last executing test programs:

4.688031378s ago: executing program 1 (id=1252):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000008c0)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000001e00)={&(0x7f0000000900)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8085}, 0xe0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) (async)
r1 = socket$kcm(0xa, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x0, 0xd, 0x0, 0x0) (async)
socketpair(0x1d, 0x6, 0x10200, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'gre0\x00'}) (async)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
recvmsg$kcm(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40010120)
socket$kcm(0x29, 0x0, 0x0) (async)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) (async)
sendmsg$sock(r1, &(0x7f0000000380)={&(0x7f0000000140)=@pppoe={0x18, 0x0, {0x2, @remote, 'bond_slave_0\x00'}}, 0x80, &(0x7f0000000040)=[{&(0x7f00000001c0)="2e0d0dc05dcb7bbe2ccab7386c543ebbfc6e21276ca1aeedb6410386298706f39b4175003dc1175132d319b7937f7c63724de2a4e8e31aba0b1ffbc8fe84afd73fd45dc68d2bb70a5d64095eca40325f5c30b26728bec44e6d3ad4e192de0dac179ae27e5ae6d84e16987dfc52bdd6647a6eaaea1d753afdb27502e121edecb6701c59432b48128317285c5c8ff32846d8fa0a0a9e1849a5b05871cbe2dc426265684a8097b177d383e561ad41182a43d935252c590a1db9f4be7363b17ba29aae26a328add6c0d972172b596d152f249de2369105db3713", 0xd8}], 0x1, &(0x7f00000002c0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0x7d}}, @mark={{0x14, 0x1, 0x24, 0x80000000}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x5a3}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}], 0x90}, 0x4000010)

4.244226227s ago: executing program 1 (id=1256):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x30b)

3.306419041s ago: executing program 3 (id=1263):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x406, &(0x7f00000000c0)=[{&(0x7f0000000180)="1400000017000b63d25a80648c2594f905a3c92b", 0x14}], 0x1}, 0x0)

3.24913897s ago: executing program 1 (id=1264):
perf_event_open(&(0x7f0000000500)={0x2, 0x84, 0x53, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x32, 0xfffffbef, 0x3, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000a50000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x407fff, 0x5}, 0x14105, 0x2e, 0x101, 0x5, 0x2, 0x9, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r1, 0x4)

2.995511092s ago: executing program 3 (id=1267):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
socket$kcm(0x2, 0x3, 0x2)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xd24, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x5, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffff7fffffffffff, 0xffffffffffffffff, 0x9)
r1 = socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff05140100000e1208000f0100810401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bff", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x6, 0x17, 0x0, 0x0)
close(r2)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x6, 0x22, &(0x7f0000000200), 0x4)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000053bb05023a000000df00"/29], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r7}, 0x10)
recvmsg(r5, &(0x7f0000000ac0)={0x0, 0x0, 0x0}, 0x0)
close(r6)
r8 = openat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r10 = socket$kcm(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000081cf2d614517f3406d15014ef1e8c21ed0d49c32b110b824e566d358b73f0e2719f5ce9add7fba2bc52e5a5282979a4ce9a5c1f607756eb0b64d925d5a5e8f4f2fcdc0906d064337c810275c706f4ce5f24ccba488ddb0467146c7c7e07c4d3430c79566a21c3d02ef5b170d50d3d6991d4697b457efbf9bf3cea05639d1d26ff3fc11432e40f73e818a4ef7b48a8a9594740e42d061938fadd7483e89dfd7a85157adbfc664d6037037a8af8f37a801f8e2eb46c8e4057"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r10, 0x1, 0x3e, &(0x7f0000000100)=r9, 0x4)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14201}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="6700000011008188040f56ecdb4cb9cca7480ef435000000e3bd6efb440009000e002e0010000000ba80013ffa85f59a0000005a8c3774fa0af3dc59a933c1e6a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f", 0x67}, {&(0x7f0000000240)="4581c4caab9e9f8b80238a1371ba5ab713dec351d9127349b82c4a9d1a08c98f9210861f1f5e22457e4bff4e8927059ff10b460795bc001d2d56468357fc56000000000000000000", 0x48}], 0x2}, 0x0)

2.717657327s ago: executing program 0 (id=1269):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="1400000017000b63d25a80648c2594f905a3c92b", 0x14}], 0x1}, 0x0) (fail_nth: 8)

2.647034817s ago: executing program 3 (id=1270):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0x88, 0x7, [@struct={0x4, 0x3, 0x0, 0x4, 0x0, 0x3, [{0x5, 0x1, 0x2}, {0xc, 0x4, 0x1}, {0x4, 0x0, 0x10001}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x5, 0x1ff}}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x5}}, @type_tag={0x5, 0x0, 0x0, 0x12, 0x5}, @typedef={0x7, 0x0, 0x0, 0x8, 0x1}, @int={0x6, 0x0, 0x0, 0x1, 0x0, 0x55, 0x0, 0x69, 0x5}]}, {0x0, [0x2e, 0x0, 0x5f, 0x2e, 0x61]}}, &(0x7f00000002c0)=""/107, 0xa7, 0x6b, 0x0, 0x40, 0x10000}, 0x28)
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000100)=r4, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x2, 0x80000000, 0x7, 0x2, 0x8000, r0, 0x0, '\x00', r1, r2, 0x4, 0x2, 0x2, 0x0, @value=r4}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x2b}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)

