last executing test programs:

10.980797716s ago: executing program 4 (id=2856):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x101, 0x4, 0x6}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r2, &(0x7f0000000180)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0xe0ffffff}, 0x80, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000680)="33cfef3b77d6d7faf78ec443df148c99228cf67f21fc23441e8f57f45d8e209c5fb151af58d9e983b0a1c93c016c3ce3a39f9be4afe92874e1ef0ee7fa78e9429adc1d830bf2660baa09059a703273efb22cdcaf9006e2c9ac1c93895ad1de3499af41a1c1b389e9b764d1a94139cfde65b1d0c8d4b32b5fe154f1074d985c73d231c56c9a1e1c974a9eb2faa9a9ad7265021c67ae1e69de84e20126f5ffd32f5617a95687abf3cfac9d2bfa349147fab6781ff4821acb489a3815a446508439da2663728d6d9558a3510d9fc371c44616d52c63", 0xd4}], 0x2}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0xb, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6402, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
gettid()
r4 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0204000902000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x23, &(0x7f0000000000), 0x4)
recvmsg(r4, &(0x7f0000000380)={0x0, 0xee51828d43e8364b, 0x0, 0x0, 0x0, 0xffffffffffffff25}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000280)=@raw=[@kfunc, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x10000}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000002ec0)={&(0x7f0000000580)=@phonet={0x23, 0x9, 0xf7, 0x3f}, 0xd1, 0x0}, 0x20000044)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb5}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="bdb7817ee709b7dbff93085ad43115444f3c9a500210dd693d0bf9ce3d1b36ccd1376f2ecdc6716250df26d9d1757d", 0x2f}, {&(0x7f0000000080)="6bdbf81179413730cbc512b4fc65eff326e878b529350a36a78080dd68f8dfdd4ffc34433de76aa8cc014fb8e4806ac2dd6ac4ea8e493bb0e25e959cfa1593aa0f9ccdf7badbab1c9055d5a36f7219aa72badae4b2070048522df83e65113e2be25cb632e6e93e9977417795985c4711ca8d8d60f6343552b83b1c3049692c418407a95ad0ed0205d22b7910", 0x8c}, {&(0x7f0000000140)="129dfeb22a4a991370e5e0e8d9299eb47db32d378e5717674aa7cb9d0ecac62f764b9d62c128d3cf3f7b7d4d521fbbcc2a5dc2b9e9802b3eb6f0445b9e382ab4a397a16bf319253f81340f9438161728b0bf54f98169b255fe6a7eaa649058d487835288591416898022fbc42e75bcf21d5ad5d40856862c95f4fd6e6f62c14c2bffe353c23881f4dfd1a876f4a39ee710a5b9a1043dbaf336c638f62e7fe750c6122e832de2384b22865bfb14955fc7cf80dbf61c75f1ac5685a22bb5151e88f4b48cb2b8fc617b35a4c3228f9326a45f2183ec6e3c1adcb85a49fb7aad8f465c6f0dd0b858c9", 0xe7}], 0x3}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200000000000000}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90224fc602f0000000a0c0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

10.761140479s ago: executing program 4 (id=2861):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40000002)
socketpair(0x2, 0x1, 0x4000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r0)
socket$kcm(0xa, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000140)={'wlan1\x00', @random="000000000100"})

10.546650162s ago: executing program 4 (id=2865):
r0 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1f, &(0x7f0000000ac0), 0x90)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_queued\x00', 0x26e1, 0x0)
ioctl$TUNSETNOCSUM(r1, 0xc0189436, 0x8000001ffffffd)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="6eec872e356e0afbfc6b", @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9c}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)
close(r6)

10.142736439s ago: executing program 4 (id=2870):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x5, 0x41, 0x8, 0x1}, 0x50)
socketpair(0x5, 0x6, 0x8, &(0x7f0000000000))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f00000002c0), &(0x7f0000000380)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000000c0)=0x2, &(0x7f0000000300), 0x2}, 0x20)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0x1}, 0x88, 0x0, 0x200000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x2})
r2 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r2, 0x1, 0x15, &(0x7f00000001c0), 0x4)
write$cgroup_devices(r0, &(0x7f0000002d80)=ANY=[], 0xffdd)

9.658896906s ago: executing program 4 (id=2874):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7020000c3000000bf230000000000002703000000fefeff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400011000000404000001007d60b7030000000000006a0a00fe80000000850000002600000020000000000000009500001000000000acaa8e53a53cb864c300094c07000000000000d94cf0987b00a749a8e53b5c9491cd1f2b94a64f1de23d03a8f0362ebfc44c77511e60070e25510070f7778d3e77ad85319f0113abbac795f8c24abca246150226eb93fe39233add8f68f87699162334343befce832cb8075c5f0ae30cde221371ff00000067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f04485a9f8c8e49d00000097184c8e9d34b1e382b25e9614634e8e09194f7b83138f5275d9ab463797a2f6dcb45d5f278cd4fb74559575da3560c01cdf1eaa3fc7a3fb4f1689dfd5b626174770e4dfd1c82a694efc62f9ef9c8c0ea1efa5b949ce22827f6fd1dfc69d03482d8ec264e3d96ad19a0c99a234b4b71b0bc22573f8594b91781cd8ff7f000000000000299ebf94588e60abe9a565c5bbdc0358226f8580dc1a83c6a44408de23475a74ef0deda8da4089269ccb4e728dee6320444576c87cc576291e5367a5f1a5d5a12f8313ffff0b7f73335279aa2b68c9f045831119881764c71bb65b5138c50e06024e80fd9656bc077e4e259695748989335ba9eeef288de73815f20fefd4acfb6813ffff00000b971aec1a3e618a08a94ecbd401c8109c87ee3f5c0501857538d2a766bfcf4128fbe726903aca577aa8943af747760718dee5a21396dce6f61c6f3c7e000000cb0868b48719e47296f2299df3ecfb5f3f0e42f6f1eb1dc64dcc8e397366d12033f6288edbda3b838100000000000000000000800000edd4e1266dc9d73223fe614f025a7f284de76b3b676a13c57a0ed24f6270c4cbbf93472eb8093d8296c68dfbb03ddedc3e029b08959b145a7b110068ba071e75d75716243052ad24b624fddc2f0f3a018c0085c2319c248d643cd09fa855b20a6d453f2e954ff0e55c010000008547c5a0ecefcc44cc9532f729167f215937357a4bb9746193c1ec000000000000dd43c108c2109d221b7b26b7c9c209000005b7918a6cd856b8fa806c85480443159c6bed51a0e021f05f7caa1b99cdb4d08d9031210ac00e67d8c40a18503cb7aabcc066dfbfd7f87abe1122f00e5454bec3563a19582e0000000000000000000000000084b27fc6a3f95bf02b4eb5f1599dd46edcad432cc216316fe07afe27649c89cf022a90d895a2d70fcde7a9c37ede0c47c27f44595ab4b1fb1ed5b1d91314b2d50f94a768fb605679485041a6376b8344a39af68aed2be39794dd86ae82f9660cf4f935255d71f9fab2e430ac42bba1f54141cf39d4d50c4ded504beacb0de210d7a3716dca7362c134b91cef3efc514fbcb4747e6814ac16449ac02a43d9d4151697b4b7890ec6b481c5f0ca8c52a6322f34a796fa5941d23409ecf73458223baaffb94a89ee2884df000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x36}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x2e, &(0x7f0000000c40)=ANY=[@ANYBLOB="18000000001000000000000000feffff18110000", @ANYRES8, @ANYBLOB="0000000000000000b702000014000000b703"], 0x0}, 0x90)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f92e24fc60100c02", 0x17}], 0x1}, 0x0)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe0000180091c8b14a0778a8123d181d"], 0xfe33)

9.512069789s ago: executing program 4 (id=2878):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='dlm_send\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000280)='cgroup.freeze\x00')
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.freeze\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000020000000000000000000002000000000000000000000001"], 0x0, 0x32}, 0x28)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000600)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x16, &(0x7f0000000800)=ANY=[@ANYRES16=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r1, 0x20, &(0x7f0000000340)={&(0x7f00000002c0)=""/53, 0x35, <r2=>0x0, &(0x7f0000000300)=""/6, 0x6}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000a000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_clone(0x4000, &(0x7f00000003c0)="ca0cc01642f69a319cc058", 0xb, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480)="92109b84925548ce49d119402599a1a91883963c4b78376ff74dd62107486543e5a9707c59d9ea0914266043112d296bc1a9385b69cfd404fda4b7d53cc3563b1da491470bf442c0696c2c18782a9a046b67bb522819e49e390daab78af04922f0ee7d4737975b847d7ec26834c06bc00f0299e06e90442052fe820408472742276b56260f180ec84d1c8e737a0013e4dc8daa614308f6d686d7780b3d0d9bf20c41c6da09d192b8423a380dfa079f68dff01553296b52e93d4b0ec046962f9b96f8bbcc960cc1efb2638c51df0b6263b4f3a72d9e1427f9212b3704cc12b3e0cb70489f05c87a0c2a97b54bae1b4274c81900f7595e25094bce0d446d79df")
r4 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x890b, &(0x7f0000000100))
recvmsg$kcm(r4, &(0x7f0000000fc0)={&(0x7f00000001c0)=@un=@abs, 0x80, &(0x7f0000000f40)=[{&(0x7f0000000840)=""/197, 0xc5}, {&(0x7f0000000940)=""/193, 0xc1}, {&(0x7f0000000740)=""/179, 0xb3}, {&(0x7f0000000a40)=""/223, 0xdf}, {&(0x7f0000000b40)=""/252, 0xfc}, {&(0x7f0000000c40)=""/219, 0xdb}, {&(0x7f0000000d40)=""/239, 0xef}, {&(0x7f0000000e40)=""/252, 0xfc}], 0x8}, 0x20)
r5 = socket$kcm(0x10, 0x2, 0x4)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r6)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96')
recvmsg(r7, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$unix(r8, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="f085", 0x2}], 0x1}, 0x200c8061)
close(r5)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc008002c0007000200060019c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={r3, r1, 0x0, 0x9, &(0x7f0000000580)='dlm_send\x00'}, 0x30)

6.649148244s ago: executing program 0 (id=2916):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2000000}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

5.549823722s ago: executing program 0 (id=2913):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x480, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x7, 0x4, 0x900, 0x5, 0x28}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711215000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa65, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r6}, &(0x7f0000000300), &(0x7f0000000340)=r7}, 0x20)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x2)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r3, r2}, 0xc)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
ioctl$TUNSETQUEUE(r8, 0x400454d9, &(0x7f0000000a80)={'pimreg\x00', 0x100})
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000440)={0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x1d0}, 0x20000001)
r10 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r10, &(0x7f0000000200)=0x1, 0x12)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x280800, 0x0)
ioctl$TUNSETOFFLOAD(r10, 0xc004743e, 0x110c230005)
ioctl$TUNSETOFFLOAD(r0, 0x40047440, 0x17)

5.075934099s ago: executing program 0 (id=2919):
socket$kcm(0x10, 0x2, 0x4) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x1e, &(0x7f00000011c0)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018440000040000000000000000000000b7080000000000007b8af8ff00000000b70800000080ffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000ff0000002530f8ff040000008520000002000000"], &(0x7f0000000140)='syzkaller\x00', 0xffff, 0x74, &(0x7f0000000180)=""/116, 0xc9c4ed9d17207862, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x0, 0x4, 0x4, 0x5}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94) (async)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) (async)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x1, 0x0, 0x0, 0x0, 0x180, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000b00)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000850000002400000095000000000000001a678ffd9879119818d87fb66f64c88225891dc5c628fb530e60240e770cc5f6e2baee71e13c9d395ff2aa247a798be93f9ce831fff70d7a7494900f612b229a79ca24b0c4136335c68ec43b87cb3a76648150dfe610300bea46c25ea19375282a0df1c3cf9090f7bde8de6b747d70a3ad48fa4280a4fc"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x18000000000002a0, 0x14, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$kcm(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x24004094) (async)
setsockopt$sock_attach_bpf(r5, 0x6, 0x21, &(0x7f0000000200), 0x10) (async)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@fallback=<r7=>r6, 0x14, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff}) (async)
r9 = openat$cgroup_ro(r3, &(0x7f00000003c0)='blkio.bfq.idle_time\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a80)={r7, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0), &(0x7f0000000800)=[0x0], 0x0, 0xbc, &(0x7f0000000840)=[{}, {}], 0x10, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0xb3, 0x8, 0x8, &(0x7f0000000900)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ec0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYRES8=r0, @ANYRES32=r9, @ANYBLOB="0000000006000000b703000000000000850000000c000000b7ecff000008000000000000000000000018000000fdffffff0000000001000100000000000000002d7d96a0e3ab41b4e8131668c7e076269f78f28c283570c68f945bd0edd9e36e0ef8997d725ecfdf18402bc67fc35704ac528e8d856b283cf7d3542f28dc03af01ac66859fbcc39b0ebe4da396c5668a7f005730ec1ece55c33393874b9b161ee5ebed614276c203af376bca7795a94956e5b5027adecbf2f311181484cc14b3ce3e4099ace31575a280e46e7c85c727d15da7748869e77155cf0f8d6ae985cdd77a3dfff0034390e36ccf982559fd938e7818e2f503c81d17d0ed48d20729c78551f910b337187d133d8c95ab8983715f9060972d"], &(0x7f0000000340)='GPL\x00', 0x9, 0xf8, &(0x7f00000006c0)=""/248, 0x41000, 0xc04c65bacfed1104, '\x00', r10, 0x0, r7, 0x8, &(0x7f0000000ac0)={0x5, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, &(0x7f0000000bc0)=[{0x5, 0x81, 0x5, 0xa}, {0x4, 0x85, 0x6, 0x3}, {0x2, 0x4, 0xc, 0x6}, {0x1, 0x3, 0x2, 0x6}, {0x3, 0x4, 0x8, 0xb}, {0x1003, 0x4, 0x4009, 0x3}, {0x5, 0x1, 0x4, 0xc}, {0x3, 0x5, 0xffffffff, 0x1}, {0x0, 0x1, 0xf, 0x4}, {0x1, 0x3, 0xa, 0x5}, {0x1, 0x5, 0xc, 0x4}, {0x1, 0x2, 0xa, 0x2}], 0x10, 0x1, @value=r7}, 0x94) (async)
sendmsg$unix(r8, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r8], 0x18}, 0x0) (async)
r11 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r11, &(0x7f0000000380)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3400c0c1) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
close(r12) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x17, 0x12, &(0x7f0000001080)=ANY=[@ANYBLOB="250000001000008000000040010000c501112000102eda2b77f3d13582674f37212a3296e66f579d2774e526e0df7a27a59dae5fc9012dd011d64a457dd936cab7fb52f806af437ea0df8e584f9a00ef2629d8184a2056fa5cbcbc05cb2c43669d18a6101d419a65db0ed74bfc8b3ae7e35bba5d991596e2daba78039bbbbc30207195fb05108bb75e5ad7092bd27b74e5fb0156c79fd6762d3a854628b42f89c6e3e0ea52", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008510000000000000186100000f00000000000000c7660000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd73) (async)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e80)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb0165157a57b7f3f48dc0de2051ec25c815cf7808c89450341c20e93a3c612200000000010000000022002a06100000000005000e0100000034330c000004000000020200"], &(0x7f0000000dc0)=""/144, 0x54, 0x90, 0x1, 0x5, 0x10000, @value=r9}, 0x28) (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000440)='\x00')

4.97945354s ago: executing program 0 (id=2922):
r0 = perf_event_open$cgroup(&(0x7f0000000140)={0x1, 0x80, 0x1, 0xa9, 0xd9, 0x0, 0x0, 0x74, 0x40080, 0xf, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x1, @perf_config_ext={0x9, 0xd}, 0x4400, 0x8a9, 0x61b, 0x1, 0x80000000, 0x70000000, 0x8000, 0x0, 0x9e1, 0x0, 0xe41}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d33, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xac, 0x39}, 0x4010, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x3, r0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xf6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x3}, 0x6000, 0x0, 0x4, 0x6, 0x0, 0x2000000a, 0xfffc, 0x0, 0x5}, 0x0, 0x1, 0xffffffffffffffff, 0xd)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x23, &(0x7f0000000040), 0xcf)
sendmsg$kcm(r1, &(0x7f0000001240)={&(0x7f0000000940)=@generic={0xa, "8ab77fa26849ff263ef30c98b353011a5990650042e2dacdc165ececece6be1862e2adacd2737d00ad6f9fa9f3d7145e15dd9fb1a7adc211220963ad5def53b911ba5b9da13641f982757012a7496de0b3a36f5849f260c603dbc317f54b901ee80ea6132ca6e88c776553e1833052ca376304313c5637786a36a4b83857"}, 0x80, 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random="0200"})

3.894762148s ago: executing program 0 (id=2926):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r0, 0x4)
sendmsg$unix(r2, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

3.712611231s ago: executing program 0 (id=2930):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x56d2ad01}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x5452, &(0x7f0000000100))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200002104"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmsg(r3, &(0x7f00000004c0)={&(0x7f0000000180)=@qipcrtr, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/106, 0x6a}, {&(0x7f0000000380)=""/246, 0xf6}], 0x2, &(0x7f0000000480)=""/50, 0x32}, 0x40000000)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x7, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r4}, 0x38)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3000c0c0)

3.487928304s ago: executing program 1 (id=2932):
socket$kcm(0x10, 0x2, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001680)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0xffffffffffffffbc, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r1=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb791f6f9875f37538e486dd6317ce8102032900fc08000e40000200875a65969ff57b00ff0200000000000000000001ffaaaaaa"], 0xfdef) (async, rerun: 32)
r2 = socket$kcm(0x10, 0x2, 0x0) (rerun: 32)
socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e0000004e0081880400e3bd6efb440009030e000a0010000000ba8000001201199cfb2472e0bcbae16854fd46a7", 0x2e}], 0x1}, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYRES32], 0xfe33)

3.391856416s ago: executing program 2 (id=2933):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5d31, 0x2008, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1100000004000000040000000800000000000000", @ANYRES32, @ANYBLOB="000000b659cb70830117aef6bb00000073830000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000003c0)={r2, &(0x7f0000000440)="aa"}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r4, &(0x7f0000000480)={&(0x7f00000002c0)=@in6={0xa, 0x4e23, 0xfffffffc, @loopback={0x2001001000000000}, 0x4}, 0x80, 0x0}, 0x20008810)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd63fc80fc020c2f00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa3a2008"], 0xfdef)
write$cgroup_subtree(r5, &(0x7f0000000180)={[{0x2b, 'freezer'}, {0x2d, 'rdma'}, {0x2d, 'net_cls'}, {0x2d, 'rdma'}, {0x2b, 'cpuacct'}]}, 0x27)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0xcc06}, 0x800, 0xc8, 0x0, 0x0, 0x0, 0x8000000}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc0008"], 0xfdef)
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x10100)
bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0xfdef)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="d8000000180081054e81f783db4cb9040a1d080006007c03e8fc55a10a0015000600142603600e120800060000000401a80008002000000001000000035c0461c1d67f6f94007134cf6efb8000a007a290457f010400000000000000ceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bf9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0)
close(r9)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='bdi_dirty_ratelimit\x00', r10}, 0x10)
r12 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r12, r11, 0x0, 0x1, 0xfffffffffffffffe}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x27, 0xe, 0x0, &(0x7f0000000140)="f9ad48cc42cb29fc99d41a08320a", 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.855659225s ago: executing program 3 (id=2935):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x101, 0x4, 0x6}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r2, &(0x7f0000000180)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0xe0ffffff}, 0x80, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000680)="33cfef3b77d6d7faf78ec443df148c99228cf67f21fc23441e8f57f45d8e209c5fb151af58d9e983b0a1c93c016c3ce3a39f9be4afe92874e1ef0ee7fa78e9429adc1d830bf2660baa09059a703273efb22cdcaf9006e2c9ac1c93895ad1de3499af41a1c1b389e9b764d1a94139cfde65b1d0c8d4b32b5fe154f1074d985c73d231c56c9a1e1c974a9eb2faa9a9ad7265021c67ae1e69de84e20126f5ffd32f5617a95687abf3cfac9d2bfa349147fab6781ff4821acb489a3815a446508439da2663728d6d9558a3510d9fc371c44616d52c63", 0xd4}], 0x2}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0xb, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6402, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
gettid()
r4 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0204000902000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x23, &(0x7f0000000000), 0x4)
recvmsg(r4, &(0x7f0000000380)={0x0, 0xee51828d43e8364b, 0x0, 0x0, 0x0, 0xffffffffffffff25}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000280)=@raw=[@kfunc, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x10000}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000002ec0)={&(0x7f0000000580)=@phonet={0x23, 0x9, 0xf7, 0x3f}, 0xd1, 0x0}, 0x20000044)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb5}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="bdb7817ee709b7dbff93085ad43115444f3c9a500210dd693d0bf9ce3d1b36ccd1376f2ecdc6716250df26d9d1757d", 0x2f}, {&(0x7f0000000080)="6bdbf81179413730cbc512b4fc65eff326e878b529350a36a78080dd68f8dfdd4ffc34433de76aa8cc014fb8e4806ac2dd6ac4ea8e493bb0e25e959cfa1593aa0f9ccdf7badbab1c9055d5a36f7219aa72badae4b2070048522df83e65113e2be25cb632e6e93e9977417795985c4711ca8d8d60f6343552b83b1c3049692c418407a95ad0ed0205d22b7910", 0x8c}, {&(0x7f0000000140)="129dfeb22a4a991370e5e0e8d9299eb47db32d378e5717674aa7cb9d0ecac62f764b9d62c128d3cf3f7b7d4d521fbbcc2a5dc2b9e9802b3eb6f0445b9e382ab4a397a16bf319253f81340f9438161728b0bf54f98169b255fe6a7eaa649058d487835288591416898022fbc42e75bcf21d5ad5d40856862c95f4fd6e6f62c14c2bffe353c23881f4dfd1a876f4a39ee710a5b9a1043dbaf336c638f62e7fe750c6122e832de2384b22865bfb14955fc7cf80dbf61c75f1ac5685a22bb5151e88f4b48cb2b8fc617b35a4c3228f9326a45f2183ec6e3c1adcb85a49fb7aad8f465c6f0dd0b858c9", 0xe7}], 0x3}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200000000000000}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90224fc602f0000000a0c0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)

