last executing test programs:

10.49635054s ago: executing program 0 (id=2307):
r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={0x0}, 0x18)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r2, 0x40047440, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r3, 0x29, 0x4a, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES64=r0, @ANYBLOB="01a9b0460cf06b2f", @ANYRES32, @ANYRES32=r6, @ANYRESHEX=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20)
close(r5)
r7 = getpid()
syz_open_procfs$namespace(r7, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))

9.738844526s ago: executing program 0 (id=2311):
perf_event_open(&(0x7f0000000500)={0x3, 0x80, 0x28, 0x1, 0x20, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x13, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c250000000000202020630af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000000800000018010000202070250000000000202020dd1af5ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080), 0xc)
close(r0)
r1 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r1, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x8, &(0x7f0000001d00)=ANY=[@ANYBLOB="1400000000000000010000002500000002010000000000004800000000000000080000000797dbc64107b42c556567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799ef4dca1e3c32158996e4b2abde5f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d65108006e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469deb0d81d7adee2ef7c2f058c2c262b97ecbfb32fe3e3ffcdf7b5c24d0ab0a7ae9e6be6c115c5663dd864d655a7babdcf8315dc29b6f18539abf1422502d7d53ce861d8a07dbb00c5a94e0186689f988628a0986d8f0419924348a32be8950099b4718e6109b9eed9e5b3e8ff86d22cf39479b26cc3e977df19f757432bf055090461", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b1db7295614e2a4f8711ec37ae999180cb5bbb9c5382120076e117539d423a2ec0f468db35960831f5f883472327697495b8e8ba8e2f3defbe93e1fc733b06dfc74890a3f63b154e9681d69cdd9894c914ee45c286462888ff84e401a6d8895ffda88a171b7359f815d7b6f7562fba1bbff4cba08f7a3f582d7c604013317281c5e9a8e88b66a4717b3c318f85aecbe8b5f3485f8d31bf5a57b9dd53b382ec017a33d1fabe09daf76b3b0"], 0x6b}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x19, 0x0, 0xfcd8)

9.293738471s ago: executing program 0 (id=2314):
r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1000c1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd6c}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={0x0}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r4, 0x40047440, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r5 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r5, 0x29, 0x4a, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r6)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES64=r0, @ANYBLOB="01a9b0460cf06b2f", @ANYRES32=r2, @ANYRES32=r8, @ANYRESHEX=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
close(r7)
r9 = getpid()
syz_open_procfs$namespace(r9, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))

8.712694231s ago: executing program 0 (id=2317):
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200008a0000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa10000000000000701000004ffffffb702000008000000b70300000002000085000000060000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000520e0000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x19, 0x0, &(0x7f0000000080)="00020000009dc92091000000000b7f7e4ad03e0c28dd22b400", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b16f8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006c0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)

8.337665204s ago: executing program 0 (id=2319):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socket$kcm(0x11, 0x3, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f00000000c0), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r2, <r3=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x24}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000900)=@bpf_lsm={0x1d, 0x19, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x92}, [@exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000}}]}, &(0x7f0000000040)='syzkaller\x00', 0xd53a, 0x66, &(0x7f0000000400)=""/102, 0x0, 0x12, '\x00', 0x0, 0x1b, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x0, 0x2, 0x7fffffff, 0x1}, 0x10, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000580)=[r3, r1, r1, r1, r4, r1], &(0x7f0000000880)=[{0x4, 0x2, 0x6, 0x6}, {0x2, 0x5, 0x1}, {0x4, 0x4, 0x7}, {0x3, 0x2, 0x10, 0xa}, {0x5, 0x5, 0xe, 0x3}], 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb)

7.819268222s ago: executing program 0 (id=2324):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socket$kcm(0x11, 0x3, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f00000000c0), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r2, <r3=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x24}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000900)=@bpf_lsm={0x1d, 0x19, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x92}, [@exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000}}]}, &(0x7f0000000040)='syzkaller\x00', 0xd53a, 0x66, &(0x7f0000000400)=""/102, 0x0, 0x12, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f0000000140)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000580)=[r3, r1, r1, r1, r4, r1], &(0x7f0000000880)=[{0x4, 0x2, 0x6, 0x6}, {0x2, 0x5, 0x1}, {0x4, 0x4, 0x7}, {0x3, 0x2, 0x10, 0xa}, {0x5, 0x5, 0xe, 0x3}], 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb)

3.938851355s ago: executing program 3 (id=2343):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0a00000004000000060000000700000018040000", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ff"], 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f0006", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000540)={&(0x7f00000001c0)=@rc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/12, 0xc}, {&(0x7f0000000280)=""/21, 0x15}, {&(0x7f00000002c0)=""/225, 0xe1}, {&(0x7f0000000480)=""/156, 0x9c}, {&(0x7f00000005c0)=""/149, 0x95}], 0x5, &(0x7f0000000680)=""/178, 0xb2}, 0x40000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b9040a", 0x11}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1303000076"], 0xfe33)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
sendmsg$sock(r0, &(0x7f0000000ac0)={&(0x7f0000000740)=@ieee802154={0x24, @short={0x2, 0x3, 0xaaa3}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000007c0)="d9b0914c40d3bd4f2d0e15cb30bcac06d84fbecdee98617040b1d4fd68740df45a61a24e6f0fa97642f49d731639a88e936d9ada04228fbbc6d02919720dfcb55d449ea612ede3938810184ce9e2640b2867fc5cddaee7482a4707180a363e7fe04e358ff4c63ccdb3b36b9dfdeb0af133077f1330694fcb081f4bc66722060dc5f0911b00a134f69eda57ebe843973c1c24111d8c7d3fa23300d3ffe30cc278fcbba62649f2432381c08b751207d883ee301afbebdd5a14", 0xb8}, {&(0x7f0000000880)="d90e739c07c266897dd34f6385ad566cfb6d52f58989e9d24d15f1ff993e0b57470188f856cae36db8dc4a8a7cd2d2ae63c79262e78311b1a4fe2aa7c86c", 0x3e}, {&(0x7f00000008c0)="7fc4a01f2fbb49bb55db64547b0c8c480cb0cb777847b0a3b26e1227efdff933b894dac17e37c73e0291055f4c71c9a0445af1d1052d312cfd6b5a34ad0f8c428bc3d5da05473066673916d06cf389747818174cc1da61cfbdb98f0132d94d939e310ccbe4f3fb86c991206c33da742b0e8d7e6c985d0c746476529359a9ab988d8599e3ec9ac0b999053e893aefce0f92facdc719df8fa7ac5a38d610704ed4fe98f52df0bf2ab2b0cee9764d5bd26cf843f43e6ae275ae02bae980404803a246ce4bb7e021b51c0f218996a125d8f847356b29", 0xd4}], 0x3, &(0x7f0000000a00)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x90}, 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0xa, 0x5, 0x0)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, 0xffffffffffffffff)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @private0={0x76}, 0x2}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000000)="bb", 0x1}], 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="20000000000000008400f6ff070000003d3152a6773eb7d092000000000000002000000000000000840000000800000076"], 0x40}, 0x20004000)

3.849588668s ago: executing program 2 (id=2344):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r3, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r4, 0x107, 0xd, &(0x7f00000000c0), 0x4f)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xf, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000b7050000080000"], &(0x7f0000000640)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x8b9a277110de2820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26, 0x0, 0x1, 0xfffffffa}, 0x28)
unlink(&(0x7f0000000080)='./cgroup/cgroup.procs\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0800000004000000040000000800000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\b\x00'/13], 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0x8101000000000002}, 0x5, 0x0, 0xfffffffe, 0x0, 0x4, 0xfffffffd, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8cffffffffffffff}, 0x3b35}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x20, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x2, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$kcm(0x2b, 0x1, 0x0)
r7 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES16=r7], 0x20)
r8 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0)

3.830485568s ago: executing program 1 (id=2345):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c00)=@bpf_lsm={0x1d, 0xa, &(0x7f0000000900)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xf4}, [@ldst={0x0, 0x1, 0x4, 0x7, 0x0, 0x6, 0x1}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x800002}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x9}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xffffffff}]}, &(0x7f0000000a00)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000b80)=[r0, r0, r1, r1, r1, r0, r1, r1, r0], &(0x7f0000000bc0)=[{0x2, 0x1, 0x1, 0xa}], 0x10, 0xe00}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b000000006488695e000000000000000000000093a46b67bcc47b325f90768d2dc09034ceb4b50b8ec0141c5665c6fb89e26dc0b916c617f7d677600009e691c23de7d3b7668bd6a698e4098df5b5fb2438d9ae331a7e8f3e932758e66a360a50d6282161fcc575877af1bcc032f142d8bd1c5c3a608f83661936c1f1778d9fdc7555a302154661889444d5044b9be08f34a52fc7f7767df768aed548ace7be45861b5f820e560d0d7da0d96446d4f86c3de1465e4644", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@fallback=r3, 0x0, 0x1, 0xc, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300), <r4=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r3, @ANYRES32, @ANYBLOB="1e000100110000001031bc22486b1ea92c3c4b1d6e576e016ba671b0b56f7909af41b4f308e0c329a5b50d7626a3284674dca5af69874b12cfa92bc819", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES64=r4], 0x20)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000cc0)={@fallback=r0, r0, 0x1b, 0x8, r2, @void, @value=r1, @void, @void, r4}, 0x20)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@o_path={&(0x7f0000000200)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000002c0)=@generic={&(0x7f00000001c0)='./file0\x00', r5}, 0x18)
perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$kcm(0x2, 0x3, 0x106)
ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x8935, &(0x7f0000000040)={r6})

3.19790678s ago: executing program 1 (id=2346):
r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1000c1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd6c}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={0x0}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r4, 0x40047440, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r5 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r5, 0x29, 0x4a, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r6)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES64=r0, @ANYBLOB="01a9b0460cf06b2f", @ANYRES32=r2, @ANYRES32=r8, @ANYRESHEX=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
close(r7)
r9 = getpid()
syz_open_procfs$namespace(r9, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))

2.936014069s ago: executing program 3 (id=2347):
r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={0x0}, 0x18)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r2, 0x40047440, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r3, 0x29, 0x4a, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES64=r0, @ANYBLOB="01a9b0460cf06b2f", @ANYRES32, @ANYRES32=r6, @ANYRESHEX=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20)
close(r5)
r7 = getpid()
syz_open_procfs$namespace(r7, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))

2.797831634s ago: executing program 2 (id=2348):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff88fbffff4000638877fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001140)={0x6, 0x22, &(0x7f0000000e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xc}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x745}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}, @map_fd={0x18, 0x7, 0x1, 0x0, r1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000fc0)='GPL\x00', 0x6, 0xbd, &(0x7f0000001000)=""/189, 0x40f00, 0x21, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000010c0)={0x0, 0x8, 0x0, 0x8}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000001100)=[{0x3, 0x5, 0x10, 0x7}, {0x0, 0x3, 0x0, 0x6}], 0x10, 0x8}, 0x94)
r2 = socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001380))
setsockopt$sock_attach_bpf(r2, 0x6, 0x1b, &(0x7f0000000100), 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001340)={r1, 0x58, &(0x7f0000001240)}, 0x10)

2.469945205s ago: executing program 1 (id=2349):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x60}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa06"], 0xfdef)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
write$cgroup_int(r1, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r1, 0x0, 0xfffffffffffffffe}, 0x10)
write$cgroup_int(r1, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="2f709d325901657665b9a62eebc61a846fedea6e7420bda69f52184e4bf97fa2a1d1697f6d7f48a5e7e04ba60203d021eab7f6317e8fc47b7dade04812e8c819228f012247d210c43819f3cd"], 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x29}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x28, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x88, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000340)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.469650935s ago: executing program 2 (id=2350):
r0 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000800000004000000bb7f1a004d00feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000400)="d800000019008111e00212ba0d8105040a610200ff0f040b067c55a1bc000900b800069903000000b0000500fe808178a8001500030001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5e", 0x6c}], 0x1}, 0x0)

2.000709041s ago: executing program 3 (id=2351):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x1, 0x2b4}, 0x0, 0x10000, 0x0, 0x0, 0x8, 0x20005, 0x2, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, <r1=>0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x14, 0x23, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfe}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4020940d, &(0x7f00000005c0)=0x81000400000004)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001300), 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000013c0)={{0x1}, &(0x7f0000001340), &(0x7f0000001380)='%-010d \x00'}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b0000000500000000040000090000"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0xa, 0x13, &(0x7f00000011c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@btf_id={0x18, 0xb, 0x3, 0x0, 0x5}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffe}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000001140)='syzkaller\x00', 0x2, 0x1e, &(0x7f0000001280)=""/30, 0x41100, 0x10, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, &(0x7f0000001400), 0x0, 0x10, 0x4}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000014c0)}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, &(0x7f0000001080)=[{0x0}], 0x1, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}], 0x18}, 0xff00)
mkdir(0x0, 0x5a)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000001100), 0x9)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x300440c4)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x541b, &(0x7f00000000c0))

1.756706349s ago: executing program 1 (id=2352):
perf_event_open(0x0, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000006c0), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={r1, r0}, 0x4)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x4, @perf_bp={0x0, 0x3}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x1000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r2, 0x0)
socketpair(0x28, 0x2, 0x28, &(0x7f0000001400))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth0_vlan\x00', 0x400})
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1003}, 0x38)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x8, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x5, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x40002009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)

1.358308553s ago: executing program 3 (id=2353):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f00000004c0)}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffdef)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8)
ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000240)=r1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0), 0x1}, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x69, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x1, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x1, 0xfffe, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x4904100, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x29, 0x21, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000040)={<r5=>r3})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000080)={r5})
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = socket$kcm(0x10, 0x2, 0x0)
openat$cgroup_netprio_ifpriomap(r6, &(0x7f0000000100), 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{0x0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0xfd, 0x0, 0x3, 0x0, 0x0, 0x0, 0xc000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x3fa}, 0x0, 0xc8, 0x0, 0x7, 0x0, 0x0, 0x770a}, 0x0, 0x8000000000000000, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000009c0))
r8 = socket$kcm(0xa, 0x2, 0x3a)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$kcm(r8, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x38}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1000000000000230, 0x0, 0x0, 0x900}, 0x0)

1.320519804s ago: executing program 2 (id=2354):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0a00000004000000060000000700000018040000", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ff"], 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f0006", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000540)={&(0x7f00000001c0)=@rc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/12, 0xc}, {&(0x7f0000000280)=""/21, 0x15}, {&(0x7f00000002c0)=""/225, 0xe1}, {&(0x7f0000000480)=""/156, 0x9c}, {&(0x7f00000005c0)=""/149, 0x95}], 0x5, &(0x7f0000000680)=""/178, 0xb2}, 0x40000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b9040a", 0x11}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1303000076"], 0xfe33)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
sendmsg$sock(r0, &(0x7f0000000ac0)={&(0x7f0000000740)=@ieee802154={0x24, @short={0x2, 0x3, 0xaaa3}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000007c0)="d9b0914c40d3bd4f2d0e15cb30bcac06d84fbecdee98617040b1d4fd68740df45a61a24e6f0fa97642f49d731639a88e936d9ada04228fbbc6d02919720dfcb55d449ea612ede3938810184ce9e2640b2867fc5cddaee7482a4707180a363e7fe04e358ff4c63ccdb3b36b9dfdeb0af133077f1330694fcb081f4bc66722060dc5f0911b00a134f69eda57ebe843973c1c24111d8c7d3fa23300d3ffe30cc278fcbba62649f2432381c08b751207d883ee301afbebdd5a14", 0xb8}, {&(0x7f0000000880)="d90e739c07c266897dd34f6385ad566cfb6d52f58989e9d24d15f1ff993e0b57470188f856cae36db8dc4a8a7cd2d2ae63c79262e78311b1a4fe2aa7c86c", 0x3e}, {&(0x7f00000008c0)="7fc4a01f2fbb49bb55db64547b0c8c480cb0cb777847b0a3b26e1227efdff933b894dac17e37c73e0291055f4c71c9a0445af1d1052d312cfd6b5a34ad0f8c428bc3d5da05473066673916d06cf389747818174cc1da61cfbdb98f0132d94d939e310ccbe4f3fb86c991206c33da742b0e8d7e6c985d0c746476529359a9ab988d8599e3ec9ac0b999053e893aefce0f92facdc719df8fa7ac5a38d610704ed4fe98f52df0bf2ab2b0cee9764d5bd26cf843f43e6ae275ae02bae980404803a246ce4bb7e021b51c0f218996a125d8f847356b29", 0xd4}], 0x3, &(0x7f0000000a00)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x90}, 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0xa, 0x5, 0x0)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, 0xffffffffffffffff)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @private0={0x76}, 0x2}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000000)="bb", 0x1}], 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="20000000000000008400f6ff070000003d3152a6773eb7d092000000000000002000000000000000840000000800000076"], 0x40}, 0x20004000)

1.15052857s ago: executing program 1 (id=2355):
socket$kcm(0xa, 0x3, 0x106)
socket$kcm(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="187000000000000000000000230000999e0565919e729b00950000000000000019031efda58a34f24d64807db734e1a0278599d63674075b4272fe"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
socket$kcm(0x11, 0x200000000000002, 0x300)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r1 = perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x101244, 0x0, 0x0, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x0, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x400200000000003e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b11d25a806c8c6f94f90424fc601000407a0a000600053582c137153e37000c11802f2ff4070300", 0x33fe0}], 0x1, 0x0, 0x0, 0x35}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x7, 0x0)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f0000000200), 0x1}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={0xffffffffffffffff, 0x0}, 0x20)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="130300007800911fdabcf8b3077fa5"], 0xfe33)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0xc)
perf_event_open(0x0, 0xffffffffffffffff, 0x5, r1, 0x3)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000"], 0x50)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89a0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89a1, &(0x7f0000000080))

713.657495ms ago: executing program 3 (id=2356):
r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1000c1, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd6c}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r2)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={0x0}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r4, 0x40047440, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r5 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r5, 0x29, 0x4a, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r6)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES64=r0, @ANYBLOB="01a9b0460cf06b2f", @ANYRES32=r2, @ANYRES32=r8, @ANYRESHEX=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
close(r7)
r9 = getpid()
syz_open_procfs$namespace(r9, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))

282.67236ms ago: executing program 2 (id=2357):
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) (async)
ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000040)) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'gre0\x00', @remote}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x4a}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0) (async)
sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x702, 0xe, 0x0, &(0x7f0000000580)="e460334470d8d400eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000001440)=ANY=[@ANYRESOCT], 0x31)

234.885102ms ago: executing program 1 (id=2358):
r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(0xffffffffffffffff)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={0x0}, 0x18)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110c230000)
ioctl$TUNSETOFFLOAD(r2, 0x40047440, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_attach_bpf(r3, 0x29, 0x4a, 0x0, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES64=r0, @ANYBLOB="01a9b0460cf06b2f", @ANYRES32, @ANYRES32=r6, @ANYRESHEX=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20)
close(r5)
r7 = getpid()
syz_open_procfs$namespace(r7, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))

113.352006ms ago: executing program 3 (id=2359):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socket$kcm(0x11, 0x3, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f00000000c0), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r2, <r3=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x24}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000900)=@bpf_lsm={0x1d, 0x19, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x92}, [@exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000}}]}, &(0x7f0000000040)='syzkaller\x00', 0xd53a, 0x66, &(0x7f0000000400)=""/102, 0x0, 0x12, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f0000000140)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000580)=[r3, r1, r1, r1, r4, r1], &(0x7f0000000880)=[{0x4, 0x2, 0x6, 0x6}, {0x2, 0x5, 0x1}, {0x4, 0x4, 0x7}, {0x3, 0x2, 0x10, 0xa}, {0x5, 0x5, 0xe, 0x3}], 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb)

