last executing test programs:

2.719164112s ago: executing program 3 (id=2178):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x6, 0x24, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000071113d00000000008510000002000000850000000500000095000000000000009500a505000000009d626e70e9673322c7b85ffaf65c66ad587d51e8e0c4dfe91759b3f0f9f5ae8e3f9b82270eae11be2c6b3322403a0e3a6ac538f90427f5672fe15e688d62cec17c4a6f411694008948951a47de9b1a3edb8696448c0169532ec1422053b8636554129da48fa59cffe396b8d33b1e214015bc797bea7bc32a0dd1b228af1f0a"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

2.527006738s ago: executing program 3 (id=2181):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x2422, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_config_ext={0x8, 0x7}, 0x1102d1, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYRES8, @ANYRES8=r0], 0x12)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000002c0))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18f5a1000000000000000000030000004f100500000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x40}, 0x94)
socketpair(0x1, 0x801, 0x0, 0x0)
close(0xffffffffffffffff)
socket$kcm(0x10, 0x400000007, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x0)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x17, &(0x7f0000000200), 0x21)
sendmsg$inet(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1}, 0x3e8)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x40000)

2.481909842s ago: executing program 0 (id=2182):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x29, 0x1a, 0x0, 0x0)

2.429750266s ago: executing program 2 (id=2183):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000ec0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000600000010000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x93c8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001200)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f07df33c9f7b986", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000021c0)=""/239, 0xef}, {&(0x7f0000000140)=""/215, 0xd7}, {&(0x7f0000000680)=""/221, 0xdd}, {&(0x7f0000000d80)=""/177, 0xb1}, {&(0x7f0000000880)=""/245, 0xf5}, {&(0x7f0000000e80)=""/4141, 0x102d}], 0x6}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x183081, 0x0)
close(r4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$kcm(0xa, 0x2, 0x0)
r7 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r7, 0x29, 0xb, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYRESDEC=r4, @ANYRES16=r3, @ANYRES16=r6], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020200008500000072000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0x1, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x4000}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r9, <r10=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000280)=r8}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={r10, &(0x7f00000001c0), 0x0}, 0x20)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r12 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r12, 0x1, 0x3e, &(0x7f00000002c0)=r11, 0x161)
close(r3)
sendmsg$inet(r12, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff7a}], 0x1, &(0x7f0000007880)=ANY=[@ANYBLOB="1100000000000000004003000100000000000000000000001c00000000000000000f00fd08000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c0000000000000000078f0208000000", @ANYRES32=0x0, @ANYBLOB="a00500000000000000000000240000000000000000000000070000009404000044108800000000000000000000000000000000001100000000000000000000c2d63c67000000000000000000"], 0x98}, 0x0)
r13 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r13, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x30004001)

2.346258533s ago: executing program 3 (id=2184):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, 0x0, 0x0)
close(r1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$kcm(0x2, 0x2, 0x73)
sendmsg$inet(r3, &(0x7f0000000500)={&(0x7f0000000180)={0x2, 0x20, @remote}, 0x10, 0x0}, 0x900000000040010)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0xb, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
socketpair(0x3, 0x4, 0x86e, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmsg$kcm(r0, &(0x7f0000006480)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)

2.276927058s ago: executing program 0 (id=2186):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xbdb, 0x1}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(r4, &(0x7f00000000c0), 0x12)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.964224543s ago: executing program 1 (id=2187):
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020, 0x90024, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x2, 0x6}, 0x8224, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x0, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x12, 0x0, 0x0)
socket$kcm(0xa, 0x1, 0x106)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000080)="1c0000006d0081044e81f782db1f4cb9041c1d0800fe007c05e8fe55", 0x1c}], 0x1}, 0x0)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000540)={0xffffffffffffffff}, 0x4)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000680)={r0, r3})
r4 = socket$kcm(0x2a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=[@cred={{0x1c}}], 0x20}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmsg$kcm(r4, &(0x7f0000000200)={&(0x7f00000000c0)=@x25={0x9, @remote}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000380)=""/203, 0xcb}, {&(0x7f0000000140)=""/10, 0xa}], 0x2, &(0x7f0000000480)=""/154, 0x9a}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000580), 0x4)
socket$kcm(0x2, 0x5, 0x84)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0}, 0x40040d4)

1.8813633s ago: executing program 0 (id=2188):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x0, r0}, 0x50)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)
r2 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000100), 0x120)
r3 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f00000000c0)={r4})
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000740)='G', 0x1}], 0x1}, 0x810)

1.520928838s ago: executing program 2 (id=2189):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x6, 0x24, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000071113d00000000008510000002000000850000000500000095000000000000009500a505000000009d626e70e9673322c7b85ffaf65c66ad587d51e8e0c4dfe91759b3f0f9f5ae8e3f9b82270eae11be2c6b3322403a0e3a6ac538f90427f5672fe15e688d62cec17c4a6f411694008948951a47de9b1a3edb8696448c0169532ec1422053b8636554129da48fa59cffe396b8d33b1e214015bc797bea7bc32a0dd1b228af1f0a"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

1.056236605s ago: executing program 1 (id=2190):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800060000001001a8001600a400014003000000036004fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000040), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000001000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="110000006a00810404fb130000005ef405", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r4, 0x0, 0x480, 0x0, 0x0)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0x5}, 0x2f)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000140)='/dev/net/tun\x00')
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r5, &(0x7f0000002700)=ANY=[], 0xffdd)
ioctl$TUNSETCARRIER(r5, 0x400454e2, &(0x7f00000001c0)=0x1)

1.055726875s ago: executing program 2 (id=2191):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xbdb, 0x1}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1700000007000000ec04009ac0f9ab6fe04969e50000ff000000000000", @ANYRES32=0x1, @ANYRES8, @ANYRES32=0x0, @ANYRES32, @ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

1.055486736s ago: executing program 3 (id=2192):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

930.162116ms ago: executing program 3 (id=2193):
r0 = socket$kcm(0x1e, 0x4, 0x0)
syz_clone(0xae12e400, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4000000)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22101, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x1, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)="5490", 0x2}], 0x1}, 0x4048841)
recvmsg(r2, &(0x7f0000000000)={0x0, 0x46, &(0x7f0000000440)=[{&(0x7f0000000080)=""/45, 0x23}], 0x1, 0x0, 0xffffffffffffff28}, 0x40008140)
r4 = socket$kcm(0x1e, 0x4, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x5452, &(0x7f0000000400)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')
r6 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001080)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRES32=r6, @ANYRES32=0x0, @ANYRES16], 0x20)
sendmsg$kcm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000002940)="017fdda093a6ecf4d636f1abacf5bdde237a349f164bb836d5ecc5017bb67f34b2444c52cd22adf62988649b2a573613ea6fec3f15af0b6bc5fac1faa124f3710483e2f60ae46c312d6a730eb2e106998344b2a5a5fb590f0058f95d056436d97a0690adc02107a822c281a19a2f65e9bef113af6fcf2cc1c2de469ef24f4ce9d991fa937307b63ff70d5c764c78d447d3c070dac27c1f6b8b66e25c1ec558fa93376bb8eaf38c5bccbb5405738fc4655cb36641dbb388ca7c20d29b6d487daf2183a722335586ff892c7f960a4019b3ce3548da8636a75267484e865f9b67c03e4adb294464e882ff33529514d2413e291f2d3529e5644ff50bb1311b7784534e5ddb4c1f4a822e2ebcce19d16840af2a66290252420db5552231d94cff6ec2cc7cb7a1ca35a97b8f786f65c3bcb310d201512050831d360067dc02bdb88eb304ea5a6bf966934072bc440a3ed456d6af036389982b6f238fc9e15d5d23a441a13493b85cb726304204ac25dd26b7dbf56f9df93def6306c91dfaa8b460760f518a74fe225d2a8c6b26f647bc995a8e6b44d9a4db684b81e9772fa0e5e6e8ce377cf9410c425a8cdaea7f44ddef4baf067c1b0e963b5f8a801c6cdc1a67e4c34f1754b08a1a460b4b10eaaee29d76b28c94663cff81f4d1c95b127dcaaefd4c76b4b7129d881a8a4f750cd98acc2ae3e31f9afd90c13c91999e39c94416a8629144be0bd868078844fdcf4f065b13ab3059b0a0a1e0893415834bb87e558bdb0c28df6190d4fef4a0b520140bf0376fcae9396d1abc5c707d2db93b524686ca61cd4eede77dbb22682f90f34f699606718c3b95cfb66d68eb1f34bbc92b5c57568ca3f7308520455981748d531a01c8bcd6d3aa0314eefc1c080628db5c5b691f41c16a1cebe58c8e2db924ffeb74617f3dca89ad2dc9f0862d20986cb00a5f114e3ae489489a79ec5c86e282ec806c12e9219e3c65515be5d34884a913c8c6b59729db2f9de3814c02bd060c7f51a2b563c6c480b7dc09e992afdcfe2e874f448727da44b5c0ecdf26d15ff69ff5d10de78e7a8fbdf4a6f132d22b9ee3c7be1b4ed784f11c1d084deda3ac59087b0416f88699be603384a817983d98840b342ed77ce4f627df1360951955f998085a10550265973826663def3b7faf72b075baa5127dd1023f5ba4cfc2cd0d9385b0e98f0378d24cccb12d1960ac6bd3bce5634cd95adf52e59b25b93905230ada87bd7f8ff63a3e3a75688a5ac08dc2ddce4573779edfad8f7e758c6ec9e58e6d2e6b716212ed3921e5f46a3076dd8d9e794bd9a9c3f0416e3cadcb385e6cc287ba6274d7d310f86b2a42cebae405262d22a1a5a27e566395946092f925ab60efbe36539167ca92a4ad9f46aa7267828fa32c2961e922aa43482fe0d96b7558bcf2941e2c03439037aa630fc6b646de6d2d4d06289abce94ace917176af1aea92ce3a365d6dbf50a79e25b9cabe143dcccb1b6ba910b4056c7e9492c67bda0e3798c995147b66ebf9a96e7312e403f6e57f0ec868a0edb2c376db49c8c64cda56949554a3a23f0d93d8fadd9907e4b6f616f5a79adbe0dad411affd6967077f7eec3f14ec7a3a6886fa1f7072b85aafe5e7b09ce120ca3833db2a889f65b0c432a7b77ee1925b3c1d0dab2ec7c0106c59cffcba5f4a8fa95c8914855e7fdf74930f05866e797a5eaa595be186018ac919de47056c0859303ec4abb75c0efe07eee9f87550a6934560b29c66bad58207ca0efff7bdae52b01f32da586ba95ddbe40ee0f7b30f17eb9bca755078451c80b7cd41ce02b54bdd092307eaf148a3c64b7f176fa565000e452fa2d9f620c2e2b0486563128c0ba3d2f3a0e3c0d63d66df812ee22f29c8900e5511436fc4a9615e7b1ff16f593026d7d8cf40d20983f9c7f3669d43f75ee159b5a8ad7467aa139871e36cd994bf5c16e1c69e8af2105fba0c0f7b41593c145e7d29483a02eb12b3adc4bbf8e2a11a7be79038c56c506309f63db2027958f19f70ca66084fd8613aec4dc9fcb2949a97c2dd6efbd554951c425eff3232965c5b8aa37531ca539c59f75bdee14dcb5ff9cf1395e6aa0c6551d75ed6fca64694a6a64f0577e9d0dbd5335d7013305323c3d53f0a30a064ef363580620aabe77395149d0bce4837fc5430e88abaa45085274895adafe408a43a1a4218a213aeb6084cf2c1cef76fd0e8ec25b9eefbc896a3a5c19bffa181b1a0e69bf6cadd1faf50713a4a552759cd090cab90cb51d40bd93d35eaafe41d6654f29a4cf4b3e967d13ae796f618e7f02615fa8f38ffe1a8b0eb261f5d8f513de2d2a840da98e566fb3c9a915c9e2fdc2ad677b88cf55ea892f30fefc3141122aa7c43d9365fcd9bc3e95aa31dc96336e218bfa553f02b1c677bba932d55292ef6cf40f06c3bc02873929f7676e08b4aac11eaf8db120c6a6e0a870ddc3949d288980b48591cb6515a193f854d4059f24d01743ff6c7de796fd12fef6b28ae03838db23e026e6c71306f0306cb400cbdbf32efe0ac995544fcaa99fc8baebccb0b5ab656033502fbde83291baf39ae21828120ae21fb43ed7bb3034ed0cdfe5ebae161755f814128483f0b7c7182a94bc0a0de59a51d8d3ee22bc9a5f4b3023ddcea035e9fe33d6fd54f8dad30cc65d53395c19c013f90f38bd825d9df9adf336f3d859ff5380e26d853c41c3f1f7102854736bbcce63cb75a9b1f5a679a050e5e59b9a7e154866cfea3367eb46c766f9eca6eb2326685a47392292daca1c22b2949b5029db1d185d10f292ffad769c19fd93c1a852b98d7093a302a68863f4656bc8c2b5217266be79752c10fc74bfd804d53042afb363239eb5105f29ea463e88ab476b84fb87eea3a37383e438ae8efd056aef1970904330ddeffdb1fd628ff1d31211242f6b0cfa01fcbc6de4a16c2673998a4cf94fccaf2190fc5bc9ffff9e1581c54688fea93cab97b37a1a8d491185175a5b3a505fe874a3c1cd572df814103e8048c9023537f3698ee2caf576ec474be03f06865b76bfc3c923871a0ef76ae64b0b0f6993f7d99f3d04e6ac71f95f7739bbeceb1cc9aefc4bec0d112e9213e0098ec958d2894e67581c1670e1a09e985f9b5605fa9338ee663d1d2cb62381662651cce57df5b2920469491e94024d9ee027f5a8270f82f86be4c154b94481917b26a919314a3cb8dc997636a1cce741920b0c0b95ef78715d620eaf67ac3268963f896f91b938e6fce55d4867ba7300766e46c1ff9a5cd658d687180b830c1c2eab2bf7c97d38454df6669833aea160d341fad64ba56adfc050fb1d3aeceaf93b45a20ef150a7866501faeec006d204fe333e2febbc2ba25a3e5a42c61445654e41224d574018e157c299231117121af825ad18dcdec7cc246abf7bbb2251a78f305eb47e9e087ac76415af4211024d05ff39d714c43cb6ac0ceac25a8810a56f5dce717f1d7176047680c92b3c87be31e252b77b8f23ada2884fe44f81e688968362436ae37e1beb2c8a7066124d518a1f610592f043408bb25c70126c6c3ce2710a533d535156ea6304f9a93ca03e6fdef21ec2f33fe3327cea6c1c4d675556da61cbe5d95763b824d9088c0e87659f0e99d0a8c45c13b109180fed031aacdb9386a3e2f22d4c73df629115af44a46ee8389c8b6c7fdecdb1eadbf3fc71568245b8a95fc0d18bcc3500d312002d3da8eea8c5ada670f6a04f4829777b4e4d99e9cb1cc39f2faf8682ece93fdb7f247ebed1757e353006a345352924f439334f2790aa02eedb842a091c1ba23ebbdbf478801b63902f04c68164053d57a2c7939efde313c06be030b69a23e3dfaf7b00a9ae1e59f3c133335ba478dd4b6b17f70ae497ef7ef8b2907d7dc6d086ddc6b79d09bdba1ab7474f62368967c108885c8978f50d6c9f8045725ede7961e3a5f8cf5c272cdc4fad42f774338bcd1cb9bd3927c4a8015a880f48fdcc0cbad5b6f0bcd06c6f2ec7bd90d5518f3c0d64adc75be417c65b56607cfa27ac122aa20ac4c14bada365ea893135242be59740bfdb180179e6c8154c6833f89ca8eb4e03518e515e98c8322efddad4787f5478c37d325e4a8ed68d6debfd97bfe3fa7bc4abe0abbaa7106588860daaf86c4be7addfaaa69ae2b67a8dfd19dd78c7c6550c8539fddc5f7dbe9bd5252647089d37e7119687716c0b168406c170340c0f6c910ac1bee99f3f62b62e9af950482944edbc32e7056e62e51905dc8ec59fef56534da423c166b73b1d2d4fe938e9223e5cf70651784bc2858ebb550178aa6a1e0e8796609dc93a233b8d3044b9569a1742f3c730db449e424423c3b0af60137b5e9c1fe0a353dbbf0d004f3d3d5df3337c3a53004b5fed3aa2ea2b55b791795efecd3851870819abe212d97a3a187e67947bcf24790104ccd4ec363edd5885c5b08ecd36c46d16ab47c942a014da0040a4edc35a4737e03bfa53c6e36086f6ba07c21702f71eeafa4e76f40d74c2fe97575822848ebcd46cd957f8aec097b0e05696084732075285484fe7e5d175491cd7523dd34d9d31098ad0e5f8484725dad0d5ca6c2527ed01b6d35eeae7af5a4cf68ac5ee8278ceeef9491b84392bb75dc3ac9da8654a9e69886e4af5a3b9d922957ade5e26a0423b6526395b9b6794fe22c58711b5086ac75c101f5a4ed05d31a19d7579745e252a63e217642899060517eca1d59adf05d185afc83c8deacb2b725980a7c0224c9e4f7a8e060db42bb9eb094410ca5617347a1510b4bd88aa01ab78463d5ef39799e15471a7e3abfc145053d7f6415540a20fcc6079caaa653f82e9b691ded5c79eba80b71eaccfbfb73151ce3fc965ff9ddcdfa5561f6dfb947153b62ed952655b77389ea01faf65095c28a3d027f4a75d9e1e8c148467e860cb6e97822dfa1caefd8c38748eccb35c7e65b39c6c15df5ff755b55e679ccfe948032414eb0bb54afdb46b1eded22b1ef8d7368095a2de4764f6f403e07513653d6e43288b1bc52c56924bb3bd7a0ee5a7df78aabda46ede109a4c7054289f8c1fb95d088db02efede1d8053664e3cee3c735c6f08b3b0eb490eeb77ac51dde3b15ad3a743fdb41ee7522e8ddc7d412e79167d521e776d69bb8f63c6ef2ff278b0e15abc6c8cdb95efcf26996f27a6a88931e8d3f69926c31711a93b0e7dc34f181794a33aefa794c5c37d0fd9de15c3dba2ca69e5ba84c4aef9bde46caff33be19452098fa690a27808256cf798bcea51a9b53d26e2fe577e40a2d8b88e06f9752b5d1ce13cc18c49d44d596d1a3d98ff88955bef34a56468402c4d5e8f0d583a41bffac44c41d9b3ce3915e56e46c7bb6f162b23c5f5f3c1f1b1efd1dd6982772b5bc54d6a0fa7af5da5b49b91556a0b45a5753feda10d6c3e881d290696d637d5a2c647eeade9bef69284c789f37061ea1572206ac1d5c23d087802c09b23790251ded7c7a2aa24648314a363bfa1804ef338f1e2573c8d2257d237a59fe6a94774a3f250b2d28fe4eaff3e842e154e48031fc4d75427b60f296579cc6958460eab5d322bb38ab53e85c1c40482db3bb9fd2f7230c13d348e000afaa509982d5c4a9a8c3248d44f3d0fcba88859de3525b51c5fa6db1ab798bce2f591aa6862a7d71430ce8cefbbefe89684b4a2675d4d119e6221dec148aa4e07f3d259b082a62a7431b6d35ff52f6ed91d1e364eba08717950c3ea1ea959145873d0f2b82b719def7d99216d2c5091c18f46d6c5bb1b0b83b9e4c7adc63b722a2c840210c892c7c37f5c9cae8994b306e9ec530", 0x1000}, {&(0x7f0000000180)="21edc274ea54f64550a1187734b8385ff008dd5b5bf9a3d4bd74a3ddf940aaf82f771a61f17a128687389b6c8ed0fd3778e54b70ebddec8e6054c468b37b621f22258513ed37cdc653f27ce103dde9b4090cff3c6324546529fb3a6aaa5cb926da410e3070c9990a62223a1f834360f61412d365fa89f631bdc783bd372beaaae5911f99c0453b2f3feeb9af11acf9fe211a93b4ccae9ee322c1a9c3a339a4b7bddbd579193f1552af71447f3ba8ef1f05c8e19c6a494c", 0xb7}, {&(0x7f0000000340)="6199625534d10102ec67b8259b303cb79004a27d30c12012ff1666216cec60bf130bb5461d0bec4c27be09fbddf395a5f96404be10827ecb08b6101720384df445a1cf1a95dfea70824b104feb5e21195e7349d56fbf6466b2df0f263888a4a68685f2eba99b112d673c977a14c1d1da4b3b046bf6664c051715dbe654", 0x7d}, {&(0x7f0000000740)="4ef20c422b558a76c05b46afc56e61f1bd32cc31d68e83a01064aedda0f613cc92b4e7227f40d610b81c9986f4dbe55505eda23a82d61457bb39d3b612ca55985e", 0x41}, {&(0x7f00000007c0)="3294853238462dcdae735537208228cba234ea0b9c4cc2bf94eb2328309b04f52c2afb6f8fd62f2ca1353abe873e4803245a8ae0960d246d28726eefb97232f747c21728d4f46fb32a4c0b4dcefb1b381ade7ac42779acabf697ebc43d2de8f5d882871a7fb1c2dfad3b1bb9d9b991e0c48f4ef834f5bac8fa665be0ef1fdad8902969a0e9f4cb9b", 0x88}, {&(0x7f0000000940)="8b19e1a9fa7d3d2205ddb74b6245d8eff2fdc35eea5c865470a453c9a4b77d10e1b6b207aa048793ebbf7e0f5d8331d9c647b796b51bafa2eb5291f13f9e770f98816ffe966ea78d7f408a44e0fbf5dcffb6ee868be8f77b4514fab8a523f1982c43c66d20817048b36b14153c5bb14f8833fe2e4c33b14e2eb8acb4e53d9902f005ed0435c0aa7ad1a324231a5c0fc719a0d3fd8aeac45a701e89839086e8dda0093479eda93637faacf3fa8392ca31752932", 0xb3}], 0x6, &(0x7f0000000b80)=ANY=[@ANYBLOB="a8000000000000000000000002000000ed5cd5ea8ecf7d65e4e8138e0a062605e3006f995ee8bfe7db3586a5744edae2f4fa9c1ace4c5f61c3d0fcc57d7cf33697826a23724e35cf1aa9d7a05f2bc8c9fa96f24b3d533e17f75f7e1a257b36decc7e3f0e6d96dde69381907ff6a0408fab7c9854870b753691173c23ec6cf924b5f0d4baa9c979ec5018d6d32a4c76a638997baaa263a91278ec6b5539518a9475591800000000008800000000000000160100000600000000c3f54a4d5d2d252420f02dc7971eb135b116bb939db0f0038e2afd2d8c9bc4376a24b27fb76544069309530ddb50e212302f8b4b213a2de9d3e888bd00854b6c05d3186e656ad5cd67248799b47054f057f82e7f46f017457aee5e77203662cb6c1ed83e5656d3e4bee989cd22f3dc47c5e70000000000b8000000000000001d0000000500000053d3fe5db7407844060df0692cf0fd780096fd8f8404c58017902262013196bc5d41889990129222108c0fbec63fac07686302ac4d1541b351bc464267871a42d37e7e46cdaddf951911329718054aea2371acd115dd7e4cbdb403e909af63917352acf9c6f2042507d0a23a649f6dfe661330778436e34c07d1985ff6c717b21e092e0e0cfed2ea207c9fbd0281efc9d86e3da84dd1b8e0b69e4f7e5d2fff60125bd7f3d4525a00480000000000000011000000050000008063a55cc0e1a89ed718cb61c472cacede65bdb673d1f8eecb94b479658d728a151fc6f737c111d8687733b1042d82cfa000000000000000800000000000000088000000070000000f0287cafb828bbe27e0e17d9692a244313154d6f83aa053c0070ebdbc8d953e29966ab12d3bb09e67ecb966ed3c44eb151feb810bcbc773b9b69fc8aa172bbc7309085534e7d631a8cec726106c61f94d96bd12eb517791b6533c4796512ce0a14f47021e090523bb1c87c18a000000"], 0x2b0}, 0x80)
setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$sock(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002540)="44ee0c9de566dfe6e66fe9fdb621cbf334c0e48a28bfb84f92935e1c3a3e5cce042defae599f6a460abf542341b293e2b5553f3228db25a92ec8dabe3d285e10b89217438e6fb52d3c0b595e93387a8673d913df2cad5b61b5c1b08421a9e75e1b305e0e5eb3c98d9e37bea1d9870c28d7f7fb5045d08e12f6adc8d1f025f6a3d8d4b7d2ef442f910ad558ad6ecac9d6c801989dc586a85ee9bb1c0b9a5672684a9043c331b334587d96d6c4df2eae52ed451bfc753825ad82cf9db78a471cd5a429c6efcdca51001f16be7ba049aa3cb5aa65e8c087f3d63bd0533347d8d995bf31cfbb6d5d668ea57f47203329bd70d5b4c9afebf32e1a3ab6144848f53943cb488b71996375ec4abbcbcf6a04b2882460ddd32650420896d814d199ceb1e18f1c7e7021d52a0b365eb4a28b9ba52523de3521176420043a2b6d243b46478a22b1b61216f4b049c4eeeead05d6168f3bfeca3b56530567fe2209353cb1ddd979d823e4c528a26e0aece5932612036fbe14cf200321f2270b768443e30d03f4791944afbd1f54f8874224c88cab51a3c39726cb9507f9b0c10f065003082d580f1ee32ed5d7b67360dd04d9656650fb9f2e83a4581dffad8641cff7f2d13d1cc85654b974ef126e364ccdbeaefd194fee6ad23967891f5bc84862f15c9b6670cd4dbb9892292f1fc53189c34fa168986c8491d62730a01b33bc34027eb5cde57618c0dcbc6672c0e6e906ce1a279816e5a939f390972f50528e4912816f499b9f7b54fb427bf82bcd1baf45175bbf516d85f59da3d2be37f42467d8100bafbce1bb475fbfebe36db19ff9376e8016b59988d8e0685a57b2a331e8537a382c5b7e479cafa1363aebd7e720c05707a5119a5d634ca37e783401690820d283e0089daec228c06d67fce66099c5f577efb84ab84c6d8ae2c982c1620162f0eabc0a35dadbb53b4b3436bc1a6d99897d8ea13123fd0fdc30396c34116125834cc46c2cfe3ce25721aa9ee444e3a87efff91513c3a699890302081bff1ebee4a5a1f224a53cc27d961a293021f5d1bc25712e7266eb801f3b8719dae13c241ac10ab329b047c28a5b881db1098014312c08bb2b91153515e213f49083a1911636fd3c40ac9807bee1984f661109ea5c2babfe4505641582355134fc214ff71ef0f17e823d4163fb0a6063b63c459b02cd7b8571aa6b3353ed051e23c5e8412ca8c4e2fe25f97144dd46a26d6e0052582cc151bb5b1bc200e43ed0c4ebb8b98e09e8352e18ce8521ce8aae92b60b94bc77a804e6d2cfda8ce172a1275485d50b3d01126a01ca62623b2c8e70af100738077af8090016320940b23258c54fa94b6657087a5507c2387e9e43581aa4883787bc8280fb1e40", 0x3d4}], 0x1}, 0x20000000)
write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0xfdef)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001500)=""/4098, 0x1002}], 0x1}, 0x101a0)
r7 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
openat$cgroup_ro(r5, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000006000000060000000400000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000f2cd9f981e838ba5adb954e2efd2644e07827a856949d702e165aba1c3897335dd1d89b12fe6dead2ea1bb2c9f306a4b27523c7a9ee54dcd5efb9b9f71402b95e5fe59396d424c332268a390608ff5fafe5404c9b58e77b74189ddac76771d44cace4838c3fbfb3980de96d6d22b1ab31ec0b442ed1aad398deb31b567f381d42f423db0e015496d3c161800f253f2737e0113aad08cc59fa6a525e1fac7e9f4f2e3a7812871e117e4b65a1b8294ef16eb9d7c891e8ff81e08a7b98d4d19afd1b1805a0e1cf5302a978279b8a9c0b04654f4f55f8465c205039656de9c202de69c0fb1725d675aea5d7e80d5d402b0d2c7598ca132af7726d05894c0b70b036f"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r8, @ANYRESOCT=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000140)='workqueue_queue_work\x00', r9, 0x0, 0x100000000}, 0x18)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)