2.53846199s ago: executing program 3 (id=2936):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x56d2ad01}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x5452, &(0x7f0000000100))
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xff0f, 0x0}, 0x3000c0c0)

2.329110793s ago: executing program 3 (id=2937):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2000000}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.327670173s ago: executing program 1 (id=2946):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x101, 0x4, 0x6}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r2, &(0x7f0000000180)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0xe0ffffff}, 0x80, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000680)="33cfef3b77d6d7faf78ec443df148c99228cf67f21fc23441e8f57f45d8e209c5fb151af58d9e983b0a1c93c016c3ce3a39f9be4afe92874e1ef0ee7fa78e9429adc1d830bf2660baa09059a703273efb22cdcaf9006e2c9ac1c93895ad1de3499af41a1c1b389e9b764d1a94139cfde65b1d0c8d4b32b5fe154f1074d985c73d231c56c9a1e1c974a9eb2faa9a9ad7265021c67ae1e69de84e20126f5ffd32f5617a95687abf3cfac9d2bfa349147fab6781ff4821acb489a3815a446508439da2663728d6d9558a3510d9fc371c44616d52c63", 0xd4}], 0x2}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0xb, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6402, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
gettid()
r4 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0204000902000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x23, &(0x7f0000000000), 0x4)
recvmsg(r4, &(0x7f0000000380)={0x0, 0xee51828d43e8364b, 0x0, 0x0, 0x0, 0xffffffffffffff25}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000280)=@raw=[@kfunc, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x10000}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000002ec0)={&(0x7f0000000580)=@phonet={0x23, 0x9, 0xf7, 0x3f}, 0xd1, 0x0}, 0x20000044)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb5}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="bdb7817ee709b7dbff93085ad43115444f3c9a500210dd693d0bf9ce3d1b36ccd1376f2ecdc6716250df26d9d1757d", 0x2f}, {&(0x7f0000000080)="6bdbf81179413730cbc512b4fc65eff326e878b529350a36a78080dd68f8dfdd4ffc34433de76aa8cc014fb8e4806ac2dd6ac4ea8e493bb0e25e959cfa1593aa0f9ccdf7badbab1c9055d5a36f7219aa72badae4b2070048522df83e65113e2be25cb632e6e93e9977417795985c4711ca8d8d60f6343552b83b1c3049692c418407a95ad0ed0205d22b7910", 0x8c}, {&(0x7f0000000140)="129dfeb22a4a991370e5e0e8d9299eb47db32d378e5717674aa7cb9d0ecac62f764b9d62c128d3cf3f7b7d4d521fbbcc2a5dc2b9e9802b3eb6f0445b9e382ab4a397a16bf319253f81340f9438161728b0bf54f98169b255fe6a7eaa649058d487835288591416898022fbc42e75bcf21d5ad5d40856862c95f4fd6e6f62c14c2bffe353c23881f4dfd1a876f4a39ee710a5b9a1043dbaf336c638f62e7fe750c6122e832de2384b22865bfb14955fc7cf80dbf61c75f1ac5685a22bb5151e88f4b48cb2b8fc617b35a4c3228f9326a45f2183ec6e3c1adcb85a49fb7aad8f465c6f0dd0b858c9", 0xe7}], 0x3}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200000000000000}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90224fc602f0000000a0c0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)

2.236423014s ago: executing program 2 (id=2938):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0xa}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2000000}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.829262651s ago: executing program 1 (id=2939):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r0, 0x4)
sendmsg$unix(r2, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

1.682812493s ago: executing program 1 (id=2940):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="8510000008000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff950000000000000027ae34df466c6e5530b49c74c25cd18a2726419d4d1ec8671ea301f3309d97e1cf6873f9c38598da579da5bb1680312548af690a0afbeefc41ae17755fcdaa59f2009246d9ccb545a675f306cdcc2f2fb98a191345745042ddc23424e0ec28351d2645fee53f59f49a097ab5ca8e880c79d56598e4de8b487696c6d86bd088a49df31fdd641bfcab53b2652ed6b4934e447a2c"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d8000000180081054e81f783db4cb9040a1d3f0000142603600e1208000f0000000401a8000100fe80ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c0000000000000000003a5d00"/216, 0xd8}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x97ff, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="9d", 0x1}], 0x1}, 0x0)

1.079587253s ago: executing program 2 (id=2941):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x101, 0x4, 0x6}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r2, &(0x7f0000000180)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0xe0ffffff}, 0x80, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000680)="33cfef3b77d6d7faf78ec443df148c99228cf67f21fc23441e8f57f45d8e209c5fb151af58d9e983b0a1c93c016c3ce3a39f9be4afe92874e1ef0ee7fa78e9429adc1d830bf2660baa09059a703273efb22cdcaf9006e2c9ac1c93895ad1de3499af41a1c1b389e9b764d1a94139cfde65b1d0c8d4b32b5fe154f1074d985c73d231c56c9a1e1c974a9eb2faa9a9ad7265021c67ae1e69de84e20126f5ffd32f5617a95687abf3cfac9d2bfa349147fab6781ff4821acb489a3815a446508439da2663728d6d9558a3510d9fc371c44616d52c63", 0xd4}], 0x2}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0xb, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6402, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
gettid()
r4 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0204000902000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x23, &(0x7f0000000000), 0x4)
recvmsg(r4, &(0x7f0000000380)={0x0, 0xee51828d43e8364b, 0x0, 0x0, 0x0, 0xffffffffffffff25}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000280)=@raw=[@kfunc, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x10000}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000002ec0)={&(0x7f0000000580)=@phonet={0x23, 0x9, 0xf7, 0x3f}, 0xd1, 0x0}, 0x20000044)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb5}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="bdb7817ee709b7dbff93085ad43115444f3c9a500210dd693d0bf9ce3d1b36ccd1376f2ecdc6716250df26d9d1757d", 0x2f}, {&(0x7f0000000080)="6bdbf81179413730cbc512b4fc65eff326e878b529350a36a78080dd68f8dfdd4ffc34433de76aa8cc014fb8e4806ac2dd6ac4ea8e493bb0e25e959cfa1593aa0f9ccdf7badbab1c9055d5a36f7219aa72badae4b2070048522df83e65113e2be25cb632e6e93e9977417795985c4711ca8d8d60f6343552b83b1c3049692c418407a95ad0ed0205d22b7910", 0x8c}, {&(0x7f0000000140)="129dfeb22a4a991370e5e0e8d9299eb47db32d378e5717674aa7cb9d0ecac62f764b9d62c128d3cf3f7b7d4d521fbbcc2a5dc2b9e9802b3eb6f0445b9e382ab4a397a16bf319253f81340f9438161728b0bf54f98169b255fe6a7eaa649058d487835288591416898022fbc42e75bcf21d5ad5d40856862c95f4fd6e6f62c14c2bffe353c23881f4dfd1a876f4a39ee710a5b9a1043dbaf336c638f62e7fe750c6122e832de2384b22865bfb14955fc7cf80dbf61c75f1ac5685a22bb5151e88f4b48cb2b8fc617b35a4c3228f9326a45f2183ec6e3c1adcb85a49fb7aad8f465c6f0dd0b858c9", 0xe7}], 0x3}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200000000000000}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90224fc602f0000000a0c0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
socketpair(0x2b, 0x1, 0x4b8, &(0x7f0000000000))

1.079273373s ago: executing program 3 (id=2942):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000"], 0x48)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='devices.list\x00', 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x15, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r2], 0x48)
r4 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r6, 0x0, 0x0}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
perf_event_open(&(0x7f00000007c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, @perf_config_ext={0x8, 0x74bda1b3}, 0x806, 0x0, 0x80000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1d, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan1\x00', 0x800})
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8946, &(0x7f0000000080))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r3, 0x0, 0x0}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r9 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$inet(r9, &(0x7f0000000900)={&(0x7f0000000500)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000008c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x38}, 0x0)

859.884586ms ago: executing program 2 (id=2943):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x1, 0xfffffffffffffffb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r0=>0x0, 0x0})
close(r0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x10000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7bf}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x3, {{0x40, 0x2c}, 0x1}}, 0x80, 0x0}, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0)
close(r1)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8b1b, &(0x7f0000000000)={'wlan1\x00'})
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002200356bd25a806f8c6394f91524fc60040011000a7403004700000037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

492.162612ms ago: executing program 1 (id=2944):
r0 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1f, &(0x7f0000000ac0), 0x90)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="6eec872e356e0afbfc6b", @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9c}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)
close(r6)

356.494875ms ago: executing program 3 (id=2945):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x0, 0x6, 0xe, 0x100, 0x1}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r0, 0x0, &(0x7f0000000200)=""/76}, 0x20)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="c018030030000b12d25a80648c2594f90124fc60100c0482c137153e370248078000f01700d0bd0000004000000004f80c191c0339af15ace009", 0x3a}], 0x1}, 0x0)

356.264964ms ago: executing program 2 (id=2947):
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32514, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x7, 0x40, 0x7, 0x0, 0x0, 0xd299, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x4}, 0x100882, 0x7ff, 0x6, 0x0, 0xb, 0x2, 0x3ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000deb7242900"/32], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

139.297718ms ago: executing program 3 (id=2948):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7020000c3000000bf230000000000002703000000fefeff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400011000000404000001007d60b7030000000000006a0a00fe80000000850000002600000020000000000000009500001000000000acaa8e53a53cb864c300094c07000000000000d94cf0987b00a749a8e53b5c9491cd1f2b94a64f1de23d03a8f0362ebfc44c77511e60070e25510070f7778d3e77ad85319f0113abbac795f8c24abca246150226eb93fe39233add8f68f87699162334343befce832cb8075c5f0ae30cde221371ff00000067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f04485a9f8c8e49d00000097184c8e9d34b1e382b25e9614634e8e09194f7b83138f5275d9ab463797a2f6dcb45d5f278cd4fb74559575da3560c01cdf1eaa3fc7a3fb4f1689dfd5b626174770e4dfd1c82a694efc62f9ef9c8c0ea1efa5b949ce22827f6fd1dfc69d03482d8ec264e3d96ad19a0c99a234b4b71b0bc22573f8594b91781cd8ff7f000000000000299ebf94588e60abe9a565c5bbdc0358226f8580dc1a83c6a44408de23475a74ef0deda8da4089269ccb4e728dee6320444576c87cc576291e5367a5f1a5d5a12f8313ffff0b7f73335279aa2b68c9f045831119881764c71bb65b5138c50e06024e80fd9656bc077e4e259695748989335ba9eeef288de73815f20fefd4acfb6813ffff00000b971aec1a3e618a08a94ecbd401c8109c87ee3f5c0501857538d2a766bfcf4128fbe726903aca577aa8943af747760718dee5a21396dce6f61c6f3c7e000000cb0868b48719e47296f2299df3ecfb5f3f0e42f6f1eb1dc64dcc8e397366d12033f6288edbda3b838100000000000000000000800000edd4e1266dc9d73223fe614f025a7f284de76b3b676a13c57a0ed24f6270c4cbbf93472eb8093d8296c68dfbb03ddedc3e029b08959b145a7b110068ba071e75d75716243052ad24b624fddc2f0f3a018c0085c2319c248d643cd09fa855b20a6d453f2e954ff0e55c010000008547c5a0ecefcc44cc9532f729167f215937357a4bb9746193c1ec000000000000dd43c108c2109d221b7b26b7c9c209000005b7918a6cd856b8fa806c85480443159c6bed51a0e021f05f7caa1b99cdb4d08d9031210ac00e67d8c40a18503cb7aabcc066dfbfd7f87abe1122f00e5454bec3563a19582e0000000000000000000000000084b27fc6a3f95bf02b4eb5f1599dd46edcad432cc216316fe07afe27649c89cf022a90d895a2d70fcde7a9c37ede0c47c27f44595ab4b1fb1ed5b1d91314b2d50f94a768fb605679485041a6376b8344a39af68aed2be39794dd86ae82f9660cf4f935255d71f9fab2e430ac42bba1f54141cf39d4d50c4ded504beacb0de210d7a3716dca7362c134b91cef3efc514fbcb4747e6814ac16449ac02a43d9d4151697b4b7890ec6b481c5f0ca8c52a6322f34a796fa5941d23409ecf73458223baaffb94a89ee2884df000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x36}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x2e, &(0x7f0000000c40)=ANY=[@ANYBLOB="18000000001000000000000000feffff18110000", @ANYRES8, @ANYBLOB="0000000000000000b702000014000000b703"], 0x0}, 0x90)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f92e24fc60100c02", 0x17}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe0000180091c8b14a0778a8123d181d"], 0xfe33)

123.478238ms ago: executing program 2 (id=2949):
r0 = socket$kcm(0x21, 0x2, 0x2)
r1 = socket$kcm(0xa, 0x2, 0x3a)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="190000000400000004"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0xa, 0x2, 0x73)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffd}, 0x0, 0xe, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100808, 0x0, 0x400, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000240)=r4}, 0x20)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x80000000, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
close(r5)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20008000)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1300000010"], 0x48)
sendmsg$kcm(r1, 0x0, 0x0)
sendmsg$kcm(r0, 0x0, 0x0)

0s ago: executing program 1 (id=2950):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r0, 0x4)
sendmsg$unix(r2, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

