last executing test programs: 8.994918164s ago: executing program 0 (id=6957): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x740b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40000100}, [@generic={0x40, 0x0, 0x8, 0x9, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40001) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0x1, r4, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r6 = socket$kcm(0x25, 0x5, 0x0) sendmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x408c050) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(r5, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) close(0xffffffffffffffff) 8.699498466s ago: executing program 2 (id=6953): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000005c0)=r2, 0x12) r5 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x39) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r8, &(0x7f0000000100)='devices.deny\x00', 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x5, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000611214000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r9, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0) 8.534128968s ago: executing program 0 (id=6956): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x4041, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x10006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800"/13], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000740)={0x0, 0x1, 0x8}, 0xc) (fail_nth: 1) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 7.836126473s ago: executing program 0 (id=6959): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000000000000000000000000085000000080000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0xd, 0x6}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1e000000feffffff01800000f8ffffff00600000", @ANYRES32, @ANYBLOB="8100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000020000000000000000000000000018a37d4c0c98277dbd2ed1751e128790dd8af1b2685c8c1a5edf6616b2e87ca4002aa5a8cfa50068f4ea81076e2e9ab7738e97c4af54ac6e8f3fe1228145d9743a112da96f0a4f39ca58c88afe171a5dedc4b19c0895c3d5bb009de733a9842c3e91955cd4b11678e63fe2d8b0be700087bd98"], 0x50) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1809000000ffffff00000000000000008510000002000000850000000f0000009500000000000000aa6849b4cd423bb07d5cbc8917ed46b64513610975f9ffe5f926d9b79d4d849592c8afa8a3a21533bc6ab61d08cdb861cc2ac94aaf2589e55079c5ebd1ba4f317d692025d3636a022d54ab12aca5664c9f4528544548e56d8f7168165b8058a417812a165061f6602f3434b464ec281e08d00e03ad86913e8fc591e22905289dd25090af450eefb1e47ea485bbd4a58c18e60e1c0583d44027806b7361c33de0c74511bb6a4e895860fa9f6e83c913440aad663aa30990fc1dd49845471800d1ac76ab95363ed672c53987b0c7b590997e4673933967d7c073a6c15f6a46"], 0x0, 0xfffffdff, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r2, 0x400454c9, 0x1) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000080)={'team0\x00', @local}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r5, 0xffffffffffffffff}, &(0x7f00000007c0), &(0x7f0000000640)=r4}, 0x20) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={r6, &(0x7f0000000300)}, 0x20) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) 7.831094853s ago: executing program 1 (id=6960): r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000032090000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="06000000040000007c0500000a"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900), 0x404, r1, 0x0, 0x1ba8847c99}, 0x38) 7.614481286s ago: executing program 3 (id=6961): recvmsg(0xffffffffffffffff, 0x0, 0x1f00) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001e00)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a118000600014002020a600e41b0000900ac00040211000000160012000a00ff020048035c4c61c1d67f6f94007133cf6efb8000a007a290457f01a7cee4090000001fb7d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de61fccd40dd6e4edef3d93452a9247c47870ae1d092665c07a81ead0f98a952c795c0e9703920723f9000000008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0xc, 0x2000000000000216, &(0x7f0000000d40)=ANY=[@ANYRES64=r0, @ANYBLOB="6129f18fc279708e9a6dc06b183ad167bc56f7821f767a3845d3c91d3aee544a53426dc7249b4fe7da18e097b4714574b367c005b33de6d12018a70fef6df2b76a7cab6bd593c94c54ba0bfb63d40bdbfb193c59d694b8ea5850de58545d9c879b5f379d88e442a2199cd155924a03d4eef58f8f08037c173df46e09aa9c1a305582d8dc688f67c7de35f9c7597afc4ff9", @ANYRES64=r0], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7f, 0x7}, 0x104101, 0x4, 0x7fff, 0x1, 0x10, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r4, &(0x7f0000000b40)={&(0x7f0000000400)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000540)=[{&(0x7f0000002880)="611b0f0065f65d25c9d4efa78c711930dcacc7711431abd866f4f300918cc74122160768ad3185487de6a599a4f93e5d4911d49a7dfef2adf907b8c28d59338f7e14b59ec468cebf0989a86b92b373e9ac989a0f28132d7e25b7c8f4fa9dad2e579efbeec8a5293e105a65c905ece0947f119ebe03703e2cfe8fd22bbd81c58180c36c2886b8b987141ea749efcecf74244e802ffc263c4dc411eb2af5804bb899fd6e94b2a755592c74376314b9331242c392216cbc604497de01fa932fd43cef0441b0d0a760cc4388070e0c0680831a5bc20d8a91d29336f36a323fdfb04e4a6ee47f8a4863034eca641d96a9bf48f5cbf7410d27b3cef723e49b6c4fbc4b3e4086e1700b9d09f2e2b6dd44c505f5ca4caefe6602692d159c80efdf526391ffffc35d6a0109327bdf99e8fbbd152ac4f86738e7b40b88583026c8a7126d4a3d5a687ca0446ee3a96b0fe3ba39444b7cf4d311cd88e6ba99a8c64b710093482b0a472885f0e553d568462231c2d4f3ebde44e58c64791343670428545bfca7d7f9ca627c482f7555a4f96e628adde017e93fa6f3e3cf4bd4b8679c19db9b2b2bc6ccb399c8ba8c7a28819f3d1e4305de43106bf100326161f3e439868a0ba942c5a268f9b6df4252d10928ffb7aee6ecb35315fd2b88fa0ac7d884319f5dfc8b0d2e525e779ee72651244944cc6cea32992bc6585b422eab50d6bf02c15160220712488fb5251878f5247c115e3a751065e3978cf102f17d7a8fe3dd1c4a5d04e16d585b9bf9ecf586d9b7e5b64a47a7796196b4fc41ba79f0548ec6641efc3cec34bbc5c7aa736606ea605bd711ed6812341c7c20434a2f224b2233e631a6678bf438072badaf8f894f52bc8a306ff5f27b5c5a31c84c48c868d7aff804f709f346f11711adf7f9e801a92292b846b8ab9447616ff5287c0d6687c795195cf5cd88030ec2a3d8d57d24fa508dc548c4c6d6f5c6c646df43431d7c3dea4d9aa4d932d9111a3e43bbc7bce925661e8bbbe184a5d837e3ddd124fdc7a9c4382eaa59dcd9ceb7b29c19b210c7530113824b0b3c2b799ac563f9127c19ca908506e8a12dde6eadb46fa2e2b4ea7836d39423b5287e04effabcf779f0b7abe59a2a7a5216b33fedbd457a84889be95ea064b8c6eef8e92e2f2fe05fb81996950495b68bf9ecdf17008f85dd0deb3785ac13c7332e42e27895a2964ba156b01722502deef4a428192a352de6ff8fe739dcfbf215895b3a7058c24c0f782fa51f1c2f6fb850e55d6363432be1b16494c423c8ef712b2ea6239a062820b0a8bb8fddf6a02128348ccf539f948bf120c10ce19650c8de558bf47c3d819bc895fae3d5f0520cee5ce5ac1a1c478a654e3e11dd3979e8bfbe3d8b2d82abc0f01045220ef684864300ed08ac3881cb925f5187a55018e9ffd0bc9d028754804f29a3ee2c3f4818bfd6f33327408b7ab1b9380e966349f90c1fdea10f1662871c3b7484df1559c61e2135e4324c8e00a1ef6e5acb87decd6714dec8e7c80c5209b93a475b2b72e7184d6f8716568104a9fde60280372ee15151472146acdf5b9c10ac88e6cf1bda7cbdf707910d98bbc7b2b5eb8d33b5108681952a0ba7b0bcc9ddac3297e0dc606de5f7345d4d4826c65de5ef66c3a9d14e04e29e1edd34806f78c8b2c160b4232cf0f65196000c13800c7fcd7c4509d43ea454cf1a83c1dfae2506f2b248214500e58038a40bc6d0ee84202b53cae3cd69498daef962e4af6115474208e72cc0dad6d0eb83276aac6912a3fe68c7a118cea470e3302945e7525af56ae39a1da0ec0e926076d804797b9fb76836f1051e0d869c3a126b83a8f7efa485a83a3d7bd21e3a1de4cbdd1f7142a2930f9bf7de6cf75918c103708cc74bb4a78975e1baa735cb9165007b1d1a5cbb4ec9a637ae1291e835ea0f68fe1e738d6b0968d85cbfc0fffc90e98f944515467f1c0a85435981adf1c488878872729750150785ccc4c66e536f862c3957b33c4d9650a6cb58571426643dac013f5df3ea851d4ea2bd2e1ce32ea3ba416ba6fe75c68994e3660f698bf32d4bad6a3123a21daa34fd7866be7f054769c16f965ee3eea55eaba03b56d9fbf11b3e0093a33c5bc28334b3c7acf0f224439613f6da6b0bf85958ef81f96af1ab471b5425a180f408e8ca4c5a74c383c4b536081466d7013362fcf678030e9df773cd0e75838c5989fef47af332b7565af6e8f6350082be2222fc3a0fa9689f8f8ccd30b664b08993213adf5aff065043cf03ec18d25af8a15fe18a64d2ce18ba81ca47bd4be78e12bef68505c51075768a1ab8568123cf5261e57b9e610e12f370abcfba99269576d0a3658f65df3d53892978e1cc63d7f3d5ece0a28f561b7cd935f392fa97780937bf18c8df2a7de54256fe26607322b3fea0f40550628f0efe5652172fe445e26310a15d16fa998be812601f1cb0d5d3babb7f0e90ca26b503339e1cc8f6c3cb06cc90986fb3264417e29ce5830aff0493d1399666cbce27a4b30edca99bcbc01c8549e5d2906bfdbec828d3f21ec5fddd266ea12a8e4645a4645b0f07191f227863e277b0a81a63c862512ea1d6573d57673d08a22b193b0a58fe3e78096aebe3fdd30afa2c900a3bf6dfd3b5cc772bacefdf4f3d2f2f962b225de183b5f416424bf01dc448a61d33fc6afe2682d99331cc7c213fd87bf81e81095cdc2a5e0cce3303b6bb45d9ef12e2ed714da8c18c553d9abfa827e3aedf50742c8955d8b9ae7c22ab34f4569699f392aee1c43eb0b7495000fec939e5e460c98c9169dcfb0fbd60f301e14b1fa2446b99964cefca26bc924e4edb8321135b85f76f32b85a9f7e82ed61005153ef5be6db695f466a965f23a5bfd3f1d345573f90d008274da75100557a946e88690f5a0d52702460a38295b271c5bdb6ab28fa4b7610c8fafa558c2d2030d6b00613fabaf2f5bf7ece199e3850ac9a36a2c8f5f56afc99da710b2eeaf994505dd11e4ed8a98401c343d37fcd75ecd8d826901b8153a9d55ff5f8495313c1f4e5cc3436c4b884e9571239c3f32b61401aeb4172ed8b7f0cd787acc0afd9963272e115b709df9b4d81090943ad1e5bd565bc43995221d73ce2c734979ac5f86ab2b1cc69478681f7389a39e0f4794caed861e0b0de966fd7fda63d4f16107340c3ff9cb74bb060bb3de08b5cc10113d4bbcb71fe05bf2cc3c06d8b4bf72e8c2e0c4a8c3c525a47268d47802111447c7d2a88e2eee172e2687d29af2702cf3cb93329447d9f04f3bc26ee9b5750b70aa26ddfbb2789f19752887144dfacad0b51a6c90b4817fc4be483b57a641df847e6d9e3a530c3b0b6c0c54a5fb20dec76f0b1183eae79006a012dacaaa294b5c7bbf411e0faf87375441e498cb8515de0e996a04e640ea019a6b285649a74e25a06994a28433dddd8a762bbf4b0749c46c4087c3c7013c3e3bd633ec5b462dbf2d13ccae05430134986317edc143ed9ae66115b9c164e1f9902e8d1a783d5caf58f96d40eaeedfd7b973a838a56a43d206ae1d4cbdfd6606f0208ca235e8fee8c6c5f4408f993760e6d8a71e4411707db03e79eb8e24cad81b918fd084bf31f113a0e5dbfb9c5a83300d409692b55059b13161d1b90cfa6b19220c77aaf25cc08219d94f3d00f08e0eecbe44e8f5932022944b14b54bed6e061784403922e87312c65014e03b749b4a684023768c51d499ad535ca809923f62057246e0471e0de4a360857cf7e8228b7a97ead001c28234f25046bed4d6898d5e7a0de3e2a171b9795bf9b9ada1e6914a1081292bba4b80a0cac44e336329c57757c592d0120367c67d07232db105cbd2f6f6dafadf72b50a25a18b8fdb4150cc904fdaa892ab2868ca1771e6af7f5f8f8e11bfb9796bedb5cca0bd26672e7d3aa73477e82057d3a552347b86a566d468ab48ad3372521fe4e75fc12d82ec38f7693b5926073dc40c02a370b0424ea63804c94a210ec8ac4ebdac6063f479f6c9b0de95da5a2b37374f7cdf9263e7dae395d1790c0990dcc21394b3f806fc41ecf574010906c06bef4b6b05014ea99a0cf0490fbc1bab63d76f13da15efe6f42ed042449ac429a7323b723acf37b8c7449064b71d3ae9a11737a86f7d3713e4ea545d6feb727cb902ee02bf5dfe4ba20462b7f8aec3568c160a107b2972602ecc91b6c2f8a028b92eeb2dc0893edf361a1d52e67197811e895a67eeb324511896ad911016474b320618355102c72f8335655bd4f086a144827db0685be839ea77e5d7c90ddf19d5725840e48b03f19498e9e24bc1ac8ca86b792945b7c4d13d0854f69ecae2af75dc82ec92c2622b4f50e52a7f36c0ed9ed9c5c40852a9d27d33528d06a6c057c2099fa88b304bbdedaef25638e9bc50d954840d7a45a954186785cbca77f4c066c112a32deb58edd4f90b49858186b70ee5cad98fdfe95a3b19ed74f841ad3f5c59a36aa034992ff444b5630794e4755b1903e47f353a40dac3cc4b6713ddccf37a5674a9500b4600933f4d42f30b9500f427935eacbbf45336549beae121d61cec2afa5bffc4bcc86ef0183324dd39d60c8b832762c8a0d4b860fd9a048f7c247f0ed75fd6d5bfdbb0817da2e2a88c3d825cd70a279c447e0d33494e7672301aa08c276e0a327973fb091ef373596fbaa046a67457b4d968fc6e7cb25dd5145325629c56f6bd80b4240f2ff16e3d97b99b8e1e6c6e03b2e7ef90bfd311e1e95668f137aaa7d1f961fb4512367002be1d8eaa5cdef25eb8e884d37a3e594190063b98ff841fbc7dccc3a022ff4cda04b54e10d3c0b0d791d53e24546f8cbf4ac301893b89d21e8f924fe327a6071a498e1a0603dea4ae9fe9a5135b4d51c02bacaa95e386d32d152460a5354760b4aa8f171f1a6ca05c5d22f607305659c377845c5f2c949d464601438f6447f69c95ad8bf005103bd6c8db98b134b2f74e747c018eb6525f1b8ff5752d281ac4ee20935c277e4496eacaaa300de169155f519f2b851c24f8734e48e0b53bf801dd0e5624b10750d07a614615b1dc0793ac029e95ce172fb326fae3864f44fe59dee39dbd8d415f8b57d62761c51f3648b96f9dd1d0ef21339d96e85d3b75b059b3267bc429598392e1bc7157d31e201589e83065df9ed7d2f3f351c2771f4beae5f9fb7f54dea748f0f98621ba4efdd1fc4fe1483aa3a622dc16e2ba58a39b207a5e2488c5919e33a48bb2f4cce9ce766eec531dc291441a529c3eebfb5c44f9b2998020b800392037357cba3c6fad3c311b7ba1ba3cf5b59e21463e4f9cb1dd10c25d4f35eefc7df7816feec877a5f525e8ef50e6a039a96bdb0d90fbb8c9977ca99d8ff5fdfb8caff643b1b0843be881e19af9c0c0ce5fdcfb5dd98d40e464ba6055b6cee3b8d0fcc674ad7ca02d29e7e9ea812f0cf7259d32d0363df4f0d4dd821f1a28f589e8540ba34483e9497dc5f362ac84dd18353b3386b8ef67f1eec4f6f1faa8db16bd781b942ba689ec2299ddc6f7fb8763c61c65b78a66c69179754488870c53e69cbc6cefb04f297d10ff491f6e1babd564d9b52d8541bbad3b79a5eb7f56a711a9e5c406737a2bb57d09c0b715c07049603d16870806f369d1247c6b0d7a919392d34b21026639b58689b8c519203c2fe5ae04092ced3bbc7740e6698c757afdcd47735f7a82af297127d3c3e68acfb11b0d89c143167e8ec03ea402f564b544e839457020fc391a99c3195433737cd11891d466f8f707f4f09310f8aa043d711aad0ff16509d39aa7ec3ebcb4e36380ff270e19f40", 0x1000}, {&(0x7f0000003880)="9cf9575da863f48ddee78db817ae0fc4f5949939dd07b54a5785980d07c9eae27ae595f8a1ad96402ffd56394aa488d513064128706cdd389fbc0fc59679e9bc920eff2880f5c57de37528b69667e6a3d8c13da469e3c171d879fe33f053d834bf49cf69cbf6b272d3af116e2a487f456ab1787bc5e77daaf40de1131f93a8578937594d07f44133b1cbe6e5a163708e3b964d24a9c42748796351d9821a2249b70852829e7c78510df3425c36bdb1da8b7223e94301badc9e42a2db81e1dcf93cf4c6c997818f365a6c07e8e3ce4e4edac91c1c586a8dfa77468316b8d3132cd23434a0c43acad184e1e8e93689444260c0eb2a2e709e31f4be33e3101cba0ab6a398df293efe1787086fce27bb7b9cc92aee65c8acfe8a4a8fc09d73a348868e8f6d9898bcc07f49bcc0b4154a88730093953204ad929410e5daee0d58ead37b1862ae16abf9ed050706e68f984c873a31b712184f671e5110798b95e575347cf9b2e033c18246b193ae477184ebb494f57397b79c7a06260c1b9f65a9666b94d9d022087753552bad4f9b7cbe55d1f466a7d9067d31a2f90c438c520a7a08e3831ebeeae72df20f475e55cc19ec323e48fe333d5cd3c5ed5fcb9677f1916875ea291853b51c5838deaada7e3c38ad96476622d09c189207c3dc8858196b6195a179f3c571a4ba2e2957a97a532c7cc75f85c6a4863925b1c473b7bcf151b851c659b382de4d73a829b5dc0d03b3cc88f2e2018b2550aeef241da0360fa87f87095a45b01cfb811fa192d061044ce4b823d3a4d066cd4a9c902b4f24949a91a5101e3575dcbf3c640ffc2a8c4702689767e3b0e44ebbeb5de7a74702d903e880918f60760ddd4606dec8903aa4a96ac9153290e8e80bd9cc49a0b6105c67659a29ee14444dddaa037c456543ee7f7a72d601408ee6b0f3113b72e615657ae8dff48f27ceccfa141722c3d9f438ae52ca202888a1ab59066c0e7b4ea9a44eab7b0db2c92af0cfa775fecef5dff636fb19ed65ef00d06010651af2c96e2694c2e5f0956d1611cfc95eeda97eebc8a8a7f7e3c622b8edba1d1d7f03dac49d9de4841ae124431cd84718f320aa756eccdd2a74af9db43dbaecb64b0537bdeafcefc14ebb7a831a5caa1bf70c006e845e8348a425b2b03e1672c8a2b84aa475311f19ecc497df9b37522b857a61d968d7fa52903a4da6140db4fb98f20d464652b90c30460defe26543f4ccb6cf027e76cd136ff7570c749728d5c77c3c34832a37fa36aecb4ca86855958cfeb50198d068f9305cf3c2d7e1ed8fde6b53bd2ec2fa92d48417ec88d3b6fa1821027e62edb4199607a87736eb4c2491ae58bf696c2a4c7c015c4a24f20a991b55ecd39459e3a1efa56966a4f6f5b4919d349f4562cbd4ea0f6e6753258bbdb5b56f88c4f788298cca9bea48b3c9d6a17afb8966d18b2b16a2b00ae6e0ca657cd5d0f3b0cfdb2d834d1e8016e2c5a7e48a989b06d641c7548d0352d196f3cb60268374f698933627708c169bad636df780641adae6f424c198eb2455f8459c1f4c339dd0f1f87e9fb3681e18c0e9179f3c37532b2129c1ac44bd2bf387b5ddb1740010fa13daacee31d1333f915567116decdeaafefed76db5a87307f5b7c96797de418167e35bcdda7e311af304e5c1dc224a9b2a75781865d1cf821446fd8c09f79ac097596276846866a774319ea25f24db824a6e46a8f77db5547cf12aed21e8fd68d435407e0de94456fdbe5439d166493bfaf40d9003eab7444efa71f9f6e1231fbfd4a1d52b9e54174637c7309bcbd502acd77cb8b39968e55ccbeb997b6f3438b99bac539e435b63ec4cd8e0ca7e75425c4be9df4c780e4fbe58c476da698ed101f02f2c438dd3b2e1fb0dbd2a94a908b97d84cc94879ee5650b5116766b2dc282ded7ebe451d9df7216c4a0f910d03bb476135fc3f684f660d8dc3849b2a51f084b9d7149f8fae6df3d01e2e831eb0de9d5296768b4ec8feaac4d7311db713d2d46a2fc2065e68a7abd5a82b13c5372a081cf1f65b919696d1f895f22b58b22967d06b3660ce5dd360fdeef99503eed7aa389a883744bcceb68fd547162a3514f5ede3eff03f14d7c52b8a72a566b28a0ce6bee495a92adab934a52efd2fe19a3f3246983c6c19932ded8dc4db40fe51952a826ed172727ce4150e8321a2dc2b6c66e83602bcf5331815c99f23ad8a0620518adb0e8674d6e85682dcd9e13ce25fe3a8f48b31d044572e961ab7aaff09dd6da3f9aaae0f93e9fb1c32db258a190e30a4f687fcf51ae3badcc1200d1ff4daef47a9bef37b9a9d8929a70edc1a016e2f9607e440d67bc07bd67d0e5b87b61d09f2b749bca90daaa9e27665c2883a120fc99f47f4f99f357a4cdd82bb6573152083be844badfcf17dda6b64f0c446b1f20828783d2da5284bec69676e0ac4b57294a7092ff6d9314c052f0a94a51c82692ba7ab7b3dc21527a6b41500da15026cb93e6730be70446b950856bd7d30bfc9c466c7b7485b1915427753a6d298f1b0c8a3b5248d6df2f6be1d3e875a73e7cc82d8e53bf9c596ce3b00d0e9c7830fd6f6501167f4c445c6f7e81efa3acd6a2832696f43e650bc3bf399417d90dc2328e3e7a00f76bfeb66cdf43ce996fc43fac06ddefc2273005d04d8f02b504780d9cbde8d0642c1d99d5293b46388a9afa0192bdf753230581b95d18e5301deb00c146d98c94cbbf807d97d05eb7ba6b90fce3b8484dab8ce868c9bb0f64e20125ec91219264b4a5456e1a3905ee3936093eed8cc1232df594b7d7b7868ac1ba7e7ee4790c7a32b32fbc08783b95e9f8e9c972436b78dfaa94f6a984dbb73327f18efa6f66469d886fc68c47b38d3be8f223ebf8ccfd86a55ec96b8cd8dd7854da1c010086e4e1a43bf176dc005c04a695cf729621307ee5bd1f043112d5ef4ac8254ca1d91faa0456c15412b05fecd60e3b6e69f263fc9efd0399d4ed17447b4291cd8029a1eaf85615ae0c93307d01e69c11043c992a4ad793b99453b3b3c16c659a1d0517906880ed0268bdc46ccbe691fce9b82496ae7a32c76414e79a90b3a7b17b2545c1a96eaf87fc2bb4551b26900afaf691d93da9e22811804f549046cf978d99418b4b3eac967c13b1f5c50b755510f1e413f05311801a0b053ce72a83d9dcc37acc06882e28c47827a1a3b4dffc288674363a70968cee31b7f7b998143d0d0dfc538a48bb5d05ad5f5853238b8279be003af52c3c9eb8fd0bbf8df02e0c2fb3accd9d82057fbb981d4897755da484d2603666630288edbdada75bcfe03f04968ec392a61010ae7b639d15dc839f0355b541fd7fc102a51f51af13a2a122e275d96742584d8904acc123411789fd48f4ae537b4c7d8be87abcbf990d71d7644c127859b5b867a109faf22f8a9af3eedda170fc4c30fb100535f5693a4c9212680469f21ef8b4b707c1bd3d13d93ea6ba8b518468a7439ed5397788a9640a0af1629090aa8926f7aaef13933d4cad864fc071901b8b3b983118290261c95d25751e01adc57c4dc752969f36e9bd41d12fe7804ebfe5470df49612a265fbb889bd5234b7b70767eba5ec2388b67bcc855ab9883bf312776c6a8f617e40b5ac15de73a57f644776a4a63641c8cbdebacd53e0a161555abc06465ad7c61559d6b1fe051366226c7bc383a7a691254124ab7d763857894f94eb65af8b8ea3d7f2054af33eb0c30b09b5325a39a2368d9aefdffb7ec60cc4d961e22415fe5d1989842cd6528f6cc35a8c457e6355687f07f894cbf73679bae97976f844bb54d73bcd0e88a6c7bda143ab70f10b04a5a9b5857664a366f6b7cda2ce4c3c00cfe05a6848a483a79a17b4d6cf533a5e24bb6846a31cac6724631d79aa5db180f8d76ab29de029f27e1ef4f85d9de310945eb2164a0bcd7ce08de061aeed2653de9b386716f191eefd46e173c24ab239326ff5ae1b9690dd9ae019e73af97d69574e0966c7e505c6e7898e8a1e5f546cf395c59ef9f263f891e56281a9e21d6b4ca5ba7e481fe629907d1e352de7fe8ca512815d25353f84fcaf5aac7b7a603ea5624f32a7d0008113e655424bbd03ae1a2651b00685e86aed62c306c1f2e82ad042bd4d9bac9901cb8b7f727e2abb8a5b029d5be4633cb691f4b01839edda3236a8839d86575d9e47896965dd140d213ef4db90834f852589c04663fd2004ada6c78b2a5edea7fbb47fbc7963f28e5489cc294f169c20d02525002e938fec47cffb1fb5581c75621f8b0526749d8d3c1aecc548540ddc7522792ff92e53061e5c26711b1bb3feeb759444e8226c2b3a2d1d42f3f26776f99641e5b7ac39d25b9d3c7ae610ab273a66c0d7c4d74e8dbab605d55926387620522322bfa34762b63651bb3bbdfb9f2974dfacb517491907298d77ea65c96ea60fd88b13cb408963875d9c3faf5aedf78c639aff999e0217b972e8a9eb300cf4938a53c0d1ac3c4363c73b3024ab054db26307693d02bbb4088b10112e3d0eef5b8792c5cd56f1d1e432b39c61f8c95f220cb833bfdf7eff745a530113bfafe7eddc75cf1468a3b1f931f92683c2004930927679be37c33b3b40b76b26dda4b3bf8de19f9e78f0ec6d13515525692b8d9480b245acf6e454c6d6f4b3805053ef1d09057c1eb959e21356bad3d0fad49a1665259fea3957acc712ace780bf1af4a3433713355f6dfa1a87858a97750f10114b17b40ae797f71705821e02bd124b9d843a822289ce869221b87239502bf43f461c805c8758f614e86706478a777fb655405ba23d9df7a262f48ddbf6b86bedf14b4d5e7d79bbd37c0cb7d63f3887d7a54bd4f916085a65c2d9af8ff0f6f47e2215712026192fd92965352287a4963214e4b14c5b6e075ac309593014669f6c7abcc0adcbe397e4668fd8d2a07dc50e7cb934ae201d2462c38cfad11441c2ce431ec18d1717bdd84be200ab6c2ceeacf398376ba661947df98e5218c0df703f3f0060ca59034bee0b6f36b8621fbc824499eb3286291afc4a747b0adeee9a78876ee3902cda97d6efe73e23561f5d5a5dc922c0efe7fe74533d0ac527bace7460bc9a05c3b3f6c744d69c27b74635361179aa43f62e66f336bbdb3a782032d7a2aaae20afc6e97357690c8015c64d6e6e404ad363a5b51d860383b94576ed14fa3d63c7ce77ca15e455e6f552f04facd2a8f88731d917f84e631d62fd799e48af69232287d1bf603a1bffe805114917a0", 0xe79}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900) sendmsg$inet(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000002c0)='|', 0x1}, {&(0x7f0000000300)="809eb0", 0x3}], 0x2}, 0x44000) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f6, &(0x7f0000000080)) r7 = perf_event_open$cgroup(&(0x7f0000000ac0)={0x1, 0x80, 0x4, 0xa, 0x6a, 0xfc, 0x0, 0x4804ca8d, 0x89100, 0x7, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0x14030, 0x2, 0x7, 0x9, 0x9e3, 0x40002c8, 0xcfe, 0x0, 0xd, 0x0, 0x7f}, r5, 0x1, 0xffffffffffffffff, 0x0) r8 