791.019347ms ago: executing program 0 (id=2194):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x2422, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_config_ext={0x8, 0x7}, 0x1102d1, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYRES8, @ANYRES8=r0], 0x12)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000002c0))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18f5a1000000000000000000030000004f100500000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x40}, 0x94)
socketpair(0x1, 0x801, 0x0, 0x0)
close(0xffffffffffffffff)
socket$kcm(0x10, 0x400000007, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x0)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x17, &(0x7f0000000200), 0x21)
sendmsg$inet(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1}, 0x3e8)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x40000)

712.112653ms ago: executing program 2 (id=2195):
syz_clone(0x40000000, &(0x7f0000000c40)="6f937fda7d48aaa27b726c753edfc4ede1419b697a2c1f7e8f5474fb31f7ace9e4fb68c551a94c07f04fab90f0148816aadfb559fbd7f680485930aa14f337b022be710e24cf0eccec09258331961b0818a8fc2ef35d28e0b0a29f3a65a0ee8eed36e4d8d34b8300eecf070cb517c87822e214ae8de6b16fe7c06f507b9d84b1b9ec716a7fceef0f9bca4b70ee2bf5acd842b91bed5de7dce126737bcacb17c31cc86ce13bc72d1b2b88938afdd81269d9602201e1678f43cd6951629123916921170b6f601685825fddd75a7097010e244d7b10af4f3f7edffe2fec2908dbf161acae4b9b12bf50dbd1a58b5e03d558534b8233f6766b2afccf949c4e45795151e60e92db7f9d47e711c54119bada29816d1ee90033aabf76aea0baf5f4f6480164", 0x122, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x5}, {0x0, 0x4, 0x10100, 0x8}], 0x10, 0x201}, 0x94)
r0 = socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000040000000400"], 0x50)
close(0x3)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000600)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r5}, 0xc)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x1c000, 0x0, 0x0, 0x8000000000, 0xffff0000, 0x0, 0x0, 0x102ff, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ec0)={0x6, 0x2, &(0x7f00000003c0)=@raw=[@generic={0x0, 0xa, 0x8, 0x2, 0x8001}, @ldst={0x3, 0x2, 0x4, 0xa, 0x7, 0x2}], &(0x7f00000005c0)='GPL\x00', 0x4, 0xf0, &(0x7f0000000940)=""/240, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000c00)={0x2, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000e40)=[r1, r2, 0xffffffffffffffff, r1, r4, r6], &(0x7f0000000e80)=[{0x5, 0x1, 0x8, 0xa}, {0x1, 0x2, 0x0, 0x7}, {0x4, 0x4, 0x6, 0x4}, {0x0, 0x5, 0x3, 0xc}], 0x10, 0x4}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0)
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000"], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r8, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bd6efb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x0)

685.270365ms ago: executing program 1 (id=2196):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xbdb, 0x1}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(r4, &(0x7f00000000c0), 0x12)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

610.193491ms ago: executing program 0 (id=2197):
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x1a, 0x0, 0x0)

402.399498ms ago: executing program 3 (id=2198):
syz_clone(0x40000000, &(0x7f0000000c40)="6f937fda7d48aaa27b726c753edfc4ede1419b697a2c1f7e8f5474fb31f7ace9e4fb68c551a94c07f04fab90f0148816aadfb559fbd7f680485930aa14f337b022be710e24cf0eccec09258331961b0818a8fc2ef35d28e0b0a29f3a65a0ee8eed36e4d8d34b8300eecf070cb517c87822e214ae8de6b16fe7c06f507b9d84b1b9ec716a7fceef0f9bca4b70ee2bf5acd842b91bed5de7dce126737bcacb17c31cc86ce13bc72d1b2b88938afdd81269d9602201e1678f43cd6951629123916921170b6f601685825fddd75a7097010e244d7b10af4f3f7edffe2fec2908dbf161acae4b9b12bf50dbd1a58b5e03d558534b8233f6766b2afccf949c4e45795151e60e92db7f9d47e711c54119bada29816d1ee90033aabf76aea0baf5f4f6480164", 0x122, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x5}, {0x0, 0x4, 0x10100, 0x8}], 0x10, 0x201}, 0x94)
r0 = socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000040000000400"], 0x50)
close(0x3)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000600)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r5}, 0xc)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x1c000, 0x0, 0x0, 0x8000000000, 0xffff0000, 0x0, 0x0, 0x102ff, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ec0)={0x6, 0x2, &(0x7f00000003c0)=@raw=[@generic={0x0, 0xa, 0x8, 0x2, 0x8001}, @ldst={0x3, 0x2, 0x4, 0xa, 0x7, 0x2}], &(0x7f00000005c0)='GPL\x00', 0x4, 0xf0, &(0x7f0000000940)=""/240, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000c00)={0x2, 0x1, 0x5, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000e40)=[r1, r2, 0xffffffffffffffff, r1, r4, r6], &(0x7f0000000e80)=[{0x5, 0x1, 0x8, 0xa}, {0x1, 0x2, 0x0, 0x7}, {0x4, 0x4, 0x6, 0x4}, {0x0, 0x5, 0x3, 0xc}], 0x10, 0x4}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0)
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000"], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r8, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000010008188040f46ecdb4cb9cca7480ef421000000e3bd6efb440013030e000a000d000008ba8000001201", 0x2e}], 0x1}, 0x0)

393.375099ms ago: executing program 1 (id=2199):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01fed40002000000a00300000500000000000000bb711179eb8fade4f6c7431a91e21b62122e774039829899d8f05de4b7af587338f77283889f7b789fbb49f1bc5984c859fdba85f244e5f049a39638d1c1295ce3a7a7bd8c6f70f3030087f2642b8384b648ee96773b7230c342578a00604c4f2c64040cadd235e07108afd84c9fceb08305258b49013d30ffbdcd3efcfc2aff02821297610cae65873077257cda638c8c90347d60a8dbb467a431ccb0d772b678ce2688b0fd9d73c224c03cf95af83e264aaabe67fcddd9532c02fe8bcb22071fef2683556a111405f3d04a1f1eb84036b34cddbec053d592a4c24fc2c7a600"/257, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES16=r1, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0], 0x0, 0x46, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xa2, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0x40010)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES8=r5, @ANYBLOB="3ee901"], 0x9a)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r2, <r6=>0xffffffffffffffff}, 0x0, &(0x7f0000000780)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x13, 0x10, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000000000000000ac58cc6ec17c0000020000001811000099007963a8411158338d990453fefd6edd9860ba40ede3c8722667f8fa73383805ec", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xc, '\x00', r3, @fallback=0x5, r4, 0x8, &(0x7f00000006c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0x7, 0x2, 0x1}, 0x10, 0x0, r0, 0x4, &(0x7f0000000800)=[r2, r2, 0xffffffffffffffff, r2, r6, r2, r2, r2], &(0x7f0000000840)=[{0x0, 0x4, 0x6, 0x5}, {0x1, 0x1, 0x5, 0x8}, {0x0, 0x5, 0x6, 0x3}, {0x4, 0x5, 0x10, 0x5}], 0x10, 0x100}, 0x94)
r7 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[@ANYBLOB='V?\x00\x00-\x00Y'], 0xfe33)

344.367752ms ago: executing program 0 (id=2200):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000740)='G', 0x1}], 0x1}, 0x810)

194.095425ms ago: executing program 2 (id=2201):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

171.184296ms ago: executing program 1 (id=2202):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b0000000700000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0}, &(0x7f0000000000), &(0x7f0000000600)}, 0x20)

193.57µs ago: executing program 1 (id=2203):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xbdb, 0x1}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1700000007000000ec04009ac0f9ab6fe04969e50000ff000000000000", @ANYRES32=0x1, @ANYRES8, @ANYRES32=0x0, @ANYRES32, @ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

0s ago: executing program 2 (id=2204):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000740)='G', 0x1}], 0x1}, 0x810) (fail_nth: 2)

kernel console output (not intermixed with test programs):