ecv+0xb0/0xb0
[  345.079174][ T9988]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  345.085146][ T9988]  ? lock_chain_count+0x20/0x20
[  345.089990][ T9988]  __x64_sys_setsockopt+0xb1/0xc0
[  345.095008][ T9988]  do_syscall_64+0x4c/0xa0
[  345.099412][ T9988]  ? clear_bhb_loop+0x60/0xb0
[  345.104077][ T9988]  ? clear_bhb_loop+0x60/0xb0
[  345.108748][ T9988]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  345.114629][ T9988] RIP: 0033:0x7febcf38e929
[  345.119030][ T9988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.138621][ T9988] RSP: 002b:00007febd01a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  345.147021][ T9988] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38e929
[  345.154979][ T9988] RDX: 0000000000000025 RSI: 0000000000000001 RDI: 0000000000000006
[  345.162934][ T9988] RBP: 00007febd01a8090 R08: 0000000000000008 R09: 0000000000000000
[  345.170887][ T9988] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  345.178846][ T9988] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  345.186816][ T9988]  </TASK>
[  345.262438][ T9990] netlink: 'syz.2.1827': attribute type 2 has an invalid length.
[  345.526334][T10002] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  345.533750][T10002] IPv6: NLM_F_CREATE should be set when creating new route
[  345.541202][T10002] IPv6: NLM_F_CREATE should be set when creating new route
[  345.548616][T10002] IPv6: NLM_F_CREATE should be set when creating new route
[  345.770223][T10011] netlink: 'syz.0.1828': attribute type 2 has an invalid length.
[  347.209847][T10043] FAULT_INJECTION: forcing a failure.
[  347.209847][T10043] name failslab, interval 1, probability 0, space 0, times 0
[  347.259565][T10043] CPU: 1 PID: 10043 Comm: syz.0.1839 Not tainted 6.1.144-syzkaller #0
[  347.267767][T10043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  347.277831][T10043] Call Trace:
[  347.281115][T10043]  <TASK>
[  347.284047][T10043]  dump_stack_lvl+0x168/0x22e
[  347.288750][T10043]  ? show_regs_print_info+0x12/0x12
[  347.293970][T10043]  ? load_image+0x3b0/0x3b0
[  347.298495][T10043]  ? __might_sleep+0xd0/0xd0
[  347.303110][T10043]  ? __lock_acquire+0x7c50/0x7c50
[  347.308153][T10043]  should_fail_ex+0x399/0x4d0
[  347.312848][T10043]  should_failslab+0x5/0x20
[  347.317356][T10043]  slab_pre_alloc_hook+0x59/0x310
[  347.322398][T10043]  ? tomoyo_realpath_from_path+0xdf/0x5d0
[  347.328134][T10043]  __kmem_cache_alloc_node+0x4f/0x260
[  347.333525][T10043]  ? tomoyo_realpath_from_path+0xdf/0x5d0
[  347.339258][T10043]  __kmalloc+0xa0/0x240
[  347.343438][T10043]  tomoyo_realpath_from_path+0xdf/0x5d0
[  347.349013][T10043]  tomoyo_path_number_perm+0x1e3/0x600
[  347.354477][T10043]  ? tomoyo_path_number_perm+0x1b6/0x600
[  347.360103][T10043]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  347.365556][T10043]  ? ksys_write+0x1bd/0x240
[  347.370048][T10043]  ? common_file_perm+0x171/0x1c0
[  347.375085][T10043]  ? __fget_files+0x28/0x4d0
[  347.379676][T10043]  security_file_ioctl+0x6c/0xa0
[  347.384611][T10043]  __se_sys_ioctl+0x48/0x170
[  347.389199][T10043]  do_syscall_64+0x4c/0xa0
[  347.393607][T10043]  ? clear_bhb_loop+0x60/0xb0
[  347.398275][T10043]  ? clear_bhb_loop+0x60/0xb0
[  347.402947][T10043]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  347.408828][T10043] RIP: 0033:0x7febcf38e929
[  347.413242][T10043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.432889][T10043] RSP: 002b:00007febd0187038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  347.441299][T10043] RAX: ffffffffffffffda RBX: 00007febcf5b6080 RCX: 00007febcf38e929
[  347.449279][T10043] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000005
[  347.457240][T10043] RBP: 00007febd0187090 R08: 0000000000000000 R09: 0000000000000000
[  347.465201][T10043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.473160][T10043] R13: 0000000000000000 R14: 00007febcf5b6080 R15: 00007ffddf7a4e88
[  347.481143][T10043]  </TASK>
[  347.610801][T10047] __nla_validate_parse: 2 callbacks suppressed
[  347.610817][T10047] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1838'.
[  347.701859][T10047] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1838'.
[  347.741409][T10044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1838'.
[  347.774548][T10039] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1838'.
[  347.900712][T10043] ERROR: Out of memory at tomoyo_realpath_from_path.
[  348.065891][T10058] netlink: 'syz.2.1842': attribute type 2 has an invalid length.
[  348.286704][T10066] netlink: 'syz.2.1845': attribute type 2 has an invalid length.
[  349.114060][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1854'.
[  349.140639][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1854'.
[  349.165035][T10088] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1854'.
[  349.191966][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1854'.
[  350.965149][T10109] netlink: 'syz.1.1858': attribute type 2 has an invalid length.
[  351.071247][T10115] FAULT_INJECTION: forcing a failure.
[  351.071247][T10115] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.190593][T10115] CPU: 0 PID: 10115 Comm: syz.0.1861 Not tainted 6.1.144-syzkaller #0
[  351.198795][T10115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  351.208859][T10115] Call Trace:
[  351.212147][T10115]  <TASK>
[  351.215091][T10115]  dump_stack_lvl+0x168/0x22e
[  351.219785][T10115]  ? show_regs_print_info+0x12/0x12
[  351.224997][T10115]  ? load_image+0x3b0/0x3b0
[  351.229522][T10115]  ? __lock_acquire+0x7c50/0x7c50
[  351.234576][T10115]  should_fail_ex+0x399/0x4d0
[  351.239271][T10115]  _copy_from_user+0x2c/0x170
[  351.243969][T10115]  ___sys_recvmsg+0x12b/0x510
[  351.248763][T10115]  ? __sys_recvmsg+0x270/0x270
[  351.253556][T10115]  ? common_file_perm+0x171/0x1c0
[  351.258586][T10115]  ? __fget_files+0x44a/0x4d0
[  351.263264][T10115]  ? __fdget+0x17c/0x200
[  351.267505][T10115]  __x64_sys_recvmsg+0x1eb/0x2b0
[  351.272440][T10115]  ? ___sys_recvmsg+0x510/0x510
[  351.277295][T10115]  ? lockdep_hardirqs_on+0x94/0x140
[  351.282492][T10115]  do_syscall_64+0x4c/0xa0
[  351.286918][T10115]  ? clear_bhb_loop+0x60/0xb0
[  351.291586][T10115]  ? clear_bhb_loop+0x60/0xb0
[  351.296253][T10115]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  351.302133][T10115] RIP: 0033:0x7febcf38e929
[  351.306532][T10115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.326136][T10115] RSP: 002b:00007febd01a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  351.334553][T10115] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38e929
[  351.342521][T10115] RDX: 0000000040002002 RSI: 0000200000000000 RDI: 0000000000000004
[  351.350491][T10115] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  351.358462][T10115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.366423][T10115] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  351.374398][T10115]  </TASK>
[  351.587606][T10134] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1865'.
[  351.641902][T10134] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1865'.
[  352.332778][T10149] netlink: 'syz.1.1868': attribute type 11 has an invalid length.
[  352.640596][T10146] netlink: 'syz.1.1868': attribute type 10 has an invalid length.
[  353.009374][T10161] FAULT_INJECTION: forcing a failure.
[  353.009374][T10161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.059178][T10159] netlink: 'syz.4.1873': attribute type 2 has an invalid length.
[  353.077210][T10161] CPU: 0 PID: 10161 Comm: syz.3.1872 Not tainted 6.1.144-syzkaller #0
[  353.085410][T10161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  353.096345][T10161] Call Trace:
[  353.099628][T10161]  <TASK>
[  353.102566][T10161]  dump_stack_lvl+0x168/0x22e
[  353.107260][T10161]  ? show_regs_print_info+0x12/0x12
[  353.112475][T10161]  ? load_image+0x3b0/0x3b0
[  353.116997][T10161]  ? __lock_acquire+0x7c50/0x7c50
[  353.122040][T10161]  should_fail_ex+0x399/0x4d0
[  353.126729][T10161]  _copy_from_user+0x2c/0x170
[  353.131425][T10161]  __sys_bpf+0x265/0x6d0
[  353.135680][T10161]  ? bpf_link_show_fdinfo+0x310/0x310
[  353.141078][T10161]  ? lock_chain_count+0x20/0x20
[  353.145954][T10161]  __x64_sys_bpf+0x78/0x90
[  353.150385][T10161]  do_syscall_64+0x4c/0xa0
[  353.154812][T10161]  ? clear_bhb_loop+0x60/0xb0
[  353.159498][T10161]  ? clear_bhb_loop+0x60/0xb0
[  353.164190][T10161]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  353.170094][T10161] RIP: 0033:0x7fa28878e929
[  353.174959][T10161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.194573][T10161] RSP: 002b:00007fa2896ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  353.203000][T10161] RAX: ffffffffffffffda RBX: 00007fa2889b5fa0 RCX: 00007fa28878e929
[  353.210985][T10161] RDX: 0000000000000050 RSI: 0000200000000680 RDI: 000000000000000a
[  353.218974][T10161] RBP: 00007fa2896ba090 R08: 0000000000000000 R09: 0000000000000000
[  353.226951][T10161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.234926][T10161] R13: 0000000000000000 R14: 00007fa2889b5fa0 R15: 00007ffe7d06c0f8
[  353.242918][T10161]  </TASK>
[  354.362549][T10183] netlink: 'syz.1.1878': attribute type 3 has an invalid length.
[  354.370337][T10183] __nla_validate_parse: 2 callbacks suppressed
[  354.370352][T10183] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.1878'.
[  354.437759][T10197] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1882'.
[  354.520636][T10197] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1882'.
[  354.543491][T10196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1882'.
[  354.677334][T10199] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1882'.
[  355.263156][T10210] netlink: 'syz.2.1885': attribute type 2 has an invalid length.
[  355.581788][T10220] netlink: 'syz.3.1887': attribute type 11 has an invalid length.
[  355.668013][T10219] netlink: 'syz.3.1887': attribute type 10 has an invalid length.
[  355.737564][T10224] FAULT_INJECTION: forcing a failure.
[  355.737564][T10224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.778002][T10224] CPU: 1 PID: 10224 Comm: syz.1.1890 Not tainted 6.1.144-syzkaller #0
[  355.786209][T10224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  355.796275][T10224] Call Trace:
[  355.799563][T10224]  <TASK>
[  355.802504][T10224]  dump_stack_lvl+0x168/0x22e
[  355.807196][T10224]  ? show_regs_print_info+0x12/0x12
[  355.812407][T10224]  ? load_image+0x3b0/0x3b0
[  355.816925][T10224]  ? __lock_acquire+0x7c50/0x7c50
[  355.821974][T10224]  should_fail_ex+0x399/0x4d0
[  355.826699][T10224]  _copy_from_user+0x2c/0x170
[  355.831392][T10224]  __sys_bpf+0x265/0x6d0
[  355.835657][T10224]  ? bpf_link_show_fdinfo+0x310/0x310
[  355.841055][T10224]  ? lock_chain_count+0x20/0x20
[  355.845929][T10224]  __x64_sys_bpf+0x78/0x90
[  355.850360][T10224]  do_syscall_64+0x4c/0xa0
[  355.854791][T10224]  ? clear_bhb_loop+0x60/0xb0
[  355.859480][T10224]  ? clear_bhb_loop+0x60/0xb0
[  355.864171][T10224]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  355.870078][T10224] RIP: 0033:0x7fc86cf8e929
[  355.874493][T10224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.894194][T10224] RSP: 002b:00007fc86de7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  355.902619][T10224] RAX: ffffffffffffffda RBX: 00007fc86d1b5fa0 RCX: 00007fc86cf8e929
[  355.910593][T10224] RDX: 0000000000000080 RSI: 0000200000000600 RDI: 0000000000000005
[  355.918560][T10224] RBP: 00007fc86de7c090 R08: 0000000000000000 R09: 0000000000000000
[  355.926527][T10224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.934494][T10224] R13: 0000000000000001 R14: 00007fc86d1b5fa0 R15: 00007ffe3a79f318
[  355.942476][T10224]  </TASK>
[  356.203188][T10229] netlink: 'syz.4.1891': attribute type 3 has an invalid length.
[  356.248103][T10232] netlink: 13951 bytes leftover after parsing attributes in process `syz.4.1891'.
[  356.310714][T10229] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1891'.
[  356.438601][T10239] FAULT_INJECTION: forcing a failure.
[  356.438601][T10239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  356.486195][T10239] CPU: 0 PID: 10239 Comm: syz.1.1896 Not tainted 6.1.144-syzkaller #0
[  356.494403][T10239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  356.504470][T10239] Call Trace:
[  356.507756][T10239]  <TASK>
[  356.510694][T10239]  dump_stack_lvl+0x168/0x22e
[  356.515400][T10239]  ? show_regs_print_info+0x12/0x12
[  356.520614][T10239]  ? load_image+0x3b0/0x3b0
[  356.525130][T10239]  ? __lock_acquire+0x7c50/0x7c50
[  356.530169][T10239]  ? __local_bh_enable_ip+0x12a/0x1b0
[  356.535566][T10239]  ? lockdep_hardirqs_on+0x94/0x140
[  356.540793][T10239]  should_fail_ex+0x399/0x4d0
[  356.545489][T10239]  _copy_from_user+0x2c/0x170
[  356.550163][T10239]  mptcp_setsockopt+0xc6b/0x2e20
[  356.555101][T10239]  ? aa_sk_perm+0x7e5/0x920
[  356.559593][T10239]  ? pm_nl_exit_net+0x220/0x220
[  356.564440][T10239]  ? aa_af_perm+0x2b0/0x2b0
[  356.568944][T10239]  ? __fget_files+0x44a/0x4d0
[  356.573627][T10239]  ? aa_sock_opt_perm+0x74/0x100
[  356.578559][T10239]  ? sock_common_setsockopt+0x32/0xb0
[  356.583926][T10239]  ? sock_common_recvmsg+0x1a0/0x1a0
[  356.589200][T10239]  __sys_setsockopt+0x3d6/0x660
[  356.594046][T10239]  ? perf_trace_preemptirq_template+0xa0/0x330
[  356.600206][T10239]  ? __ia32_sys_recv+0xb0/0xb0
[  356.604983][T10239]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  356.610966][T10239]  ? lock_chain_count+0x20/0x20
[  356.615820][T10239]  __x64_sys_setsockopt+0xb1/0xc0
[  356.620934][T10239]  do_syscall_64+0x4c/0xa0
[  356.625343][T10239]  ? clear_bhb_loop+0x60/0xb0
[  356.630012][T10239]  ? clear_bhb_loop+0x60/0xb0
[  356.634676][T10239]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  356.640576][T10239] RIP: 0033:0x7fc86cf8e929
[  356.644984][T10239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.664576][T10239] RSP: 002b:00007fc86de7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  356.672977][T10239] RAX: ffffffffffffffda RBX: 00007fc86d1b5fa0 RCX: 00007fc86cf8e929
[  356.680932][T10239] RDX: 0000000000000004 RSI: 0000000000000006 RDI: 0000000000000003
[  356.688885][T10239] RBP: 00007fc86de7c090 R08: 0000000000000004 R09: 0000000000000000
[  356.696841][T10239] R10: 0000200000000b80 R11: 0000000000000246 R12: 0000000000000001
[  356.704808][T10239] R13: 0000000000000000 R14: 00007fc86d1b5fa0 R15: 00007ffe3a79f318
[  356.712850][T10239]  </TASK>
[  357.767966][T10252] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1898'.
[  357.797378][T10252] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1898'.
[  357.818928][T10251] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1898'.
[  357.917717][T10259] netlink: 'syz.2.1900': attribute type 2 has an invalid length.
[  358.147727][T10265] netlink: 'syz.4.1899': attribute type 3 has an invalid length.
[  359.574001][T10293] __nla_validate_parse: 8 callbacks suppressed
[  359.574018][T10293] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.1910'.
[  359.966026][T10308] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1915'.
[  359.998779][T10308] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1915'.
[  360.027322][T10305] netlink: 'syz.2.1914': attribute type 2 has an invalid length.
[  360.115017][T10304] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1915'.
[  360.245994][T10308] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1915'.
[  360.639618][T10314] netlink: 'syz.2.1916': attribute type 2 has an invalid length.
[  360.775548][T10319] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1928'.
[  360.815444][T10319] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1928'.
[  360.886838][T10317] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1928'.
[  360.918736][T10322] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1928'.
[  361.309703][T10330] netlink: 'syz.2.1919': attribute type 3 has an invalid length.
[  361.430321][T10330] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1919'.
[  362.011208][T10339] netlink: 'syz.1.1926': attribute type 2 has an invalid length.
[  362.301498][T10352] netlink: 'syz.1.1939': attribute type 2 has an invalid length.
[  362.732005][T10361] netlink: 'syz.0.1930': attribute type 2 has an invalid length.
[  363.647641][T10385] netlink: 'syz.1.1942': attribute type 2 has an invalid length.
[  363.705675][T10389] netlink: 'syz.3.1940': attribute type 3 has an invalid length.
[  364.379159][T10403] netlink: 'syz.1.1957': attribute type 3 has an invalid length.
[  364.466993][T10405] netlink: 'syz.4.1946': attribute type 2 has an invalid length.
[  365.027342][T10425] netlink: 'syz.3.1952': attribute type 27 has an invalid length.
[  365.074840][T10425] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  365.111113][T10429] netlink: 'syz.1.1953': attribute type 2 has an invalid length.
[  365.129139][T10429] __nla_validate_parse: 14 callbacks suppressed
[  365.129155][T10429] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1953'.
[  365.519953][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1956'.
[  365.555746][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1956'.
[  365.596642][T10437] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1956'.
[  365.636311][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1956'.
[  365.955946][T10451] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.1962'.
[  365.967235][T10453] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1964'.
[  365.990627][T10453] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1964'.
[  366.015570][T10447] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1964'.
[  366.067985][T10454] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1963'.
[  366.549658][T10473] validate_nla: 2 callbacks suppressed
[  366.549702][T10473] netlink: 'syz.0.1969': attribute type 2 has an invalid length.
[  366.955774][T10481] netlink: 'syz.0.1972': attribute type 2 has an invalid length.
[  367.137448][T10485] netlink: 'syz.2.1973': attribute type 27 has an invalid length.
[  367.181791][T10485] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  368.180645][T10503] netlink: 'syz.2.1978': attribute type 3 has an invalid length.
[  368.629150][T10517] netlink: 'syz.0.1982': attribute type 2 has an invalid length.
[  368.872080][T10530] FAULT_INJECTION: forcing a failure.
[  368.872080][T10530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.911043][T10530] CPU: 1 PID: 10530 Comm: syz.2.1986 Not tainted 6.1.144-syzkaller #0
[  368.919236][T10530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  368.929279][T10530] Call Trace:
[  368.932546][T10530]  <TASK>
[  368.935466][T10530]  dump_stack_lvl+0x168/0x22e
[  368.940139][T10530]  ? show_regs_print_info+0x12/0x12
[  368.945325][T10530]  ? load_image+0x3b0/0x3b0
[  368.949825][T10530]  ? __lock_acquire+0x7c50/0x7c50
[  368.954844][T10530]  ? aa_sk_perm+0x920/0x920
[  368.959341][T10530]  should_fail_ex+0x399/0x4d0
[  368.964009][T10530]  _copy_from_user+0x2c/0x170
[  368.968681][T10530]  sk_setsockopt+0x28f/0x2720
[  368.973348][T10530]  ? __fget_files+0x28/0x4d0
[  368.977935][T10530]  ? sockopt_capable+0x60/0x60
[  368.982688][T10530]  ? __lock_acquire+0x7c50/0x7c50
[  368.987714][T10530]  ? aa_sk_perm+0x7e5/0x920
[  368.992211][T10530]  ? aa_af_perm+0x2b0/0x2b0
[  368.996700][T10530]  ? __fget_files+0x44a/0x4d0
[  369.001372][T10530]  ? aa_sock_opt_perm+0x74/0x100
[  369.006296][T10530]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[  369.011830][T10530]  ? security_socket_setsockopt+0x7a/0xa0
[  369.017538][T10530]  __sys_setsockopt+0x40c/0x660
[  369.022382][T10530]  ? __ia32_sys_recv+0xb0/0xb0
[  369.027140][T10530]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  369.033113][T10530]  ? lock_chain_count+0x20/0x20
[  369.037961][T10530]  __x64_sys_setsockopt+0xb1/0xc0
[  369.042984][T10530]  do_syscall_64+0x4c/0xa0
[  369.047387][T10530]  ? clear_bhb_loop+0x60/0xb0
[  369.052049][T10530]  ? clear_bhb_loop+0x60/0xb0
[  369.056715][T10530]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.062595][T10530] RIP: 0033:0x7fcb2e18e929
[  369.066998][T10530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.086588][T10530] RSP: 002b:00007fcb2f0b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  369.095000][T10530] RAX: ffffffffffffffda RBX: 00007fcb2e3b6080 RCX: 00007fcb2e18e929
[  369.102957][T10530] RDX: 0000000000000007 RSI: 0000000000000001 RDI: 0000000000000003
[  369.110922][T10530] RBP: 00007fcb2f0b4090 R08: 0000000000000004 R09: 0000000000000000