0s ago: executing program 2 (id=2360):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x1, 0x2b4}, 0x0, 0x10000, 0x0, 0x0, 0x8, 0x20005, 0x2, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, <r1=>0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x14, 0x23, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfe}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4020940d, &(0x7f00000005c0)=0x81000400000004)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001300), 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000013c0)={{0x1}, &(0x7f0000001340), &(0x7f0000001380)='%-010d \x00'}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b0000000500000000040000090000"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0xa, 0x13, &(0x7f00000011c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@btf_id={0x18, 0xb, 0x3, 0x0, 0x5}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffe}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000001140)='syzkaller\x00', 0x2, 0x1e, &(0x7f0000001280)=""/30, 0x41100, 0x10, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, &(0x7f0000001400), 0x0, 0x10, 0x4}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000014c0)}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, &(0x7f0000001080)=[{0x0}], 0x1, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}], 0x18}, 0xff00)
mkdir(0x0, 0x5a)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000001100), 0x9)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x300440c4)
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x541b, &(0x7f00000000c0))

kernel console output (not intermixed with test programs):

62][ T8677]  dump_stack_lvl+0x18c/0x250
[  277.310296][ T8677]  ? show_regs_print_info+0x20/0x20
[  277.315640][ T8677]  ? load_image+0x400/0x400
[  277.320287][ T8677]  ? __lock_acquire+0x7d40/0x7d40
[  277.325373][ T8677]  should_fail_ex+0x39d/0x4d0
[  277.330104][ T8677]  should_failslab+0x9/0x20
[  277.334714][ T8677]  slab_pre_alloc_hook+0x59/0x310
[  277.339894][ T8677]  ? __lock_acquire+0x7d40/0x7d40
[  277.345399][ T8677]  ? mark_lock+0x94/0x320
[  277.349806][ T8677]  ? fib_create_info+0xa61/0x2460
[  277.355655][ T8677]  ? fib_create_info+0xa61/0x2460
[  277.360720][ T8677]  __kmem_cache_alloc_node+0x53/0x250
[  277.366174][ T8677]  ? fib_create_info+0xa61/0x2460
[  277.371330][ T8677]  __kmalloc+0xa4/0x230
[  277.375529][ T8677]  fib_create_info+0xa61/0x2460
[  277.380424][ T8677]  ? _raw_spin_unlock+0x40/0x40
[  277.385317][ T8677]  ? pcpu_alloc+0x11db/0x1860
[  277.390033][ T8677]  fib_table_insert+0xc6/0x1b20
[  277.394925][ T8677]  ? fib_trie_table+0x138/0x1c0
[  277.399802][ T8677]  ? fib_new_table+0x27f/0x2d0
[  277.404593][ T8677]  inet_rtm_newroute+0x14b/0x240
[  277.409557][ T8677]  ? rcu_read_unlock+0xa0/0xa0
[  277.414427][ T8677]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  277.419640][ T8677]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  277.424776][ T8677]  ? rcu_read_unlock+0xa0/0xa0
[  277.429641][ T8677]  rtnetlink_rcv_msg+0x869/0xfa0
[  277.434779][ T8677]  ? lockdep_hardirqs_on+0x98/0x150
[  277.440015][ T8677]  ? rtnetlink_bind+0x80/0x80
[  277.445162][ T8677]  ? perf_trace_preemptirq_template+0xac/0x330
[  277.451398][ T8677]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  277.457404][ T8677]  ? lock_chain_count+0x20/0x20
[  277.462442][ T8677]  ? __local_bh_enable_ip+0x13a/0x1c0
[  277.468844][ T8677]  ? lockdep_hardirqs_on+0x98/0x150
[  277.474074][ T8677]  ? __local_bh_enable_ip+0x13a/0x1c0
[  277.479509][ T8677]  ? _local_bh_enable+0xa0/0xa0
[  277.484504][ T8677]  ? __dev_queue_xmit+0x265/0x3660
[  277.489810][ T8677]  ? __dev_queue_xmit+0x265/0x3660
[  277.495029][ T8677]  ? __dev_queue_xmit+0x1b2c/0x3660
[  277.500423][ T8677]  ? __dev_queue_xmit+0x265/0x3660
[  277.505635][ T8677]  ? ref_tracker_free+0x690/0x840
[  277.510711][ T8677]  netlink_rcv_skb+0x241/0x4d0
[  277.515524][ T8677]  ? rtnetlink_bind+0x80/0x80
[  277.520218][ T8677]  ? netlink_ack+0x1180/0x1180
[  277.525010][ T8677]  ? __lock_acquire+0x7d40/0x7d40
[  277.530057][ T8677]  ? netlink_deliver_tap+0x2e/0x1b0
[  277.535457][ T8677]  netlink_unicast+0x751/0x8d0
[  277.540271][ T8677]  netlink_sendmsg+0x8d0/0xbf0
[  277.545141][ T8677]  ? netlink_getsockopt+0x590/0x590
[  277.550363][ T8677]  ? aa_sock_msg_perm+0x94/0x150
[  277.555314][ T8677]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  277.560702][ T8677]  ? security_socket_sendmsg+0x80/0xa0
[  277.566353][ T8677]  ? netlink_getsockopt+0x590/0x590
[  277.571828][ T8677]  ____sys_sendmsg+0x5ba/0x960
[  277.576619][ T8677]  ? __asan_memset+0x22/0x40
[  277.581221][ T8677]  ? __sys_sendmsg_sock+0x30/0x30
[  277.586339][ T8677]  ? __import_iovec+0x5f2/0x850
[  277.591211][ T8677]  ? import_iovec+0x73/0xa0
[  277.595898][ T8677]  ___sys_sendmsg+0x2a6/0x360
[  277.600672][ T8677]  ? get_pid_task+0x20/0x1e0
[  277.605279][ T8677]  ? __sys_sendmsg+0x2a0/0x2a0
[  277.610066][ T8677]  ? __lock_acquire+0x7d40/0x7d40
[  277.615395][ T8677]  __se_sys_sendmsg+0x1c2/0x2b0
[  277.620269][ T8677]  ? __x64_sys_sendmsg+0x80/0x80
[  277.625226][ T8677]  ? lockdep_hardirqs_on+0x98/0x150
[  277.630441][ T8677]  do_syscall_64+0x55/0xa0
[  277.634880][ T8677]  ? clear_bhb_loop+0x40/0x90
[  277.639578][ T8677]  ? clear_bhb_loop+0x40/0x90
[  277.644268][ T8677]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  277.650175][ T8677] RIP: 0033:0x7f13e0b9c819
[  277.654600][ T8677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  277.674589][ T8677] RSP: 002b:00007f13e1a34028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.683121][ T8677] RAX: ffffffffffffffda RBX: 00007f13e0e15fa0 RCX: 00007f13e0b9c819
[  277.691296][ T8677] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  277.699299][ T8677] RBP: 00007f13e1a34090 R08: 0000000000000000 R09: 0000000000000000
[  277.707305][ T8677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.715307][ T8677] R13: 00007f13e0e16038 R14: 00007f13e0e15fa0 R15: 00007ffca0398ab8
[  277.723314][ T8677]  </TASK>
[  277.777940][ T5783] Bluetooth: hci3: ISO packet for unknown connection handle 12
[  278.090395][ T8682] netlink: 'syz.0.883': attribute type 21 has an invalid length.
[  278.137810][ T8682] netlink: 132 bytes leftover after parsing attributes in process `syz.0.883'.
[  278.707878][ T5783] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  278.718016][ T5783] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  280.114865][ T8727] IPv6: Can't replace route, no match found
[  280.162404][ T8734] netlink: 'syz.0.897': attribute type 21 has an invalid length.
[  280.182059][ T8734] netlink: 132 bytes leftover after parsing attributes in process `syz.0.897'.
[  280.514061][ T8738] macvlan1: entered promiscuous mode
[  280.555796][ T8738] macvlan1: entered allmulticast mode
[  280.561237][ T8738] veth1_vlan: entered allmulticast mode
[  280.728725][ T5783] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  280.737960][ T5783] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  281.004833][ T8750] syzkaller0: entered promiscuous mode
[  281.022612][ T8750] syzkaller0: entered allmulticast mode
[  281.154133][ T8750] netlink: 'syz.3.902': attribute type 10 has an invalid length.
[  283.655928][ T8770] netlink: 'syz.0.909': attribute type 10 has an invalid length.
[  283.664174][ T8770] netlink: 55 bytes leftover after parsing attributes in process `syz.0.909'.
[  283.868853][ T8777] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.910'.
[  283.906509][ T8770] veth1_vlan (unregistering): left allmulticast mode
[  284.041361][ T8768] netlink: 'syz.2.908': attribute type 21 has an invalid length.
[  284.051294][ T8768] netlink: 132 bytes leftover after parsing attributes in process `syz.2.908'.
[  284.405510][ T5783] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  284.430232][ T5783] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  284.881946][ T8796] netlink: 132 bytes leftover after parsing attributes in process `syz.0.915'.
[  284.892644][ T8799] netlink: 'syz.0.915': attribute type 1 has an invalid length.
[  284.909736][ T8799] netlink: 'syz.0.915': attribute type 4 has an invalid length.
[  284.917917][ T8799] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.915'.
[  285.036605][ T8806] netlink: 'syz.2.918': attribute type 21 has an invalid length.
[  285.082813][ T8806] netlink: 164 bytes leftover after parsing attributes in process `syz.2.918'.
[  285.681898][ T8816] netlink: 'syz.2.920': attribute type 21 has an invalid length.
[  285.693739][ T8816] netlink: 132 bytes leftover after parsing attributes in process `syz.2.920'.
[  286.367689][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  286.375911][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  287.582922][ T8849] netlink: 'syz.3.928': attribute type 21 has an invalid length.
[  287.644436][ T8849] netlink: 164 bytes leftover after parsing attributes in process `syz.3.928'.
[  287.965210][ T8857] netlink: 60 bytes leftover after parsing attributes in process `syz.2.931'.
[  287.982977][ T8857] netlink: 60 bytes leftover after parsing attributes in process `syz.2.931'.
[  288.983496][ T5085] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  288.991352][ T5085] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  289.790042][ T8881] netlink: 'syz.2.937': attribute type 21 has an invalid length.
[  290.182943][ T8881] __nla_validate_parse: 2 callbacks suppressed
[  290.182966][ T8881] netlink: 132 bytes leftover after parsing attributes in process `syz.2.937'.
[  291.986918][ T8888] syzkaller0: entered promiscuous mode
[  291.992655][ T8888] syzkaller0: entered allmulticast mode
[  292.545786][ T8901] netlink: 60 bytes leftover after parsing attributes in process `syz.0.941'.
[  294.223283][ T8897] netlink: 'syz.3.942': attribute type 5 has an invalid length.
[  294.231988][ T8901] netlink: 60 bytes leftover after parsing attributes in process `syz.0.941'.
[  294.600443][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  294.608379][ T5783] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  294.764788][ T8912] netlink: 'syz.1.944': attribute type 21 has an invalid length.
[  294.797796][ T8912] netlink: 132 bytes leftover after parsing attributes in process `syz.1.944'.
[  296.025428][ T8940] syzkaller0: entered promiscuous mode
[  296.031076][ T8940] syzkaller0: entered allmulticast mode
[  299.132116][ T8947] netlink: 'syz.0.954': attribute type 4 has an invalid length.
[  299.405033][ T8962] netlink: 'syz.1.957': attribute type 21 has an invalid length.
[  299.484589][ T8962] netlink: 132 bytes leftover after parsing attributes in process `syz.1.957'.
[  299.587678][ T5783] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  299.595936][ T5783] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  300.501111][ T8987] syzkaller0: entered promiscuous mode
[  300.511179][ T8987] syzkaller0: entered allmulticast mode
[  301.011695][ T8997] netlink: 'syz.1.968': attribute type 21 has an invalid length.
[  301.028139][ T8997] netlink: 132 bytes leftover after parsing attributes in process `syz.1.968'.
[  301.315707][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  301.323993][ T5783] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  302.992010][ T9001] netlink: 'syz.1.969': attribute type 21 has an invalid length.
[  303.000161][ T9001] netlink: 132 bytes leftover after parsing attributes in process `syz.1.969'.
[  304.159923][ T9028] netlink: 'syz.1.977': attribute type 21 has an invalid length.
[  304.168292][ T9028] netlink: 132 bytes leftover after parsing attributes in process `syz.1.977'.
[  304.322411][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  304.334229][ T5783] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  304.573503][ T9035] netlink: 'syz.3.980': attribute type 21 has an invalid length.
[  304.602891][ T9035] netlink: 132 bytes leftover after parsing attributes in process `syz.3.980'.
[  306.834735][ T9047] syzkaller0: entered promiscuous mode
[  306.840510][ T9047] syzkaller0: entered allmulticast mode
[  309.743404][ T9062] netlink: 132 bytes leftover after parsing attributes in process `syz.1.984'.
[  309.753522][ T9068] netlink: 'syz.2.986': attribute type 21 has an invalid length.
[  309.761887][ T9068] netlink: 132 bytes leftover after parsing attributes in process `syz.2.986'.
[  309.987572][ T5783] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  309.995130][ T5783] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  310.399271][ T9080] netlink: 'syz.3.990': attribute type 21 has an invalid length.
[  310.418847][ T9080] netlink: 132 bytes leftover after parsing attributes in process `syz.3.990'.
[  311.250950][ T9091] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.994'.
[  314.806453][ T9103] pim6reg1: entered promiscuous mode
[  314.812418][ T9103] pim6reg1: entered allmulticast mode
[  314.977839][ T5783] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  314.985312][ T5783] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  315.044826][ T9107] syzkaller0: entered promiscuous mode
[  315.085580][ T9107] syzkaller0: entered allmulticast mode
[  317.462566][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  317.470327][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  317.568341][ T9116] netlink: 'syz.3.996': attribute type 21 has an invalid length.
[  317.576470][ T9116] netlink: 132 bytes leftover after parsing attributes in process `syz.3.996'.
[  317.843340][ T9119] netlink: 'syz.3.1001': attribute type 21 has an invalid length.
[  317.860324][ T9119] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1001'.
[  317.889537][ T9121] netlink: 'syz.0.1008': attribute type 21 has an invalid length.
[  317.920397][ T9121] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1008'.
[  322.560162][ T9158] syzkaller0: entered promiscuous mode
[  322.574046][ T9158] syzkaller0: entered allmulticast mode
[  322.763211][ T9170] netlink: 'syz.1.1012': attribute type 21 has an invalid length.
[  322.802329][ T9170] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1012'.
[  325.030982][ T9176] bridge_slave_1: left allmulticast mode
[  325.036890][ T9176] bridge_slave_1: left promiscuous mode
[  325.042738][ T9176] bridge0: port 2(bridge_slave_1) entered disabled state
[  325.052116][ T9176] bridge_slave_0: left allmulticast mode
[  325.064992][ T9176] bridge_slave_0: left promiscuous mode
[  325.072250][ T9176] bridge0: port 1(bridge_slave_0) entered disabled state
[  325.221995][ T9180] netlink: 'syz.3.1014': attribute type 20 has an invalid length.
[  325.461407][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  325.469272][ T5783] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  326.276802][ T9206] netlink: 'syz.2.1023': attribute type 21 has an invalid length.
[  326.316853][ T9206] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1023'.
[  326.668744][ T9220] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1026'.
[  327.178367][ T9227] bridge_slave_1: left allmulticast mode
[  327.193549][ T9227] bridge_slave_1: left promiscuous mode
[  327.241262][ T9227] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.264477][ T9227] bridge_slave_0: left allmulticast mode
[  327.285570][ T9227] bridge_slave_0: left promiscuous mode
[  327.297103][ T5085] Bluetooth: hci3: ISO packet for unknown connection handle 2366
[  327.309445][ T9227] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.444847][ T9227] .`: (slave bridge0): Releasing backup interface
[  327.501796][ T9234] netlink: 'syz.2.1030': attribute type 20 has an invalid length.
[  327.958273][ T9252] netlink: 'syz.3.1035': attribute type 21 has an invalid length.
[  328.034213][ T9252] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1035'.
[  328.135787][ T9248] netlink: 'syz.1.1038': attribute type 21 has an invalid length.
[  328.170572][ T9248] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1038'.
[  328.363178][ T9256] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1040'.
[  328.556162][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  328.563745][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  329.001512][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  329.015509][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  329.065604][ T9274] netlink: 'syz.0.1046': attribute type 20 has an invalid length.
[  329.506382][ T9282] netlink: 'syz.1.1050': attribute type 21 has an invalid length.
[  329.514335][ T9282] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1050'.
[  329.607499][ T9280] netlink: 'syz.0.1049': attribute type 21 has an invalid length.
[  329.626608][ T9280] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1049'.
[  330.150826][ T9295] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1056'.
[  330.421737][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  330.429457][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  330.620791][ T9310] netlink: 'syz.0.1060': attribute type 8 has an invalid length.
[  330.637158][ T9307] netlink: 'syz.3.1062': attribute type 21 has an invalid length.
[  330.646891][ T9310] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1060'.
[  330.668286][ T9307] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1062'.
[  331.799400][ T9341] netlink: 'syz.2.1073': attribute type 21 has an invalid length.
[  331.822482][ T9341] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1073'.
[  332.245539][ T5085] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  332.253111][ T5085] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  332.859113][ T9360] netlink: 'syz.1.1075': attribute type 21 has an invalid length.
[  332.897793][ T9360] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1075'.
[  333.968481][ T9374] netlink: 'syz.3.1081': attribute type 46 has an invalid length.
[  334.460840][ T9384] netlink: 'syz.3.1084': attribute type 21 has an invalid length.
[  334.489554][ T9384] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1084'.
[  334.852788][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  334.860533][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  334.991775][ T9397] netlink: 'syz.3.1088': attribute type 21 has an invalid length.
[  335.055634][ T9397] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1088'.
[  336.117261][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  336.124888][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  336.332869][ T9421] netlink: 'syz.2.1096': attribute type 21 has an invalid length.
[  336.356123][ T9421] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1096'.
[  336.719909][ T9424] netlink: 'syz.3.1100': attribute type 21 has an invalid length.
[  336.740517][ T9424] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1100'.
[  336.791848][ T5085] Bluetooth: hci0: unexpected event 0x01 length: 151 > 1