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r7, @ANYBLOB="5ef86a06abddb88d077559beaf9cd2"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r9) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = gettid() gettid() r13 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) sendmsg$unix(r11, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000140)="9fc472004e21ffe6925577c52fc6f164c0441d9b430024aedeff", 0x1a}, {&(0x7f0000000340)="4f2c477f043095685172b5b90e9b98cf35df377ea5534f743c5b8b1f1962789b7fb587d1ea2a59d2dcbc2586b411348c961fca87a73446a508218772b749587f407b05833b921c655f83710d9178465ecbbac1736334a35ef144d677be76b1f6ab286c513d9cfe7d6179a612b2b7d3c2f43ce612a0099ddcea20b7f9f304f0f8c548e178447d8a5a781b2f51505b8b8128819d4909d39f84a54fe558492230af6bc59bb51f276be8a92dc4c48c6d6c035d7403a265e623102a157b7fde3f79bd8c0c77f9ba3a9b03e48ef5826a5ec68ea17a8f98ba046f33bd96c12c0aa784ad4cf5", 0xe2}, {&(0x7f0000000680)="48690816149885bbf3ad39c291c1297b2104393605765f40cc1a0caeb9ac48627dfa96561017212d6782e329801bfa1d792c07bab15adc20da856d9f98e2bb8cabd2f07be9a4bf75021b5d4aa019d0ad4bc0efbd94d0f0d8b1e422bcdf8ef9d041560cce1e6c03ac8df966fdae12ab30a3f1414a6f6392153d9d518dab349aca21181ae88e0684f51cbf3dbe4d0610a77491b4ed1be68307603f7300f52c3c508794865bde34b188a848acc82d38d003bcbf59a7ce2fb90d76d83486fffc1140d529e14af4", 0xc5}, {&(0x7f0000000840)="065573b5cf58571d9ddc31ff8e294621e73802efb5f176e72583948e2f2dd499aaeb390ab6dad503ee27dbe8c71a823bbb959264fe4cea94412c5c76e3b1441aabae4a6e3d38a07e201248a21486e740786a8a7980751246abaf11584103166422a624237c131df93218880cbbccfe8da32cd010dbaf0fe298f8229f90", 0x7d}], 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r12, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=r8, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="000000001c0000000000000001000000318379f3", @ANYRESHEX=r10, @ANYRESHEX=r1, @ANYRES32=0xee00, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r13, @ANYRES32=r5, @ANYRES32, @ANYBLOB="00000000100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB='\x00\x00\x00\x00'], 0xd8, 0x20000000}, 0x20000000) r14 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r14, 0x29, 0x6, &(0x7f0000000040), 0x3b) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000001c0)={0xfffffffc}, 0x10}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="0f00000004000000040000001200000000007f00bb14e5fd79f44725363a79e11654616b8e40abf1fecea5624e23e23d815efe1ca92da461b1a16cbb4ea231c90b85cf08599128a93c3d68ab236b121819140b5c4ce9f7b1ca21356cdebbbc32da12e7ef6f26d126e0b5fcc4bd1012882ce71610c682c8b901bbbd10ea696110f5a31c084aa0aefafa8daf6b7df0f30a017cfe4a0a55a75a8c4117eae9", @ANYRES8, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) 7.525922846s ago: executing program 1 (id=6962): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x640b9, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f0000000080), 0xc}, 0x1, 0x32, 0x43a1bd76, 0x8, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x81, 0x1, 0x1, 0x80}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1946}, 0x4000, 0x0, 0x0, 0x8, 0x7fff, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400, 0x8}, 0x4202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68888a8", 0x0, 0xaded, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0) r5 = socket$kcm(0x2, 0x5, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x3e, &(0x7f00000002c0)=r4, 0x4) write$cgroup_subtree(r4, &(0x7f00000000c0)=ANY=[], 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000007c0)={r2, 0x58, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001b00)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$cgroup_subtree(r8, &(0x7f00000000c0)={[{0x2d, 'cpuset'}]}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x12, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180000000200000000000000010100009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x1000, 0xa5, &(0x7f0000000580)=""/165, 0x41100, 0x4, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000840)=[r8, r2], &(0x7f0000000880)=[{0x2, 0x5, 0x5, 0x2}, {0x0, 0x1, 0x8, 0x7}, {0x2, 0x1, 0xf, 0x2}, {0x3, 0x3, 0x9, 0x4}, {0x4, 0x5, 0x8, 0x3}], 0x10, 0x5}, 0x94) 7.524480036s ago: executing program 2 (id=6963): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x4041, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x10006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x38}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800"/13], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000740)={0x0, 0x1, 0x8}, 0xc) socket$kcm(0x29, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 7.355030857s ago: executing program 0 (id=6964): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x3}, 0x2000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x89, 0x0, 0x0, 0x0, 0x6ddc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(r0, 0x84, 0x12, &(0x7f0000000040), 0x4) r2 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r3, 0x84, 0x71, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)="d8000000120081414e81f782db010000001d080b01008100e8fe55a1010115000600142603600e120800040000001101a80012000500014006000d30514d3afab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef6aa98516277ce06bba020017cbec040000000000000000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4688df216265e5dbf66f282ac027812cfbd3f1aeb4edbb57a7025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40d", 0xd8}], 0x1}, 0xc000) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x8, 0x1, 0x0, 0xfb, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xead3086ce9776e27}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xb, 0xffffffffffffffff, 0x0) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r2, 0x84, 0x10, &(0x7f0000000000)=r7, 0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r7, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0], 0x0, 0x9a, &(0x7f00000006c0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000700), &(0x7f0000000740), 0x8, 0xc7, 0x8, 0x8, &(0x7f0000000780)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000069107e000000000004000000000000009500004000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0xd0, &(0x7f0000000280)=""/208, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8}, 0x94) 7.231754738s ago: executing program 2 (id=6965): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x740b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40000100}, [@generic={0x40, 0x0, 0x8, 0x9, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40001) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0x1, r4, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r6 = socket$kcm(0x25, 0x5, 0x0) sendmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x408c050) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(r5, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) close(0xffffffffffffffff) 4.349015383s ago: executing program 3 (id=6966): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000840)={&(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000180)="f43add6d57a5507041eecc8bfe", 0xd}], 0x1, &(0x7f0000000700)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xd22}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xf296}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x8be}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}, @ip_ttl={{0x14, 0x0, 0x2, 0xd9c5}}, @ip_tos_int={{0x14}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xc}}}}, @ip_retopts={{0x88, 0x0, 0x7, {[@rr={0x7, 0x17, 0xf8, [@multicast1, @broadcast, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0xd}, @remote]}, @cipso={0x86, 0x21, 0x1, [{0x2, 0xd, "a6c67eab738bb62135729b"}, {0x2, 0xe, "9277b212950f6dd6f89f733a"}]}, @ssrr={0x89, 0x1f, 0x2d, [@local, @private=0xa010101, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @rand_addr=0x64010102, @private=0xa010100]}, @ssrr={0x89, 0xb, 0xca, [@multicast1, @empty]}, @end, @timestamp_addr={0x44, 0x14, 0xd8, 0x1, 0x6, [{@remote, 0x10000}, {@empty, 0x9}]}]}}}], 0x140}, 0x20) 4.327225763s ago: executing program 1 (id=6967): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x740b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40000100}, [@generic={0x40, 0x0, 0x8, 0x9, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x9c50f985ba27fb8a, 0x3, 0x40000000, 0x1, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x8) unlink(0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40001) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0x1, r4, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r6 = socket$kcm(0x25, 0x5, 0x0) sendmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x408c050) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(r5, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) close(0xffffffffffffffff) 4.270471894s ago: executing program 0 (id=6968): write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000480)='FROZEN\x00', 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{0x2, 0x2, 0xfffffffd}, {0x0, 0x4, 0x0, 0x2}, {0x0, 0x4, 0x10009, 0x1}], 0x10, 0xccd6}, 0x94) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b0ad25a80648c2594f90124fc60100c050000040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) getpid() r1 = perf_event_open$cgroup(&(0x7f0000000180)={0x2, 0x80, 0x6, 0x7, 0x0, 0x9, 0x0, 0x6, 0x40440, 0x9, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x4, 0x1}, 0x2, 0xca3, 0x81, 0x1, 0x4, 0xf, 0x8, 0x0, 0xfffffff6, 0x0, 0x8}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x40000200, &(0x7f0000001240)="debbc77c8009a6286cd47c16f5b5b7e02b7902552abeacdd5e15611d14c77b5c0154e546b8b5ee20cab0853a6d780a40ed31b669b155ca3e489cd4dded4272fd8261f770d6a89919b5a90fd26f07fded52a73b196c112f05253070e00c4ae7fc5ad83c414f7d58b391b5f8f70f7d40508f63742abeea7aab014c3fc8879453", 0x7f, 0x0, &(0x7f0000001300), &(0x7f0000001340)="543d74d8054e54e391d495e2bc35a45fe3ad050eed43677f753807e2a1d7f8a759c6ea13b11512ec5caede8452a185f4acac33ddb64910c7590ae4cf0bbb46e4a15432f8eff0bc312bac96ae0f7445ca0f60fb2b8c750ceac8f90620d21fad6587297325eaec7391587ffd1e28e54fa5f9e07bc72573a53a061495921e1c23ce69b8616f7342c05c9bed373fc069a54df01f4b") syz_open_procfs$namespace(r2, &(0x7f0000001440)='ns/cgroup\x00') perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xcc, 0x1, 0x1, 0x3, 0x0, 0x7, 0xb4955, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x6, 0x8}, 0x10, 0x4, 0x2662, 0x8, 0x8, 0xc9, 0x3, 0x0, 0x401, 0x0, 0x5}, r2, 0x5, r1, 0x2) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000240), &(0x7f0000000280)='%pS \x00'}, 0x20) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0}, 0x1000, 0x8, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r5) r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x0, 0x6, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x8081, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r7 = socket$kcm(0xa, 0x2, 0x73) setsockopt$sock_attach_bpf(r7, 0x29, 0x21, 0x0, 0x0) sendmsg$kcm(r7, &(0x7f0000000100)={&(0x7f0000000400)=@nl=@kern={0x10, 0x0, 0x0, 0x800}, 0x80, 0x0}, 0x810) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d241"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000000, 0x4, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) 4.269331504s ago: executing program 2 (id=6969): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x740b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x9c50f985ba27fb8a, 0x3, 0x40000000, 0x1, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40010) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40001) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x3) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r3) socket$kcm(0x25, 0x5, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) 4.250889734s ago: executing program 3 (id=6970): r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) openat$cgroup_ro(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000032090000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="06000000040000007c0500000a"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900), 0x404, r1, 0x0, 0x1ba8847c99}, 0x38) 3.355168652s ago: executing program 1 (id=6971): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000005c0)=r2, 0x12) r5 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x39) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r8, &(0x7f0000000100)='devices.deny\x00', 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x5, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000611214000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r9, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0) 3.354758012s ago: executing program 2 (id=6972): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000000000000000000000000085000000080000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0xd, 0x6}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1e000000feffffff01800000f8ffffff00600000", @ANYRES32, @ANYBLOB="8100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000020000000000000000000000000018a37d4c0c98277dbd2ed1751e128790dd8af1b2685c8c1a5edf6616b2e87ca4002aa5a8cfa50068f4ea81076e2e9ab7738e97c4af54ac6e8f3fe1228145d9743a112da96f0a4f39ca58c88afe171a5dedc4b19c0895c3d5bb009de733a9842c3e91955cd4b11678e63fe2d8b0be700087bd98"], 0x50) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1809000000ffffff00000000000000008510000002000000850000000f0000009500000000000000aa6849b4cd423bb07d5cbc8917ed46b64513610975f9ffe5f926d9b79d4d849592c8afa8a3a21533bc6ab61d08cdb861cc2ac94aaf2589e55079c5ebd1ba4f317d692025d3636a022d54ab12aca5664c9f4528544548e56d8f7168165b8058a417812a165061f6602f3434b464ec281e08d00e03ad86913e8fc591e22905289dd25090af450eefb1e47ea485bbd4a58c18e60e1c0583d44027806b7361c33de0c74511bb6a4e895860fa9f6e83c913440aad663aa30990fc1dd49845471800d1ac76ab95363ed672c53987b0c7b590997e4673933967d7c073a6c15f6a46"], 0x0, 0xfffffdff, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r2, 0x400454c9, 0x1) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000080)={'team0\x00', @local}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r5, 0xffffffffffffffff}, &(0x7f00000007c0), &(0x7f0000000640)=r4}, 0x20) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={r6, &(0x7f0000000300)}, 0x20) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) 3.354436202s ago: executing program 3 (id=6973): r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x0, 0x27, 0x0, 0x61) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r1}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r1}, 0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0x200000000000017b, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x5, 0xf, 0x0, 0x0, 0x400, 0x1e37cf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x200, 0x0, 0x4000000000000007, 0x0, 0x100}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a0000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=r4], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x7, 0x2, &(0x7f0000000000)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r6 = socket$kcm(0xa, 0x1, 0x106) sendmsg$inet(0xffffffffffffffff, 0x0, 0xc010) sendmsg$sock(r6, 0x0, 0x2004c040) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, 0x0) openat$cgroup_freezer_state(r7, 0x0, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0) 3.034984255s ago: executing program 0 (id=6974): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000005c0)=r2, 0x12) r5 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000040)=0x1, 0x12) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x39) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703320000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r8, &(0x7f0000000100)='devices.deny\x00', 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r9, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0) 2.755909487s ago: executing program 3 (id=6975): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfd20, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002d000b02d25a806f8c6394f9101a04000a740100067402000000000000800c6400f01700d1bd00000000", 0x33fe0}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a400fe00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c850000003f000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 2.717014117s ago: executing program 2 (id=6976): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x640b9, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f0000000080), 0xc}, 0x1, 0x32, 0x43a1bd76, 0x8, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x81, 0x1, 0x1, 0x80}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1946}, 0x4000, 0x0, 0x0, 0x8, 0x7fff, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400, 0x8}, 0x4202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68888a8", 0x0, 0xaded, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x26e1, 0x0) r5 = socket$kcm(0x2, 0x5, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x3e, &(0x7f00000002c0)=r4, 0x4) write$cgroup_subtree(r4, &(0x7f00000000c0)=ANY=[], 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000007c0)={r2, 0x58, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001b00)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$cgroup_subtree(r8, &(0x7f00000000c0)={[{0x2d, 'cpuset'}]}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x12, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180000000200000000000000010100009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x1000, 0xa5, &(0x7f0000000580)=""/165, 0x41100, 0x4, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000840)=[r8, r2], &(0x7f0000000880)=[{0x2, 0x5, 0x5, 0x2}, {0x0, 0x1, 0x8, 0x7}, {0x2, 0x1, 0xf, 0x2}, {0x3, 0x3, 0x9, 0x4}, {0x4, 0x5, 0x8, 0x3}], 0x10, 0x5}, 0x94) 2.490519429s ago: executing program 1 (id=6977): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x22, &(0x7f0000000000)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ldst={0x1, 0x3, 0x0, 0x9, 0x8, 0x18, 0xfffffffffffffff0}, @generic={0x2, 0xa, 0x7, 0x7, 0x9}, @map_val={0x18, 0x5, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}, @tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @map_idx={0x18, 0xa}], &(0x7f0000000140)='syzkaller\x00', 0x626e, 0xf, &(0x7f0000000180)=""/15, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x10, 0x1ff, 0x8}, 0x10, 0x5c7b, 0xffffffffffffffff, 0x4, &(0x7f0000000240)=[0x1], &(0x7f0000000280)=[{0x4, 0x3, 0xb, 0x2}, {0x4, 0x4, 0x1, 0x1}, {0x3, 0x5, 0x6}, {0x2, 0x2, 0x6, 0x2}], 0x10, 0x2}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@map=0xffffffffffffffff, 0x26, 0x0, 0x5, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz1\x00', 0x200002, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x1e, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7cbc, 0x0, 0x0, 0x0, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffd}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x1}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x101}}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_val={0x18, 0x8, 0x2, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @generic={0x3, 0x9, 0x8, 0x3, 0x5}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0xbb}]}, &(0x7f0000000640)='GPL\x00', 0x1, 0x7f, &(0x7f0000000680)=""/127, 0x41100, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000700)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000740)=[{0x1, 0x4, 0x3, 0xb}], 0x10, 0x23}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)={@cgroup=r3, r0, 0x1, 0x56, 0xffffffffffffffff, @void, @value=r4, @void, @void, r2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000008c0)={r1, 0x58, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000009c0)={r1, &(0x7f0000000900)="d6513619b063180c66c5a6b66cd233005f3263e5b2b12888f7d96f972b08c4a70c595b03cb860fd64ec3d931bfdb2da4bdfe239466bb001b501648db", &(0x7f0000000940)=""/122, 0x4}, 0x20) r6 = perf_event_open(&(0x7f0000000ac0)={0x4, 0x80, 0xce, 0x0, 0x5, 0xb, 0x0, 0x814a, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc52d, 0x1, @perf_config_ext={0x3, 0x1}, 0xa00, 0x9, 0x6, 0x1, 0x3, 0x1, 0xff, 0x0, 0xffffffff, 0x0, 0x3}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a40)={0x0, 0x80, 0x47, 0xff, 0x5, 0x9, 0x0, 0x3, 0x4008, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_bp={&(0x7f0000000a00), 0x2}, 0x0, 0x0, 0x1, 0x6, 0x9, 0xff, 0x4, 0x0, 0x5, 0x0, 0x7}, 0xffffffffffffffff, 0x8, r6, 0x3) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000b40)={r1, 0xffffffffffffffff}, 0x4) r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000d40)=@bpf_ext={0x1c, 0x7, &(0x7f0000000b80)=@raw=[@ldst={0x2, 0x0, 0x4, 0x5, 0x0, 0xfffffffffffffff8, 0x10}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, @map_fd={0x18, 0x2, 0x1, 0x0, r7}, @jmp={0x5, 0x0, 0x8, 0x7, 0xb, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x4}], &(0x7f0000000bc0)='syzkaller\x00', 0xffffff7f, 0x8, &(0x7f0000000c00)=""/8, 0x41100, 0xc, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000c40)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000c80)={0x0, 0x3, 0x800, 0xffffff7d}, 0x10, 0x117dd, r0, 0x2, &(0x7f0000000cc0)=[r1, r1, r1, r1], &(0x7f0000000d00)=[{0x2, 0x5, 0x8, 0x2}, {0x5, 0x3, 0xc, 0xb}], 