[  369.118878][T10530] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  369.126835][T10530] R13: 0000000000000000 R14: 00007fcb2e3b6080 R15: 00007fffdac450e8
[  369.134804][T10530]  </TASK>
[  369.317101][T10535] netlink: 'syz.3.1988': attribute type 2 has an invalid length.
[  369.508689][T10540] netlink: 'syz.4.1989': attribute type 29 has an invalid length.
[  369.546733][T10540] netlink: 'syz.4.1989': attribute type 29 has an invalid length.
[  369.632673][T10542] netlink: 'syz.1.1991': attribute type 27 has an invalid length.
[  369.755599][T10542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  369.791129][T10542] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  369.880560][T10540] netlink: 'syz.4.1989': attribute type 29 has an invalid length.
[  371.052470][T10579] __nla_validate_parse: 23 callbacks suppressed
[  371.052489][T10579] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2001'.
[  371.202179][T10585] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2003'.
[  371.233358][T10585] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2003'.
[  371.263037][T10582] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2003'.
[  371.310857][T10585] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2003'.
[  371.350344][T10591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2004'.
[  371.388753][T10591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2004'.
[  371.448096][T10588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2004'.
[  371.510394][T10591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2004'.
[  371.623260][T10596] validate_nla: 3 callbacks suppressed
[  371.623274][T10596] netlink: 'syz.4.2005': attribute type 29 has an invalid length.
[  371.671761][T10597] netlink: 'syz.4.2005': attribute type 29 has an invalid length.
[  371.719910][T10597] netlink: 'syz.4.2005': attribute type 29 has an invalid length.
[  371.783902][T10594] netlink: 'syz.2.2006': attribute type 11 has an invalid length.
[  372.238326][T10609] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2007'.
[  372.359854][T10612] netlink: 'syz.0.2009': attribute type 29 has an invalid length.
[  372.402378][T10616] netlink: 'syz.3.2012': attribute type 2 has an invalid length.
[  372.440607][T10612] netlink: 'syz.0.2009': attribute type 29 has an invalid length.
[  372.600114][T10624] netlink: 'syz.0.2009': attribute type 29 has an invalid length.
[  372.633369][T10624] netlink: 'syz.0.2009': attribute type 29 has an invalid length.
[  373.569624][T10651] netlink: 'syz.3.2023': attribute type 11 has an invalid length.
[  375.327997][T10696] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.371873][T10696] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.409179][T10696] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  375.425452][T10696] batman_adv: batadv0: Removing interface: virt_wifi0
[  376.209149][T10720] __nla_validate_parse: 16 callbacks suppressed
[  376.209167][T10720] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2045'.
[  377.116713][T10721] validate_nla: 7 callbacks suppressed
[  377.116729][T10721] netlink: 'syz.3.2046': attribute type 11 has an invalid length.
[  377.132352][T10720] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2045'.
[  377.883957][T10740] netlink: 'syz.0.2053': attribute type 11 has an invalid length.
[  378.353003][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  378.359317][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  378.402366][T10746] netlink: 'syz.1.2055': attribute type 2 has an invalid length.
[  378.517370][T10752] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2054'.
[  378.564442][T10754] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  378.587453][T10754] batman_adv: batadv0: Removing interface: batadv_slave_0
[  378.828748][T10767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2060'.
[  378.959276][T10754] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  379.069335][T10754] batman_adv: batadv0: Removing interface: batadv_slave_1
[  379.146131][T10754] batman_adv: batadv0: Interface deactivated: hsr_slave_1
[  379.168207][T10754] batman_adv: batadv0: Removing interface: hsr_slave_1
[  379.278170][T10754] bridge0: port 3(batadv0) entered disabled state
[  379.369436][T10754] bridge0: port 3(batadv0) entered disabled state
[  379.464122][T10752] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2054'.
[  379.548509][T10767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2060'.
[  379.575987][T10772] netlink: 'syz.2.2061': attribute type 11 has an invalid length.
[  379.607193][T10764] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2060'.
[  380.167075][T10790] netlink: 'syz.3.2068': attribute type 11 has an invalid length.
[  380.928241][T10796] netlink: 'syz.2.2071': attribute type 2 has an invalid length.
[  381.532162][T10802] netlink: 'syz.2.2074': attribute type 2 has an invalid length.
[  381.795200][T10812] netlink: 'syz.1.2076': attribute type 11 has an invalid length.
[  381.862271][T10818] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2077'.
[  381.914171][T10818] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2077'.
[  381.954313][T10814] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2077'.
[  381.996567][T10820] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2077'.
[  382.220113][T10824] FAULT_INJECTION: forcing a failure.
[  382.220113][T10824] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  382.300638][T10824] CPU: 0 PID: 10824 Comm: syz.4.2078 Not tainted 6.1.144-syzkaller #0
[  382.308850][T10824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  382.319032][T10824] Call Trace:
[  382.322323][T10824]  <TASK>
[  382.325272][T10824]  dump_stack_lvl+0x168/0x22e
[  382.329972][T10824]  ? show_regs_print_info+0x12/0x12
[  382.335193][T10824]  ? load_image+0x3b0/0x3b0
[  382.339711][T10824]  ? __lock_acquire+0x7c50/0x7c50
[  382.344761][T10824]  should_fail_ex+0x399/0x4d0
[  382.349460][T10824]  _copy_from_user+0x2c/0x170
[  382.354170][T10824]  __sys_bpf+0x265/0x6d0
[  382.358434][T10824]  ? bpf_link_show_fdinfo+0x310/0x310
[  382.363829][T10824]  ? lock_chain_count+0x20/0x20
[  382.368683][T10824]  __x64_sys_bpf+0x78/0x90
[  382.373102][T10824]  do_syscall_64+0x4c/0xa0
[  382.377507][T10824]  ? clear_bhb_loop+0x60/0xb0
[  382.382173][T10824]  ? clear_bhb_loop+0x60/0xb0
[  382.386838][T10824]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  382.392735][T10824] RIP: 0033:0x7f0b1ff8e929
[  382.397143][T10824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.416753][T10824] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  382.425169][T10824] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  382.433135][T10824] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005
[  382.441093][T10824] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  382.449048][T10824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.457004][T10824] R13: 0000000000000001 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  382.464982][T10824]  </TASK>
[  382.790783][T10843] FAULT_INJECTION: forcing a failure.
[  382.790783][T10843] name failslab, interval 1, probability 0, space 0, times 0
[  382.849370][T10843] CPU: 1 PID: 10843 Comm: syz.4.2084 Not tainted 6.1.144-syzkaller #0
[  382.857576][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  382.867646][T10843] Call Trace:
[  382.870935][T10843]  <TASK>
[  382.873873][T10843]  dump_stack_lvl+0x168/0x22e
[  382.878572][T10843]  ? show_regs_print_info+0x12/0x12
[  382.883799][T10843]  ? load_image+0x3b0/0x3b0
[  382.888333][T10843]  ? __might_sleep+0xd0/0xd0
[  382.892959][T10843]  ? __lock_acquire+0x7c50/0x7c50
[  382.897999][T10843]  ? aa_file_perm+0x3ef/0xec0
[  382.902696][T10843]  should_fail_ex+0x399/0x4d0
[  382.907394][T10843]  should_failslab+0x5/0x20
[  382.911909][T10843]  slab_pre_alloc_hook+0x59/0x310
[  382.916953][T10843]  ? kernfs_fop_write_iter+0x155/0x4c0
[  382.922431][T10843]  __kmem_cache_alloc_node+0x4f/0x260
[  382.927828][T10843]  ? kernfs_fop_write_iter+0x155/0x4c0
[  382.933306][T10843]  __kmalloc+0xa0/0x240
[  382.937477][T10843]  kernfs_fop_write_iter+0x155/0x4c0
[  382.942786][T10843]  vfs_write+0x44c/0x960
[  382.947052][T10843]  ? file_end_write+0x250/0x250
[  382.951921][T10843]  ? __fget_files+0x44a/0x4d0
[  382.956630][T10843]  ? __fdget_pos+0x2ae/0x360
[  382.961236][T10843]  ? ksys_write+0x71/0x240
[  382.965667][T10843]  ksys_write+0x143/0x240
[  382.970011][T10843]  ? __ia32_sys_read+0x80/0x80
[  382.974794][T10843]  ? lockdep_hardirqs_on+0x94/0x140
[  382.980020][T10843]  do_syscall_64+0x4c/0xa0
[  382.984455][T10843]  ? clear_bhb_loop+0x60/0xb0
[  382.989148][T10843]  ? clear_bhb_loop+0x60/0xb0
[  382.993843][T10843]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  382.999750][T10843] RIP: 0033:0x7f0b1ff8e929
[  383.004193][T10843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.023825][T10843] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  383.032262][T10843] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  383.040426][T10843] RDX: 0000000000000027 RSI: 00002000000000c0 RDI: 0000000000000004
[  383.048418][T10843] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  383.056404][T10843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.064388][T10843] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  383.072394][T10843]  </TASK>
[  383.247285][T10851] netlink: 'syz.0.2087': attribute type 2 has an invalid length.
[  383.377853][T10857] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2089'.
[  383.410323][T10857] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2089'.
[  383.455335][T10855] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2089'.
[  383.499786][T10857] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2089'.
[  384.048875][T10870] netlink: 'syz.0.2091': attribute type 11 has an invalid length.
[  385.639817][T10897] FAULT_INJECTION: forcing a failure.
[  385.639817][T10897] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.678287][T10894] netlink: 'syz.4.2101': attribute type 2 has an invalid length.
[  385.689255][T10897] CPU: 0 PID: 10897 Comm: syz.3.2102 Not tainted 6.1.144-syzkaller #0
[  385.697438][T10897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  385.707511][T10897] Call Trace:
[  385.710798][T10897]  <TASK>
[  385.713733][T10897]  dump_stack_lvl+0x168/0x22e
[  385.718428][T10897]  ? show_regs_print_info+0x12/0x12
[  385.723651][T10897]  ? load_image+0x3b0/0x3b0
[  385.728167][T10897]  ? __lock_acquire+0x7c50/0x7c50
[  385.733206][T10897]  ? perf_trace_lock+0xf3/0x370
[  385.738220][T10897]  should_fail_ex+0x399/0x4d0
[  385.742921][T10897]  _copy_from_user+0x2c/0x170
[  385.747628][T10897]  ___sys_recvmsg+0x12b/0x510
[  385.752331][T10897]  ? __sys_recvmsg+0x270/0x270
[  385.757117][T10897]  ? common_file_perm+0x171/0x1c0
[  385.762159][T10897]  ? __fget_files+0x44a/0x4d0
[  385.766858][T10897]  ? __fdget+0x17c/0x200
[  385.771117][T10897]  __x64_sys_recvmsg+0x1eb/0x2b0
[  385.776071][T10897]  ? ___sys_recvmsg+0x510/0x510
[  385.780950][T10897]  ? lockdep_hardirqs_on+0x94/0x140
[  385.786171][T10897]  do_syscall_64+0x4c/0xa0
[  385.790592][T10897]  ? clear_bhb_loop+0x60/0xb0
[  385.795273][T10897]  ? clear_bhb_loop+0x60/0xb0
[  385.799955][T10897]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  385.805858][T10897] RIP: 0033:0x7fa28878e929
[  385.810280][T10897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.829896][T10897] RSP: 002b:00007fa289699038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  385.838319][T10897] RAX: ffffffffffffffda RBX: 00007fa2889b6080 RCX: 00007fa28878e929
[  385.846387][T10897] RDX: 0000000000000000 RSI: 0000200000000e80 RDI: 0000000000000003
[  385.854364][T10897] RBP: 00007fa289699090 R08: 0000000000000000 R09: 0000000000000000
[  385.862343][T10897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.870316][T10897] R13: 0000000000000000 R14: 00007fa2889b6080 R15: 00007ffe7d06c0f8
[  385.878311][T10897]  </TASK>
[  386.088067][T10904] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2104'.
[  386.108493][T10904] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2104'.
[  386.283525][T10911] netlink: 'syz.4.2105': attribute type 3 has an invalid length.
[  387.193492][T10921] netlink: 'syz.2.2109': attribute type 11 has an invalid length.
[  387.765729][T10938] netlink: 'syz.4.2115': attribute type 2 has an invalid length.
[  388.054927][T10947] __nla_validate_parse: 3 callbacks suppressed
[  388.054944][T10947] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2117'.
[  388.089623][T10947] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2117'.
[  388.130141][T10944] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2117'.
[  388.158271][T10951] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2117'.
[  388.291259][T10953] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.2120'.
[  388.671122][T10970] netlink: 'syz.1.2125': attribute type 11 has an invalid length.
[  388.722534][T10968] netlink: 'syz.0.2123': attribute type 3 has an invalid length.
[  388.873316][T10968] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2123'.
[  389.454914][T10980] netlink: 'syz.2.2128': attribute type 2 has an invalid length.
[  390.157308][T10984] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2130'.
[  390.180855][T10984] tc_dump_action: action bad kind
[  390.417949][T10986] FAULT_INJECTION: forcing a failure.
[  390.417949][T10986] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  390.472080][T10986] CPU: 1 PID: 10986 Comm: syz.3.2131 Not tainted 6.1.144-syzkaller #0
[  390.480292][T10986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  390.490368][T10986] Call Trace:
[  390.493658][T10986]  <TASK>
[  390.496599][T10986]  dump_stack_lvl+0x168/0x22e
[  390.501298][T10986]  ? show_regs_print_info+0x12/0x12
[  390.506507][T10986]  ? load_image+0x3b0/0x3b0
[  390.511003][T10986]  ? __lock_acquire+0x7c50/0x7c50
[  390.516023][T10986]  should_fail_ex+0x399/0x4d0
[  390.520692][T10986]  _copy_from_user+0x2c/0x170
[  390.525382][T10986]  __sys_bpf+0x265/0x6d0
[  390.529615][T10986]  ? bpf_link_show_fdinfo+0x310/0x310
[  390.534990][T10986]  ? lock_chain_count+0x20/0x20
[  390.539837][T10986]  __x64_sys_bpf+0x78/0x90
[  390.544244][T10986]  do_syscall_64+0x4c/0xa0
[  390.548651][T10986]  ? clear_bhb_loop+0x60/0xb0
[  390.553317][T10986]  ? clear_bhb_loop+0x60/0xb0
[  390.557987][T10986]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.563870][T10986] RIP: 0033:0x7fa28878e929
[  390.568272][T10986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.587867][T10986] RSP: 002b:00007fa2896ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  390.596283][T10986] RAX: ffffffffffffffda RBX: 00007fa2889b5fa0 RCX: 00007fa28878e929
[  390.604249][T10986] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000004
[  390.612210][T10986] RBP: 00007fa2896ba090 R08: 0000000000000000 R09: 0000000000000000
[  390.620169][T10986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.628128][T10986] R13: 0000000000000000 R14: 00007fa2889b5fa0 R15: 00007ffe7d06c0f8
[  390.636104][T10986]  </TASK>
[  390.963447][T10991] netlink: 'syz.0.2134': attribute type 10 has an invalid length.
[  391.041222][T11001] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2135'.
[  391.073349][T10991] team0: Port device netdevsim0 added
[  391.140770][T11000] netlink: 'syz.0.2134': attribute type 10 has an invalid length.
[  391.218164][T11000] team0: Port device netdevsim0 removed
[  391.232864][T11000] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  391.246428][T11001] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2135'.
[  391.266250][T11007] C: renamed from lo
[  391.276283][T10997] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2135'.
[  391.608526][T11018] netlink: 'syz.4.2144': attribute type 2 has an invalid length.
[  391.799526][T11027] netlink: 'syz.0.2145': attribute type 3 has an invalid length.
[  391.942331][T11030] netlink: 'syz.4.2146': attribute type 11 has an invalid length.
[  392.399581][T11037] netlink: 'syz.3.2148': attribute type 2 has an invalid length.
[  393.357793][T11046] __nla_validate_parse: 3 callbacks suppressed
[  393.357809][T11046] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2150'.
[  393.407944][T11046] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2150'.
[  393.427924][T11043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2150'.
[  393.449436][T11050] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2150'.
[  393.635957][T11051] netlink: 'syz.2.2152': attribute type 10 has an invalid length.
[  394.402358][T11051] bond0: (slave netdevsim0): Releasing backup interface
[  394.427212][T11051] team0: Port device netdevsim0 added
[  394.463207][T11060] netlink: 'syz.2.2152': attribute type 10 has an invalid length.
[  394.506661][T11060] team0: Port device netdevsim0 removed
[  394.523751][T11060] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  394.560333][T11063] netlink: 'syz.4.2156': attribute type 2 has an invalid length.
[  394.732862][T11073] netlink: 'syz.0.2157': attribute type 11 has an invalid length.
[  394.976830][T11072] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.2159'.
[  394.989764][T11072] netlink: zone id is out of range
[  394.996552][T11072] netlink: zone id is out of range
[  395.009396][T11072] netlink: zone id is out of range
[  395.054196][T11072] netlink: del zone limit has 4 unknown bytes
[  395.146735][T11088] netlink: 'syz.3.2161': attribute type 11 has an invalid length.
[  395.268687][T11089] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.2163'.
[  396.360913][T11103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2166'.
[  396.380204][T11103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2166'.
[  396.408833][T11098] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2166'.
[  396.430985][T11103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2166'.
[  396.584377][T11111] netlink: 'syz.1.2171': attribute type 2 has an invalid length.
[  397.038560][T11125] netlink: 'syz.1.2173': attribute type 10 has an invalid length.
[  397.731058][T11125] bond0: (slave netdevsim0): Releasing backup interface
[  397.816786][T11125] device netdevsim0 left promiscuous mode
[  397.832367][T11125] team0: Port device netdevsim0 added
[  397.847580][T11126] netlink: 'syz.1.2173': attribute type 10 has an invalid length.
[  397.889905][T11126] team0: Port device netdevsim0 removed
[  397.927139][T11126] device netdevsim0 entered promiscuous mode
[  397.951028][T11126] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  398.027678][T11138] netlink: 'syz.3.2176': attribute type 11 has an invalid length.
[  398.295113][T11145] FAULT_INJECTION: forcing a failure.
[  398.295113][T11145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.364078][T11145] CPU: 1 PID: 11145 Comm: syz.0.2178 Not tainted 6.1.144-syzkaller #0
[  398.372285][T11145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.382359][T11145] Call Trace:
[  398.385662][T11145]  <TASK>
[  398.388605][T11145]  dump_stack_lvl+0x168/0x22e
[  398.393304][T11145]  ? show_regs_print_info+0x12/0x12
[  398.398517][T11145]  ? load_image+0x3b0/0x3b0
[  398.403030][T11145]  ? __lock_acquire+0x7c50/0x7c50
[  398.408065][T11145]  should_fail_ex+0x399/0x4d0
[  398.412742][T11145]  _copy_from_user+0x2c/0x170
[  398.417432][T11145]  __sys_bpf+0x265/0x6d0
[  398.421677][T11145]  ? bpf_link_show_fdinfo+0x310/0x310
[  398.427051][T11145]  ? lock_chain_count+0x20/0x20
[  398.431903][T11145]  __x64_sys_bpf+0x78/0x90
[  398.436324][T11145]  do_syscall_64+0x4c/0xa0
[  398.440742][T11145]  ? clear_bhb_loop+0x60/0xb0
[  398.445411][T11145]  ? clear_bhb_loop+0x60/0xb0
[  398.450077][T11145]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  398.455958][T11145] RIP: 0033:0x7febcf38e929
[  398.460360][T11145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.479960][T11145] RSP: 002b:00007febd01a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  398.488372][T11145] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38e929
[  398.496338][T11145] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000004
[  398.504297][T11145] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  398.512253][T11145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.520211][T11145] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  398.528184][T11145]  </TASK>
[  398.628418][T11146] netlink: 'syz.4.2177': attribute type 11 has an invalid length.
[  398.817905][T11158] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2182'.