[  337.510029][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  337.531916][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  337.827961][ T9448] netlink: 'syz.3.1109': attribute type 21 has an invalid length.
[  337.843449][ T9448] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1109'.
[  338.115957][ T9455] netlink: 'syz.2.1112': attribute type 10 has an invalid length.
[  338.173503][ T9455] team0: Port device netdevsim0 added
[  338.217754][ T9459] netlink: 'syz.3.1113': attribute type 21 has an invalid length.
[  338.247949][ T9459] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1113'.
[  339.037257][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  339.044221][ T9479] netlink: 'syz.3.1116': attribute type 2 has an invalid length.
[  339.045216][ T5783] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  339.078494][ T9479] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1116'.
[  339.185732][ T9482] netlink: 'syz.3.1116': attribute type 10 has an invalid length.
[  339.237847][ T9479] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1116'.
[  339.304246][ T9482] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  339.440834][ T9479] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1116'.
[  339.878997][ T9490] netlink: 'syz.2.1121': attribute type 21 has an invalid length.
[  339.940393][ T9490] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1121'.
[  340.509259][ T9499] netlink: 'syz.1.1125': attribute type 10 has an invalid length.
[  340.653205][ T9499] team0: Device veth1_macvtap failed to register rx_handler
[  340.751625][ T9497] netlink: 'syz.0.1124': attribute type 21 has an invalid length.
[  340.811137][ T9497] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1124'.
[  341.363906][ T9519] netlink: 'syz.3.1131': attribute type 10 has an invalid length.
[  341.999926][ T9531] netlink: 'syz.3.1135': attribute type 21 has an invalid length.
[  342.010900][ T9531] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1135'.
[  344.854904][ T9544] netlink: 'syz.3.1140': attribute type 10 has an invalid length.
[  344.864119][ T9540] netlink: 'syz.1.1138': attribute type 21 has an invalid length.
[  344.877130][ T9540] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1138'.
[  344.899606][ T9548] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1141'.
[  346.899224][ T9564] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1147'.
[  348.884620][ T9569] netlink: 'syz.1.1149': attribute type 21 has an invalid length.
[  348.892928][ T9569] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1149'.
[  348.903700][ T9572] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  348.957492][ T9564] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  348.995464][ T9564] CPU: 0 PID: 9564 Comm: syz.0.1147 Not tainted syzkaller #0
[  349.003100][ T9564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  349.013474][ T9564] Call Trace:
[  349.016800][ T9564]  <TASK>
[  349.019771][ T9564]  dump_stack_lvl+0x18c/0x250
[  349.024535][ T9564]  ? show_regs_print_info+0x20/0x20
[  349.029807][ T9564]  ? load_image+0x400/0x400
[  349.034386][ T9564]  sysfs_warn_dup+0x8e/0xa0
[  349.038959][ T9564]  sysfs_do_create_link_sd+0xc0/0x110
[  349.044389][ T9564]  device_add_class_symlinks+0x1cf/0x240
[  349.050091][ T9564]  device_add+0x507/0xc20
[  349.054497][ T9564]  wiphy_register+0x1dad/0x2ae0
[  349.059426][ T9564]  ? cfg80211_event_work+0x40/0x40
[  349.064598][ T9564]  ? minstrel_ht_alloc+0x88a/0x990
[  349.069871][ T9564]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  349.075997][ T9564]  ieee80211_register_hw+0x3464/0x4250
[  349.081560][ T9564]  ? ieee80211_tasklet_handler+0x20/0x20
[  349.087292][ T9564]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  349.093342][ T9564]  ? __debug_object_init+0xec/0x450
[  349.098602][ T9564]  ? __asan_memset+0x22/0x40
[  349.103333][ T9564]  ? __hrtimer_init+0x186/0x270
[  349.108361][ T9564]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[  349.114305][ T9564]  ? mac80211_hwsim_free+0x220/0x220
[  349.119818][ T9564]  ? rcu_is_watching+0x15/0xb0
[  349.124732][ T9564]  ? kstrndup+0xbd/0x140
[  349.129132][ T9564]  hwsim_new_radio_nl+0xdc9/0x1a90
[  349.134566][ T9564]  ? __nla_validate+0x50/0x50
[  349.139310][ T9564]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  349.145975][ T9564]  ? __nla_parse+0x40/0x50
[  349.150443][ T9564]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  349.156921][ T9564]  genl_family_rcv_msg_doit+0x211/0x310
[  349.162610][ T9564]  ? end_current_label_crit_section+0x170/0x170
[  349.169101][ T9564]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  349.175065][ T9564]  ? bpf_lsm_capable+0x9/0x10
[  349.179806][ T9564]  ? security_capable+0x89/0xb0
[  349.184730][ T9564]  genl_rcv_msg+0x619/0x7a0
[  349.189293][ T9564]  ? genl_bind+0x360/0x360
[  349.193931][ T9564]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  349.200335][ T9564]  netlink_rcv_skb+0x241/0x4d0
[  349.205155][ T9564]  ? genl_bind+0x360/0x360
[  349.209781][ T9564]  ? netlink_ack+0x1180/0x1180
[  349.214783][ T9564]  ? genl_bind+0x360/0x360
[  349.219493][ T9564]  genl_rcv+0x28/0x40
[  349.223595][ T9564]  netlink_unicast+0x751/0x8d0
[  349.228409][ T9564]  netlink_sendmsg+0x8d0/0xbf0
[  349.233231][ T9564]  ? netlink_getsockopt+0x590/0x590
[  349.238637][ T9564]  ? __sanitizer_cov_trace_pc+0x8/0x60
[  349.244217][ T9564]  ? aa_sock_msg_perm+0x94/0x150
[  349.249280][ T9564]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  349.254681][ T9564]  ? security_socket_sendmsg+0x80/0xa0
[  349.260163][ T9564]  ? netlink_getsockopt+0x590/0x590
[  349.265716][ T9564]  ____sys_sendmsg+0x5ba/0x960
[  349.270539][ T9564]  ? __asan_memset+0x22/0x40
[  349.275173][ T9564]  ? __sys_sendmsg_sock+0x30/0x30
[  349.280406][ T9564]  ? __import_iovec+0x5f2/0x850
[  349.285326][ T9564]  ? import_iovec+0x73/0xa0
[  349.289866][ T9564]  ___sys_sendmsg+0x2a6/0x360
[  349.294581][ T9564]  ? __sys_sendmsg+0x2a0/0x2a0
[  349.299437][ T9564]  __se_sys_sendmsg+0x1c2/0x2b0
[  349.304344][ T9564]  ? __x64_sys_sendmsg+0x80/0x80
[  349.309345][ T9564]  ? lockdep_hardirqs_on+0x98/0x150
[  349.314686][ T9564]  do_syscall_64+0x55/0xa0
[  349.319162][ T9564]  ? clear_bhb_loop+0x40/0x90
[  349.323971][ T9564]  ? clear_bhb_loop+0x40/0x90
[  349.328694][ T9564]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  349.334710][ T9564] RIP: 0033:0x7f9eb219c819
[  349.339159][ T9564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  349.359151][ T9564] RSP: 002b:00007f9eb03f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  349.367601][ T9564] RAX: ffffffffffffffda RBX: 00007f9eb2416090 RCX: 00007f9eb219c819
[  349.375875][ T9564] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b
[  349.383874][ T9564] RBP: 00007f9eb2232c91 R08: 0000000000000000 R09: 0000000000000000
[  349.392249][ T9564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  349.400417][ T9564] R13: 00007f9eb2416128 R14: 00007f9eb2416090 R15: 00007ffe045d19a8
[  349.408605][ T9564]  </TASK>
[  349.757098][ T9592] netlink: 'syz.0.1154': attribute type 21 has an invalid length.
[  349.820585][ T9592] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1154'.
[  350.570238][ T9606] netlink: 'syz.0.1159': attribute type 21 has an invalid length.
[  350.607223][ T9606] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1159'.
[  350.742169][ T9599] netlink: 192440 bytes leftover after parsing attributes in process `syz.3.1156'.
[  350.742313][ T9599] openvswitch: netlink: Key 9 has unexpected len 3064 expected 4
[  354.342902][ T9629] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  354.595879][ T9637] netlink: 'syz.2.1165': attribute type 21 has an invalid length.
[  354.628864][ T9637] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1165'.
[  355.584208][ T9655] netlink: 'syz.3.1171': attribute type 21 has an invalid length.
[  355.615797][ T9655] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1171'.
[  355.830682][ T9660] netlink: 'syz.0.1176': attribute type 1 has an invalid length.
[  355.918722][ T9660] netlink: 'syz.0.1176': attribute type 3 has an invalid length.
[  355.963510][ T9660] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1176'.
[  357.910746][ T9662] netlink: 'syz.3.1177': attribute type 21 has an invalid length.
[  357.919360][ T9662] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1177'.
[  357.929322][ T9666] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  359.018020][ T9690] netlink: 'syz.2.1185': attribute type 21 has an invalid length.
[  359.057740][ T9690] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1185'.
[  359.142251][ T9693] netlink: 'syz.0.1187': attribute type 21 has an invalid length.
[  359.187010][ T9693] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1187'.
[  361.988520][ T9712] netlink: 'syz.0.1192': attribute type 10 has an invalid length.
[  361.996571][ T9712] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1192'.
[  362.007479][ T9713] netlink: 'syz.0.1192': attribute type 10 has an invalid length.
[  362.016545][ T9713] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1192'.
[  362.025915][ T9721] wg2: entered promiscuous mode
[  362.034169][ T9721] wg2: entered allmulticast mode
[  362.043900][ T9725] netlink: 'syz.3.1196': attribute type 21 has an invalid length.
[  362.058183][ T9725] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1196'.
[  362.291677][ T9729] netlink: 'syz.0.1197': attribute type 21 has an invalid length.
[  362.315245][ T9729] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1197'.
[  363.168970][ T9757] netlink: 'syz.0.1207': attribute type 21 has an invalid length.
[  363.194642][ T9757] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1207'.
[  363.315001][ T9766] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1209'.
[  363.333839][ T9766] netlink: 6320 bytes leftover after parsing attributes in process `syz.3.1209'.
[  365.179195][ T9770] netlink: 'syz.2.1210': attribute type 21 has an invalid length.
[  365.187400][ T9770] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1210'.
[  365.201144][ T9772] netlink: 'syz.0.1211': attribute type 10 has an invalid length.
[  365.210844][ T9773] netlink: 'syz.0.1211': attribute type 10 has an invalid length.
[  365.226053][ T9773] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1211'.
[  365.588288][ T9789] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.1215'.
[  366.531737][ T9800] netlink: 'syz.2.1219': attribute type 21 has an invalid length.
[  366.548878][ T9802] netlink: 'syz.1.1220': attribute type 21 has an invalid length.
[  367.156518][ T9818] __nla_validate_parse: 2 callbacks suppressed
[  367.157200][ T9818] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1227'.
[  369.168460][ T9818] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.1227'.
[  369.178264][ T9829] netlink: 'syz.0.1231': attribute type 21 has an invalid length.
[  369.201443][ T9829] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1231'.
[  369.403845][ T9838] netlink: 'syz.1.1233': attribute type 21 has an invalid length.
[  369.455557][ T9838] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1233'.
[  370.924871][ T9868] netlink: 'syz.2.1244': attribute type 10 has an invalid length.
[  370.935946][ T9868] netlink: 'syz.2.1244': attribute type 10 has an invalid length.
[  370.945431][ T9871] netlink: 'syz.1.1242': attribute type 21 has an invalid length.
[  370.947358][ T9868] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.1244'.
[  370.960654][ T9871] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1242'.
[  370.982800][ T9868] openvswitch: netlink: Message has 4 unknown bytes.
[  373.011586][ T9881] netlink: 'syz.3.1246': attribute type 21 has an invalid length.
[  373.025486][ T9881] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1246'.
[  373.773142][ T9906] netlink: 'syz.2.1253': attribute type 21 has an invalid length.
[  373.854715][ T9907] netlink: 'syz.0.1255': attribute type 3 has an invalid length.
[  373.922677][ T9907] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1255'.
[  374.135070][ T9906] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1253'.
[  374.513077][ T9902] netlink: 'syz.3.1256': attribute type 10 has an invalid length.
[  374.535777][ T9902] netlink: 'syz.3.1256': attribute type 10 has an invalid length.
[  374.543821][ T9902] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.1256'.
[  374.591469][ T9902] openvswitch: netlink: Message has 4 unknown bytes.
[  374.828270][ T9916] netlink: 'syz.2.1257': attribute type 21 has an invalid length.
[  374.856959][ T9916] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1257'.
[  377.649296][ T9953] netlink: 'syz.3.1271': attribute type 21 has an invalid length.
[  377.675750][ T9953] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1271'.
[  378.287345][ T9951] netlink: 'syz.0.1270': attribute type 10 has an invalid length.
[  378.315906][ T9951] netlink: 'syz.0.1270': attribute type 10 has an invalid length.
[  378.346288][ T9951] netlink: 209216 bytes leftover after parsing attributes in process `syz.0.1270'.
[  378.414799][ T9951] openvswitch: netlink: Message has 4 unknown bytes.
[  378.500361][ T9965] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1276'.
[  378.887645][ T9971] netlink: 'syz.0.1278': attribute type 21 has an invalid length.
[  378.943925][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  378.944025][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  378.977016][ T9971] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1278'.
[  381.459817][ T9992] netlink: 'syz.1.1285': attribute type 21 has an invalid length.
[  381.467952][ T9992] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1285'.
[  381.860033][T10004] netlink: 'syz.0.1296': attribute type 21 has an invalid length.
[  381.939850][T10004] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1296'.
[  382.033246][T10009] netlink: 'syz.3.1290': attribute type 21 has an invalid length.
[  382.083622][T10009] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1290'.
[  382.437963][T10006] netlink: 'syz.1.1288': attribute type 10 has an invalid length.
[  382.455488][T10006] netlink: 'syz.1.1288': attribute type 10 has an invalid length.
[  382.467419][T10016] FAULT_INJECTION: forcing a failure.
[  382.467419][T10016] name failslab, interval 1, probability 0, space 0, times 0
[  382.472807][T10006] netlink: 209216 bytes leftover after parsing attributes in process `syz.1.1288'.
[  382.495086][T10016] CPU: 1 PID: 10016 Comm: syz.3.1293 Not tainted syzkaller #0
[  382.502646][T10016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  382.513117][T10016] Call Trace:
[  382.516596][T10016]  <TASK>
[  382.519595][T10016]  dump_stack_lvl+0x18c/0x250
[  382.524460][T10016]  ? show_regs_print_info+0x20/0x20
[  382.529738][T10016]  ? load_image+0x400/0x400
[  382.534468][T10016]  ? __might_sleep+0xe0/0xe0
[  382.539139][T10016]  ? __lock_acquire+0x7d40/0x7d40
[  382.544364][T10016]  should_fail_ex+0x39d/0x4d0
[  382.549241][T10016]  should_failslab+0x9/0x20
[  382.553821][T10016]  slab_pre_alloc_hook+0x59/0x310
[  382.558926][T10016]  ? __get_vm_area_node+0x125/0x370
[  382.564221][T10016]  __kmem_cache_alloc_node+0x53/0x250
[  382.569839][T10016]  ? __get_vm_area_node+0x125/0x370
[  382.575091][T10016]  kmalloc_node_trace+0x26/0xe0
[  382.580049][T10016]  __get_vm_area_node+0x125/0x370
[  382.585207][T10016]  __vmalloc_node_range+0x36e/0x1330
[  382.590574][T10016]  ? netlink_sendmsg+0x602/0xbf0
[  382.595583][T10016]  ? netlink_insert+0x109f/0x13a0
[  382.600764][T10016]  ? netlink_data_ready+0x10/0x10
[  382.605874][T10016]  ? free_vm_area+0x50/0x50
[  382.610494][T10016]  ? netlink_sendmsg+0x602/0xbf0
[  382.615590][T10016]  vmalloc+0x79/0x90
[  382.619556][T10016]  ? netlink_sendmsg+0x602/0xbf0
[  382.624567][T10016]  netlink_sendmsg+0x602/0xbf0
[  382.629591][T10016]  ? perf_trace_lock+0x304/0x3b0
[  382.634650][T10016]  ? netlink_getsockopt+0x590/0x590
[  382.639935][T10016]  ? aa_sock_msg_perm+0x94/0x150
[  382.644956][T10016]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  382.650495][T10016]  ? security_socket_sendmsg+0x80/0xa0
[  382.656017][T10016]  ? netlink_getsockopt+0x590/0x590
[  382.661297][T10016]  ____sys_sendmsg+0x5ba/0x960
[  382.666090][T10016]  ? __asan_memset+0x22/0x40
[  382.670786][T10016]  ? __sys_sendmsg_sock+0x30/0x30
[  382.675905][T10016]  ? __import_iovec+0x5f2/0x850
[  382.680924][T10016]  ? import_iovec+0x73/0xa0
[  382.685520][T10016]  ___sys_sendmsg+0x2a6/0x360
[  382.690469][T10016]  ? __sys_sendmsg+0x2a0/0x2a0
[  382.695384][T10016]  ? __lock_acquire+0x7d40/0x7d40
[  382.700592][T10016]  __se_sys_sendmsg+0x1c2/0x2b0
[  382.705530][T10016]  ? __x64_sys_sendmsg+0x80/0x80
[  382.710609][T10016]  ? lockdep_hardirqs_on+0x98/0x150
[  382.715919][T10016]  do_syscall_64+0x55/0xa0
[  382.720413][T10016]  ? clear_bhb_loop+0x40/0x90
[  382.725221][T10016]  ? clear_bhb_loop+0x40/0x90
[  382.725690][T10006] openvswitch: netlink: Message has 4 unknown bytes.
[  382.730010][T10016]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  382.730044][T10016] RIP: 0033:0x7f5fd7b9c819
[  382.747411][T10016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  382.767356][T10016] RSP: 002b:00007f5fd8b4a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  382.775870][T10016] RAX: ffffffffffffffda RBX: 00007f5fd7e15fa0 RCX: 00007f5fd7b9c819
[  382.783919][T10016] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  382.792042][T10016] RBP: 00007f5fd8b4a090 R08: 0000000000000000 R09: 0000000000000000
[  382.800433][T10016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.808547][T10016] R13: 00007f5fd7e16038 R14: 00007f5fd7e15fa0 R15: 00007ffd26751e48
[  382.816742][T10016]  </TASK>
[  382.825874][T10016] syz.3.1293: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  382.840825][T10016] CPU: 1 PID: 10016 Comm: syz.3.1293 Not tainted syzkaller #0
[  382.849311][T10016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  382.859419][T10016] Call Trace:
[  382.862820][T10016]  <TASK>
[  382.865987][T10016]  dump_stack_lvl+0x18c/0x250
[  382.870801][T10016]  ? show_regs_print_info+0x20/0x20
[  382.876220][T10016]  ? load_image+0x400/0x400
[  382.880858][T10016]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  382.887396][T10016]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  382.893944][T10016]  warn_alloc+0x246/0x340
[  382.898313][T10016]  ? __get_vm_area_node+0x125/0x370
[  382.903560][T10016]  ? zone_watermark_ok_safe+0x230/0x230
[  382.909151][T10016]  ? rcu_is_watching+0x15/0xb0
[  382.913964][T10016]  ? __get_vm_area_node+0x356/0x370
[  382.919247][T10016]  __vmalloc_node_range+0x393/0x1330
[  382.924566][T10016]  ? netlink_insert+0x109f/0x13a0
[  382.929677][T10016]  ? netlink_data_ready+0x10/0x10
[  382.934748][T10016]  ? free_vm_area+0x50/0x50