0x10, 0x8c78}, 0x94) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000ec0)={r7, &(0x7f0000000e00)="188caeed43376e823e08a029eb8326d4fddfb58e4f3eb676011be7b7002a106a99ebf4d417be1025cd5be5c1e716263c60d88a9997157528678123e9437796f55f71beee5119f89d6ebec5009167e88aa71594a34c5773deffb398b4464334e3d1efde3c0c074b95d18211670b36636a36b955b8074b81d9d9a5a2cfaa8c13c3e4707ce4ea3c8e3633c5dcb688902e28d4c9e0998a6389b74d94b5c27c30b79bc1"}, 0x20) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000f00)={r0, r7}, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000f40)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r9, &(0x7f0000002200)={&(0x7f0000000f80), 0x6e, &(0x7f00000020c0)=[{&(0x7f0000001000)=""/102, 0x66}, {&(0x7f0000001080)=""/39, 0x27}, {&(0x7f00000010c0)=""/4096, 0x1000}], 0x3, &(0x7f0000002100)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xe0}, 0x41) r18 = openat$tun(0xffffffffffffff9c, &(0x7f0000002240), 0x100801, 0x0) ioctl$PERF_EVENT_IOC_ID(r12, 0x80082407, &(0x7f0000002280)) r19 = openat$tun(0xffffffffffffff9c, &(0x7f00000022c0), 0x501000, 0x0) ioctl$TUNSETPERSIST(r19, 0x400454cb, 0x0) r20 = gettid() perf_event_open(&(0x7f0000002340)={0x1, 0x80, 0x6, 0xa1, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f0000002300)}, 0x4000, 0x4, 0x10000, 0x3, 0xfffffffffffffff8, 0x3365, 0xfff, 0x0, 0x9, 0x0, 0xb34}, r20, 0x8, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000023c0)={@ifindex=r5, r14, 0xb, 0x5, 0xffffffffffffffff, @void, @value=r8, @void, @void, r2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002480)={r13, 0x58, &(0x7f0000002400)}, 0x10) perf_event_open(&(0x7f00000024c0)={0x4, 0x80, 0x91, 0x7, 0xe5, 0x9, 0x0, 0x2c13, 0x20000, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x2, @perf_config_ext={0x800000000000, 0x5}, 0xa0, 0x1ff, 0x29, 0x7, 0x2, 0x4, 0x8, 0x0, 0xfbf6, 0x0, 0xaccb}, 0xffffffffffffffff, 0x1, r10, 0x0) ioctl$TUNATTACHFILTER(r18, 0x401054d5, &(0x7f00000025c0)={0xa, &(0x7f0000002540)=[{0x7, 0x72, 0x20, 0x8001}, {0x7, 0x10, 0x2}, {0x8, 0x8, 0x8, 0x7fffffff}, {0x1, 0xff, 0xc, 0x4f9}, {0x8, 0x0, 0xc, 0xff}, {0xc4a, 0x7, 0x6, 0x3}, {0x2, 0x3, 0x8, 0x1}, {0x1, 0x2, 0x5, 0x4}, {0x8, 0x5, 0x5, 0x800}, {0x100, 0x9, 0xb0, 0x9b}]}) r21 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000002640)=@generic={&(0x7f0000002600)='./file0\x00', 0x0, 0x8}, 0x18) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000002680)={@fallback=r18, r21, 0x0, 0x48, 0x0, @void, @value=r17, @void, @void, r2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000003900)={r16, 0x0, 0xd3, 0x1000, &(0x7f00000026c0)="4a3d1a3813acbce7786a36efef626d3e7e403ff3d6bbd96ef5404bdba8ecd264d9a3af2747e5307ec315a2087857f3d9249d0333cc85bb628893e085cd6e485ca4d1089d365c8a0c02bcefa9c3867e7f986b7b1f6d1890f9b8d398ef39e6af214e329280ff23d370ab20c58d003add3de9e064803a41284a6510b242c8a0ddf9bd614dd4dc2a974904a5afeb6edbafc92025acb58c0b1fc886c9970d4e916f678fbc07e528bfc15bdb2642605a05b5764c17ec83b9f2a0a603b84c015b1df7e51013c8b57afbbf0798cd99d281536da127f05b", &(0x7f00000027c0)=""/4096, 0x401, 0x0, 0xeb, 0x3b, &(0x7f00000037c0)="eb80a8c2df7a552bd646e6bcd33acf746d0da81b402059b13d37858dbad5b6c213667277e0b867a9f8ab37523a52ec4c8dbe61f05a622a46633a72983d515561f195539ec88fdeb65d0a79c2230ef5cf77759d812c017b1b99a4e9cfee820a97de095a8ef95241b3f31dd19a855423237ee6f06754674110dea54e7e38b9c06b801d28e1b668d2ac6344e11db6f18e1d5de17dfacc0ffd0b54ebf4c376ce1c40616dd11ab2c92848a136199f335202f66d07b59f485bd1eaf39868aae2e8757f61a7bc3b84288bcbb3c4ad829e2940229f4c357389e06633ac7c6ee8a4d05392d047145cfea7a7bd2817ce", &(0x7f00000038c0)="b5fa7d6f8a2841ef98ba0b20eb7b745b0b7a60d0360fee1a02242f4ce2cff994f9dd6231460fdaa893cd0c4eda7159da51e4a4460d3531c0acfcf7", 0x4, 0x0, 0x3}, 0x50) r22 = bpf$ITER_CREATE(0x21, &(0x7f0000003980)={r11}, 0x8) setsockopt$sock_attach_bpf(r15, 0x1, 0x32, &(0x7f00000039c0)=r22, 0x4) 1.746433546s ago: executing program 3 (id=6978): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x740b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40000100}, [@generic={0x40, 0x0, 0x8, 0x9, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40010) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40001) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0x1, r4, 0x3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r6 = socket$kcm(0x25, 0x5, 0x0) sendmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x408c050) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(r5, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) close(0xffffffffffffffff) 0s ago: executing program 1 (id=6979): bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xf, 0x10001, 0x4004, 0x10002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x80}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000011000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x4}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94) socket$kcm(0x2, 0x1, 0x84) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0, 0x0, 0x7400}, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="190000000400000004000000ffff010000000000", @ANYRES32=0x1, @ANYBLOB="008000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/17], 0x48) kernel console output (not intermixed with test programs): an1: Trigger new scan to find an IBSS to join [ 1355.369856][T26179] FAULT_INJECTION: forcing a failure. [ 1355.369856][T26179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1355.390956][T26179] CPU: 0 PID: 26179 Comm: syz.1.6606 Not tainted syzkaller #0 [ 1355.398497][T26179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1355.408626][T26179] Call Trace: [ 1355.412281][T26179] [ 1355.415253][T26179] dump_stack_lvl+0x18c/0x250 [ 1355.420075][T26179] ? show_regs_print_info+0x20/0x20 [ 1355.425324][T26179] ? load_image+0x420/0x420 [ 1355.429886][T26179] ? __might_fault+0xaa/0x120 [ 1355.434639][T26179] ? __lock_acquire+0x7d40/0x7d40 [ 1355.439707][T26179] should_fail_ex+0x39d/0x4d0 [ 1355.444414][T26179] _copy_from_user+0x2f/0xe0 [ 1355.449026][T26179] ___sys_sendmsg+0x1c7/0x360 [ 1355.453813][T26179] ? get_pid_task+0x20/0x1e0 [ 1355.458446][T26179] ? __sys_sendmsg+0x2a0/0x2a0 [ 1355.463327][T26179] ? __lock_acquire+0x7d40/0x7d40 [ 1355.468648][T26179] __se_sys_sendmsg+0x1c2/0x2b0 [ 1355.473520][T26179] ? __x64_sys_sendmsg+0x80/0x80 [ 1355.478482][T26179] ? lockdep_hardirqs_on+0x98/0x150 [ 1355.483760][T26179] do_syscall_64+0x55/0xa0 [ 1355.488184][T26179] ? clear_bhb_loop+0x40/0x90 [ 1355.492871][T26179] ? clear_bhb_loop+0x40/0x90 [ 1355.497561][T26179] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1355.503466][T26179] RIP: 0033:0x7f070259c819 [ 1355.507900][T26179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1355.527881][T26179] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1355.536314][T26179] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1355.544386][T26179] RDX: 0000000060044084 RSI: 0000200000000000 RDI: 0000000000000003 [ 1355.552373][T26179] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1355.560526][T26179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1355.568509][T26179] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1355.576508][T26179] [ 1355.791088][T26191] FAULT_INJECTION: forcing a failure. [ 1355.791088][T26191] name failslab, interval 1, probability 0, space 0, times 0 [ 1355.819392][T26191] CPU: 1 PID: 26191 Comm: syz.2.6609 Not tainted syzkaller #0 [ 1355.827111][T26191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1355.837223][T26191] Call Trace: [ 1355.840595][T26191] [ 1355.843556][T26191] dump_stack_lvl+0x18c/0x250 [ 1355.848286][T26191] ? show_regs_print_info+0x20/0x20 [ 1355.853519][T26191] ? load_image+0x420/0x420 [ 1355.858160][T26191] ? __might_sleep+0xe0/0xe0 [ 1355.862796][T26191] ? __lock_acquire+0x7d40/0x7d40 [ 1355.867874][T26191] should_fail_ex+0x39d/0x4d0 [ 1355.872613][T26191] should_failslab+0x9/0x20 [ 1355.877165][T26191] slab_pre_alloc_hook+0x59/0x310 [ 1355.882246][T26191] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1355.888015][T26191] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1355.893958][T26191] __kmem_cache_alloc_node+0x53/0x250 [ 1355.899386][T26191] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1355.905160][T26191] __kmalloc+0xa4/0x230 [ 1355.909373][T26191] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1355.915226][T26191] tomoyo_path_number_perm+0x248/0x620 [ 1355.920800][T26191] ? tomoyo_path_number_perm+0x217/0x620 [ 1355.926556][T26191] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1355.932061][T26191] ? ksys_write+0x1c4/0x260 [ 1355.936611][T26191] ? __fget_files+0x28/0x4b0 [ 1355.941213][T26191] ? __fget_files+0x28/0x4b0 [ 1355.945814][T26191] security_file_ioctl+0x70/0xa0 [ 1355.950774][T26191] __se_sys_ioctl+0x48/0x170 [ 1355.955422][T26191] do_syscall_64+0x55/0xa0 [ 1355.959859][T26191] ? clear_bhb_loop+0x40/0x90 [ 1355.964670][T26191] ? clear_bhb_loop+0x40/0x90 [ 1355.969356][T26191] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1355.975266][T26191] RIP: 0033:0x7f980bb9c819 [ 1355.979741][T26191] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1355.999625][T26191] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1356.008067][T26191] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1356.016049][T26191] RDX: 0000200000000900 RSI: 000000000000891e RDI: 0000000000000004 [ 1356.024118][T26191] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1356.032104][T26191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1356.040121][T26191] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1356.048143][T26191] [ 1356.054161][T26177] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1356.067012][T26191] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1356.073074][T26194] netlink: 168 bytes leftover after parsing attributes in process `syz.1.6610'. [ 1356.212494][T26199] FAULT_INJECTION: forcing a failure. [ 1356.212494][T26199] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1356.241254][T26199] CPU: 1 PID: 26199 Comm: syz.3.6611 Not tainted syzkaller #0 [ 1356.248826][T26199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1356.258979][T26199] Call Trace: [ 1356.262325][T26199] [ 1356.265316][T26199] dump_stack_lvl+0x18c/0x250 [ 1356.270090][T26199] ? show_regs_print_info+0x20/0x20 [ 1356.275469][T26199] ? load_image+0x420/0x420 [ 1356.280060][T26199] ? __might_fault+0xaa/0x120 [ 1356.284808][T26199] ? __lock_acquire+0x7d40/0x7d40 [ 1356.289910][T26199] should_fail_ex+0x39d/0x4d0 [ 1356.294673][T26199] _copy_from_user+0x2f/0xe0 [ 1356.299353][T26199] ___sys_recvmsg+0x176/0x590 [ 1356.304135][T26199] ? __sys_recvmsg+0x2a0/0x2a0 [ 1356.308980][T26199] ? ksys_write+0x1c4/0x260 [ 1356.313608][T26199] ? __fget_files+0x43d/0x4b0 [ 1356.318439][T26199] __x64_sys_recvmsg+0x20c/0x2e0 [ 1356.323498][T26199] ? ___sys_recvmsg+0x590/0x590 [ 1356.328671][T26199] ? trace_sys_enter+0x1f/0x80 [ 1356.333624][T26199] do_syscall_64+0x55/0xa0 [ 1356.338114][T26199] ? clear_bhb_loop+0x40/0x90 [ 1356.342952][T26199] ? clear_bhb_loop+0x40/0x90 [ 1356.347724][T26199] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1356.353710][T26199] RIP: 0033:0x7f9fc8d9c819 [ 1356.358188][T26199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1356.378000][T26199] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1356.386794][T26199] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1356.394922][T26199] RDX: 0000000000002002 RSI: 00002000000001c0 RDI: 0000000000000006 [ 1356.402984][T26199] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1356.411019][T26199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1356.419057][T26199] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1356.427192][T26199] [ 1356.510503][T26201] netlink: 'syz.2.6612': attribute type 10 has an invalid length. [ 1356.590629][T26201] team0: Device wg1 is of different type [ 1357.283022][T25582] wlan1: Trigger new scan to find an IBSS to join [ 1357.407574][T26213] FAULT_INJECTION: forcing a failure. [ 1357.407574][T26213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1357.428631][T26213] CPU: 0 PID: 26213 Comm: syz.0.6615 Not tainted syzkaller #0 [ 1357.436261][T26213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1357.446459][T26213] Call Trace: [ 1357.449779][T26213] [ 1357.452768][T26213] dump_stack_lvl+0x18c/0x250 [ 1357.457508][T26213] ? show_regs_print_info+0x20/0x20 [ 1357.462769][T26213] ? load_image+0x420/0x420 [ 1357.467373][T26213] ? __might_fault+0xaa/0x120 [ 1357.472278][T26213] ? __lock_acquire+0x7d40/0x7d40 [ 1357.477441][T26213] should_fail_ex+0x39d/0x4d0 [ 1357.482174][T26213] _copy_from_user+0x2f/0xe0 [ 1357.486812][T26213] __sys_bpf+0x23e/0x890 [ 1357.491103][T26213] ? bpf_link_show_fdinfo+0x390/0x390 [ 1357.496533][T26213] ? lock_chain_count+0x20/0x20 [ 1357.501426][T26213] __x64_sys_bpf+0x7c/0x90 [ 1357.505966][T26213] do_syscall_64+0x55/0xa0 [ 1357.510595][T26213] ? clear_bhb_loop+0x40/0x90 [ 1357.515396][T26213] ? clear_bhb_loop+0x40/0x90 [ 1357.520195][T26213] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1357.526118][T26213] RIP: 0033:0x7f3b7699c819 [ 1357.530656][T26213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1357.550660][T26213] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1357.559303][T26213] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1357.567494][T26213] RDX: 0000000000000094 RSI: 0000200000000640 RDI: 0000000000000005 [ 1357.575608][T26213] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1357.583771][T26213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1357.591789][T26213] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1357.599997][T26213] [ 1357.649773][T26220] FAULT_INJECTION: forcing a failure. [ 1357.649773][T26220] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1357.663416][T26220] CPU: 1 PID: 26220 Comm: syz.3.6619 Not tainted syzkaller #0 [ 1357.670929][T26220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1357.681048][T26220] Call Trace: [ 1357.684368][T26220] [ 1357.687343][T26220] dump_stack_lvl+0x18c/0x250 [ 1357.692084][T26220] ? show_regs_print_info+0x20/0x20 [ 1357.697345][T26220] ? load_image+0x420/0x420 [ 1357.701905][T26220] ? __might_fault+0xaa/0x120 [ 1357.706845][T26220] ? __lock_acquire+0x7d40/0x7d40 [ 1357.711917][T26220] should_fail_ex+0x39d/0x4d0 [ 1357.716828][T26220] _copy_from_user+0x2f/0xe0 [ 1357.721555][T26220] ___sys_sendmsg+0x1c7/0x360 [ 1357.726789][T26220] ? get_pid_task+0x20/0x1e0 [ 1357.731443][T26220] ? __sys_sendmsg+0x2a0/0x2a0 [ 1357.736277][T26220] ? __lock_acquire+0x7d40/0x7d40 [ 1357.741387][T26220] __se_sys_sendmsg+0x1c2/0x2b0 [ 1357.746274][T26220] ? __x64_sys_sendmsg+0x80/0x80 [ 1357.751411][T26220] ? lockdep_hardirqs_on+0x98/0x150 [ 1357.756653][T26220] do_syscall_64+0x55/0xa0 [ 1357.761081][T26220] ? clear_bhb_loop+0x40/0x90 [ 1357.765771][T26220] ? clear_bhb_loop+0x40/0x90 [ 1357.770460][T26220] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1357.776369][T26220] RIP: 0033:0x7f9fc8d9c819 [ 1357.780807][T26220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1357.800425][T26220] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1357.808855][T26220] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1357.816845][T26220] RDX: 0000000004000081 RSI: 0000200000000000 RDI: 0000000000000003 [ 1357.824835][T26220] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1357.833163][T26220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1357.841144][T26220] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1357.849277][T26220] [ 1358.117375][T26230] FAULT_INJECTION: forcing a failure. [ 1358.117375][T26230] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1358.170956][T26230] CPU: 1 PID: 26230 Comm: syz.3.6622 Not tainted syzkaller #0 [ 1358.178648][T26230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1358.188851][T26230] Call Trace: [ 1358.192175][T26230] [ 1358.195136][T26230] dump_stack_lvl+0x18c/0x250 [ 1358.199882][T26230] ? show_regs_print_info+0x20/0x20 [ 1358.205106][T26230] ? load_image+0x420/0x420 [ 1358.209628][T26230] ? __might_fault+0xaa/0x120 [ 1358.214324][T26230] ? __lock_acquire+0x7d40/0x7d40 [ 1358.219403][T26230] should_fail_ex+0x39d/0x4d0 [ 1358.224105][T26230] _copy_from_user+0x2f/0xe0 [ 1358.228715][T26230] __sys_bpf+0x23e/0x890 [ 1358.233080][T26230] ? bpf_link_show_fdinfo+0x390/0x390 [ 1358.238522][T26230] ? lock_chain_count+0x20/0x20 [ 1358.243414][T26230] __x64_sys_bpf+0x7c/0x90 [ 1358.247852][T26230] do_syscall_64+0x55/0xa0 [ 1358.252289][T26230] ? clear_bhb_loop+0x40/0x90 [ 1358.256989][T26230] ? clear_bhb_loop+0x40/0x90 [ 1358.261857][T26230] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1358.267769][T26230] RIP: 0033:0x7f9fc8d9c819 [ 1358.272213][T26230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1358.291932][T26230] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1358.300445][T26230] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1358.308689][T26230] RDX: 0000000000000028 RSI: 00002000000000c0 RDI: 0000000000000012 [ 1358.316727][T26230] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1358.324716][T26230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1358.332701][T26230] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1358.340797][T26230] [ 1358.391718][T26222] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1358.565212][T26237] netlink: 'syz.2.6625': attribute type 29 has an invalid length. [ 1358.600040][T26237] netlink: 'syz.2.6625': attribute type 29 has an invalid length. [ 1358.667141][T26242] tap0: tun_chr_ioctl cmd 35108 [ 1358.730374][T26244] FAULT_INJECTION: forcing a failure. [ 1358.730374][T26244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1358.751296][T26244] CPU: 0 PID: 26244 Comm: syz.2.6627 Not tainted syzkaller #0 [ 1358.758930][T26244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1358.769215][T26244] Call Trace: [ 1358.772533][T26244] [ 1358.775633][T26244] dump_stack_lvl+0x18c/0x250 [ 1358.780409][T26244] ? show_regs_print_info+0x20/0x20 [ 1358.785737][T26244] ? load_image+0x420/0x420 [ 1358.790392][T26244] ? __might_fault+0xaa/0x120 [ 1358.795122][T26244] ? __lock_acquire+0x7d40/0x7d40 [ 1358.800221][T26244] should_fail_ex+0x39d/0x4d0 [ 1358.805042][T26244] _copy_from_user+0x2f/0xe0 [ 1358.809655][T26244] ___sys_sendmsg+0x1c7/0x360 [ 1358.814485][T26244] ? __sys_sendmsg+0x2a0/0x2a0 [ 1358.819365][T26244] ? __lock_acquire+0x7d40/0x7d40 [ 1358.824628][T26244] __se_sys_sendmsg+0x1c2/0x2b0 [ 1358.829827][T26244] ? __x64_sys_sendmsg+0x80/0x80 [ 1358.834816][T26244] ? lockdep_hardirqs_on+0x98/0x150 [ 1358.840058][T26244] do_syscall_64+0x55/0xa0 [ 1358.844602][T26244] ? clear_bhb_loop+0x40/0x90 [ 1358.849335][T26244] ? clear_bhb_loop+0x40/0x90 [ 1358.854120][T26244] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1358.861098][T26244] RIP: 0033:0x7f980bb9c819 [ 1358.865624][T26244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1358.885341][T26244] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1358.893788][T26244] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1358.901866][T26244] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 1358.909854][T26244] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1358.917931][T26244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1358.926008][T26244] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1358.934108][T26244] [ 1359.202809][ T1129] wlan1: Trigger new scan to find an IBSS to join [ 1359.454168][T26254] netlink: 'syz.2.6629': attribute type 29 has an invalid length. [ 1359.484300][T26254] netlink: 'syz.2.6629': attribute type 29 has an invalid length. [ 1359.827058][T26267] FAULT_INJECTION: forcing a failure. [ 1359.827058][T26267] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1359.861216][T26267] CPU: 1 PID: 26267 Comm: syz.3.6635 Not tainted syzkaller #0 [ 1359.868869][T26267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1359.879048][T26267] Call Trace: [ 1359.882474][T26267] [ 1359.885438][T26267] dump_stack_lvl+0x18c/0x250 [ 1359.890178][T26267] ? show_regs_print_info+0x20/0x20 [ 1359.895439][T26267] ? load_image+0x420/0x420 [ 1359.899988][T26267] ? __might_fault+0xaa/0x120 [ 1359.904805][T26267] ? __lock_acquire+0x7d40/0x7d40 [ 1359.910062][T26267] should_fail_ex+0x39d/0x4d0 [ 1359.914879][T26267] _copy_from_user+0x2f/0xe0 [ 1359.919605][T26267] ___sys_sendmsg+0x1c7/0x360 [ 1359.924462][T26267] ? __sys_sendmsg+0x2a0/0x2a0 [ 1359.929450][T26267] ? __lock_acquire+0x7d40/0x7d40 [ 1359.934692][T26267] __se_sys_sendmsg+0x1c2/0x2b0 [ 1359.939601][T26267] ? __x64_sys_sendmsg+0x80/0x80 [ 1359.944667][T26267] ? lockdep_hardirqs_on+0x98/0x150 [ 1359.949932][T26267] do_syscall_64+0x55/0xa0 [ 1359.954390][T26267] ? clear_bhb_loop+0x40/0x90 [ 1359.959220][T26267] ? clear_bhb_loop+0x40/0x90 [ 1359.964060][T26267] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1359.970202][T26267] RIP: 0033:0x7f9fc8d9c819 [ 