2.049891467s ago: executing program 1 (id=1271):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x101260, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000740)="d800000019008111e0020f060d8107040a60000000000000001455a12a00090008000699e3ffffff14000500fe80817806000567b8b7b94002000009080016060000000000000000d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237e09000000b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b7b4338c9f1ac76efb42a9ecbee5de6ccd44242f4d643f6fd0f26187b51980dd6", 0xd8}, {&(0x7f0000001c80)="3cbf5225abb4bbec0116388ad2ffb6af1ca81a72499aacf6b39267c4d733c386b440fdd77ca6537bb6ee2a6b5270c27a4326c131f87c92b5a353ffc21c2168947ee6f83d4a26c3b3190e3fda59af5355b5ed74303bea495f5fbe7bdbe22b4e696e771184b7656a5bf5ef8907b5ffbfdc870ec9dabec81a529eaf3ab9fb0219e6a8cea48c", 0x84}], 0x2}, 0x80)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x3, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="180200000000bf000000000000000000850000002f000000850000000700000095"], &(0x7f0000000600)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r4, &(0x7f0000000780)}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001340)={0xffffffffffffffff, 0x20, &(0x7f00000002c0)={&(0x7f0000000200)=""/154, 0x9a, <r5=>0x0, &(0x7f0000000340)=""/4096, 0x1000}}, 0x10)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="2e00000010008188040f80ec59acbc040ca1800004000000000000000010003a0e0037000f001e0bbc82a91401eb", 0x2e}], 0x1}, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001680)=@bpf_lsm={0x1d, 0x11, &(0x7f0000001380)=@raw=[@cb_func={0x18, 0x5, 0x4, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x3, 0x2, 0x2, 0x1, 0x7, 0xfffffffffffffff4, 0x1}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xd}], &(0x7f0000001440)='syzkaller\x00', 0x0, 0xf7, &(0x7f0000001480)=""/247, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x2, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, &(0x7f0000001600)=[{0x3, 0x5, 0x7}, {0x1, 0x5, 0x4, 0x5}, {0x3, 0x1, 0xd, 0x8}, {0x3, 0x3, 0x6, 0x1}, {0x5, 0x2, 0xa, 0x2}], 0x10, 0x3}, 0x94)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x2}, 0x50)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r10, &(0x7f0000000040)='syz1\x00', 0x1ff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}, {0x7, 0x0, 0xb, 0x5, 0x0, 0x0, 0x2}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r11=>0xffffffffffffffff})
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="12000000090000000800000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r12}, &(0x7f00000000c0), &(0x7f0000000100)=r11}, 0x20)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000017c0)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x50)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001c00)=ANY=[@ANYBLOB="1b00000000000000000000000000000000000000764f4178eb72c9000d3f67c5a34403a71cc31a85e1e50c93ec9ccb4654add0c5674910557c4d39e0", @ANYRES32=0x1, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000030000000200"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001980)={0xc, 0xd, &(0x7f0000001a40)=ANY=[@ANYBLOB="180000000500000000000000070000001841000004000000000000000000000018010000202064250000000000202020731af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000045e7e0008500000006000000950000000000000068d4ae6109378d9ec8f1a6197ff98e65c525d12e58977885f23d098dd49bd7fdb87682d821ebae260ffcec88771e3c5a22848fc99b381a12508daba583a7d2d1f7ff88e5d25c760bea418cc1d9cad2092e11aa3dd1ffa7683c8330f762c9edbbd92133378dc784d98809dd2e1935ee04c3617c0f7f815e3542a64f4b3fb025f3ac82fd567521b85e0eff2281b5303ad4a4deceaf61e3c38d6a16da706d530bd6022c7a74af90ca02ac7cb693791ad6e940d792d3747db20ac73414c5639354efd34aabaf0e4dd899fb29b506e1d0514cb8f3503b596d796bfac3de7c1588c4979b5384e14efa6dee644e12fa5b6fb966f9e589ef1f382fd36f08b6fa364b6dc4013d1c5a71fde2d0bfeeba17e97f9013547c52fbcd64694e37f4d67ff4e1daba6787b68a85246596e4fd09a743cab484453847c46dfe0c01d32a6b4a6ce9a15974964231b6dd19473ba02e78046f9066475c4ff03e78afb1"], &(0x7f0000000000)='syzkaller\x00', 0x7f, 0x2e, &(0x7f0000000140)=""/46, 0x41100, 0x12, '\x00', 0x0, @fallback=0x6, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x0, 0x6, 0x81, 0x10000}, 0x10, r5, r7, 0x6, &(0x7f00000018c0)=[r8, 0xffffffffffffffff, r9, r12, r13, r14], &(0x7f0000001900)=[{0x5, 0x2, 0xf, 0x5}, {0x3, 0x5, 0xd}, {0x2, 0x3, 0x0, 0x2}, {0x1, 0x4, 0x2, 0xc}, {0x5, 0x5, 0x9, 0x9}, {0x2, 0x4, 0xa, 0x9}]}, 0x94)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000300)=0x2)

2.049414309s ago: executing program 2 (id=1272):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x4800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={r0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r1, 0x0, 0x9}, 0x18)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='mctp_key_release\x00', r1, 0x0, 0x5}, 0x18)
close(r3)
r4 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x5, @perf_config_ext={0xffffffffffffffff, 0x8}, 0x9000, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000c63f1de100000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000038000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0)
socketpair(0x1f, 0x2, 0x7, &(0x7f0000000140))
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r5})

