1c0/0x1c0
[ 1252.143034][ T7772]  cfg80211_process_wdev_events+0x3bc/0x550
[ 1252.148980][ T7772]  cfg80211_process_rdev_events+0xa1/0x110
[ 1252.155373][ T7772]  cfg80211_event_work+0x2f/0x40
[ 1252.160361][ T7772]  ? process_scheduled_works+0x96f/0x15d0
[ 1252.166283][ T7772]  process_scheduled_works+0xa5d/0x15d0
[ 1252.171907][ T7772]  ? worker_attach_to_pool+0x380/0x380
[ 1252.177837][ T7772]  ? assign_work+0x3d2/0x5d0
[ 1252.182456][ T7772]  worker_thread+0xa55/0xfc0
[ 1252.187459][ T7772]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1252.193495][ T7772]  ? _raw_spin_unlock+0x40/0x40
[ 1252.198389][ T7772]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1252.204390][ T7772]  kthread+0x2fa/0x390
[ 1252.208493][ T7772]  ? pr_cont_work+0x560/0x560
[ 1252.213278][ T7772]  ? kthread_blkcg+0xd0/0xd0
[ 1252.217904][ T7772]  ret_from_fork+0x48/0x80
[ 1252.222352][ T7772]  ? kthread_blkcg+0xd0/0xd0
[ 1252.226992][ T7772]  ret_from_fork_asm+0x11/0x20
[ 1252.231834][ T7772]  </TASK>
[ 1252.234912][ T7772] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1252.242193][ T7772] CPU: 1 PID: 7772 Comm: kworker/u4:11 Not tainted syzkaller #0
[ 1252.249812][ T7772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1252.259977][ T7772] Workqueue: cfg80211 cfg80211_event_work
[ 1252.265719][ T7772] Call Trace:
[ 1252.269008][ T7772]  <TASK>
[ 1252.271937][ T7772]  dump_stack_lvl+0x18c/0x250
[ 1252.276639][ T7772]  ? show_regs_print_info+0x20/0x20
[ 1252.281849][ T7772]  ? load_image+0x420/0x420
[ 1252.286350][ T7772]  panic+0x2dc/0x730
[ 1252.290244][ T7772]  ? bpf_jit_dump+0xd0/0xd0
[ 1252.294765][ T7772]  ? ret_from_fork_asm+0x11/0x20
[ 1252.299738][ T7772]  __warn+0x2e0/0x470
[ 1252.303749][ T7772]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 1252.309307][ T7772]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 1252.314857][ T7772]  report_bug+0x2be/0x4f0
[ 1252.319207][ T7772]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 1252.324771][ T7772]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 1252.330319][ T7772]  ? __cfg80211_ibss_joined+0x3d4/0x440
[ 1252.335875][ T7772]  handle_bug+0xcf/0x120
[ 1252.340124][ T7772]  exc_invalid_op+0x1a/0x50
[ 1252.344629][ T7772]  asm_exc_invalid_op+0x1a/0x20
[ 1252.349487][ T7772] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440
[ 1252.356127][ T7772] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a7 c1 9e f7 0f 0b eb bb e8 9e c1 9e f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 90 c1 9e f7 0f 0b e9 e0 fd ff ff e8
[ 1252.376737][ T7772] RSP: 0018:ffffc9000bd7fa20 EFLAGS: 00010293
[ 1252.383862][ T7772] RAX: ffffffff89e869f2 RBX: dffffc0000000000 RCX: ffff88802dfe0000
[ 1252.392652][ T7772] RDX: 0000000000000000 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9c20
[ 1252.400636][ T7772] RBP: ffffc9000bd7faf8 R08: ffffffff911cd56f R09: 1ffffffff2239aad
[ 1252.409453][ T7772] R10: dffffc0000000000 R11: fffffbfff2239aae R12: ffff888025d08d10
[ 1252.417518][ T7772] R13: 1ffff920017aff4c R14: ffff8880598b3618 R15: 000000000000001f
[ 1252.425590][ T7772]  ? __cfg80211_ibss_joined+0x3d2/0x440
[ 1252.431148][ T7772]  ? mutex_lock_nested+0x20/0x20
[ 1252.436086][ T7772]  ? trace_rdev_return_void+0x1c0/0x1c0
[ 1252.441633][ T7772]  cfg80211_process_wdev_events+0x3bc/0x550
[ 1252.447530][ T7772]  cfg80211_process_rdev_events+0xa1/0x110
[ 1252.453333][ T7772]  cfg80211_event_work+0x2f/0x40
[ 1252.458263][ T7772]  ? process_scheduled_works+0x96f/0x15d0
[ 1252.463980][ T7772]  process_scheduled_works+0xa5d/0x15d0
[ 1252.469548][ T7772]  ? worker_attach_to_pool+0x380/0x380
[ 1252.475004][ T7772]  ? assign_work+0x3d2/0x5d0
[ 1252.479594][ T7772]  worker_thread+0xa55/0xfc0
[ 1252.484176][ T7772]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1252.490096][ T7772]  ? _raw_spin_unlock+0x40/0x40
[ 1252.494960][ T7772]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1252.500872][ T7772]  kthread+0x2fa/0x390
[ 1252.504944][ T7772]  ? pr_cont_work+0x560/0x560
[ 1252.509626][ T7772]  ? kthread_blkcg+0xd0/0xd0
[ 1252.514216][ T7772]  ret_from_fork+0x48/0x80
[ 1252.518628][ T7772]  ? kthread_blkcg+0xd0/0xd0
[ 1252.523215][ T7772]  ret_from_fork_asm+0x11/0x20
[ 1252.527993][ T7772]  </TASK>
[ 1252.531261][ T7772] Kernel Offset: disabled
[ 1252.535642][ T7772] Rebooting in 86400 seconds..