1359.974664][T26267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1359.994482][T26267] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1360.003054][T26267] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1360.011065][T26267] RDX: 0000000000004041 RSI: 0000200000000b00 RDI: 0000000000000003 [ 1360.019062][T26267] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1360.027145][T26267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1360.035236][T26267] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1360.043398][T26267] [ 1360.428662][T26277] netlink: 'syz.1.6637': attribute type 4 has an invalid length. [ 1360.458358][T26277] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6637'. [ 1360.498083][T26281] tap0: tun_chr_ioctl cmd 35108 [ 1360.524084][T26280] netlink: 'syz.2.6641': attribute type 1 has an invalid length. [ 1360.548552][T26280] netlink: 'syz.2.6641': attribute type 3 has an invalid length. [ 1360.560302][T26280] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6641'. [ 1360.974567][T26276] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1360.990239][T26287] netlink: 14 bytes leftover after parsing attributes in process `syz.1.6637'. [ 1361.054167][T26288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1361.281589][ T2950] wlan1: Trigger new scan to find an IBSS to join [ 1361.363525][T26298] FAULT_INJECTION: forcing a failure. [ 1361.363525][T26298] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1361.397812][T26300] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.6646'. [ 1361.408971][T26298] CPU: 0 PID: 26298 Comm: syz.2.6644 Not tainted syzkaller #0 [ 1361.416471][T26298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1361.416491][T26298] Call Trace: [ 1361.416501][T26298] [ 1361.416511][T26298] dump_stack_lvl+0x18c/0x250 [ 1361.416549][T26298] ? show_regs_print_info+0x20/0x20 [ 1361.416577][T26298] ? load_image+0x420/0x420 [ 1361.416605][T26298] ? __might_fault+0xaa/0x120 [ 1361.452256][T26298] ? __lock_acquire+0x7d40/0x7d40 [ 1361.457352][T26298] should_fail_ex+0x39d/0x4d0 [ 1361.462100][T26298] _copy_from_user+0x2f/0xe0 [ 1361.466756][T26298] __sys_bpf+0x23e/0x890 [ 1361.471054][T26298] ? bpf_link_show_fdinfo+0x390/0x390 [ 1361.476501][T26298] ? lock_chain_count+0x20/0x20 [ 1361.481494][T26298] __x64_sys_bpf+0x7c/0x90 [ 1361.485954][T26298] do_syscall_64+0x55/0xa0 [ 1361.490404][T26298] ? clear_bhb_loop+0x40/0x90 [ 1361.495301][T26298] ? clear_bhb_loop+0x40/0x90 [ 1361.500024][T26298] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1361.506048][T26298] RIP: 0033:0x7f980bb9c819 [ 1361.510560][T26298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1361.530453][T26298] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1361.539040][T26298] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1361.547062][T26298] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 1361.555093][T26298] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1361.563125][T26298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1361.567542][T26305] netlink: 'syz.3.6648': attribute type 1 has an invalid length. [ 1361.571204][T26298] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1361.571240][T26298] [ 1361.626649][T26305] netlink: 'syz.3.6648': attribute type 3 has an invalid length. [ 1361.690397][T26305] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6648'. [ 1361.746058][T26308] netlink: 'syz.3.6648': attribute type 10 has an invalid length. [ 1361.791625][T26308] netlink: 168 bytes leftover after parsing attributes in process `syz.3.6648'. [ 1361.824319][T26307] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6649'. [ 1361.885492][T26305] FAULT_INJECTION: forcing a failure. [ 1361.885492][T26305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1361.906282][T26307] netlink: 168 bytes leftover after parsing attributes in process `syz.2.6649'. [ 1361.918069][T26305] CPU: 1 PID: 26305 Comm: syz.3.6648 Not tainted syzkaller #0 [ 1361.925964][T26305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1361.936333][T26305] Call Trace: [ 1361.939737][T26305] [ 1361.942912][T26305] dump_stack_lvl+0x18c/0x250 [ 1361.947652][T26305] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1361.953956][T26305] ? show_regs_print_info+0x20/0x20 [ 1361.959745][T26305] ? load_image+0x420/0x420 [ 1361.964303][T26305] ? should_fail_ex+0x322/0x4d0 [ 1361.969199][T26305] should_fail_ex+0x39d/0x4d0 [ 1361.973918][T26305] _copy_from_user+0x2f/0xe0 [ 1361.978528][T26305] ___sys_sendmsg+0x1c7/0x360 [ 1361.983427][T26305] ? __sys_sendmsg+0x2a0/0x2a0 [ 1361.988240][T26305] __se_sys_sendmsg+0x1c2/0x2b0 [ 1361.993120][T26305] ? __x64_sys_sendmsg+0x80/0x80 [ 1361.998086][T26305] ? syscall_enter_from_user_mode+0x2e/0x80 [ 1362.004179][T26305] do_syscall_64+0x55/0xa0 [ 1362.009225][T26305] ? clear_bhb_loop+0x40/0x90 [ 1362.013922][T26305] ? clear_bhb_loop+0x40/0x90 [ 1362.018705][T26305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1362.024619][T26305] RIP: 0033:0x7f9fc8d9c819 [ 1362.029154][T26305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1362.048901][T26305] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1362.057366][T26305] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1362.065353][T26305] RDX: 0000000000008000 RSI: 0000200000001780 RDI: 0000000000000003 [ 1362.073429][T26305] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1362.081496][T26305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1362.089561][T26305] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1362.097651][T26305] [ 1362.140636][T26312] FAULT_INJECTION: forcing a failure. [ 1362.140636][T26312] name failslab, interval 1, probability 0, space 0, times 0 [ 1362.153850][T26312] CPU: 0 PID: 26312 Comm: syz.2.6651 Not tainted syzkaller #0 [ 1362.161451][T26312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1362.164896][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.171520][T26312] Call Trace: [ 1362.171532][T26312] [ 1362.171543][T26312] dump_stack_lvl+0x18c/0x250 [ 1362.178264][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.181178][T26312] ? show_regs_print_info+0x20/0x20 [ 1362.181220][T26312] ? load_image+0x420/0x420 [ 1362.181249][T26312] ? __might_sleep+0xe0/0xe0 [ 1362.209572][T26312] ? __lock_acquire+0x7d40/0x7d40 [ 1362.214739][T26312] should_fail_ex+0x39d/0x4d0 [ 1362.219487][T26312] should_failslab+0x9/0x20 [ 1362.224050][T26312] slab_pre_alloc_hook+0x59/0x310 [ 1362.229226][T26312] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1362.235070][T26312] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1362.240922][T26312] __kmem_cache_alloc_node+0x53/0x250 [ 1362.246435][T26312] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1362.252184][T26312] __kmalloc+0xa4/0x230 [ 1362.256528][T26312] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1362.262114][T26312] tomoyo_path_number_perm+0x248/0x620 [ 1362.267888][T26312] ? tomoyo_path_number_perm+0x217/0x620 [ 1362.273623][T26312] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1362.279128][T26312] ? ksys_write+0x1c4/0x260 [ 1362.283761][T26312] ? __fget_files+0x28/0x4b0 [ 1362.288382][T26312] ? __fget_files+0x28/0x4b0 [ 1362.293102][T26312] security_file_ioctl+0x70/0xa0 [ 1362.298043][T26312] __se_sys_ioctl+0x48/0x170 [ 1362.302845][T26312] do_syscall_64+0x55/0xa0 [ 1362.307296][T26312] ? clear_bhb_loop+0x40/0x90 [ 1362.312081][T26312] ? clear_bhb_loop+0x40/0x90 [ 1362.316883][T26312] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1362.322979][T26312] RIP: 0033:0x7f980bb9c819 [ 1362.327403][T26312] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1362.347388][T26312] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1362.355814][T26312] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1362.363816][T26312] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000011 [ 1362.371832][T26312] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1362.379847][T26312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1362.387942][T26312] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1362.396079][T26312] [ 1362.403704][ T2950] wlan1: Trigger new scan to find an IBSS to join [ 1362.479061][T26314] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1362.498273][T26312] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1362.518855][T26318] tap1: tun_chr_ioctl cmd 35108 [ 1362.801092][T26331] FAULT_INJECTION: forcing a failure. [ 1362.801092][T26331] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1362.871064][T26331] CPU: 1 PID: 26331 Comm: syz.0.6657 Not tainted syzkaller #0 [ 1362.878615][T26331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1362.888898][T26331] Call Trace: [ 1362.892207][T26331] [ 1362.895152][T26331] dump_stack_lvl+0x18c/0x250 [ 1362.899943][T26331] ? show_regs_print_info+0x20/0x20 [ 1362.905254][T26331] ? load_image+0x420/0x420 [ 1362.909784][T26331] ? __might_fault+0xaa/0x120 [ 1362.914480][T26331] ? __lock_acquire+0x7d40/0x7d40 [ 1362.919542][T26331] should_fail_ex+0x39d/0x4d0 [ 1362.924239][T26331] _copy_from_user+0x2f/0xe0 [ 1362.929304][T26331] __sys_bpf+0x23e/0x890 [ 1362.933602][T26331] ? bpf_link_show_fdinfo+0x390/0x390 [ 1362.939011][T26331] ? lock_chain_count+0x20/0x20 [ 1362.943983][T26331] __x64_sys_bpf+0x7c/0x90 [ 1362.948514][T26331] do_syscall_64+0x55/0xa0 [ 1362.953031][T26331] ? clear_bhb_loop+0x40/0x90 [ 1362.957817][T26331] ? clear_bhb_loop+0x40/0x90 [ 1362.962513][T26331] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1362.968419][T26331] RIP: 0033:0x7f3b7699c819 [ 1362.972920][T26331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1362.992631][T26331] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1363.001256][T26331] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1363.009274][T26331] RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005 [ 1363.017365][T26331] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1363.025441][T26331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1363.033424][T26331] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1363.041687][T26331] [ 1363.180115][T26335] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1363.680341][T26341] FAULT_INJECTION: forcing a failure. [ 1363.680341][T26341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1363.718017][T26343] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6663'. [ 1363.722425][T26341] CPU: 0 PID: 26341 Comm: syz.1.6662 Not tainted syzkaller #0 [ 1363.734688][T26341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1363.741829][T26343] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6663'. [ 1363.744797][T26341] Call Trace: [ 1363.744813][T26341] [ 1363.760080][T26341] dump_stack_lvl+0x18c/0x250 [ 1363.765036][T26341] ? show_regs_print_info+0x20/0x20 [ 1363.770413][T26341] ? load_image+0x420/0x420 [ 1363.775037][T26341] ? __might_fault+0xaa/0x120 [ 1363.780057][T26341] ? __lock_acquire+0x7d40/0x7d40 [ 1363.785172][T26341] should_fail_ex+0x39d/0x4d0 [ 1363.789945][T26341] _copy_from_user+0x2f/0xe0 [ 1363.794731][T26341] ___sys_sendmsg+0x1c7/0x360 [ 1363.799468][T26341] ? get_pid_task+0x20/0x1e0 [ 1363.804151][T26341] ? __sys_sendmsg+0x2a0/0x2a0 [ 1363.809079][T26341] ? __lock_acquire+0x7d40/0x7d40 [ 1363.814284][T26341] __se_sys_sendmsg+0x1c2/0x2b0 [ 1363.819223][T26341] ? __x64_sys_sendmsg+0x80/0x80 [ 1363.824286][T26341] ? lockdep_hardirqs_on+0x98/0x150 [ 1363.829674][T26341] do_syscall_64+0x55/0xa0 [ 1363.834159][T26341] ? clear_bhb_loop+0x40/0x90 [ 1363.838906][T26341] ? clear_bhb_loop+0x40/0x90 [ 1363.843669][T26341] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1363.849632][T26341] RIP: 0033:0x7f070259c819 [ 1363.854107][T26341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1363.874216][T26341] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1363.883201][T26341] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1363.891207][T26341] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004 [ 1363.899298][T26341] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1363.907305][T26341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1363.915318][T26341] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1363.923359][T26341] [ 1364.022300][T26351] tap0: tun_chr_ioctl cmd 35108 [ 1365.155161][T26362] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1365.673951][T26385] __nla_validate_parse: 3 callbacks suppressed [ 1365.673970][T26385] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6676'. [ 1365.690429][T26385] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6676'. [ 1365.729461][T26387] Q±6ã`Ò˜: renamed from lo (while UP) [ 1365.749224][T26385] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6676'. [ 1365.892704][T26376] delete_channel: no stack [ 1365.928748][T26389] FAULT_INJECTION: forcing a failure. [ 1365.928748][T26389] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.956400][T26389] CPU: 0 PID: 26389 Comm: syz.0.6678 Not tainted syzkaller #0 [ 1365.964110][T26389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1365.974314][T26389] Call Trace: [ 1365.977717][T26389] [ 1365.980678][T26389] dump_stack_lvl+0x18c/0x250 [ 1365.985415][T26389] ? show_regs_print_info+0x20/0x20 [ 1365.990746][T26389] ? load_image+0x420/0x420 [ 1365.995298][T26389] ? __might_sleep+0xe0/0xe0 [ 1365.999926][T26389] ? __lock_acquire+0x7d40/0x7d40 [ 1366.005161][T26389] should_fail_ex+0x39d/0x4d0 [ 1366.009885][T26389] should_failslab+0x9/0x20 [ 1366.014427][T26389] slab_pre_alloc_hook+0x59/0x310 [ 1366.019518][T26389] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1366.025467][T26389] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1366.031229][T26389] __kmem_cache_alloc_node+0x53/0x250 [ 1366.036653][T26389] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1366.042409][T26389] __kmalloc+0xa4/0x230 [ 1366.046610][T26389] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1366.052202][T26389] tomoyo_path_number_perm+0x248/0x620 [ 1366.057886][T26389] ? tomoyo_path_number_perm+0x217/0x620 [ 1366.063660][T26389] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1366.069167][T26389] ? ksys_write+0x1c4/0x260 [ 1366.073771][T26389] ? __fget_files+0x28/0x4b0 [ 1366.078404][T26389] ? __fget_files+0x28/0x4b0 [ 1366.083079][T26389] security_file_ioctl+0x70/0xa0 [ 1366.088070][T26389] __se_sys_ioctl+0x48/0x170 [ 1366.092710][T26389] do_syscall_64+0x55/0xa0 [ 1366.097259][T26389] ? clear_bhb_loop+0x40/0x90 [ 1366.101973][T26389] ? clear_bhb_loop+0x40/0x90 [ 1366.106691][T26389] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1366.112626][T26389] RIP: 0033:0x7f3b7699c819 [ 1366.117085][T26389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1366.136744][T26389] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1366.145205][T26389] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1366.153219][T26389] RDX: 0000200000001340 RSI: 0000000000008923 RDI: 0000000000000004 [ 1366.161232][T26389] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1366.169230][T26389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1366.177400][T26389] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1366.185418][T26389] [ 1366.249699][ T1129] wlan1: Trigger new scan to find an IBSS to join [ 1366.259859][T26389] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1366.661856][T26401] validate_nla: 3 callbacks suppressed [ 1366.661901][T26401] netlink: 'syz.2.6681': attribute type 4 has an invalid length. [ 1366.688167][T26401] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.6681'. [ 1366.709321][T26404] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6681'. [ 1366.760379][T26410] FAULT_INJECTION: forcing a failure. [ 1366.760379][T26410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1366.779203][T26410] CPU: 1 PID: 26410 Comm: syz.1.6685 Not tainted syzkaller #0 [ 1366.786749][T26410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1366.796949][T26410] Call Trace: [ 1366.800279][T26410] [ 1366.803244][T26410] dump_stack_lvl+0x18c/0x250 [ 1366.807977][T26410] ? show_regs_print_info+0x20/0x20 [ 1366.813310][T26410] ? load_image+0x420/0x420 [ 1366.817889][T26410] ? __might_fault+0xaa/0x120 [ 1366.822787][T26410] ? __lock_acquire+0x7d40/0x7d40 [ 1366.827866][T26410] should_fail_ex+0x39d/0x4d0 [ 1366.832617][T26410] _copy_from_user+0x2f/0xe0 [ 1366.837431][T26410] ___sys_sendmsg+0x1c7/0x360 [ 1366.842234][T26410] ? get_pid_task+0x20/0x1e0 [ 1366.846870][T26410] ? __sys_sendmsg+0x2a0/0x2a0 [ 1366.851696][T26410] ? __lock_acquire+0x7d40/0x7d40 [ 1366.856907][T26410] __se_sys_sendmsg+0x1c2/0x2b0 [ 1366.861905][T26410] ? __x64_sys_sendmsg+0x80/0x80 [ 1366.866894][T26410] ? lockdep_hardirqs_on+0x98/0x150 [ 1366.872207][T26410] do_syscall_64+0x55/0xa0 [ 1366.876786][T26410] ? clear_bhb_loop+0x40/0x90 [ 1366.881480][T26410] ? clear_bhb_loop+0x40/0x90 [ 1366.886176][T26410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1366.892170][T26410] RIP: 0033:0x7f070259c819 [ 1366.896609][T26410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1366.916246][T26410] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1366.924712][T26410] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1366.932705][T26410] RDX: 0000000000000000 RSI: 0000200000003780 RDI: 0000000000000004 [ 1366.940725][T26410] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1366.948736][T26410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1366.956747][T26410] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1366.964779][T26410] [ 1367.166913][T26416] FAULT_INJECTION: forcing a failure. [ 1367.166913][T26416] name failslab, interval 1, probability 0, space 0, times 0 [ 1367.240289][T26416] CPU: 1 PID: 26416 Comm: syz.1.6687 Not tainted syzkaller #0 [ 1367.247825][T26416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1367.257920][T26416] Call Trace: [ 1367.261332][T26416] [ 1367.264311][T26416] dump_stack_lvl+0x18c/0x250 [ 1367.269039][T26416] ? show_regs_print_info+0x20/0x20 [ 1367.274289][T26416] ? load_image+0x420/0x420 [ 1367.278841][T26416] ? __might_sleep+0xe0/0xe0 [ 1367.283482][T26416] ? __lock_acquire+0x7d40/0x7d40 [ 1367.288656][T26416] should_fail_ex+0x39d/0x4d0 [ 1367.293930][T26416] should_failslab+0x9/0x20 [ 1367.298565][T26416] slab_pre_alloc_hook+0x59/0x310 [ 1367.303727][T26416] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1367.309483][T26416] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1367.315496][T26416] __kmem_cache_alloc_node+0x53/0x250 [ 1367.320935][T26416] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1367.326793][T26416] __kmalloc+0xa4/0x230 [ 1367.331083][T26416] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1367.336974][T26416] tomoyo_path_number_perm+0x248/0x620 [ 1367.342482][T26416] ? tomoyo_path_number_perm+0x217/0x620 [ 1367.348158][T26416] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1367.353713][T26416] ? ksys_write+0x1c4/0x260 [ 1367.358291][T26416] ? __fget_files+0x28/0x4b0 [ 1367.362919][T26416] ? __fget_files+0x28/0x4b0 [ 1367.367556][T26416] security_file_ioctl+0x70/0xa0 [ 1367.372525][T26416] __se_sys_ioctl+0x48/0x170 [ 1367.377165][T26416] do_syscall_64+0x55/0xa0 [ 1367.381694][T26416] ? clear_bhb_loop+0x40/0x90 [ 1367.386418][T26416] ? clear_bhb_loop+0x40/0x90 [ 1367.391139][T26416] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1367.397065][T26416] RIP: 0033:0x7f070259c819 [ 1367.401684][T26416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1367.421759][T26416] RSP: 002b:00007f0703419028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1367.430302][T26416] RAX: ffffffffffffffda RBX: 00007f0702816090 RCX: 00007f070259c819 [ 1367.438387][T26416] RDX: 0000200000000040 RSI: 00000000401054d5 RDI: 0000000000000004 [ 1367.446401][T26416] RBP: 00007f0703419090 R08: 0000000000000000 R09: 0000000000000000 [ 1367.454669][T26416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1367.462764][T26416] R13: 00007f0702816128 R14: 00007f0702816090 R15: 00007ffe01689718 [ 1367.470783][T26416] [ 1367.581695][T26416] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1368.052744][T26419] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1368.363678][T26422] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1368.407271][T26430] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1368.443324][T26432] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1368.562629][T26439] tap0: tun_chr_ioctl cmd 35108 [ 1369.015852][T26456] netlink: 'syz.3.6698': attribute type 4 has an invalid length. [ 1369.056399][T26456] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.6698'. [ 1369.454394][T26453] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1369.481788][T26465] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6698'. [ 1369.790205][T26465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1369.842172][T26465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1369.863977][T26465] bond0 (unregistering): Released all slaves [ 1369.945058][T26464] netlink: 'syz.1.6704': attribute type 10 has an invalid length. [ 1369.969717][T26464] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6704'. [ 