1.729755985s ago: executing program 4 (id=1273):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x40006, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="15000000100000000800"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000000000603bad225d00"/33], 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="000000050000ff00b70200fd13000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000008b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x70)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00'}, 0x10)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
close(r7)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r8)
bpf$BPF_GET_PROG_INFO(0x1c, 0x0, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r8, r5, 0x4, r5}, 0x10)

1.593646332s ago: executing program 2 (id=1274):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.477980218s ago: executing program 0 (id=1275):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={0x0, 0x6}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x80044, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4, @perf_bp={0x0, 0x6}, 0x0, 0x2, 0xfffffffe, 0x7, 0x0, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000600000004000000000000070000000000000000000000010500000140b9000000000000010000850200000000000000020000000000004300000000da"], 0x0, 0x52, 0x0, 0x1}, 0x28)
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, 0x0, 0x0)
r1 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000040)={0x5, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffca, 0x1, @perf_config_ext={0xffff88809880e080, 0x80000000}, 0x104010, 0x0, 0x2, 0x0, 0x0, 0x400, 0x1})
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffc86)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
socket$kcm(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="5eaa000000000000711010000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="d8000000180081084e81f782dbebc904021d080006067c09e8fe55a10a0015400800142603600e1208001600014003000000036004fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4b0fea0f0e598a0fa93683f5aeb5cdbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970100", 0xd8}, {&(0x7f0000000100)="fbcc3abf4947704703af4936468edeecd46f3d23a3aeb0ea121a357e078d268b76e3e8300d6902bd129b36edf0da8625a2d6ce9c863838fd57177eb0b0b604ed438757008e4f8696c3b6f057fcf5e9db27be386b5ca061bc8e", 0x59}, {&(0x7f00000001c0)="840ae42e804f4292cc74db19bcb0a1834a57b02908912eb5878ccc13e6e952796ba4ca2aed1e38a09885d1b0d4697aeae6a9661c5f02deff613c34367e5eac83fddbc8280b327824421c4ad62c23391833b83e10515402a31cab089a150d08ffd552c1163322a71418ed43e50e8bf191d01dc29e4c0046c3a2b9ba318e41e2b807b9a6e85978087d4cda511135b928689cc2ea35bde161f6a6883fc208e132387b9616f71b35bf8454fd936d6caf6e7ef06e3bd06a8db3076d81c47e408a3fbd526235370c12c8d033e8550aebdda16edff27b0a73462b803d3b7ffe40cbf6f8f17b1ce5720a0a8b1ef7b0", 0xeb}], 0x3, 0x0, 0x0, 0x6000}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400602, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'wg1\x00', 0x1000})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x4086, 0x0)
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000340)={0x1, &(0x7f0000000300)=[{0x0, 0x2, 0x89, 0x9}]})

1.477730506s ago: executing program 4 (id=1276):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x2d}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)

1.331860562s ago: executing program 3 (id=1277):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socketpair(0x22, 0x2, 0x24, &(0x7f00000000c0))

1.292340081s ago: executing program 1 (id=1278):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x8a, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x8, 0x80022}, 0x50)

956.287514ms ago: executing program 2 (id=1279):
socket$kcm(0x10, 0x400000002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000005000000000000000000000300080000030000000200000000000000000000000000000a0400000004000000000000080300000000002e5f00fbf77a536a8c8609119e71c37d9018f2c822412bc32768eb3dc7471ede3e42ce8cfb30d6d05e2eb83d03c7947316ad9498d6ab6a8e0761dea1dae399372b849a9a97bc59a81fa97e23538536644780db28990a84387bb673da34892516699fc1c2b04802e669440447a17f52c6c138db8c1707926ffc2972d7c3be65eb78214ab4872e7cec6eff49294ee2b66e0dcbe9120e3ffc2edd73a33845f38c95cd0cc10cab7263e3c906af6df4bdca4429d350d7467441c2476229d7ecca351525de6928f48c7f214e320db4bcf327308fb51a0feaa4a80f607d36c5d68e3fc818e6118e4650db7fb7466867eb7bda36dae5"], 0x0, 0x4d}, 0x28)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, @perf_bp={0x0, 0x8}, 0x390, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f00000008c0), 0x4)
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0xfffffffffffffc9a, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000001095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188041f56ecdb4cb9cca7480ef432000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x20000000)

925.768699ms ago: executing program 4 (id=1280):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000014006b05c84e21000ab16d6e230675f802000000440002000800d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="c40a000000000000611148000000000006000000feffffff9500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xa9, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000000c0)='\x00')