68
[  250.278819][ T9711]  </TASK>
[  250.674101][ T9726] bridge0: port 2(team0) entered disabled state
[  250.702772][ T9726] team0: left allmulticast mode
[  250.721710][ T9726] team_slave_0: left allmulticast mode
[  250.728688][ T9726] team_slave_1: left allmulticast mode
[  250.735801][ T9726] team0: left promiscuous mode
[  250.742673][ T9726] team_slave_0: left promiscuous mode
[  250.751774][ T9726] team_slave_1: left promiscuous mode
[  250.758331][ T9726] bridge0: port 2(team0) entered disabled state
[  250.776678][ T9726] batman_adv: batadv0: Adding interface: team0
[  250.787615][ T9726] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.844270][ T9726] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  250.875297][ T9729] __nla_validate_parse: 4 callbacks suppressed
[  250.875420][ T9729] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1284'.
[  250.894180][ T9729] team0: entered promiscuous mode
[  250.901113][ T9729] team_slave_0: entered promiscuous mode
[  250.908413][ T9729] team_slave_1: entered promiscuous mode
[  250.916278][ T9729] 8021q: adding VLAN 0 to HW filter on device team0
[  250.924348][ T9729] batman_adv: batadv0: Interface activated: team0
[  250.931423][ T9729] batman_adv: batadv0: Interface deactivated: team0
[  250.943354][ T9729] batman_adv: batadv0: Removing interface: team0
[  250.951854][ T9729] bridge0: port 2(team0) entered blocking state
[  250.960174][ T9729] bridge0: port 2(team0) entered disabled state
[  250.967747][ T9729] team0: entered allmulticast mode
[  250.974628][ T9729] team_slave_0: entered allmulticast mode
[  250.981571][ T9729] team_slave_1: entered allmulticast mode
[  251.001422][ T9729] bridge0: port 2(team0) entered blocking state
[  251.008212][ T9729] bridge0: port 2(team0) entered forwarding state
[  251.283768][ T9741] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1289'.
[  251.949337][ T9760] FAULT_INJECTION: forcing a failure.
[  251.949337][ T9760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  251.971116][ T9760] CPU: 1 PID: 9760 Comm: syz.1.1294 Not tainted 6.6.102-syzkaller #0
[  251.979566][ T9760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  251.990613][ T9760] Call Trace:
[  251.993975][ T9760]  <TASK>
[  251.997001][ T9760]  dump_stack_lvl+0x16c/0x230
[  252.001754][ T9760]  ? show_regs_print_info+0x20/0x20
[  252.007361][ T9760]  ? load_image+0x3b0/0x3b0
[  252.012460][ T9760]  ? __lock_acquire+0x7c80/0x7c80
[  252.017632][ T9760]  ? snprintf+0xdb/0x120
[  252.022203][ T9760]  should_fail_ex+0x39d/0x4d0
[  252.026965][ T9760]  _copy_to_user+0x2f/0xa0
[  252.031425][ T9760]  simple_read_from_buffer+0xe7/0x150
[  252.038398][ T9760]  proc_fail_nth_read+0x1e3/0x250
[  252.043799][ T9760]  ? proc_fault_inject_write+0x340/0x340
[  252.050589][ T9760]  ? fsnotify_perm+0x271/0x5e0
[  252.055636][ T9760]  ? proc_fault_inject_write+0x340/0x340
[  252.061374][ T9760]  vfs_read+0x27e/0x920
[  252.065823][ T9760]  ? kernel_read+0x1e0/0x1e0
[  252.070521][ T9760]  ? __fget_files+0x28/0x4d0
[  252.075131][ T9760]  ? __fget_files+0x44a/0x4d0
[  252.079834][ T9760]  ? __fdget_pos+0x2a3/0x330
[  252.084614][ T9760]  ? ksys_read+0x75/0x250
[  252.089238][ T9760]  ksys_read+0x147/0x250
[  252.093601][ T9760]  ? vfs_write+0x940/0x940
[  252.098304][ T9760]  ? lockdep_hardirqs_on+0x98/0x150
[  252.103881][ T9760]  do_syscall_64+0x55/0xb0
[  252.109211][ T9760]  ? clear_bhb_loop+0x40/0x90
[  252.114190][ T9760]  ? clear_bhb_loop+0x40/0x90
[  252.118976][ T9760]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  252.125285][ T9760] RIP: 0033:0x7fce3098d5fc
[  252.130005][ T9760] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  252.150004][ T9760] RSP: 002b:00007fce31816030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  252.158732][ T9760] RAX: ffffffffffffffda RBX: 00007fce30bb5fa0 RCX: 00007fce3098d5fc
[  252.166898][ T9760] RDX: 000000000000000f RSI: 00007fce318160a0 RDI: 0000000000000003
[  252.175058][ T9760] RBP: 00007fce31816090 R08: 0000000000000000 R09: 0000000000000000
[  252.183231][ T9760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  252.191411][ T9760] R13: 00007fce30bb6038 R14: 00007fce30bb5fa0 R15: 00007ffc08e18ec8
[  252.199521][ T9760]  </TASK>
[  252.210179][ T9761] validate_nla: 9 callbacks suppressed
[  252.210200][ T9761] netlink: 'syz.0.1295': attribute type 29 has an invalid length.
[  252.234971][ T9761] netlink: 'syz.0.1295': attribute type 29 has an invalid length.
[  252.527482][ T9765] netlink: 'syz.0.1297': attribute type 39 has an invalid length.
[  252.713269][ T9772] FAULT_INJECTION: forcing a failure.
[  252.713269][ T9772] name failslab, interval 1, probability 0, space 0, times 0
[  252.748044][ T9772] CPU: 0 PID: 9772 Comm: syz.2.1300 Not tainted 6.6.102-syzkaller #0
[  252.756334][ T9772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  252.766651][ T9772] Call Trace:
[  252.769993][ T9772]  <TASK>
[  252.773080][ T9772]  dump_stack_lvl+0x16c/0x230
[  252.777846][ T9772]  ? show_regs_print_info+0x20/0x20
[  252.783132][ T9772]  ? load_image+0x3b0/0x3b0
[  252.787736][ T9772]  ? __might_sleep+0xe0/0xe0
[  252.792503][ T9772]  ? __lock_acquire+0x7c80/0x7c80
[  252.797633][ T9772]  should_fail_ex+0x39d/0x4d0
[  252.802516][ T9772]  should_failslab+0x9/0x20
[  252.807066][ T9772]  slab_pre_alloc_hook+0x59/0x310
[  252.812296][ T9772]  ? trace_call_bpf+0x5ba/0x690
[  252.817326][ T9772]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  252.823198][ T9772]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  252.829072][ T9772]  __kmem_cache_alloc_node+0x53/0x260
[  252.834520][ T9772]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  252.840367][ T9772]  __kmalloc+0xa4/0x240
[  252.844761][ T9772]  tomoyo_realpath_from_path+0xe3/0x5d0
[  252.850672][ T9772]  tomoyo_path_number_perm+0x1ea/0x590
[  252.856354][ T9772]  ? tomoyo_path_number_perm+0x1ba/0x590
[  252.862031][ T9772]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  252.867536][ T9772]  ? ksys_write+0x1c1/0x250
[  252.872258][ T9772]  ? __fget_files+0x28/0x4d0
[  252.876922][ T9772]  security_file_ioctl+0x70/0xa0
[  252.882122][ T9772]  __se_sys_ioctl+0x48/0x170
[  252.887091][ T9772]  do_syscall_64+0x55/0xb0
[  252.892116][ T9772]  ? clear_bhb_loop+0x40/0x90
[  252.896933][ T9772]  ? clear_bhb_loop+0x40/0x90
[  252.901738][ T9772]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  252.907843][ T9772] RIP: 0033:0x7f66b618ebe9
[  252.912466][ T9772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.932293][ T9772] RSP: 002b:00007f66b70d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  252.940749][ T9772] RAX: ffffffffffffffda RBX: 00007f66b63b5fa0 RCX: 00007f66b618ebe9
[  252.949111][ T9772] RDX: 0000200000000200 RSI: 00000000400454d9 RDI: 0000000000000006
[  252.957374][ T9772] RBP: 00007f66b70d8090 R08: 0000000000000000 R09: 0000000000000000
[  252.965815][ T9772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  252.973814][ T9772] R13: 00007f66b63b6038 R14: 00007f66b63b5fa0 R15: 00007ffc95841938
[  252.982130][ T9772]  </TASK>
[  253.027291][ T9772] ERROR: Out of memory at tomoyo_realpath_from_path.
[  253.148046][ T9776] netlink: 'syz.1.1303': attribute type 10 has an invalid length.
[  253.342830][ T9782] netlink: 'syz.2.1304': attribute type 10 has an invalid length.
[  253.384749][ T9782] team0: left promiscuous mode
[  253.390776][ T9782] team_slave_0: left promiscuous mode
[  253.401462][ T9782] team_slave_1: left promiscuous mode
[  253.457253][ T9787] netlink: 'syz.2.1304': attribute type 10 has an invalid length.
[  253.465461][ T9787] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1304'.
[  253.488592][ T9787] team0: entered promiscuous mode
[  253.494002][ T9787] team_slave_0: entered promiscuous mode
[  253.569120][ T9787] team_slave_1: entered promiscuous mode
[  253.615718][ T9787] 8021q: adding VLAN 0 to HW filter on device team0
[  254.532298][ T9803] netlink: 'syz.2.1310': attribute type 10 has an invalid length.
[  254.610697][ T5803] Bluetooth: hci3: ISO packet for unknown connection handle 31
[  254.610734][ T9803] team0: left promiscuous mode
[  254.632780][ T9803] team_slave_0: left promiscuous mode
[  254.638745][ T9803] team_slave_1: left promiscuous mode
[  254.696287][ T9806] netlink: 'syz.2.1310': attribute type 10 has an invalid length.
[  254.705278][ T9806] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1310'.
[  254.715000][ T9806] team0: entered promiscuous mode
[  254.720532][ T9806] team_slave_0: entered promiscuous mode
[  254.726622][ T9806] team_slave_1: entered promiscuous mode
[  254.735039][ T9806] 8021q: adding VLAN 0 to HW filter on device team0
[  254.844857][ T9810] netlink: 'syz.1.1311': attribute type 39 has an invalid length.
[  254.976274][ T9814] netlink: 'syz.2.1312': attribute type 10 has an invalid length.
[  255.102967][ T9817] netlink: 14546 bytes leftover after parsing attributes in process `syz.1.1313'.
[  255.965011][ T9833] team0: left promiscuous mode
[  255.970124][ T9833] team_slave_0: left promiscuous mode
[  255.996657][ T9833] team_slave_1: left promiscuous mode
[  256.035992][ T9838] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1318'.
[  256.050765][ T9838] team0: entered promiscuous mode
[  256.056215][ T9838] team_slave_0: entered promiscuous mode
[  256.063081][ T9838] team_slave_1: entered promiscuous mode
[  256.071468][ T9838] 8021q: adding VLAN 0 to HW filter on device team0
[  256.232132][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  256.239101][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  256.305927][ T9842] team0: left promiscuous mode
[  256.313355][ T9842] team_slave_0: left promiscuous mode
[  256.328248][ T9842] team_slave_1: left promiscuous mode
[  256.370087][ T9842] batman_adv: batadv0: Adding interface: team0
[  256.393017][ T9842] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.439866][ T9842] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  256.479971][ T9843] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1320'.
[  256.545913][ T9843] team0: entered promiscuous mode
[  256.558723][ T9843] team_slave_0: entered promiscuous mode
[  256.567488][ T9843] team_slave_1: entered promiscuous mode
[  256.579520][ T9843] 8021q: adding VLAN 0 to HW filter on device team0
[  256.586776][ T9843] batman_adv: batadv0: Interface activated: team0
[  256.594004][ T9843] batman_adv: batadv0: Interface deactivated: team0
[  256.602194][ T9843] batman_adv: batadv0: Removing interface: team0
[  256.700698][ T9850] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1324'.
[  257.115540][ T9871] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1331'.
[  257.140369][ T9871] batadv_slave_1: entered promiscuous mode
[  257.377541][ T9876] validate_nla: 6 callbacks suppressed
[  257.377561][ T9876] netlink: 'syz.3.1334': attribute type 10 has an invalid length.
[  257.392445][ T9878] netlink: 'syz.0.1333': attribute type 39 has an invalid length.
[  257.629805][ T9886] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1337'.
[  257.838302][ T9890] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1338'.
[  258.290579][ T9908] netlink: 'syz.1.1344': attribute type 39 has an invalid length.
[  258.322791][ T9909] netlink: 'syz.0.1343': attribute type 10 has an invalid length.
[  258.382319][ T9911] netlink: 'syz.2.1345': attribute type 10 has an invalid length.
[  259.071552][ T9936] netlink: 'syz.0.1353': attribute type 21 has an invalid length.
[  259.082659][ T9936] netlink: 'syz.0.1353': attribute type 1 has an invalid length.
[  259.658529][ T9946] netlink: 'syz.3.1354': attribute type 10 has an invalid length.
[  259.670456][ T9946] team0: left promiscuous mode
[  259.675841][ T9946] team_slave_0: left promiscuous mode
[  259.682456][ T9946] team_slave_1: left promiscuous mode
[  259.702723][ T9943] netlink: 'syz.3.1354': attribute type 10 has an invalid length.
[  259.722647][ T9943] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1354'.
[  259.732932][ T9943] team0: entered promiscuous mode
[  259.739080][ T9943] team_slave_0: entered promiscuous mode
[  259.755629][ T9943] team_slave_1: entered promiscuous mode
[  259.777967][ T9943] 8021q: adding VLAN 0 to HW filter on device team0
[  259.810703][ T9947] netlink: 'syz.2.1355': attribute type 10 has an invalid length.
[  260.082455][ T9962] FAULT_INJECTION: forcing a failure.
[  260.082455][ T9962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.124471][ T9962] CPU: 0 PID: 9962 Comm: syz.0.1360 Not tainted 6.6.102-syzkaller #0
[  260.132894][ T9962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  260.143390][ T9962] Call Trace:
[  260.146777][ T9962]  <TASK>
[  260.149730][ T9962]  dump_stack_lvl+0x16c/0x230
[  260.154569][ T9962]  ? show_regs_print_info+0x20/0x20
[  260.159898][ T9962]  ? load_image+0x3b0/0x3b0
[  260.164453][ T9962]  ? __might_fault+0xaa/0x120
[  260.169410][ T9962]  ? __lock_acquire+0x7c80/0x7c80
[  260.174457][ T9962]  should_fail_ex+0x39d/0x4d0
[  260.179247][ T9962]  _copy_from_user+0x2f/0xe0
[  260.183872][ T9962]  bpf_prog_test_run_xdp+0xca3/0xfa0
[  260.189216][ T9962]  ? dev_put+0x80/0x80
[  260.193406][ T9962]  ? dev_put+0x80/0x80
[  260.197502][ T9962]  bpf_prog_test_run+0x321/0x390
[  260.202462][ T9962]  __sys_bpf+0x440/0x800
[  260.206720][ T9962]  ? bpf_link_show_fdinfo+0x350/0x350
[  260.212237][ T9962]  ? lock_chain_count+0x20/0x20
[  260.217247][ T9962]  __x64_sys_bpf+0x7c/0x90
[  260.221696][ T9962]  do_syscall_64+0x55/0xb0
[  260.226191][ T9962]  ? clear_bhb_loop+0x40/0x90
[  260.231082][ T9962]  ? clear_bhb_loop+0x40/0x90
[  260.235791][ T9962]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  260.241716][ T9962] RIP: 0033:0x7fe60c38ebe9
[  260.246147][ T9962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.265883][ T9962] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  260.274329][ T9962] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  260.282419][ T9962] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  260.290493][ T9962] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  260.298505][ T9962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.306581][ T9962] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  260.314754][ T9962]  </TASK>
[  260.584867][ T9971] FAULT_INJECTION: forcing a failure.
[  260.584867][ T9971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.617282][ T9971] CPU: 1 PID: 9971 Comm: syz.0.1363 Not tainted 6.6.102-syzkaller #0
[  260.625446][ T9971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  260.635637][ T9971] Call Trace:
[  260.638957][ T9971]  <TASK>
[  260.641927][ T9971]  dump_stack_lvl+0x16c/0x230
[  260.646657][ T9971]  ? show_regs_print_info+0x20/0x20
[  260.651907][ T9971]  ? load_image+0x3b0/0x3b0
[  260.656471][ T9971]  ? __might_fault+0xaa/0x120
[  260.661452][ T9971]  ? __lock_acquire+0x7c80/0x7c80
[  260.666528][ T9971]  should_fail_ex+0x39d/0x4d0
[  260.671266][ T9971]  _copy_from_user+0x2f/0xe0
[  260.675911][ T9971]  ___sys_sendmsg+0x159/0x290
[  260.680733][ T9971]  ? __sys_sendmsg+0x270/0x270
[  260.685640][ T9971]  ? __lock_acquire+0x7c80/0x7c80
[  260.690803][ T9971]  __se_sys_sendmsg+0x1a5/0x270
[  260.695726][ T9971]  ? __x64_sys_sendmsg+0x80/0x80
[  260.700776][ T9971]  ? lockdep_hardirqs_on+0x98/0x150
[  260.706041][ T9971]  do_syscall_64+0x55/0xb0
[  260.710530][ T9971]  ? clear_bhb_loop+0x40/0x90
[  260.715271][ T9971]  ? clear_bhb_loop+0x40/0x90
[  260.720017][ T9971]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  260.726076][ T9971] RIP: 0033:0x7fe60c38ebe9
[  260.730540][ T9971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.750418][ T9971] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  260.759058][ T9971] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  260.767270][ T9971] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  260.775317][ T9971] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  260.783441][ T9971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.791486][ T9971] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  260.799670][ T9971]  </TASK>
[  261.271297][ T9985] team0: left promiscuous mode
[  261.276325][ T9985] team_slave_0: left promiscuous mode
[  261.288552][ T9985] team_slave_1: left promiscuous mode
[  261.332942][ T9985] batman_adv: batadv0: Adding interface: team0
[  261.339424][ T9985] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.366827][ T9985] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  261.381716][ T9987] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1367'.
[  261.391369][ T9987] team0: entered promiscuous mode
[  261.396810][ T9987] team_slave_0: entered promiscuous mode
[  261.402989][ T9987] team_slave_1: entered promiscuous mode
[  261.415054][ T9987] 8021q: adding VLAN 0 to HW filter on device team0
[  261.422665][ T9987] batman_adv: batadv0: Interface activated: team0
[  261.432577][ T9987] batman_adv: batadv0: Interface deactivated: team0
[  261.439839][ T9987] batman_adv: batadv0: Removing interface: team0
[  261.706712][T10001] team0: left promiscuous mode
[  261.714965][T10001] team_slave_0: left promiscuous mode
[  261.721598][T10001] team_slave_1: left promiscuous mode
[  261.741818][T10001] batman_adv: batadv0: Adding interface: team0
[  261.757350][T10001] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.820211][T10001] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  261.902815][T10000] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1371'.
[  262.007623][T10003] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1379'.
[  262.016943][T10003] team0: entered promiscuous mode
[  262.037446][T10003] team_slave_0: entered promiscuous mode
[  262.054039][T10003] team_slave_1: entered promiscuous mode
[  262.069674][T10003] 8021q: adding VLAN 0 to HW filter on device team0
[  262.097666][T10003] batman_adv: batadv0: Interface activated: team0
[  262.106856][T10003] batman_adv: batadv0: Interface deactivated: team0
[  262.125316][T10003] batman_adv: batadv0: Removing interface: team0
[  262.152266][T10011] FAULT_INJECTION: forcing a failure.
[  262.152266][T10011] name failslab, interval 1, probability 0, space 0, times 0
[  262.165503][T10011] CPU: 1 PID: 10011 Comm: syz.3.1373 Not tainted 6.6.102-syzkaller #0
[  262.173783][T10011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  262.183858][T10011] Call Trace:
[  262.187435][T10011]  <TASK>
[  262.190383][T10011]  dump_stack_lvl+0x16c/0x230
[  262.195172][T10011]  ? lock_chain_count+0x20/0x20
[  262.200215][T10011]  ? show_regs_print_info+0x20/0x20
[  262.205604][T10011]  ? load_image+0x3b0/0x3b0
[  262.210158][T10011]  should_fail_ex+0x39d/0x4d0
[  262.214948][T10011]  should_failslab+0x9/0x20
[  262.219472][T10011]  slab_pre_alloc_hook+0x59/0x310
[  262.224611][T10011]  kmem_cache_alloc+0x5a/0x2e0
[  262.229394][T10011]  ? __inet_hash_connect+0x828/0x18d0
[  262.234883][T10011]  __inet_hash_connect+0x828/0x18d0
[  262.240199][T10011]  ? inet_hash_connect+0x130/0x130
[  262.245349][T10011]  ? inet_bhash2_reset_saddr+0x80/0x80
[  262.250843][T10011]  tcp_v4_connect+0xca6/0x18d0
[  262.255714][T10011]  ? __stack_depot_save+0x1f/0x630
[  262.260862][T10011]  ? tcp_twsk_unique+0x990/0x990
[  262.265854][T10011]  __inet_stream_connect+0x2a8/0xe60
[  262.271236][T10011]  ? inet_dgram_connect+0x360/0x360
[  262.276477][T10011]  tcp_sendmsg_fastopen+0x3a7/0x5d0
[  262.281838][T10011]  tcp_sendmsg_locked+0x4555/0x4af0
[  262.287110][T10011]  ? verify_lock_unused+0x140/0x140
[  262.292507][T10011]  ? perf_trace_lock_acquire+0xfb/0x3e0
[  262.298075][T10011]  ? tcp_sendmsg+0x21/0x50
[  262.302554][T10011]  ? perf_trace_lock+0xf7/0x380
[  262.307468][T10011]  ? mark_lock+0x94/0x320
[  262.311856][T10011]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  262.317947][T10011]  ? lock_chain_count+0x20/0x20
[  262.322819][T10011]  ? tcp_set_state+0x650/0x650
[  262.327706][T10011]  tcp_sendmsg+0x2f/0x50
[  262.331992][T10011]  ? inet_send_prepare+0x260/0x260
[  262.337217][T10011]  ____sys_sendmsg+0x5bf/0x950
[  262.342060][T10011]  ? __asan_memset+0x22/0x40
[  262.346739][T10011]  ? __sys_sendmsg_sock+0x30/0x30
[  262.351790][T10011]  ? __import_iovec+0x3fa/0x860
[  262.356762][T10011]  ? import_iovec+0x73/0xa0
[  262.361552][T10011]  ___sys_sendmsg+0x220/0x290
[  262.366327][T10011]  ? __sys_sendmsg+0x270/0x270
[  262.371140][T10011]  ? __lock_acquire+0x7c80/0x7c80
[  262.376228][T10011]  __se_sys_sendmsg+0x1a5/0x270
[  262.381140][T10011]  ? __x64_sys_sendmsg+0x80/0x80
[  262.386287][T10011]  ? lockdep_hardirqs_on+0x98/0x150
[  262.391605][T10011]  do_syscall_64+0x55/0xb0
[  262.396039][T10011]  ? clear_bhb_loop+0x40/0x90
[  262.400823][T10011]  ? clear_bhb_loop+0x40/0x90
[  262.405537][T10011]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  262.411464][T10011] RIP: 0033:0x7f5108b8ebe9
[  262.415980][T10011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.435693][T10011] RSP: 002b:00007f5109a00038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.444263][T10011] RAX: ffffffffffffffda RBX: 00007f5108db6090 RCX: 00007f5108b8ebe9
[  262.452286][T10011] RDX: 000000003000c085 RSI: 0000200000000080 RDI: 0000000000000007
[  262.460273][T10011] RBP: 00007f5109a00090 R08: 0000000000000000 R09: 0000000000000000
[  262.468381][T10011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.476562][T10011] R13: 00007f5108db6128 R14: 00007f5108db6090 R15: 00007ffc57d0ca58
[  262.484575][T10011]  </TASK>
[  262.531810][T10007] syzkaller0: entered allmulticast mode
[  262.665950][T10007] validate_nla: 8 callbacks suppressed
[  262.666241][T10007] netlink: 'syz.1.1372': attribute type 4 has an invalid length.
[  262.686554][T10007] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1372'.
[  263.060330][T10015] netlink: 'syz.0.1374': attribute type 10 has an invalid length.
[  263.096849][T10019] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1375'.
[  263.113359][T10021] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1376'.
[  263.394168][T10027] netlink: 'syz.0.1378': attribute type 10 has an invalid length.
[  263.749593][T10042] netlink: 'syz.3.1383': attribute type 10 has an invalid length.
[  263.769044][T10042] team0: left promiscuous mode
[  263.773997][T10042] team_slave_0: left promiscuous mode
[  263.788759][T10042] team_slave_1: left promiscuous mode
[  263.827502][T10044] netlink: 'syz.3.1383': attribute type 10 has an invalid length.
[  263.853070][T10044] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1383'.
[  263.886132][T10044] team0: entered promiscuous mode
[  263.903004][T10044] team_slave_0: entered promiscuous mode
[  263.921196][T10044] team_slave_1: entered promiscuous mode
[  263.962093][T10044] 8021q: adding VLAN 0 to HW filter on device team0