[  382.939314][T10016]  ? netlink_sendmsg+0x602/0xbf0
[  382.944291][T10016]  vmalloc+0x79/0x90
[  382.948240][T10016]  ? netlink_sendmsg+0x602/0xbf0
[  382.953220][T10016]  netlink_sendmsg+0x602/0xbf0
[  382.958021][T10016]  ? perf_trace_lock+0x304/0x3b0
[  382.963013][T10016]  ? netlink_getsockopt+0x590/0x590
[  382.968257][T10016]  ? aa_sock_msg_perm+0x94/0x150
[  382.973264][T10016]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  382.978579][T10016]  ? security_socket_sendmsg+0x80/0xa0
[  382.984064][T10016]  ? netlink_getsockopt+0x590/0x590
[  382.989312][T10016]  ____sys_sendmsg+0x5ba/0x960
[  382.994163][T10016]  ? __asan_memset+0x22/0x40
[  382.998791][T10016]  ? __sys_sendmsg_sock+0x30/0x30
[  383.003935][T10016]  ? __import_iovec+0x5f2/0x850
[  383.008861][T10016]  ? import_iovec+0x73/0xa0
[  383.013445][T10016]  ___sys_sendmsg+0x2a6/0x360
[  383.018284][T10016]  ? __sys_sendmsg+0x2a0/0x2a0
[  383.023159][T10016]  ? __lock_acquire+0x7d40/0x7d40
[  383.028312][T10016]  __se_sys_sendmsg+0x1c2/0x2b0
[  383.033231][T10016]  ? __x64_sys_sendmsg+0x80/0x80
[  383.038259][T10016]  ? lockdep_hardirqs_on+0x98/0x150
[  383.043510][T10016]  do_syscall_64+0x55/0xa0
[  383.047964][T10016]  ? clear_bhb_loop+0x40/0x90
[  383.052708][T10016]  ? clear_bhb_loop+0x40/0x90
[  383.057443][T10016]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  383.063461][T10016] RIP: 0033:0x7f5fd7b9c819
[  383.068107][T10016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  383.087867][T10016] RSP: 002b:00007f5fd8b4a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  383.096324][T10016] RAX: ffffffffffffffda RBX: 00007f5fd7e15fa0 RCX: 00007f5fd7b9c819
[  383.104406][T10016] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  383.112488][T10016] RBP: 00007f5fd8b4a090 R08: 0000000000000000 R09: 0000000000000000
[  383.120484][T10016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.128485][T10016] R13: 00007f5fd7e16038 R14: 00007f5fd7e15fa0 R15: 00007ffd26751e48
[  383.136617][T10016]  </TASK>
[  383.175448][T10016] Mem-Info:
[  383.178668][T10016] active_anon:5499 inactive_anon:0 isolated_anon:0
[  383.178668][T10016]  active_file:18451 inactive_file:40046 isolated_file:0
[  383.178668][T10016]  unevictable:768 dirty:62 writeback:0
[  383.178668][T10016]  slab_reclaimable:10178 slab_unreclaimable:92898
[  383.178668][T10016]  mapped:25877 shmem:1361 pagetables:517
[  383.178668][T10016]  sec_pagetables:0 bounce:0
[  383.178668][T10016]  kernel_misc_reclaimable:0
[  383.178668][T10016]  free:1344745 free_pcp:11229 free_cma:0
[  383.251793][T10016] Node 0 active_anon:21984kB inactive_anon:0kB active_file:73804kB inactive_file:159980kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:103544kB dirty:260kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10288kB pagetables:2128kB sec_pagetables:0kB all_unreclaimable? no
[  383.305043][T10016] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  383.346603][T10016] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  383.383743][T10016] lowmem_reserve[]: 0 2521 2522 2522 2522
[  383.390032][T10016] Node 0 DMA32 free:1466948kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21948kB inactive_anon:0kB active_file:73804kB inactive_file:159152kB unevictable:1536kB writepending:260kB present:3129332kB managed:2586956kB mlocked:0kB bounce:0kB free_pcp:27688kB local_pcp:14176kB free_cma:0kB
[  383.426022][T10016] lowmem_reserve[]: 0 0 0 0 0
[  383.430877][T10016] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  383.485418][T10016] lowmem_reserve[]: 0 0 0 0 0
[  383.490413][T10016] Node 1 Normal free:3896920kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17408kB local_pcp:11264kB free_cma:0kB
[  383.565735][T10016] lowmem_reserve[]: 0 0 0 0 0
[  383.570651][T10016] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  383.615576][T10016] Node 0 DMA32: 1831*4kB (UME) 1983*8kB (UME) 1289*16kB (UME) 553*32kB (UME) 310*64kB (UME) 147*128kB (UME) 51*256kB (UME) 30*512kB (UME) 9*1024kB (M) 7*2048kB (UM) 321*4096kB (M) = 1466948kB
[  383.672021][T10016] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  383.692457][T10016] Node 1 Normal: 232*4kB (UM) 47*8kB (UME) 36*16kB (UME) 102*32kB (UME) 31*64kB (UE) 11*128kB (UME) 1*256kB (U) 2*512kB (ME) 2*1024kB (UE) 1*2048kB (E) 948*4096kB (M) = 3896920kB
[  383.739019][T10016] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  383.775489][T10016] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  383.806247][T10016] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  383.825474][T10016] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  383.842510][T10016] 59858 total pagecache pages
[  383.847572][T10016] 0 pages in swap cache
[  383.851941][T10016] Free swap  = 124996kB
[  383.856332][T10016] Total swap = 124996kB
[  383.860753][T10016] 2097051 pages RAM
[  383.864583][T10016] 0 pages HighMem/MovableOnly
[  383.875128][T10016] 416926 pages reserved
[  383.881709][T10016] 0 pages cma reserved
[  385.815737][T10044] netlink: 'syz.1.1302': attribute type 21 has an invalid length.
[  385.827561][T10044] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1302'.
[  385.837183][T10046] netlink: 'syz.0.1303': attribute type 21 has an invalid length.
[  385.845170][T10046] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1303'.
[  386.075424][T10053] netlink: 'syz.1.1305': attribute type 21 has an invalid length.
[  386.084802][T10053] netlink: 'syz.1.1305': attribute type 6 has an invalid length.
[  386.093420][T10053] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1305'.
[  387.148295][T10066] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1310'.
[  388.483144][T10078] netlink: 'syz.1.1314': attribute type 21 has an invalid length.
[  388.532180][T10078] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1314'.
[  388.962205][T10081] netlink: 'syz.2.1315': attribute type 21 has an invalid length.
[  388.978071][T10081] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1315'.
[  389.757753][T10099] netlink: 'syz.3.1319': attribute type 3 has an invalid length.
[  389.819162][T10099] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1319'.
[  389.894155][T10102] netlink: 56537 bytes leftover after parsing attributes in process `syz.2.1321'.
[  390.159369][T10106] syzkaller0: entered promiscuous mode
[  390.170814][T10106] syzkaller0: entered allmulticast mode
[  392.475515][T10116] netlink: 'syz.2.1325': attribute type 21 has an invalid length.
[  392.483479][T10116] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1325'.
[  392.496522][T10127] netlink: 'syz.0.1329': attribute type 21 has an invalid length.
[  392.517897][T10127] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1329'.
[  393.964618][T10153] netlink: 'syz.2.1338': attribute type 21 has an invalid length.
[  393.973164][T10153] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1338'.
[  394.103188][T10158] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1340'.
[  394.300098][T10161] netlink: 'syz.3.1341': attribute type 21 has an invalid length.
[  394.312471][T10161] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1341'.
[  394.451879][T10163] syzkaller0: entered promiscuous mode
[  394.481653][T10163] syzkaller0: entered allmulticast mode
[  394.624294][T10172] sctp: [Deprecated]: syz.3.1345 (pid 10172) Use of struct sctp_assoc_value in delayed_ack socket option.
[  394.624294][T10172] Use struct sctp_sack_info instead
[  397.058517][T10188] netlink: 'syz.1.1351': attribute type 21 has an invalid length.
[  397.087303][T10188] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1351'.
[  397.497865][T10205] netlink: 'syz.0.1353': attribute type 21 has an invalid length.
[  397.513950][T10205] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1353'.
[  398.432688][T10218] syzkaller0: entered promiscuous mode
[  398.487993][T10218] syzkaller0: entered allmulticast mode
[  399.088297][T10228] netlink: 'syz.1.1363': attribute type 21 has an invalid length.
[  399.113046][T10228] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1363'.
[  401.428989][T10250] netlink: 'syz.0.1369': attribute type 21 has an invalid length.
[  401.437437][T10250] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1369'.
[  402.670514][T10267] netlink: 'syz.1.1376': attribute type 21 has an invalid length.
[  402.707475][T10267] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1376'.
[  403.292040][T10282] netlink: 'syz.1.1379': attribute type 21 has an invalid length.
[  403.308900][T10282] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1379'.
[  403.577760][T10293] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.1385'.
[  404.325091][T10300] netlink: 14463 bytes leftover after parsing attributes in process `syz.0.1387'.
[  405.044829][T10316] FAULT_INJECTION: forcing a failure.
[  405.044829][T10316] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.065261][T10316] CPU: 1 PID: 10316 Comm: syz.0.1391 Not tainted syzkaller #0
[  405.072877][T10316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  405.083057][T10316] Call Trace:
[  405.086462][T10316]  <TASK>
[  405.089534][T10316]  dump_stack_lvl+0x18c/0x250
[  405.094275][T10316]  ? show_regs_print_info+0x20/0x20
[  405.099622][T10316]  ? load_image+0x400/0x400
[  405.104181][T10316]  ? __lock_acquire+0x7d40/0x7d40
[  405.109265][T10316]  ? snprintf+0xe9/0x140
[  405.113566][T10316]  should_fail_ex+0x39d/0x4d0
[  405.118396][T10316]  _copy_to_user+0x2f/0xa0
[  405.122956][T10316]  simple_read_from_buffer+0xe7/0x150
[  405.128396][T10316]  proc_fail_nth_read+0x1e8/0x260
[  405.133475][T10316]  ? proc_fault_inject_write+0x360/0x360
[  405.139172][T10316]  ? fsnotify_perm+0x271/0x5e0
[  405.144002][T10316]  ? proc_fault_inject_write+0x360/0x360
[  405.149700][T10316]  vfs_read+0x28b/0x970
[  405.153915][T10316]  ? kernel_read+0x1e0/0x1e0
[  405.158648][T10316]  ? __fget_files+0x28/0x4b0
[  405.163290][T10316]  ? __fget_files+0x28/0x4b0
[  405.167933][T10316]  ? __fget_files+0x43d/0x4b0
[  405.172676][T10316]  ? __fdget_pos+0x2a3/0x330
[  405.177310][T10316]  ? ksys_read+0x75/0x260
[  405.181696][T10316]  ksys_read+0x150/0x260
[  405.185998][T10316]  ? vfs_write+0x990/0x990
[  405.190469][T10316]  ? lockdep_hardirqs_on+0x98/0x150
[  405.195740][T10316]  do_syscall_64+0x55/0xa0
[  405.200210][T10316]  ? clear_bhb_loop+0x40/0x90
[  405.204959][T10316]  ? clear_bhb_loop+0x40/0x90
[  405.209690][T10316]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  405.215634][T10316] RIP: 0033:0x7f9eb215d04e
[  405.220104][T10316] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  405.239870][T10316] RSP: 002b:00007f9eb2f81fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  405.248338][T10316] RAX: ffffffffffffffda RBX: 00007f9eb2f826c0 RCX: 00007f9eb215d04e
[  405.256440][T10316] RDX: 000000000000000f RSI: 00007f9eb2f820a0 RDI: 0000000000000005
[  405.264445][T10316] RBP: 00007f9eb2f82090 R08: 0000000000000000 R09: 0000000000000000
[  405.272434][T10316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.280420][T10316] R13: 00007f9eb2416038 R14: 00007f9eb2415fa0 R15: 00007ffe045d19a8
[  405.288420][T10316]  </TASK>
[  405.618913][T10326] netlink: 'syz.1.1393': attribute type 21 has an invalid length.
[  405.656407][T10326] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1393'.
[  405.884928][T10333] FAULT_INJECTION: forcing a failure.
[  405.884928][T10333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.914836][T10333] CPU: 1 PID: 10333 Comm: syz.1.1397 Not tainted syzkaller #0
[  405.922399][T10333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  405.932951][T10333] Call Trace:
[  405.936289][T10333]  <TASK>
[  405.939268][T10333]  dump_stack_lvl+0x18c/0x250
[  405.944041][T10333]  ? show_regs_print_info+0x20/0x20
[  405.949317][T10333]  ? load_image+0x400/0x400
[  405.954067][T10333]  ? __lock_acquire+0x7d40/0x7d40
[  405.959238][T10333]  ? snprintf+0xe9/0x140
[  405.963543][T10333]  should_fail_ex+0x39d/0x4d0
[  405.968292][T10333]  _copy_to_user+0x2f/0xa0
[  405.972781][T10333]  simple_read_from_buffer+0xe7/0x150
[  405.978336][T10333]  proc_fail_nth_read+0x1e8/0x260
[  405.983440][T10333]  ? proc_fault_inject_write+0x360/0x360
[  405.989155][T10333]  ? fsnotify_perm+0x271/0x5e0
[  405.994003][T10333]  ? proc_fault_inject_write+0x360/0x360
[  405.999771][T10333]  vfs_read+0x28b/0x970
[  406.004289][T10333]  ? kernel_read+0x1e0/0x1e0
[  406.009141][T10333]  ? __fget_files+0x28/0x4b0
[  406.014410][T10333]  ? __fget_files+0x28/0x4b0
[  406.019066][T10333]  ? __fget_files+0x43d/0x4b0
[  406.023826][T10333]  ? __fdget_pos+0x2a3/0x330
[  406.028467][T10333]  ? ksys_read+0x75/0x260
[  406.032856][T10333]  ksys_read+0x150/0x260
[  406.037315][T10333]  ? vfs_write+0x990/0x990
[  406.041890][T10333]  ? lockdep_hardirqs_on+0x98/0x150
[  406.047155][T10333]  do_syscall_64+0x55/0xa0
[  406.051726][T10333]  ? clear_bhb_loop+0x40/0x90
[  406.056451][T10333]  ? clear_bhb_loop+0x40/0x90
[  406.061284][T10333]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  406.067318][T10333] RIP: 0033:0x7f13e0b5d04e
[  406.071790][T10333] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  406.091549][T10333] RSP: 002b:00007f13e1a33fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  406.100219][T10333] RAX: ffffffffffffffda RBX: 00007f13e1a346c0 RCX: 00007f13e0b5d04e
[  406.108527][T10333] RDX: 000000000000000f RSI: 00007f13e1a340a0 RDI: 0000000000000053
[  406.116562][T10333] RBP: 00007f13e1a34090 R08: 0000000000000000 R09: 0000000000000000
[  406.125376][T10333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.133403][T10333] R13: 00007f13e0e16038 R14: 00007f13e0e15fa0 R15: 00007ffca0398ab8
[  406.141463][T10333]  </TASK>
[  406.384948][T10344] sock: sock_timestamping_bind_phc: sock not bind to device
[  406.621307][T10343] netlink: 14463 bytes leftover after parsing attributes in process `syz.1.1401'.
[  407.443957][T10358] netlink: 'syz.2.1406': attribute type 21 has an invalid length.
[  407.501726][T10358] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1406'.
[  409.034464][T10378] netlink: 'syz.3.1410': attribute type 21 has an invalid length.
[  409.133034][T10378] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1410'.
[  410.562982][T10394] netlink: 'syz.0.1416': attribute type 21 has an invalid length.
[  410.641163][T10394] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1416'.
[  411.068493][T10413] netlink: 'syz.3.1422': attribute type 21 has an invalid length.
[  411.139493][T10413] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1422'.
[  411.760580][T10421] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.1425'.
[  412.902053][T10439] netlink: 'syz.1.1431': attribute type 21 has an invalid length.
[  412.913565][T10439] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1431'.
[  413.344983][T10444] netlink: 'syz.2.1432': attribute type 21 has an invalid length.
[  413.489479][T10444] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1432'.
[  414.651450][T10469] netlink: 'syz.3.1442': attribute type 21 has an invalid length.
[  414.710160][T10469] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1442'.
[  415.266259][T10483] netlink: 'syz.2.1444': attribute type 21 has an invalid length.
[  415.376229][T10483] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1444'.
[  415.878506][T10489] netlink: 'syz.0.1455': attribute type 21 has an invalid length.
[  416.423006][T10489] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1455'.
[  417.047839][T10509] netlink: 'syz.0.1453': attribute type 21 has an invalid length.
[  417.079103][T10509] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1453'.
[  417.614931][T10521] netlink: 'syz.0.1458': attribute type 21 has an invalid length.
[  417.672111][T10521] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1458'.
[  419.118205][T10549] netlink: 'syz.3.1466': attribute type 21 has an invalid length.
[  419.183768][T10549] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1466'.
[  419.668532][T10561] netlink: 'syz.0.1470': attribute type 21 has an invalid length.
[  419.677003][T10561] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1470'.
[  420.512721][T10574] netlink: 40451 bytes leftover after parsing attributes in process `syz.0.1474'.
[  421.422554][T10587] netlink: 'syz.3.1479': attribute type 21 has an invalid length.
[  421.446786][T10587] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1479'.
[  421.952151][T10600] netlink: 'syz.1.1484': attribute type 21 has an invalid length.
[  421.988310][T10600] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1484'.
[  423.450674][T10624] netlink: 'syz.3.1491': attribute type 21 has an invalid length.
[  423.491857][T10624] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1491'.
[  423.673465][T10629] netlink: 'syz.1.1493': attribute type 21 has an invalid length.
[  423.758221][T10629] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1493'.
[  425.025061][T10668] netlink: 'syz.3.1503': attribute type 21 has an invalid length.
[  425.062993][T10668] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1503'.
[  425.903236][T10685] netlink: 'syz.0.1506': attribute type 21 has an invalid length.
[  425.928268][T10685] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1506'.
[  427.918291][T10709] netlink: 'syz.0.1515': attribute type 21 has an invalid length.
[  427.944599][T10709] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1515'.
[  429.147159][T10742] netlink: 'syz.1.1527': attribute type 10 has an invalid length.
[  429.194734][T10742] team0: Port device dummy0 added
[  429.732472][T10763] netlink: 'syz.0.1536': attribute type 21 has an invalid length.
[  429.762733][T10763] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1536'.
[  429.977476][T10770] netlink: 'syz.2.1538': attribute type 21 has an invalid length.
[  430.010544][T10770] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1538'.
[  430.428418][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  430.438948][ T5783] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  430.448597][ T5783] CPU: 0 PID: 5783 Comm: kworker/u5:6 Not tainted syzkaller #0
[  430.456347][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  430.466504][ T5783] Workqueue: hci0 hci_rx_work
[  430.471298][ T5783] Call Trace:
[  430.474591][ T5783]  <TASK>
[  430.477539][ T5783]  dump_stack_lvl+0x18c/0x250
[  430.482247][ T5783]  ? show_regs_print_info+0x20/0x20
[  430.487640][ T5783]  ? load_image+0x400/0x400
[  430.492174][ T5783]  sysfs_create_dir_ns+0x26e/0x2a0
[  430.497307][ T5783]  ? sysfs_warn_dup+0xa0/0xa0
[  430.502001][ T5783]  ? do_raw_spin_unlock+0x121/0x230
[  430.507234][ T5783]  kobject_add_internal+0x61c/0xcc0
[  430.512735][ T5783]  kobject_add+0x164/0x240
[  430.517261][ T5783]  ? __rwlock_init+0x150/0x150
[  430.522240][ T5783]  ? kobject_init+0x1e0/0x1e0
[  430.527116][ T5783]  ? _raw_spin_unlock+0x28/0x40