838.161994ms ago: executing program 3 (id=1281):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
socket$kcm(0x2, 0x3, 0x2)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xd24, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x5, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffff7fffffffffff, 0xffffffffffffffff, 0x9)
r1 = socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff05140100000e1208000f0100810401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bff", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x6, 0x17, 0x0, 0x0)
close(r2)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x6, 0x22, &(0x7f0000000200), 0x4)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000053bb05023a000000df00"/29], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r8}, 0x10)
recvmsg(r5, &(0x7f0000000ac0)={0x0, 0x0, 0x0}, 0x0)
close(r6)
r9 = openat$cgroup(r0, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r11 = socket$kcm(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000081cf2d614517f3406d15014ef1e8c21ed0d49c32b110b824e566d358b73f0e2719f5ce9add7fba2bc52e5a5282979a4ce9a5c1f607756eb0b64d925d5a5e8f4f2fcdc0906d064337c810275c706f4ce5f24ccba488ddb0467146c7c7e07c4d3430c79566a21c3d02ef5b170d50d3d6991d4697b457efbf9bf3cea05639d1d26ff3fc11432e40f73e818a4ef7b48a8a9594740e42d061938fadd7483e89dfd7a85157adbfc664d6037037a8af8f37a801f8e2eb46c8e4057"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r11, 0x1, 0x3e, &(0x7f0000000100)=r10, 0x4)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x14201}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r12 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="6700000011008188040f56ecdb4cb9cca7480ef435000000e3bd6efb440009000e002e0010000000ba80013ffa85f59a0000005a8c3774fa0af3dc59a933c1e6a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f", 0x67}, {&(0x7f0000000240)="4581c4caab9e9f8b80238a1371ba5ab713dec351d9127349b82c4a9d1a08c98f9210861f1f5e22457e4bff4e8927059ff10b460795bc001d2d56468357fc56000000000000000000", 0x48}], 0x2}, 0x0)

837.655314ms ago: executing program 0 (id=1282):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$kcm(0x1e, 0x1, 0x0)
sendmsg$kcm(r2, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x7ffffffe, 0x0, 0x4}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xd0010100}, 0x0)

574.110546ms ago: executing program 1 (id=1283):
perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x76, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000010000000000000003000000180000000300000000000020040000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x2a, 0x2, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={0x0, 0x7}, 0x1000, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000040000", @ANYBLOB, @ANYBLOB], 0x48)
r2 = socket$kcm(0xf, 0x3, 0x2)
recvmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x0, 0x45, 0x0, 0xfd, 0x0, 0x9c, 0x10803, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400001, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0xffff, 0x5, 0x2, 0x40, 0x200000a, 0x49, 0x0, 0x2}, 0x0, 0x4, 0xffffffffffffffff, 0x1)
r3 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x29, 0x23, &(0x7f0000000040), 0xcf)
sendmsg$inet(r2, &(0x7f0000003780)={0x0, 0xfffffeff, &(0x7f0000000000)=[{&(0x7f0000000040)="0212000902000000e4a17c45c85686605e85da4a", 0x10}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f00000001c0)={&(0x7f0000000140)=@qipcrtr, 0x80, 0x0}, 0x0)
sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000000)=@qipcrtr={0x2a, 0xffffffff, 0xffff0002}, 0x80, 0x0}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f0000000940)={&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000000880), 0x0, &(0x7f0000000900)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x38}, 0x2)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x8000000, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10}, 0x94)
recvmsg(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000680)=""/151, 0x97}, {&(0x7f00000003c0)=""/107, 0x6b}, {&(0x7f0000000380)=""/22, 0x16}, {&(0x7f0000000000)=""/162, 0xa2}], 0x4, 0xfffffffffffffffe, 0xfffffffffffffe15}, 0x0)
close(r7)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r4, 0x40107446, &(0x7f0000000180))
recvmsg(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x2)

540.142174ms ago: executing program 2 (id=1284):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x4800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={r0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r1, 0x0, 0x9}, 0x18)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='mctp_key_release\x00', r1, 0x0, 0x5}, 0x18)
close(r3)
r4 = socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x5, @perf_config_ext={0xffffffffffffffff, 0x8}, 0x9000, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000c63f1de100000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000038000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0)
socketpair(0x1f, 0x2, 0x7, &(0x7f0000000140))
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r5})

525.574431ms ago: executing program 4 (id=1285):
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000020000000000000000f000000850000002e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

438.150047ms ago: executing program 0 (id=1286):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000180)=[{&(0x7f0000000300)="d80000001a0081044e81f782db4cb904021d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a8001600200004400400e000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0x12b}], 0x1}, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2}, 0x50)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x9, [@enum={0x2, 0x2, 0x0, 0x6, 0x4, [{0x9, 0xaa3}, {0x3, 0x1}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x5, 0x5}}, @func={0xe, 0x0, 0x0, 0xc, 0x3}, @var={0x7, 0x0, 0x0, 0xe, 0x1, 0x1}]}, {0x0, [0x5f, 0x61, 0x5f, 0x0, 0x51, 0x5f, 0x61]}}, &(0x7f0000000480)=""/4096, 0x71, 0x1000, 0x0, 0x8, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0xf, 0x13, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@jmp={0x5, 0x1, 0x9, 0x2, 0x0, 0x18, 0x10}, @map_val={0x18, 0x5, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='syzkaller\x00', 0xfffffffd, 0xaa, &(0x7f0000000200)=""/170, 0x41000, 0x1, '\x00', 0x0, @cgroup_device=0x6, r2, 0x8, &(0x7f0000001480)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000014c0)={0x1, 0xd, 0x54da, 0xffffff7f}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)

390.228467ms ago: executing program 4 (id=1287):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x40006, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="15000000100000000800"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000000000603bad225d00"/33], 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="000000050000ff00b70200fd13000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000008b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x70)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00'}, 0x10)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
close(r7)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r8)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r5, 0x0, 0x0}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)