[  264.534697][T10056] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1386'.
[  264.580472][T10058] netlink: 'syz.2.1394': attribute type 10 has an invalid length.
[  264.590638][T10058] team0: left promiscuous mode
[  264.600002][T10058] team_slave_0: left promiscuous mode
[  264.605814][T10058] team_slave_1: left promiscuous mode
[  264.644609][T10061] netlink: 'syz.2.1394': attribute type 10 has an invalid length.
[  264.666822][T10061] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1394'.
[  264.711074][T10061] team0: entered promiscuous mode
[  264.732664][T10061] team_slave_0: entered promiscuous mode
[  264.747516][T10061] team_slave_1: entered promiscuous mode
[  264.783733][T10061] 8021q: adding VLAN 0 to HW filter on device team0
[  264.889392][T10062] netlink: 'syz.1.1387': attribute type 10 has an invalid length.
[  264.961875][T10067] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1389'.
[  264.996516][T10064] netlink: 'syz.3.1388': attribute type 4 has an invalid length.
[  265.641056][T10079] FAULT_INJECTION: forcing a failure.
[  265.641056][T10079] name failslab, interval 1, probability 0, space 0, times 0
[  265.656010][T10079] CPU: 0 PID: 10079 Comm: syz.1.1393 Not tainted 6.6.102-syzkaller #0
[  265.664582][T10079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  265.674741][T10079] Call Trace:
[  265.678131][T10079]  <TASK>
[  265.681100][T10079]  dump_stack_lvl+0x16c/0x230
[  265.685802][T10079]  ? show_regs_print_info+0x20/0x20
[  265.691146][T10079]  ? load_image+0x3b0/0x3b0
[  265.695712][T10079]  should_fail_ex+0x39d/0x4d0
[  265.700497][T10079]  should_failslab+0x9/0x20
[  265.705032][T10079]  slab_pre_alloc_hook+0x59/0x310
[  265.710081][T10079]  kmem_cache_alloc_node+0x60/0x330
[  265.715383][T10079]  ? __asan_memcpy+0x40/0x70
[  265.719990][T10079]  ? __alloc_skb+0x108/0x2c0
[  265.724631][T10079]  __alloc_skb+0x108/0x2c0
[  265.729075][T10079]  wireless_send_event+0x536/0xc00
[  265.734327][T10079]  ? wireless_nlevent_flush+0x110/0x110
[  265.739936][T10079]  ioctl_standard_call+0x15e/0x2b0
[  265.745168][T10079]  ? trace_rdev_return_int+0x1c0/0x1c0
[  265.750744][T10079]  wext_ioctl_dispatch+0x1cb/0x5f0
[  265.755872][T10079]  ? wext_ioctl_dispatch+0x5f0/0x5f0
[  265.761268][T10079]  ? iw_handler_get_private+0x1f0/0x1f0
[  265.766828][T10079]  ? wext_handle_ioctl+0x1c0/0x1c0
[  265.771953][T10079]  ? __might_fault+0xaa/0x120
[  265.776749][T10079]  ? __might_fault+0xc6/0x120
[  265.781486][T10079]  ? __might_fault+0xaa/0x120
[  265.786284][T10079]  wext_handle_ioctl+0x108/0x1c0
[  265.791284][T10079]  ? call_commit_handler+0xf0/0xf0
[  265.796442][T10079]  sock_ioctl+0x160/0x7a0
[  265.800798][T10079]  ? sock_poll+0x3d0/0x3d0
[  265.805249][T10079]  ? bpf_lsm_file_ioctl+0x9/0x10
[  265.810203][T10079]  ? security_file_ioctl+0x80/0xa0
[  265.815336][T10079]  ? sock_poll+0x3d0/0x3d0
[  265.819789][T10079]  __se_sys_ioctl+0xfd/0x170
[  265.824574][T10079]  do_syscall_64+0x55/0xb0
[  265.829098][T10079]  ? clear_bhb_loop+0x40/0x90
[  265.834067][T10079]  ? clear_bhb_loop+0x40/0x90
[  265.838841][T10079]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  265.844776][T10079] RIP: 0033:0x7fce3098ebe9
[  265.849228][T10079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.868991][T10079] RSP: 002b:00007fce31816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  265.877529][T10079] RAX: ffffffffffffffda RBX: 00007fce30bb5fa0 RCX: 00007fce3098ebe9
[  265.885687][T10079] RDX: 0000200000000000 RSI: 0000000000008b04 RDI: 0000000000000004
[  265.893669][T10079] RBP: 00007fce31816090 R08: 0000000000000000 R09: 0000000000000000
[  265.901657][T10079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.909734][T10079] R13: 00007fce30bb6038 R14: 00007fce30bb5fa0 R15: 00007ffc08e18ec8
[  265.917754][T10079]  </TASK>
[  265.930866][T10078] netlink: 'syz.2.1392': attribute type 10 has an invalid length.
[  266.779334][T10099] __nla_validate_parse: 2 callbacks suppressed
[  266.779359][T10099] netlink: 14546 bytes leftover after parsing attributes in process `syz.1.1400'.
[  267.334160][T10112] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  267.668724][T10119] validate_nla: 2 callbacks suppressed
[  267.668744][T10119] netlink: 'syz.1.1407': attribute type 10 has an invalid length.
[  268.043838][T10128] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1411'.
[  268.326863][T10139] netlink: 'syz.2.1414': attribute type 10 has an invalid length.
[  268.335482][T10139] team0: left promiscuous mode
[  268.340882][T10139] team_slave_0: left promiscuous mode
[  268.346481][T10139] team_slave_1: left promiscuous mode
[  268.375285][T10139] netlink: 'syz.2.1414': attribute type 10 has an invalid length.
[  268.384668][T10139] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1414'.
[  268.395103][T10139] team0: entered promiscuous mode
[  268.401108][T10139] team_slave_0: entered promiscuous mode
[  268.410107][T10139] team_slave_1: entered promiscuous mode
[  268.420066][T10139] 8021q: adding VLAN 0 to HW filter on device team0
[  268.541940][T10146] netlink: 17279 bytes leftover after parsing attributes in process `syz.0.1416'.
[  268.674021][T10150] netlink: 'syz.3.1417': attribute type 10 has an invalid length.
[  268.683864][T10152] netlink: 'syz.2.1418': attribute type 10 has an invalid length.
[  268.964355][T10154] netlink: 'syz.0.1419': attribute type 10 has an invalid length.
[  269.032242][T10166] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1421'.
[  269.618690][T10182] netlink: 'syz.1.1427': attribute type 10 has an invalid length.
[  269.661249][T10182] bridge0: port 2(team0) entered disabled state
[  269.680165][T10182] team0: left allmulticast mode
[  269.685233][T10182] team_slave_0: left allmulticast mode
[  269.696073][T10182] team_slave_1: left allmulticast mode
[  269.711187][T10182] team0: left promiscuous mode
[  269.716221][T10182] team_slave_0: left promiscuous mode
[  269.724739][T10182] team_slave_1: left promiscuous mode
[  269.734587][T10182] bridge0: port 2(team0) entered disabled state
[  269.774886][T10182] batman_adv: batadv0: Adding interface: team0
[  269.785316][T10182] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.812071][T10182] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  269.824174][T10184] netlink: 'syz.0.1426': attribute type 21 has an invalid length.
[  269.868153][T10185] tap0: tun_chr_ioctl cmd 2147767521
[  269.874464][T10187] netlink: 'syz.1.1427': attribute type 10 has an invalid length.
[  269.903997][T10187] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1427'.
[  269.917308][T10187] team0: entered promiscuous mode
[  269.922551][T10187] team_slave_0: entered promiscuous mode
[  269.933517][T10187] team_slave_1: entered promiscuous mode
[  269.946007][T10187] 8021q: adding VLAN 0 to HW filter on device team0
[  269.953591][T10187] batman_adv: batadv0: Interface activated: team0
[  269.960509][T10187] batman_adv: batadv0: Interface deactivated: team0
[  269.968075][T10187] batman_adv: batadv0: Removing interface: team0
[  269.975828][T10187] bridge0: port 2(team0) entered blocking state
[  269.983574][T10187] bridge0: port 2(team0) entered disabled state
[  269.990331][T10187] team0: entered allmulticast mode
[  269.995625][T10187] team_slave_0: entered allmulticast mode
[  270.001897][T10187] team_slave_1: entered allmulticast mode
[  270.010874][T10187] bridge0: port 2(team0) entered blocking state
[  270.017545][T10187] bridge0: port 2(team0) entered forwarding state
[  270.025890][T10183] netlink: 'syz.3.1428': attribute type 10 has an invalid length.
[  270.418085][T10203] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1433'.
[  270.499250][T10209] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1435'.
[  271.527522][T10233] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1441'.
[  273.342942][T10253] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1445'.
[  273.412064][T10237] syzkaller0: entered promiscuous mode
[  273.418456][T10237] syzkaller0: entered allmulticast mode
[  273.475723][T10245] validate_nla: 5 callbacks suppressed
[  273.475741][T10245] netlink: 'syz.3.1443': attribute type 10 has an invalid length.
[  273.493732][T10255] netlink: 'syz.1.1446': attribute type 8 has an invalid length.
[  273.505084][T10255] netlink: 'syz.1.1446': attribute type 9 has an invalid length.
[  273.513307][T10255] netlink: 'syz.1.1446': attribute type 10 has an invalid length.
[  273.527291][T10255] netlink: 'syz.1.1446': attribute type 11 has an invalid length.
[  273.551672][T10255] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1446'.
[  273.724269][T10264] netlink: 'syz.1.1450': attribute type 10 has an invalid length.
[  273.751709][T10264] bridge0: port 2(team0) entered disabled state
[  273.773745][T10264] team0: left allmulticast mode
[  273.779951][T10264] team_slave_0: left allmulticast mode
[  273.785752][T10264] team_slave_1: left allmulticast mode
[  273.799011][T10264] team0: left promiscuous mode
[  273.804224][T10264] team_slave_0: left promiscuous mode
[  273.813978][T10264] team_slave_1: left promiscuous mode
[  273.822499][T10264] bridge0: port 2(team0) entered disabled state
[  273.837807][T10264] batman_adv: batadv0: Adding interface: team0
[  273.844322][T10264] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  273.875154][T10264] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  273.917707][T10267] netlink: 'syz.1.1450': attribute type 10 has an invalid length.
[  273.925767][T10267] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1450'.
[  273.957691][T10267] team0: entered promiscuous mode
[  273.962906][T10267] team_slave_0: entered promiscuous mode
[  273.987644][T10267] team_slave_1: entered promiscuous mode
[  274.003621][T10267] 8021q: adding VLAN 0 to HW filter on device team0
[  274.013489][T10267] batman_adv: batadv0: Interface activated: team0
[  274.020882][T10267] batman_adv: batadv0: Interface deactivated: team0
[  274.029167][T10267] batman_adv: batadv0: Removing interface: team0
[  274.037440][T10267] bridge0: port 2(team0) entered blocking state
[  274.044191][T10267] bridge0: port 2(team0) entered disabled state
[  274.051563][T10267] team0: entered allmulticast mode
[  274.056770][T10267] team_slave_0: entered allmulticast mode
[  274.063142][T10267] team_slave_1: entered allmulticast mode
[  274.071012][T10267] bridge0: port 2(team0) entered blocking state
[  274.077471][T10267] bridge0: port 2(team0) entered forwarding state
[  274.089949][T10269] netlink: 'syz.0.1451': attribute type 10 has an invalid length.
[  274.119603][T10272] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1452'.
[  274.476840][T10282] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1455'.
[  274.655747][T10284] netlink: 'syz.2.1456': attribute type 10 has an invalid length.
[  274.676548][T10284] team0: left promiscuous mode
[  274.682279][T10284] team_slave_0: left promiscuous mode
[  274.693330][T10284] team_slave_1: left promiscuous mode
[  274.767164][T10287] netlink: 'syz.2.1456': attribute type 10 has an invalid length.
[  274.776334][T10287] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1456'.
[  274.825479][T10287] team0: entered promiscuous mode
[  274.862665][T10287] team_slave_0: entered promiscuous mode
[  274.889921][T10287] team_slave_1: entered promiscuous mode
[  274.913150][T10287] 8021q: adding VLAN 0 to HW filter on device team0
[  275.200952][T10296] FAULT_INJECTION: forcing a failure.
[  275.200952][T10296] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.229307][T10296] CPU: 0 PID: 10296 Comm: syz.0.1461 Not tainted 6.6.102-syzkaller #0
[  275.237556][T10296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  275.247684][T10296] Call Trace:
[  275.251146][T10296]  <TASK>
[  275.254089][T10296]  dump_stack_lvl+0x16c/0x230
[  275.258972][T10296]  ? show_regs_print_info+0x20/0x20
[  275.264194][T10296]  ? load_image+0x3b0/0x3b0
[  275.268724][T10296]  ? __might_fault+0xaa/0x120
[  275.273413][T10296]  ? __lock_acquire+0x7c80/0x7c80
[  275.278449][T10296]  ? perf_trace_lock+0xf7/0x380
[  275.283764][T10296]  should_fail_ex+0x39d/0x4d0
[  275.288462][T10296]  _copy_from_user+0x2f/0xe0
[  275.293160][T10296]  ___sys_sendmsg+0x159/0x290
[  275.297856][T10296]  ? __sys_sendmsg+0x270/0x270
[  275.302656][T10296]  ? __lock_acquire+0x7c80/0x7c80
[  275.307891][T10296]  __se_sys_sendmsg+0x1a5/0x270
[  275.312770][T10296]  ? __x64_sys_sendmsg+0x80/0x80
[  275.317831][T10296]  ? lockdep_hardirqs_on+0x98/0x150
[  275.323094][T10296]  do_syscall_64+0x55/0xb0
[  275.327703][T10296]  ? clear_bhb_loop+0x40/0x90
[  275.332395][T10296]  ? clear_bhb_loop+0x40/0x90
[  275.337145][T10296]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  275.343160][T10296] RIP: 0033:0x7fe60c38ebe9
[  275.347596][T10296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.367398][T10296] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  275.375915][T10296] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  275.383909][T10296] RDX: 0000000020004050 RSI: 0000200000000140 RDI: 0000000000000003
[  275.391990][T10296] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  275.400061][T10296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.408216][T10296] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  275.416218][T10296]  </TASK>
[  275.588543][T10301] team0: left promiscuous mode
[  275.593410][T10301] team_slave_0: left promiscuous mode
[  275.608252][T10301] team_slave_1: left promiscuous mode
[  275.675776][T10301] batman_adv: batadv0: Adding interface: team0
[  275.703870][T10309] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1465'.
[  275.708650][T10301] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  275.747251][T10301] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  275.771643][T10304] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1462'.
[  275.807337][T10304] team0: entered promiscuous mode
[  275.812839][T10304] team_slave_0: entered promiscuous mode
[  275.821435][T10304] team_slave_1: entered promiscuous mode
[  275.852478][T10304] 8021q: adding VLAN 0 to HW filter on device team0
[  275.860816][T10304] batman_adv: batadv0: Interface activated: team0
[  275.877342][T10304] batman_adv: batadv0: Interface deactivated: team0
[  275.904595][T10304] batman_adv: batadv0: Removing interface: team0
[  277.885835][T10344] team0: left promiscuous mode
[  277.891776][T10344] team_slave_0: left promiscuous mode
[  277.898869][T10344] team_slave_1: left promiscuous mode
[  277.945951][T10344] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1472'.
[  277.965789][T10344] team0: entered promiscuous mode
[  277.981804][T10344] team_slave_0: entered promiscuous mode
[  277.990789][T10344] team_slave_1: entered promiscuous mode
[  278.001370][T10344] 8021q: adding VLAN 0 to HW filter on device team0
[  278.052753][T10341] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1475'.
[  278.316576][T10353] team0: left promiscuous mode
[  278.324746][T10353] team_slave_0: left promiscuous mode
[  278.335674][T10353] team_slave_1: left promiscuous mode
[  278.373164][T10355] team0: left promiscuous mode
[  278.378359][T10355] team_slave_0: left promiscuous mode
[  278.384021][T10355] team_slave_1: left promiscuous mode
[  278.408964][T10355] batman_adv: batadv0: Adding interface: team0
[  278.415775][T10355] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.442677][T10355] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  278.460974][T10356] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1479'.
[  278.470634][T10356] team0: entered promiscuous mode
[  278.476120][T10356] team_slave_0: entered promiscuous mode
[  278.483790][T10356] team_slave_1: entered promiscuous mode
[  278.492322][T10356] 8021q: adding VLAN 0 to HW filter on device team0
[  278.500438][T10359] validate_nla: 13 callbacks suppressed
[  278.500455][T10359] netlink: 'syz.0.1478': attribute type 10 has an invalid length.
[  278.515328][T10359] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1478'.
[  278.524827][T10359] team0: entered promiscuous mode
[  278.531534][T10359] team_slave_0: entered promiscuous mode
[  278.539031][T10359] team_slave_1: entered promiscuous mode
[  278.547216][T10359] 8021q: adding VLAN 0 to HW filter on device team0
[  278.554393][T10359] batman_adv: batadv0: Interface activated: team0
[  278.561725][T10359] batman_adv: batadv0: Interface deactivated: team0
[  278.568968][T10359] batman_adv: batadv0: Removing interface: team0
[  278.578426][T10358] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1480'.
[  278.635812][T10364] netlink: 'syz.1.1489': attribute type 10 has an invalid length.
[  278.649631][T10364] bridge0: port 2(team0) entered disabled state
[  278.683748][T10364] team0: left allmulticast mode
[  278.697296][T10364] team_slave_0: left allmulticast mode
[  278.702935][T10364] team_slave_1: left allmulticast mode
[  278.759524][T10364] team0: left promiscuous mode
[  278.784002][T10364] team_slave_0: left promiscuous mode
[  278.789890][T10364] team_slave_1: left promiscuous mode
[  278.795933][T10364] bridge0: port 2(team0) entered disabled state
[  278.816079][T10364] batman_adv: batadv0: Adding interface: team0
[  278.826487][T10364] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.858106][T10364] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  278.882098][T10367] netlink: 'syz.1.1489': attribute type 10 has an invalid length.
[  278.909813][T10367] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1489'.
[  278.925266][T10367] team0: entered promiscuous mode
[  278.935604][T10367] team_slave_0: entered promiscuous mode
[  278.945577][T10367] team_slave_1: entered promiscuous mode
[  278.955973][T10367] 8021q: adding VLAN 0 to HW filter on device team0
[  278.968352][T10367] batman_adv: batadv0: Interface activated: team0
[  278.975459][T10367] batman_adv: batadv0: Interface deactivated: team0
[  278.984649][T10367] batman_adv: batadv0: Removing interface: team0
[  278.995715][T10367] bridge0: port 2(team0) entered blocking state
[  279.004486][T10367] bridge0: port 2(team0) entered disabled state
[  279.013242][T10367] team0: entered allmulticast mode
[  279.020955][T10367] team_slave_0: entered allmulticast mode
[  279.029950][T10367] team_slave_1: entered allmulticast mode
[  279.043529][T10367] bridge0: port 2(team0) entered blocking state
[  279.050172][T10367] bridge0: port 2(team0) entered forwarding state
[  279.062204][T10370] netlink: 'syz.0.1482': attribute type 21 has an invalid length.
[  279.073716][T10370] netlink: 'syz.0.1482': attribute type 1 has an invalid length.
[  279.152510][T10378] netlink: 'syz.2.1484': attribute type 16 has an invalid length.
[  279.203452][T10378] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1484'.
[  279.276003][T10380] netlink: 'syz.3.1485': attribute type 10 has an invalid length.
[  279.284507][T10380] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1485'.
[  279.294348][T10380] bond0: entered promiscuous mode
[  279.300091][T10380] bond_slave_1: entered promiscuous mode
[  279.305941][T10380] bridge_slave_1: entered promiscuous mode
[  279.383045][T10383] netlink: 'syz.0.1486': attribute type 10 has an invalid length.
[  279.503909][T10389] netlink: 'syz.1.1496': attribute type 10 has an invalid length.
[  279.525962][T10389] bridge0: port 2(team0) entered disabled state
[  279.542893][T10389] team0: left allmulticast mode
[  279.555322][T10389] team_slave_0: left allmulticast mode
[  279.561736][T10389] team_slave_1: left allmulticast mode
[  279.568122][T10389] team0: left promiscuous mode
[  279.572962][T10389] team_slave_0: left promiscuous mode
[  279.578963][T10389] team_slave_1: left promiscuous mode
[  279.584933][T10389] bridge0: port 2(team0) entered disabled state
[  279.595398][T10389] batman_adv: batadv0: Adding interface: team0
[  279.601821][T10389] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.629963][T10389] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  279.651407][T10393] netlink: 'syz.1.1496': attribute type 10 has an invalid length.
[  279.671150][T10393] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1496'.
[  279.680774][T10393] team0: entered promiscuous mode
[  279.685878][T10393] team_slave_0: entered promiscuous mode
[  279.693141][T10393] team_slave_1: entered promiscuous mode
[  279.705617][T10393] 8021q: adding VLAN 0 to HW filter on device team0
[  279.716607][T10393] batman_adv: batadv0: Interface activated: team0
[  279.724096][T10393] batman_adv: batadv0: Interface deactivated: team0
[  279.732046][T10393] batman_adv: batadv0: Removing interface: team0
[  279.740350][T10393] bridge0: port 2(team0) entered blocking state
[  279.748009][T10393] bridge0: port 2(team0) entered disabled state
[  279.754856][T10393] team0: entered allmulticast mode
[  279.760531][T10393] team_slave_0: entered allmulticast mode
[  279.766456][T10393] team_slave_1: entered allmulticast mode
[  279.776138][T10393] bridge0: port 2(team0) entered blocking state
[  279.782832][T10393] bridge0: port 2(team0) entered forwarding state
[  279.793089][T10395] team0: left promiscuous mode
[  279.805856][T10395] team_slave_0: left promiscuous mode
[  279.816298][T10395] team_slave_1: left promiscuous mode
[  279.852816][T10395] batman_adv: batadv0: Adding interface: team0
[  279.861227][T10395] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.891923][T10395] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  279.909589][T10403] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1491'.
[  279.921907][T10391] netlink: 192 bytes leftover after parsing attributes in process `syz.3.1487'.
[  279.958769][T10397] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1490'.
[  279.975424][T10397] team0: entered promiscuous mode
[  279.982535][T10397] team_slave_0: entered promiscuous mode
[  279.989567][T10397] team_slave_1: entered promiscuous mode
[  279.998575][T10397] 8021q: adding VLAN 0 to HW filter on device team0
[  280.006119][T10397] batman_adv: batadv0: Interface activated: team0
[  280.035045][T10397] batman_adv: batadv0: Interface deactivated: team0
[  280.042857][T10397] batman_adv: batadv0: Removing interface: team0
[  280.129714][T10408] team0: left promiscuous mode
[  280.135374][T10408] team_slave_0: left promiscuous mode
[  280.147351][T10408] team_slave_1: left promiscuous mode
[  280.180288][T10408] team0: entered promiscuous mode
[  280.185667][T10408] team_slave_0: entered promiscuous mode
[  280.192261][T10408] team_slave_1: entered promiscuous mode
[  280.200651][T10408] 8021q: adding VLAN 0 to HW filter on device team0
[  280.494078][T10421] bond0: entered promiscuous mode
[  280.511087][T10421] bond_slave_1: entered promiscuous mode
[  280.519515][T10421] bridge_slave_1: entered promiscuous mode