[  430.532246][ T5783]  ? get_device_parent+0x366/0x390
[  430.537378][ T5783]  device_add+0x408/0xc20
[  430.541732][ T5783]  hci_conn_add_sysfs+0xd5/0x1e0
[  430.546709][ T5783]  le_conn_complete_evt+0xf5d/0x1540
[  430.552022][ T5783]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  430.558366][ T5783]  ? bt_info+0x180/0x180
[  430.562632][ T5783]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  430.568281][ T5783]  ? skb_pull_data+0xfb/0x200
[  430.572980][ T5783]  hci_le_conn_complete_evt+0x187/0x440
[  430.578553][ T5783]  ? hci_remote_host_features_evt+0x150/0x150
[  430.584641][ T5783]  hci_event_packet+0x7ba/0x1270
[  430.589613][ T5783]  ? bis_list+0x290/0x290
[  430.593960][ T5783]  ? lockdep_hardirqs_on+0x98/0x150
[  430.599182][ T5783]  ? hci_send_to_monitor+0xd7/0x4f0
[  430.604698][ T5783]  hci_rx_work+0x43a/0xd60
[  430.609230][ T5783]  ? process_scheduled_works+0x96f/0x15d0
[  430.614964][ T5783]  process_scheduled_works+0xa5d/0x15d0
[  430.620561][ T5783]  ? worker_attach_to_pool+0x380/0x380
[  430.626226][ T5783]  ? assign_work+0x3d2/0x5d0
[  430.630923][ T5783]  worker_thread+0xa55/0xfc0
[  430.635666][ T5783]  kthread+0x2fa/0x390
[  430.639749][ T5783]  ? pr_cont_work+0x560/0x560
[  430.644785][ T5783]  ? kthread_blkcg+0xd0/0xd0
[  430.649386][ T5783]  ret_from_fork+0x48/0x80
[  430.653914][ T5783]  ? kthread_blkcg+0xd0/0xd0
[  430.658522][ T5783]  ret_from_fork_asm+0x11/0x20
[  430.663332][ T5783]  </TASK>
[  430.669047][ T5783] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  430.683326][ T5783] Bluetooth: hci0: failed to register connection device
[  431.342289][T10799] netlink: 'syz.1.1547': attribute type 21 has an invalid length.
[  431.362651][T10799] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1547'.
[  431.713887][T10811] netlink: 'syz.0.1548': attribute type 21 has an invalid length.
[  431.745712][T10811] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1548'.
[  431.799764][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  431.808207][ T5085] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  431.818214][ T5085] CPU: 0 PID: 5085 Comm: kworker/u5:1 Not tainted syzkaller #0
[  431.825900][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  431.835998][ T5085] Workqueue: hci1 hci_rx_work
[  431.840826][ T5085] Call Trace:
[  431.844156][ T5085]  <TASK>
[  431.847207][ T5085]  dump_stack_lvl+0x18c/0x250
[  431.851915][ T5085]  ? show_regs_print_info+0x20/0x20
[  431.857147][ T5085]  ? load_image+0x400/0x400
[  431.861684][ T5085]  sysfs_create_dir_ns+0x26e/0x2a0
[  431.866847][ T5085]  ? sysfs_warn_dup+0xa0/0xa0
[  431.871546][ T5085]  ? do_raw_spin_unlock+0x121/0x230
[  431.876771][ T5085]  kobject_add_internal+0x61c/0xcc0
[  431.882013][ T5085]  kobject_add+0x164/0x240
[  431.886445][ T5085]  ? __rwlock_init+0x150/0x150
[  431.891233][ T5085]  ? kobject_init+0x1e0/0x1e0
[  431.895929][ T5085]  ? _raw_spin_unlock+0x28/0x40
[  431.900889][ T5085]  ? get_device_parent+0x366/0x390
[  431.906027][ T5085]  device_add+0x408/0xc20
[  431.910378][ T5085]  hci_conn_add_sysfs+0xd5/0x1e0
[  431.915419][ T5085]  le_conn_complete_evt+0xf5d/0x1540
[  431.920826][ T5085]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  431.927089][ T5085]  ? bt_info+0x180/0x180
[  431.931348][ T5085]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  431.936999][ T5085]  ? skb_pull_data+0xfb/0x200
[  431.941696][ T5085]  hci_le_conn_complete_evt+0x187/0x440
[  431.947272][ T5085]  ? hci_remote_host_features_evt+0x150/0x150
[  431.953354][ T5085]  hci_event_packet+0x7ba/0x1270
[  431.958623][ T5085]  ? bis_list+0x290/0x290
[  431.962973][ T5085]  ? lockdep_hardirqs_on+0x98/0x150
[  431.968306][ T5085]  ? hci_send_to_monitor+0xd7/0x4f0
[  431.973561][ T5085]  hci_rx_work+0x43a/0xd60
[  431.978049][ T5085]  ? process_scheduled_works+0x96f/0x15d0
[  431.983821][ T5085]  process_scheduled_works+0xa5d/0x15d0
[  431.989613][ T5085]  ? worker_attach_to_pool+0x380/0x380
[  431.995102][ T5085]  ? assign_work+0x3d2/0x5d0
[  431.999816][ T5085]  worker_thread+0xa55/0xfc0
[  432.004530][ T5085]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  432.010806][ T5085]  ? _raw_spin_unlock+0x40/0x40
[  432.015682][ T5085]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  432.021612][ T5085]  kthread+0x2fa/0x390
[  432.025957][ T5085]  ? pr_cont_work+0x560/0x560
[  432.030725][ T5085]  ? kthread_blkcg+0xd0/0xd0
[  432.035754][ T5085]  ret_from_fork+0x48/0x80
[  432.040325][ T5085]  ? kthread_blkcg+0xd0/0xd0
[  432.044937][ T5085]  ret_from_fork_asm+0x11/0x20
[  432.049838][ T5085]  </TASK>
[  432.063746][ T5085] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  432.078433][ T5085] Bluetooth: hci1: failed to register connection device
[  433.841016][T10834] netlink: 40451 bytes leftover after parsing attributes in process `syz.3.1557'.
[  434.715999][ T5085] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  434.724298][ T5085] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  434.734264][ T5085] CPU: 0 PID: 5085 Comm: kworker/u5:1 Not tainted syzkaller #0
[  434.741951][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  434.752139][ T5085] Workqueue: hci3 hci_rx_work
[  434.756879][ T5085] Call Trace:
[  434.760278][ T5085]  <TASK>
[  434.763244][ T5085]  dump_stack_lvl+0x18c/0x250
[  434.768073][ T5085]  ? show_regs_print_info+0x20/0x20
[  434.773589][ T5085]  ? load_image+0x400/0x400
[  434.778201][ T5085]  sysfs_create_dir_ns+0x26e/0x2a0
[  434.783455][ T5085]  ? sysfs_warn_dup+0xa0/0xa0
[  434.788180][ T5085]  ? do_raw_spin_unlock+0x121/0x230
[  434.793433][ T5085]  kobject_add_internal+0x61c/0xcc0
[  434.798696][ T5085]  kobject_add+0x164/0x240
[  434.803154][ T5085]  ? __rwlock_init+0x150/0x150
[  434.807979][ T5085]  ? kobject_init+0x1e0/0x1e0
[  434.812715][ T5085]  ? _raw_spin_unlock+0x28/0x40
[  434.817616][ T5085]  ? get_device_parent+0x366/0x390
[  434.822971][ T5085]  device_add+0x408/0xc20
[  434.829270][ T5085]  hci_conn_add_sysfs+0xd5/0x1e0
[  434.834266][ T5085]  le_conn_complete_evt+0xf5d/0x1540
[  434.839619][ T5085]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  434.846003][ T5085]  ? bt_info+0x180/0x180
[  434.850292][ T5085]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  434.856398][ T5085]  ? skb_pull_data+0xfb/0x200
[  434.861117][ T5085]  hci_le_conn_complete_evt+0x187/0x440
[  434.866685][ T5085]  ? hci_remote_host_features_evt+0x150/0x150
[  434.872856][ T5085]  hci_event_packet+0x7ba/0x1270
[  434.877828][ T5085]  ? bis_list+0x290/0x290
[  434.882203][ T5085]  ? lockdep_hardirqs_on+0x98/0x150
[  434.887423][ T5085]  ? hci_send_to_monitor+0xd7/0x4f0
[  434.892651][ T5085]  hci_rx_work+0x43a/0xd60
[  434.897147][ T5085]  ? process_scheduled_works+0x96f/0x15d0
[  434.902922][ T5085]  process_scheduled_works+0xa5d/0x15d0
[  434.908548][ T5085]  ? worker_attach_to_pool+0x380/0x380
[  434.914075][ T5085]  ? assign_work+0x3d2/0x5d0
[  434.918710][ T5085]  worker_thread+0xa55/0xfc0
[  434.923313][ T5085]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  434.929233][ T5085]  ? _raw_spin_unlock+0x40/0x40
[  434.934121][ T5085]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  434.940044][ T5085]  kthread+0x2fa/0x390
[  434.944558][ T5085]  ? pr_cont_work+0x560/0x560
[  434.949338][ T5085]  ? kthread_blkcg+0xd0/0xd0
[  434.953952][ T5085]  ret_from_fork+0x48/0x80
[  434.958389][ T5085]  ? kthread_blkcg+0xd0/0xd0
[  434.963049][ T5085]  ret_from_fork_asm+0x11/0x20
[  434.968099][ T5085]  </TASK>
[  434.985159][ T5085] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  434.999369][ T5085] Bluetooth: hci3: failed to register connection device
[  437.084043][T10850] netlink: 'syz.0.1562': attribute type 21 has an invalid length.
[  437.092290][T10850] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1562'.
[  437.363012][T10871] netlink: 'syz.0.1576': attribute type 21 has an invalid length.
[  437.373833][T10871] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1576'.
[  438.019446][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  438.027753][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  438.444451][T10901] syzkaller0: entered promiscuous mode
[  438.450608][T10901] syzkaller0: entered allmulticast mode
[  440.339244][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  440.347959][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  440.594787][T10908] netlink: 'syz.3.1580': attribute type 10 has an invalid length.
[  440.706233][T10908] team0: Device vxcan1 is of different type
[  440.823552][T10913] netlink: 'syz.0.1581': attribute type 21 has an invalid length.
[  440.845568][T10913] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1581'.
[  441.331432][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  441.345466][ T5783] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  445.750172][ T5085] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  445.759585][ T5085] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  445.769353][ T5085] CPU: 0 PID: 5085 Comm: kworker/u5:1 Not tainted syzkaller #0
[  445.777031][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  445.787138][ T5085] Workqueue: hci2 hci_rx_work
[  445.791893][ T5085] Call Trace:
[  445.795224][ T5085]  <TASK>
[  445.798197][ T5085]  dump_stack_lvl+0x18c/0x250
[  445.802951][ T5085]  ? show_regs_print_info+0x20/0x20
[  445.808216][ T5085]  ? load_image+0x400/0x400
[  445.812890][ T5085]  sysfs_create_dir_ns+0x26e/0x2a0
[  445.818051][ T5085]  ? sysfs_warn_dup+0xa0/0xa0
[  445.822822][ T5085]  ? do_raw_spin_unlock+0x121/0x230
[  445.828091][ T5085]  kobject_add_internal+0x61c/0xcc0
[  445.833342][ T5085]  kobject_add+0x164/0x240
[  445.837795][ T5085]  ? __rwlock_init+0x150/0x150
[  445.842601][ T5085]  ? kobject_init+0x1e0/0x1e0
[  445.847339][ T5085]  ? _raw_spin_unlock+0x28/0x40
[  445.852249][ T5085]  ? get_device_parent+0x366/0x390
[  445.857532][ T5085]  device_add+0x408/0xc20
[  445.861919][ T5085]  hci_conn_add_sysfs+0xd5/0x1e0
[  445.866893][ T5085]  le_conn_complete_evt+0xf5d/0x1540
[  445.872206][ T5085]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  445.878462][ T5085]  ? bt_info+0x180/0x180
[  445.882728][ T5085]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  445.888467][ T5085]  ? skb_pull_data+0xfb/0x200
[  445.893167][ T5085]  hci_le_conn_complete_evt+0x187/0x440
[  445.898888][ T5085]  ? hci_remote_host_features_evt+0x150/0x150
[  445.904969][ T5085]  hci_event_packet+0x7ba/0x1270
[  445.909936][ T5085]  ? bis_list+0x290/0x290
[  445.914366][ T5085]  ? lockdep_hardirqs_on+0x98/0x150
[  445.919781][ T5085]  ? hci_send_to_monitor+0xd7/0x4f0
[  445.925016][ T5085]  hci_rx_work+0x43a/0xd60
[  445.929563][ T5085]  ? process_scheduled_works+0x96f/0x15d0
[  445.935311][ T5085]  process_scheduled_works+0xa5d/0x15d0
[  445.941336][ T5085]  ? worker_attach_to_pool+0x380/0x380
[  445.947264][ T5085]  ? assign_work+0x3d2/0x5d0
[  445.952049][ T5085]  worker_thread+0xa55/0xfc0
[  445.956815][ T5085]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  445.962829][ T5085]  ? _raw_spin_unlock+0x40/0x40
[  445.967784][ T5085]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  445.973799][ T5085]  kthread+0x2fa/0x390
[  445.978058][ T5085]  ? pr_cont_work+0x560/0x560
[  445.982818][ T5085]  ? kthread_blkcg+0xd0/0xd0
[  445.987439][ T5085]  ret_from_fork+0x48/0x80
[  445.991889][ T5085]  ? kthread_blkcg+0xd0/0xd0
[  445.996506][ T5085]  ret_from_fork_asm+0x11/0x20
[  446.001306][ T5085]  </TASK>
[  446.025460][ T5085] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  446.039783][ T5085] Bluetooth: hci2: failed to register connection device
[  447.554287][T10955] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.724658][T10983] syzkaller0: entered promiscuous mode
[  447.733114][T10983] syzkaller0: entered allmulticast mode
[  450.828357][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  450.837737][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  451.434817][T11021] netlink: 'syz.1.1606': attribute type 2 has an invalid length.
[  451.464975][T11021] netlink: 151 bytes leftover after parsing attributes in process `syz.1.1606'.
[  452.012019][T11029] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1613'.
[  452.056271][T11029] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[  454.684638][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  454.692799][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  454.968424][T11052] netlink: 'syz.1.1618': attribute type 25 has an invalid length.
[  455.016286][T11052] netlink: 'syz.1.1618': attribute type 29 has an invalid length.
[  455.641708][T11072] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.1623'.
[  455.654860][T11071] netlink: 'syz.2.1623': attribute type 39 has an invalid length.
[  456.547245][ T5085] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  456.554982][ T5085] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  459.541051][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  459.549301][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  460.254770][T11145] netlink: 'syz.0.1645': attribute type 29 has an invalid length.
[  460.299180][T11145] netlink: 'syz.0.1645': attribute type 29 has an invalid length.
[  460.311066][T11150] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1644'.
[  462.881032][T11168] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1650'.
[  462.891711][T11168] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4.
[  463.411924][T11180] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.1654'.
[  463.424339][T11179] netlink: 'syz.3.1654': attribute type 39 has an invalid length.
[  463.680259][T11187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1657'.
[  466.452605][T11210] FAULT_INJECTION: forcing a failure.
[  466.452605][T11210] name failslab, interval 1, probability 0, space 0, times 0
[  466.465419][T11210] CPU: 1 PID: 11210 Comm: syz.1.1665 Not tainted syzkaller #0
[  466.472913][T11210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  466.482993][T11210] Call Trace:
[  466.486272][T11210]  <TASK>
[  466.489201][T11210]  dump_stack_lvl+0x18c/0x250
[  466.493916][T11210]  ? show_regs_print_info+0x20/0x20
[  466.499206][T11210]  ? load_image+0x400/0x400
[  466.503718][T11210]  ? __might_sleep+0xe0/0xe0
[  466.508345][T11210]  ? __lock_acquire+0x7d40/0x7d40
[  466.513513][T11210]  should_fail_ex+0x39d/0x4d0
[  466.518294][T11210]  should_failslab+0x9/0x20
[  466.522973][T11210]  slab_pre_alloc_hook+0x59/0x310
[  466.528029][T11210]  ? ethnl_default_notify+0x1ed/0x790
[  466.533622][T11210]  ? ethnl_default_notify+0x1ed/0x790
[  466.539185][T11210]  __kmem_cache_alloc_node+0x53/0x250
[  466.544683][T11210]  ? ethnl_default_notify+0x1ed/0x790
[  466.550146][T11210]  __kmalloc+0xa4/0x230
[  466.554305][T11210]  ethnl_default_notify+0x1ed/0x790
[  466.559510][T11210]  ? ethtool_notify+0x1b0/0x1b0
[  466.564366][T11210]  ? __might_fault+0xaa/0x120
[  466.569038][T11210]  ? mutex_is_locked+0x12/0x40
[  466.573794][T11210]  ? rtnl_is_locked+0x15/0x20
[  466.578506][T11210]  ethtool_set_ringparam+0x365/0x3f0
[  466.583905][T11210]  ? ethtool_get_ringparam+0x1f0/0x1f0
[  466.589471][T11210]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  466.595400][T11210]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  466.601414][T11210]  ? _raw_spin_unlock+0x40/0x40
[  466.606297][T11210]  ? bpf_lsm_capable+0x9/0x10
[  466.611193][T11210]  dev_ethtool+0xe53/0x18d0
[  466.615730][T11210]  ? ethtool_get_module_eeprom_call+0x170/0x170
[  466.621991][T11210]  ? __lock_acquire+0x7d40/0x7d40
[  466.627065][T11210]  ? __might_fault+0xaa/0x120
[  466.632099][T11210]  ? full_name_hash+0x92/0xe0
[  466.636798][T11210]  ? dev_load+0x21/0x1f0
[  466.641059][T11210]  dev_ioctl+0x392/0x1140
[  466.645494][T11210]  sock_do_ioctl+0x239/0x310
[  466.650101][T11210]  ? sock_show_fdinfo+0xb0/0xb0
[  466.654981][T11210]  sock_ioctl+0x5ba/0x7e0
[  466.659329][T11210]  ? sock_poll+0x3e0/0x3e0
[  466.663764][T11210]  ? bpf_lsm_file_ioctl+0x9/0x10
[  466.668713][T11210]  ? security_file_ioctl+0x80/0xa0
[  466.673840][T11210]  ? sock_poll+0x3e0/0x3e0
[  466.678291][T11210]  __se_sys_ioctl+0xfd/0x170
[  466.682993][T11210]  do_syscall_64+0x55/0xa0
[  466.687478][T11210]  ? clear_bhb_loop+0x40/0x90
[  466.692281][T11210]  ? clear_bhb_loop+0x40/0x90
[  466.696969][T11210]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  466.702886][T11210] RIP: 0033:0x7f13e0b9c819
[  466.707317][T11210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  466.726958][T11210] RSP: 002b:00007f13e1a34028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  466.735571][T11210] RAX: ffffffffffffffda RBX: 00007f13e0e15fa0 RCX: 00007f13e0b9c819
[  466.743753][T11210] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000014
[  466.751758][T11210] RBP: 00007f13e1a34090 R08: 0000000000000000 R09: 0000000000000000
[  466.759932][T11210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.768085][T11210] R13: 00007f13e0e16038 R14: 00007f13e0e15fa0 R15: 00007ffca0398ab8
[  466.776178][T11210]  </TASK>
[  466.789991][T11212] FAULT_INJECTION: forcing a failure.
[  466.789991][T11212] name failslab, interval 1, probability 0, space 0, times 0
[  466.815149][T11212] CPU: 0 PID: 11212 Comm: syz.3.1666 Not tainted syzkaller #0
[  466.823218][T11212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  466.833317][T11212] Call Trace:
[  466.836635][T11212]  <TASK>
[  466.839775][T11212]  dump_stack_lvl+0x18c/0x250
[  466.844511][T11212]  ? show_regs_print_info+0x20/0x20
[  466.850288][T11212]  ? load_image+0x400/0x400
[  466.854839][T11212]  ? __lock_acquire+0x7d40/0x7d40
[  466.859913][T11212]  ? _raw_spin_unlock_irq+0x23/0x50
[  466.865176][T11212]  should_fail_ex+0x39d/0x4d0
[  466.869920][T11212]  should_failslab+0x9/0x20
[  466.874479][T11212]  slab_pre_alloc_hook+0x59/0x310
[  466.879558][T11212]  ? acct_exit_ns+0xf0/0xf0
[  466.884115][T11212]  kmem_cache_alloc+0x5a/0x2d0
[  466.889388][T11212]  ? taskstats_exit+0x155/0x9e0
[  466.894342][T11212]  taskstats_exit+0x155/0x9e0
[  466.899170][T11212]  do_exit+0x8d0/0x2460
[  466.903390][T11212]  ? put_task_struct+0xc0/0xc0
[  466.908207][T11212]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  466.914333][T11212]  ? lock_chain_count+0x20/0x20
[  466.919234][T11212]  ? kick_process+0xe4/0x150
[  466.924053][T11212]  ? _raw_spin_unlock_irq+0x23/0x50
[  466.929384][T11212]  ? lockdep_hardirqs_on+0x98/0x150
[  466.934638][T11212]  do_group_exit+0x21b/0x2d0
[  466.939280][T11212]  __x64_sys_exit_group+0x3f/0x40
[  466.944368][T11212]  do_syscall_64+0x55/0xa0
[  466.948832][T11212]  ? clear_bhb_loop+0x40/0x90
[  466.953550][T11212]  ? clear_bhb_loop+0x40/0x90
[  466.958284][T11212]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  466.964220][T11212] RIP: 0033:0x7f5fd7b9c819