[  398.847290][T11158] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2182'.
[  398.885364][T11161] netlink: 'syz.3.2183': attribute type 2 has an invalid length.
[  398.907566][T11154] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2182'.
[  399.648514][T11177] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.2189'.
[  399.675938][T11177] netlink: zone id is out of range
[  399.688408][T11177] netlink: zone id is out of range
[  399.708698][T11177] netlink: zone id is out of range
[  399.759488][T11182] FAULT_INJECTION: forcing a failure.
[  399.759488][T11182] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.766511][T11177] netlink: del zone limit has 4 unknown bytes
[  399.791053][T11182] CPU: 1 PID: 11182 Comm: syz.4.2191 Not tainted 6.1.144-syzkaller #0
[  399.799241][T11182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.809305][T11182] Call Trace:
[  399.812582][T11182]  <TASK>
[  399.815502][T11182]  dump_stack_lvl+0x168/0x22e
[  399.820175][T11182]  ? show_regs_print_info+0x12/0x12
[  399.825365][T11182]  ? load_image+0x3b0/0x3b0
[  399.829855][T11182]  ? __lock_acquire+0x7c50/0x7c50
[  399.834871][T11182]  ? verify_lock_unused+0x140/0x140
[  399.840058][T11182]  should_fail_ex+0x399/0x4d0
[  399.844724][T11182]  _copy_from_user+0x2c/0x170
[  399.849392][T11182]  ___sys_sendmsg+0x155/0x290
[  399.854059][T11182]  ? __sys_sendmsg+0x270/0x270
[  399.858823][T11182]  ? __lock_acquire+0x7c50/0x7c50
[  399.863848][T11182]  ? __fdget+0x17c/0x200
[  399.868082][T11182]  __se_sys_sendmsg+0x19e/0x270
[  399.872926][T11182]  ? __x64_sys_sendmsg+0x80/0x80
[  399.877860][T11182]  ? lockdep_hardirqs_on+0x94/0x140
[  399.883052][T11182]  do_syscall_64+0x4c/0xa0
[  399.887460][T11182]  ? clear_bhb_loop+0x60/0xb0
[  399.892128][T11182]  ? clear_bhb_loop+0x60/0xb0
[  399.896791][T11182]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  399.902668][T11182] RIP: 0033:0x7f0b1ff8e929
[  399.907071][T11182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.926662][T11182] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  399.935060][T11182] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  399.943016][T11182] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  399.950972][T11182] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  399.958925][T11182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.966881][T11182] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  399.974848][T11182]  </TASK>
[  400.339865][T11193] FAULT_INJECTION: forcing a failure.
[  400.339865][T11193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.388228][T11193] CPU: 0 PID: 11193 Comm: syz.4.2195 Not tainted 6.1.144-syzkaller #0
[  400.396437][T11193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  400.406599][T11193] Call Trace:
[  400.409884][T11193]  <TASK>
[  400.412823][T11193]  dump_stack_lvl+0x168/0x22e
[  400.417521][T11193]  ? show_regs_print_info+0x12/0x12
[  400.422730][T11193]  ? load_image+0x3b0/0x3b0
[  400.422967][T11200] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2197'.
[  400.427228][T11193]  ? __lock_acquire+0x7c50/0x7c50
[  400.427261][T11193]  should_fail_ex+0x399/0x4d0
[  400.427283][T11193]  _copy_from_user+0x2c/0x170
[  400.450564][T11193]  ___sys_recvmsg+0x12b/0x510
[  400.455260][T11193]  ? __sys_recvmsg+0x270/0x270
[  400.455590][T11200] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2197'.
[  400.460027][T11193]  ? common_file_perm+0x171/0x1c0
[  400.460059][T11193]  ? __fget_files+0x44a/0x4d0
[  400.478691][T11193]  ? __fdget+0x17c/0x200
[  400.482955][T11193]  __x64_sys_recvmsg+0x1eb/0x2b0
[  400.487911][T11193]  ? ___sys_recvmsg+0x510/0x510
[  400.492783][T11193]  ? lockdep_hardirqs_on+0x94/0x140
[  400.497981][T11193]  do_syscall_64+0x4c/0xa0
[  400.502386][T11193]  ? clear_bhb_loop+0x60/0xb0
[  400.507051][T11193]  ? clear_bhb_loop+0x60/0xb0
[  400.511721][T11193]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  400.517608][T11193] RIP: 0033:0x7f0b1ff8e929
[  400.522102][T11193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.541698][T11193] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  400.550099][T11193] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  400.558056][T11193] RDX: 000000000000f2ff RSI: 0000200000000e80 RDI: 0000000000000003
[  400.566011][T11193] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  400.573966][T11193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.581921][T11193] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  400.589892][T11193]  </TASK>
[  400.600842][T11196] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2197'.
[  400.635734][T11197] netlink: 'syz.0.2196': attribute type 2 has an invalid length.
[  401.009118][T11210] netlink: 'syz.3.2200': attribute type 10 has an invalid length.
[  401.039793][T11210] bond0: (slave netdevsim0): Releasing backup interface
[  401.102237][T11214] FAULT_INJECTION: forcing a failure.
[  401.102237][T11214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.135780][T11214] CPU: 1 PID: 11214 Comm: syz.4.2202 Not tainted 6.1.144-syzkaller #0
[  401.143981][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  401.154048][T11214] Call Trace:
[  401.157334][T11214]  <TASK>
[  401.160278][T11214]  dump_stack_lvl+0x168/0x22e
[  401.164973][T11214]  ? show_regs_print_info+0x12/0x12
[  401.170194][T11214]  ? load_image+0x3b0/0x3b0
[  401.174713][T11214]  ? __lock_acquire+0x7c50/0x7c50
[  401.179768][T11214]  should_fail_ex+0x399/0x4d0
[  401.184465][T11214]  _copy_from_user+0x2c/0x170
[  401.189159][T11214]  __sys_bpf+0x265/0x6d0
[  401.193418][T11214]  ? bpf_link_show_fdinfo+0x310/0x310
[  401.198824][T11214]  ? lock_chain_count+0x20/0x20
[  401.203698][T11214]  __x64_sys_bpf+0x78/0x90
[  401.208134][T11214]  do_syscall_64+0x4c/0xa0
[  401.212570][T11214]  ? clear_bhb_loop+0x60/0xb0
[  401.217259][T11214]  ? clear_bhb_loop+0x60/0xb0
[  401.221951][T11214]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  401.227855][T11214] RIP: 0033:0x7f0b1ff8e929
[  401.232282][T11214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.251911][T11214] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  401.260340][T11214] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  401.268329][T11214] RDX: 0000000000000020 RSI: 00002000000004c0 RDI: 0000000000000004
[  401.276313][T11214] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  401.284292][T11214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.292272][T11214] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  401.300271][T11214]  </TASK>
[  401.940364][T11234] delete_channel: no stack
[  401.949779][T11234] delete_channel: no stack
[  402.073659][T11241] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2210'.
[  402.917040][T11241] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2210'.
[  402.943470][T11244] netlink: 'syz.2.2212': attribute type 2 has an invalid length.
[  403.195054][T11256] netlink: 'syz.1.2218': attribute type 21 has an invalid length.
[  403.229184][T11256] netlink: 'syz.1.2218': attribute type 15 has an invalid length.
[  403.362397][T11262] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2217'.
[  404.221264][T11280] FAULT_INJECTION: forcing a failure.
[  404.221264][T11280] name failslab, interval 1, probability 0, space 0, times 0
[  404.260654][T11280] CPU: 0 PID: 11280 Comm: syz.0.2225 Not tainted 6.1.144-syzkaller #0
[  404.268870][T11280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  404.278951][T11280] Call Trace:
[  404.282249][T11280]  <TASK>
[  404.285196][T11280]  dump_stack_lvl+0x168/0x22e
[  404.289907][T11280]  ? show_regs_print_info+0x12/0x12
[  404.295134][T11280]  ? load_image+0x3b0/0x3b0
[  404.299677][T11280]  ? __might_sleep+0xd0/0xd0
[  404.304310][T11280]  ? __lock_acquire+0x7c50/0x7c50
[  404.309375][T11280]  should_fail_ex+0x399/0x4d0
[  404.314082][T11280]  should_failslab+0x5/0x20
[  404.318606][T11280]  slab_pre_alloc_hook+0x59/0x310
[  404.323657][T11280]  ? tomoyo_realpath_from_path+0xdf/0x5d0
[  404.329400][T11280]  __kmem_cache_alloc_node+0x4f/0x260
[  404.334780][T11280]  ? tomoyo_realpath_from_path+0xdf/0x5d0
[  404.340502][T11280]  __kmalloc+0xa0/0x240
[  404.344662][T11280]  tomoyo_realpath_from_path+0xdf/0x5d0
[  404.350224][T11280]  tomoyo_path_number_perm+0x1e3/0x600
[  404.355686][T11280]  ? tomoyo_path_number_perm+0x1b6/0x600
[  404.361322][T11280]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  404.366778][T11280]  ? ksys_write+0x1bd/0x240
[  404.371282][T11280]  ? common_file_perm+0x171/0x1c0
[  404.376351][T11280]  ? __fget_files+0x28/0x4d0
[  404.380962][T11280]  security_file_ioctl+0x6c/0xa0
[  404.385903][T11280]  __se_sys_ioctl+0x48/0x170
[  404.390501][T11280]  do_syscall_64+0x4c/0xa0
[  404.394929][T11280]  ? clear_bhb_loop+0x60/0xb0
[  404.399598][T11280]  ? clear_bhb_loop+0x60/0xb0
[  404.404270][T11280]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  404.410245][T11280] RIP: 0033:0x7febcf38e929
[  404.414658][T11280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.434271][T11280] RSP: 002b:00007febd01a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  404.442694][T11280] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38e929
[  404.450663][T11280] RDX: 0000200000000180 RSI: 00000000401054d5 RDI: 0000000000000004
[  404.458631][T11280] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  404.466604][T11280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.474583][T11280] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  404.482577][T11280]  </TASK>
[  404.529955][T11283] netlink: 'syz.4.2226': attribute type 2 has an invalid length.
[  404.720605][T11280] ERROR: Out of memory at tomoyo_realpath_from_path.
[  404.766933][T11287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'.
[  404.783096][T11287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'.
[  404.811918][T11288] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'.
[  404.835891][T11287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'.
[  406.141929][T11315] netlink: 'syz.2.2237': attribute type 11 has an invalid length.
[  406.472313][T11325] netlink: 'syz.1.2242': attribute type 13 has an invalid length.
[  406.480372][T11325] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2242'.
[  406.508085][T11328] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2241'.
[  406.536089][T11331] netlink: 'syz.3.2244': attribute type 29 has an invalid length.
[  406.545614][T11325] erspan0: refused to change device tx_queue_len
[  406.554591][T11325] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  406.573832][T11328] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2241'.
[  406.585891][T11331] netlink: 'syz.3.2244': attribute type 29 has an invalid length.
[  406.601552][T11333] netlink: 'syz.3.2244': attribute type 29 has an invalid length.
[  406.622062][T11331] netlink: 'syz.3.2244': attribute type 29 has an invalid length.
[  406.652411][T11323] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2241'.
[  406.693735][T11332] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2241'.
[  407.408918][T11367] netlink: 'syz.3.2258': attribute type 29 has an invalid length.
[  407.418873][T11367] netlink: 'syz.3.2258': attribute type 29 has an invalid length.
[  407.432150][T11367] netlink: 'syz.3.2258': attribute type 29 has an invalid length.
[  407.440346][T11368] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2257'.
[  407.497873][T11367] netlink: 'syz.3.2258': attribute type 29 has an invalid length.
[  408.459696][T11399] FAULT_INJECTION: forcing a failure.
[  408.459696][T11399] name failslab, interval 1, probability 0, space 0, times 0
[  408.492783][T11399] CPU: 0 PID: 11399 Comm: syz.4.2272 Not tainted 6.1.144-syzkaller #0
[  408.500993][T11399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  408.511147][T11399] Call Trace:
[  408.514436][T11399]  <TASK>
[  408.517377][T11399]  dump_stack_lvl+0x168/0x22e
[  408.522074][T11399]  ? show_regs_print_info+0x12/0x12
[  408.527283][T11399]  ? load_image+0x3b0/0x3b0
[  408.531777][T11399]  ? __lock_acquire+0x7c50/0x7c50
[  408.536801][T11399]  should_fail_ex+0x399/0x4d0
[  408.541471][T11399]  should_failslab+0x5/0x20
[  408.545967][T11399]  slab_pre_alloc_hook+0x59/0x310
[  408.550980][T11399]  ? __lock_acquire+0x7c50/0x7c50
[  408.555996][T11399]  ? kvmalloc_node+0x6c/0x180
[  408.560659][T11399]  __kmem_cache_alloc_node+0x4f/0x260
[  408.566022][T11399]  ? kvmalloc_node+0x6c/0x180
[  408.570685][T11399]  __kmalloc_node+0xa0/0x240
[  408.575262][T11399]  kvmalloc_node+0x6c/0x180
[  408.579751][T11399]  map_get_next_key+0x292/0x620
[  408.584602][T11399]  ? __might_fault+0xa6/0x120
[  408.589271][T11399]  __sys_bpf+0x3ce/0x6d0
[  408.593507][T11399]  ? bpf_link_show_fdinfo+0x310/0x310
[  408.598891][T11399]  ? lock_chain_count+0x20/0x20
[  408.603738][T11399]  __x64_sys_bpf+0x78/0x90
[  408.608145][T11399]  do_syscall_64+0x4c/0xa0
[  408.612550][T11399]  ? clear_bhb_loop+0x60/0xb0
[  408.617213][T11399]  ? clear_bhb_loop+0x60/0xb0
[  408.621877][T11399]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  408.627857][T11399] RIP: 0033:0x7f0b1ff8e929
[  408.632264][T11399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.651860][T11399] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  408.660263][T11399] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  408.668222][T11399] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000004
[  408.676175][T11399] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  408.684129][T11399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.692087][T11399] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  408.700052][T11399]  </TASK>
[  409.865823][T11437] FAULT_INJECTION: forcing a failure.
[  409.865823][T11437] name failslab, interval 1, probability 0, space 0, times 0
[  409.888823][T11437] CPU: 1 PID: 11437 Comm: syz.3.2286 Not tainted 6.1.144-syzkaller #0
[  409.897013][T11437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  409.907071][T11437] Call Trace:
[  409.910353][T11437]  <TASK>
[  409.913289][T11437]  dump_stack_lvl+0x168/0x22e
[  409.917987][T11437]  ? show_regs_print_info+0x12/0x12
[  409.923200][T11437]  ? load_image+0x3b0/0x3b0
[  409.927716][T11437]  ? __might_sleep+0xd0/0xd0
[  409.932324][T11437]  ? __lock_acquire+0x7c50/0x7c50
[  409.937366][T11437]  should_fail_ex+0x399/0x4d0
[  409.942055][T11437]  should_failslab+0x5/0x20
[  409.946564][T11437]  slab_pre_alloc_hook+0x59/0x310
[  409.951598][T11437]  ? ioctl_standard_iw_point+0x4d1/0xc90
[  409.957243][T11437]  __kmem_cache_alloc_node+0x4f/0x260
[  409.962627][T11437]  ? ioctl_standard_iw_point+0x4d1/0xc90
[  409.968269][T11437]  __kmalloc+0xa0/0x240
[  409.972438][T11437]  ioctl_standard_iw_point+0x4d1/0xc90
[  409.977911][T11437]  ? rcu_is_watching+0x11/0xa0
[  409.982700][T11437]  ? __cfg80211_wext_siwencode+0x720/0x720
[  409.988522][T11437]  ? iw_handler_get_iwstats+0x240/0x240
[  409.994076][T11437]  ? wext_ioctl_dispatch+0xaf/0x470
[  409.999287][T11437]  ? mutex_lock_nested+0x10/0x10
[  410.004237][T11437]  ? full_name_hash+0x8e/0xe0
[  410.008922][T11437]  ? __cfg80211_wext_siwencode+0x720/0x720
[  410.014748][T11437]  ioctl_standard_call+0xb3/0x2b0
[  410.019785][T11437]  ? __cfg80211_wext_siwencode+0x720/0x720
[  410.025609][T11437]  wext_ioctl_dispatch+0x3da/0x470
[  410.030739][T11437]  ? wext_ioctl_dispatch+0x470/0x470
[  410.036039][T11437]  ? iw_handler_get_private+0x1e0/0x1e0
[  410.041615][T11437]  wext_handle_ioctl+0x104/0x1c0
[  410.046569][T11437]  ? call_commit_handler+0xf0/0xf0
[  410.051711][T11437]  sock_ioctl+0x145/0x6e0
[  410.056072][T11437]  ? sock_poll+0x3f0/0x3f0
[  410.060524][T11437]  ? bpf_lsm_file_ioctl+0x5/0x10
[  410.065471][T11437]  ? security_file_ioctl+0x7c/0xa0
[  410.070600][T11437]  ? sock_poll+0x3f0/0x3f0
[  410.075028][T11437]  __se_sys_ioctl+0xfa/0x170
[  410.079637][T11437]  do_syscall_64+0x4c/0xa0
[  410.084064][T11437]  ? clear_bhb_loop+0x60/0xb0
[  410.088752][T11437]  ? clear_bhb_loop+0x60/0xb0
[  410.093444][T11437]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  410.099345][T11437] RIP: 0033:0x7fa28878e929
[  410.103765][T11437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.123376][T11437] RSP: 002b:00007fa2896ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  410.131800][T11437] RAX: ffffffffffffffda RBX: 00007fa2889b5fa0 RCX: 00007fa28878e929
[  410.139782][T11437] RDX: 0000200000000040 RSI: 0000000000008b2b RDI: 0000000000000004
[  410.147758][T11437] RBP: 00007fa2896ba090 R08: 0000000000000000 R09: 0000000000000000
[  410.155739][T11437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.163721][T11437] R13: 0000000000000000 R14: 00007fa2889b5fa0 R15: 00007ffe7d06c0f8
[  410.171722][T11437]  </TASK>
[  411.236500][T11469] validate_nla: 4 callbacks suppressed
[  411.236519][T11469] netlink: 'syz.2.2297': attribute type 10 has an invalid length.
[  411.384811][T11469] netlink: 'syz.2.2297': attribute type 2 has an invalid length.
[  411.424716][T11469] __nla_validate_parse: 8 callbacks suppressed
[  411.424733][T11469] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2297'.
[  411.651380][T11476] netlink: 'syz.1.2298': attribute type 33 has an invalid length.
[  411.707678][T11476] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2298'.
[  411.905335][T11486] netlink: 'syz.3.2301': attribute type 3 has an invalid length.
[  411.941764][T11486] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2301'.
[  412.207539][T11492] device wlan0 entered promiscuous mode
[  412.223603][T11493] syzkaller0: tun_chr_ioctl cmd 2147767517
[  412.424890][T11499] FAULT_INJECTION: forcing a failure.
[  412.424890][T11499] name failslab, interval 1, probability 0, space 0, times 0
[  412.459825][T11500] FAULT_INJECTION: forcing a failure.
[  412.459825][T11500] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.488033][T11499] CPU: 1 PID: 11499 Comm: syz.0.2306 Not tainted 6.1.144-syzkaller #0
[  412.496239][T11499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  412.506319][T11499] Call Trace:
[  412.509610][T11499]  <TASK>
[  412.512553][T11499]  dump_stack_lvl+0x168/0x22e
[  412.517251][T11499]  ? show_regs_print_info+0x12/0x12
[  412.522480][T11499]  ? load_image+0x3b0/0x3b0
[  412.527002][T11499]  ? __might_sleep+0xd0/0xd0
[  412.531612][T11499]  ? __lock_acquire+0x7c50/0x7c50
[  412.536655][T11499]  ? trace_event_raw_event_lock+0x230/0x230
[  412.542567][T11499]  should_fail_ex+0x399/0x4d0
[  412.547263][T11499]  should_failslab+0x5/0x20
[  412.551782][T11499]  slab_pre_alloc_hook+0x59/0x310
[  412.556823][T11499]  ? sk_prot_alloc+0xe7/0x210
[  412.561513][T11499]  __kmem_cache_alloc_node+0x4f/0x260
[  412.566902][T11499]  ? sk_prot_alloc+0xe7/0x210
[  412.571586][T11499]  __kmalloc+0xa0/0x240
[  412.575752][T11499]  ? __phys_addr+0x47/0x170
[  412.580269][T11499]  sk_prot_alloc+0xe7/0x210
[  412.584787][T11499]  ? sk_alloc+0x20/0x340
[  412.589045][T11499]  sk_alloc+0x36/0x340
[  412.593133][T11499]  ? bpf_ctx_init+0x163/0x1a0
[  412.597823][T11499]  ? bpf_prog_test_run_skb+0x267/0x11b0
[  412.603385][T11499]  bpf_prog_test_run_skb+0x350/0x11b0
[  412.608767][T11499]  ? __fget_files+0x28/0x4d0
[  412.613380][T11499]  ? __fget_files+0x44a/0x4d0
[  412.618085][T11499]  ? cpu_online+0xa0/0xa0
[  412.622427][T11499]  bpf_prog_test_run+0x31e/0x390
[  412.627385][T11499]  __sys_bpf+0x593/0x6d0
[  412.631648][T11499]  ? bpf_link_show_fdinfo+0x310/0x310
[  412.637050][T11499]  ? lock_chain_count+0x20/0x20
[  412.641928][T11499]  __x64_sys_bpf+0x78/0x90
[  412.646360][T11499]  do_syscall_64+0x4c/0xa0
[  412.650789][T11499]  ? clear_bhb_loop+0x60/0xb0
[  412.655480][T11499]  ? clear_bhb_loop+0x60/0xb0
[  412.660172][T11499]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  412.666076][T11499] RIP: 0033:0x7febcf38e929
[  412.670497][T11499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.690114][T11499] RSP: 002b:00007febd01a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  412.698552][T11499] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38e929
[  412.706540][T11499] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  412.714523][T11499] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  412.722507][T11499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.730576][T11499] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  412.738575][T11499]  </TASK>
[  412.764656][T11500] CPU: 1 PID: 11500 Comm: syz.4.2307 Not tainted 6.1.144-syzkaller #0