[  280.651253][T10429] team0: left promiscuous mode
[  280.658912][T10429] team_slave_0: left promiscuous mode
[  280.665105][T10429] team_slave_1: left promiscuous mode
[  280.681039][T10429] batman_adv: batadv0: Adding interface: team0
[  280.718186][T10429] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.774343][T10429] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  280.798023][T10434] team0: entered promiscuous mode
[  280.816895][T10434] team_slave_0: entered promiscuous mode
[  280.842996][T10434] team_slave_1: entered promiscuous mode
[  280.891122][T10434] 8021q: adding VLAN 0 to HW filter on device team0
[  280.917584][T10434] batman_adv: batadv0: Interface activated: team0
[  280.949185][T10434] batman_adv: batadv0: Interface deactivated: team0
[  280.955996][T10434] batman_adv: batadv0: Removing interface: team0
[  281.072383][T10441] team0: left promiscuous mode
[  281.101327][T10441] team_slave_0: left promiscuous mode
[  281.110983][T10441] team_slave_1: left promiscuous mode
[  281.130729][T10444] team0: entered promiscuous mode
[  281.138620][T10444] team_slave_0: entered promiscuous mode
[  281.145387][T10447] FAULT_INJECTION: forcing a failure.
[  281.145387][T10447] name failslab, interval 1, probability 0, space 0, times 0
[  281.150691][T10444] team_slave_1: entered promiscuous mode
[  281.162439][T10447] CPU: 0 PID: 10447 Comm: syz.1.1505 Not tainted 6.6.102-syzkaller #0
[  281.167632][T10444] 8021q: adding VLAN 0 to HW filter on device team0
[  281.172523][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  281.172541][T10447] Call Trace:
[  281.172552][T10447]  <TASK>
[  281.172561][T10447]  dump_stack_lvl+0x16c/0x230
[  281.200434][T10447]  ? show_regs_print_info+0x20/0x20
[  281.205773][T10447]  ? load_image+0x3b0/0x3b0
[  281.210348][T10447]  ? __might_sleep+0xe0/0xe0
[  281.214993][T10447]  ? __lock_acquire+0x7c80/0x7c80
[  281.220087][T10447]  ? perf_trace_lock+0xf7/0x380
[  281.225024][T10447]  should_fail_ex+0x39d/0x4d0
[  281.229819][T10447]  should_failslab+0x9/0x20
[  281.234468][T10447]  slab_pre_alloc_hook+0x59/0x310
[  281.238836][T10437] syzkaller0: entered promiscuous mode
[  281.239621][T10447]  ? __get_vm_area_node+0x125/0x370
[  281.239657][T10447]  __kmem_cache_alloc_node+0x53/0x260
[  281.247085][T10437] syzkaller0: entered allmulticast mode
[  281.250409][T10447]  ? __get_vm_area_node+0x125/0x370
[  281.250444][T10447]  kmalloc_node_trace+0x26/0xe0
[  281.271514][T10447]  __get_vm_area_node+0x125/0x370
[  281.276703][T10447]  __vmalloc_node_range+0x36e/0x1320
[  281.282140][T10447]  ? netlink_sendmsg+0x5f3/0xbe0
[  281.287306][T10447]  ? netlink_insert+0x106a/0x1370
[  281.292495][T10447]  ? netlink_insert+0x2b3/0x1370
[  281.297497][T10447]  ? netlink_data_ready+0x10/0x10
[  281.302585][T10447]  ? free_vm_area+0x50/0x50
[  281.307159][T10447]  ? netlink_sendmsg+0x5f3/0xbe0
[  281.312142][T10447]  vmalloc+0x79/0x90
[  281.316061][T10447]  ? netlink_sendmsg+0x5f3/0xbe0
[  281.321020][T10447]  netlink_sendmsg+0x5f3/0xbe0
[  281.325819][T10447]  ? netlink_getsockopt+0x580/0x580
[  281.331052][T10447]  ? aa_sock_msg_perm+0x94/0x150
[  281.336042][T10447]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  281.341526][T10447]  ? security_socket_sendmsg+0x80/0xa0
[  281.346991][T10447]  sock_write_iter+0x2bb/0x3f0
[  281.351808][T10447]  ? sock_read_iter+0x3b0/0x3b0
[  281.357128][T10447]  ? common_file_perm+0x198/0x1f0
[  281.362393][T10447]  vfs_write+0x43b/0x940
[  281.366700][T10447]  ? file_end_write+0x250/0x250
[  281.371591][T10447]  ? __fget_files+0x44a/0x4d0
[  281.376339][T10447]  ? __fdget_pos+0x1d8/0x330
[  281.381101][T10447]  ? ksys_write+0x75/0x250
[  281.385679][T10447]  ksys_write+0x147/0x250
[  281.390153][T10447]  ? __ia32_sys_read+0x90/0x90
[  281.395055][T10447]  ? lockdep_hardirqs_on+0x98/0x150
[  281.400281][T10447]  do_syscall_64+0x55/0xb0
[  281.404729][T10447]  ? clear_bhb_loop+0x40/0x90
[  281.409534][T10447]  ? clear_bhb_loop+0x40/0x90
[  281.414344][T10447]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.420361][T10447] RIP: 0033:0x7fce3098ebe9
[  281.424794][T10447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.444685][T10447] RSP: 002b:00007fce31816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  281.453291][T10447] RAX: ffffffffffffffda RBX: 00007fce30bb5fa0 RCX: 00007fce3098ebe9
[  281.461316][T10447] RDX: 000000000000fe33 RSI: 0000200000000580 RDI: 0000000000000004
[  281.469313][T10447] RBP: 00007fce31816090 R08: 0000000000000000 R09: 0000000000000000
[  281.477388][T10447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.485361][T10447] R13: 00007fce30bb6038 R14: 00007fce30bb5fa0 R15: 00007ffc08e18ec8
[  281.493436][T10447]  </TASK>
[  281.513575][T10447] syz.1.1505: vmalloc error: size 65408, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  281.528738][T10447] CPU: 0 PID: 10447 Comm: syz.1.1505 Not tainted 6.6.102-syzkaller #0
[  281.536947][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  281.547148][T10447] Call Trace:
[  281.550472][T10447]  <TASK>
[  281.553529][T10447]  dump_stack_lvl+0x16c/0x230
[  281.558268][T10447]  ? show_regs_print_info+0x20/0x20
[  281.563522][T10447]  ? load_image+0x3b0/0x3b0
[  281.568093][T10447]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  281.574672][T10447]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[  281.581336][T10447]  warn_alloc+0x210/0x300
[  281.585832][T10447]  ? __get_vm_area_node+0x125/0x370
[  281.591096][T10447]  ? zone_watermark_ok_safe+0x230/0x230
[  281.596800][T10447]  ? rcu_is_watching+0x15/0xb0
[  281.601642][T10447]  ? __get_vm_area_node+0x356/0x370
[  281.606951][T10447]  __vmalloc_node_range+0x393/0x1320
[  281.612470][T10447]  ? netlink_insert+0x106a/0x1370
[  281.617562][T10447]  ? netlink_insert+0x2b3/0x1370
[  281.622538][T10447]  ? netlink_data_ready+0x10/0x10
[  281.627698][T10447]  ? free_vm_area+0x50/0x50
[  281.632273][T10447]  ? netlink_sendmsg+0x5f3/0xbe0
[  281.637268][T10447]  vmalloc+0x79/0x90
[  281.641288][T10447]  ? netlink_sendmsg+0x5f3/0xbe0
[  281.646254][T10447]  netlink_sendmsg+0x5f3/0xbe0
[  281.651068][T10447]  ? netlink_getsockopt+0x580/0x580
[  281.656317][T10447]  ? aa_sock_msg_perm+0x94/0x150
[  281.661485][T10447]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  281.666790][T10447]  ? security_socket_sendmsg+0x80/0xa0
[  281.672300][T10447]  sock_write_iter+0x2bb/0x3f0
[  281.677119][T10447]  ? sock_read_iter+0x3b0/0x3b0
[  281.682004][T10447]  ? common_file_perm+0x198/0x1f0
[  281.687055][T10447]  vfs_write+0x43b/0x940
[  281.691356][T10447]  ? file_end_write+0x250/0x250
[  281.696228][T10447]  ? __fget_files+0x44a/0x4d0
[  281.701018][T10447]  ? __fdget_pos+0x1d8/0x330
[  281.705624][T10447]  ? ksys_write+0x75/0x250
[  281.710103][T10447]  ksys_write+0x147/0x250
[  281.714565][T10447]  ? __ia32_sys_read+0x90/0x90
[  281.719436][T10447]  ? lockdep_hardirqs_on+0x98/0x150
[  281.724658][T10447]  do_syscall_64+0x55/0xb0
[  281.729130][T10447]  ? clear_bhb_loop+0x40/0x90
[  281.733961][T10447]  ? clear_bhb_loop+0x40/0x90
[  281.738678][T10447]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.744607][T10447] RIP: 0033:0x7fce3098ebe9
[  281.749123][T10447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.769526][T10447] RSP: 002b:00007fce31816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  281.778132][T10447] RAX: ffffffffffffffda RBX: 00007fce30bb5fa0 RCX: 00007fce3098ebe9
[  281.786133][T10447] RDX: 000000000000fe33 RSI: 0000200000000580 RDI: 0000000000000004
[  281.794123][T10447] RBP: 00007fce31816090 R08: 0000000000000000 R09: 0000000000000000
[  281.802103][T10447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.810259][T10447] R13: 00007fce30bb6038 R14: 00007fce30bb5fa0 R15: 00007ffc08e18ec8
[  281.818341][T10447]  </TASK>
[  281.827385][T10447] Mem-Info:
[  281.832406][T10447] active_anon:5225 inactive_anon:0 isolated_anon:0
[  281.832406][T10447]  active_file:2080 inactive_file:39905 isolated_file:0
[  281.832406][T10447]  unevictable:768 dirty:500 writeback:0
[  281.832406][T10447]  slab_reclaimable:10334 slab_unreclaimable:100443
[  281.832406][T10447]  mapped:26064 shmem:1361 pagetables:528
[  281.832406][T10447]  sec_pagetables:0 bounce:0
[  281.832406][T10447]  kernel_misc_reclaimable:0
[  281.832406][T10447]  free:1358013 free_pcp:10626 free_cma:0
[  281.883071][T10447] Node 0 active_anon:21000kB inactive_anon:0kB active_file:8320kB inactive_file:159416kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104256kB dirty:2000kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11832kB pagetables:2212kB sec_pagetables:0kB all_unreclaimable? no
[  281.916966][T10447] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  281.995064][T10447] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  282.023382][T10447] lowmem_reserve[]: 0 2525 2526 2526 2526
[  282.029468][T10447] Node 0 DMA32 free:1525104kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:20956kB inactive_anon:0kB active_file:8320kB inactive_file:158092kB unevictable:1536kB writepending:2000kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:20256kB local_pcp:14696kB free_cma:0kB
[  282.061279][T10447] lowmem_reserve[]: 0 0 1 1 1
[  282.066173][T10447] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  282.094083][T10447] lowmem_reserve[]: 0 0 0 0 0
[  282.099350][T10447] Node 1 Normal free:3891572kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22700kB local_pcp:11948kB free_cma:0kB
[  282.134652][T10447] lowmem_reserve[]: 0 0 0 0 0
[  282.139710][T10447] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  282.155547][T10447] Node 0 DMA32: 0*4kB 920*8kB (UME) 369*16kB (UME) 23*32kB (ME) 13*64kB (ME) 5*128kB (ME) 9*256kB (UME) 6*512kB (UME) 3*1024kB (ME) 1*2048kB (M) 366*4096kB (UM) = 1525104kB
[  282.176289][T10447] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  282.197407][T10447] Node 1 Normal: 225*4kB (UME) 74*8kB (UME) 46*16kB (UME) 60*32kB (UME) 15*64kB (UME) 5*128kB (UE) 1*256kB (U) 3*512kB (UME) 1*1024kB (E) 2*2048kB (UE) 947*4096kB (M) = 3891572kB
[  282.219105][T10447] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  282.229000][T10447] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  282.238760][T10447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  282.248595][T10447] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  282.258269][T10447] 43346 total pagecache pages
[  282.263094][T10447] 0 pages in swap cache
[  282.267553][T10447] Free swap  = 124996kB
[  282.271756][T10447] Total swap = 124996kB
[  282.276102][T10447] 2097051 pages RAM
[  282.280280][T10447] 0 pages HighMem/MovableOnly
[  282.285174][T10447] 416138 pages reserved
[  282.289627][T10447] 0 pages cma reserved
[  282.951290][T10462] FAULT_INJECTION: forcing a failure.
[  282.951290][T10462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.966040][T10462] CPU: 1 PID: 10462 Comm: syz.3.1510 Not tainted 6.6.102-syzkaller #0
[  282.974277][T10462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  282.984668][T10462] Call Trace:
[  282.987978][T10462]  <TASK>
[  282.991064][T10462]  dump_stack_lvl+0x16c/0x230
[  282.995943][T10462]  ? show_regs_print_info+0x20/0x20
[  283.001185][T10462]  ? load_image+0x3b0/0x3b0
[  283.005729][T10462]  ? __might_fault+0xaa/0x120
[  283.010420][T10462]  ? __lock_acquire+0x7c80/0x7c80
[  283.015553][T10462]  should_fail_ex+0x39d/0x4d0
[  283.020343][T10462]  _copy_from_iter+0x1d3/0x1290
[  283.025299][T10462]  ? slab_post_alloc_hook+0x8a/0x4d0
[  283.030770][T10462]  ? __virt_addr_valid+0x18c/0x540
[  283.035983][T10462]  ? __lock_acquire+0x7c80/0x7c80
[  283.041028][T10462]  ? rcu_is_watching+0x15/0xb0
[  283.045881][T10462]  ? copyout_mc+0x70/0x70
[  283.050311][T10462]  ? __virt_addr_valid+0x18c/0x540
[  283.055697][T10462]  ? __virt_addr_valid+0x18c/0x540
[  283.061025][T10462]  ? __virt_addr_valid+0x469/0x540
[  283.066199][T10462]  ? __check_object_size+0x506/0xa30
[  283.071712][T10462]  netlink_sendmsg+0x75c/0xbe0
[  283.076612][T10462]  ? netlink_getsockopt+0x580/0x580
[  283.082044][T10462]  ? aa_sock_msg_perm+0x94/0x150
[  283.087354][T10462]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  283.092654][T10462]  ? security_socket_sendmsg+0x80/0xa0
[  283.098213][T10462]  ? netlink_getsockopt+0x580/0x580
[  283.103447][T10462]  ____sys_sendmsg+0x5bf/0x950
[  283.108265][T10462]  ? __asan_memset+0x22/0x40
[  283.112974][T10462]  ? __sys_sendmsg_sock+0x30/0x30
[  283.118107][T10462]  ? __import_iovec+0x5f2/0x860
[  283.123255][T10462]  ? import_iovec+0x73/0xa0
[  283.127878][T10462]  ___sys_sendmsg+0x220/0x290
[  283.132662][T10462]  ? __sys_sendmsg+0x270/0x270
[  283.137462][T10462]  ? __lock_acquire+0x7c80/0x7c80
[  283.142790][T10462]  __se_sys_sendmsg+0x1a5/0x270
[  283.147677][T10462]  ? __x64_sys_sendmsg+0x80/0x80
[  283.152645][T10462]  ? lockdep_hardirqs_on+0x98/0x150
[  283.157918][T10462]  do_syscall_64+0x55/0xb0
[  283.162519][T10462]  ? clear_bhb_loop+0x40/0x90
[  283.167311][T10462]  ? clear_bhb_loop+0x40/0x90
[  283.172000][T10462]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  283.178110][T10462] RIP: 0033:0x7f5108b8ebe9
[  283.182711][T10462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.202717][T10462] RSP: 002b:00007f5109a21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  283.211517][T10462] RAX: ffffffffffffffda RBX: 00007f5108db5fa0 RCX: 00007f5108b8ebe9
[  283.219527][T10462] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  283.227525][T10462] RBP: 00007f5109a21090 R08: 0000000000000000 R09: 0000000000000000
[  283.235683][T10462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.243878][T10462] R13: 00007f5108db6038 R14: 00007f5108db5fa0 R15: 00007ffc57d0ca58
[  283.251978][T10462]  </TASK>
[  284.447468][T10453] __nla_validate_parse: 8 callbacks suppressed
[  284.447489][T10453] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1507'.
[  284.465063][T10460] validate_nla: 12 callbacks suppressed
[  284.465080][T10460] netlink: 'syz.1.1509': attribute type 21 has an invalid length.
[  284.488706][T10460] netlink: 'syz.1.1509': attribute type 1 has an invalid length.
[  284.499743][T10464] netlink: 'syz.3.1511': attribute type 10 has an invalid length.
[  284.723416][T10468] netlink: 'syz.3.1514': attribute type 21 has an invalid length.
[  284.772634][T10468] netlink: 'syz.3.1514': attribute type 1 has an invalid length.
[  284.794345][ T5803] Bluetooth: hci0: ISO packet for unknown connection handle 2063
[  284.856961][T10475] netlink: 'syz.2.1515': attribute type 39 has an invalid length.
[  285.304804][T10490] netlink: 'syz.1.1518': attribute type 10 has an invalid length.
[  285.319093][T10491] netlink: 'syz.0.1519': attribute type 10 has an invalid length.
[  285.336367][T10493] netlink: 'syz.3.1521': attribute type 10 has an invalid length.
[  285.345459][T10493] team0: left promiscuous mode
[  285.351195][T10493] team_slave_0: left promiscuous mode
[  285.356808][T10493] team_slave_1: left promiscuous mode
[  285.387889][T10493] netlink: 'syz.3.1521': attribute type 10 has an invalid length.
[  285.397742][T10493] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1521'.
[  285.408132][T10493] team0: entered promiscuous mode
[  285.413479][T10493] team_slave_0: entered promiscuous mode
[  285.420096][T10493] team_slave_1: entered promiscuous mode
[  285.430465][T10493] 8021q: adding VLAN 0 to HW filter on device team0
[  285.683873][T10503] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1523'.
[  285.954706][T10516] FAULT_INJECTION: forcing a failure.
[  285.954706][T10516] name failslab, interval 1, probability 0, space 0, times 0
[  285.969855][T10516] CPU: 0 PID: 10516 Comm: syz.3.1529 Not tainted 6.6.102-syzkaller #0
[  285.978695][T10516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  285.989156][T10516] Call Trace:
[  285.992460][T10516]  <TASK>
[  285.995399][T10516]  dump_stack_lvl+0x16c/0x230
[  286.000111][T10516]  ? show_regs_print_info+0x20/0x20
[  286.005313][T10516]  ? load_image+0x3b0/0x3b0
[  286.009838][T10516]  ? __might_sleep+0xe0/0xe0
[  286.014435][T10516]  ? __lock_acquire+0x7c80/0x7c80
[  286.019491][T10516]  should_fail_ex+0x39d/0x4d0
[  286.024287][T10516]  should_failslab+0x9/0x20
[  286.029000][T10516]  slab_pre_alloc_hook+0x59/0x310
[  286.034241][T10516]  kmem_cache_alloc+0x5a/0x2e0
[  286.039026][T10516]  ? security_inode_alloc+0x34/0x110
[  286.044374][T10516]  security_inode_alloc+0x34/0x110
[  286.049564][T10516]  inode_init_always+0x8fc/0xc90
[  286.054561][T10516]  ? new_inode_pseudo+0x82/0x1d0
[  286.059751][T10516]  new_inode_pseudo+0x95/0x1d0
[  286.064598][T10516]  new_inode+0x22/0x1b0
[  286.068944][T10516]  ? start_creating+0x1f9/0x310
[  286.073876][T10516]  debugfs_create_dir+0xf3/0x4a0
[  286.078894][T10516]  ieee80211_debugfs_add_netdev+0x123/0xf70
[  286.084932][T10516]  ? link_sta_eht_capa_read+0x25b0/0x25b0
[  286.090757][T10516]  ? ieee80211_setup_sdata+0x9fe/0xc80
[  286.096291][T10516]  ieee80211_if_change_type+0x600/0xa70
[  286.102015][T10516]  ieee80211_change_iface+0x5c/0x4c0
[  286.107558][T10516]  cfg80211_change_iface+0x812/0xf30
[  286.113017][T10516]  cfg80211_wext_siwmode+0x1de/0x2a0
[  286.118374][T10516]  ? cfg80211_wext_giwname+0x30/0x30
[  286.123730][T10516]  ? apparmor_capable+0x137/0x1a0
[  286.128828][T10516]  ? cfg80211_wext_giwname+0x30/0x30
[  286.134436][T10516]  ioctl_standard_call+0xd8/0x2b0
[  286.139603][T10516]  ? cfg80211_wext_giwname+0x30/0x30
[  286.145015][T10516]  wext_ioctl_dispatch+0x1cb/0x5f0
[  286.150176][T10516]  ? wext_ioctl_dispatch+0x5f0/0x5f0
[  286.155604][T10516]  ? iw_handler_get_private+0x1f0/0x1f0
[  286.161295][T10516]  ? wext_handle_ioctl+0x1c0/0x1c0
[  286.166552][T10516]  ? __might_fault+0xaa/0x120
[  286.171368][T10516]  ? __might_fault+0xc6/0x120
[  286.176273][T10516]  ? __might_fault+0xaa/0x120
[  286.181012][T10516]  wext_handle_ioctl+0x108/0x1c0
[  286.186008][T10516]  ? call_commit_handler+0xf0/0xf0
[  286.191287][T10516]  sock_ioctl+0x160/0x7a0
[  286.195775][T10516]  ? sock_poll+0x3d0/0x3d0
[  286.200257][T10516]  ? bpf_lsm_file_ioctl+0x9/0x10
[  286.205247][T10516]  ? security_file_ioctl+0x80/0xa0
[  286.210677][T10516]  ? sock_poll+0x3d0/0x3d0
[  286.215197][T10516]  __se_sys_ioctl+0xfd/0x170
[  286.219854][T10516]  do_syscall_64+0x55/0xb0
[  286.224274][T10516]  ? clear_bhb_loop+0x40/0x90
[  286.228988][T10516]  ? clear_bhb_loop+0x40/0x90
[  286.233713][T10516]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.239631][T10516] RIP: 0033:0x7f5108b8ebe9
[  286.244051][T10516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.263706][T10516] RSP: 002b:00007f5109a21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  286.272359][T10516] RAX: ffffffffffffffda RBX: 00007f5108db5fa0 RCX: 00007f5108b8ebe9
[  286.280555][T10516] RDX: 0000200000000080 RSI: 0000000000008b06 RDI: 0000000000000005
[  286.288549][T10516] RBP: 00007f5109a21090 R08: 0000000000000000 R09: 0000000000000000
[  286.296540][T10516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.304793][T10516] R13: 00007f5108db6038 R14: 00007f5108db5fa0 R15: 00007ffc57d0ca58
[  286.312813][T10516]  </TASK>
[  286.329690][T10516] debugfs: out of free dentries, can not create directory 'netdev:wlan1'
[  286.343929][T10521] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1530'.
[  286.504049][T10521] veth0_vlan: entered allmulticast mode
[  287.064865][T10541] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1536'.
[  287.500946][T10553] netlink: 14546 bytes leftover after parsing attributes in process `syz.1.1540'.
[  287.541319][T10556] FAULT_INJECTION: forcing a failure.
[  287.541319][T10556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.567550][T10556] CPU: 1 PID: 10556 Comm: syz.2.1541 Not tainted 6.6.102-syzkaller #0
[  287.575970][T10556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  287.586177][T10556] Call Trace:
[  287.589517][T10556]  <TASK>
[  287.592508][T10556]  dump_stack_lvl+0x16c/0x230
[  287.597252][T10556]  ? show_regs_print_info+0x20/0x20
[  287.602523][T10556]  ? load_image+0x3b0/0x3b0
[  287.607094][T10556]  ? __might_fault+0xaa/0x120
[  287.611913][T10556]  ? __lock_acquire+0x7c80/0x7c80
[  287.617013][T10556]  should_fail_ex+0x39d/0x4d0
[  287.621952][T10556]  _copy_from_user+0x2f/0xe0
[  287.626613][T10556]  ___sys_sendmsg+0x159/0x290
[  287.631370][T10556]  ? __sys_sendmsg+0x270/0x270
[  287.636348][T10556]  ? __lock_acquire+0x7c80/0x7c80
[  287.641500][T10556]  __se_sys_sendmsg+0x1a5/0x270
[  287.646424][T10556]  ? __x64_sys_sendmsg+0x80/0x80
[  287.651557][T10556]  ? lockdep_hardirqs_on+0x98/0x150
[  287.656834][T10556]  do_syscall_64+0x55/0xb0
[  287.661397][T10556]  ? clear_bhb_loop+0x40/0x90
[  287.666129][T10556]  ? clear_bhb_loop+0x40/0x90
[  287.670864][T10556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  287.676821][T10556] RIP: 0033:0x7f66b618ebe9
[  287.681379][T10556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.701233][T10556] RSP: 002b:00007f66b70d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.709872][T10556] RAX: ffffffffffffffda RBX: 00007f66b63b5fa0 RCX: 00007f66b618ebe9
[  287.717986][T10556] RDX: 0000000020004050 RSI: 0000200000000140 RDI: 0000000000000003
[  287.726130][T10556] RBP: 00007f66b70d8090 R08: 0000000000000000 R09: 0000000000000000
[  287.734257][T10556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.742291][T10556] R13: 00007f66b63b6038 R14: 00007f66b63b5fa0 R15: 00007ffc95841938
[  287.750377][T10556]  </TASK>
[  288.018783][T10570] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1545'.
[  288.103790][T10572] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1553'.
[  288.237771][T10580] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1556'.
[  288.351716][T10584] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1547'.
[  288.563754][T10584] veth0_vlan: entered allmulticast mode
[  289.584156][T10622] validate_nla: 14 callbacks suppressed
[  289.584173][T10622] netlink: 'syz.2.1559': attribute type 10 has an invalid length.
[  290.042153][T10639] FAULT_INJECTION: forcing a failure.
[  290.042153][T10639] name failslab, interval 1, probability 0, space 0, times 0
[  290.067571][T10639] CPU: 0 PID: 10639 Comm: syz.0.1567 Not tainted 6.6.102-syzkaller #0
[  290.075826][T10639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  290.086087][T10639] Call Trace:
[  290.089474][T10639]  <TASK>
[  290.092508][T10639]  dump_stack_lvl+0x16c/0x230
[  290.097295][T10639]  ? show_regs_print_info+0x20/0x20
[  290.102767][T10639]  ? load_image+0x3b0/0x3b0
[  290.107303][T10639]  should_fail_ex+0x39d/0x4d0
[  290.112094][T10639]  should_failslab+0x9/0x20
[  290.116614][T10639]  slab_pre_alloc_hook+0x59/0x310
[  290.121661][T10639]  kmem_cache_alloc_node+0x60/0x330
[  290.126980][T10639]  ? __asan_memcpy+0x40/0x70