[  466.968757][T11212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  466.988588][T11212] RSP: 002b:00007f5fd8b49f38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  466.997065][T11212] RAX: ffffffffffffffda RBX: 00007f5fd7c093e8 RCX: 00007f5fd7b9c819
[  467.005251][T11212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  467.013342][T11212] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007f5fd7e16038
[  467.021437][T11212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.029449][T11212] R13: 00007f5fd7e16038 R14: 00007f5fd7e15fa0 R15: 00007ffd26751e48
[  467.037583][T11212]  </TASK>
[  468.151051][T11240] FAULT_INJECTION: forcing a failure.
[  468.151051][T11240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  468.182792][T11240] CPU: 1 PID: 11240 Comm: syz.0.1678 Not tainted syzkaller #0
[  468.190422][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  468.200537][T11240] Call Trace:
[  468.203825][T11240]  <TASK>
[  468.206956][T11240]  dump_stack_lvl+0x18c/0x250
[  468.211678][T11240]  ? show_regs_print_info+0x20/0x20
[  468.216904][T11240]  ? load_image+0x400/0x400
[  468.221491][T11240]  ? __might_fault+0xaa/0x120
[  468.226210][T11240]  should_fail_ex+0x39d/0x4d0
[  468.231020][T11240]  copyin+0x1a/0x90
[  468.234853][T11240]  _copy_from_iter+0x54f/0x12e0
[  468.239746][T11240]  ? slab_post_alloc_hook+0x8a/0x4b0
[  468.245099][T11240]  ? __virt_addr_valid+0x18c/0x540
[  468.250267][T11240]  ? copyout_mc+0x70/0x70
[  468.254627][T11240]  ? __virt_addr_valid+0x18c/0x540
[  468.259766][T11240]  ? __virt_addr_valid+0x18c/0x540
[  468.265009][T11240]  ? __virt_addr_valid+0x469/0x540
[  468.271109][T11240]  ? __check_object_size+0x506/0xa20
[  468.276465][T11240]  netlink_sendmsg+0x76b/0xbf0
[  468.281300][T11240]  ? netlink_getsockopt+0x590/0x590
[  468.286548][T11240]  ? aa_sock_msg_perm+0x94/0x150
[  468.291535][T11240]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  468.296853][T11240]  ? security_socket_sendmsg+0x80/0xa0
[  468.302334][T11240]  ? netlink_getsockopt+0x590/0x590
[  468.307562][T11240]  ____sys_sendmsg+0x5ba/0x960
[  468.312364][T11240]  ? __asan_memset+0x22/0x40
[  468.316990][T11240]  ? __sys_sendmsg_sock+0x30/0x30
[  468.322208][T11240]  ? __import_iovec+0x3fa/0x850
[  468.327193][T11240]  ? import_iovec+0x73/0xa0
[  468.331728][T11240]  ___sys_sendmsg+0x2a6/0x360
[  468.336524][T11240]  ? __sys_sendmsg+0x2a0/0x2a0
[  468.341348][T11240]  ? __lock_acquire+0x7d40/0x7d40
[  468.346473][T11240]  __se_sys_sendmsg+0x1c2/0x2b0
[  468.351447][T11240]  ? __x64_sys_sendmsg+0x80/0x80
[  468.356484][T11240]  ? lockdep_hardirqs_on+0x98/0x150
[  468.361885][T11240]  do_syscall_64+0x55/0xa0
[  468.366329][T11240]  ? clear_bhb_loop+0x40/0x90
[  468.371133][T11240]  ? clear_bhb_loop+0x40/0x90
[  468.375927][T11240]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  468.381842][T11240] RIP: 0033:0x7f9eb219c819
[  468.386286][T11240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  468.406000][T11240] RSP: 002b:00007f9eb2f82028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  468.414464][T11240] RAX: ffffffffffffffda RBX: 00007f9eb2415fa0 RCX: 00007f9eb219c819
[  468.422455][T11240] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000a
[  468.430562][T11240] RBP: 00007f9eb2f82090 R08: 0000000000000000 R09: 0000000000000000
[  468.438551][T11240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.446537][T11240] R13: 00007f9eb2416038 R14: 00007f9eb2415fa0 R15: 00007ffe045d19a8
[  468.454660][T11240]  </TASK>
[  470.504629][T11255] netlink: 638 bytes leftover after parsing attributes in process `syz.1.1682'.
[  473.485874][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  473.493345][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  474.862811][T11331] bridge_slave_0: left allmulticast mode
[  475.250593][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  475.258952][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  475.900571][T11345] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1713'.
[  475.911576][T11345] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  476.899977][ T5783] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  476.908870][ T5783] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  478.751580][ T5085] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  478.759386][ T5085] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  478.922004][ T5783] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  478.929926][ T5783] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  480.968812][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  480.976393][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  481.514107][ T5085] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  481.536193][ T5085] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  481.982289][T11453] FAULT_INJECTION: forcing a failure.
[  481.982289][T11453] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.999866][T11453] CPU: 1 PID: 11453 Comm: syz.3.1747 Not tainted syzkaller #0
[  482.007994][T11453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  482.018093][T11453] Call Trace:
[  482.021406][T11453]  <TASK>
[  482.024545][T11453]  dump_stack_lvl+0x18c/0x250
[  482.029291][T11453]  ? show_regs_print_info+0x20/0x20
[  482.034614][T11453]  ? load_image+0x400/0x400
[  482.039164][T11453]  ? __might_fault+0xaa/0x120
[  482.043884][T11453]  ? __lock_acquire+0x7d40/0x7d40
[  482.049122][T11453]  should_fail_ex+0x39d/0x4d0
[  482.053931][T11453]  _copy_from_user+0x2f/0xe0
[  482.058556][T11453]  kstrtouint_from_user+0xde/0x170
[  482.063793][T11453]  ? kstrtol_from_user+0x190/0x190
[  482.069137][T11453]  proc_fail_nth_write+0x8f/0x250
[  482.074202][T11453]  ? proc_fail_nth_read+0x260/0x260
[  482.079468][T11453]  ? proc_fail_nth_read+0x260/0x260
[  482.084789][T11453]  vfs_write+0x296/0x990
[  482.089080][T11453]  ? file_end_write+0x250/0x250
[  482.094055][T11453]  ? __fget_files+0x28/0x4b0
[  482.098683][T11453]  ? __fget_files+0x28/0x4b0
[  482.103480][T11453]  ? __fget_files+0x43d/0x4b0
[  482.108211][T11453]  ? __fdget_pos+0x2a3/0x330
[  482.113011][T11453]  ? ksys_write+0x75/0x260
[  482.117569][T11453]  ksys_write+0x150/0x260
[  482.121940][T11453]  ? __ia32_sys_read+0x90/0x90
[  482.127005][T11453]  ? lockdep_hardirqs_on+0x98/0x150
[  482.132422][T11453]  do_syscall_64+0x55/0xa0
[  482.137406][T11453]  ? clear_bhb_loop+0x40/0x90
[  482.142114][T11453]  ? clear_bhb_loop+0x40/0x90
[  482.146918][T11453]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  482.152847][T11453] RIP: 0033:0x7f5fd7b5d04e
[  482.157299][T11453] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  482.177116][T11453] RSP: 002b:00007f5fd8b49fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  482.185564][T11453] RAX: ffffffffffffffda RBX: 00007f5fd8b4a6c0 RCX: 00007f5fd7b5d04e
[  482.193561][T11453] RDX: 0000000000000001 RSI: 00007f5fd8b4a0a0 RDI: 0000000000000004
[  482.201557][T11453] RBP: 00007f5fd8b4a090 R08: 0000000000000000 R09: 0000000000000000
[  482.209562][T11453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  482.217735][T11453] R13: 00007f5fd7e16038 R14: 00007f5fd7e15fa0 R15: 00007ffd26751e48
[  482.225874][T11453]  </TASK>
[  484.363279][T11476] netlink: 'syz.0.1755': attribute type 20 has an invalid length.
[  485.918484][T11514] netlink: 'syz.3.1766': attribute type 10 has an invalid length.
[  485.967876][T11514] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.1766'.
[  487.408055][T11545] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.1775'.
[  488.811429][T11564] netlink: 'syz.2.1782': attribute type 46 has an invalid length.
[  488.821103][T11564] netlink: 'syz.2.1782': attribute type 46 has an invalid length.
[  489.473356][T11577] netlink: 'syz.0.1787': attribute type 21 has an invalid length.
[  489.521285][T11577] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1787'.
[  491.949575][T11617] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1799'.
[  494.632057][T11663] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1812'.
[  495.740238][T11684] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1818'.
[  496.392568][T11699] netlink: 17279 bytes leftover after parsing attributes in process `syz.3.1826'.
[  496.975992][T11714] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1829'.
[  500.349842][T11788] FAULT_INJECTION: forcing a failure.
[  500.349842][T11788] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  500.365691][T11788] CPU: 0 PID: 11788 Comm: syz.2.1852 Not tainted syzkaller #0
[  500.373206][T11788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  500.383307][T11788] Call Trace:
[  500.386617][T11788]  <TASK>
[  500.389581][T11788]  dump_stack_lvl+0x18c/0x250
[  500.394317][T11788]  ? show_regs_print_info+0x20/0x20
[  500.399567][T11788]  ? load_image+0x400/0x400
[  500.404095][T11788]  ? __might_fault+0xaa/0x120
[  500.408795][T11788]  ? __lock_acquire+0x7d40/0x7d40
[  500.413849][T11788]  should_fail_ex+0x39d/0x4d0
[  500.418568][T11788]  _copy_from_user+0x2f/0xe0
[  500.423192][T11788]  ___sys_sendmsg+0x1c7/0x360
[  500.427880][T11788]  ? get_pid_task+0x20/0x1e0
[  500.432497][T11788]  ? __sys_sendmsg+0x2a0/0x2a0
[  500.437297][T11788]  ? __lock_acquire+0x7d40/0x7d40
[  500.442461][T11788]  __se_sys_sendmsg+0x1c2/0x2b0
[  500.447325][T11788]  ? __x64_sys_sendmsg+0x80/0x80
[  500.452374][T11788]  ? lockdep_hardirqs_on+0x98/0x150
[  500.457589][T11788]  do_syscall_64+0x55/0xa0
[  500.462024][T11788]  ? clear_bhb_loop+0x40/0x90
[  500.466807][T11788]  ? clear_bhb_loop+0x40/0x90
[  500.471584][T11788]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  500.477488][T11788] RIP: 0033:0x7f369199c819
[  500.481911][T11788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  500.501617][T11788] RSP: 002b:00007f3692790028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  500.510217][T11788] RAX: ffffffffffffffda RBX: 00007f3691c15fa0 RCX: 00007f369199c819
[  500.518308][T11788] RDX: 0000000000004004 RSI: 0000200000000380 RDI: 0000000000000003
[  500.527073][T11788] RBP: 00007f3692790090 R08: 0000000000000000 R09: 0000000000000000
[  500.535055][T11788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.543139][T11788] R13: 00007f3691c16038 R14: 00007f3691c15fa0 R15: 00007ffc7d535b58
[  500.551134][T11788]  </TASK>
[  501.719807][T11820] bridge_slave_1: left allmulticast mode
[  501.730562][T11820] bridge_slave_1: left promiscuous mode
[  501.738528][T11820] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.749522][T11820] bridge_slave_0: left allmulticast mode
[  501.755603][T11820] bridge_slave_0: left promiscuous mode
[  501.761643][T11820] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.781190][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  501.788663][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  504.888662][T11882] delete_channel: no stack
[  516.694137][T12086] netlink: 'syz.3.1950': attribute type 10 has an invalid length.
[  516.794767][T12086] team0: Device wg1 is of different type
[  518.022761][T12123] netlink: 'syz.0.1961': attribute type 3 has an invalid length.
[  518.031496][T12123] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1961'.
[  518.124208][T12123] FAULT_INJECTION: forcing a failure.
[  518.124208][T12123] name failslab, interval 1, probability 0, space 0, times 0
[  518.155794][T12123] CPU: 0 PID: 12123 Comm: syz.0.1961 Not tainted syzkaller #0
[  518.163692][T12123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  518.173964][T12123] Call Trace:
[  518.177288][T12123]  <TASK>
[  518.180253][T12123]  dump_stack_lvl+0x18c/0x250
[  518.184983][T12123]  ? show_regs_print_info+0x20/0x20
[  518.190226][T12123]  ? lockdep_hardirqs_on+0x98/0x150
[  518.195476][T12123]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  518.201683][T12123]  should_fail_ex+0x39d/0x4d0
[  518.206390][T12123]  should_failslab+0x9/0x20
[  518.210918][T12123]  slab_pre_alloc_hook+0x59/0x310
[  518.215965][T12123]  ? __local_bh_enable_ip+0x13a/0x1c0
[  518.221451][T12123]  kmem_cache_alloc_node+0x60/0x320
[  518.226846][T12123]  ? __local_bh_enable_ip+0x13a/0x1c0
[  518.232317][T12123]  ? __alloc_skb+0x103/0x2c0
[  518.237025][T12123]  __alloc_skb+0x103/0x2c0
[  518.241481][T12123]  kcm_sendmsg+0x243a/0x28b0
[  518.246192][T12123]  ? __might_sleep+0xe0/0xe0
[  518.250841][T12123]  ? aa_af_perm+0x330/0x330
[  518.255461][T12123]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  518.261978][T12123]  ? kcm_getsockopt+0x280/0x280
[  518.266843][T12123]  ? aa_sock_msg_perm+0x94/0x150
[  518.271796][T12123]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  518.277094][T12123]  ? security_socket_sendmsg+0x80/0xa0
[  518.282566][T12123]  sock_write_iter+0x2df/0x420
[  518.287440][T12123]  ? sock_read_iter+0x3e0/0x3e0
[  518.292343][T12123]  ? common_file_perm+0x198/0x1f0
[  518.297389][T12123]  vfs_write+0x46c/0x990
[  518.301663][T12123]  ? file_end_write+0x250/0x250
[  518.306536][T12123]  ? __fget_files+0x43d/0x4b0
[  518.311330][T12123]  ? __fdget_pos+0x1d8/0x330
[  518.315951][T12123]  ? ksys_write+0x75/0x260
[  518.320386][T12123]  ksys_write+0x150/0x260
[  518.324742][T12123]  ? __ia32_sys_read+0x90/0x90
[  518.329529][T12123]  ? lockdep_hardirqs_on+0x98/0x150
[  518.334743][T12123]  do_syscall_64+0x55/0xa0
[  518.339175][T12123]  ? clear_bhb_loop+0x40/0x90
[  518.344499][T12123]  ? clear_bhb_loop+0x40/0x90
[  518.349191][T12123]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  518.355097][T12123] RIP: 0033:0x7f9eb219c819
[  518.359626][T12123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  518.379969][T12123] RSP: 002b:00007f9eb2f82028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  518.388593][T12123] RAX: ffffffffffffffda RBX: 00007f9eb2415fa0 RCX: 00007f9eb219c819
[  518.396693][T12123] RDX: 00000000fffffdef RSI: 0000200000000140 RDI: 0000000000000008
[  518.404759][T12123] RBP: 00007f9eb2f82090 R08: 0000000000000000 R09: 0000000000000000
[  518.412912][T12123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.420906][T12123] R13: 00007f9eb2416038 R14: 00007f9eb2415fa0 R15: 00007ffe045d19a8
[  518.428911][T12123]  </TASK>
[  519.573184][T12149] syzkaller0: entered promiscuous mode
[  519.580081][T12149] syzkaller0: entered allmulticast mode
[  524.973680][T12219] syzkaller0: entered promiscuous mode
[  524.986535][T12219] syzkaller0: entered allmulticast mode
[  529.267682][T12275] syzkaller0: entered promiscuous mode
[  529.283015][T12275] syzkaller0: entered allmulticast mode
[  533.122411][T12330] netlink: 'syz.0.2027': attribute type 10 has an invalid length.
[  534.714016][T12347] syzkaller0: entered promiscuous mode
[  534.755345][T12347] syzkaller0: entered allmulticast mode
[  538.055454][T12396] netlink: 'syz.0.2047': attribute type 3 has an invalid length.
[  538.063359][T12396] netlink: 'syz.0.2047': attribute type 9 has an invalid length.
[  538.227275][T12403] netlink: 'syz.3.2048': attribute type 21 has an invalid length.
[  538.602063][T12412] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2052'.
[  539.052203][T12423] syzkaller0: entered promiscuous mode
[  539.074367][T12423] syzkaller0: entered allmulticast mode
[  540.307078][ T5085] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  540.314868][ T5085] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  542.463826][ T5783] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  542.472073][ T5783] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  543.596950][T12483] syzkaller0: entered promiscuous mode
[  543.602506][T12483] syzkaller0: entered allmulticast mode
[  544.742684][ T5085] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  544.750790][ T5085] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  547.781757][T12500] netlink: 'syz.3.2078': attribute type 10 has an invalid length.
[  547.789978][T12500] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2078'.
[  549.603526][T12506] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  549.611378][T12506] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  551.220566][T12506] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  551.228912][T12506] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  551.433347][T12585] netlink: 'syz.0.2104': attribute type 29 has an invalid length.
[  551.473331][T12585] netlink: 'syz.0.2104': attribute type 29 has an invalid length.
[  551.497409][T12585] netlink: 'syz.0.2104': attribute type 29 has an invalid length.
[  551.513192][T12585] netlink: 'syz.0.2104': attribute type 29 has an invalid length.
[  551.535826][T12585] netlink: 'syz.0.2104': attribute type 1 has an invalid length.
[  551.543764][T12585] netlink: 157116 bytes leftover after parsing attributes in process `syz.0.2104'.
[  551.757672][T12585] netlink: 'syz.0.2104': attribute type 16 has an invalid length.
[  551.779768][T12585] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2104'.
[  551.816778][T12594] netlink: 'syz.0.2104': attribute type 29 has an invalid length.
[  551.829789][T12585] netlink: 'syz.0.2104': attribute type 29 has an invalid length.
[  552.062158][T12596] netlink: 'syz.2.2109': attribute type 10 has an invalid length.
[  552.104922][T12596] netlink: 55 bytes leftover after parsing attributes in process `syz.2.2109'.
[  552.604935][T12506] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  552.612773][T12506] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  553.640897][T12632] netlink: 'syz.2.2121': attribute type 29 has an invalid length.
[  553.675817][T12632] netlink: 'syz.2.2121': attribute type 29 has an invalid length.
[  553.702795][T12632] netlink: 'syz.2.2121': attribute type 29 has an invalid length.
[  553.741545][T12632] netlink: 'syz.2.2121': attribute type 29 has an invalid length.
[  553.785889][T12632] netlink: 'syz.2.2121': attribute type 1 has an invalid length.
[  553.812063][T12632] netlink: 157116 bytes leftover after parsing attributes in process `syz.2.2121'.
[  553.991953][T12637] netlink: 'syz.2.2121': attribute type 16 has an invalid length.
[  554.025367][T12637] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2121'.
[  554.047159][T12632] netlink: 'syz.2.2121': attribute type 29 has an invalid length.
[  554.101365][T12506] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  554.110285][T12637] netlink: 'syz.2.2121': attribute type 29 has an invalid length.
[  554.119719][T12506] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  554.638373][T12648] netlink: 'syz.1.2127': attribute type 10 has an invalid length.
[  554.715488][T12648] netlink: 'syz.1.2127': attribute type 10 has an invalid length.
[  554.774008][T12648] netlink: 209216 bytes leftover after parsing attributes in process `syz.1.2127'.
[  554.801466][T12648] openvswitch: netlink: Message has 4 unknown bytes.
[  555.940095][T12678] netlink: 157116 bytes leftover after parsing attributes in process `syz.3.2134'.
[  556.166755][T12680] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2134'.