385.096144ms ago: executing program 3 (id=1288):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x101260, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000740)="d800000019008111e0020f060d8107040a60000000000000001455a12a00090008000699e3ffffff14000500fe80817806000567b8b7b94002000009080016060000000000000000d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237e09000000b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b7b4338c9f1ac76efb42a9ecbee5de6ccd44242f4d643f6fd0f26187b51980dd6", 0xd8}, {&(0x7f0000001c80)="3cbf5225abb4bbec0116388ad2ffb6af1ca81a72499aacf6b39267c4d733c386b440fdd77ca6537bb6ee2a6b5270c27a4326c131f87c92b5a353ffc21c2168947ee6f83d4a26c3b3190e3fda59af5355b5ed74303bea495f5fbe7bdbe22b4e696e771184b7656a5bf5ef8907b5ffbfdc870ec9dabec81a529eaf3ab9fb0219e6a8cea48c", 0x84}], 0x2}, 0x80)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x3, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="180200000000bf000000000000000000850000002f000000850000000700000095"], &(0x7f0000000600)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x40}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r4, &(0x7f0000000780)}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001340)={0xffffffffffffffff, 0x20, &(0x7f00000002c0)={&(0x7f0000000200)=""/154, 0x9a, <r5=>0x0, &(0x7f0000000340)=""/4096, 0x1000}}, 0x10)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="2e00000010008188040f80ec59acbc040ca1800004000000000000000010003a0e0037000f001e0bbc82a91401eb", 0x2e}], 0x1}, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001680)=@bpf_lsm={0x1d, 0x11, &(0x7f0000001380)=@raw=[@cb_func={0x18, 0x5, 0x4, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x3, 0x2, 0x2, 0x1, 0x7, 0xfffffffffffffff4, 0x1}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xd}], &(0x7f0000001440)='syzkaller\x00', 0x0, 0xf7, &(0x7f0000001480)=""/247, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000001580)={0x2, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, &(0x7f0000001600)=[{0x3, 0x5, 0x7}, {0x1, 0x5, 0x4, 0x5}, {0x3, 0x1, 0xd, 0x8}, {0x3, 0x3, 0x6, 0x1}, {0x5, 0x2, 0xa, 0x2}], 0x10, 0x3}, 0x94)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x2}, 0x50)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r10, &(0x7f0000000040)='syz1\x00', 0x1ff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}, {0x7, 0x0, 0xb, 0x5, 0x0, 0x0, 0x2}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r11=>0xffffffffffffffff})
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="12000000090000000800000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r12}, &(0x7f00000000c0), &(0x7f0000000100)=r11}, 0x20)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000017c0)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x50)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001c00)=ANY=[@ANYBLOB="1b00000000000000000000000000000000000000764f4178eb72c9000d3f67c5a34403a71cc31a85e1e50c93ec9ccb4654add0c5674910557c4d39e0", @ANYRES32=0x1, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000030000000200"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001980)={0xc, 0xd, &(0x7f0000001a40)=ANY=[@ANYBLOB="180000000500000000000000070000001841000004000000000000000000000018010000202064250000000000202020731af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000045e7e0008500000006000000950000000000000068d4ae6109378d9ec8f1a6197ff98e65c525d12e58977885f23d098dd49bd7fdb87682d821ebae260ffcec88771e3c5a22848fc99b381a12508daba583a7d2d1f7ff88e5d25c760bea418cc1d9cad2092e11aa3dd1ffa7683c8330f762c9edbbd92133378dc784d98809dd2e1935ee04c3617c0f7f815e3542a64f4b3fb025f3ac82fd567521b85e0eff2281b5303ad4a4deceaf61e3c38d6a16da706d530bd6022c7a74af90ca02ac7cb693791ad6e940d792d3747db20ac73414c5639354efd34aabaf0e4dd899fb29b506e1d0514cb8f3503b596d796bfac3de7c1588c4979b5384e14efa6dee644e12fa5b6fb966f9e589ef1f382fd36f08b6fa364b6dc4013d1c5a71fde2d0bfeeba17e97f9013547c52fbcd64694e37f4d67ff4e1daba6787b68a85246596e4fd09a743cab484453847c46dfe0c01d32a6b4a6ce9a15974964231b6dd19473ba02e78046f9066475c4ff03e78afb1"], &(0x7f0000000000)='syzkaller\x00', 0x7f, 0x2e, &(0x7f0000000140)=""/46, 0x41100, 0x12, '\x00', 0x0, @fallback=0x6, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x0, 0x6, 0x81, 0x10000}, 0x10, r5, r7, 0x6, &(0x7f00000018c0)=[r8, 0xffffffffffffffff, r9, r12, r13, r14], &(0x7f0000001900)=[{0x5, 0x2, 0xf, 0x5}, {0x3, 0x5, 0xd}, {0x2, 0x3, 0x0, 0x2}, {0x1, 0x4, 0x2, 0xc}, {0x5, 0x5, 0x9, 0x9}, {0x2, 0x4, 0xa, 0x9}]}, 0x94)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000300)=0x2)

262.078128ms ago: executing program 0 (id=1289):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

211.484363ms ago: executing program 2 (id=1290):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x2d}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)

174.462051ms ago: executing program 0 (id=1291):
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800250007000200060019c00164bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xfcffffffffffffff)