[  290.131596][T10639]  ? __alloc_skb+0x108/0x2c0
[  290.136219][T10639]  __alloc_skb+0x108/0x2c0
[  290.140684][T10639]  wireless_send_event+0x536/0xc00
[  290.145823][T10639]  ? wireless_nlevent_flush+0x110/0x110
[  290.151563][T10639]  ioctl_standard_call+0x15e/0x2b0
[  290.156688][T10639]  ? cfg80211_wext_giwname+0x30/0x30
[  290.162026][T10639]  wext_ioctl_dispatch+0x1cb/0x5f0
[  290.167176][T10639]  ? wext_ioctl_dispatch+0x5f0/0x5f0
[  290.172743][T10639]  ? iw_handler_get_private+0x1f0/0x1f0
[  290.178309][T10639]  ? wext_handle_ioctl+0x1c0/0x1c0
[  290.183613][T10639]  ? __might_fault+0xaa/0x120
[  290.188308][T10639]  ? __might_fault+0xc6/0x120
[  290.193001][T10639]  ? __might_fault+0xaa/0x120
[  290.197708][T10639]  wext_handle_ioctl+0x108/0x1c0
[  290.202663][T10639]  ? call_commit_handler+0xf0/0xf0
[  290.207801][T10639]  sock_ioctl+0x160/0x7a0
[  290.212156][T10639]  ? sock_poll+0x3d0/0x3d0
[  290.216598][T10639]  ? bpf_lsm_file_ioctl+0x9/0x10
[  290.221550][T10639]  ? security_file_ioctl+0x80/0xa0
[  290.226679][T10639]  ? sock_poll+0x3d0/0x3d0
[  290.231307][T10639]  __se_sys_ioctl+0xfd/0x170
[  290.236218][T10639]  do_syscall_64+0x55/0xb0
[  290.240681][T10639]  ? clear_bhb_loop+0x40/0x90
[  290.245455][T10639]  ? clear_bhb_loop+0x40/0x90
[  290.250172][T10639]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  290.256097][T10639] RIP: 0033:0x7fe60c38ebe9
[  290.260527][T10639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.280266][T10639] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.288792][T10639] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  290.296777][T10639] RDX: 0000200000000140 RSI: 0000000000008b06 RDI: 0000000000000003
[  290.304946][T10639] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  290.312943][T10639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.320958][T10639] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  290.329068][T10639]  </TASK>
[  290.447744][T10641] netlink: 'syz.1.1568': attribute type 10 has an invalid length.
[  290.535150][T10646] __nla_validate_parse: 2 callbacks suppressed
[  290.535168][T10646] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1570'.
[  291.134760][T10664] netlink: 'syz.1.1576': attribute type 21 has an invalid length.
[  291.151001][T10664] netlink: 'syz.1.1576': attribute type 1 has an invalid length.
[  291.673963][T10659] netlink: 'syz.0.1575': attribute type 10 has an invalid length.
[  291.766447][T10678] netlink: 'syz.3.1580': attribute type 21 has an invalid length.
[  291.776476][T10678] netlink: 'syz.3.1580': attribute type 30 has an invalid length.
[  293.015296][T10693] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1583'.
[  293.576362][T10705] netlink: 'syz.0.1589': attribute type 21 has an invalid length.
[  293.594937][T10705] netlink: 'syz.0.1589': attribute type 1 has an invalid length.
[  293.652344][ T5803] Bluetooth: hci2: unexpected event 0x1d length: 15 > 5
[  294.163379][T10715] netlink: 'syz.3.1591': attribute type 21 has an invalid length.
[  294.524195][T10721] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1594'.
[  294.534513][T10720] team0: left promiscuous mode
[  294.544182][T10720] team_slave_0: left promiscuous mode
[  294.557380][T10720] team_slave_1: left promiscuous mode
[  294.616063][T10720] validate_nla: 2 callbacks suppressed
[  294.616084][T10720] netlink: 'syz.2.1593': attribute type 10 has an invalid length.
[  294.651805][T10720] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1593'.
[  294.675024][T10720] team0: entered promiscuous mode
[  294.690577][T10720] team_slave_0: entered promiscuous mode
[  294.699543][T10720] team_slave_1: entered promiscuous mode
[  294.712985][T10720] 8021q: adding VLAN 0 to HW filter on device team0
[  295.033332][T10730] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1598'.
[  295.618067][T10742] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1604'.
[  295.755273][T10743] netlink: 'syz.1.1603': attribute type 21 has an invalid length.
[  295.836284][T10743] netlink: 'syz.1.1603': attribute type 1 has an invalid length.
[  296.365885][T10749] netlink: 'syz.2.1605': attribute type 10 has an invalid length.
[  296.685500][T10761] netlink: 'syz.0.1609': attribute type 21 has an invalid length.
[  296.696435][T10761] netlink: 'syz.0.1609': attribute type 1 has an invalid length.
[  296.995092][T10776] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1614'.
[  297.291758][T10781] netlink: 'syz.3.1615': attribute type 21 has an invalid length.
[  297.348425][T10781] netlink: 'syz.3.1615': attribute type 1 has an invalid length.
[  297.973787][T10795] netlink: 'syz.2.1619': attribute type 9 has an invalid length.
[  297.985894][T10795] netlink: 49779 bytes leftover after parsing attributes in process `syz.2.1619'.
[  298.422088][T10801] netlink: 'syz.3.1620': attribute type 10 has an invalid length.
[  298.559702][T10807] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1623'.
[  299.056661][T10813] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1626'.
[  299.321837][T10815] netlink: 40227 bytes leftover after parsing attributes in process `syz.0.1627'.
[  299.630797][T10827] validate_nla: 1 callbacks suppressed
[  299.646611][T10827] netlink: 'syz.0.1629': attribute type 21 has an invalid length.
[  299.656752][T10827] netlink: 'syz.0.1629': attribute type 1 has an invalid length.
[  299.807563][T10831] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1633'.
[  300.082378][T10839] netlink: 'syz.2.1634': attribute type 10 has an invalid length.
[  300.599892][T10856] FAULT_INJECTION: forcing a failure.
[  300.599892][T10856] name failslab, interval 1, probability 0, space 0, times 0
[  300.614136][T10856] CPU: 0 PID: 10856 Comm: syz.3.1640 Not tainted 6.6.102-syzkaller #0
[  300.622534][T10856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  300.633155][T10856] Call Trace:
[  300.636471][T10856]  <TASK>
[  300.639438][T10856]  dump_stack_lvl+0x16c/0x230
[  300.644284][T10856]  ? show_regs_print_info+0x20/0x20
[  300.649621][T10856]  ? load_image+0x3b0/0x3b0
[  300.654189][T10856]  ? __might_sleep+0xe0/0xe0
[  300.658820][T10856]  ? __lock_acquire+0x7c80/0x7c80
[  300.663905][T10856]  should_fail_ex+0x39d/0x4d0
[  300.668746][T10856]  should_failslab+0x9/0x20
[  300.673290][T10856]  slab_pre_alloc_hook+0x59/0x310
[  300.678339][T10856]  ? apparmor_sk_alloc_security+0x77/0x100
[  300.684249][T10856]  __kmem_cache_alloc_node+0x53/0x260
[  300.689637][T10856]  ? apparmor_sk_alloc_security+0x77/0x100
[  300.695453][T10856]  kmalloc_trace+0x2a/0xe0
[  300.699980][T10856]  apparmor_sk_alloc_security+0x77/0x100
[  300.705662][T10856]  security_sk_alloc+0x6e/0xa0
[  300.710585][T10856]  sk_prot_alloc+0x101/0x210
[  300.715201][T10856]  ? sk_alloc+0x24/0x360
[  300.719783][T10856]  sk_alloc+0x3a/0x360
[  300.723868][T10856]  ? bpf_ctx_init+0x163/0x1a0
[  300.728657][T10856]  ? bpf_prog_test_run_skb+0x268/0x11c0
[  300.734218][T10856]  bpf_prog_test_run_skb+0x39a/0x11c0
[  300.739832][T10856]  ? __fget_files+0x28/0x4d0
[  300.744472][T10856]  ? cpu_online+0x60/0x60
[  300.749007][T10856]  bpf_prog_test_run+0x321/0x390
[  300.754254][T10856]  __sys_bpf+0x440/0x800
[  300.758510][T10856]  ? bpf_link_show_fdinfo+0x350/0x350
[  300.764009][T10856]  ? lock_chain_count+0x20/0x20
[  300.768970][T10856]  __x64_sys_bpf+0x7c/0x90
[  300.773495][T10856]  do_syscall_64+0x55/0xb0
[  300.778272][T10856]  ? clear_bhb_loop+0x40/0x90
[  300.782965][T10856]  ? clear_bhb_loop+0x40/0x90
[  300.787760][T10856]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  300.793848][T10856] RIP: 0033:0x7f5108b8ebe9
[  300.798277][T10856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.818344][T10856] RSP: 002b:00007f5109a21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  300.827064][T10856] RAX: ffffffffffffffda RBX: 00007f5108db5fa0 RCX: 00007f5108b8ebe9
[  300.835167][T10856] RDX: 0000000000000050 RSI: 0000200000000380 RDI: 000000000000000a
[  300.843163][T10856] RBP: 00007f5109a21090 R08: 0000000000000000 R09: 0000000000000000
[  300.851149][T10856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  300.859303][T10856] R13: 00007f5108db6038 R14: 00007f5108db5fa0 R15: 00007ffc57d0ca58
[  300.867501][T10856]  </TASK>
[  301.096356][T10866] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1644'.
[  301.430285][T10870] netlink: 'syz.2.1645': attribute type 10 has an invalid length.
[  301.460667][T10875] netlink: 'syz.3.1646': attribute type 10 has an invalid length.
[  302.310578][T10900] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1655'.
[  302.351922][T10897] netlink: 'syz.1.1650': attribute type 10 has an invalid length.
[  302.575462][T10910] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1657'.
[  303.261348][T10919] netlink: 'syz.0.1660': attribute type 10 has an invalid length.
[  303.686661][T10933] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  303.699809][T10934] FAULT_INJECTION: forcing a failure.
[  303.699809][T10934] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  303.724922][T10934] CPU: 1 PID: 10934 Comm: syz.0.1664 Not tainted 6.6.102-syzkaller #0
[  303.733348][T10934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  303.743450][T10934] Call Trace:
[  303.747030][T10934]  <TASK>
[  303.750085][T10934]  dump_stack_lvl+0x16c/0x230
[  303.754815][T10934]  ? show_regs_print_info+0x20/0x20
[  303.760078][T10934]  ? load_image+0x3b0/0x3b0
[  303.764651][T10934]  ? __lock_acquire+0x7c80/0x7c80
[  303.769825][T10934]  ? verify_lock_unused+0x140/0x140
[  303.775262][T10934]  should_fail_ex+0x39d/0x4d0
[  303.779997][T10934]  prepare_alloc_pages+0x1e2/0x5f0
[  303.785189][T10934]  __alloc_pages+0x127/0x460
[  303.790036][T10934]  ? zone_statistics+0x170/0x170
[  303.795058][T10934]  ? mt_find+0x13e/0x5b0
[  303.799466][T10934]  ? handle_mm_fault+0xd1/0x4920
[  303.804494][T10934]  __folio_alloc+0x10/0x20
[  303.808975][T10934]  vma_alloc_folio+0x47a/0x8f0
[  303.813804][T10934]  handle_mm_fault+0x1a38/0x4920
[  303.818838][T10934]  ? handle_mm_fault+0xd1/0x4920
[  303.823937][T10934]  ? numa_migrate_prep+0x350/0x350
[  303.829127][T10934]  ? lock_mm_and_find_vma+0x9c/0x300
[  303.834615][T10934]  do_user_addr_fault+0x738/0x12e0
[  303.839811][T10934]  exc_page_fault+0x67/0x110
[  303.844472][T10934]  asm_exc_page_fault+0x26/0x30
[  303.849466][T10934] RIP: 0010:rep_movs_alternative+0x33/0x90
[  303.855321][T10934] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[  303.875395][T10934] RSP: 0018:ffffc900044179d8 EFLAGS: 00050246
[  303.881619][T10934] RAX: 6438356530000001 RBX: 0000000000000008 RCX: 0000000000000008
[  303.890305][T10934] RDX: 0000000000000000 RSI: ffffc90004417ae0 RDI: 0000200000002d40
[  303.898493][T10934] RBP: 0000000000000008 R08: ffffc90004417ae7 R09: 1ffff92000882f5c
[  303.906719][T10934] R10: dffffc0000000000 R11: fffff52000882f5d R12: 0000200000002d48
[  303.914722][T10934] R13: 0000000000000000 R14: 0000200000002d40 R15: ffffc90004417ae0
[  303.922739][T10934]  _copy_to_user+0x85/0xa0
[  303.927383][T10934]  move_addr_to_user+0x146/0x1e0
[  303.932390][T10934]  ____sys_recvmsg+0x310/0x5b0
[  303.937300][T10934]  ? __sys_recvmsg_sock+0x50/0x50
[  303.942566][T10934]  ? import_iovec+0x73/0xa0
[  303.947115][T10934]  ___sys_recvmsg+0x1b6/0x510
[  303.952024][T10934]  ? __sys_recvmsg+0x270/0x270
[  303.956813][T10934]  ? trace_call_bpf+0xc3/0x690
[  303.961723][T10934]  ? trace_call_bpf+0x5ba/0x690
[  303.966916][T10934]  ? __fget_files+0x44a/0x4d0
[  303.971788][T10934]  __x64_sys_recvmsg+0x1f2/0x2c0
[  303.976881][T10934]  ? perf_trace_preemptirq_template+0x281/0x340
[  303.983201][T10934]  ? ___sys_recvmsg+0x510/0x510
[  303.988201][T10934]  ? lockdep_hardirqs_on+0x98/0x150
[  303.993561][T10934]  do_syscall_64+0x55/0xb0
[  303.998006][T10934]  ? clear_bhb_loop+0x40/0x90
[  304.002708][T10934]  ? clear_bhb_loop+0x40/0x90
[  304.007404][T10934]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  304.013361][T10934] RIP: 0033:0x7fe60c38ebe9
[  304.017895][T10934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.037898][T10934] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  304.046347][T10934] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  304.054528][T10934] RDX: 0000000000000000 RSI: 0000200000003040 RDI: 0000000000000005
[  304.062611][T10934] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  304.071040][T10934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.079582][T10934] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  304.087721][T10934]  </TASK>
[  304.256453][T10940] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1665'.
[  304.515006][T10948] netlink: 'syz.0.1667': attribute type 21 has an invalid length.
[  304.526582][T10948] netlink: 'syz.0.1667': attribute type 1 has an invalid length.
[  304.562245][T10943] netlink: 'syz.3.1666': attribute type 10 has an invalid length.
[  305.119134][T10958] netlink: 'syz.0.1668': attribute type 10 has an invalid length.
[  305.435564][T10968] netlink: 'syz.1.1673': attribute type 10 has an invalid length.
[  305.578682][T10974] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1676'.
[  305.831822][T10982] netlink: 'syz.2.1677': attribute type 21 has an invalid length.
[  305.863501][T10982] netlink: 'syz.2.1677': attribute type 1 has an invalid length.
[  306.351682][ T2914] wlan1: Trigger new scan to find an IBSS to join
[  306.583235][T11003] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1685'.
[  306.770881][T11008] veth0_vlan: entered allmulticast mode
[  307.051573][T11011] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  307.069944][T11010] ������: renamed from vlan1
[  307.087285][T11020] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1689'.
[  307.382798][T11027] FAULT_INJECTION: forcing a failure.
[  307.382798][T11027] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  307.399773][T11027] CPU: 1 PID: 11027 Comm: syz.0.1690 Not tainted 6.6.102-syzkaller #0
[  307.408368][T11027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  307.418811][T11027] Call Trace:
[  307.422130][T11027]  <TASK>
[  307.425180][T11027]  dump_stack_lvl+0x16c/0x230
[  307.430070][T11027]  ? show_regs_print_info+0x20/0x20
[  307.435308][T11027]  ? load_image+0x3b0/0x3b0
[  307.439863][T11027]  ? __might_fault+0xaa/0x120
[  307.444669][T11027]  ? __lock_acquire+0x7c80/0x7c80
[  307.449830][T11027]  should_fail_ex+0x39d/0x4d0
[  307.454562][T11027]  _copy_from_user+0x2f/0xe0
[  307.459279][T11027]  sctp_setsockopt+0x19e/0x11e0
[  307.464436][T11027]  ? sock_common_recvmsg+0x1b0/0x1b0
[  307.469939][T11027]  do_sock_setsockopt+0x175/0x1a0
[  307.475005][T11027]  ? __fdget+0x180/0x210
[  307.479305][T11027]  __x64_sys_setsockopt+0x184/0x200
[  307.484762][T11027]  do_syscall_64+0x55/0xb0
[  307.489297][T11027]  ? clear_bhb_loop+0x40/0x90
[  307.494006][T11027]  ? clear_bhb_loop+0x40/0x90
[  307.499378][T11027]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  307.505527][T11027] RIP: 0033:0x7fe60c38ebe9
[  307.510086][T11027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.530010][T11027] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  307.538561][T11027] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  307.546564][T11027] RDX: 0000000000000083 RSI: 0000000000000084 RDI: 0000000000000005
[  307.554570][T11027] RBP: 00007fe60a5f6090 R08: 0000000000000008 R09: 0000000000000000
[  307.562658][T11027] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  307.570842][T11027] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  307.578891][T11027]  </TASK>
[  307.911531][T11037] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1694'.
[  307.988617][T11030] netlink: 'syz.1.1691': attribute type 10 has an invalid length.
[  308.329141][T11050] netlink: 'syz.0.1696': attribute type 21 has an invalid length.
[  308.341824][T11050] netlink: 'syz.0.1696': attribute type 1 has an invalid length.
[  308.656894][T11056] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1698'.
[  308.917821][T11062] netlink: 'syz.3.1700': attribute type 10 has an invalid length.
[  309.134587][T11068] Q�6��\b��Y�4��: renamed from lo (while UP)
[  309.234635][T11070] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1703'.
[  309.387398][ T1093] wlan1: Trigger new scan to find an IBSS to join
[  309.421636][T11075] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  310.129623][T11083] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1706'.
[  310.347318][  T135] wlan1: Trigger new scan to find an IBSS to join
[  310.393801][T11087] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1708'.
[  310.611433][T11094] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1712'.
[  310.678749][T11095] netlink: 'syz.1.1710': attribute type 21 has an invalid length.
[  310.735031][T11095] netlink: 'syz.1.1710': attribute type 1 has an invalid length.
[  310.830861][T11100] C: renamed from team_slave_0 (while UP)
[  310.843728][T11100] netlink: 'syz.3.1713': attribute type 8 has an invalid length.
[  310.856654][T11100] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  310.900402][T11100] netlink: 'syz.3.1713': attribute type 10 has an invalid length.
[  310.939002][T11100] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  310.946918][T11100] team0: Port device wlan1 added
[  310.979676][T11099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  311.854081][T11119] netlink: 'syz.2.1719': attribute type 39 has an invalid length.
[  312.158857][T11122] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1720'.
[  312.271750][T11124] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1721'.
[  312.361384][ T1093] wlan1: Creating new IBSS network, BSSID 0a:ec:b4:bb:1e:a0
[  312.615921][T11130] netlink: 'syz.1.1722': attribute type 10 has an invalid length.
[  312.671128][T11128] netlink: 'syz.2.1723': attribute type 21 has an invalid length.
[  312.680555][T11128] netlink: 'syz.2.1723': attribute type 1 has an invalid length.
[  312.863010][T11136] netlink: 'syz.3.1725': attribute type 21 has an invalid length.
[  312.881038][T11136] netlink: 'syz.3.1725': attribute type 1 has an invalid length.
[  312.951949][T11142] syz.1.1726[11142] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  312.952110][T11142] syz.1.1726[11142] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  313.261657][T11147] C: renamed from team_slave_0 (while UP)
[  313.285197][T11147] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  313.358199][T11147] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode
[  313.378444][T11147] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  313.390067][T11147] team0: Port device wlan1 added
[  313.399015][  T135] wlan1: Trigger new scan to find an IBSS to join
[  313.437612][T11146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  313.609964][T11152] FAULT_INJECTION: forcing a failure.
[  313.609964][T11152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  313.623633][T11152] CPU: 0 PID: 11152 Comm: syz.2.1730 Not tainted 6.6.102-syzkaller #0
[  313.631940][T11152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  313.642121][T11152] Call Trace:
[  313.645426][T11152]  <TASK>
[  313.648393][T11152]  dump_stack_lvl+0x16c/0x230
[  313.653316][T11152]  ? show_regs_print_info+0x20/0x20
[  313.658576][T11152]  ? load_image+0x3b0/0x3b0
[  313.663212][T11152]  ? __might_fault+0xaa/0x120
[  313.668003][T11152]  ? __lock_acquire+0x7c80/0x7c80
[  313.673064][T11152]  should_fail_ex+0x39d/0x4d0
[  313.677881][T11152]  _copy_to_user+0x2f/0xa0
[  313.682336][T11152]  bpf_obj_get_info_by_fd+0x2843/0x2d90
[  313.687949][T11152]  ? bpf_map_get_fd_by_id+0x310/0x310
[  313.693353][T11152]  ? __might_fault+0xaa/0x120
[  313.698078][T11152]  ? perf_trace_lock+0xf7/0x380
[  313.703067][T11152]  ? trace_event_raw_event_lock+0x230/0x230
[  313.709079][T11152]  ? file_end_write+0x159/0x250
[  313.714085][T11152]  ? __might_fault+0xaa/0x120
[  313.718788][T11152]  ? __might_fault+0xc6/0x120
[  313.723480][T11152]  ? __might_fault+0xaa/0x120
[  313.728181][T11152]  ? bpf_lsm_bpf+0x9/0x10
[  313.732568][T11152]  ? security_bpf+0x7e/0xa0
[  313.737141][T11152]  __sys_bpf+0x781/0x800
[  313.741440][T11152]  ? bpf_link_show_fdinfo+0x350/0x350
[  313.746896][T11152]  ? lock_chain_count+0x20/0x20
[  313.751824][T11152]  __x64_sys_bpf+0x7c/0x90
[  313.756367][T11152]  do_syscall_64+0x55/0xb0
[  313.760810][T11152]  ? clear_bhb_loop+0x40/0x90
[  313.765509][T11152]  ? clear_bhb_loop+0x40/0x90
[  313.770231][T11152]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  313.776157][T11152] RIP: 0033:0x7f66b618ebe9
[  313.780604][T11152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.800347][T11152] RSP: 002b:00007f66b70d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  313.808801][T11152] RAX: ffffffffffffffda RBX: 00007f66b63b5fa0 RCX: 00007f66b618ebe9
[  313.816795][T11152] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000f
[  313.824966][T11152] RBP: 00007f66b70d8090 R08: 0000000000000000 R09: 0000000000000000
[  313.833071][T11152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.841182][T11152] R13: 00007f66b63b6038 R14: 00007f66b63b5fa0 R15: 00007ffc95841938
[  313.849338][T11152]  </TASK>
[  313.947700][T11154] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1731'.
[  314.720912][T11175] C: renamed from team_slave_0 (while UP)
[  314.732104][T11175] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  314.773117][T11176] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  314.792068][T11176] team0: Port device wlan1 added
[  314.867770][T11174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  315.027260][T11184] syz.2.1741[11184] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  315.027578][T11184] syz.2.1741[11184] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  315.152389][T11189] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1743'.
[  315.401955][T11186] IPv6: Can't replace route, no match found
[  315.474747][ T8040] wlan1: Creating new IBSS network, BSSID 72:9f:cc:95:29:d8
[  315.661919][T11186] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1742'.
[  315.694796][T11194] validate_nla: 8 callbacks suppressed
[  315.694833][T11194] netlink: 'syz.1.1745': attribute type 21 has an invalid length.
[  315.726726][T11194] netlink: 'syz.1.1745': attribute type 1 has an invalid length.
[  316.252092][T11207] netlink: 'syz.0.1747': attribute type 10 has an invalid length.
[  316.688286][T11221] netlink: 'syz.1.1751': attribute type 21 has an invalid length.
[  316.745048][T11221] netlink: 'syz.1.1751': attribute type 1 has an invalid length.
[  317.273867][T11226] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1753'.
[  317.309587][ T1093] wlan1: Trigger new scan to find an IBSS to join