1370.051917][T26464] batman_adv: batadv0: Adding interface: veth1_virt_wifi [ 1370.085620][T26464] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1370.174355][T26464] batman_adv: batadv0: Interface activated: veth1_virt_wifi [ 1370.264808][T26463] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1370.306212][T26473] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1370.606286][T26487] FAULT_INJECTION: forcing a failure. [ 1370.606286][T26487] name failslab, interval 1, probability 0, space 0, times 0 [ 1370.639370][T26487] CPU: 0 PID: 26487 Comm: syz.3.6709 Not tainted syzkaller #0 [ 1370.646965][T26487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1370.657241][T26487] Call Trace: [ 1370.660562][T26487] [ 1370.663680][T26487] dump_stack_lvl+0x18c/0x250 [ 1370.668424][T26487] ? show_regs_print_info+0x20/0x20 [ 1370.673706][T26487] ? load_image+0x420/0x420 [ 1370.678258][T26487] ? __might_sleep+0xe0/0xe0 [ 1370.682893][T26487] ? __lock_acquire+0x7d40/0x7d40 [ 1370.687966][T26487] should_fail_ex+0x39d/0x4d0 [ 1370.692701][T26487] should_failslab+0x9/0x20 [ 1370.697242][T26487] slab_pre_alloc_hook+0x59/0x310 [ 1370.702379][T26487] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1370.708109][T26487] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1370.713838][T26487] __kmem_cache_alloc_node+0x53/0x250 [ 1370.719322][T26487] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1370.725090][T26487] __kmalloc+0xa4/0x230 [ 1370.729444][T26487] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1370.735009][T26487] tomoyo_path_number_perm+0x248/0x620 [ 1370.740494][T26487] ? tomoyo_path_number_perm+0x217/0x620 [ 1370.746147][T26487] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1370.751637][T26487] ? ksys_write+0x1c4/0x260 [ 1370.756201][T26487] ? __fget_files+0x28/0x4b0 [ 1370.760892][T26487] ? __fget_files+0x28/0x4b0 [ 1370.765596][T26487] security_file_ioctl+0x70/0xa0 [ 1370.770546][T26487] __se_sys_ioctl+0x48/0x170 [ 1370.775158][T26487] do_syscall_64+0x55/0xa0 [ 1370.779670][T26487] ? clear_bhb_loop+0x40/0x90 [ 1370.784517][T26487] ? clear_bhb_loop+0x40/0x90 [ 1370.789352][T26487] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1370.795343][T26487] RIP: 0033:0x7f9fc8d9c819 [ 1370.799777][T26487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1370.819559][T26487] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1370.828800][T26487] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1370.836885][T26487] RDX: 0000200000000080 RSI: 00000000000089fd RDI: 0000000000000004 [ 1370.844871][T26487] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1370.852947][T26487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1370.861014][T26487] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1370.869098][T26487] [ 1370.948689][T26487] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1371.201055][ T492] wlan1: Trigger new scan to find an IBSS to join [ 1371.327574][T26498] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1371.551845][T26508] FAULT_INJECTION: forcing a failure. [ 1371.551845][T26508] name failslab, interval 1, probability 0, space 0, times 0 [ 1371.584963][T26508] CPU: 1 PID: 26508 Comm: syz.2.6716 Not tainted syzkaller #0 [ 1371.592513][T26508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1371.602613][T26508] Call Trace: [ 1371.606023][T26508] [ 1371.609040][T26508] dump_stack_lvl+0x18c/0x250 [ 1371.613867][T26508] ? show_regs_print_info+0x20/0x20 [ 1371.619153][T26508] ? load_image+0x420/0x420 [ 1371.623790][T26508] ? __might_sleep+0xe0/0xe0 [ 1371.628437][T26508] ? __lock_acquire+0x7d40/0x7d40 [ 1371.633510][T26508] should_fail_ex+0x39d/0x4d0 [ 1371.638228][T26508] should_failslab+0x9/0x20 [ 1371.642750][T26508] slab_pre_alloc_hook+0x59/0x310 [ 1371.647971][T26508] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1371.653712][T26508] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1371.659470][T26508] __kmem_cache_alloc_node+0x53/0x250 [ 1371.664960][T26508] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1371.670868][T26508] __kmalloc+0xa4/0x230 [ 1371.675050][T26508] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1371.680616][T26508] tomoyo_path_number_perm+0x248/0x620 [ 1371.686097][T26508] ? tomoyo_path_number_perm+0x217/0x620 [ 1371.691745][T26508] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1371.697226][T26508] ? ksys_write+0x1c4/0x260 [ 1371.701796][T26508] ? __fget_files+0x28/0x4b0 [ 1371.706399][T26508] ? __fget_files+0x28/0x4b0 [ 1371.711013][T26508] security_file_ioctl+0x70/0xa0 [ 1371.715984][T26508] __se_sys_ioctl+0x48/0x170 [ 1371.720589][T26508] do_syscall_64+0x55/0xa0 [ 1371.725134][T26508] ? clear_bhb_loop+0x40/0x90 [ 1371.729828][T26508] ? clear_bhb_loop+0x40/0x90 [ 1371.734527][T26508] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1371.740434][T26508] RIP: 0033:0x7f980bb9c819 [ 1371.744880][T26508] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1371.764611][T26508] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1371.773075][T26508] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1371.781060][T26508] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000004 [ 1371.789186][T26508] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1371.797376][T26508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1371.805372][T26508] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1371.813471][T26508] [ 1371.917350][T26509] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1371.930027][T26508] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1371.987786][T26504] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1372.153308][T26513] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1372.198473][T26521] netlink: 'syz.3.6719': attribute type 9 has an invalid length. [ 1372.231182][T26521] netlink: 399 bytes leftover after parsing attributes in process `syz.3.6719'. [ 1372.252540][T26522] tap1: tun_chr_ioctl cmd 35108 [ 1372.658356][T20486] Bluetooth: hci4: unexpected event 0x20 length: 15 > 7 [ 1373.266977][T26538] FAULT_INJECTION: forcing a failure. [ 1373.266977][T26538] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.287223][T26538] CPU: 1 PID: 26538 Comm: syz.1.6724 Not tainted syzkaller #0 [ 1373.294725][T26538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1373.304993][T26538] Call Trace: [ 1373.308305][T26538] [ 1373.311273][T26538] dump_stack_lvl+0x18c/0x250 [ 1373.316014][T26538] ? show_regs_print_info+0x20/0x20 [ 1373.321408][T26538] ? load_image+0x420/0x420 [ 1373.326016][T26538] ? __might_sleep+0xe0/0xe0 [ 1373.330656][T26538] ? __lock_acquire+0x7d40/0x7d40 [ 1373.335726][T26538] should_fail_ex+0x39d/0x4d0 [ 1373.340451][T26538] should_failslab+0x9/0x20 [ 1373.345005][T26538] slab_pre_alloc_hook+0x59/0x310 [ 1373.350086][T26538] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1373.355925][T26538] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1373.361660][T26538] __kmem_cache_alloc_node+0x53/0x250 [ 1373.367066][T26538] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1373.372797][T26538] __kmalloc+0xa4/0x230 [ 1373.376987][T26538] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1373.382646][T26538] tomoyo_path_number_perm+0x248/0x620 [ 1373.388298][T26538] ? tomoyo_path_number_perm+0x217/0x620 [ 1373.393949][T26538] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1373.399430][T26538] ? ksys_write+0x1c4/0x260 [ 1373.404062][T26538] ? __fget_files+0x28/0x4b0 [ 1373.408668][T26538] ? __fget_files+0x28/0x4b0 [ 1373.413280][T26538] security_file_ioctl+0x70/0xa0 [ 1373.418418][T26538] __se_sys_ioctl+0x48/0x170 [ 1373.423122][T26538] do_syscall_64+0x55/0xa0 [ 1373.427552][T26538] ? clear_bhb_loop+0x40/0x90 [ 1373.432246][T26538] ? clear_bhb_loop+0x40/0x90 [ 1373.436944][T26538] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1373.442852][T26538] RIP: 0033:0x7f070259c819 [ 1373.447293][T26538] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1373.467006][T26538] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1373.475784][T26538] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1373.483771][T26538] RDX: 0000200000000080 RSI: 00000000000089f9 RDI: 0000000000000004 [ 1373.491758][T26538] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1373.499826][T26538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1373.507894][T26538] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1373.515988][T26538] [ 1373.620996][T26538] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1374.241753][T20539] wlan1: Trigger new scan to find an IBSS to join [ 1374.529332][T26543] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1374.913298][T26550] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1375.384938][T26559] FAULT_INJECTION: forcing a failure. [ 1375.384938][T26559] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.406276][T26561] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1375.490891][T26559] CPU: 0 PID: 26559 Comm: syz.0.6730 Not tainted syzkaller #0 [ 1375.498431][T26559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1375.508766][T26559] Call Trace: [ 1375.512058][T26559] [ 1375.514996][T26559] dump_stack_lvl+0x18c/0x250 [ 1375.519881][T26559] ? show_regs_print_info+0x20/0x20 [ 1375.525185][T26559] ? load_image+0x420/0x420 [ 1375.529793][T26559] ? __might_sleep+0xe0/0xe0 [ 1375.534481][T26559] ? __lock_acquire+0x7d40/0x7d40 [ 1375.539534][T26559] should_fail_ex+0x39d/0x4d0 [ 1375.544235][T26559] should_failslab+0x9/0x20 [ 1375.548770][T26559] slab_pre_alloc_hook+0x59/0x310 [ 1375.553818][T26559] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1375.559554][T26559] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1375.565289][T26559] __kmem_cache_alloc_node+0x53/0x250 [ 1375.570682][T26559] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1375.576409][T26559] __kmalloc+0xa4/0x230 [ 1375.580584][T26559] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1375.586260][T26559] tomoyo_path_number_perm+0x248/0x620 [ 1375.591763][T26559] ? tomoyo_path_number_perm+0x217/0x620 [ 1375.597427][T26559] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1375.602918][T26559] ? ksys_write+0x1c4/0x260 [ 1375.607511][T26559] ? __fget_files+0x28/0x4b0 [ 1375.612120][T26559] ? __fget_files+0x28/0x4b0 [ 1375.616743][T26559] security_file_ioctl+0x70/0xa0 [ 1375.621696][T26559] __se_sys_ioctl+0x48/0x170 [ 1375.626306][T26559] do_syscall_64+0x55/0xa0 [ 1375.630736][T26559] ? clear_bhb_loop+0x40/0x90 [ 1375.635432][T26559] ? clear_bhb_loop+0x40/0x90 [ 1375.640148][T26559] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1375.646078][T26559] RIP: 0033:0x7f3b7699c819 [ 1375.650607][T26559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1375.670649][T26559] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1375.679089][T26559] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1375.687159][T26559] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000004 [ 1375.695322][T26559] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1375.703392][T26559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1375.711555][T26559] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1375.719736][T26559] [ 1375.752639][T26559] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1376.007113][T26571] FAULT_INJECTION: forcing a failure. [ 1376.007113][T26571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1376.056711][T26571] CPU: 1 PID: 26571 Comm: syz.3.6733 Not tainted syzkaller #0 [ 1376.064430][T26571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1376.074779][T26571] Call Trace: [ 1376.078086][T26571] [ 1376.081146][T26571] dump_stack_lvl+0x18c/0x250 [ 1376.085876][T26571] ? show_regs_print_info+0x20/0x20 [ 1376.091116][T26571] ? load_image+0x420/0x420 [ 1376.095659][T26571] ? __lock_acquire+0x7d40/0x7d40 [ 1376.100807][T26571] ? snprintf+0xe9/0x140 [ 1376.105089][T26571] should_fail_ex+0x39d/0x4d0 [ 1376.109815][T26571] _copy_to_user+0x2f/0xa0 [ 1376.114273][T26571] simple_read_from_buffer+0xe7/0x150 [ 1376.119960][T26571] proc_fail_nth_read+0x1e8/0x260 [ 1376.125036][T26571] ? proc_fault_inject_write+0x360/0x360 [ 1376.130715][T26571] ? fsnotify_perm+0x271/0x5e0 [ 1376.135626][T26571] ? proc_fault_inject_write+0x360/0x360 [ 1376.141308][T26571] vfs_read+0x28b/0x970 [ 1376.145512][T26571] ? kernel_read+0x1e0/0x1e0 [ 1376.150232][T26571] ? __fget_files+0x28/0x4b0 [ 1376.154872][T26571] ? __fget_files+0x28/0x4b0 [ 1376.159503][T26571] ? __fget_files+0x43d/0x4b0 [ 1376.164234][T26571] ? __fdget_pos+0x2a3/0x330 [ 1376.168863][T26571] ? ksys_read+0x75/0x260 [ 1376.173337][T26571] ksys_read+0x150/0x260 [ 1376.177644][T26571] ? vfs_write+0x990/0x990 [ 1376.182117][T26571] ? lockdep_hardirqs_on+0x98/0x150 [ 1376.187462][T26571] do_syscall_64+0x55/0xa0 [ 1376.191913][T26571] ? clear_bhb_loop+0x40/0x90 [ 1376.196757][T26571] ? clear_bhb_loop+0x40/0x90 [ 1376.201545][T26571] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1376.207748][T26571] RIP: 0033:0x7f9fc8d5d04e [ 1376.212202][T26571] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1376.231945][T26571] RSP: 002b:00007f9fc9bf7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1376.240758][T26571] RAX: ffffffffffffffda RBX: 00007f9fc9bf86c0 RCX: 00007f9fc8d5d04e [ 1376.240959][T20539] wlan1: Trigger new scan to find an IBSS to join [ 1376.248925][T26571] RDX: 000000000000000f RSI: 00007f9fc9bf80a0 RDI: 0000000000000003 [ 1376.248942][T26571] RBP: 00007f9fc9bf8090 R08: 0000000000000000 R09: 0000000000000000 [ 1376.248956][T26571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1376.280239][T26571] R13: 00007f9fc9016128 R14: 00007f9fc9016090 R15: 00007ffc00ebfb98 [ 1376.288546][T26571] [ 1376.558556][T26586] netlink: 212424 bytes leftover after parsing attributes in process `syz.2.6737'. [ 1376.598592][T26581] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1377.010086][T26596] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1377.023744][T26599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6743'. [ 1377.050389][T26599] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6743'. [ 1377.311746][T26608] netlink: set zone limit has 8 unknown bytes [ 1377.327940][T26589] netlink: 'syz.3.6740': attribute type 10 has an invalid length. [ 1377.373042][T26589] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6740'. [ 1377.426872][T26589] batman_adv: batadv0: Adding interface: veth1_virt_wifi [ 1377.451735][T26589] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1377.472991][T26613] FAULT_INJECTION: forcing a failure. [ 1377.472991][T26613] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.511143][T26613] CPU: 0 PID: 26613 Comm: syz.2.6747 Not tainted syzkaller #0 [ 1377.518692][T26613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1377.529230][T26613] Call Trace: [ 1377.532541][T26613] [ 1377.535496][T26613] dump_stack_lvl+0x18c/0x250 [ 1377.540257][T26613] ? show_regs_print_info+0x20/0x20 [ 1377.545618][T26613] ? load_image+0x420/0x420 [ 1377.550166][T26613] ? __lock_acquire+0x7d40/0x7d40 [ 1377.555223][T26613] ? snprintf+0xe9/0x140 [ 1377.559515][T26613] should_fail_ex+0x39d/0x4d0 [ 1377.564238][T26613] _copy_to_user+0x2f/0xa0 [ 1377.568688][T26613] simple_read_from_buffer+0xe7/0x150 [ 1377.574107][T26613] proc_fail_nth_read+0x1e8/0x260 [ 1377.579172][T26613] ? proc_fault_inject_write+0x360/0x360 [ 1377.584936][T26613] ? fsnotify_perm+0x271/0x5e0 [ 1377.589744][T26613] ? proc_fault_inject_write+0x360/0x360 [ 1377.595498][T26613] vfs_read+0x28b/0x970 [ 1377.599682][T26613] ? kernel_read+0x1e0/0x1e0 [ 1377.604286][T26613] ? __fget_files+0x28/0x4b0 [ 1377.608977][T26613] ? __fget_files+0x28/0x4b0 [ 1377.613586][T26613] ? __fget_files+0x43d/0x4b0 [ 1377.618283][T26613] ? __fdget_pos+0x2a3/0x330 [ 1377.622900][T26613] ? ksys_read+0x75/0x260 [ 1377.627331][T26613] ksys_read+0x150/0x260 [ 1377.631593][T26613] ? vfs_write+0x990/0x990 [ 1377.636038][T26613] ? lockdep_hardirqs_on+0x98/0x150 [ 1377.641258][T26613] do_syscall_64+0x55/0xa0 [ 1377.645687][T26613] ? clear_bhb_loop+0x40/0x90 [ 1377.650377][T26613] ? clear_bhb_loop+0x40/0x90 [ 1377.655347][T26613] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1377.661344][T26613] RIP: 0033:0x7f980bb5d04e [ 1377.665861][T26613] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1377.686435][T26613] RSP: 002b:00007f980ca67fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1377.694952][T26613] RAX: ffffffffffffffda RBX: 00007f980ca686c0 RCX: 00007f980bb5d04e [ 1377.703122][T26613] RDX: 000000000000000f RSI: 00007f980ca680a0 RDI: 0000000000000005 [ 1377.711279][T26613] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1377.719364][T26613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1377.727349][T26613] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1377.735544][T26613] [ 1377.831208][T26589] batman_adv: batadv0: Interface activated: veth1_virt_wifi [ 1378.085861][T26625] FAULT_INJECTION: forcing a failure. [ 1378.085861][T26625] name failslab, interval 1, probability 0, space 0, times 0 [ 1378.099381][T26625] CPU: 0 PID: 26625 Comm: syz.2.6752 Not tainted syzkaller #0 [ 1378.107328][T26625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1378.117474][T26625] Call Trace: [ 1378.120787][T26625] [ 1378.123752][T26625] dump_stack_lvl+0x18c/0x250 [ 1378.128481][T26625] ? show_regs_print_info+0x20/0x20 [ 1378.133810][T26625] ? load_image+0x420/0x420 [ 1378.138382][T26625] ? __might_sleep+0xe0/0xe0 [ 1378.143013][T26625] ? __lock_acquire+0x7d40/0x7d40 [ 1378.148090][T26625] should_fail_ex+0x39d/0x4d0 [ 1378.152902][T26625] should_failslab+0x9/0x20 [ 1378.157465][T26625] slab_pre_alloc_hook+0x59/0x310 [ 1378.162531][T26625] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1378.168373][T26625] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1378.174148][T26625] __kmem_cache_alloc_node+0x53/0x250 [ 1378.179920][T26625] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1378.185676][T26625] __kmalloc+0xa4/0x230 [ 1378.189873][T26625] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1378.195614][T26625] tomoyo_path_number_perm+0x248/0x620 [ 1378.201469][T26625] ? tomoyo_path_number_perm+0x217/0x620 [ 1378.207274][T26625] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1378.212856][T26625] ? trace_call_bpf+0xc3/0x6c0 [ 1378.217729][T26625] ? trace_call_bpf+0xc3/0x6c0 [ 1378.222520][T26625] ? trace_call_bpf+0x5e9/0x6c0 [ 1378.227675][T26625] ? __fget_files+0x28/0x4b0 [ 1378.232293][T26625] ? __fget_files+0x28/0x4b0 [ 1378.237040][T26625] security_file_ioctl+0x70/0xa0 [ 1378.242004][T26625] __se_sys_ioctl+0x48/0x170 [ 1378.246613][T26625] do_syscall_64+0x55/0xa0 [ 1378.251042][T26625] ? clear_bhb_loop+0x40/0x90 [ 1378.255813][T26625] ? clear_bhb_loop+0x40/0x90 [ 1378.260593][T26625] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1378.266514][T26625] RIP: 0033:0x7f980bb9c819 [ 1378.271118][T26625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1378.291016][T26625] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1378.299641][T26625] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1378.307631][T26625] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000004 [ 1378.315797][T26625] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1378.323955][T26625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1378.331964][T26625] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1378.340056][T26625] [ 1378.604802][T26628] netlink: 'syz.3.6754': attribute type 5 has an invalid length. [ 1378.630851][T26625] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1378.651041][T26628] netlink: 'syz.3.6754': attribute type 1 has an invalid length. [ 1378.689739][T26628] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.6754'. [ 1379.109140][T26622] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1379.320910][ T492] wlan1: Trigger new scan to find an IBSS to join [ 1379.817655][T26639] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1380.767671][T26650] FAULT_INJECTION: forcing a failure. [ 1380.767671][T26650] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1380.800998][T26650] CPU: 0 PID: 26650 Comm: syz.1.6757 Not tainted syzkaller #0 [ 1380.808648][T26650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1380.818918][T26650] Call Trace: [ 1380.822324][T26650] [ 1380.825285][T26650] dump_stack_lvl+0x18c/0x250 [ 1380.830017][T26650] ? show_regs_print_info+0x20/0x20 [ 1380.835260][T26650] ? load_image+0x420/0x420 [ 1380.839819][T26650] ? __might_fault+0xaa/0x120 [ 1380.844541][T26650] ? __lock_acquire+0x7d40/0x7d40 [ 1380.849705][T26650] should_fail_ex+0x39d/0x4d0 [ 1380.854448][T26650] _copy_from_user+0x2f/0xe0 [ 1380.859085][T26650] __sys_bpf+0x23e/0x890 [ 1380.863385][T26650] ? bpf_link_show_fdinfo+0x390/0x390 [ 1380.868829][T26650] ? lock_chain_count+0x20/0x20 [ 1380.873724][T26650] __x64_sys_bpf+0x7c/0x90 [ 1380.878179][T26650] do_syscall_64+0x55/0xa0 [ 1380.882869][T26650] ? clear_bhb_loop+0x40/0x90 [ 