[  556.428728][T12684] netlink: 11562 bytes leftover after parsing attributes in process `syz.2.2138'.
[  558.066878][T12711] netlink: 157116 bytes leftover after parsing attributes in process `syz.1.2149'.
[  558.234142][T12713] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2149'.
[  558.898071][T12719] netlink: 11562 bytes leftover after parsing attributes in process `syz.1.2151'.
[  559.052900][T12725] ref_ctr_offset mismatch. inode: 0xb96 offset: 0x0 ref_ctr_offset(old): 0x4 ref_ctr_offset(new): 0x2000000
[  559.660393][T12732] netlink: 135856 bytes leftover after parsing attributes in process `syz.3.2154'.
[  559.733478][T12732] netlink: 8442 bytes leftover after parsing attributes in process `syz.3.2154'.
[  559.798984][T12735] ref_ctr_offset mismatch. inode: 0xba1 offset: 0x0 ref_ctr_offset(old): 0x4 ref_ctr_offset(new): 0x0
[  561.286050][T12506] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  561.308162][T12506] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  561.320532][T12506] CPU: 0 PID: 12506 Comm: kworker/u5:0 Not tainted syzkaller #0
[  561.328455][T12506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  561.338622][T12506] Workqueue: hci1 hci_rx_work
[  561.343456][T12506] Call Trace:
[  561.346838][T12506]  <TASK>
[  561.349961][T12506]  dump_stack_lvl+0x18c/0x250
[  561.354891][T12506]  ? show_regs_print_info+0x20/0x20
[  561.360238][T12506]  ? load_image+0x400/0x400
[  561.364965][T12506]  sysfs_create_dir_ns+0x26e/0x2a0
[  561.370252][T12506]  ? sysfs_warn_dup+0xa0/0xa0
[  561.375074][T12506]  ? do_raw_spin_unlock+0x121/0x230
[  561.380438][T12506]  kobject_add_internal+0x61c/0xcc0
[  561.385823][T12506]  kobject_add+0x164/0x240
[  561.390376][T12506]  ? __rwlock_init+0x150/0x150
[  561.395294][T12506]  ? kobject_init+0x1e0/0x1e0
[  561.400106][T12506]  ? _raw_spin_unlock+0x28/0x40
[  561.405113][T12506]  ? get_device_parent+0x366/0x390
[  561.410389][T12506]  device_add+0x408/0xc20
[  561.414969][T12506]  hci_conn_add_sysfs+0xd5/0x1e0
[  561.420056][T12506]  le_conn_complete_evt+0xf5d/0x1540
[  561.425555][T12506]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  561.431898][T12506]  ? bt_info+0x180/0x180
[  561.436233][T12506]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  561.442075][T12506]  ? skb_pull_data+0xfb/0x200
[  561.446857][T12506]  hci_le_conn_complete_evt+0x187/0x440
[  561.452508][T12506]  ? hci_remote_host_features_evt+0x150/0x150
[  561.459088][T12506]  hci_event_packet+0x7ba/0x1270
[  561.464162][T12506]  ? bis_list+0x290/0x290
[  561.468670][T12506]  ? lockdep_hardirqs_on+0x98/0x150
[  561.473947][T12506]  ? hci_send_to_monitor+0xd7/0x4f0
[  561.479236][T12506]  hci_rx_work+0x43a/0xd60
[  561.483787][T12506]  ? process_scheduled_works+0x96f/0x15d0
[  561.489576][T12506]  process_scheduled_works+0xa5d/0x15d0
[  561.495408][T12506]  ? worker_attach_to_pool+0x380/0x380
[  561.501008][T12506]  ? assign_work+0x3d2/0x5d0
[  561.505803][T12506]  worker_thread+0xa55/0xfc0
[  561.511453][T12506]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  561.517604][T12506]  ? _raw_spin_unlock+0x40/0x40
[  561.522510][T12506]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  561.528578][T12506]  kthread+0x2fa/0x390
[  561.532714][T12506]  ? pr_cont_work+0x560/0x560
[  561.537465][T12506]  ? kthread_blkcg+0xd0/0xd0
[  561.542296][T12506]  ret_from_fork+0x48/0x80
[  561.546861][T12506]  ? kthread_blkcg+0xd0/0xd0
[  561.551521][T12506]  ret_from_fork_asm+0x11/0x20
[  561.556431][T12506]  </TASK>
[  561.565463][T12506] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  561.580167][T12506] Bluetooth: hci1: failed to register connection device
[  561.656030][T12764] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.2164'.
[  562.024177][T12776] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2168'.
[  562.083300][T12778] FAULT_INJECTION: forcing a failure.
[  562.083300][T12778] name failslab, interval 1, probability 0, space 0, times 0
[  562.097951][ T5783] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  562.105988][ T5783] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  562.115369][ T5783] CPU: 0 PID: 5783 Comm: kworker/u5:6 Not tainted syzkaller #0
[  562.123047][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  562.133134][ T5783] Workqueue: hci1 hci_rx_work
[  562.137847][ T5783] Call Trace:
[  562.141141][ T5783]  <TASK>
[  562.144088][ T5783]  dump_stack_lvl+0x18c/0x250
[  562.148801][ T5783]  ? show_regs_print_info+0x20/0x20
[  562.154023][ T5783]  ? load_image+0x400/0x400
[  562.158565][ T5783]  sysfs_create_dir_ns+0x26e/0x2a0
[  562.163694][ T5783]  ? sysfs_warn_dup+0xa0/0xa0
[  562.168382][ T5783]  ? do_raw_spin_unlock+0x121/0x230
[  562.173777][ T5783]  kobject_add_internal+0x61c/0xcc0
[  562.179001][ T5783]  kobject_add+0x164/0x240
[  562.183429][ T5783]  ? __rwlock_init+0x150/0x150
[  562.188229][ T5783]  ? kobject_init+0x1e0/0x1e0
[  562.193094][ T5783]  ? _raw_spin_unlock+0x28/0x40
[  562.197966][ T5783]  ? get_device_parent+0x366/0x390
[  562.203095][ T5783]  device_add+0x408/0xc20
[  562.207454][ T5783]  hci_conn_add_sysfs+0xd5/0x1e0
[  562.212433][ T5783]  le_conn_complete_evt+0xf5d/0x1540
[  562.217839][ T5783]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  562.224090][ T5783]  ? bt_info+0x180/0x180
[  562.228366][ T5783]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  562.234190][ T5783]  ? skb_pull_data+0xfb/0x200
[  562.238937][ T5783]  hci_le_conn_complete_evt+0x187/0x440
[  562.244599][ T5783]  ? hci_remote_host_features_evt+0x150/0x150
[  562.250769][ T5783]  hci_event_packet+0x7ba/0x1270
[  562.255732][ T5783]  ? bis_list+0x290/0x290
[  562.260165][ T5783]  ? lockdep_hardirqs_on+0x98/0x150
[  562.265386][ T5783]  ? hci_send_to_monitor+0xd7/0x4f0
[  562.270681][ T5783]  hci_rx_work+0x43a/0xd60
[  562.275184][ T5783]  ? process_scheduled_works+0x96f/0x15d0
[  562.281026][ T5783]  process_scheduled_works+0xa5d/0x15d0
[  562.286704][ T5783]  ? worker_attach_to_pool+0x380/0x380
[  562.292354][ T5783]  ? assign_work+0x3d2/0x5d0
[  562.296977][ T5783]  worker_thread+0xa55/0xfc0
[  562.301698][ T5783]  kthread+0x2fa/0x390
[  562.305928][ T5783]  ? pr_cont_work+0x560/0x560
[  562.310621][ T5783]  ? kthread_blkcg+0xd0/0xd0
[  562.315318][ T5783]  ret_from_fork+0x48/0x80
[  562.319749][ T5783]  ? kthread_blkcg+0xd0/0xd0
[  562.324350][ T5783]  ret_from_fork_asm+0x11/0x20
[  562.329151][ T5783]  </TASK>
[  562.344022][T12778] CPU: 1 PID: 12778 Comm: syz.0.2169 Not tainted syzkaller #0
[  562.344196][ T5783] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  562.351536][T12778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  562.351554][T12778] Call Trace:
[  562.351564][T12778]  <TASK>
[  562.351573][T12778]  dump_stack_lvl+0x18c/0x250
[  562.351612][T12778]  ? show_regs_print_info+0x20/0x20
[  562.351639][T12778]  ? load_image+0x400/0x400
[  562.351670][T12778]  ? __might_sleep+0xe0/0xe0
[  562.351695][T12778]  ? __lock_acquire+0x7d40/0x7d40
[  562.351719][T12778]  ? lockdep_hardirqs_on+0x98/0x150
[  562.351745][T12778]  should_fail_ex+0x39d/0x4d0
[  562.351780][T12778]  should_failslab+0x9/0x20
[  562.351807][T12778]  slab_pre_alloc_hook+0x59/0x310
[  562.351838][T12778]  ? __get_vm_area_node+0x125/0x370
[  562.351874][T12778]  __kmem_cache_alloc_node+0x53/0x250
[  562.351907][T12778]  ? __get_vm_area_node+0x125/0x370
[  562.351933][T12778]  kmalloc_node_trace+0x26/0xe0
[  562.351966][T12778]  __get_vm_area_node+0x125/0x370
[  562.352001][T12778]  __vmalloc_node_range+0x36e/0x1330
[  562.352028][T12778]  ? netlink_sendmsg+0x602/0xbf0
[  562.352057][T12778]  ? netlink_insert+0x109f/0x13a0
[  562.352104][T12778]  ? netlink_data_ready+0x10/0x10
[  562.366411][ T5783] Bluetooth: hci1: failed to register connection device
[  562.376493][T12778]  ? free_vm_area+0x50/0x50
[  562.376543][T12778]  ? netlink_sendmsg+0x602/0xbf0
[  562.376573][T12778]  vmalloc+0x79/0x90
[  562.493193][T12778]  ? netlink_sendmsg+0x602/0xbf0
[  562.498246][T12778]  netlink_sendmsg+0x602/0xbf0
[  562.503024][T12778]  ? perf_trace_lock+0x304/0x3b0
[  562.508026][T12778]  ? netlink_getsockopt+0x590/0x590
[  562.513245][T12778]  ? aa_sock_msg_perm+0x94/0x150
[  562.518226][T12778]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  562.523554][T12778]  ? security_socket_sendmsg+0x80/0xa0
[  562.529056][T12778]  ? netlink_getsockopt+0x590/0x590
[  562.534325][T12778]  ____sys_sendmsg+0x5ba/0x960
[  562.539213][T12778]  ? __asan_memset+0x22/0x40
[  562.543826][T12778]  ? __sys_sendmsg_sock+0x30/0x30
[  562.548860][T12778]  ? __import_iovec+0x5f2/0x850
[  562.553726][T12778]  ? import_iovec+0x73/0xa0
[  562.558251][T12778]  ___sys_sendmsg+0x2a6/0x360
[  562.562954][T12778]  ? __sys_sendmsg+0x2a0/0x2a0
[  562.567746][T12778]  ? __lock_acquire+0x7d40/0x7d40
[  562.572808][T12778]  __se_sys_sendmsg+0x1c2/0x2b0
[  562.577671][T12778]  ? __x64_sys_sendmsg+0x80/0x80
[  562.582631][T12778]  ? lockdep_hardirqs_on+0x98/0x150
[  562.587930][T12778]  do_syscall_64+0x55/0xa0
[  562.592372][T12778]  ? clear_bhb_loop+0x40/0x90
[  562.597060][T12778]  ? clear_bhb_loop+0x40/0x90
[  562.601767][T12778]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  562.607675][T12778] RIP: 0033:0x7f9eb219c819
[  562.612194][T12778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  562.631988][T12778] RSP: 002b:00007f9eb2f82028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  562.640419][T12778] RAX: ffffffffffffffda RBX: 00007f9eb2415fa0 RCX: 00007f9eb219c819
[  562.648486][T12778] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  562.656470][T12778] RBP: 00007f9eb2f82090 R08: 0000000000000000 R09: 0000000000000000
[  562.664472][T12778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.672477][T12778] R13: 00007f9eb2416038 R14: 00007f9eb2415fa0 R15: 00007ffe045d19a8
[  562.680500][T12778]  </TASK>
[  562.738635][T12778] syz.0.2169: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[  562.845570][T12778] CPU: 1 PID: 12778 Comm: syz.0.2169 Not tainted syzkaller #0
[  562.853116][T12778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  562.863224][T12778] Call Trace:
[  562.866539][T12778]  <TASK>
[  562.869498][T12778]  dump_stack_lvl+0x18c/0x250
[  562.874224][T12778]  ? show_regs_print_info+0x20/0x20
[  562.879465][T12778]  ? load_image+0x400/0x400
[  562.884006][T12778]  ? __rcu_read_unlock+0x7c/0xd0
[  562.888980][T12778]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  562.895435][T12778]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  562.901973][T12778]  warn_alloc+0x246/0x340
[  562.906360][T12778]  ? __get_vm_area_node+0x125/0x370
[  562.911706][T12778]  ? zone_watermark_ok_safe+0x230/0x230
[  562.917391][T12778]  ? rcu_is_watching+0x15/0xb0
[  562.922290][T12778]  ? __get_vm_area_node+0x356/0x370
[  562.927538][T12778]  __vmalloc_node_range+0x393/0x1330
[  562.932869][T12778]  ? netlink_insert+0x109f/0x13a0
[  562.937966][T12778]  ? netlink_data_ready+0x10/0x10
[  562.943035][T12778]  ? free_vm_area+0x50/0x50
[  562.947597][T12778]  ? netlink_sendmsg+0x602/0xbf0
[  562.952660][T12778]  vmalloc+0x79/0x90
[  562.956592][T12778]  ? netlink_sendmsg+0x602/0xbf0
[  562.961571][T12778]  netlink_sendmsg+0x602/0xbf0
[  562.966454][T12778]  ? perf_trace_lock+0x304/0x3b0
[  562.971437][T12778]  ? netlink_getsockopt+0x590/0x590
[  562.976783][T12778]  ? aa_sock_msg_perm+0x94/0x150
[  562.981777][T12778]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  562.987118][T12778]  ? security_socket_sendmsg+0x80/0xa0
[  562.992699][T12778]  ? netlink_getsockopt+0x590/0x590
[  562.997953][T12778]  ____sys_sendmsg+0x5ba/0x960
[  563.002763][T12778]  ? __asan_memset+0x22/0x40
[  563.007404][T12778]  ? __sys_sendmsg_sock+0x30/0x30
[  563.012475][T12778]  ? __import_iovec+0x5f2/0x850
[  563.017372][T12778]  ? import_iovec+0x73/0xa0
[  563.021955][T12778]  ___sys_sendmsg+0x2a6/0x360
[  563.026685][T12778]  ? __sys_sendmsg+0x2a0/0x2a0
[  563.031509][T12778]  ? __lock_acquire+0x7d40/0x7d40
[  563.036610][T12778]  __se_sys_sendmsg+0x1c2/0x2b0
[  563.041518][T12778]  ? __x64_sys_sendmsg+0x80/0x80
[  563.046609][T12778]  ? lockdep_hardirqs_on+0x98/0x150
[  563.051870][T12778]  do_syscall_64+0x55/0xa0
[  563.056335][T12778]  ? clear_bhb_loop+0x40/0x90
[  563.061053][T12778]  ? clear_bhb_loop+0x40/0x90
[  563.065767][T12778]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  563.071700][T12778] RIP: 0033:0x7f9eb219c819
[  563.076147][T12778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  563.096059][T12778] RSP: 002b:00007f9eb2f82028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  563.104948][T12778] RAX: ffffffffffffffda RBX: 00007f9eb2415fa0 RCX: 00007f9eb219c819
[  563.113034][T12778] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  563.121209][T12778] RBP: 00007f9eb2f82090 R08: 0000000000000000 R09: 0000000000000000
[  563.129213][T12778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.137561][T12778] R13: 00007f9eb2416038 R14: 00007f9eb2415fa0 R15: 00007ffe045d19a8
[  563.145670][T12778]  </TASK>
[  563.201813][T12776] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2168'.
[  563.221293][T12781] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2168'.
[  563.251532][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  563.259023][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  563.374218][T12778] Mem-Info:
[  563.493872][T12778] active_anon:5485 inactive_anon:0 isolated_anon:0
[  563.493872][T12778]  active_file:18451 inactive_file:40116 isolated_file:0
[  563.493872][T12778]  unevictable:768 dirty:189 writeback:0
[  563.493872][T12778]  slab_reclaimable:10359 slab_unreclaimable:91988
[  563.493872][T12778]  mapped:24855 shmem:1361 pagetables:510
[  563.493872][T12778]  sec_pagetables:0 bounce:0
[  563.493872][T12778]  kernel_misc_reclaimable:0
[  563.493872][T12778]  free:1343451 free_pcp:12201 free_cma:0
[  563.550471][T12778] Node 0 active_anon:21940kB inactive_anon:0kB active_file:73804kB inactive_file:160260kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99420kB dirty:756kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9868kB pagetables:2040kB sec_pagetables:0kB all_unreclaimable? no
[  563.595275][T12778] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  563.630663][T12778] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  563.632173][ T5783] Bluetooth: hci1: command 0x0406 tx timeout
[  563.670860][T12778] lowmem_reserve[]: 0 2521 2522 2522 2522
[  563.676768][T12778] Node 0 DMA32 free:1460876kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21904kB inactive_anon:0kB active_file:73804kB inactive_file:159432kB unevictable:1536kB writepending:756kB present:3129332kB managed:2586956kB mlocked:0kB bounce:0kB free_pcp:32072kB local_pcp:15800kB free_cma:0kB
[  563.709051][T12778] lowmem_reserve[]: 0 0 0 0 0
[  563.713833][T12778] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  563.740723][T12778] lowmem_reserve[]: 0 0 0 0 0
[  563.745568][T12778] Node 1 Normal free:3897432kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16960kB local_pcp:11296kB free_cma:0kB
[  563.779481][T12778] lowmem_reserve[]: 0 0 0 0 0
[  563.806135][T12778] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  563.819946][T12784] validate_nla: 10 callbacks suppressed
[  563.819980][T12784] netlink: 'syz.1.2170': attribute type 21 has an invalid length.
[  563.820844][T12778] Node 0 DMA32: 1773*4kB (UME) 1415*8kB (UME) 896*16kB (UME) 854*32kB (UME) 433*64kB (UME) 93*128kB (UME) 18*256kB (UME) 23*512kB (UME) 7*1024kB (M) 3*2048kB (UM) 325*4096kB (UM) = 1460588kB
[  563.854633][T12778] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  563.866291][T12784] netlink: 'syz.1.2170': attribute type 4 has an invalid length.
[  563.874904][T12778] Node 1 Normal: 232*4kB (UM) 47*8kB (UME) 36*16kB (UME) 108*32kB (UME) 36*64kB (UE) 11*128kB (UME) 1*256kB (U) 2*512kB (ME) 2*1024kB (UE) 1*2048kB (E) 948*4096kB (M) = 3897432kB
[  563.875128][T12778] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  563.875147][T12778] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  563.875162][T12778] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  563.875180][T12778] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  563.875196][T12778] 59928 total pagecache pages
[  563.875204][T12778] 0 pages in swap cache
[  563.877050][T12778] Free swap  = 124996kB
[  563.877061][T12778] Total swap = 124996kB
[  563.877070][T12778] 2097051 pages RAM
[  563.877078][T12778] 0 pages HighMem/MovableOnly
[  563.877085][T12778] 416926 pages reserved
[  563.877093][T12778] 0 pages cma reserved
[  563.934561][T12792] netlink: 'syz.3.2174': attribute type 10 has an invalid length.
[  563.941911][T12784] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2170'.
[  563.974402][T12792] netlink: 'syz.3.2174': attribute type 10 has an invalid length.
[  564.135511][T12792] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.2174'.
[  564.146064][T12792] openvswitch: netlink: Message has 4 unknown bytes.
[  565.180901][T12805] netlink: 11562 bytes leftover after parsing attributes in process `syz.3.2180'.
[  565.699527][ T5783] Bluetooth: hci1: command 0x0406 tx timeout
[  565.711908][T12823] netlink: 16054 bytes leftover after parsing attributes in process `syz.1.2184'.
[  565.807936][T12826] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2184'.
[  565.860159][T12826] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2184'.
[  565.911020][T12823] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2184'.
[  565.930280][T12821] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2184'.
[  566.085391][ T5783] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  566.093594][ T5783] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  566.103932][ T5783] CPU: 1 PID: 5783 Comm: kworker/u5:6 Not tainted syzkaller #0
[  566.111513][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  566.121601][ T5783] Workqueue: hci3 hci_rx_work
[  566.126330][ T5783] Call Trace:
[  566.129635][ T5783]  <TASK>
[  566.132589][ T5783]  dump_stack_lvl+0x18c/0x250
[  566.137313][ T5783]  ? show_regs_print_info+0x20/0x20
[  566.142549][ T5783]  ? load_image+0x400/0x400
[  566.147201][ T5783]  sysfs_create_dir_ns+0x26e/0x2a0
[  566.152346][ T5783]  ? sysfs_warn_dup+0xa0/0xa0
[  566.157089][ T5783]  ? do_raw_spin_unlock+0x121/0x230
[  566.162416][ T5783]  kobject_add_internal+0x61c/0xcc0
[  566.167657][ T5783]  kobject_add+0x164/0x240
[  566.172101][ T5783]  ? __rwlock_init+0x150/0x150
[  566.176902][ T5783]  ? kobject_init+0x1e0/0x1e0
[  566.181614][ T5783]  ? _raw_spin_unlock+0x28/0x40
[  566.186505][ T5783]  ? get_device_parent+0x366/0x390
[  566.191657][ T5783]  device_add+0x408/0xc20
[  566.196025][ T5783]  hci_conn_add_sysfs+0xd5/0x1e0
[  566.201008][ T5783]  le_conn_complete_evt+0xf5d/0x1540
[  566.206354][ T5783]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  566.212724][ T5783]  ? bt_info+0x180/0x180