65.736732ms ago: executing program 4 (id=1292):
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="d8000000180081054e81f783db4cb9040a1d080006007c03e8fc55a10a0004000600142603600e120800060000000401a80008002000000001000000035c0461c1d67f6f94007134cf6efb8000a007a290457f010400000000000000ceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d405fe4f0e59a6c5870e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x40044)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/67, 0x43}, {&(0x7f0000000080)=""/42, 0x2a}, {&(0x7f0000000340)=""/157, 0x9d}, {&(0x7f0000000280)}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x5, &(0x7f0000000400)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, <r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, <r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff]}}], 0x40}, 0x20002040)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0x20, &(0x7f0000000980)={&(0x7f0000000880)=""/249, 0xf9, <r7=>0x0, &(0x7f00000006c0)=""/141, 0x8d}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x17, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0xe, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @cgroup_sysctl, r6, 0x8, &(0x7f0000000600)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x9, 0x3ecf, 0x8001}, 0x10, r7, 0xffffffffffffffff, 0x3, &(0x7f0000000a00)=[r5, r6, r5, r4, r6, r3], &(0x7f0000001b00)=[{0x4, 0x1, 0x6}, {0x4, 0x1, 0xc, 0x9}, {0x2, 0x2, 0x8, 0x6}], 0x10, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002040)={0xc, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000300)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x1, 0x3}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
close(r11)
sendmsg$inet(r8, &(0x7f00000021c0)={&(0x7f0000001c00)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001fc0)=[{&(0x7f0000001c40)="426a119f5390c5f3221ed98c8b0000fd2b278b4d2592bce8ba2407c00977c0fd45d1503db90c733e5b1765", 0x2b}, {&(0x7f0000001c80)="9a5626b5c62ca56862f949ab86daa5c3a59b78fc4a20aaeb9f03f2f37a6db6831e9a0530cdfaa468a75dd7305766e8038115f15609e25b9595350dfdcb10bd917b8f12b9bfbadf55266113073039918b882a855769e047b7d4e1ade1f3c57a256a6488d166424b2e6eed031b6b0831c6358db24ebe668c6597e8e159aee5", 0x7e}, {&(0x7f0000001d00)="19a5ca7b960deacd13a7adc1b9b2ffc1cad353bdc90e0922eff114501aa8614548e86acea3c1ba526ee38339ecaaa339cc63d9d40b5e404d9427a077c0803b96a267219362f5f1e552cd64b164a1fef8a3301a0854f6d572bec76160cfdd200af9f93ac202774bad5018a11c9ecf4b38ea366166a855c2468b8ea127e59ee5376d5973af3f7164adf6ae67fced57802bb66df8d8fc25c212220e", 0x9a}, {&(0x7f0000001dc0)="0357a1984d9e3b676368513c34e7c6615971028db84f1e726319014ce32516a7f1a95a38949f49f6e5d7a81dd6c8fa6bb8639d34be9fd1bb501f08", 0x3b}, {&(0x7f0000001e00)="d34e70e165ffe078b2f84dffa500ac4892d5bfdab2261931fb08f7f0bdc5b26c4b", 0x21}, {&(0x7f0000001e40)="2637a6f868939d47af95d4590caf9afff9db0486aa73d959905a5aea768597b56c42c70cbfbefb638db6419819634b152c3da1713de5cf6e2d3688d70923fafe0039ac876fee7451183f393ee492aafcede61273df0896ba52441dc6fa2ee2acf70490421f574f766a50d11405b794713216f37108d7b5e9d62130f43555ef67139a7ea28c683e2b58cb5b3a", 0x8c}, {&(0x7f0000002100)="7ad821bc107376e3ba943b0900000000000000295b735b0e73517c3cfe566bc21311867523a7c0d20791049a5646265a8cf037ae5718afee14deb858e37f1acc790a8d721a72a03a03402fee85bb5b730ce31953da148d786febea29d5b90e1f96df6d4993c04c8ffb3bf7c617dd2153284e54", 0x73}, {&(0x7f0000001f40)="9c44052001bc71ebe61f1fb2a7a00ae5dc02035916043d3b8458ea52b9c3e984cc7623b318528d39fc7912157cddfb2a985ce3ed0398f426b64859de75b757e62ca0709e", 0x44}], 0x8, &(0x7f00000022c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @broadcast}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010101, @loopback}}}, @ip_retopts={{0x5c, 0x0, 0x7, {[@rr={0x7, 0x1b, 0x60, [@private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @multicast2, @broadcast, @multicast2]}, @ra={0x94, 0x4, 0x1}, @generic={0x82, 0xf, "f1de7fad2ea377ca574d0b2e60"}, @noop, @timestamp_prespec={0x44, 0x1c, 0xb7, 0x3, 0x6, [{@dev={0xac, 0x14, 0x14, 0x3f}, 0x7}, {@dev={0xac, 0x14, 0x14, 0x3e}, 0xf}, {@empty, 0x8}]}]}}}], 0xa0}, 0x20040001)
recvmsg$unix(r10, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r12=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000000)=r12, 0x8)
ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x89b0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x40}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYBLOB], 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r13 = socket$kcm(0x21, 0x2, 0x2)
recvmsg$kcm(r13, &(0x7f0000000380)={0x0, 0x77, 0x0}, 0x2001)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)