[  317.685587][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  317.692156][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  318.134075][T11248] netlink: 'syz.0.1759': attribute type 21 has an invalid length.
[  318.163526][T11248] netlink: 'syz.0.1759': attribute type 1 has an invalid length.
[  318.257766][T11252] netlink: 'syz.2.1762': attribute type 21 has an invalid length.
[  318.274575][T11252] netlink: 'syz.2.1762': attribute type 1 has an invalid length.
[  318.426050][T11253] netlink: 'syz.3.1761': attribute type 39 has an invalid length.
[  318.788684][T11261] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1764'.
[  318.975741][T11265] IPv6: Can't replace route, no match found
[  319.058412][T11265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1765'.
[  320.413028][T11288] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1775'.
[  321.029276][T11298] netlink: 14546 bytes leftover after parsing attributes in process `syz.1.1778'.
[  321.264332][T11301] IPv6: Can't replace route, no match found
[  321.342216][T11301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1779'.
[  321.387103][ T8048] wlan1: Trigger new scan to find an IBSS to join
[  321.427897][ T8048] wlan1: Creating new IBSS network, BSSID 96:b2:63:40:47:27
[  321.445106][T11306] validate_nla: 1 callbacks suppressed
[  321.445125][T11306] netlink: 'syz.1.1780': attribute type 10 has an invalid length.
[  321.504294][T11308] netlink: 'syz.3.1781': attribute type 21 has an invalid length.
[  321.515278][T11308] netlink: 'syz.3.1781': attribute type 1 has an invalid length.
[  321.646564][T11314] netlink: 'syz.2.1783': attribute type 39 has an invalid length.
[  321.791239][T11319] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1785'.
[  322.205116][T11328] netlink: 'syz.2.1788': attribute type 21 has an invalid length.
[  322.214853][T11328] netlink: 'syz.2.1788': attribute type 1 has an invalid length.
[  322.519368][T11334] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1791'.
[  322.884388][T11341] netlink: 183676 bytes leftover after parsing attributes in process `syz.3.1794'.
[  322.973666][T11342] netlink: 'syz.3.1794': attribute type 10 has an invalid length.
[  323.006712][T11341] netlink: del zone limit has 4 unknown bytes
[  323.084020][T11344] IPv6: Can't replace route, no match found
[  323.187314][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1793'.
[  323.358124][T11349] netlink: 'syz.2.1796': attribute type 39 has an invalid length.
[  323.634023][T11357] netlink: 'syz.3.1798': attribute type 10 has an invalid length.
[  324.313477][T11379] netlink: 'syz.2.1804': attribute type 10 has an invalid length.
[  325.392299][T11404] netlink: 183676 bytes leftover after parsing attributes in process `syz.1.1814'.
[  325.501562][T11404] netlink: del zone limit has 4 unknown bytes
[  326.891016][T11444] validate_nla: 8 callbacks suppressed
[  326.891055][T11444] netlink: 'syz.2.1826': attribute type 21 has an invalid length.
[  326.911653][T11444] netlink: 'syz.2.1826': attribute type 1 has an invalid length.
[  327.491490][T11454] netlink: 183676 bytes leftover after parsing attributes in process `syz.0.1828'.
[  327.565358][T11454] netlink: del zone limit has 4 unknown bytes
[  327.749220][T11454] netlink: 'syz.0.1828': attribute type 10 has an invalid length.
[  328.005239][T11470] netlink: 'syz.1.1839': attribute type 21 has an invalid length.
[  328.017121][T11470] netlink: 'syz.1.1839': attribute type 1 has an invalid length.
[  328.494129][T11478] netlink: 'syz.0.1834': attribute type 10 has an invalid length.
[  329.227957][T11489] netlink: 'syz.2.1838': attribute type 10 has an invalid length.
[  329.478110][T11503] netlink: 'syz.3.1842': attribute type 21 has an invalid length.
[  329.511317][T11503] netlink: 'syz.3.1842': attribute type 1 has an invalid length.
[  329.934378][T11511] netlink: 183676 bytes leftover after parsing attributes in process `syz.2.1843'.
[  329.966496][T11511] netlink: del zone limit has 4 unknown bytes
[  330.056555][T11507] netlink: 'syz.2.1843': attribute type 10 has an invalid length.
[  330.837418][T11537] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1852'.
[  331.623607][T11554] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1861'.
[  331.977940][T11561] validate_nla: 10 callbacks suppressed
[  331.977962][T11561] netlink: 'syz.3.1863': attribute type 39 has an invalid length.
[  332.263159][T11568] netlink: 'syz.3.1865': attribute type 10 has an invalid length.
[  332.391462][T11568] netlink: 'syz.3.1865': attribute type 10 has an invalid length.
[  332.482213][T11568] netlink: 'syz.3.1865': attribute type 29 has an invalid length.
[  332.577409][T11577] netlink: 'syz.0.1867': attribute type 21 has an invalid length.
[  332.586596][T11577] netlink: 'syz.0.1867': attribute type 1 has an invalid length.
[  332.596993][T11568] netlink: 'syz.3.1865': attribute type 29 has an invalid length.
[  332.905898][T11585] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1871'.
[  333.052424][T11589] netlink: 'syz.2.1873': attribute type 39 has an invalid length.
[  333.172679][T11593] netlink: 'syz.3.1875': attribute type 21 has an invalid length.
[  333.190308][T11593] netlink: 'syz.3.1875': attribute type 1 has an invalid length.
[  333.873333][T11614] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1881'.
[  334.620417][T11637] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1890'.
[  334.732178][T11640] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1891'.
[  335.236342][T11657] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1899'.
[  335.300319][T11660] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1900'.
[  335.471968][T11666] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1910'.
[  336.245442][T11687] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.1911'.
[  336.367651][T11693] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.1915'.
[  336.478884][T11697] batman_adv: batadv0: Adding interface: wlan0
[  336.487753][T11697] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.520771][T11697] batman_adv: batadv0: Interface activated: wlan0
[  337.184663][T11718] netlink: 14546 bytes leftover after parsing attributes in process `syz.1.1923'.
[  337.313400][T11720] validate_nla: 19 callbacks suppressed
[  337.313419][T11720] netlink: 'syz.1.1924': attribute type 10 has an invalid length.
[  337.335781][T11722] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1925'.
[  337.878046][T11739] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.1932'.
[  337.895856][T11740] netlink: 'syz.1.1933': attribute type 21 has an invalid length.
[  337.904335][T11740] netlink: 'syz.1.1933': attribute type 1 has an invalid length.
[  337.954741][T11742] netlink: 'syz.3.1935': attribute type 10 has an invalid length.
[  338.036143][T11744] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1934'.
[  338.281751][T11754] netlink: 'syz.3.1937': attribute type 21 has an invalid length.
[  338.312460][T11754] netlink: 'syz.3.1937': attribute type 1 has an invalid length.
[  338.335268][T11755] netlink: 'syz.2.1938': attribute type 21 has an invalid length.
[  338.365913][T11758] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1946'.
[  338.375572][T11755] netlink: 'syz.2.1938': attribute type 1 has an invalid length.
[  339.701041][T11784] netlink: 'syz.3.1947': attribute type 10 has an invalid length.
[  339.880116][T11791] netlink: 'syz.3.1949': attribute type 21 has an invalid length.
[  341.306731][T11836] __nla_validate_parse: 1 callbacks suppressed
[  341.306750][T11836] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1969'.
[  342.357587][T11867] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.1972'.
[  342.676860][T11874] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1973'.
[  342.697998][T11871] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1973'.
[  343.155965][T11890] validate_nla: 7 callbacks suppressed
[  343.155981][T11890] netlink: 'syz.2.1980': attribute type 10 has an invalid length.
[  343.225746][T11895] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1983'.
[  343.985647][T11905] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  344.071109][T11910] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  344.103544][T11907] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1986'.
[  344.890685][T11931] netlink: 'syz.2.1993': attribute type 10 has an invalid length.
[  345.070599][T11939] netlink: 'syz.3.1996': attribute type 39 has an invalid length.
[  345.861749][T11966] netlink: 'syz.3.2004': attribute type 21 has an invalid length.
[  345.900878][T11966] netlink: 'syz.3.2004': attribute type 1 has an invalid length.
[  346.001674][T11965] netlink: 'syz.1.2005': attribute type 10 has an invalid length.
[  346.399942][T11974] netlink: 'syz.2.2007': attribute type 10 has an invalid length.
[  346.915834][T11992] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.2013'.
[  347.220392][T11998] netlink: 'syz.2.2016': attribute type 39 has an invalid length.
[  347.271247][T12002] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.2024'.
[  347.801721][T12012] netlink: 'syz.2.2018': attribute type 21 has an invalid length.
[  347.827893][T12012] netlink: 'syz.2.2018': attribute type 1 has an invalid length.
[  348.244901][T12022] validate_nla: 1 callbacks suppressed
[  348.244920][T12022] netlink: 'syz.0.2022': attribute type 10 has an invalid length.
[  348.479974][T12028] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.2028'.
[  348.506825][T12033] netlink: 'syz.1.2027': attribute type 10 has an invalid length.
[  348.547924][T12033] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2027'.
[  348.735174][T12044] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2031'.
[  348.769460][T12044] caif0: entered promiscuous mode
[  348.774719][T12044] caif0: entered allmulticast mode
[  349.166635][T12055] netlink: 'syz.2.2034': attribute type 39 has an invalid length.
[  349.383989][T12061] netlink: 'syz.2.2037': attribute type 21 has an invalid length.
[  349.409190][T12061] netlink: 'syz.2.2037': attribute type 1 has an invalid length.
[  349.759782][T12067] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.2040'.
[  349.785602][T12063] netlink: 'syz.1.2039': attribute type 10 has an invalid length.
[  349.989544][T12071] netlink: 'syz.2.2041': attribute type 4 has an invalid length.
[  350.004024][T12071] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2041'.
[  350.028896][T12071] : renamed from bond0 (while UP)
[  350.493155][T12081] netlink: 'syz.1.2043': attribute type 10 has an invalid length.
[  350.713690][T12093] netlink: 'syz.3.2046': attribute type 39 has an invalid length.
[  350.874088][T12098] FAULT_INJECTION: forcing a failure.
[  350.874088][T12098] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  350.887876][T12098] CPU: 1 PID: 12098 Comm: syz.0.2047 Not tainted 6.6.102-syzkaller #0
[  350.896435][T12098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  350.906534][T12098] Call Trace:
[  350.909838][T12098]  <TASK>
[  350.912863][T12098]  dump_stack_lvl+0x16c/0x230
[  350.917832][T12098]  ? show_regs_print_info+0x20/0x20
[  350.923064][T12098]  ? load_image+0x3b0/0x3b0
[  350.927596][T12098]  ? __might_fault+0xaa/0x120
[  350.932308][T12098]  ? __lock_acquire+0x7c80/0x7c80
[  350.937394][T12098]  should_fail_ex+0x39d/0x4d0
[  350.942115][T12098]  _copy_from_iter+0x1d3/0x1290
[  350.947012][T12098]  ? slab_post_alloc_hook+0x8a/0x4d0
[  350.952327][T12098]  ? __virt_addr_valid+0x18c/0x540
[  350.957645][T12098]  ? __lock_acquire+0x7c80/0x7c80
[  350.962701][T12098]  ? rcu_is_watching+0x15/0xb0
[  350.967486][T12098]  ? copyout_mc+0x70/0x70
[  350.972011][T12098]  ? __virt_addr_valid+0x18c/0x540
[  350.977222][T12098]  ? __virt_addr_valid+0x18c/0x540
[  350.982357][T12098]  ? __virt_addr_valid+0x469/0x540
[  350.987483][T12098]  ? __check_object_size+0x506/0xa30
[  350.992805][T12098]  netlink_sendmsg+0x75c/0xbe0
[  350.997597][T12098]  ? netlink_getsockopt+0x580/0x580
[  351.002897][T12098]  ? aa_sock_msg_perm+0x94/0x150
[  351.007954][T12098]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  351.013271][T12098]  ? security_socket_sendmsg+0x80/0xa0
[  351.018743][T12098]  ? netlink_getsockopt+0x580/0x580
[  351.024015][T12098]  ____sys_sendmsg+0x5bf/0x950
[  351.028900][T12098]  ? __asan_memset+0x22/0x40
[  351.033504][T12098]  ? __sys_sendmsg_sock+0x30/0x30
[  351.038538][T12098]  ? __import_iovec+0x5f2/0x860
[  351.043412][T12098]  ? import_iovec+0x73/0xa0
[  351.047936][T12098]  ___sys_sendmsg+0x220/0x290
[  351.052724][T12098]  ? __sys_sendmsg+0x270/0x270
[  351.057562][T12098]  ? __lock_acquire+0x7c80/0x7c80
[  351.062637][T12098]  __se_sys_sendmsg+0x1a5/0x270
[  351.067508][T12098]  ? __x64_sys_sendmsg+0x80/0x80
[  351.072480][T12098]  ? lockdep_hardirqs_on+0x98/0x150
[  351.077789][T12098]  do_syscall_64+0x55/0xb0
[  351.082237][T12098]  ? clear_bhb_loop+0x40/0x90
[  351.086936][T12098]  ? clear_bhb_loop+0x40/0x90
[  351.091629][T12098]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  351.097546][T12098] RIP: 0033:0x7fe60c38ebe9
[  351.101980][T12098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.121605][T12098] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.130039][T12098] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  351.138038][T12098] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  351.146105][T12098] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  351.154260][T12098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.162242][T12098] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  351.170242][T12098]  </TASK>
[  351.276617][T12100] netlink: 'syz.1.2049': attribute type 21 has an invalid length.
[  351.314419][T12102] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.2050'.
[  353.494640][T12153] validate_nla: 7 callbacks suppressed
[  353.494658][T12153] netlink: 'syz.3.2064': attribute type 10 has an invalid length.
[  353.646826][T12158] netlink: 'syz.2.2066': attribute type 39 has an invalid length.
[  354.766424][T12189] netlink: 'syz.1.2076': attribute type 39 has an invalid length.
[  354.860288][T12192] netlink: 'syz.3.2075': attribute type 21 has an invalid length.
[  354.872761][T12192] netlink: 'syz.3.2075': attribute type 1 has an invalid length.
[  355.465750][T12211] FAULT_INJECTION: forcing a failure.
[  355.465750][T12211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.486623][T12211] CPU: 0 PID: 12211 Comm: syz.0.2082 Not tainted 6.6.102-syzkaller #0
[  355.495052][T12211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  355.505145][T12211] Call Trace:
[  355.508618][T12211]  <TASK>
[  355.511591][T12211]  dump_stack_lvl+0x16c/0x230
[  355.516543][T12211]  ? show_regs_print_info+0x20/0x20
[  355.521745][T12211]  ? load_image+0x3b0/0x3b0
[  355.526277][T12211]  ? __might_fault+0xaa/0x120
[  355.531068][T12211]  ? __lock_acquire+0x7c80/0x7c80
[  355.536209][T12211]  should_fail_ex+0x39d/0x4d0
[  355.540925][T12211]  _copy_from_iter+0x1d3/0x1290
[  355.545829][T12211]  ? slab_post_alloc_hook+0x8a/0x4d0
[  355.551237][T12211]  ? __virt_addr_valid+0x18c/0x540
[  355.556389][T12211]  ? __lock_acquire+0x7c80/0x7c80
[  355.561555][T12211]  ? rcu_is_watching+0x15/0xb0
[  355.566382][T12211]  ? copyout_mc+0x70/0x70
[  355.570742][T12211]  ? __virt_addr_valid+0x18c/0x540
[  355.575973][T12211]  ? __virt_addr_valid+0x18c/0x540
[  355.581214][T12211]  ? __virt_addr_valid+0x469/0x540
[  355.586436][T12211]  ? __check_object_size+0x506/0xa30
[  355.591845][T12211]  netlink_sendmsg+0x75c/0xbe0
[  355.596638][T12211]  ? netlink_getsockopt+0x580/0x580
[  355.601897][T12211]  ? aa_sock_msg_perm+0x94/0x150
[  355.606905][T12211]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  355.612229][T12211]  ? security_socket_sendmsg+0x80/0xa0
[  355.617807][T12211]  ? netlink_getsockopt+0x580/0x580
[  355.623129][T12211]  ____sys_sendmsg+0x5bf/0x950
[  355.627944][T12211]  ? __asan_memset+0x22/0x40
[  355.632554][T12211]  ? __sys_sendmsg_sock+0x30/0x30
[  355.637590][T12211]  ? __import_iovec+0x5f2/0x860
[  355.642484][T12211]  ? import_iovec+0x73/0xa0
[  355.647118][T12211]  ___sys_sendmsg+0x220/0x290
[  355.651940][T12211]  ? __sys_sendmsg+0x270/0x270
[  355.656767][T12211]  ? __lock_acquire+0x7c80/0x7c80
[  355.661835][T12211]  __se_sys_sendmsg+0x1a5/0x270
[  355.666711][T12211]  ? __x64_sys_sendmsg+0x80/0x80
[  355.671677][T12211]  ? lockdep_hardirqs_on+0x98/0x150
[  355.676997][T12211]  do_syscall_64+0x55/0xb0
[  355.681421][T12211]  ? clear_bhb_loop+0x40/0x90
[  355.686102][T12211]  ? clear_bhb_loop+0x40/0x90
[  355.690896][T12211]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  355.696894][T12211] RIP: 0033:0x7fe60c38ebe9
[  355.701508][T12211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.721677][T12211] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.730312][T12211] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  355.738412][T12211] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  355.746511][T12211] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  355.754882][T12211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.762870][T12211] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  355.770961][T12211]  </TASK>
[  356.125159][T12222] netlink: 'syz.3.2086': attribute type 39 has an invalid length.
[  356.683365][T12239] netlink: 'syz.3.2093': attribute type 21 has an invalid length.
[  356.751772][T12239] netlink: 14565 bytes leftover after parsing attributes in process `syz.3.2093'.
[  356.863037][T12245] netlink: 'syz.0.2094': attribute type 21 has an invalid length.
[  356.874908][T12245] netlink: 'syz.0.2094': attribute type 1 has an invalid length.
[  357.342687][T12253] netlink: 'syz.2.2097': attribute type 10 has an invalid length.
[  359.359332][T12319] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.2121'.
[  360.310083][T12336] validate_nla: 2 callbacks suppressed
[  360.310102][T12336] netlink: 'syz.3.2127': attribute type 21 has an invalid length.
[  360.326168][T12336] netlink: 'syz.3.2127': attribute type 1 has an invalid length.
[  360.778013][T12349] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.2132'.
[  363.993985][T12414] FAULT_INJECTION: forcing a failure.
[  363.993985][T12414] name failslab, interval 1, probability 0, space 0, times 0
[  364.043732][T12414] CPU: 1 PID: 12414 Comm: syz.2.2153 Not tainted 6.6.102-syzkaller #0
[  364.051973][T12414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  364.062239][T12414] Call Trace:
[  364.065613][T12414]  <TASK>
[  364.068604][T12414]  dump_stack_lvl+0x16c/0x230
[  364.073340][T12414]  ? show_regs_print_info+0x20/0x20
[  364.078573][T12414]  ? load_image+0x3b0/0x3b0
[  364.083132][T12414]  ? __might_sleep+0xe0/0xe0
[  364.087757][T12414]  ? __lock_acquire+0x7c80/0x7c80
[  364.092837][T12414]  should_fail_ex+0x39d/0x4d0
[  364.097669][T12414]  should_failslab+0x9/0x20
[  364.102227][T12414]  slab_pre_alloc_hook+0x59/0x310
[  364.107383][T12414]  ? rtnl_newlink+0xeb/0x2020
[  364.112107][T12414]  __kmem_cache_alloc_node+0x53/0x260
[  364.117517][T12414]  ? rtnl_newlink+0xeb/0x2020
[  364.122228][T12414]  kmalloc_trace+0x2a/0xe0
[  364.126688][T12414]  rtnl_newlink+0xeb/0x2020
[  364.131405][T12414]  ? arch_stack_walk+0x160/0x190
[  364.136484][T12414]  ? __mutex_trylock_common+0x153/0x250
[  364.142064][T12414]  ? rtnl_setlink+0x4b0/0x4b0
[  364.146776][T12414]  ? trace_raw_output_contention_end+0xd0/0xd0
[  364.153003][T12414]  ? rcu_is_watching+0x15/0xb0
[  364.157828][T12414]  ? trace_contention_end+0x39/0xe0
[  364.163082][T12414]  ? __mutex_lock+0x304/0xcc0
[  364.167902][T12414]  ? rtnetlink_rcv_msg+0x76f/0xf10
[  364.173070][T12414]  ? mutex_lock_nested+0x20/0x20
[  364.178057][T12414]  ? rtnl_setlink+0x4b0/0x4b0
[  364.182902][T12414]  rtnetlink_rcv_msg+0x7c7/0xf10
[  364.187968][T12414]  ? __dev_queue_xmit+0x245/0x35a0
[  364.193127][T12414]  ? rtnetlink_rcv_msg+0x1eb/0xf10
[  364.198302][T12414]  ? rtnetlink_bind+0x80/0x80
[  364.203143][T12414]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  364.209432][T12414]  ? __dev_queue_xmit+0x245/0x35a0
[  364.214603][T12414]  ? lock_chain_count+0x20/0x20
[  364.219509][T12414]  ? __local_bh_enable_ip+0x12e/0x1c0
[  364.224934][T12414]  ? lockdep_hardirqs_on+0x98/0x150
[  364.230184][T12414]  ? __local_bh_enable_ip+0x12e/0x1c0
[  364.235602][T12414]  ? _local_bh_enable+0xa0/0xa0
[  364.240510][T12414]  ? __dev_queue_xmit+0x245/0x35a0
[  364.245678][T12414]  ? __dev_queue_xmit+0x1449/0x35a0
[  364.250938][T12414]  ? __dev_queue_xmit+0x245/0x35a0
[  364.256095][T12414]  ? netlink_deliver_tap+0x2e/0x1b0
[  364.261534][T12414]  ? perf_trace_lock+0xf7/0x380
[  364.266615][T12414]  ? __copy_skb_header+0xa7/0x550
[  364.271798][T12414]  netlink_rcv_skb+0x216/0x480
[  364.276684][T12414]  ? rtnetlink_bind+0x80/0x80
[  364.281414][T12414]  ? netlink_ack+0x1110/0x1110
[  364.286242][T12414]  ? __lock_acquire+0x7c80/0x7c80
[  364.291321][T12414]  ? netlink_deliver_tap+0x2e/0x1b0
[  364.296700][T12414]  netlink_unicast+0x751/0x8d0
[  364.301542][T12414]  netlink_sendmsg+0x8c1/0xbe0
[  364.306345][T12414]  ? netlink_getsockopt+0x580/0x580
[  364.311595][T12414]  ? aa_sock_msg_perm+0x94/0x150
[  364.316592][T12414]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  364.322028][T12414]  ? security_socket_sendmsg+0x80/0xa0
[  364.327544][T12414]  ? netlink_getsockopt+0x580/0x580
[  364.332877][T12414]  ____sys_sendmsg+0x5bf/0x950
[  364.337819][T12414]  ? __asan_memset+0x22/0x40
[  364.342634][T12414]  ? __sys_sendmsg_sock+0x30/0x30
[  364.347703][T12414]  ? __import_iovec+0x5f2/0x860
[  364.352609][T12414]  ? import_iovec+0x73/0xa0
[  364.357173][T12414]  ___sys_sendmsg+0x220/0x290
[  364.362003][T12414]  ? __sys_sendmsg+0x270/0x270
[  364.366847][T12414]  ? __lock_acquire+0x7c80/0x7c80
[  364.371956][T12414]  __se_sys_sendmsg+0x1a5/0x270
[  364.377030][T12414]  ? __x64_sys_sendmsg+0x80/0x80
[  364.382120][T12414]  ? lockdep_hardirqs_on+0x98/0x150
[  364.387379][T12414]  do_syscall_64+0x55/0xb0
[  364.391927][T12414]  ? clear_bhb_loop+0x40/0x90
[  364.396648][T12414]  ? clear_bhb_loop+0x40/0x90
[  364.401468][T12414]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  364.407644][T12414] RIP: 0033:0x7f66b618ebe9
[  364.412109][T12414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.431881][T12414] RSP: 002b:00007f66b70d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  364.440609][T12414] RAX: ffffffffffffffda RBX: 00007f66b63b5fa0 RCX: 00007f66b618ebe9
[  364.448795][T12414] RDX: 0000000060044884 RSI: 0000200000000000 RDI: 0000000000000003
[  364.457343][T12414] RBP: 00007f66b70d8090 R08: 0000000000000000 R09: 0000000000000000
[  364.465455][T12414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.473489][T12414] R13: 00007f66b63b6038 R14: 00007f66b63b5fa0 R15: 00007ffc95841938