1380.887648][T26650] ? clear_bhb_loop+0x40/0x90 [ 1380.892345][T26650] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1380.898254][T26650] RIP: 0033:0x7f070259c819 [ 1380.902776][T26650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1380.922513][T26650] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1380.930983][T26650] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1380.939001][T26650] RDX: 0000000000000020 RSI: 0000200000000500 RDI: 0000000000000009 [ 1380.946989][T26650] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1380.955059][T26650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1380.963160][T26650] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1380.971158][T26650] [ 1381.290946][T25582] wlan1: Trigger new scan to find an IBSS to join [ 1381.997445][T26671] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1382.154135][T26669] netlink: 'syz.0.6763': attribute type 10 has an invalid length. [ 1382.245605][T26669] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6763'. [ 1382.283509][T26679] FAULT_INJECTION: forcing a failure. [ 1382.283509][T26679] name failslab, interval 1, probability 0, space 0, times 0 [ 1382.327006][T26679] CPU: 0 PID: 26679 Comm: syz.1.6766 Not tainted syzkaller #0 [ 1382.335155][T26679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1382.345240][T26679] Call Trace: [ 1382.348545][T26679] [ 1382.351503][T26679] dump_stack_lvl+0x18c/0x250 [ 1382.356232][T26679] ? show_regs_print_info+0x20/0x20 [ 1382.361471][T26679] ? load_image+0x420/0x420 [ 1382.366021][T26679] ? __might_sleep+0xe0/0xe0 [ 1382.370731][T26679] ? __lock_acquire+0x7d40/0x7d40 [ 1382.375884][T26679] should_fail_ex+0x39d/0x4d0 [ 1382.380699][T26679] should_failslab+0x9/0x20 [ 1382.385242][T26679] slab_pre_alloc_hook+0x59/0x310 [ 1382.390313][T26679] kmem_cache_alloc_node+0x60/0x320 [ 1382.395548][T26679] ? __alloc_skb+0x103/0x2c0 [ 1382.400259][T26679] __alloc_skb+0x103/0x2c0 [ 1382.404715][T26679] alloc_skb_with_frags+0xca/0x7b0 [ 1382.409975][T26679] ? mark_lock+0x94/0x320 [ 1382.414368][T26679] sock_alloc_send_pskb+0x883/0x9a0 [ 1382.419638][T26679] ? sock_kzfree_s+0x50/0x50 [ 1382.424292][T26679] tun_get_user+0x82c/0x3ca0 [ 1382.429195][T26679] ? aa_file_perm+0x11b/0xee0 [ 1382.433915][T26679] ? rcu_read_unlock+0xa0/0xa0 [ 1382.438736][T26679] ? tun_get+0x1c/0x2e0 [ 1382.442933][T26679] ? __lock_acquire+0x7d40/0x7d40 [ 1382.447998][T26679] ? tun_get+0x1c/0x2e0 [ 1382.452197][T26679] tun_chr_write_iter+0x119/0x200 [ 1382.457347][T26679] vfs_write+0x46c/0x990 [ 1382.461633][T26679] ? file_end_write+0x250/0x250 [ 1382.466527][T26679] ? __fget_files+0x43d/0x4b0 [ 1382.471332][T26679] ? __fdget_pos+0x1d8/0x330 [ 1382.475954][T26679] ? ksys_write+0x75/0x260 [ 1382.480411][T26679] ksys_write+0x150/0x260 [ 1382.484788][T26679] ? __ia32_sys_read+0x90/0x90 [ 1382.489597][T26679] ? lockdep_hardirqs_on+0x98/0x150 [ 1382.494931][T26679] do_syscall_64+0x55/0xa0 [ 1382.499368][T26679] ? clear_bhb_loop+0x40/0x90 [ 1382.504330][T26679] ? clear_bhb_loop+0x40/0x90 [ 1382.509135][T26679] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1382.515142][T26679] RIP: 0033:0x7f070259c819 [ 1382.519584][T26679] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1382.539589][T26679] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1382.548089][T26679] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1382.556093][T26679] RDX: 000000000000fdef RSI: 0000200000000180 RDI: 00000000000000c8 [ 1382.564099][T26679] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1382.572273][T26679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1382.580359][T26679] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1382.588615][T26679] [ 1382.648594][T26669] batman_adv: batadv0: Adding interface: veth1_virt_wifi [ 1382.665178][T26669] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1382.719494][T26669] batman_adv: batadv0: Interface activated: veth1_virt_wifi [ 1382.732060][T26686] sock: sock_set_timeout: `syz.3.6767' (pid 26686) tries to set negative timeout [ 1382.989880][T26685] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1383.222168][T25582] wlan1: Trigger new scan to find an IBSS to join [ 1383.325126][T26697] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6771'. [ 1383.462611][T26702] FAULT_INJECTION: forcing a failure. [ 1383.462611][T26702] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1383.476132][T26702] CPU: 1 PID: 26702 Comm: syz.2.6772 Not tainted syzkaller #0 [ 1383.483639][T26702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1383.493833][T26702] Call Trace: [ 1383.497146][T26702] [ 1383.500188][T26702] dump_stack_lvl+0x18c/0x250 [ 1383.505010][T26702] ? show_regs_print_info+0x20/0x20 [ 1383.510248][T26702] ? load_image+0x420/0x420 [ 1383.514873][T26702] ? __might_fault+0xaa/0x120 [ 1383.519600][T26702] ? __lock_acquire+0x7d40/0x7d40 [ 1383.524683][T26702] should_fail_ex+0x39d/0x4d0 [ 1383.529416][T26702] _copy_from_user+0x2f/0xe0 [ 1383.534054][T26702] ___sys_sendmsg+0x1c7/0x360 [ 1383.538760][T26702] ? get_pid_task+0x20/0x1e0 [ 1383.543371][T26702] ? __sys_sendmsg+0x2a0/0x2a0 [ 1383.548163][T26702] ? __lock_acquire+0x7d40/0x7d40 [ 1383.553361][T26702] __se_sys_sendmsg+0x1c2/0x2b0 [ 1383.558224][T26702] ? __x64_sys_sendmsg+0x80/0x80 [ 1383.563182][T26702] ? lockdep_hardirqs_on+0x98/0x150 [ 1383.568394][T26702] do_syscall_64+0x55/0xa0 [ 1383.572822][T26702] ? clear_bhb_loop+0x40/0x90 [ 1383.577537][T26702] ? clear_bhb_loop+0x40/0x90 [ 1383.582234][T26702] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1383.588226][T26702] RIP: 0033:0x7f980bb9c819 [ 1383.592652][T26702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1383.612364][T26702] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1383.620795][T26702] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1383.628778][T26702] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 1383.636935][T26702] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1383.645006][T26702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1383.653005][T26702] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1383.661014][T26702] [ 1384.084505][T26703] syz.0.6773: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 1384.167805][T26703] CPU: 1 PID: 26703 Comm: syz.0.6773 Not tainted syzkaller #0 [ 1384.175699][T26703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1384.185791][T26703] Call Trace: [ 1384.189220][T26703] [ 1384.192186][T26703] dump_stack_lvl+0x18c/0x250 [ 1384.197113][T26703] ? show_regs_print_info+0x20/0x20 [ 1384.202457][T26703] ? load_image+0x420/0x420 [ 1384.207101][T26703] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1384.213559][T26703] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 1384.220095][T26703] warn_alloc+0x246/0x340 [ 1384.224559][T26703] ? stack_trace_save+0xaa/0x100 [ 1384.229562][T26703] ? zone_watermark_ok_safe+0x230/0x230 [ 1384.235241][T26703] ? kasan_set_track+0x5f/0x70 [ 1384.240022][T26703] ? kasan_set_track+0x4e/0x70 [ 1384.244805][T26703] ? __kasan_kmalloc+0x8f/0xa0 [ 1384.249584][T26703] ? xsk_init_queue+0xad/0x100 [ 1384.254377][T26703] ? xsk_setsockopt+0x4e5/0x760 [ 1384.259246][T26703] ? do_sock_setsockopt+0x175/0x1a0 [ 1384.264468][T26703] ? __x64_sys_setsockopt+0x182/0x200 [ 1384.269853][T26703] __vmalloc_node_range+0x126/0x1330 [ 1384.275267][T26703] ? free_vm_area+0x50/0x50 [ 1384.280412][T26703] vmalloc_user+0x74/0x80 [ 1384.284845][T26703] ? xskq_create+0xbf/0x170 [ 1384.289374][T26703] xskq_create+0xbf/0x170 [ 1384.293807][T26703] xsk_init_queue+0xad/0x100 [ 1384.298415][T26703] xsk_setsockopt+0x4e5/0x760 [ 1384.303110][T26703] ? xsk_poll+0x680/0x680 [ 1384.307462][T26703] ? __fget_files+0x28/0x4b0 [ 1384.312151][T26703] ? __fget_files+0x28/0x4b0 [ 1384.316939][T26703] ? aa_sock_opt_perm+0x74/0x100 [ 1384.321896][T26703] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1384.327471][T26703] ? security_socket_setsockopt+0x7e/0xa0 [ 1384.333202][T26703] ? xsk_poll+0x680/0x680 [ 1384.337548][T26703] do_sock_setsockopt+0x175/0x1a0 [ 1384.342760][T26703] ? __fdget+0x180/0x210 [ 1384.347032][T26703] __x64_sys_setsockopt+0x182/0x200 [ 1384.352247][T26703] do_syscall_64+0x55/0xa0 [ 1384.356683][T26703] ? clear_bhb_loop+0x40/0x90 [ 1384.361538][T26703] ? clear_bhb_loop+0x40/0x90 [ 1384.366227][T26703] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1384.372135][T26703] RIP: 0033:0x7f3b7699c819 [ 1384.376568][T26703] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1384.396184][T26703] RSP: 002b:00007f3b77890028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1384.404617][T26703] RAX: ffffffffffffffda RBX: 00007f3b76c16090 RCX: 00007f3b7699c819 [ 1384.412603][T26703] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000c [ 1384.420767][T26703] RBP: 00007f3b76a32c91 R08: 0000000000000004 R09: 0000000000000000 [ 1384.428834][T26703] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 1384.436901][T26703] R13: 00007f3b76c16128 R14: 00007f3b76c16090 R15: 00007ffed9903eb8 [ 1384.444897][T26703] [ 1384.478087][T26700] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6773'. [ 1384.506754][T26703] Mem-Info: [ 1384.510214][T26703] active_anon:5579 inactive_anon:0 isolated_anon:0 [ 1384.510214][T26703] active_file:19371 inactive_file:40459 isolated_file:0 [ 1384.510214][T26703] unevictable:768 dirty:298 writeback:0 [ 1384.510214][T26703] slab_reclaimable:10826 slab_unreclaimable:93184 [ 1384.510214][T26703] mapped:24939 shmem:1426 pagetables:525 [ 1384.510214][T26703] sec_pagetables:0 bounce:0 [ 1384.510214][T26703] kernel_misc_reclaimable:0 [ 1384.510214][T26703] free:1347952 free_pcp:6357 free_cma:0 [ 1384.605835][T26705] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1384.649908][T26703] Node 0 active_anon:22316kB inactive_anon:0kB active_file:77484kB inactive_file:161636kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99756kB dirty:1192kB writeback:0kB shmem:4168kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9992kB pagetables:2100kB sec_pagetables:0kB all_unreclaimable? no [ 1384.759951][T26703] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1384.853569][T26703] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1384.892865][T25582] wlan1: Creating new IBSS network, BSSID aa:32:4f:37:e3:25 [ 1384.907605][T26711] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1384.939113][T26715] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6776'. [ 1384.977448][T26715] netlink: 'syz.2.6776': attribute type 12 has an invalid length. [ 1384.987161][T26703] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 1384.993416][T26703] Node 0 DMA32 free:1478536kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:22376kB inactive_anon:0kB active_file:77484kB inactive_file:160816kB unevictable:1536kB writepending:1192kB present:3129332kB managed:2586956kB mlocked:0kB bounce:0kB free_pcp:4860kB local_pcp:1144kB free_cma:0kB [ 1385.029131][T26703] lowmem_reserve[]: 0 0 0 0 0 [ 1385.034362][T26715] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6776'. [ 1385.046765][T26703] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 1385.154562][T26703] lowmem_reserve[]: 0 0 0 0 0 [ 1385.165868][T26703] Node 1 Normal free:3897420kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20324kB local_pcp:7104kB free_cma:0kB [ 1385.252065][T26703] lowmem_reserve[]: 0 0 0 0 0 [ 1385.257051][T26703] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1385.296863][T26719] FAULT_INJECTION: forcing a failure. [ 1385.296863][T26719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1385.316222][T26703] Node 0 DMA32: 2268*4kB (UME) 1413*8kB (UME) 1013*16kB (UME) 1083*32kB (UM) 1104*64kB (UM) 281*128kB (UM) 157*256kB (UM) 75*512kB (UME) 39*1024kB (UM) 25*2048kB (UM) 276*4096kB (UM) = 1478088kB [ 1385.378481][T26719] CPU: 0 PID: 26719 Comm: syz.1.6778 Not tainted syzkaller #0 [ 1385.386027][T26719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1385.396309][T26719] Call Trace: [ 1385.399627][T26719] [ 1385.402590][T26719] dump_stack_lvl+0x18c/0x250 [ 1385.407360][T26719] ? show_regs_print_info+0x20/0x20 [ 1385.412599][T26719] ? load_image+0x420/0x420 [ 1385.417223][T26719] ? __might_fault+0xaa/0x120 [ 1385.421934][T26719] ? __lock_acquire+0x7d40/0x7d40 [ 1385.427088][T26719] should_fail_ex+0x39d/0x4d0 [ 1385.431805][T26719] _copy_from_user+0x2f/0xe0 [ 1385.436431][T26719] ___sys_sendmsg+0x1c7/0x360 [ 1385.441138][T26719] ? get_pid_task+0x20/0x1e0 [ 1385.445929][T26719] ? __sys_sendmsg+0x2a0/0x2a0 [ 1385.450829][T26719] ? __lock_acquire+0x7d40/0x7d40 [ 1385.455930][T26719] __se_sys_sendmsg+0x1c2/0x2b0 [ 1385.460815][T26719] ? __x64_sys_sendmsg+0x80/0x80 [ 1385.465797][T26719] ? lockdep_hardirqs_on+0x98/0x150 [ 1385.471120][T26719] do_syscall_64+0x55/0xa0 [ 1385.475565][T26719] ? clear_bhb_loop+0x40/0x90 [ 1385.480361][T26719] ? clear_bhb_loop+0x40/0x90 [ 1385.485084][T26719] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1385.491034][T26719] RIP: 0033:0x7f070259c819 [ 1385.495485][T26719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1385.515313][T26719] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1385.523769][T26719] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1385.531948][T26719] RDX: 0000000000004845 RSI: 0000200000000900 RDI: 0000000000000003 [ 1385.539956][T26719] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1385.548064][T26719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1385.556153][T26719] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1385.564168][T26719] [ 1385.590331][T26703] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1385.612238][T26703] Node 1 Normal: 207*4kB (UM) 58*8kB (UME) 36*16kB (UME) 70*32kB (UME) 11*64kB (UE) 5*128kB (UME) 1*256kB (U) 1*512kB (M) 0*1024kB 0*2048kB 950*4096kB (M) = 3897420kB [ 1385.665642][T26720] tap0: tun_chr_ioctl cmd 1074025677 [ 1385.668938][T26701] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.6769'. [ 1385.672538][T26720] tap0: linktype set to 32 [ 1385.688715][T26703] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1385.699033][T26703] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1385.700019][T26717] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6777'. [ 1385.730626][T26703] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1385.768723][T26703] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1385.794095][T26703] 61184 total pagecache pages [ 1385.798844][T26703] 0 pages in swap cache [ 1385.813450][T26703] Free swap = 124996kB [ 1385.817766][T26703] Total swap = 124996kB [ 1385.840657][T26703] 2097051 pages RAM [ 1385.860833][T26703] 0 pages HighMem/MovableOnly [ 1385.880565][T26703] 416926 pages reserved [ 1385.889134][T26701] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 1385.898404][T26703] 0 pages cma reserved [ 1386.370524][T26723] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1386.525438][T26736] netlink: 'syz.2.6785': attribute type 5 has an invalid length. [ 1386.569641][T26736] netlink: 'syz.2.6785': attribute type 1 has an invalid length. [ 1386.610964][T26736] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.6785'. [ 1386.747950][T26737] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1386.922576][T26739] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1387.173359][T26759] FAULT_INJECTION: forcing a failure. [ 1387.173359][T26759] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.218797][T26759] CPU: 1 PID: 26759 Comm: syz.0.6793 Not tainted syzkaller #0 [ 1387.226352][T26759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1387.236485][T26759] Call Trace: [ 1387.240063][T26759] [ 1387.243030][T26759] dump_stack_lvl+0x18c/0x250 [ 1387.247764][T26759] ? show_regs_print_info+0x20/0x20 [ 1387.253013][T26759] ? load_image+0x420/0x420 [ 1387.257571][T26759] ? __might_sleep+0xe0/0xe0 [ 1387.262205][T26759] ? __lock_acquire+0x7d40/0x7d40 [ 1387.267333][T26759] should_fail_ex+0x39d/0x4d0 [ 1387.272069][T26759] should_failslab+0x9/0x20 [ 1387.276720][T26759] slab_pre_alloc_hook+0x59/0x310 [ 1387.281801][T26759] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1387.287572][T26759] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1387.293339][T26759] __kmem_cache_alloc_node+0x53/0x250 [ 1387.298911][T26759] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1387.304680][T26759] __kmalloc+0xa4/0x230 [ 1387.308918][T26759] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1387.314624][T26759] tomoyo_path_number_perm+0x248/0x620 [ 1387.320147][T26759] ? tomoyo_path_number_perm+0x217/0x620 [ 1387.325843][T26759] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1387.331883][T26759] ? ksys_write+0x1c4/0x260 [ 1387.336486][T26759] ? __fget_files+0x28/0x4b0 [ 1387.341133][T26759] ? __fget_files+0x28/0x4b0 [ 1387.345792][T26759] security_file_ioctl+0x70/0xa0 [ 1387.350867][T26759] __se_sys_ioctl+0x48/0x170 [ 1387.355497][T26759] do_syscall_64+0x55/0xa0 [ 1387.360018][T26759] ? clear_bhb_loop+0x40/0x90 [ 1387.364719][T26759] ? clear_bhb_loop+0x40/0x90 [ 1387.369427][T26759] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1387.375340][T26759] RIP: 0033:0x7f3b7699c819 [ 1387.379793][T26759] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1387.399678][T26759] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1387.408122][T26759] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1387.416287][T26759] RDX: 0000200000000080 RSI: 0000000000008922 RDI: 0000000000000004 [ 1387.424305][T26759] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1387.432470][T26759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1387.440547][T26759] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1387.448570][T26759] [ 1387.462914][T26759] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1387.475727][T26755] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1387.744719][T26774] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1387.791766][T26777] FAULT_INJECTION: forcing a failure. [ 1387.791766][T26777] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1387.830804][T26777] CPU: 1 PID: 26777 Comm: syz.3.6798 Not tainted syzkaller #0 [ 1387.838436][T26777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1387.848566][T26777] Call Trace: [ 1387.851887][T26777] [ 1387.854866][T26777] dump_stack_lvl+0x18c/0x250 [ 1387.859795][T26777] ? show_regs_print_info+0x20/0x20 [ 1387.865054][T26777] ? load_image+0x420/0x420 [ 1387.869653][T26777] ? __might_fault+0xaa/0x120 [ 1387.874388][T26777] ? __lock_acquire+0x7d40/0x7d40 [ 1387.879571][T26777] should_fail_ex+0x39d/0x4d0 [ 1387.884297][T26777] _copy_from_user+0x2f/0xe0 [ 1387.889097][T26777] __sys_bpf+0x23e/0x890 [ 1387.893451][T26777] ? bpf_link_show_fdinfo+0x390/0x390 [ 1387.899137][T26777] ? lock_chain_count+0x20/0x20 [ 1387.904019][T26777] __x64_sys_bpf+0x7c/0x90 [ 1387.908460][T26777] do_syscall_64+0x55/0xa0 [ 1387.912888][T26777] ? clear_bhb_loop+0x40/0x90 [ 1387.917578][T26777] ? clear_bhb_loop+0x40/0x90 [ 1387.922351][T26777] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1387.928260][T26777] RIP: 0033:0x7f9fc8d9c819 [ 1387.932698][T26777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1387.952325][T26777] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1387.960840][T26777] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1387.968821][T26777] RDX: 0000000000000050 RSI: 0000200000000bc0 RDI: 000000000000000a [ 1387.976900][T26777] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1387.984877][T26777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1387.992877][T26777] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1388.001049][T26777] [ 1388.087798][T26779] tap1: tun_chr_ioctl cmd 35108 [ 1388.357679][T26770] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.6795'. [ 1388.438127][T26770] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1388.479942][T26770] CPU: 1 PID: 26770 Comm: syz.1.6795 Not tainted syzkaller #0 [ 1388.487561][T26770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1388.497730][T26770] Call Trace: [ 1388.501026][T26770] [ 1388.503971][T26770] dump_stack_lvl+0x18c/0x250 [ 1388.508686][T26770] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1388.514954][T26770] ? show_regs_print_info+0x20/0x20 [ 1388.520269][T26770] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1388.526448][T26770] ? dump_stack+0x9/0x20 [ 1388.530712][T26770] sysfs_warn_dup+0x8e/0xa0 [ 1388.535241][T26770] sysfs_do_create_link_sd+0xc0/0x110 [ 1388.540624][T26770] device_add_class_symlinks+0x1cf/0x240 [ 1388.546282][T26770] device_add+0x507/0xc20 [ 1388.550721][T26770] wiphy_register+0x1dad/0x2ae0 [ 1388.555619][T26770] ? cfg80211_event_work+0x40/0x40 [ 1388.560847][T26770] ? minstrel_ht_alloc+0x88a/0x990 [ 1388.565987][T26770] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1388.572247][T26770] ieee80211_register_hw+0x3464/0x4250 [ 1388.577744][T26770] ? ieee80211_tasklet_handler+0x20/0x20 [ 1388.583425][T26770] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1388.589424][T26770] ? __debug_object_init+0xec/0x450 [ 1388.594645][T26770] ? __asan_memset+0x22/0x40 [ 1388.599413][T26770] ? __hrtimer_init+0x186/0x270 [ 1388.604387][T26770] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1388.610149][T26770] ? mac80211_hwsim_free+0x220/0x220 [ 1388.615445][T26770] ? rcu_is_watching+0x15/0xb0 [ 1388.620310][T26770] ? kstrndup+0xbd/0x140 [ 1388.624576][T26770] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1388.629793][T26770] ? __nla_validate+0x50/0x50 [ 1388.634493][T26770] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1388.640846][T26770] ? __nla_parse+0x40/0x50 [ 1388.645275][T26770] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1388.651626][T26770] genl_family_rcv_msg_doit+0x211/0x310 [ 1388.657210][T26770] ? end_current_label_crit_section+0x170/0x170 [ 1388.663511][T26770] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1388.669540][T26770] ? bpf_lsm_capable+0x9/0x10 [ 1388.674240][T26770] ? security_capable+0x89/0xb0 [ 1388.679147][T26770] genl_rcv_msg+0x619/0x7a0 [ 1388.683684][T26770] ? genl_bind+0x360/0x360 [ 1388.688287][T26770] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1388.694644][T26770] netlink_rcv_skb+0x241/0x4d0 [ 1388.699613][T26770] ? genl_bind+0x360/0x360 [ 1388.704129][T26770] ? netlink_ack+0x1180/0x1180 [ 1388.709009][T26770] ? __lock_acquire+0x7d40/0x7d40 [ 1388.714064][T26770] ? down_read+0x1ac/0x2e0 [ 1388.718497][T26770] genl_rcv+0x28/0x40 [ 1388.722501][T26770] netlink_unicast+0x751/0x8d0 [ 1388.727300][T26770] netlink_sendmsg+0x8d0/0xbf0 [ 1388.732093][T26770] ? netlink_getsockopt+0x590/0x590 [ 1388.737338][T26770] ? aa_sock_msg_perm+0x94/0x150 [ 1388.742413][T26770] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1388.747728][T26770] ? security_socket_sendmsg+0x80/0xa0 [ 1388.753209][T26770] ? netlink_getsockopt+0x590/0x590 [ 1388.758431][T26770] ____sys_sendmsg+0x5ba/0x960 [ 1388.763224][T26770] ? __asan_memset+0x22/0x40 [ 1388.767836][T26770] ? __sys_sendmsg_sock+0x30/0x30 [ 1388.772869][T26770] ? __import_iovec+0x5f2/0x850 [ 1388.777745][T26770] ? import_iovec+0x73/0xa0 [ 1388.782263][T26770] ___sys_sendmsg+0x2a6/0x360 [ 1388.787142][T26770] ? __sys_sendmsg+0x2a0/0x2a0 [ 1388.792106][T26770] __se_sys_sendmsg+0x1c2/0x2b0 [ 1388.797013][T26770] ? __x64_sys_sendmsg+0x80/0x80 [ 1388.801997][T26770] ? lockdep_hardirqs_on+0x98/0x150 [ 1388.807221][T26770] do_syscall_64+0x55/0xa0 [ 1388.811669][T26770] ? clear_bhb_loop+0x40/0x90 [ 1388.816373][T26770] ? clear_bhb_loop+0x40/0x90 [ 1388.821099][T26770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1388.827041][T26770] RIP: 0033:0x7f070259c819 [ 1388.831601][T26770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1388.851323][T26770] RSP: 002b:00007f0703419028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1388.860138][T26770] RAX: ffffffffffffffda RBX: 00007f0702816090 RCX: 00007f070259c819 [ 1388.868139][T26770] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 1388.876481][T26770] RBP: 00007f0702632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1388.884493][T26770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1388.892597][T26770] R13: 00007f0702816128 R14: 00007f0702816090 R15: 00007ffe01689718 [ 1388.900788][T26770] [ 1389.211119][T20539] wlan1: Trigger new scan to find an IBSS to join [ 1389.268676][T26793] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1389.363466][T26798] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6805'. [ 1389.448967][T26802] netlink: 'syz.1.6806': attribute type 5 has an invalid length. [ 1389.465365][T26802] netlink: 'syz.1.6806': attribute type 1 has an invalid length. [ 1389.473907][T26802] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.6806'. [ 1389.598504][T26804] delete_channel: no stack [ 1389.610543][T26804] delete_channel: no stack [ 1389.686748][T26800] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1390.740970][T26825] tap1: tun_chr_ioctl cmd 35108 [ 1390.851731][T26818] netlink: 'syz.3.6810': attribute type 10 has an invalid length. [ 1390.861504][T26818] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6810'. [ 1390.913921][T26820] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1391.248777][T26832] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1391.281468][ T8881] wlan1: Trigger new scan to find an IBSS to join [ 1391.597028][T26841] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1392.241450][T26852] FAULT_INJECTION: forcing a failure. [ 1392.241450][T26852] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1392.254721][T26852] CPU: 1 PID: 26852 Comm: syz.1.6820 Not tainted syzkaller #0 [ 1392.262233][T26852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1392.272407][T26852] Call Trace: [ 1392.275732][T26852] [ 1392.278699][T26852] dump_stack_lvl+0x18c/0x250 [ 1392.283432][T26852] ? show_regs_print_info+0x20/0x20 [ 1392.288935][T26852] ? load_image+0x420/0x420 [ 1392.293481][T26852] ? __might_fault+0xaa/0x120 [ 1392.298174][T26852] ? __lock_acquire+0x7d40/0x7d40 [ 1392.303216][T26852] should_fail_ex+0x39d/0x4d0 [ 1392.308010][T26852] _copy_from_user+0x2f/0xe0 [ 1392.312707][T26852] __sys_bpf+0x23e/0x890 [ 1392.316972][T26852] ? bpf_link_show_fdinfo+0x390/0x390 [ 1392.322372][T26852] ? lock_chain_count+0x20/0x20 [ 1392.327353][T26852] __x64_sys_bpf+0x7c/0x90 [ 1392.331786][T26852] do_syscall_64+0x55/0xa0 [ 1392.336211][T26852] ? clear_bhb_loop+0x40/0x90 [ 1392.340906][T26852] ? clear_bhb_loop+0x40/0x90 [ 1392.345595][T26852] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1392.351612][T26852] RIP: 0033:0x7f070259c819 [ 1392.356049][T26852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1392.375682][T26852] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1392.384119][T26852] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1392.392100][T26852] RDX: 0000000000000048 RSI: 0000200000000200 RDI: 0000000000000005 [ 1392.400171][T26852] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1392.408151][T26852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1392.416136][T26852] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1392.424569][T26852] [ 1392.466430][T26854] netlink: 'syz.0.6821': attribute type 5 has an invalid length. [ 1392.480647][T26847] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1392.483721][T26854] netlink: 'syz.0.6821': attribute type 1 has an invalid length. [ 1392.483746][T26854] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.6821'. [ 1392.919093][T26858] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1393.076978][T26865] tap0: tun_chr_ioctl cmd 35108 [ 1394.009829][T26875] netlink: 'syz.1.6825': attribute type 10 has an invalid length. [ 1394.022790][T26875] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6825'. [ 1394.078534][T26877] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1394.477928][T26898] FAULT_INJECTION: forcing a failure. [ 1394.477928][T26898] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1394.515558][T26898] CPU: 1 PID: 26898 Comm: syz.3.6831 Not tainted syzkaller #0 [ 1394.523146][T26898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1394.533388][T26898] Call Trace: [ 1394.536716][T26898] [ 1394.539689][T26898] dump_stack_lvl+0x18c/0x250 [ 1394.544434][T26898] ? show_regs_print_info+0x20/0x20 [ 1394.549686][T26898] ? load_image+0x420/0x420 [ 1394.554250][T26898] ? __might_fault+0xaa/0x120 [ 1394.559077][T26898] ? __lock_acquire+0x7d40/0x7d40 [ 1394.564159][T26898] should_fail_ex+0x39d/0x4d0 [ 1394.569262][T26898] _copy_from_user+0x2f/0xe0 [ 1394.573902][T26898] __sys_bpf+0x23e/0x890 [ 1394.578198][T26898] ? bpf_link_show_fdinfo+0x390/0x390 [ 1394.583825][T26898] ? lock_chain_count+0x20/0x20 [ 1394.588749][T26898] __x64_sys_bpf+0x7c/0x90 [ 1394.593232][T26898] do_syscall_64+0x55/0xa0 [ 1394.597695][T26898] ? clear_bhb_loop+0x40/0x90 [ 1394.602447][T26898] ? clear_bhb_loop+0x40/0x90 [ 1394.607179][T26898] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1394.613113][T26898] RIP: 0033:0x7f9fc8d9c819 [ 1394.617654][T26898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1394.637393][T26898] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1394.645843][T26898] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1394.654065][T26898] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 1394.662141][T26898] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1394.670210][T26898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1394.678189][T26898] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1394.686290][T26898] [ 1394.745870][T26886] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1394.971861][T26905] tap1: tun_chr_ioctl cmd 35108 [ 1395.237987][ T2950] wlan1: Trigger new scan to find an IBSS to join [ 1396.141614][T26912] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1396.262163][ T2950] wlan1: Trigger new scan to find an IBSS to join [ 1397.141614][T26940] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1397.490539][T26932] netlink: 'syz.2.6838': attribute type 10 has an invalid length. [ 1397.588991][T26932] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6838'. [ 1397.772754][T26932] batman_adv: batadv0: Adding interface: veth1_virt_wifi [ 1398.067971][T26932] batman_adv: batadv0: The MTU of interface veth1_virt_wifi is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1398.109035][T26932] batman_adv: batadv0: Interface activated: veth1_virt_wifi [ 1398.391522][T26960] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1398.462938][T26963] tap0: tun_chr_ioctl cmd 35108 [ 1400.291906][ T1129] wlan1: Trigger new scan to find an IBSS to join [ 1401.319677][T26987] netlink: 'syz.2.6849': attribute type 5 has an invalid length. [ 1401.362344][T26987] netlink: 'syz.2.6849': attribute type 1 has an invalid length. [ 1401.541138][T26987] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.6849'. [ 1402.244484][ T1129] wlan1: Trigger new scan to find an IBSS to join [ 1404.304366][ T2950] wlan1: Trigger new scan to find an IBSS to join [ 1404.326597][T26993] netlink: 'syz.0.6850': attribute type 10 has an invalid length. [ 1404.336741][T26993] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6850'. [ 1404.675577][T27008] FAULT_INJECTION: forcing a failure. [ 1404.675577][T27008] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.776948][T27008] CPU: 0 PID: 27008 Comm: syz.2.6853 Not tainted syzkaller #0 [ 1404.784679][T27008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1404.794831][T27008] Call Trace: [ 1404.798209][T27008] [ 1404.801231][T27008] dump_stack_lvl+0x18c/0x250 [ 1404.806039][T27008] ? show_regs_print_info+0x20/0x20 [ 1404.811358][T27008] ? load_image+0x420/0x420 [ 1404.815998][T27008] ? __might_sleep+0xe0/0xe0 [ 1404.820693][T27008] ? __lock_acquire+0x7d40/0x7d40 [ 1404.825841][T27008] ? perf_tp_event+0x1520/0x1520 [ 1404.830936][T27008] should_fail_ex+0x39d/0x4d0 [ 1404.835873][T27008] should_failslab+0x9/0x20 [ 1404.840465][T27008] slab_pre_alloc_hook+0x59/0x310 [ 1404.845590][T27008] ? perf_tp_event+0x13d7/0x1520 [ 1404.850651][T27008] kmem_cache_alloc_node+0x60/0x320 [ 1404.856036][T27008] ? __alloc_skb+0x103/0x2c0 [ 1404.860782][T27008] __alloc_skb+0x103/0x2c0 [ 1404.865343][T27008] alloc_skb_with_frags+0xca/0x7b0 [ 1404.870667][T27008] sock_alloc_send_pskb+0x883/0x9a0 [ 1404.876125][T27008] ? sock_kzfree_s+0x50/0x50 [ 1404.880887][T27008] ? perf_trace_run_bpf_submit+0xf4/0x1c0 [ 1404.886820][T27008] tun_get_user+0x82c/0x3ca0 [ 1404.891688][T27008] ? aa_file_perm+0x11b/0xee0 [ 1404.896555][T27008] ? rcu_read_unlock+0xa0/0xa0 [ 1404.901560][T27008] ? tun_get+0x1c/0x2e0 [ 1404.905837][T27008] ? __lock_acquire+0x7d40/0x7d40 [ 1404.911047][T27008] ? tun_get+0x1c/0x2e0 [ 1404.915414][T27008] tun_chr_write_iter+0x119/0x200 [ 1404.920683][T27008] vfs_write+0x46c/0x990 [ 1404.925206][T27008] ? file_end_write+0x250/0x250 [ 1404.930395][T27008] ? __fget_files+0x43d/0x4b0 [ 1404.935482][T27008] ? __fdget_pos+0x1d8/0x330 [ 1404.940174][T27008] ? ksys_write+0x75/0x260 [ 1404.944728][T27008] ksys_write+0x150/0x260 [ 1404.949269][T27008] ? __ia32_sys_read+0x90/0x90 [ 1404.954174][T27008] ? lockdep_hardirqs_on+0x98/0x150 [ 1404.959584][T27008] do_syscall_64+0x55/0xa0 [ 1404.964196][T27008] ? clear_bhb_loop+0x40/0x90 [ 1404.969134][T27008] ? clear_bhb_loop+0x40/0x90 [ 1404.974008][T27008] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1404.979984][T27008] RIP: 0033:0x7f980bb9c819 [ 1404.984497][T27008] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1405.004544][T27008] RSP: 002b:00007f980ca68028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1405.013089][T27008] RAX: ffffffffffffffda RBX: 00007f980be15fa0 RCX: 00007f980bb9c819 [ 1405.021144][T27008] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 00000000000000c8 [ 1405.029295][T27008] RBP: 00007f980ca68090 R08: 0000000000000000 R09: 0000000000000000 [ 1405.037355][T27008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1405.045592][T27008] R13: 00007f980be16038 R14: 00007f980be15fa0 R15: 00007ffc566ff2a8 [ 1405.053952][T27008] [ 1405.284317][T27018] netlink: 'syz.1.6859': attribute type 5 has an invalid length. [ 1405.311094][T27018] netlink: 'syz.1.6859': attribute type 1 has an invalid length. [ 1405.319426][T27018] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.6859'. [ 1406.018217][ T1129] wlan1: Creating new IBSS network, BSSID e6:78:6d:67:81:16 [ 1407.026489][T27028] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1407.146593][T27038] FAULT_INJECTION: forcing a failure. [ 1407.146593][T27038] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.181042][T27038] CPU: 0 PID: 27038 Comm: syz.0.6865 Not tainted syzkaller #0 [ 1407.188588][T27038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1407.198691][T27038] Call Trace: [ 1407.202013][T27038] [ 1407.205160][T27038] dump_stack_lvl+0x18c/0x250 [ 1407.209908][T27038] ? show_regs_print_info+0x20/0x20 [ 1407.215352][T27038] ? load_image+0x420/0x420 [ 1407.219917][T27038] should_fail_ex+0x39d/0x4d0 [ 1407.224741][T27038] should_failslab+0x9/0x20 [ 1407.229420][T27038] slab_pre_alloc_hook+0x59/0x310 [ 1407.234510][T27038] ? verify_lock_unused+0x140/0x140 [ 1407.239857][T27038] kmem_cache_alloc_node+0x60/0x320 [ 1407.245194][T27038] ? is_dynamic_key+0x260/0x260 [ 1407.250085][T27038] ? __alloc_skb+0x103/0x2c0 [ 1407.254729][T27038] __alloc_skb+0x103/0x2c0 [ 1407.259202][T27038] _sctp_make_chunk+0x5e/0x420 [ 1407.264201][T27038] sctp_make_shutdown+0xb8/0x3d0 [ 1407.269362][T27038] ? sctp_make_sack+0x730/0x730 [ 1407.274274][T27038] sctp_sf_do_9_2_start_shutdown+0x2b/0x4b0 [ 1407.280224][T27038] ? sctp_sf_do_9_2_prm_shutdown+0xd2/0x130 [ 1407.286179][T27038] sctp_do_sm+0x23a/0x5a60 [ 1407.290628][T27038] ? sctp_cname+0x110/0x110 [ 1407.295259][T27038] ? mark_lock+0x94/0x320 [ 1407.299631][T27038] ? verify_lock_unused+0x140/0x140 [ 1407.304875][T27038] ? sctp_generate_t3_rtx_event+0x340/0x340 [ 1407.310853][T27038] ? _raw_spin_unlock+0x40/0x40 [ 1407.315743][T27038] ? __local_bh_enable_ip+0x13a/0x1c0 [ 1407.321168][T27038] ? lockdep_hardirqs_on+0x98/0x150 [ 1407.326426][T27038] sctp_primitive_SHUTDOWN+0x98/0xc0 [ 1407.331774][T27038] sctp_close+0x408/0x910 [ 1407.336169][T27038] ? __sctp_write_space+0x530/0x530 [ 1407.341421][T27038] ? down_write+0x16e/0x200 [ 1407.345976][T27038] ? ip_mc_drop_socket+0x25a/0x270 [ 1407.351381][T27038] inet_release+0x13d/0x180 [ 1407.355941][T27038] sock_close+0xbd/0x230 [ 1407.360223][T27038] ? sock_mmap+0xa0/0xa0 [ 1407.364512][T27038] __fput+0x234/0x970 [ 1407.368541][T27038] __se_sys_close+0x15f/0x220 [ 1407.373267][T27038] do_syscall_64+0x55/0xa0 [ 1407.377725][T27038] ? clear_bhb_loop+0x40/0x90 [ 1407.382446][T27038] ? clear_bhb_loop+0x40/0x90 [ 1407.387177][T27038] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1407.393116][T27038] RIP: 0033:0x7f3b7699c819 [ 1407.397580][T27038] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1407.417451][T27038] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1407.426275][T27038] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1407.434319][T27038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1407.442035][T20539] wlan1: Trigger new scan to find an IBSS to join [ 1407.442308][T27038] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1407.456878][T27038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1407.464984][T27038] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1407.473030][T27038] [ 1407.654075][T27031] netlink: 'syz.1.6862': attribute type 10 has an invalid length. [ 1407.691282][T27031] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6862'. [ 1408.131854][T27050] tap1: tun_chr_ioctl cmd 35108 [ 1408.519525][T27055] netlink: 'syz.0.6871': attribute type 5 has an invalid length. [ 1408.573334][T27055] netlink: 'syz.0.6871': attribute type 1 has an invalid length. [ 1408.610954][T27055] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.6871'. [ 1409.051598][ T2950] wlan1: Creating new IBSS network, BSSID f6:3d:3c:62:a5:40 [ 1410.651594][T27067] netlink: 'syz.1.6875': attribute type 10 has an invalid length. [ 1410.683271][T27067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6875'. [ 1410.858958][T27060] netlink: 'syz.3.6873': attribute type 10 has an invalid length. [ 1410.952542][T27060] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6873'. [ 1411.771463][T27081] netlink: 'syz.3.6878': attribute type 10 has an invalid length. [ 1411.885296][T27081] team0: Device wg1 is of different type [ 1412.009217][T27088] tap1: tun_chr_ioctl cmd 35108 [ 1412.765775][T27091] netlink: 'syz.3.6881': attribute type 10 has an invalid length. [ 1412.778283][T27091] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6881'. [ 1413.515768][T27100] netlink: 'syz.1.6884': attribute type 10 has an invalid length. [ 1413.567710][T27100] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6884'. [ 1413.652114][T27098] netlink: 'syz.2.6883': attribute type 10 has an invalid length. [ 1413.685825][T27098] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6883'. [ 1413.778482][T27108] netlink: 'syz.0.6886': attribute type 10 has an invalid length. [ 1413.926705][T27108] team0: Device wg1 is of different type [ 1414.223822][T27116] tap0: tun_chr_ioctl cmd 35108 [ 1414.237426][T27111] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1414.810419][T27121] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1414.827282][T27131] netlink: 140 bytes leftover after parsing attributes in process `syz.3.6894'. [ 1414.847643][T27131] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.6894'. [ 1414.974860][T27119] netlink: 'syz.2.6890': attribute type 10 has an invalid length. [ 1414.993263][T27119] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6890'. [ 1415.527285][T27137] netlink: 'syz.3.6896': attribute type 10 has an invalid length. [ 1415.543151][T27137] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6896'. [ 1415.700749][T27136] netlink: 'syz.0.6897': attribute type 10 has an invalid length. [ 1415.709891][T27136] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6897'. [ 1415.989853][T27147] netlink: 'syz.2.6900': attribute type 5 has an invalid length. [ 1416.011689][T27146] tap0: tun_chr_ioctl cmd 35108 [ 1416.025176][T27147] netlink: 'syz.2.6900': attribute type 1 has an invalid length. [ 1416.049189][T27147] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.6900'. [ 1416.263545][ T8881] wlan1: Trigger new scan to find an IBSS to join [ 1416.793074][T27161] FAULT_INJECTION: forcing a failure. [ 1416.793074][T27161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1416.816251][T27161] CPU: 0 PID: 27161 Comm: syz.3.6904 Not tainted syzkaller #0 [ 1416.824053][T27161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1416.834335][T27161] Call Trace: [ 1416.837652][T27161] [ 1416.840633][T27161] dump_stack_lvl+0x18c/0x250 [ 1416.845556][T27161] ? show_regs_print_info+0x20/0x20 [ 1416.850810][T27161] ? load_image+0x420/0x420 [ 1416.855399][T27161] ? __might_fault+0xaa/0x120 [ 1416.860158][T27161] ? __lock_acquire+0x7d40/0x7d40 [ 1416.865232][T27161] should_fail_ex+0x39d/0x4d0 [ 1416.869963][T27161] _copy_from_user+0x2f/0xe0 [ 1416.874690][T27161] __sys_bpf+0x23e/0x890 [ 1416.879064][T27161] ? bpf_link_show_fdinfo+0x390/0x390 [ 1416.884504][T27161] ? lock_chain_count+0x20/0x20 [ 1416.889404][T27161] __x64_sys_bpf+0x7c/0x90 [ 1416.893958][T27161] do_syscall_64+0x55/0xa0 [ 1416.898427][T27161] ? clear_bhb_loop+0x40/0x90 [ 1416.903156][T27161] ? clear_bhb_loop+0x40/0x90 [ 1416.907956][T27161] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1416.914064][T27161] RIP: 0033:0x7f9fc8d9c819 [ 1416.918518][T27161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1416.938281][T27161] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1416.946917][T27161] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1416.955020][T27161] RDX: 0000000000000094 RSI: 0000200000000240 RDI: 0000000000000005 [ 