[  412.772847][T11500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  412.782913][T11500] Call Trace:
[  412.786199][T11500]  <TASK>
[  412.789135][T11500]  dump_stack_lvl+0x168/0x22e
[  412.793831][T11500]  ? show_regs_print_info+0x12/0x12
[  412.799044][T11500]  ? load_image+0x3b0/0x3b0
[  412.803563][T11500]  ? __lock_acquire+0x7c50/0x7c50
[  412.808602][T11500]  ? aa_sk_perm+0x920/0x920
[  412.813121][T11500]  should_fail_ex+0x399/0x4d0
[  412.817816][T11500]  _copy_from_user+0x2c/0x170
[  412.822520][T11500]  __cgroup_bpf_run_filter_setsockopt+0x2d8/0xbe0
[  412.828949][T11500]  ? __fget_files+0x28/0x4d0
[  412.833557][T11500]  ? __lock_acquire+0x7c50/0x7c50
[  412.838598][T11500]  ? __cgroup_bpf_run_filter_sysctl+0xbe0/0xbe0
[  412.844854][T11500]  ? aa_sk_perm+0x7e5/0x920
[  412.849372][T11500]  ? aa_af_perm+0x2b0/0x2b0
[  412.853893][T11500]  ? aa_sock_opt_perm+0x74/0x100
[  412.858840][T11500]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[  412.864425][T11500]  ? security_socket_setsockopt+0x7a/0xa0
[  412.870155][T11500]  __sys_setsockopt+0x5f0/0x660
[  412.875025][T11500]  ? __ia32_sys_recv+0xb0/0xb0
[  412.879892][T11500]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  412.885886][T11500]  ? lock_chain_count+0x20/0x20
[  412.890755][T11500]  __x64_sys_setsockopt+0xb1/0xc0
[  412.895800][T11500]  do_syscall_64+0x4c/0xa0
[  412.900225][T11500]  ? clear_bhb_loop+0x60/0xb0
[  412.904917][T11500]  ? clear_bhb_loop+0x60/0xb0
[  412.909604][T11500]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  412.915507][T11500] RIP: 0033:0x7f0b1ff8e929
[  412.919930][T11500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.939542][T11500] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  412.947971][T11500] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  412.955953][T11500] RDX: 000000000000000a RSI: 0000000000000088 RDI: 0000000000000006
[  412.963930][T11500] RBP: 00007f0b20e9a090 R08: 0000000000000004 R09: 0000000000000000
[  412.971908][T11500] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[  412.979889][T11500] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  412.987882][T11500]  </TASK>
[  413.144037][T11510] pim6reg: tun_chr_ioctl cmd 2147767521
[  413.267605][T11517] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2312'.
[  413.524164][T11523] netlink: 'syz.4.2313': attribute type 33 has an invalid length.
[  413.573271][T11523] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2313'.
[  413.720401][T11533] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.2316'.
[  413.762424][T11536] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2317'.
[  413.846288][T11536] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2317'.
[  413.935646][T11535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2317'.
[  413.968020][T11537] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2317'.
[  414.021314][T11545] FAULT_INJECTION: forcing a failure.
[  414.021314][T11545] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.058575][T11547] netlink: 'syz.3.2321': attribute type 3 has an invalid length.
[  414.059623][T11545] CPU: 1 PID: 11545 Comm: syz.2.2322 Not tainted 6.1.144-syzkaller #0
[  414.074488][T11545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.084553][T11545] Call Trace:
[  414.087824][T11545]  <TASK>
[  414.090746][T11545]  dump_stack_lvl+0x168/0x22e
[  414.095418][T11545]  ? show_regs_print_info+0x12/0x12
[  414.100608][T11545]  ? load_image+0x3b0/0x3b0
[  414.105097][T11545]  ? __lock_acquire+0x7c50/0x7c50
[  414.110117][T11545]  should_fail_ex+0x399/0x4d0
[  414.114782][T11545]  _copy_to_user+0x2c/0x130
[  414.119278][T11545]  bpf_verifier_vlog+0x172/0x390
[  414.124215][T11545]  __btf_verifier_log+0xd1/0x120
[  414.129146][T11545]  ? perf_trace_lock+0xf3/0x370
[  414.133984][T11545]  ? btf_check_sec_info+0x330/0x330
[  414.139173][T11545]  ? btf_func_proto_log+0x632/0x830
[  414.144374][T11545]  ? btf_sec_info_cmp+0x59/0x100
[  414.149302][T11545]  __btf_verifier_log_type+0x55c/0x700
[  414.154765][T11545]  ? btf_int_show+0x2890/0x2890
[  414.159638][T11545]  btf_func_proto_check_meta+0xe9/0x150
[  414.165197][T11545]  btf_check_all_metas+0x352/0xa00
[  414.170337][T11545]  btf_parse_type_sec+0xf8/0x18d0
[  414.175361][T11545]  ? btf_check_sec_info+0x330/0x330
[  414.180556][T11545]  ? btf_check_sec_info+0x27a/0x330
[  414.185745][T11545]  ? btf_verifier_log+0x2a0/0x2a0
[  414.190761][T11545]  ? btf_parse_hdr+0x5ea/0x7e0
[  414.195514][T11545]  ? btf_parse_str_sec+0x20a/0x2a0
[  414.200618][T11545]  btf_new_fd+0x46a/0x780
[  414.204947][T11545]  __sys_bpf+0x57a/0x6d0
[  414.209191][T11545]  ? bpf_link_show_fdinfo+0x310/0x310
[  414.214569][T11545]  ? lock_chain_count+0x20/0x20
[  414.219428][T11545]  __x64_sys_bpf+0x78/0x90
[  414.223836][T11545]  do_syscall_64+0x4c/0xa0
[  414.228244][T11545]  ? clear_bhb_loop+0x60/0xb0
[  414.232913][T11545]  ? clear_bhb_loop+0x60/0xb0
[  414.237577][T11545]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  414.243456][T11545] RIP: 0033:0x7fcb2e18e929
[  414.247858][T11545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.267449][T11545] RSP: 002b:00007fcb2f0d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  414.275848][T11545] RAX: ffffffffffffffda RBX: 00007fcb2e3b5fa0 RCX: 00007fcb2e18e929
[  414.283805][T11545] RDX: 0000000000000020 RSI: 0000200000000a40 RDI: 0000000000000012
[  414.291773][T11545] RBP: 00007fcb2f0d5090 R08: 0000000000000000 R09: 0000000000000000
[  414.299751][T11545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  414.307713][T11545] R13: 0000000000000001 R14: 00007fcb2e3b5fa0 R15: 00007fffdac450e8
[  414.315706][T11545]  </TASK>
[  415.517243][T11555] device sit0 left promiscuous mode
[  415.633641][T11560] device sit0 entered promiscuous mode
[  416.288889][T11582] netlink: 'syz.2.2332': attribute type 33 has an invalid length.
[  416.311650][T11584] netlink: 'syz.3.2333': attribute type 10 has an invalid length.
[  416.330062][T11584] device bond0 entered promiscuous mode
[  416.340086][T11584] device bond_slave_0 entered promiscuous mode
[  416.365051][T11584] device wlan1 entered promiscuous mode
[  416.383761][T11584] bridge0: port 3(bond0) entered blocking state
[  416.401590][T11584] bridge0: port 3(bond0) entered disabled state
[  416.461291][T11584] bridge0: port 3(bond0) entered blocking state
[  416.468780][T11584] bridge0: port 3(bond0) entered forwarding state
[  416.482235][T11590] __nla_validate_parse: 5 callbacks suppressed
[  416.482254][T11590] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2334'.
[  416.511044][T11586] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2334'.
[  416.542897][T11592] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2334'.
[  416.796078][T11607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2340'.
[  416.805617][T11607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2340'.
[  416.861244][T11607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2340'.
[  417.030012][T11613] netlink: 'syz.4.2341': attribute type 3 has an invalid length.
[  417.055597][T11613] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2341'.
[  417.090126][T11615] device sit0 left promiscuous mode
[  417.373289][T11627] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.2346'.
[  417.659297][T11638] netlink: 'syz.1.2350': attribute type 10 has an invalid length.
[  417.686094][T11642] netlink: 'syz.2.2351': attribute type 3 has an invalid length.
[  417.695616][T11638] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2350'.
[  417.716727][T11638] device bond0 entered promiscuous mode
[  417.723436][T11642] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2351'.
[  417.747181][T11638] device team0 entered promiscuous mode
[  417.763522][T11638] device team_slave_0 entered promiscuous mode
[  417.785198][T11638] device team_slave_1 entered promiscuous mode
[  419.574862][T11687] netlink: 'syz.0.2368': attribute type 10 has an invalid length.
[  419.594041][T11687] device bond0 entered promiscuous mode
[  419.599906][T11687] device bond_slave_1 entered promiscuous mode
[  419.632424][T11687] device wlan1 entered promiscuous mode
[  419.640017][T11687] device batadv_slave_0 entered promiscuous mode
[  419.656261][T11690] netlink: 'syz.3.2369': attribute type 3 has an invalid length.
[  419.684134][T11687] device team0 entered promiscuous mode
[  419.698284][T11687] device team_slave_0 entered promiscuous mode
[  419.731956][T11687] device team_slave_1 entered promiscuous mode
[  419.746193][T11687] device geneve1 entered promiscuous mode
[  419.759572][T11687] device netdevsim0 entered promiscuous mode
[  421.301493][T11728] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  421.320070][T11725] FAULT_INJECTION: forcing a failure.
[  421.320070][T11725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.364300][T11725] CPU: 1 PID: 11725 Comm: syz.0.2377 Not tainted 6.1.144-syzkaller #0
[  421.372502][T11725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  421.382573][T11725] Call Trace:
[  421.385858][T11725]  <TASK>
[  421.388803][T11725]  dump_stack_lvl+0x168/0x22e
[  421.393504][T11725]  ? show_regs_print_info+0x12/0x12
[  421.398727][T11725]  ? load_image+0x3b0/0x3b0
[  421.403248][T11725]  ? __lock_acquire+0x7c50/0x7c50
[  421.408295][T11725]  ? snprintf+0xd7/0x120
[  421.412552][T11725]  should_fail_ex+0x399/0x4d0
[  421.417237][T11725]  _copy_to_user+0x2c/0x130
[  421.421755][T11725]  simple_read_from_buffer+0xe3/0x150
[  421.427136][T11725]  proc_fail_nth_read+0x19a/0x210
[  421.432173][T11725]  ? proc_fault_inject_write+0x2f0/0x2f0
[  421.437815][T11725]  ? fsnotify_perm+0x248/0x550
[  421.442583][T11725]  ? proc_fault_inject_write+0x2f0/0x2f0
[  421.448223][T11725]  vfs_read+0x2c0/0x920
[  421.452382][T11725]  ? kernel_read+0x1e0/0x1e0
[  421.456990][T11725]  ? __fget_files+0x28/0x4d0
[  421.461655][T11725]  ? __fget_files+0x44a/0x4d0
[  421.466380][T11725]  ? __fdget_pos+0x2ae/0x360
[  421.470974][T11725]  ? ksys_read+0x71/0x240
[  421.475307][T11725]  ksys_read+0x143/0x240
[  421.479560][T11725]  ? vfs_write+0x960/0x960
[  421.483990][T11725]  ? lockdep_hardirqs_on+0x94/0x140
[  421.489197][T11725]  do_syscall_64+0x4c/0xa0
[  421.493620][T11725]  ? clear_bhb_loop+0x60/0xb0
[  421.498306][T11725]  ? clear_bhb_loop+0x60/0xb0
[  421.502992][T11725]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  421.508882][T11725] RIP: 0033:0x7febcf38d33c
[  421.513296][T11725] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  421.532903][T11725] RSP: 002b:00007febd01a8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  421.541318][T11725] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38d33c
[  421.549285][T11725] RDX: 000000000000000f RSI: 00007febd01a80a0 RDI: 000000000000000c
[  421.557250][T11725] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  421.565214][T11725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.573181][T11725] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  421.581164][T11725]  </TASK>
[  421.619797][T11732] __nla_validate_parse: 7 callbacks suppressed
[  421.619814][T11732] netlink: 65055 bytes leftover after parsing attributes in process `syz.1.2379'.
[  421.791020][T11738] netlink: 'syz.3.2382': attribute type 3 has an invalid length.
[  421.798942][T11738] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2382'.
[  421.836956][T11741] netlink: 'syz.1.2385': attribute type 3 has an invalid length.
[  421.865967][T11741] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2385'.
[  423.328646][T11776] netlink: 'syz.3.2395': attribute type 10 has an invalid length.
[  423.359656][T11776] device netdevsim0 entered promiscuous mode
[  423.391761][T11776] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  424.015582][T11792] netlink: 65055 bytes leftover after parsing attributes in process `syz.0.2399'.
[  424.333903][T11804] device syzkaller0 entered promiscuous mode
[  426.097037][T11826] netlink: 'syz.3.2413': attribute type 3 has an invalid length.
[  426.108084][T11826] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2413'.
[  426.144629][T11828] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.2415'.
[  426.915633][T11848] netlink: 'syz.1.2420': attribute type 33 has an invalid length.
[  426.973612][T11853] netlink: 'syz.1.2421': attribute type 5 has an invalid length.
[  428.194220][T11876] netlink: 'syz.4.2429': attribute type 3 has an invalid length.
[  428.252799][T11876] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2429'.
[  428.494273][T11878] netlink: 'syz.0.2430': attribute type 10 has an invalid length.
[  428.526438][T11878] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2430'.
[  428.595471][T11878] bond0: (slave team0): Releasing backup interface
[  428.659954][T11878] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  430.258090][T11922] netlink: 'syz.3.2442': attribute type 3 has an invalid length.
[  430.328567][T11922] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2442'.
[  430.416323][T11924] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2444'.
[  430.769488][T11946] netlink: 'syz.1.2452': attribute type 21 has an invalid length.
[  431.654297][T11967] netlink: 'syz.2.2460': attribute type 3 has an invalid length.
[  431.679081][T11967] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2460'.
[  431.889549][T11970] FAULT_INJECTION: forcing a failure.
[  431.889549][T11970] name failslab, interval 1, probability 0, space 0, times 0
[  431.957283][T11970] CPU: 0 PID: 11970 Comm: syz.1.2461 Not tainted 6.1.144-syzkaller #0
[  431.965488][T11970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  431.975555][T11970] Call Trace:
[  431.978834][T11970]  <TASK>
[  431.981767][T11970]  dump_stack_lvl+0x168/0x22e
[  431.986488][T11970]  ? show_regs_print_info+0x12/0x12
[  431.991703][T11970]  ? load_image+0x3b0/0x3b0
[  431.996231][T11970]  should_fail_ex+0x399/0x4d0
[  432.000925][T11970]  should_failslab+0x5/0x20
[  432.005439][T11970]  slab_pre_alloc_hook+0x59/0x310
[  432.010472][T11970]  ? __sctp_v6_cmp_addr+0x62/0x510
[  432.015597][T11970]  ? sctp_add_bind_addr+0x89/0x350
[  432.020721][T11970]  __kmem_cache_alloc_node+0x4f/0x260
[  432.026115][T11970]  ? sctp_add_bind_addr+0x89/0x350
[  432.031240][T11970]  kmalloc_trace+0x26/0xe0
[  432.035669][T11970]  sctp_add_bind_addr+0x89/0x350
[  432.040625][T11970]  sctp_copy_local_addr_list+0x308/0x4d0
[  432.046275][T11970]  ? sctp_copy_local_addr_list+0x98/0x4d0
[  432.052006][T11970]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  432.058087][T11970]  ? sctp_v6_is_any+0x60/0x70
[  432.062795][T11970]  ? sctp_copy_one_addr+0x93/0x660
[  432.067923][T11970]  sctp_bind_addr_copy+0xaf/0x3c0
[  432.072951][T11970]  ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190
[  432.079277][T11970]  sctp_connect_new_asoc+0x2d6/0x690
[  432.084554][T11970]  ? __sctp_connect+0xd20/0xd20
[  432.089391][T11970]  ? __local_bh_enable_ip+0x12a/0x1b0
[  432.094756][T11970]  ? lock_sock_nested+0x66/0x100
[  432.099689][T11970]  ? bpf_lsm_sctp_bind_connect+0x5/0x10
[  432.105224][T11970]  ? security_sctp_bind_connect+0x85/0xb0
[  432.110940][T11970]  sctp_sendmsg+0x15ff/0x2980
[  432.115630][T11970]  ? sctp_getsockopt+0x8a0/0x8a0
[  432.120556][T11970]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  432.126703][T11970]  ? inet_sendmsg+0x178/0x2f0
[  432.131370][T11970]  ? inet_sendmsg+0xe5/0x2f0
[  432.135949][T11970]  ? inet_send_prepare+0x260/0x260
[  432.141050][T11970]  ____sys_sendmsg+0x59b/0x970
[  432.145814][T11970]  ? __sys_sendmsg_sock+0x30/0x30
[  432.150829][T11970]  ? __import_iovec+0x315/0x500
[  432.155672][T11970]  ? import_iovec+0x6f/0xa0
[  432.160161][T11970]  ___sys_sendmsg+0x21c/0x290
[  432.164832][T11970]  ? __sys_sendmsg+0x270/0x270
[  432.169598][T11970]  ? ktime_get_real_ts64+0x420/0x420
[  432.174884][T11970]  ? __fdget+0x17c/0x200
[  432.179118][T11970]  __se_sys_sendmsg+0x19e/0x270
[  432.183958][T11970]  ? __x64_sys_sendmsg+0x80/0x80
[  432.188899][T11970]  ? lockdep_hardirqs_on+0x94/0x140
[  432.194090][T11970]  do_syscall_64+0x4c/0xa0
[  432.198492][T11970]  ? clear_bhb_loop+0x60/0xb0
[  432.203159][T11970]  ? clear_bhb_loop+0x60/0xb0
[  432.207825][T11970]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  432.213707][T11970] RIP: 0033:0x7fc86cf8e929
[  432.218107][T11970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.237696][T11970] RSP: 002b:00007fc86de7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  432.246096][T11970] RAX: ffffffffffffffda RBX: 00007fc86d1b5fa0 RCX: 00007fc86cf8e929
[  432.254054][T11970] RDX: 00000000040080c0 RSI: 00002000000003c0 RDI: 0000000000000005
[  432.262009][T11970] RBP: 00007fc86de7c090 R08: 0000000000000000 R09: 0000000000000000
[  432.269966][T11970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  432.277934][T11970] R13: 0000000000000000 R14: 00007fc86d1b5fa0 R15: 00007ffe3a79f318
[  432.285915][T11970]  </TASK>
[  432.653651][T11993] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.2465'.
[  432.721158][T11994] netlink: 'syz.2.2467': attribute type 5 has an invalid length.
[  433.445896][T12013] netlink: 'syz.1.2474': attribute type 3 has an invalid length.
[  433.474232][T12013] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2474'.
[  434.923171][T12039] netlink: 61967 bytes leftover after parsing attributes in process `syz.0.2482'.
[  435.455821][T12048] netlink: 'syz.2.2486': attribute type 10 has an invalid length.
[  435.493858][T12048] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2486'.
[  435.525818][T12048] device team0 entered promiscuous mode
[  435.544912][T12048] device team_slave_0 entered promiscuous mode
[  435.567888][T12048] device team_slave_1 entered promiscuous mode
[  435.587132][T12059] netlink: 'syz.0.2489': attribute type 3 has an invalid length.
[  435.593238][T12048] 8021q: adding VLAN 0 to HW filter on device team0
[  435.632154][T12059] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2489'.
[  436.392841][T12048] bond0: (slave team0): Releasing backup interface
[  436.416999][T12048] bridge0: port 1(team0) entered blocking state
[  436.426751][T12048] bridge0: port 1(team0) entered disabled state
[  436.458374][T12055] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.2490'.
[  436.494623][T12061] device veth1_macvtap left promiscuous mode
[  436.515732][T12061] device macsec0 entered promiscuous mode
[  436.567731][T12062] device veth1_macvtap entered promiscuous mode
[  438.538586][T12099] netlink: 'syz.3.2507': attribute type 3 has an invalid length.
[  438.558949][T12098] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.2506'.
[  438.560806][T12099] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2507'.
[  439.794236][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  439.800624][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  440.165055][T12143] netlink: 'syz.1.2521': attribute type 3 has an invalid length.
[  440.185868][T12143] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.2521'.
[  440.618890][T12149] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.2522'.
[  441.244936][T12160] netlink: 'syz.0.2527': attribute type 21 has an invalid length.
[  441.280700][T12160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2527'.
[  441.604889][T12174] netlink: 'syz.1.2531': attribute type 9 has an invalid length.
[  441.634650][T12174] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.2531'.
[  442.393027][T12185] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.2534'.
[  442.402543][T12185] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[  442.708331][T12194] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.2537'.
[  442.710966][T12197] netlink: 'syz.0.2538': attribute type 3 has an invalid length.
[  442.762146][T12197] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2538'.
[  443.899226][T12226] FAULT_INJECTION: forcing a failure.
[  443.899226][T12226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  443.934169][T12228] netlink: 'syz.3.2549': attribute type 4 has an invalid length.
[  443.955937][T12228] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2549'.
[  443.968541][T12226] CPU: 0 PID: 12226 Comm: syz.1.2550 Not tainted 6.1.144-syzkaller #0
[  443.976726][T12226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  443.982550][T12228] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  443.986770][T12226] Call Trace:
[  443.986780][T12226]  <TASK>
[  443.986788][T12226]  dump_stack_lvl+0x168/0x22e
[  443.986819][T12226]  ? show_regs_print_info+0x12/0x12
[  444.018236][T12226]  ? load_image+0x3b0/0x3b0