[  364.481720][T12414]  </TASK>
[  364.513894][T12418] netlink: 'syz.3.2154': attribute type 21 has an invalid length.
[  364.522882][T12418] netlink: 'syz.3.2154': attribute type 1 has an invalid length.
[  365.204060][T12457] netlink: 'syz.2.2166': attribute type 4 has an invalid length.
[  365.224272][T12457] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2166'.
[  365.241600][T12457] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  365.402141][T12460] netlink: 'syz.2.2167': attribute type 39 has an invalid length.
[  365.606875][T12467] netlink: 'syz.1.2170': attribute type 21 has an invalid length.
[  365.618989][T12467] netlink: 'syz.1.2170': attribute type 1 has an invalid length.
[  366.084948][T12472] FAULT_INJECTION: forcing a failure.
[  366.084948][T12472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  366.098684][T12472] CPU: 1 PID: 12472 Comm: syz.0.2172 Not tainted 6.6.102-syzkaller #0
[  366.107162][T12472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  366.117421][T12472] Call Trace:
[  366.120723][T12472]  <TASK>
[  366.123662][T12472]  dump_stack_lvl+0x16c/0x230
[  366.128368][T12472]  ? show_regs_print_info+0x20/0x20
[  366.133706][T12472]  ? load_image+0x3b0/0x3b0
[  366.138260][T12472]  ? __might_fault+0xaa/0x120
[  366.143206][T12472]  ? __lock_acquire+0x7c80/0x7c80
[  366.148352][T12472]  should_fail_ex+0x39d/0x4d0
[  366.153070][T12472]  _copy_from_user+0x2f/0xe0
[  366.157753][T12472]  __tun_chr_ioctl+0x203/0x1fd0
[  366.163138][T12472]  ? tun_flow_create+0x310/0x310
[  366.168245][T12472]  ? bpf_lsm_file_ioctl+0x9/0x10
[  366.173209][T12472]  ? security_file_ioctl+0x80/0xa0
[  366.178325][T12472]  ? tun_chr_poll+0x630/0x630
[  366.183006][T12472]  __se_sys_ioctl+0xfd/0x170
[  366.187625][T12472]  do_syscall_64+0x55/0xb0
[  366.192168][T12472]  ? clear_bhb_loop+0x40/0x90
[  366.196859][T12472]  ? clear_bhb_loop+0x40/0x90
[  366.201551][T12472]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  366.207491][T12472] RIP: 0033:0x7fe60c38ebe9
[  366.212214][T12472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.232203][T12472] RSP: 002b:00007fe60a5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  366.240830][T12472] RAX: ffffffffffffffda RBX: 00007fe60c5b5fa0 RCX: 00007fe60c38ebe9
[  366.248917][T12472] RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000004
[  366.257141][T12472] RBP: 00007fe60a5f6090 R08: 0000000000000000 R09: 0000000000000000
[  366.265149][T12472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  366.273165][T12472] R13: 00007fe60c5b6038 R14: 00007fe60c5b5fa0 R15: 00007ffd38ba5268
[  366.281193][T12472]  </TASK>
[  366.485937][T12487] syz.0.2179[12487] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.486105][T12487] syz.0.2179[12487] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.656047][T12492] netlink: 'syz.3.2181': attribute type 39 has an invalid length.
[  368.085394][T12522] netlink: 'syz.1.2190': attribute type 21 has an invalid length.
[  368.155381][T12522] netlink: 'syz.1.2190': attribute type 1 has an invalid length.
[  368.364532][T12529] netlink: 'syz.0.2194': attribute type 39 has an invalid length.
[  368.628120][T12533] netlink: 'syz.2.2195': attribute type 10 has an invalid length.
[  368.788824][T12547] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.2199'.
[  368.965159][T12549] netlink: 'syz.3.2198': attribute type 10 has an invalid length.
[  369.136271][T12561] FAULT_INJECTION: forcing a failure.
[  369.136271][T12561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  369.137223][T12561] 
[  369.137229][T12561] ======================================================
[  369.137233][T12561] WARNING: possible circular locking dependency detected
[  369.137239][T12561] 6.6.102-syzkaller #0 Not tainted
[  369.137247][T12561] ------------------------------------------------------
[  369.137251][T12561] syz.2.2204/12561 is trying to acquire lock:
[  369.137258][T12561] ffffffff8cd23e20 (console_owner){-...}-{0:0}, at: console_flush_all+0x10f/0xd00
[  369.137300][T12561] 
[  369.137300][T12561] but task is already holding lock:
[  369.137304][T12561] ffff8880b8f3c458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  369.137339][T12561] 
[  369.137339][T12561] which lock already depends on the new lock.
[  369.137339][T12561] 
[  369.137344][T12561] 
[  369.137344][T12561] the existing dependency chain (in reverse order) is:
[  369.137348][T12561] 
[  369.137348][T12561] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  369.137364][T12561]        _raw_spin_lock_nested+0x32/0x50
[  369.137386][T12561]        raw_spin_rq_lock_nested+0x2a/0x140
[  369.137403][T12561]        task_fork_fair+0x62/0x1f0
[  369.137415][T12561]        sched_cgroup_fork+0x333/0x3c0
[  369.137426][T12561]        copy_process+0x21e4/0x3d70
[  369.137438][T12561]        kernel_clone+0x21b/0x840
[  369.137450][T12561]        user_mode_thread+0xde/0x130
[  369.137463][T12561]        rest_init+0x27/0x300
[  369.137473][T12561]        arch_call_rest_init+0xe/0x10
[  369.137493][T12561]        start_kernel+0x459/0x4e0
[  369.137510][T12561]        x86_64_start_reservations+0x2a/0x30
[  369.137527][T12561]        copy_bootdata+0x0/0xe0
[  369.137542][T12561]        secondary_startup_64_no_verify+0x179/0x17b
[  369.137559][T12561] 
[  369.137559][T12561] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  369.137576][T12561]        _raw_spin_lock_irqsave+0xa8/0xf0
[  369.137595][T12561]        try_to_wake_up+0x60/0x1140
[  369.137614][T12561]        __wake_up_common+0x2a4/0x4e0
[  369.137627][T12561]        __wake_up+0x112/0x190
[  369.137639][T12561]        tty_port_default_wakeup+0xa2/0xf0
[  369.137651][T12561]        serial8250_tx_chars+0x6bd/0x8a0
[  369.137667][T12561]        serial8250_handle_irq+0x534/0x6e0
[  369.137682][T12561]        serial8250_default_handle_irq+0xb8/0x1a0
[  369.137699][T12561]        serial8250_interrupt+0x9f/0x1c0
[  369.137713][T12561]        __handle_irq_event_percpu+0x276/0x930
[  369.137739][T12561]        handle_irq_event+0x8b/0x1e0
[  369.137756][T12561]        handle_edge_irq+0x247/0xb30
[  369.137768][T12561]        __common_interrupt+0x13b/0x230
[  369.137783][T12561]        common_interrupt+0xb4/0xd0
[  369.137797][T12561]        asm_common_interrupt+0x26/0x40
[  369.137816][T12561]        pv_native_safe_halt+0x13/0x20
[  369.137833][T12561]        default_idle+0x13/0x20
[  369.137851][T12561]        default_idle_call+0x6c/0xa0
[  369.137877][T12561]        do_idle+0x1eb/0x510
[  369.137890][T12561]        cpu_startup_entry+0x43/0x60
[  369.137904][T12561]        rest_init+0x2e2/0x300
[  369.137914][T12561]        arch_call_rest_init+0xe/0x10
[  369.137931][T12561]        start_kernel+0x459/0x4e0
[  369.137948][T12561]        x86_64_start_reservations+0x2a/0x30
[  369.137964][T12561]        copy_bootdata+0x0/0xe0
[  369.137979][T12561]        secondary_startup_64_no_verify+0x179/0x17b
[  369.137996][T12561] 
[  369.137996][T12561] -> #2 (&tty->write_wait){-.-.}-{2:2}:
[  369.138013][T12561]        _raw_spin_lock_irqsave+0xa8/0xf0
[  369.138032][T12561]        __wake_up+0xf8/0x190
[  369.138043][T12561]        tty_port_default_wakeup+0xa2/0xf0
[  369.138055][T12561]        serial8250_tx_chars+0x6bd/0x8a0
[  369.138070][T12561]        serial8250_handle_irq+0x534/0x6e0
[  369.138085][T12561]        serial8250_default_handle_irq+0xb8/0x1a0
[  369.138102][T12561]        serial8250_interrupt+0x9f/0x1c0
[  369.138115][T12561]        __handle_irq_event_percpu+0x276/0x930
[  369.138133][T12561]        handle_irq_event+0x8b/0x1e0
[  369.138150][T12561]        handle_edge_irq+0x247/0xb30
[  369.138162][T12561]        __common_interrupt+0x13b/0x230
[  369.138175][T12561]        common_interrupt+0xb4/0xd0
[  369.138190][T12561]        asm_common_interrupt+0x26/0x40
[  369.138209][T12561]        _raw_spin_unlock_irqrestore+0xa9/0x110
[  369.138226][T12561]        uart_write+0x45b/0x5d0
[  369.138239][T12561]        n_tty_write+0xd27/0x11d0
[  369.138251][T12561]        file_tty_write+0x54b/0x980
[  369.138262][T12561]        vfs_write+0x43b/0x940
[  369.138274][T12561]        ksys_write+0x147/0x250
[  369.138285][T12561]        do_syscall_64+0x55/0xb0
[  369.138296][T12561]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.138310][T12561] 
[  369.138310][T12561] -> #1 (&port_lock_key){-.-.}-{2:2}:
[  369.138323][T12561]        _raw_spin_lock_irqsave+0xa8/0xf0
[  369.138337][T12561]        serial8250_console_write+0x16d/0x17a0
[  369.138349][T12561]        console_flush_all+0x6cd/0xd00
[  369.138360][T12561]        console_unlock+0xae/0x340
[  369.138371][T12561]        vprintk_emit+0x477/0x600
[  369.138381][T12561]        _printk+0xd0/0x110
[  369.138395][T12561]        register_console+0x91b/0xe60
[  369.138406][T12561]        univ8250_console_init+0x45/0x50
[  369.138419][T12561]        console_init+0x17b/0x5e0
[  369.138448][T12561]        start_kernel+0x2c0/0x4e0
[  369.138461][T12561]        x86_64_start_reservations+0x2a/0x30
[  369.138474][T12561]        copy_bootdata+0x0/0xe0
[  369.138488][T12561]        secondary_startup_64_no_verify+0x179/0x17b
[  369.138501][T12561] 
[  369.138501][T12561] -> #0 (console_owner){-...}-{0:0}:
[  369.138514][T12561]        __lock_acquire+0x2ddb/0x7c80
[  369.138524][T12561]        lock_acquire+0x197/0x410
[  369.138534][T12561]        console_flush_all+0x693/0xd00
[  369.138545][T12561]        console_unlock+0xae/0x340
[  369.138555][T12561]        vprintk_emit+0x477/0x600
[  369.138565][T12561]        _printk+0xd0/0x110
[  369.138578][T12561]        should_fail_ex+0x37e/0x4d0
[  369.138591][T12561]        strncpy_from_user+0x36/0x2e0
[  369.138599][T12561]        strncpy_from_user_nofault+0x71/0x140
[  369.138612][T12561]        bpf_probe_read_user_str+0x2a/0x70
[  369.138627][T12561]        bpf_prog_bc7c5c6b9645592f+0x3d/0x3f
[  369.138638][T12561]        bpf_trace_run4+0x1f9/0x420
[  369.138647][T12561]        __bpf_trace_sched_switch+0x17b/0x1e0
[  369.138659][T12561]        __traceiter_sched_switch+0x93/0xc0
[  369.138668][T12561]        __schedule+0x2197/0x44d0
[  369.138679][T12561]        schedule+0xbd/0x170
[  369.138689][T12561]        schedule_timeout+0x9b/0x280
[  369.138702][T12561]        wait_woken+0xb8/0x180
[  369.138711][T12561]        sk_stream_wait_connect+0x407/0x820
[  369.138723][T12561]        tcp_sendmsg_locked+0x5f0/0x4af0
[  369.138739][T12561]        tcp_sendmsg+0x2f/0x50
[  369.138748][T12561]        ____sys_sendmsg+0x5bf/0x950
[  369.138760][T12561]        ___sys_sendmsg+0x220/0x290
[  369.138772][T12561]        __se_sys_sendmsg+0x1a5/0x270
[  369.138784][T12561]        do_syscall_64+0x55/0xb0
[  369.138794][T12561]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.138809][T12561] 
[  369.138809][T12561] other info that might help us debug this:
[  369.138809][T12561] 
[  369.138812][T12561] Chain exists of:
[  369.138812][T12561]   console_owner --> &p->pi_lock --> &rq->__lock
[  369.138812][T12561] 
[  369.138827][T12561]  Possible unsafe locking scenario:
[  369.138827][T12561] 
[  369.138829][T12561]        CPU0                    CPU1
[  369.138832][T12561]        ----                    ----
[  369.138834][T12561]   lock(&rq->__lock);
[  369.138840][T12561]                                lock(&p->pi_lock);
[  369.138846][T12561]                                lock(&rq->__lock);
[  369.138852][T12561]   lock(console_owner);
[  369.138858][T12561] 
[  369.138858][T12561]  *** DEADLOCK ***
[  369.138858][T12561] 
[  369.138860][T12561] 4 locks held by syz.2.2204/12561:
[  369.138867][T12561]  #0: ffff8880b8f3c458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  369.138895][T12561]  #1: ffffffff8cd2fbe0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0xfd/0x420
[  369.138918][T12561]  #2: ffffffff8cd23f00 (console_lock){+.+.}-{0:0}, at: _printk+0xd0/0x110
[  369.138946][T12561]  #3: ffffffff8cc0b710 (console_srcu){....}-{0:0}, at: console_flush_all+0x10f/0xd00
[  369.138971][T12561] 
[  369.138971][T12561] stack backtrace:
[  369.138974][T12561] CPU: 1 PID: 12561 Comm: syz.2.2204 Not tainted 6.6.102-syzkaller #0
[  369.138985][T12561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  369.138992][T12561] Call Trace:
[  369.138996][T12561]  <TASK>
[  369.139000][T12561]  dump_stack_lvl+0x16c/0x230
[  369.139013][T12561]  ? load_image+0x3b0/0x3b0
[  369.139029][T12561]  ? show_regs_print_info+0x20/0x20
[  369.139043][T12561]  ? print_circular_bug+0x12b/0x1a0
[  369.139057][T12561]  check_noncircular+0x2bd/0x3c0
[  369.139071][T12561]  ? print_deadlock_bug+0x5d0/0x5d0
[  369.139083][T12561]  ? lockdep_lock+0xe0/0x220
[  369.139098][T12561]  __lock_acquire+0x2ddb/0x7c80
[  369.139118][T12561]  ? verify_lock_unused+0x140/0x140
[  369.139137][T12561]  lock_acquire+0x197/0x410
[  369.139147][T12561]  ? console_flush_all+0x10f/0xd00
[  369.139162][T12561]  ? __lock_acquire+0x7c80/0x7c80
[  369.139173][T12561]  ? do_raw_spin_lock+0x121/0x2c0
[  369.139185][T12561]  ? read_lock_is_recursive+0x20/0x20
[  369.139197][T12561]  ? __rwlock_init+0x150/0x150
[  369.139211][T12561]  ? do_raw_spin_unlock+0x121/0x230
[  369.139225][T12561]  console_flush_all+0x693/0xd00
[  369.139237][T12561]  ? console_flush_all+0x10f/0xd00
[  369.139250][T12561]  ? console_flush_all+0x10f/0xd00
[  369.139266][T12561]  ? is_console_locked+0x20/0x20
[  369.139282][T12561]  console_unlock+0xae/0x340
[  369.139295][T12561]  ? other_cpu_in_panic+0xf0/0xf0
[  369.139307][T12561]  ? __lock_acquire+0x1260/0x7c80
[  369.139321][T12561]  vprintk_emit+0x477/0x600
[  369.139334][T12561]  ? printk_sprint+0x460/0x460
[  369.139347][T12561]  ? mark_lock+0x94/0x320
[  369.139361][T12561]  _printk+0xd0/0x110
[  369.139377][T12561]  ? load_image+0x3b0/0x3b0
[  369.139392][T12561]  ? __lock_acquire+0x1334/0x7c80
[  369.139407][T12561]  should_fail_ex+0x37e/0x4d0
[  369.139422][T12561]  strncpy_from_user+0x36/0x2e0
[  369.139433][T12561]  strncpy_from_user_nofault+0x71/0x140
[  369.139449][T12561]  bpf_probe_read_user_str+0x2a/0x70
[  369.139464][T12561]  bpf_prog_bc7c5c6b9645592f+0x3d/0x3f
[  369.139477][T12561]  bpf_trace_run4+0x1f9/0x420
[  369.139489][T12561]  ? bpf_trace_run4+0xfd/0x420
[  369.139498][T12561]  ? trace_event_raw_event_lock+0x230/0x230
[  369.139514][T12561]  ? bpf_trace_run3+0x400/0x400
[  369.139525][T12561]  ? __bpf_trace_sched_switch+0x160/0x1e0
[  369.139540][T12561]  __bpf_trace_sched_switch+0x17b/0x1e0
[  369.139554][T12561]  ? __bpf_trace_sched_wakeup_template+0xe0/0xe0
[  369.139567][T12561]  ? __lock_acquire+0x7c20/0x7c80
[  369.139578][T12561]  ? local_clock+0x20/0x20
[  369.139591][T12561]  ? tracing_record_taskinfo_sched_switch+0x7d/0x360
[  369.139606][T12561]  ? __bpf_trace_sched_wakeup_template+0xe0/0xe0
[  369.139619][T12561]  __traceiter_sched_switch+0x93/0xc0
[  369.139631][T12561]  __schedule+0x2197/0x44d0
[  369.139648][T12561]  ? reacquire_held_locks+0x2ff/0x5a0
[  369.139661][T12561]  ? release_sock+0x2f/0x1c0
[  369.139670][T12561]  ? asan.module_dtor+0x20/0x20
[  369.139682][T12561]  ? sk_stream_wait_connect+0x343/0x820
[  369.139698][T12561]  ? perf_trace_preemptirq_template+0xa4/0x340
[  369.139714][T12561]  schedule+0xbd/0x170
[  369.139731][T12561]  schedule_timeout+0x9b/0x280
[  369.139746][T12561]  ? console_conditional_schedule+0x40/0x40
[  369.139761][T12561]  ? sk_stream_wait_connect+0x343/0x820
[  369.139773][T12561]  ? __local_bh_enable_ip+0x12e/0x1c0
[  369.139783][T12561]  ? lockdep_hardirqs_on+0x98/0x150
[  369.139798][T12561]  ? __local_bh_enable_ip+0x12e/0x1c0
[  369.139807][T12561]  ? _local_bh_enable+0xa0/0xa0
[  369.139818][T12561]  wait_woken+0xb8/0x180
[  369.139829][T12561]  ? wait_woken+0x37/0x180
[  369.139841][T12561]  sk_stream_wait_connect+0x407/0x820
[  369.139857][T12561]  ? sk_stream_write_space+0x510/0x510
[  369.139868][T12561]  ? wait_woken+0x180/0x180
[  369.139882][T12561]  ? tcp_rate_check_app_limited+0x1ab/0x350
[  369.139899][T12561]  tcp_sendmsg_locked+0x5f0/0x4af0
[  369.139910][T12561]  ? verify_lock_unused+0x140/0x140
[  369.139922][T12561]  ? verify_lock_unused+0x140/0x140
[  369.139934][T12561]  ? tcp_sendmsg+0x21/0x50
[  369.139945][T12561]  ? perf_trace_lock+0xf7/0x380
[  369.139964][T12561]  ? mark_lock+0x94/0x320
[  369.139976][T12561]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  369.139989][T12561]  ? lock_chain_count+0x20/0x20
[  369.140007][T12561]  ? tcp_set_state+0x650/0x650
[  369.140023][T12561]  tcp_sendmsg+0x2f/0x50
[  369.140034][T12561]  ? inet_send_prepare+0x260/0x260
[  369.140043][T12561]  ____sys_sendmsg+0x5bf/0x950
[  369.140060][T12561]  ? __asan_memset+0x22/0x40
[  369.140073][T12561]  ? __sys_sendmsg_sock+0x30/0x30
[  369.140086][T12561]  ? __import_iovec+0x5f2/0x860
[  369.140103][T12561]  ? import_iovec+0x73/0xa0
[  369.140118][T12561]  ___sys_sendmsg+0x220/0x290
[  369.140133][T12561]  ? __sys_sendmsg+0x270/0x270
[  369.140154][T12561]  ? __lock_acquire+0x7c80/0x7c80
[  369.140173][T12561]  __se_sys_sendmsg+0x1a5/0x270
[  369.140188][T12561]  ? __x64_sys_sendmsg+0x80/0x80
[  369.140207][T12561]  ? lockdep_hardirqs_on+0x98/0x150
[  369.140222][T12561]  do_syscall_64+0x55/0xb0
[  369.140233][T12561]  ? clear_bhb_loop+0x40/0x90
[  369.140242][T12561]  ? clear_bhb_loop+0x40/0x90
[  369.140252][T12561]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.140267][T12561] RIP: 0033:0x7f66b618ebe9
[  369.140277][T12561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.140286][T12561] RSP: 002b:00007f66b70b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  369.140297][T12561] RAX: ffffffffffffffda RBX: 00007f66b63b6090 RCX: 00007f66b618ebe9
[  369.140305][T12561] RDX: 0000000000000810 RSI: 00002000000002c0 RDI: 0000000000000004
[  369.140312][T12561] RBP: 00007f66b70b7090 R08: 0000000000000000 R09: 0000000000000000
[  369.140318][T12561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.140325][T12561] R13: 00007f66b63b6128 R14: 00007f66b63b6090 R15: 00007ffc95841938
[  369.140337][T12561]  </TASK>
[  370.508212][T12561] CPU: 1 PID: 12561 Comm: syz.2.2204 Not tainted 6.6.102-syzkaller #0
[  370.516815][T12561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.526967][T12561] Call Trace:
[  370.530246][T12561]  <TASK>
[  370.533172][T12561]  dump_stack_lvl+0x16c/0x230
[  370.537935][T12561]  ? show_regs_print_info+0x20/0x20
[  370.543327][T12561]  ? load_image+0x3b0/0x3b0
[  370.547861][T12561]  ? __lock_acquire+0x1334/0x7c80
[  370.552932][T12561]  should_fail_ex+0x39d/0x4d0
[  370.558162][T12561]  strncpy_from_user+0x36/0x2e0
[  370.563194][T12561]  strncpy_from_user_nofault+0x71/0x140
[  370.568771][T12561]  bpf_probe_read_user_str+0x2a/0x70
[  370.574126][T12561]  bpf_prog_bc7c5c6b9645592f+0x3d/0x3f
[  370.579740][T12561]  bpf_trace_run4+0x1f9/0x420
[  370.584518][T12561]  ? bpf_trace_run4+0xfd/0x420
[  370.589652][T12561]  ? trace_event_raw_event_lock+0x230/0x230
[  370.595567][T12561]  ? bpf_trace_run3+0x400/0x400
[  370.600416][T12561]  ? __bpf_trace_sched_switch+0x160/0x1e0
[  370.606223][T12561]  __bpf_trace_sched_switch+0x17b/0x1e0
[  370.611882][T12561]  ? __bpf_trace_sched_wakeup_template+0xe0/0xe0
[  370.618302][T12561]  ? __lock_acquire+0x7c20/0x7c80
[  370.623512][T12561]  ? local_clock+0x20/0x20
[  370.627923][T12561]  ? tracing_record_taskinfo_sched_switch+0x7d/0x360
[  370.634605][T12561]  ? __bpf_trace_sched_wakeup_template+0xe0/0xe0
[  370.640927][T12561]  __traceiter_sched_switch+0x93/0xc0
[  370.646584][T12561]  __schedule+0x2197/0x44d0
[  370.651099][T12561]  ? reacquire_held_locks+0x2ff/0x5a0
[  370.656464][T12561]  ? release_sock+0x2f/0x1c0
[  370.661059][T12561]  ? asan.module_dtor+0x20/0x20
[  370.665913][T12561]  ? sk_stream_wait_connect+0x343/0x820
[  370.671599][T12561]  ? perf_trace_preemptirq_template+0xa4/0x340
[  370.677775][T12561]  schedule+0xbd/0x170
[  370.681863][T12561]  schedule_timeout+0x9b/0x280
[  370.686690][T12561]  ? console_conditional_schedule+0x40/0x40
[  370.692877][T12561]  ? sk_stream_wait_connect+0x343/0x820
[  370.698439][T12561]  ? __local_bh_enable_ip+0x12e/0x1c0
[  370.703909][T12561]  ? lockdep_hardirqs_on+0x98/0x150
[  370.709109][T12561]  ? __local_bh_enable_ip+0x12e/0x1c0
[  370.714612][T12561]  ? _local_bh_enable+0xa0/0xa0
[  370.719773][T12561]  wait_woken+0xb8/0x180
[  370.724028][T12561]  ? wait_woken+0x37/0x180
[  370.728448][T12561]  sk_stream_wait_connect+0x407/0x820
[  370.733827][T12561]  ? sk_stream_write_space+0x510/0x510
[  370.739310][T12561]  ? wait_woken+0x180/0x180
[  370.743839][T12561]  ? tcp_rate_check_app_limited+0x1ab/0x350
[  370.749745][T12561]  tcp_sendmsg_locked+0x5f0/0x4af0
[  370.754960][T12561]  ? verify_lock_unused+0x140/0x140
[  370.760355][T12561]  ? verify_lock_unused+0x140/0x140
[  370.765567][T12561]  ? tcp_sendmsg+0x21/0x50
[  370.769991][T12561]  ? perf_trace_lock+0xf7/0x380
[  370.774961][T12561]  ? mark_lock+0x94/0x320
[  370.779313][T12561]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  370.785392][T12561]  ? lock_chain_count+0x20/0x20
[  370.790256][T12561]  ? tcp_set_state+0x650/0x650
[  370.795025][T12561]  tcp_sendmsg+0x2f/0x50
[  370.799265][T12561]  ? inet_send_prepare+0x260/0x260
[  370.804367][T12561]  ____sys_sendmsg+0x5bf/0x950
[  370.809786][T12561]  ? __asan_memset+0x22/0x40
[  370.814475][T12561]  ? __sys_sendmsg_sock+0x30/0x30
[  370.819521][T12561]  ? __import_iovec+0x5f2/0x860
[  370.824400][T12561]  ? import_iovec+0x73/0xa0
[  370.828974][T12561]  ___sys_sendmsg+0x220/0x290
[  370.833762][T12561]  ? __sys_sendmsg+0x270/0x270
[  370.838633][T12561]  ? __lock_acquire+0x7c80/0x7c80
[  370.843756][T12561]  __se_sys_sendmsg+0x1a5/0x270
[  370.848811][T12561]  ? __x64_sys_sendmsg+0x80/0x80
[  370.853981][T12561]  ? lockdep_hardirqs_on+0x98/0x150
[  370.859280][T12561]  do_syscall_64+0x55/0xb0
[  370.863697][T12561]  ? clear_bhb_loop+0x40/0x90
[  370.868371][T12561]  ? clear_bhb_loop+0x40/0x90
[  370.873041][T12561]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  370.879307][T12561] RIP: 0033:0x7f66b618ebe9
[  370.883819][T12561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.903710][T12561] RSP: 002b:00007f66b70b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.912339][T12561] RAX: ffffffffffffffda RBX: 00007f66b63b6090 RCX: 00007f66b618ebe9
[  370.920436][T12561] RDX: 0000000000000810 RSI: 00002000000002c0 RDI: 0000000000000004
[  370.928511][T12561] RBP: 00007f66b70b7090 R08: 0000000000000000 R09: 0000000000000000
[  370.936491][T12561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.944467][T12561] R13: 00007f66b63b6128 R14: 00007f66b63b6090 R15: 00007ffc95841938
[  370.952533][T12561]  </TASK>
[  379.070383][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  379.077203][ T1281] ieee802154 phy1 wpan1: encryption failed: -22