1416.963151][T27161] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1416.971342][T27161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1416.979444][T27161] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1416.987563][T27161] [ 1417.603638][T27169] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1418.219785][T27187] €Â0: renamed from batadv_slave_1 (while UP) [ 1418.280460][T27190] FAULT_INJECTION: forcing a failure. [ 1418.280460][T27190] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.395680][T27190] CPU: 0 PID: 27190 Comm: syz.0.6911 Not tainted syzkaller #0 [ 1418.403402][T27190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1418.413856][T27190] Call Trace: [ 1418.417246][T27190] [ 1418.420423][T27190] dump_stack_lvl+0x18c/0x250 [ 1418.425269][T27190] ? show_regs_print_info+0x20/0x20 [ 1418.430610][T27190] ? load_image+0x420/0x420 [ 1418.435165][T27190] ? __might_sleep+0xe0/0xe0 [ 1418.439882][T27190] ? __lock_acquire+0x7d40/0x7d40 [ 1418.444950][T27190] should_fail_ex+0x39d/0x4d0 [ 1418.449673][T27190] should_failslab+0x9/0x20 [ 1418.454221][T27190] slab_pre_alloc_hook+0x59/0x310 [ 1418.459464][T27190] kmem_cache_alloc_lru+0x4d/0x2d0 [ 1418.464892][T27190] ? sock_alloc_inode+0x28/0xc0 [ 1418.469786][T27190] sock_alloc_inode+0x28/0xc0 [ 1418.474519][T27190] ? sockfs_init_fs_context+0xb0/0xb0 [ 1418.480010][T27190] new_inode_pseudo+0x63/0x1d0 [ 1418.484810][T27190] __sock_create+0x12d/0x940 [ 1418.489640][T27190] mptcp_subflow_create_socket+0x10b/0xac0 [ 1418.495515][T27190] ? mark_lock+0x94/0x320 [ 1418.499893][T27190] ? __mptcp_subflow_connect+0x1450/0x1450 [ 1418.505759][T27190] ? lock_chain_count+0x20/0x20 [ 1418.510844][T27190] __mptcp_nmpc_sk+0x157/0x740 [ 1418.515661][T27190] ? __local_bh_enable_ip+0x13a/0x1c0 [ 1418.521072][T27190] ? __bpf_trace_subflow_check_data_avail+0x160/0x160 [ 1418.527993][T27190] mptcp_setsockopt+0x1745/0x3390 [ 1418.533173][T27190] ? aa_sk_perm+0x83c/0x970 [ 1418.537719][T27190] ? __fget_files+0x28/0x4b0 [ 1418.542345][T27190] ? pm_nl_exit_net+0x230/0x230 [ 1418.547211][T27190] ? aa_af_perm+0x330/0x330 [ 1418.551739][T27190] ? __fget_files+0x28/0x4b0 [ 1418.556372][T27190] ? __fget_files+0x28/0x4b0 [ 1418.561023][T27190] ? aa_sock_opt_perm+0x74/0x100 [ 1418.566026][T27190] ? sock_common_setsockopt+0x36/0xc0 [ 1418.571426][T27190] ? sock_common_recvmsg+0x190/0x190 [ 1418.576752][T27190] do_sock_setsockopt+0x175/0x1a0 [ 1418.581821][T27190] __x64_sys_setsockopt+0x182/0x200 [ 1418.587075][T27190] do_syscall_64+0x55/0xa0 [ 1418.590709][T27181] netlink: 'syz.3.6909': attribute type 10 has an invalid length. [ 1418.591510][T27190] ? clear_bhb_loop+0x40/0x90 [ 1418.591581][T27190] ? clear_bhb_loop+0x40/0x90 [ 1418.591609][T27190] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1418.591634][T27190] RIP: 0033:0x7f3b7699c819 [ 1418.591655][T27190] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1418.591673][T27190] RSP: 002b:00007f3b77890028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1418.591698][T27190] RAX: ffffffffffffffda RBX: 00007f3b76c16090 RCX: 00007f3b7699c819 [ 1418.591713][T27190] RDX: 000000000000000f RSI: 0000000000000001 RDI: 000000000000000b [ 1418.591726][T27190] RBP: 00007f3b77890090 R08: 0000000000000004 R09: 0000000000000000 [ 1418.591739][T27190] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1418.591754][T27190] R13: 00007f3b76c16128 R14: 00007f3b76c16090 R15: 00007ffed9903eb8 [ 1418.591785][T27190] [ 1418.663505][T27190] socket: no more sockets [ 1418.684736][T27181] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6909'. [ 1418.821851][T27192] tap1: tun_chr_ioctl cmd 35108 [ 1419.196694][T27200] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1419.853383][T27202] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1420.251392][ T492] wlan1: Trigger new scan to find an IBSS to join [ 1420.317809][T27213] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1420.778668][T27227] tap0: tun_chr_ioctl cmd 35108 [ 1421.275432][T25582] wlan1: Creating new IBSS network, BSSID ce:f3:5f:be:60:65 [ 1421.472425][T27235] netlink: 'syz.1.6926': attribute type 10 has an invalid length. [ 1421.625732][T27235] team0: Device wg1 is of different type [ 1421.642415][T27246] FAULT_INJECTION: forcing a failure. [ 1421.642415][T27246] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1421.657665][T27246] CPU: 0 PID: 27246 Comm: syz.3.6930 Not tainted syzkaller #0 [ 1421.665369][T27246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1421.675578][T27246] Call Trace: [ 1421.678995][T27246] [ 1421.681974][T27246] dump_stack_lvl+0x18c/0x250 [ 1421.686717][T27246] ? show_regs_print_info+0x20/0x20 [ 1421.691986][T27246] ? load_image+0x420/0x420 [ 1421.696639][T27246] ? __might_fault+0xaa/0x120 [ 1421.701458][T27246] ? __lock_acquire+0x7d40/0x7d40 [ 1421.706745][T27246] should_fail_ex+0x39d/0x4d0 [ 1421.711505][T27246] _copy_from_iter+0x1d9/0x12e0 [ 1421.716420][T27246] ? copyout_mc+0x70/0x70 [ 1421.720786][T27246] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1421.726874][T27246] ? lock_chain_count+0x20/0x20 [ 1421.731765][T27246] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1421.736846][T27246] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1421.742426][T27246] ? page_copy_sane+0x4e/0x270 [ 1421.747241][T27246] copy_page_from_iter+0x7b/0x100 [ 1421.752381][T27246] pipe_write+0x868/0x1b10 [ 1421.757016][T27246] ? pipe_read+0x1310/0x1310 [ 1421.761821][T27246] ? end_current_label_crit_section+0x149/0x170 [ 1421.768128][T27246] ? common_file_perm+0x198/0x1f0 [ 1421.773474][T27246] vfs_write+0x46c/0x990 [ 1421.777766][T27246] ? file_end_write+0x250/0x250 [ 1421.782730][T27246] ? __fget_files+0x43d/0x4b0 [ 1421.787530][T27246] ? __fdget_pos+0x1d8/0x330 [ 1421.792243][T27246] ? ksys_write+0x75/0x260 [ 1421.796713][T27246] ksys_write+0x150/0x260 [ 1421.801245][T27246] ? __ia32_sys_read+0x90/0x90 [ 1421.806047][T27246] ? lockdep_hardirqs_on+0x98/0x150 [ 1421.811277][T27246] do_syscall_64+0x55/0xa0 [ 1421.816081][T27246] ? clear_bhb_loop+0x40/0x90 [ 1421.820907][T27246] ? clear_bhb_loop+0x40/0x90 [ 1421.825633][T27246] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1421.831774][T27246] RIP: 0033:0x7f9fc8d9c819 [ 1421.836384][T27246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1421.856473][T27246] RSP: 002b:00007f9fc9c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1421.865352][T27246] RAX: ffffffffffffffda RBX: 00007f9fc9015fa0 RCX: 00007f9fc8d9c819 [ 1421.873480][T27246] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000000 [ 1421.881555][T27246] RBP: 00007f9fc9c19090 R08: 0000000000000000 R09: 0000000000000000 [ 1421.889649][T27246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1421.897748][T27246] R13: 00007f9fc9016038 R14: 00007f9fc9015fa0 R15: 00007ffc00ebfb98 [ 1421.905936][T27246] [ 1422.047757][T27229] netlink: 'syz.0.6924': attribute type 10 has an invalid length. [ 1422.058988][T27229] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6924'. [ 1422.069668][T27244] netlink: 'syz.2.6928': attribute type 6 has an invalid length. [ 1422.083770][T27244] netlink: 140 bytes leftover after parsing attributes in process `syz.2.6928'. [ 1422.254418][ T492] wlan1: Trigger new scan to find an IBSS to join [ 1422.437456][T27252] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1422.858757][T27265] tap1: tun_chr_ioctl cmd 35108 [ 1423.446211][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.452838][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.493102][T27264] netlink: 'syz.0.6937': attribute type 10 has an invalid length. [ 1423.541275][T27264] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6937'. [ 1423.570611][T27273] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1423.595790][T27268] netlink: 'syz.2.6938': attribute type 10 has an invalid length. [ 1423.629896][T27279] FAULT_INJECTION: forcing a failure. [ 1423.629896][T27279] name failslab, interval 1, probability 0, space 0, times 0 [ 1423.651819][T27268] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6938'. [ 1423.681122][T27279] CPU: 1 PID: 27279 Comm: syz.1.6941 Not tainted syzkaller #0 [ 1423.688829][T27279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1423.699025][T27279] Call Trace: [ 1423.702448][T27279] [ 1423.705478][T27279] dump_stack_lvl+0x18c/0x250 [ 1423.710298][T27279] ? show_regs_print_info+0x20/0x20 [ 1423.715556][T27279] ? load_image+0x420/0x420 [ 1423.720154][T27279] ? __might_sleep+0xe0/0xe0 [ 1423.724880][T27279] ? __lock_acquire+0x7d40/0x7d40 [ 1423.729946][T27279] should_fail_ex+0x39d/0x4d0 [ 1423.735118][T27279] should_failslab+0x9/0x20 [ 1423.739658][T27279] slab_pre_alloc_hook+0x59/0x310 [ 1423.744852][T27279] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1423.750725][T27279] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1423.756514][T27279] __kmem_cache_alloc_node+0x53/0x250 [ 1423.761986][T27279] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1423.767758][T27279] __kmalloc+0xa4/0x230 [ 1423.772136][T27279] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1423.777903][T27279] tomoyo_path_number_perm+0x248/0x620 [ 1423.783607][T27279] ? tomoyo_path_number_perm+0x217/0x620 [ 1423.789409][T27279] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1423.795015][T27279] ? ksys_write+0x1c4/0x260 [ 1423.799869][T27279] ? __fget_files+0x28/0x4b0 [ 1423.804515][T27279] ? __fget_files+0x28/0x4b0 [ 1423.809216][T27279] security_file_ioctl+0x70/0xa0 [ 1423.814290][T27279] __se_sys_ioctl+0x48/0x170 [ 1423.819052][T27279] do_syscall_64+0x55/0xa0 [ 1423.823521][T27279] ? clear_bhb_loop+0x40/0x90 [ 1423.828323][T27279] ? clear_bhb_loop+0x40/0x90 [ 1423.833050][T27279] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1423.839072][T27279] RIP: 0033:0x7f070259c819 [ 1423.843524][T27279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1423.863606][T27279] RSP: 002b:00007f070343a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1423.872541][T27279] RAX: ffffffffffffffda RBX: 00007f0702815fa0 RCX: 00007f070259c819 [ 1423.880747][T27279] RDX: 000000110e22fff5 RSI: 0000000000005421 RDI: 0000000000000003 [ 1423.888777][T27279] RBP: 00007f070343a090 R08: 0000000000000000 R09: 0000000000000000 [ 1423.897056][T27279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1423.905068][T27279] R13: 00007f0702816038 R14: 00007f0702815fa0 R15: 00007ffe01689718 [ 1423.913102][T27279] [ 1423.959308][T27279] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1424.134236][T27285] netlink: 'syz.1.6943': attribute type 6 has an invalid length. [ 1424.161895][T27285] netlink: 140 bytes leftover after parsing attributes in process `syz.1.6943'. [ 1424.503499][T27297] tap1: tun_chr_ioctl cmd 35108 [ 1424.770695][T27293] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1425.332485][T27309] mac80211_hwsim hwsim40 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1425.668216][T27325] FAULT_INJECTION: forcing a failure. [ 1425.668216][T27325] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1425.750894][T27325] CPU: 0 PID: 27325 Comm: syz.0.6956 Not tainted syzkaller #0 [ 1425.758545][T27325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1425.768832][T27325] Call Trace: [ 1425.772239][T27325] [ 1425.775223][T27325] dump_stack_lvl+0x18c/0x250 [ 1425.780048][T27325] ? show_regs_print_info+0x20/0x20 [ 1425.785298][T27325] ? load_image+0x420/0x420 [ 1425.789942][T27325] ? __might_fault+0xaa/0x120 [ 1425.794662][T27325] ? __lock_acquire+0x7d40/0x7d40 [ 1425.799746][T27325] should_fail_ex+0x39d/0x4d0 [ 1425.804496][T27325] _copy_from_user+0x2f/0xe0 [ 1425.809147][T27325] __sys_bpf+0x23e/0x890 [ 1425.813444][T27325] ? bpf_link_show_fdinfo+0x390/0x390 [ 1425.819015][T27325] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1425.825228][T27325] __x64_sys_bpf+0x7c/0x90 [ 1425.829771][T27325] do_syscall_64+0x55/0xa0 [ 1425.834221][T27325] ? clear_bhb_loop+0x40/0x90 [ 1425.838961][T27325] ? clear_bhb_loop+0x40/0x90 [ 1425.843853][T27325] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1425.849803][T27325] RIP: 0033:0x7f3b7699c819 [ 1425.854286][T27325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1425.874449][T27325] RSP: 002b:00007f3b778b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1425.882924][T27325] RAX: ffffffffffffffda RBX: 00007f3b76c15fa0 RCX: 00007f3b7699c819 [ 1425.890943][T27325] RDX: 000000000000000c RSI: 0000200000000740 RDI: 000000000000000e [ 1425.899051][T27325] RBP: 00007f3b778b1090 R08: 0000000000000000 R09: 0000000000000000 [ 1425.907175][T27325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1425.915207][T27325] R13: 00007f3b76c16038 R14: 00007f3b76c15fa0 R15: 00007ffed9903eb8 [ 1425.923343][T27325] [ 1425.991714][T27327] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1426.024418][T27323] netlink: 'syz.3.6955': attribute type 10 has an invalid length. [ 1426.041229][T27323] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6955'. [ 1426.181936][T27319] netlink: 'syz.2.6953': attribute type 10 has an invalid length. [ 1426.190147][T27319] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6953'. [ 1426.240982][T25582] wlan1: Trigger new scan to find an IBSS to join [ 1426.289888][T27336] tap1: tun_chr_ioctl cmd 35108 [ 1426.441504][T27341] netlink: 'syz.3.6961': attribute type 6 has an invalid length. [ 1426.454522][T27341] netlink: 140 bytes leftover after parsing attributes in process `syz.3.6961'. [ 1426.905083][T27354] netlink: 156 bytes leftover after parsing attributes in process `syz.0.6964'. [ 1427.056782][T27353] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1428.241046][ T11] wlan1: Trigger new scan to find an IBSS to join [ 1429.724069][T27360] netlink: 'syz.0.6968': attribute type 5 has an invalid length. [ 1429.742156][T27360] netlink: 'syz.0.6968': attribute type 1 has an invalid length. [ 1429.752318][T27360] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.6968'. [ 1429.949781][T27367] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1430.485270][T27362] mac80211_hwsim hwsim42 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1430.753652][T27378] tap0: tun_chr_ioctl cmd 35108 [ 1431.122660][T27379] netlink: 'syz.1.6971': attribute type 10 has an invalid length. [ 1431.139181][T27379] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6971'. [ 1431.366036][T27387] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.6975'. [ 1431.430443][T27387] netlink: 'syz.3.6975': attribute type 2 has an invalid length. [ 1431.552981][T27385] netlink: 'syz.0.6974': attribute type 10 has an invalid length. [ 1431.579962][T27385] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6974'. [ 1432.244949][ T8881] wlan1: Trigger new scan to find an IBSS to join [ 1433.281010][ T11] wlan1: Trigger new scan to find an IBSS to join [ 1433.895826][T20539] wlan1: Creating new IBSS network, BSSID 82:39:cc:87:55:ef [ 1434.448344][ T8881] ------------[ cut here ]------------ [ 1434.454526][ T8881] WARNING: CPU: 1 PID: 8881 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440 [ 1434.462206][T27398] mac80211_hwsim hwsim36 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1434.464542][ T8881] Modules linked in: [ 1434.477418][ T8881] CPU: 1 PID: 8881 Comm: kworker/u4:6 Not tainted syzkaller #0 [ 1434.485260][ T8881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1434.495540][ T8881] Workqueue: cfg80211 cfg80211_event_work [ 1434.501901][ T8881] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440 [ 1434.510226][ T8881] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 17 d6 a0 f7 0f 0b eb bb e8 0e d6 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 00 d6 a0 f7 0f 0b e9 e0 fd ff ff e8 [ 1434.530277][ T8881] RSP: 0018:ffffc900184afa20 EFLAGS: 00010293 [ 1434.536782][ T8881] RAX: ffffffff89e64bc2 RBX: dffffc0000000000 RCX: ffff88802ceb3c00 [ 1434.545438][ T8881] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8de0 [ 1434.554008][ T8881] RBP: ffffc900184afaf8 R08: ffffffff911c456f R09: 1ffffffff22388ad [ 1434.562524][ T8881] R10: dffffc0000000000 R11: fffffbfff22388ae R12: ffff888065110c90 [ 1434.570634][ T8881] R13: 1ffff92003095f4c R14: ffff88805cb135b8 R15: 000000000000001f [ 1434.579069][ T8881] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1434.588184][ T8881] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1434.594885][ T8881] CR2: 00007f980ca689a0 CR3: 0000000063b6a000 CR4: 00000000003506e0 [ 1434.603029][ T8881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1434.611292][ T8881] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 1434.619438][ T8881] Call Trace: [ 1434.622832][ T8881] [ 1434.625808][ T8881] ? mutex_lock_nested+0x20/0x20 [ 1434.630915][ T8881] ? trace_rdev_return_void+0x1c0/0x1c0 [ 1434.636535][ T8881] cfg80211_process_wdev_events+0x3bc/0x550 [ 1434.642541][ T8881] cfg80211_process_rdev_events+0xa1/0x110 [ 1434.648393][ T8881] cfg80211_event_work+0x2f/0x40 [ 1434.653448][ T8881] ? process_scheduled_works+0x96f/0x15d0 [ 1434.659220][ T8881] process_scheduled_works+0xa5d/0x15d0 [ 1434.664903][ T8881] ? worker_attach_to_pool+0x380/0x380 [ 1434.670508][ T8881] ? assign_work+0x3d2/0x5d0 [ 1434.675300][ T8881] worker_thread+0xa55/0xfc0 [ 1434.679938][ T8881] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1434.685943][ T8881] ? _raw_spin_unlock+0x40/0x40 [ 1434.691055][ T8881] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 1434.697028][ T8881] kthread+0x2fa/0x390 [ 1434.701220][ T8881] ? pr_cont_work+0x560/0x560 [ 1434.706053][ T8881] ? kthread_blkcg+0xd0/0xd0 [ 1434.710762][ T8881] ret_from_fork+0x48/0x80 [ 1434.715323][ T8881] ? kthread_blkcg+0xd0/0xd0 [ 1434.719968][ T8881] ret_from_fork_asm+0x11/0x20 [ 1434.725030][ T8881] [ 1434.728192][ T8881] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1434.735600][ T8881] CPU: 1 PID: 8881 Comm: kworker/u4:6 Not tainted syzkaller #0 [ 1434.743191][ T8881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1434.753292][ T8881] Workqueue: cfg80211 cfg80211_event_work [ 1434.759075][ T8881] Call Trace: [ 1434.762481][ T8881] [ 1434.765447][ T8881] dump_stack_lvl+0x18c/0x250 [ 1434.770187][ T8881] ? show_regs_print_info+0x20/0x20 [ 1434.775444][ T8881] ? load_image+0x420/0x420 [ 1434.780023][ T8881] panic+0x2dc/0x730 [ 1434.784041][ T8881] ? bpf_jit_dump+0xd0/0xd0 [ 1434.788600][ T8881] ? ret_from_fork_asm+0x11/0x20 [ 1434.793801][ T8881] __warn+0x2e0/0x470 [ 1434.797840][ T8881] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 1434.803427][ T8881] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 1434.809028][ T8881] report_bug+0x2be/0x4f0 [ 1434.813486][ T8881] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 1434.819081][ T8881] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 1434.824665][ T8881] ? __cfg80211_ibss_joined+0x3d4/0x440 [ 1434.830322][ T8881] handle_bug+0xcf/0x120 [ 1434.834591][ T8881] exc_invalid_op+0x1a/0x50 [ 1434.839104][ T8881] asm_exc_invalid_op+0x1a/0x20 [ 1434.843967][ T8881] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440 [ 1434.850165][ T8881] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 17 d6 a0 f7 0f 0b eb bb e8 0e d6 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 00 d6 a0 f7 0f 0b e9 e0 fd ff ff e8 [ 1434.869898][ T8881] RSP: 0018:ffffc900184afa20 EFLAGS: 00010293 [ 1434.876165][ T8881] RAX: ffffffff89e64bc2 RBX: dffffc0000000000 RCX: ffff88802ceb3c00 [ 1434.884241][ T8881] RDX: 0000000000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8de0 [ 1434.892224][ T8881] RBP: ffffc900184afaf8 R08: ffffffff911c456f R09: 1ffffffff22388ad [ 1434.900288][ T8881] R10: dffffc0000000000 R11: fffffbfff22388ae R12: ffff888065110c90 [ 1434.908363][ T8881] R13: 1ffff92003095f4c R14: ffff88805cb135b8 R15: 000000000000001f [ 1434.916629][ T8881] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 1434.922387][ T8881] ? mutex_lock_nested+0x20/0x20 [ 1434.927353][ T8881] ? trace_rdev_return_void+0x1c0/0x1c0 [ 1434.933008][ T8881] cfg80211_process_wdev_events+0x3bc/0x550 [ 1434.939443][ T8881] cfg80211_process_rdev_events+0xa1/0x110 [ 1434.945291][ T8881] cfg80211_event_work+0x2f/0x40 [ 1434.950534][ T8881] ? process_scheduled_works+0x96f/0x15d0 [ 1434.956382][ T8881] process_scheduled_works+0xa5d/0x15d0 [ 1434.961982][ T8881] ? worker_attach_to_pool+0x380/0x380 [ 1434.967473][ T8881] ? assign_work+0x3d2/0x5d0 [ 1434.972170][ T8881] worker_thread+0xa55/0xfc0 [ 1434.976859][ T8881] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1434.982791][ T8881] ? _raw_spin_unlock+0x40/0x40 [ 1434.987828][ T8881] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 1434.993843][ T8881] kthread+0x2fa/0x390 [ 1434.997938][ T8881] ? pr_cont_work+0x560/0x560 [ 1435.002718][ T8881] ? kthread_blkcg+0xd0/0xd0 [ 1435.007340][ T8881] ret_from_fork+0x48/0x80 [ 1435.011767][ T8881] ? kthread_blkcg+0xd0/0xd0 [ 1435.016367][ T8881] ret_from_fork_asm+0x11/0x20 [ 1435.021247][ T8881] [ 1435.024885][ T8881] Kernel Offset: disabled [ 1435.029266][ T8881] Rebooting in 86400 seconds..