[  444.022758][T12226]  ? __lock_acquire+0x7c50/0x7c50
[  444.027788][T12226]  ? snprintf+0xd7/0x120
[  444.032025][T12226]  should_fail_ex+0x399/0x4d0
[  444.036693][T12226]  _copy_to_user+0x2c/0x130
[  444.041189][T12226]  simple_read_from_buffer+0xe3/0x150
[  444.046551][T12226]  proc_fail_nth_read+0x19a/0x210
[  444.051570][T12226]  ? proc_fault_inject_write+0x2f0/0x2f0
[  444.057208][T12226]  ? fsnotify_perm+0x248/0x550
[  444.061965][T12226]  ? proc_fault_inject_write+0x2f0/0x2f0
[  444.067587][T12226]  vfs_read+0x2c0/0x920
[  444.071731][T12226]  ? kernel_read+0x1e0/0x1e0
[  444.076310][T12226]  ? __fget_files+0x28/0x4d0
[  444.080893][T12226]  ? __fget_files+0x44a/0x4d0
[  444.085566][T12226]  ? __fdget_pos+0x2ae/0x360
[  444.090147][T12226]  ? ksys_read+0x71/0x240
[  444.094463][T12226]  ksys_read+0x143/0x240
[  444.098691][T12226]  ? vfs_write+0x960/0x960
[  444.103096][T12226]  ? lockdep_hardirqs_on+0x94/0x140
[  444.108292][T12226]  do_syscall_64+0x4c/0xa0
[  444.112702][T12226]  ? clear_bhb_loop+0x60/0xb0
[  444.117367][T12226]  ? clear_bhb_loop+0x60/0xb0
[  444.122034][T12226]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  444.127918][T12226] RIP: 0033:0x7fc86cf8d33c
[  444.132321][T12226] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  444.151914][T12226] RSP: 002b:00007fc86de7c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  444.160315][T12226] RAX: ffffffffffffffda RBX: 00007fc86d1b5fa0 RCX: 00007fc86cf8d33c
[  444.168271][T12226] RDX: 000000000000000f RSI: 00007fc86de7c0a0 RDI: 0000000000000004
[  444.176230][T12226] RBP: 00007fc86de7c090 R08: 0000000000000000 R09: 0000000000000000
[  444.184187][T12226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  444.192145][T12226] R13: 0000000000000000 R14: 00007fc86d1b5fa0 R15: 00007ffe3a79f318
[  444.200117][T12226]  </TASK>
[  444.235816][T12232] netlink: 'syz.4.2551': attribute type 3 has an invalid length.
[  444.264236][T12232] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2551'.
[  444.275385][T12236] netlink: 'syz.0.2552': attribute type 28 has an invalid length.
[  444.293547][T12236] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2552'.
[  444.802562][T12253] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2559'.
[  445.199015][T12270] netlink: 'syz.2.2563': attribute type 29 has an invalid length.
[  445.240776][T12270] netlink: 'syz.2.2563': attribute type 29 has an invalid length.
[  445.281071][T12272] netlink: 'syz.2.2563': attribute type 29 has an invalid length.
[  445.322128][T12275] netlink: 'syz.2.2563': attribute type 29 has an invalid length.
[  445.355455][T12277] netlink: 'syz.4.2567': attribute type 3 has an invalid length.
[  445.384389][T12270] netlink: 'syz.2.2563': attribute type 29 has an invalid length.
[  445.411887][T12277] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.2567'.
[  445.422463][T12272] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2563'.
[  445.463246][T12280] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2568'.
[  445.872305][T12293] netlink: 22 bytes leftover after parsing attributes in process `syz.3.2574'.
[  446.157078][T12301] FAULT_INJECTION: forcing a failure.
[  446.157078][T12301] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  446.173169][T12301] CPU: 1 PID: 12301 Comm: syz.4.2577 Not tainted 6.1.144-syzkaller #0
[  446.181346][T12301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  446.191499][T12301] Call Trace:
[  446.194778][T12301]  <TASK>
[  446.197755][T12301]  dump_stack_lvl+0x168/0x22e
[  446.202456][T12301]  ? show_regs_print_info+0x12/0x12
[  446.207665][T12301]  ? load_image+0x3b0/0x3b0
[  446.212177][T12301]  ? __lock_acquire+0x7c50/0x7c50
[  446.217220][T12301]  ? verify_lock_unused+0x140/0x140
[  446.222433][T12301]  should_fail_ex+0x399/0x4d0
[  446.227121][T12301]  _copy_from_user+0x2c/0x170
[  446.231814][T12301]  ___sys_sendmsg+0x155/0x290
[  446.236500][T12301]  ? __sys_sendmsg+0x270/0x270
[  446.241289][T12301]  ? __lock_acquire+0x7c50/0x7c50
[  446.246336][T12301]  ? __fdget+0x17c/0x200
[  446.250588][T12301]  __se_sys_sendmsg+0x19e/0x270
[  446.255450][T12301]  ? __x64_sys_sendmsg+0x80/0x80
[  446.260411][T12301]  ? lockdep_hardirqs_on+0x94/0x140
[  446.265625][T12301]  do_syscall_64+0x4c/0xa0
[  446.270049][T12301]  ? clear_bhb_loop+0x60/0xb0
[  446.274745][T12301]  ? clear_bhb_loop+0x60/0xb0
[  446.279444][T12301]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  446.285348][T12301] RIP: 0033:0x7f0b1ff8e929
[  446.289775][T12301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.309407][T12301] RSP: 002b:00007f0b20e9a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  446.317816][T12301] RAX: ffffffffffffffda RBX: 00007f0b201b5fa0 RCX: 00007f0b1ff8e929
[  446.325867][T12301] RDX: 0000000000000003 RSI: 0000200000000980 RDI: 0000000000000003
[  446.333840][T12301] RBP: 00007f0b20e9a090 R08: 0000000000000000 R09: 0000000000000000
[  446.341829][T12301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  446.349792][T12301] R13: 0000000000000000 R14: 00007f0b201b5fa0 R15: 00007fff22470938
[  446.357766][T12301]  </TASK>
[  446.676603][T12313] netlink: 'syz.2.2584': attribute type 3 has an invalid length.
[  446.699182][T12313] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2584'.
[  448.228846][T12353] device pim6reg1 entered promiscuous mode
[  448.956733][T12359] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.2604'.
[  449.523485][T12393] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  449.544158][T12393] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2612'.
[  449.598303][T12393] netlink: 'syz.4.2612': attribute type 10 has an invalid length.
[  450.032647][T12419] FAULT_INJECTION: forcing a failure.
[  450.032647][T12419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  450.099080][T12419] CPU: 1 PID: 12419 Comm: syz.2.2623 Not tainted 6.1.144-syzkaller #0
[  450.107276][T12419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  450.117336][T12419] Call Trace:
[  450.120628][T12419]  <TASK>
[  450.123565][T12419]  dump_stack_lvl+0x168/0x22e
[  450.128263][T12419]  ? show_regs_print_info+0x12/0x12
[  450.133480][T12419]  ? load_image+0x3b0/0x3b0
[  450.137996][T12419]  ? __lock_acquire+0x7c50/0x7c50
[  450.143051][T12419]  should_fail_ex+0x399/0x4d0
[  450.147742][T12419]  _copy_from_user+0x2c/0x170
[  450.152432][T12419]  __sys_bpf+0x265/0x6d0
[  450.156678][T12419]  ? bpf_link_show_fdinfo+0x310/0x310
[  450.162051][T12419]  ? lock_chain_count+0x20/0x20
[  450.166900][T12419]  __x64_sys_bpf+0x78/0x90
[  450.171306][T12419]  do_syscall_64+0x4c/0xa0
[  450.175708][T12419]  ? clear_bhb_loop+0x60/0xb0
[  450.180370][T12419]  ? clear_bhb_loop+0x60/0xb0
[  450.185035][T12419]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  450.190926][T12419] RIP: 0033:0x7fcb2e18e929
[  450.195331][T12419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.214926][T12419] RSP: 002b:00007fcb2f0d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  450.223344][T12419] RAX: ffffffffffffffda RBX: 00007fcb2e3b5fa0 RCX: 00007fcb2e18e929
[  450.231313][T12419] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 000000000000000a
[  450.239278][T12419] RBP: 00007fcb2f0d5090 R08: 0000000000000000 R09: 0000000000000000
[  450.247247][T12419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.255212][T12419] R13: 0000000000000000 R14: 00007fcb2e3b5fa0 R15: 00007fffdac450e8
[  450.263184][T12419]  </TASK>
[  450.416236][T12432] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  450.417186][T12427] netlink: 'syz.1.2626': attribute type 1 has an invalid length.
[  450.448458][T12432] netlink: 'syz.4.2628': attribute type 10 has an invalid length.
[  450.465707][T12427] netlink: 'syz.1.2626': attribute type 1 has an invalid length.
[  450.520560][T12427] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.2626'.
[  451.210232][T12452] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2635'.
[  451.403749][T12461] FAULT_INJECTION: forcing a failure.
[  451.403749][T12461] name failslab, interval 1, probability 0, space 0, times 0
[  451.440556][T12461] CPU: 0 PID: 12461 Comm: syz.2.2639 Not tainted 6.1.144-syzkaller #0
[  451.448758][T12461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  451.458831][T12461] Call Trace:
[  451.462122][T12461]  <TASK>
[  451.465069][T12461]  dump_stack_lvl+0x168/0x22e
[  451.469777][T12461]  ? sctp_sendmsg+0x15ff/0x2980
[  451.474659][T12461]  ? ___sys_sendmsg+0x21c/0x290
[  451.479555][T12461]  ? show_regs_print_info+0x12/0x12
[  451.484786][T12461]  ? load_image+0x3b0/0x3b0
[  451.489334][T12461]  should_fail_ex+0x399/0x4d0
[  451.494045][T12461]  should_failslab+0x5/0x20
[  451.498572][T12461]  slab_pre_alloc_hook+0x59/0x310
[  451.503625][T12461]  ? sctp_add_bind_addr+0x89/0x350
[  451.508764][T12461]  __kmem_cache_alloc_node+0x4f/0x260
[  451.514170][T12461]  ? sctp_add_bind_addr+0x89/0x350
[  451.519307][T12461]  kmalloc_trace+0x26/0xe0
[  451.523748][T12461]  sctp_add_bind_addr+0x89/0x350
[  451.528720][T12461]  sctp_copy_local_addr_list+0x308/0x4d0
[  451.534394][T12461]  ? sctp_copy_local_addr_list+0x98/0x4d0
[  451.540139][T12461]  ? sctp_do_8_2_transport_strike+0x8a0/0x8a0
[  451.546233][T12461]  ? sctp_v6_is_any+0x60/0x70
[  451.550934][T12461]  ? sctp_copy_one_addr+0x93/0x660
[  451.556065][T12461]  sctp_bind_addr_copy+0xaf/0x3c0
[  451.561092][T12461]  ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190
[  451.567425][T12461]  sctp_connect_new_asoc+0x2d6/0x690
[  451.572714][T12461]  ? __sctp_connect+0xd20/0xd20
[  451.577651][T12461]  ? __local_bh_enable_ip+0x12a/0x1b0
[  451.583028][T12461]  ? lock_sock_nested+0x66/0x100
[  451.587968][T12461]  ? bpf_lsm_sctp_bind_connect+0x5/0x10
[  451.593508][T12461]  ? security_sctp_bind_connect+0x85/0xb0
[  451.599239][T12461]  sctp_sendmsg+0x15ff/0x2980
[  451.603925][T12461]  ? trace_event_raw_event_lock+0x230/0x230
[  451.609837][T12461]  ? sctp_getsockopt+0x8a0/0x8a0
[  451.614775][T12461]  ? aa_af_perm+0x2b0/0x2b0
[  451.619270][T12461]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  451.625697][T12461]  ? inet_sendmsg+0xe5/0x2f0
[  451.630287][T12461]  ? inet_send_prepare+0x260/0x260
[  451.635397][T12461]  ____sys_sendmsg+0x59b/0x970
[  451.640169][T12461]  ? __sys_sendmsg_sock+0x30/0x30
[  451.645192][T12461]  ? __import_iovec+0x315/0x500
[  451.650045][T12461]  ? import_iovec+0x6f/0xa0
[  451.654550][T12461]  ___sys_sendmsg+0x21c/0x290
[  451.659236][T12461]  ? __sys_sendmsg+0x270/0x270
[  451.664025][T12461]  ? __lock_acquire+0x7c50/0x7c50
[  451.669070][T12461]  ? __fdget+0x17c/0x200
[  451.673317][T12461]  __se_sys_sendmsg+0x19e/0x270
[  451.678167][T12461]  ? __x64_sys_sendmsg+0x80/0x80
[  451.683130][T12461]  ? lockdep_hardirqs_on+0x94/0x140
[  451.688332][T12461]  do_syscall_64+0x4c/0xa0
[  451.692746][T12461]  ? clear_bhb_loop+0x60/0xb0
[  451.697418][T12461]  ? clear_bhb_loop+0x60/0xb0
[  451.702093][T12461]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  451.707977][T12461] RIP: 0033:0x7fcb2e18e929
[  451.712474][T12461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.732073][T12461] RSP: 002b:00007fcb2f0d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  451.740482][T12461] RAX: ffffffffffffffda RBX: 00007fcb2e3b5fa0 RCX: 00007fcb2e18e929
[  451.748446][T12461] RDX: 0000000000004804 RSI: 00002000000001c0 RDI: 0000000000000004
[  451.756408][T12461] RBP: 00007fcb2f0d5090 R08: 0000000000000000 R09: 0000000000000000
[  451.764379][T12461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  451.772339][T12461] R13: 0000000000000000 R14: 00007fcb2e3b5fa0 R15: 00007fffdac450e8
[  451.780326][T12461]  </TASK>
[  451.819012][T12466] FAULT_INJECTION: forcing a failure.
[  451.819012][T12466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  451.853945][T12466] CPU: 1 PID: 12466 Comm: syz.0.2641 Not tainted 6.1.144-syzkaller #0
[  451.862149][T12466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  451.872206][T12466] Call Trace:
[  451.875473][T12466]  <TASK>
[  451.878396][T12466]  dump_stack_lvl+0x168/0x22e
[  451.883070][T12466]  ? show_regs_print_info+0x12/0x12
[  451.888260][T12466]  ? load_image+0x3b0/0x3b0
[  451.892753][T12466]  ? __lock_acquire+0x7c50/0x7c50
[  451.897776][T12466]  should_fail_ex+0x399/0x4d0
[  451.902447][T12466]  _copy_from_user+0x2c/0x170
[  451.907122][T12466]  __sys_bpf+0x265/0x6d0
[  451.911362][T12466]  ? bpf_link_show_fdinfo+0x310/0x310
[  451.916740][T12466]  ? lock_chain_count+0x20/0x20
[  451.921588][T12466]  __x64_sys_bpf+0x78/0x90
[  451.925995][T12466]  do_syscall_64+0x4c/0xa0
[  451.930399][T12466]  ? clear_bhb_loop+0x60/0xb0
[  451.935065][T12466]  ? clear_bhb_loop+0x60/0xb0
[  451.939731][T12466]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  451.945613][T12466] RIP: 0033:0x7febcf38e929
[  451.950016][T12466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.969614][T12466] RSP: 002b:00007febd01a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  451.978018][T12466] RAX: ffffffffffffffda RBX: 00007febcf5b5fa0 RCX: 00007febcf38e929
[  451.985994][T12466] RDX: 0000000000000022 RSI: 0000200000001bc0 RDI: 000000000000000a
[  451.993970][T12466] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  452.002031][T12466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  452.010004][T12466] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  452.017983][T12466]  </TASK>
[  452.985611][T12505] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2652'.
[  453.148778][T12504] netlink: 'syz.4.2653': attribute type 23 has an invalid length.
[  453.189764][T12504] netlink: 'syz.4.2653': attribute type 6 has an invalid length.
[  453.511701][T12516] netlink: 65043 bytes leftover after parsing attributes in process `syz.1.2656'.
[  453.688484][T12520] netlink: 15119 bytes leftover after parsing attributes in process `syz.0.2657'.
[  454.793305][T12540] raw_sendmsg: syz.2.2665 forgot to set AF_INET. Fix it!
[  454.801656][T12542] syz.1.2666[12542] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  454.801764][T12542] syz.1.2666[12542] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  455.190618][T12540] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2665'.
[  455.432952][T12554] netlink: 'syz.1.2668': attribute type 23 has an invalid length.
[  455.451994][T12554] netlink: 'syz.1.2668': attribute type 6 has an invalid length.
[  455.473621][T12557] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.2670'.
[  455.513791][T12559] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2669'.
[  457.133035][T12593] netlink: 'syz.2.2683': attribute type 23 has an invalid length.
[  457.160774][T12593] netlink: 'syz.2.2683': attribute type 6 has an invalid length.
[  457.679811][T12616] FAULT_INJECTION: forcing a failure.
[  457.679811][T12616] name failslab, interval 1, probability 0, space 0, times 0
[  457.692809][T12616] CPU: 1 PID: 12616 Comm: syz.3.2689 Not tainted 6.1.144-syzkaller #0
[  457.700976][T12616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  457.711046][T12616] Call Trace:
[  457.714329][T12616]  <TASK>
[  457.717263][T12616]  dump_stack_lvl+0x168/0x22e
[  457.721961][T12616]  ? show_regs_print_info+0x12/0x12
[  457.727178][T12616]  ? load_image+0x3b0/0x3b0
[  457.731695][T12616]  ? __lock_acquire+0x12e5/0x7c50
[  457.736737][T12616]  ? kasan_set_track+0x60/0x70
[  457.741513][T12616]  ? kasan_set_track+0x4b/0x70
[  457.746284][T12616]  ? __kasan_slab_alloc+0x6b/0x80
[  457.751317][T12616]  ? slab_post_alloc_hook+0x4b/0x480
[  457.756615][T12616]  should_fail_ex+0x399/0x4d0
[  457.761308][T12616]  should_failslab+0x5/0x20
[  457.765833][T12616]  slab_pre_alloc_hook+0x59/0x310
[  457.770876][T12616]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  457.776951][T12616]  ? ref_tracker_alloc+0x129/0x450
[  457.782078][T12616]  __kmem_cache_alloc_node+0x4f/0x260
[  457.787464][T12616]  ? ref_tracker_alloc+0x129/0x450
[  457.792588][T12616]  kmalloc_trace+0x26/0xe0
[  457.797022][T12616]  ref_tracker_alloc+0x129/0x450
[  457.801979][T12616]  ? ref_tracker_dir_print+0x150/0x150
[  457.807464][T12616]  ? __kasan_slab_alloc+0x6b/0x80
[  457.812505][T12616]  ? slab_post_alloc_hook+0x67/0x480
[  457.817803][T12616]  ? slab_pre_alloc_hook+0x59/0x310
[  457.823021][T12616]  dst_init+0xda/0x410
[  457.827104][T12616]  dst_alloc+0x12a/0x160
[  457.831357][T12616]  ip_route_output_key_hash_rcu+0x1054/0x23a0
[  457.837446][T12616]  ? ip_route_output_key_hash+0x12b/0x340
[  457.843183][T12616]  ip_route_output_key_hash+0x207/0x340
[  457.848757][T12616]  ? ip_route_input_rcu+0x30a0/0x30a0
[  457.854161][T12616]  ? memset+0x1e/0x40
[  457.858157][T12616]  ip_route_output_flow+0x26/0x150
[  457.863286][T12616]  ip_tunnel_xmit+0x943/0x2360
[  457.868063][T12616]  ? ip_tunnel_xmit+0x140/0x2360
[  457.873020][T12616]  ? ip4_dst_hoplimit+0x2d0/0x2d0
[  457.878051][T12616]  ? skb_network_protocol+0x505/0x750
[  457.883434][T12616]  ? skb_push+0x8a/0xd0
[  457.887598][T12616]  ? gre_build_header+0x25b/0x9a0
[  457.892642][T12616]  ipgre_xmit+0x79d/0xb20
[  457.896984][T12616]  dev_hard_start_xmit+0x262/0x870
[  457.902125][T12616]  __dev_queue_xmit+0x1bf1/0x3760
[  457.907170][T12616]  ? __dev_queue_xmit+0x26f/0x3760
[  457.912291][T12616]  ? netdev_core_pick_tx+0x340/0x340
[  457.917582][T12616]  ? __kmem_cache_alloc_node+0x140/0x260
[  457.923210][T12616]  ? skb_release_data+0x1d2/0x7c0
[  457.928236][T12616]  __bpf_redirect+0x915/0x1180
[  457.932999][T12616]  bpf_clone_redirect+0x26c/0x3c0
[  457.938020][T12616]  bpf_prog_208b094576c80b22+0x56/0x5b
[  457.943472][T12616]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  457.949446][T12616]  ? lock_chain_count+0x20/0x20
[  457.954290][T12616]  ? seqcount_lockdep_reader_access+0x120/0x1c0
[  457.960519][T12616]  ? lockdep_hardirqs_on+0x94/0x140
[  457.965712][T12616]  ? ktime_get+0x7b/0x270
[  457.970036][T12616]  ? seqcount_lockdep_reader_access+0x172/0x1c0
[  457.976267][T12616]  ? ktime_get_real_ts64+0x420/0x420
[  457.981543][T12616]  ? read_lock_is_recursive+0x10/0x10
[  457.986923][T12616]  ? __cant_sleep+0x210/0x210
[  457.991607][T12616]  ? ktime_get+0x247/0x270
[  457.996027][T12616]  bpf_test_run+0x323/0x870
[  458.000537][T12616]  ? slab_post_alloc_hook+0x67/0x480
[  458.005840][T12616]  ? convert___skb_to_skb+0x580/0x580
[  458.011216][T12616]  ? eth_get_headlen+0x1f0/0x1f0
[  458.016159][T12616]  ? __build_skb+0x257/0x3c0
[  458.020748][T12616]  ? convert___skb_to_skb+0x3d/0x580
[  458.026034][T12616]  bpf_prog_test_run_skb+0xa40/0x11b0
[  458.031414][T12616]  ? cpu_online+0xa0/0xa0
[  458.035734][T12616]  bpf_prog_test_run+0x31e/0x390
[  458.040665][T12616]  __sys_bpf+0x593/0x6d0
[  458.044899][T12616]  ? bpf_link_show_fdinfo+0x310/0x310
[  458.050277][T12616]  ? lock_chain_count+0x20/0x20
[  458.055137][T12616]  __x64_sys_bpf+0x78/0x90
[  458.059546][T12616]  do_syscall_64+0x4c/0xa0
[  458.063954][T12616]  ? clear_bhb_loop+0x60/0xb0
[  458.068619][T12616]  ? clear_bhb_loop+0x60/0xb0
[  458.073287][T12616]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  458.079169][T12616] RIP: 0033:0x7fa28878e929
[  458.083571][T12616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.103162][T12616] RSP: 002b:00007fa2896ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  458.111562][T12616] RAX: ffffffffffffffda RBX: 00007fa2889b5fa0 RCX: 00007fa28878e929
[  458.119520][T12616] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a
[  458.127567][T12616] RBP: 00007fa2896ba090 R08: 0000000000000000 R09: 0000000000000000
[  458.135524][T12616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  458.143483][T12616] R13: 0000000000000000 R14: 00007fa2889b5fa0 R15: 00007ffe7d06c0f8
[  458.151453][T12616]  </TASK>
[  458.154560][T12616] memory allocation failure, unreliable refcount tracker.
[  458.520207][T12625] ªªªªªª: renamed from vlan0
[  458.606180][T12628] netlink: 'syz.4.2693': attribute type 10 has an invalid length.
[  458.627008][T12628] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2693'.
[  458.664077][T12630] FAULT_INJECTION: forcing a failure.
[  458.664077][T12630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  458.761809][T12630] CPU: 1 PID: 12630 Comm: syz.0.2694 Not tainted 6.1.144-syzkaller #0
[  458.770029][T12630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  458.780099][T12630] Call Trace:
[  458.783380][T12630]  <TASK>
[  458.786306][T12630]  dump_stack_lvl+0x168/0x22e
[  458.790991][T12630]  ? show_regs_print_info+0x12/0x12
[  458.796186][T12630]  ? load_image+0x3b0/0x3b0