0s ago: executing program 2 (id=1293):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={0x0, 0x6}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x80044, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4, @perf_bp={0x0, 0x6}, 0x0, 0x2, 0xfffffffe, 0x7, 0x0, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000600000004000000000000070000000000000000000000010500000140b9000000000000010000850200000000000000020000000000004300000000da"], 0x0, 0x52, 0x0, 0x1}, 0x28)
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, 0x0, 0x0)
r1 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000040)={0x5, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffca, 0x1, @perf_config_ext={0xffff88809880e080, 0x80000000}, 0x104010, 0x0, 0x2, 0x0, 0x0, 0x400, 0x1})
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffc86)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
recvmsg(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/69, 0x45}], 0x1, &(0x7f0000000580)=""/207, 0xcf}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="5eaa000000000000711010000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="d8000000180081084e81f782dbebc904021d080006067c09e8fe55a10a0015400800142603600e1208001600014003000000036004fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4b0fea0f0e598a0fa93683f5aeb5cdbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970100", 0xd8}, {&(0x7f0000000100)="fbcc3abf4947704703af4936468edeecd46f3d23a3aeb0ea121a357e078d268b76e3e8300d6902bd129b36edf0da8625a2d6ce9c863838fd57177eb0b0b604ed438757008e4f8696c3b6f057fcf5e9db27be386b5ca061bc8e", 0x59}, {&(0x7f00000001c0)="840ae42e804f4292cc74db19bcb0a1834a57b02908912eb5878ccc13e6e952796ba4ca2aed1e38a09885d1b0d4697aeae6a9661c5f02deff613c34367e5eac83fddbc8280b327824421c4ad62c23391833b83e10515402a31cab089a150d08ffd552c1163322a71418ed43e50e8bf191d01dc29e4c0046c3a2b9ba318e41e2b807b9a6e85978087d4cda511135b928689cc2ea35bde161f6a6883fc208e132387b9616f71b35bf8454fd936d6caf6e7ef06e3bd06a8db3076d81c47e408a3fbd526235370c12c8d033e8550aebdda16edff27b0a73462b803d3b7ffe40cbf6f8f17b1ce5720a0a8b1ef7b0", 0xeb}], 0x3, 0x0, 0x0, 0x6000}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400602, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'wg1\x00', 0x1000})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x4086, 0x0)
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000340)={0x1, &(0x7f0000000300)=[{0x0, 0x2, 0x89, 0x9}]})

kernel console output (not intermixed with test programs):