[  566.217012][ T5783]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  566.222671][ T5783]  ? skb_pull_data+0xfb/0x200
[  566.227379][ T5783]  hci_le_conn_complete_evt+0x187/0x440
[  566.232944][ T5783]  ? hci_remote_host_features_evt+0x150/0x150
[  566.239021][ T5783]  hci_event_packet+0x7ba/0x1270
[  566.244142][ T5783]  ? bis_list+0x290/0x290
[  566.248492][ T5783]  ? lockdep_hardirqs_on+0x98/0x150
[  566.253705][ T5783]  ? hci_send_to_monitor+0xd7/0x4f0
[  566.258945][ T5783]  hci_rx_work+0x43a/0xd60
[  566.263393][ T5783]  ? process_scheduled_works+0x96f/0x15d0
[  566.269130][ T5783]  process_scheduled_works+0xa5d/0x15d0
[  566.274716][ T5783]  ? worker_attach_to_pool+0x380/0x380
[  566.280194][ T5783]  ? assign_work+0x3d2/0x5d0
[  566.284802][ T5783]  worker_thread+0xa55/0xfc0
[  566.289440][ T5783]  kthread+0x2fa/0x390
[  566.293517][ T5783]  ? pr_cont_work+0x560/0x560
[  566.298208][ T5783]  ? kthread_blkcg+0xd0/0xd0
[  566.302812][ T5783]  ret_from_fork+0x48/0x80
[  566.307247][ T5783]  ? kthread_blkcg+0xd0/0xd0
[  566.311845][ T5783]  ret_from_fork_asm+0x11/0x20
[  566.316636][ T5783]  </TASK>
[  566.328541][ T5783] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  566.343720][ T5783] Bluetooth: hci3: failed to register connection device
[  566.547357][T12837] netlink: 'syz.2.2188': attribute type 10 has an invalid length.
[  566.566622][T12837] netlink: 'syz.2.2188': attribute type 10 has an invalid length.
[  566.574611][T12837] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.2188'.
[  566.614954][T12837] openvswitch: netlink: Message has 4 unknown bytes.
[  567.360941][T12853] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2192'.
[  568.418080][T12506] Bluetooth: hci3: command 0x0406 tx timeout
[  568.550365][T12887] netlink: 'syz.1.2203': attribute type 10 has an invalid length.
[  568.564728][T12887] vlan1: entered promiscuous mode
[  568.572018][T12887] batman_adv: batadv0: Adding interface: vlan1
[  568.578781][T12887] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  568.616588][T12887] batman_adv: batadv0: Interface activated: vlan1
[  570.455083][T12925] netlink: 'syz.3.2216': attribute type 10 has an invalid length.
[  570.472988][T12925] __nla_validate_parse: 5 callbacks suppressed
[  570.473005][T12925] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2216'.
[  571.562262][T12952] netlink: 135856 bytes leftover after parsing attributes in process `syz.1.2225'.
[  571.587835][T12952] netlink: 8442 bytes leftover after parsing attributes in process `syz.1.2225'.
[  574.393763][T13022] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2248'.
[  574.423533][T13022] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2248'.
[  574.477373][T13022] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2248'.
[  576.213602][T13055] netlink: 'syz.0.2260': attribute type 20 has an invalid length.
[  576.887353][T13063] netlink: 'syz.0.2264': attribute type 9 has an invalid length.
[  576.905398][T13063] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2264'.
[  577.359480][T13068] netlink: 'syz.0.2264': attribute type 9 has an invalid length.
[  577.404478][T13068] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2264'.
[  577.780881][T13062] delete_channel: no stack
[  578.536709][T13088] netlink: 'syz.0.2271': attribute type 10 has an invalid length.
[  578.544617][T13088] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2271'.
[  578.776179][T13088] team0: Port device virt_wifi0 added
[  583.629457][T13132] netlink: 'syz.3.2286': attribute type 28 has an invalid length.
[  583.655774][T13132] netlink: 'syz.3.2286': attribute type 29 has an invalid length.
[  583.663821][T13132] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2286'.
[  586.335885][T13177] netlink: 208064 bytes leftover after parsing attributes in process `syz.0.2299'.
[  586.371278][T13177] netlink: 'syz.0.2299': attribute type 1 has an invalid length.
[  588.198357][T13209] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2313'.
[  591.336704][T13268] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2332'.
[  591.568039][ T5783] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  591.579666][ T5783] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  591.588743][ T5783] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  591.601595][ T5783] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  591.611467][ T5783] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  591.619833][ T5783] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  592.163208][   T39] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.499563][   T39] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.620182][   T39] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.684315][T13270] chnl_net:caif_netlink_parms(): no params data found
[  592.861642][   T39] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.448607][T13270] bridge0: port 1(bridge_slave_0) entered blocking state
[  593.509309][T13270] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.573023][T13270] bridge_slave_0: entered allmulticast mode
[  593.640375][T13270] bridge_slave_0: entered promiscuous mode
[  593.677901][T13270] bridge0: port 2(bridge_slave_1) entered blocking state
[  593.697573][T13270] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.698942][T12506] Bluetooth: hci4: command tx timeout
[  593.705534][T13270] bridge_slave_1: entered allmulticast mode
[  593.718205][T13270] bridge_slave_1: entered promiscuous mode
[  593.892227][T13270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  593.942189][T13270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  594.302880][T13270] team0: Port device team_slave_0 added
[  594.571712][T13270] team0: Port device team_slave_1 added
[  594.799065][T13270] batman_adv: batadv0: Adding interface: batadv_slave_0
[  594.809187][T13270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.872452][T13270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  595.081664][T13270] batman_adv: batadv0: Adding interface: batadv_slave_1
[  595.098607][T13270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.168003][T13270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  595.718756][T13270] hsr_slave_0: entered promiscuous mode
[  595.764800][T13270] hsr_slave_1: entered promiscuous mode
[  595.777339][T12506] Bluetooth: hci4: command tx timeout
[  595.807271][T13270] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  595.841457][T13270] Cannot create hsr debugfs directory
[  596.681322][T13360] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2355'.
[  597.032725][T13360] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  597.715441][   T39] 
[  597.717840][   T39] ======================================================
[  597.724883][   T39] WARNING: possible circular locking dependency detected
[  597.732020][   T39] syzkaller #0 Not tainted
[  597.736546][   T39] ------------------------------------------------------
[  597.743750][   T39] kworker/u4:2/39 is trying to acquire lock:
[  597.750013][   T39] ffff88802bac4d00 (team->team_lock_key#3){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[  597.759643][   T39] 
[  597.759643][   T39] but task is already holding lock:
[  597.767034][   T39] ffff888023b78768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  597.777408][   T39] 
[  597.777408][   T39] which lock already depends on the new lock.
[  597.777408][   T39] 
[  597.787852][   T39] 
[  597.787852][   T39] the existing dependency chain (in reverse order) is:
[  597.796904][   T39] 
[  597.796904][   T39] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[  597.804687][   T39]        __mutex_lock+0x136/0xcc0
[  597.809842][   T39]        ieee80211_open+0x144/0x200
[  597.815165][   T39]        __dev_open+0x2cb/0x430
[  597.820152][   T39]        dev_open+0xab/0x190
[  597.825208][   T39]        team_add_slave+0x75f/0x29a0
[  597.830796][   T39]        do_setlink+0xdfe/0x4130
[  597.835836][   T39]        rtnl_newlink+0x17da/0x20a0
[  597.841045][   T39]        rtnetlink_rcv_msg+0x869/0xfa0
[  597.846513][   T39]        netlink_rcv_skb+0x241/0x4d0
[  597.851830][   T39]        netlink_unicast+0x751/0x8d0
[  597.857134][   T39]        netlink_sendmsg+0x8d0/0xbf0
[  597.862704][   T39]        ____sys_sendmsg+0x5ba/0x960
[  597.867999][   T39]        ___sys_sendmsg+0x2a6/0x360
[  597.873216][   T39]        __se_sys_sendmsg+0x1c2/0x2b0
[  597.878861][   T39]        do_syscall_64+0x55/0xa0
[  597.883826][   T39]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  597.890258][   T39] 
[  597.890258][   T39] -> #0 (team->team_lock_key#3){+.+.}-{3:3}:
[  597.898450][   T39]        __lock_acquire+0x2df1/0x7d40
[  597.903866][   T39]        lock_acquire+0x19e/0x420
[  597.909620][   T39]        __mutex_lock+0x136/0xcc0
[  597.914939][   T39]        team_del_slave+0x32/0x1c0
[  597.920089][   T39]        team_device_event+0x28d/0xa20
[  597.925569][   T39]        notifier_call_chain+0x197/0x380
[  597.931220][   T39]        unregister_netdevice_many_notify+0x100d/0x1900
[  597.938237][   T39]        unregister_netdevice_queue+0x32c/0x370
[  597.944590][   T39]        _cfg80211_unregister_wdev+0x16b/0x580
[  597.950777][   T39]        ieee80211_remove_interfaces+0x49e/0x690
[  597.957200][   T39]        ieee80211_unregister_hw+0x5d/0x2a0
[  597.963122][   T39]        mac80211_hwsim_del_radio+0x289/0x480
[  597.969246][   T39]        hwsim_exit_net+0x58d/0x650
[  597.974635][   T39]        cleanup_net+0x70a/0xbb0
[  597.979588][   T39]        process_scheduled_works+0xa5d/0x15d0
[  597.985778][   T39]        worker_thread+0xa55/0xfc0
[  597.990914][   T39]        kthread+0x2fa/0x390
[  597.995513][   T39]        ret_from_fork+0x48/0x80
[  598.000516][   T39]        ret_from_fork_asm+0x11/0x20
[  598.006084][   T39] 
[  598.006084][   T39] other info that might help us debug this:
[  598.006084][   T39] 
[  598.016402][   T39]  Possible unsafe locking scenario:
[  598.016402][   T39] 
[  598.024117][   T39]        CPU0                    CPU1
[  598.029493][   T39]        ----                    ----
[  598.034859][   T39]   lock(&rdev->wiphy.mtx);
[  598.039373][   T39]                                lock(team->team_lock_key#3);
[  598.046937][   T39]                                lock(&rdev->wiphy.mtx);
[  598.054058][   T39]   lock(team->team_lock_key#3);
[  598.059016][   T39] 
[  598.059016][   T39]  *** DEADLOCK ***
[  598.059016][   T39] 
[  598.067334][   T39] 5 locks held by kworker/u4:2/39:
[  598.072452][   T39]  #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  598.083444][   T39]  #1: ffffc90000affd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  598.094214][   T39]  #2: ffffffff8e3b4950 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0
[  598.103721][   T39]  #3: ffffffff8e3c1988 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[  598.113754][   T39]  #4: ffff888023b78768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  598.124655][   T39] 
[  598.124655][   T39] stack backtrace:
[  598.130643][   T39] CPU: 0 PID: 39 Comm: kworker/u4:2 Not tainted syzkaller #0
[  598.138024][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  598.148263][   T39] Workqueue: netns cleanup_net
[  598.153045][   T39] Call Trace:
[  598.156419][   T39]  <TASK>
[  598.159362][   T39]  dump_stack_lvl+0x18c/0x250
[  598.164063][   T39]  ? load_image+0x400/0x400
[  598.168582][   T39]  ? show_regs_print_info+0x20/0x20
[  598.173807][   T39]  ? print_circular_bug+0x12b/0x1a0
[  598.179110][   T39]  check_noncircular+0x2fc/0x400
[  598.184066][   T39]  ? print_deadlock_bug+0x5d0/0x5d0
[  598.189276][   T39]  ? lockdep_lock+0xf5/0x230
[  598.193877][   T39]  ? __lock_acquire+0x1273/0x7d40
[  598.198918][   T39]  ? _find_first_zero_bit+0xd3/0x100
[  598.204234][   T39]  __lock_acquire+0x2df1/0x7d40
[  598.209110][   T39]  ? verify_lock_unused+0x140/0x140
[  598.214324][   T39]  ? verify_lock_unused+0x140/0x140
[  598.219719][   T39]  lock_acquire+0x19e/0x420
[  598.224237][   T39]  ? team_del_slave+0x32/0x1c0
[  598.229027][   T39]  ? __might_sleep+0xe0/0xe0
[  598.233735][   T39]  ? read_lock_is_recursive+0x20/0x20
[  598.239163][   T39]  __mutex_lock+0x136/0xcc0
[  598.243709][   T39]  ? team_del_slave+0x32/0x1c0
[  598.248497][   T39]  ? __lock_acquire+0x7d40/0x7d40
[  598.253550][   T39]  ? rcu_is_watching+0x15/0xb0
[  598.258429][   T39]  ? trace_contention_end+0x39/0xe0
[  598.263700][   T39]  ? __mutex_lock+0x315/0xcc0
[  598.268482][   T39]  ? team_del_slave+0x32/0x1c0
[  598.273266][   T39]  ? mutex_lock_nested+0x20/0x20
[  598.278221][   T39]  ? bond_netdev_event+0xeb/0xf20
[  598.283283][   T39]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  598.289041][   T39]  team_del_slave+0x32/0x1c0
[  598.293836][   T39]  team_device_event+0x28d/0xa20
[  598.298791][   T39]  notifier_call_chain+0x197/0x380
[  598.303928][   T39]  unregister_netdevice_many_notify+0x100d/0x1900
[  598.310357][   T39]  ? lock_chain_count+0x20/0x20
[  598.315227][   T39]  ? unregister_netdevice_many+0x20/0x20
[  598.320880][   T39]  ? kernfs_remove_by_name_ns+0x117/0x150
[  598.327082][   T39]  ? __lock_acquire+0x7d40/0x7d40
[  598.332348][   T39]  unregister_netdevice_queue+0x32c/0x370
[  598.338110][   T39]  ? list_netdevice+0x730/0x730
[  598.343021][   T39]  ? kernfs_remove_by_name_ns+0x117/0x150
[  598.348766][   T39]  _cfg80211_unregister_wdev+0x16b/0x580
[  598.354700][   T39]  ieee80211_remove_interfaces+0x49e/0x690
[  598.360624][   T39]  ? ieee80211_do_stop+0x1e20/0x1e20
[  598.365927][   T39]  ? rcu_is_watching+0x15/0xb0
[  598.370803][   T39]  ieee80211_unregister_hw+0x5d/0x2a0
[  598.376401][   T39]  mac80211_hwsim_del_radio+0x289/0x480
[  598.382140][   T39]  ? rhashtable_remove_fast+0xc00/0xc00
[  598.387799][   T39]  hwsim_exit_net+0x58d/0x650
[  598.392489][   T39]  ? hwsim_init_net+0x90/0x90
[  598.397266][   T39]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[  598.403182][   T39]  cleanup_net+0x70a/0xbb0
[  598.407619][   T39]  ? ops_free_list+0x3b0/0x3b0
[  598.412401][   T39]  ? _raw_spin_unlock_irq+0x23/0x50
[  598.417614][   T39]  ? process_scheduled_works+0x96f/0x15d0
[  598.423364][   T39]  ? process_scheduled_works+0x96f/0x15d0
[  598.429100][   T39]  process_scheduled_works+0xa5d/0x15d0
[  598.435661][   T39]  ? worker_attach_to_pool+0x380/0x380
[  598.441221][   T39]  ? assign_work+0x3d2/0x5d0
[  598.445825][   T39]  worker_thread+0xa55/0xfc0
[  598.450442][   T39]  kthread+0x2fa/0x390
[  598.454543][   T39]  ? pr_cont_work+0x560/0x560
[  598.459320][   T39]  ? kthread_blkcg+0xd0/0xd0
[  598.463922][   T39]  ret_from_fork+0x48/0x80
[  598.468349][   T39]  ? kthread_blkcg+0xd0/0xd0
[  598.472947][   T39]  ret_from_fork_asm+0x11/0x20
[  598.477732][   T39]  </TASK>
[  598.505690][T12506] Bluetooth: hci4: command tx timeout
[  598.534218][   T39] team0: Port device wlan1 removed
[  598.780221][T13270] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  598.790923][T13270] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  598.802994][T13270] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  598.814860][T13270] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  598.907149][T13270] 8021q: adding VLAN 0 to HW filter on device bond0
[  598.932175][T13270] 8021q: adding VLAN 0 to HW filter on device team0
[  598.949901][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.957393][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  598.979800][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.987205][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  599.201271][T13270] 8021q: adding VLAN 0 to HW filter on device batadv0
[  599.253135][T13270] veth0_vlan: entered promiscuous mode
[  599.272427][T13270] veth1_vlan: entered promiscuous mode
[  599.307721][T13270] veth0_macvtap: entered promiscuous mode
[  599.324058][T13270] veth1_macvtap: entered promiscuous mode
[  599.341694][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  599.352352][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.362389][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  599.373357][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.383603][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  599.394435][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.408870][T13270] batman_adv: batadv0: Interface activated: batadv_slave_0
[  599.423494][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.436398][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.448240][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.460110][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.470796][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.481440][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.491464][T13270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  599.502236][T13270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  599.518985][T13270] batman_adv: batadv0: Interface activated: batadv_slave_1
[  599.531122][T13270] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  599.542866][T13270] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  599.552416][T13270] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  599.561669][T13270] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  599.627608][T13270] ieee80211 phy22: Selected rate control algorithm 'minstrel_ht'
[  599.665588][ T4891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  599.678624][T13270] ieee80211 phy23: Selected rate control algorithm 'minstrel_ht'
[  599.690632][ T4891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  599.733243][ T4891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  599.742522][ T4891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.120013][   T39] hsr_slave_0: left promiscuous mode
[  600.126195][   T39] hsr_slave_1: left promiscuous mode
[  600.132039][   T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  600.139866][   T39] batman_adv: batadv0: Removing interface: batadv_slave_0
[  600.147917][   T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  600.155530][   T39] batman_adv: batadv0: Removing interface: batadv_slave_1
[  600.164260][   T39] veth0_macvtap: left promiscuous mode
[  600.267686][   T39] team0 (unregistering): Port device virt_wifi0 removed
[  600.341188][   T39] team0 (unregistering): Port device team_slave_1 removed
[  600.373943][   T39] team0 (unregistering): Port device C removed
[  600.401188][   T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  600.409992][   T39] bond_slave_1 (unregistering): left promiscuous mode
[  600.436781][   T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  600.449010][   T39] bond_slave_0 (unregistering): left promiscuous mode
[  600.575483][T12506] Bluetooth: hci4: command tx timeout
[  600.592531][   T39] bond0 (unregistering): Released all slaves