[  458.800686][T12630]  ? __lock_acquire+0x7c50/0x7c50
[  458.805724][T12630]  should_fail_ex+0x399/0x4d0
[  458.810402][T12630]  _copy_from_user+0x2c/0x170
[  458.815082][T12630]  kstrtouint_from_user+0xbe/0x150
[  458.820196][T12630]  ? kstrtol_from_user+0x150/0x150
[  458.825328][T12630]  proc_fail_nth_write+0x85/0x1f0
[  458.830351][T12630]  ? proc_fail_nth_read+0x210/0x210
[  458.835541][T12630]  ? common_file_perm+0x171/0x1c0
[  458.840565][T12630]  ? proc_fail_nth_read+0x210/0x210
[  458.845757][T12630]  vfs_write+0x2c4/0x960
[  458.850006][T12630]  ? file_end_write+0x250/0x250
[  458.854853][T12630]  ? __fget_files+0x28/0x4d0
[  458.859442][T12630]  ? __fget_files+0x44a/0x4d0
[  458.864130][T12630]  ? __fdget_pos+0x2ae/0x360
[  458.868732][T12630]  ? ksys_write+0x71/0x240
[  458.873146][T12630]  ksys_write+0x143/0x240
[  458.877470][T12630]  ? __ia32_sys_read+0x80/0x80
[  458.882230][T12630]  ? lockdep_hardirqs_on+0x94/0x140
[  458.887446][T12630]  do_syscall_64+0x4c/0xa0
[  458.891862][T12630]  ? clear_bhb_loop+0x60/0xb0
[  458.896541][T12630]  ? clear_bhb_loop+0x60/0xb0
[  458.901215][T12630]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  458.907101][T12630] RIP: 0033:0x7febcf38d3df
[  458.911511][T12630] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  458.931107][T12630] RSP: 002b:00007febd01a8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  458.939516][T12630] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007febcf38d3df
[  458.947481][T12630] RDX: 0000000000000001 RSI: 00007febd01a80a0 RDI: 0000000000000005
[  458.955444][T12630] RBP: 00007febd01a8090 R08: 0000000000000000 R09: 0000000000000000
[  458.963410][T12630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  458.971372][T12630] R13: 0000000000000000 R14: 00007febcf5b5fa0 R15: 00007ffddf7a4e88
[  458.979353][T12630]  </TASK>
[  459.124129][T12634] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.2696'.
[  459.368343][T12640] netlink: 15119 bytes leftover after parsing attributes in process `syz.1.2707'.
[  459.368664][T12641] netlink: 'syz.4.2698': attribute type 16 has an invalid length.
[  459.442890][T12641] netlink: 'syz.4.2698': attribute type 4 has an invalid length.
[  459.470913][T12641] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2698'.
[  459.578402][T12645] netlink: 'syz.3.2697': attribute type 23 has an invalid length.
[  459.640344][T12645] netlink: 'syz.3.2697': attribute type 6 has an invalid length.
[  460.114496][T12662] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2703'.
[  460.234807][T12657] IPv6: Can't replace route, no match found
[  460.401095][T12663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2702'.
[  460.699807][T12682] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.2710'.
[  460.753255][T12682] netlink: 6324 bytes leftover after parsing attributes in process `syz.0.2710'.
[  460.880637][T12682] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2710'.
[  460.972790][T12679] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.2711'.
[  464.079722][T12709] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2718'.
[  464.089511][T12725] netlink: 'syz.4.2725': attribute type 10 has an invalid length.
[  464.135628][T12725] team0: Port device geneve1 added
[  464.678783][T12755] netlink: 'syz.2.2737': attribute type 1 has an invalid length.
[  464.690894][T12755] netlink: 131740 bytes leftover after parsing attributes in process `syz.2.2737'.
[  464.692951][T12752] netlink: 15119 bytes leftover after parsing attributes in process `syz.1.2735'.
[  466.073509][T12757] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2738'.
[  466.084744][T12755] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.2737'.
[  466.095011][T12764] netlink: 'syz.1.2741': attribute type 10 has an invalid length.
[  466.150684][T12764] device geneve1 entered promiscuous mode
[  466.157002][T12764] team0: Port device geneve1 added
[  466.272456][T12767] device sit0 entered promiscuous mode
[  466.357925][T12774] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.2745'.
[  466.383487][T12778] netlink: 'syz.0.2742': attribute type 29 has an invalid length.
[  466.422451][T12774] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4
[  466.432862][T12778] netlink: 'syz.0.2742': attribute type 3 has an invalid length.
[  466.490203][T12778] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2742'.
[  467.126697][T12786] netlink: 'syz.0.2742': attribute type 19 has an invalid length.
[  467.175240][T12799] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2752'.
[  467.282793][T12806] netlink: 'syz.2.2755': attribute type 29 has an invalid length.
[  467.305955][T12808] netlink: 'syz.1.2756': attribute type 3 has an invalid length.
[  467.314338][T12806] netlink: 'syz.2.2755': attribute type 29 has an invalid length.
[  467.320699][T12810] netlink: 'syz.1.2756': attribute type 3 has an invalid length.
[  467.339564][T12808] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2756'.
[  467.349268][T12810] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2756'.
[  470.943142][T12862] validate_nla: 3 callbacks suppressed
[  470.943160][T12862] netlink: 'syz.0.2770': attribute type 4 has an invalid length.
[  470.986645][T12862] netlink: 'syz.0.2770': attribute type 1 has an invalid length.
[  470.999910][T12862] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.2770'.
[  471.904768][T12887] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.2776'.
[  471.920146][T12889] netlink: 15119 bytes leftover after parsing attributes in process `syz.0.2777'.
[  472.156511][T12891] netlink: 'syz.3.2778': attribute type 1 has an invalid length.
[  472.192697][T12891] netlink: 131740 bytes leftover after parsing attributes in process `syz.3.2778'.
[  472.222608][T12898] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.2778'.
[  472.649092][T12916] device sit0 entered promiscuous mode
[  472.768913][T12918] netlink: 'syz.4.2789': attribute type 29 has an invalid length.
[  472.933956][T12918] netlink: 'syz.4.2789': attribute type 3 has an invalid length.
[  472.946629][T12918] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2789'.
[  473.453292][T12919] netlink: 'syz.4.2789': attribute type 19 has an invalid length.
[  473.469978][T12931] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.2792'.
[  473.583074][T12935] netlink: 15119 bytes leftover after parsing attributes in process `syz.1.2795'.
[  473.607207][T12939] netlink: 81056 bytes leftover after parsing attributes in process `syz.2.2805'.
[  474.429627][T12969] netlink: 15119 bytes leftover after parsing attributes in process `syz.4.2807'.
[  474.839094][T12986] netlink: 'syz.1.2812': attribute type 10 has an invalid length.
[  474.858920][T12985] device veth0_vlan left promiscuous mode
[  474.881137][T12985] device veth0_vlan entered promiscuous mode
[  475.230114][T12995] netlink: 'syz.2.2817': attribute type 1 has an invalid length.
[  475.243513][T12995] netlink: 131740 bytes leftover after parsing attributes in process `syz.2.2817'.
[  476.833033][T13031] netlink: 'syz.4.2829': attribute type 1 has an invalid length.
[  476.837509][T13034] netlink: 'syz.1.2830': attribute type 9 has an invalid length.
[  477.406022][T13060] netlink: 'syz.1.2842': attribute type 1 has an invalid length.
[  477.425643][T13060] __nla_validate_parse: 2 callbacks suppressed
[  477.425679][T13060] netlink: 131740 bytes leftover after parsing attributes in process `syz.1.2842'.
[  477.488304][T13062] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2843'.
[  477.521956][T13065] netlink: 'syz.3.2844': attribute type 10 has an invalid length.
[  477.544843][T13065] team0: Cannot enslave team device to itself
[  477.584379][T13068] netlink: 'syz.1.2845': attribute type 1 has an invalid length.
[  477.592447][T13068] netlink: 131740 bytes leftover after parsing attributes in process `syz.1.2845'.
[  477.592556][T13065] netlink: 'syz.3.2844': attribute type 27 has an invalid length.
[  477.614555][T13065] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  478.097993][T13096] netlink: 'syz.4.2856': attribute type 1 has an invalid length.
[  478.130800][T13096] netlink: 131740 bytes leftover after parsing attributes in process `syz.4.2856'.
[  478.205461][T13098] netlink: 'syz.2.2857': attribute type 1 has an invalid length.
[  478.213542][T13098] netlink: 131740 bytes leftover after parsing attributes in process `syz.2.2857'.
[  478.403332][T13112] sock: sock_set_timeout: `syz.1.2863' (pid 13112) tries to set negative timeout
[  478.464962][T13115] netlink: 'syz.2.2862': attribute type 21 has an invalid length.
[  478.579006][T13125] netlink: 'syz.0.2864': attribute type 10 has an invalid length.
[  478.967986][T13133] netlink: 15119 bytes leftover after parsing attributes in process `syz.1.2869'.
[  479.319566][T13142] netlink: 131740 bytes leftover after parsing attributes in process `syz.3.2872'.
[  479.404672][T13144] netlink: 81056 bytes leftover after parsing attributes in process `syz.1.2873'.
[  479.446413][T13144] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[  479.633051][T13159] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.2882'.
[  479.819413][T13173] netlink: 131740 bytes leftover after parsing attributes in process `syz.1.2885'.
[  480.102247][T13182] bridge0: port 3(bond0) entered disabled state
[  480.108827][T13182] bridge0: port 2(bridge_slave_1) entered disabled state
[  480.116320][T13182] bridge0: port 1(bridge_slave_0) entered disabled state
[  480.201034][T13182] bridge0: port 3(bond0) entered blocking state
[  480.208075][T13182] bridge0: port 3(bond0) entered forwarding state
[  480.215973][T13182] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.223247][T13182] bridge0: port 2(bridge_slave_1) entered forwarding state
[  480.230852][T13182] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.238078][T13182] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.347255][T13182] team0: Port device bridge0 added
[  481.577592][ T4278] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  481.586807][ T4278] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  481.595563][ T4278] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  481.608178][ T4278] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  481.616452][ T4278] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  481.623855][ T4278] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  482.311946][ T8233] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.431623][ T8233] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.600292][T13240] validate_nla: 5 callbacks suppressed
[  482.600331][T13240] netlink: 'syz.3.2910': attribute type 1 has an invalid length.
[  482.659374][T13240] __nla_validate_parse: 2 callbacks suppressed
[  482.659493][T13240] netlink: 131740 bytes leftover after parsing attributes in process `syz.3.2910'.
[  483.320501][T13242] netlink: 'syz.2.2907': attribute type 10 has an invalid length.
[  483.330559][T13242] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.346773][T13242] bond0: (slave bridge0): Releasing backup interface
[  483.357038][T13242] team0: Device bridge0 is already an upper device of the team interface
[  483.386990][ T8233] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.469586][T13247] netlink: 'syz.1.2911': attribute type 1 has an invalid length.
[  483.489381][ T8233] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.532961][T13247] netlink: 131740 bytes leftover after parsing attributes in process `syz.1.2911'.
[  483.538370][T13252] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2912'.
[  483.710707][ T4265] Bluetooth: hci5: command 0x0409 tx timeout
[  483.805999][T13219] chnl_net:caif_netlink_parms(): no params data found
[  484.158093][T13279] netlink: 'syz.2.2923': attribute type 1 has an invalid length.
[  484.180720][T13279] netlink: 131740 bytes leftover after parsing attributes in process `syz.2.2923'.
[  485.127920][T13285] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2925'.
[  485.137869][T13219] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.147919][T13219] bridge0: port 1(bridge_slave_0) entered disabled state
[  485.157640][T13219] device bridge_slave_0 entered promiscuous mode
[  485.199804][T13289] netlink: 'syz.3.2928': attribute type 1 has an invalid length.
[  485.207994][T13289] netlink: 131740 bytes leftover after parsing attributes in process `syz.3.2928'.
[  485.264155][T13219] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.288941][T13219] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.311680][T13219] device bridge_slave_1 entered promiscuous mode
[  485.318707][T13288] netlink: 'syz.1.2927': attribute type 10 has an invalid length.
[  485.358986][T13288] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.2927'.
[  485.384050][T13292] netlink: 7906 bytes leftover after parsing attributes in process `syz.1.2927'.
[  485.791270][ T4265] Bluetooth: hci5: command 0x041b tx timeout
[  485.804212][T13219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  485.879230][T13304] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2932'.
[  485.945978][T13219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  485.998524][T13307] netlink: 'syz.2.2933': attribute type 21 has an invalid length.
[  486.149863][T13219] team0: Port device team_slave_0 added
[  486.177760][T13219] team0: Port device team_slave_1 added
[  486.268189][T13313] netlink: 'syz.3.2935': attribute type 1 has an invalid length.
[  486.308827][T13313] netlink: 131740 bytes leftover after parsing attributes in process `syz.3.2935'.
[  486.351193][T13219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  486.365420][T13219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.429140][T13219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  486.476117][T13219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  486.486637][T13219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.527892][T13219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  486.715454][T13219] device hsr_slave_0 entered promiscuous mode
[  486.758470][T13219] device hsr_slave_1 entered promiscuous mode
[  486.775204][T13320] netlink: 'syz.1.2946': attribute type 1 has an invalid length.
[  487.870731][ T4265] Bluetooth: hci5: command 0x040f tx timeout
[  487.995276][T13331] netlink: 'syz.2.2941': attribute type 1 has an invalid length.
[  488.003651][T13331] __nla_validate_parse: 1 callbacks suppressed
[  488.003684][T13331] netlink: 131740 bytes leftover after parsing attributes in process `syz.2.2941'.
[  488.424934][T13334] netlink: 'syz.2.2943': attribute type 3 has an invalid length.
[  488.443525][T13326] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2940'.
[  488.450564][T13334] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2943'.
[  488.951563][ T8233] device hsr_slave_0 left promiscuous mode
[  488.986705][ T8233] device hsr_slave_1 left promiscuous mode
[  489.006206][ T8233] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  489.031661][ T8233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  489.098115][ T8233] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  489.112784][ T8233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  489.131499][T13345] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  489.139329][T13345] #PF: supervisor instruction fetch in kernel mode
[  489.145812][T13345] #PF: error_code(0x0010) - not-present page
[  489.151780][T13345] PGD 18a5d067 P4D 18a5d067 PUD 0 
[  489.156889][T13345] Oops: 0010 [#1] PREEMPT SMP KASAN
[  489.162071][T13345] CPU: 0 PID: 13345 Comm: syz.2.2949 Not tainted 6.1.144-syzkaller #0
[  489.170220][T13345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  489.180270][T13345] RIP: 0010:0x0
[  489.183738][T13345] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  489.191092][T13345] RSP: 0018:ffffc90003377398 EFLAGS: 00010246
[  489.197146][T13345] RAX: 1ffffffff172bd4f RBX: 000000000000000f RCX: 0000000000000000
[  489.205107][T13345] RDX: ffffc90003377440 RSI: 0000000000000001 RDI: ffff88805a47e000
[  489.213069][T13345] RBP: ffffc900033774b0 R08: dffffc0000000000 R09: ffffed100b48fc08
[  489.221029][T13345] R10: ffffed100b48fc08 R11: 1ffff1100b48fc07 R12: ffffe8ffffc45328
[  489.228992][T13345] R13: ffffffff8b95ea78 R14: 0000000000000000 R15: ffff88805a47e000
[  489.236952][T13345] FS:  00007fcb2f0d56c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  489.245881][T13345] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  489.252456][T13345] CR2: ffffffffffffffd6 CR3: 000000007afd6000 CR4: 00000000003506f0
[  489.260435][T13345] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  489.268410][T13345] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  489.276370][T13345] Call Trace:
[  489.279637][T13345]  <TASK>
[  489.282569][T13345]  bond_xdp_xmit+0x309/0x520
[  489.287169][T13345]  ? bond_xdp_xmit+0x93/0x520
[  489.291864][T13345]  ? bond_xdp+0x840/0x840
[  489.296197][T13345]  bq_xmit_all+0xc99/0x10d0
[  489.300711][T13345]  ? __dev_flush+0x1b0/0x1b0
[  489.305384][T13345]  ? perf_trace_run_bpf_submit+0xf3/0x1c0
[  489.311096][T13345]  ? perf_trace_preemptirq_template+0x287/0x330
[  489.317329][T13345]  ? irqentry_enter+0x33/0x50
[  489.322002][T13345]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  489.327973][T13345]  ? lock_chain_count+0x20/0x20
[  489.332815][T13345]  bq_enqueue+0x337/0x3d0
[  489.337138][T13345]  dev_map_enqueue+0x1b4/0x340
[  489.341893][T13345]  xdp_do_redirect_frame+0x30c/0x650
[  489.347167][T13345]  bpf_test_run_xdp_live+0x9dd/0x1970
[  489.352561][T13345]  ? bpf_test_run_xdp_live+0x45c/0x1970
[  489.358095][T13345]  ? xdp_convert_md_to_buff+0x330/0x330
[  489.363635][T13345]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[  489.369866][T13345]  ? bpf_prog_test_run_xdp+0x560/0xe50
[  489.375313][T13345]  bpf_prog_test_run_xdp+0x6f1/0xe50
[  489.380599][T13345]  ? dev_put+0x80/0x80
[  489.384655][T13345]  ? dev_put+0x80/0x80
[  489.388713][T13345]  bpf_prog_test_run+0x31e/0x390
[  489.393646][T13345]  __sys_bpf+0x593/0x6d0
[  489.397879][T13345]  ? bpf_link_show_fdinfo+0x310/0x310
[  489.403246][T13345]  ? lock_chain_count+0x20/0x20
[  489.408085][T13345]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  489.414055][T13345]  __x64_sys_bpf+0x78/0x90
[  489.418479][T13345]  do_syscall_64+0x4c/0xa0
[  489.422900][T13345]  ? clear_bhb_loop+0x60/0xb0
[  489.427581][T13345]  ? clear_bhb_loop+0x60/0xb0
[  489.432257][T13345]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  489.438138][T13345] RIP: 0033:0x7fcb2e18e929
[  489.442545][T13345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.462145][T13345] RSP: 002b:00007fcb2f0d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  489.470548][T13345] RAX: ffffffffffffffda RBX: 00007fcb2e3b5fa0 RCX: 00007fcb2e18e929
[  489.478507][T13345] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[  489.486565][T13345] RBP: 00007fcb2e210b39 R08: 0000000000000000 R09: 0000000000000000
[  489.494536][T13345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  489.502587][T13345] R13: 0000000000000000 R14: 00007fcb2e3b5fa0 R15: 00007fffdac450e8
[  489.510561][T13345]  </TASK>
[  489.513580][T13345] Modules linked in:
[  489.517466][T13345] CR2: 0000000000000000
[  489.521612][T13345] ---[ end trace 0000000000000000 ]---
[  489.527048][T13345] RIP: 0010:0x0
[  489.530505][T13345] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  489.537850][T13345] RSP: 0018:ffffc90003377398 EFLAGS: 00010246
[  489.543900][T13345] RAX: 1ffffffff172bd4f RBX: 000000000000000f RCX: 0000000000000000
[  489.551866][T13345] RDX: ffffc90003377440 RSI: 0000000000000001 RDI: ffff88805a47e000
[  489.559838][T13345] RBP: ffffc900033774b0 R08: dffffc0000000000 R09: ffffed100b48fc08
[  489.567806][T13345] R10: ffffed100b48fc08 R11: 1ffff1100b48fc07 R12: ffffe8ffffc45328
[  489.575769][T13345] R13: ffffffff8b95ea78 R14: 0000000000000000 R15: ffff88805a47e000
[  489.583749][T13345] FS:  00007fcb2f0d56c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  489.592686][T13345] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  489.599274][T13345] CR2: ffffffffffffffd6 CR3: 000000007afd6000 CR4: 00000000003506f0
[  489.607251][T13345] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  489.615217][T13345] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  489.623184][T13345] Kernel panic - not syncing: Fatal exception in interrupt
[  489.630604][T13345] Kernel Offset: disabled
[  489.635175][T13345] Rebooting in 86400 seconds..