: 0000200000000000
[  144.281257][ T7099] RDX: 0000000000000000 RSI: ffffffff8db6ef77 RDI: ffffffff8be28d40
[  144.281272][ T7099] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffffff820c48e0
[  144.281285][ T7099] R10: dffffc0000000000 R11: ffffed1006624909 R12: 0000000000000000
[  144.281299][ T7099] R13: 0000200000000000 R14: 0000000000000025 R15: 0000000000000005
[  144.281320][ T7099]  ? __might_fault+0xb0/0x130
[  144.281348][ T7099]  __sys_socketpair+0xb7/0x560
[  144.281378][ T7099]  __x64_sys_socketpair+0x9b/0xb0
[  144.281401][ T7099]  do_syscall_64+0xfa/0x3b0
[  144.281432][ T7099]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.281462][ T7099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.281482][ T7099]  ? clear_bhb_loop+0x60/0xb0
[  144.281508][ T7099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.281528][ T7099] RIP: 0033:0x7f91fdd8e929
[  144.281546][ T7099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.281562][ T7099] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  144.281582][ T7099] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  144.281597][ T7099] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000025
[  144.281609][ T7099] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  144.281622][ T7099] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.281635][ T7099] R13: 0000000000000001 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  144.281668][ T7099]  </TASK>
[  145.551005][ T7127] __nla_validate_parse: 1 callbacks suppressed
[  145.551027][ T7127] netlink: 132 bytes leftover after parsing attributes in process `syz.1.448'.
[  145.623241][ T7131] netlink: 'syz.2.449': attribute type 10 has an invalid length.
[  145.636704][ T7127] netlink: 'syz.1.448': attribute type 46 has an invalid length.
[  145.645900][ T7127] netlink: 55 bytes leftover after parsing attributes in process `syz.1.448'.
[  145.673270][ T7131] netlink: 55 bytes leftover after parsing attributes in process `syz.2.449'.
[  145.770075][ T7135] netlink: 'syz.4.451': attribute type 10 has an invalid length.
[  145.778267][ T7135] netlink: 40 bytes leftover after parsing attributes in process `syz.4.451'.
[  145.820977][ T7135] batadv0: entered promiscuous mode
[  145.826724][ T7135] bridge0: port 3(batadv0) entered blocking state
[  145.835373][ T7135] bridge0: port 3(batadv0) entered disabled state
[  145.847592][ T7135] batadv0: entered allmulticast mode
[  145.870114][ T1150] wlan1: Trigger new scan to find an IBSS to join
[  145.924961][ T7139] FAULT_INJECTION: forcing a failure.
[  145.924961][ T7139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  145.929649][ T7135] bridge0: port 3(batadv0) entered blocking state
[  145.945044][ T7135] bridge0: port 3(batadv0) entered forwarding state
[  145.956324][ T7139] CPU: 0 UID: 0 PID: 7139 Comm: syz.1.453 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  145.956353][ T7139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.956365][ T7139] Call Trace:
[  145.956375][ T7139]  <TASK>
[  145.956386][ T7139]  dump_stack_lvl+0x189/0x250
[  145.956428][ T7139]  ? __pfx____ratelimit+0x10/0x10
[  145.956465][ T7139]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.956503][ T7139]  ? __pfx__printk+0x10/0x10
[  145.956543][ T7139]  ? __might_fault+0xb0/0x130
[  145.956586][ T7139]  should_fail_ex+0x414/0x560
[  145.956632][ T7139]  _copy_to_user+0x31/0xb0
[  145.956666][ T7139]  simple_read_from_buffer+0xe1/0x170
[  145.956707][ T7139]  proc_fail_nth_read+0x1df/0x250
[  145.956757][ T7139]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  145.956798][ T7139]  ? rw_verify_area+0x258/0x650
[  145.956832][ T7139]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  145.956866][ T7139]  vfs_read+0x200/0x980
[  145.956922][ T7139]  ? __pfx___mutex_lock+0x10/0x10
[  145.956959][ T7139]  ? __pfx_vfs_read+0x10/0x10
[  145.957002][ T7139]  ? __fget_files+0x2a/0x420
[  145.957042][ T7139]  ? __fget_files+0x3a0/0x420
[  145.957066][ T7139]  ? __fget_files+0x2a/0x420
[  145.957119][ T7139]  ksys_read+0x145/0x250
[  145.957163][ T7139]  ? __pfx_ksys_read+0x10/0x10
[  145.957218][ T7139]  ? do_syscall_64+0xbe/0x3b0
[  145.957266][ T7139]  do_syscall_64+0xfa/0x3b0
[  145.957304][ T7139]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.957323][ T7139]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  145.957344][ T7139]  ? clear_bhb_loop+0x60/0xb0
[  145.957379][ T7139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.957400][ T7139] RIP: 0033:0x7f91fdd8d33c
[  145.957422][ T7139] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  145.957439][ T7139] RSP: 002b:00007f91fec10030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  145.957461][ T7139] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8d33c
[  145.957476][ T7139] RDX: 000000000000000f RSI: 00007f91fec100a0 RDI: 0000000000000008
[  145.957489][ T7139] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  145.957501][ T7139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.957513][ T7139] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  145.957581][ T7139]  </TASK>
[  146.206506][ T1150] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  146.216039][ T1150] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  147.047112][ T7151] netlink: 'syz.3.458': attribute type 10 has an invalid length.
[  147.342428][ T7164] netlink: 132 bytes leftover after parsing attributes in process `syz.3.464'.
[  147.381172][ T7164] netlink: 'syz.3.464': attribute type 46 has an invalid length.
[  147.394355][ T7164] netlink: 55 bytes leftover after parsing attributes in process `syz.3.464'.
[  147.791134][ T7182] netlink: 'syz.3.469': attribute type 10 has an invalid length.
[  147.813918][ T7180] netlink: 20 bytes leftover after parsing attributes in process `syz.4.471'.
[  147.828979][ T7182] netlink: 55 bytes leftover after parsing attributes in process `syz.3.469'.
[  148.186094][ T7193] 
@0: renamed from bond_slave_0 (while UP)
[  148.560495][ T7204] netlink: 132 bytes leftover after parsing attributes in process `syz.2.479'.
[  148.611906][ T7204] netlink: 'syz.2.479': attribute type 46 has an invalid length.
[  148.658383][ T7204] netlink: 55 bytes leftover after parsing attributes in process `syz.2.479'.
[  148.915693][ T1166] wlan1: Trigger new scan to find an IBSS to join
[  149.052568][ T1150] wlan1: Creating new IBSS network, BSSID 62:ff:41:44:c2:bc
[  149.566753][ T7241] netlink: 'syz.0.492': attribute type 10 has an invalid length.
[  149.692673][ T7239] FAULT_INJECTION: forcing a failure.
[  149.692673][ T7239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.707877][ T7239] CPU: 1 UID: 0 PID: 7239 Comm: syz.1.491 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  149.707906][ T7239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.707920][ T7239] Call Trace:
[  149.707928][ T7239]  <TASK>
[  149.707937][ T7239]  dump_stack_lvl+0x189/0x250
[  149.707976][ T7239]  ? __pfx____ratelimit+0x10/0x10
[  149.708009][ T7239]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.708044][ T7239]  ? __pfx__printk+0x10/0x10
[  149.708072][ T7239]  ? __might_fault+0xb0/0x130
[  149.708102][ T7239]  should_fail_ex+0x414/0x560
[  149.708136][ T7239]  _copy_to_user+0x31/0xb0
[  149.708162][ T7239]  simple_read_from_buffer+0xe1/0x170
[  149.708191][ T7239]  proc_fail_nth_read+0x1df/0x250
[  149.708222][ T7239]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  149.708253][ T7239]  ? rw_verify_area+0x258/0x650
[  149.708285][ T7239]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  149.708313][ T7239]  vfs_read+0x200/0x980
[  149.708354][ T7239]  ? __pfx___mutex_lock+0x10/0x10
[  149.708388][ T7239]  ? __pfx_vfs_read+0x10/0x10
[  149.708424][ T7239]  ? __fget_files+0x2a/0x420
[  149.708468][ T7239]  ? __fget_files+0x3a0/0x420
[  149.708490][ T7239]  ? __fget_files+0x2a/0x420
[  149.708527][ T7239]  ksys_read+0x145/0x250
[  149.708564][ T7239]  ? __pfx_ksys_read+0x10/0x10
[  149.708594][ T7239]  ? rcu_is_watching+0x15/0xb0
[  149.708635][ T7239]  ? do_syscall_64+0xbe/0x3b0
[  149.708677][ T7239]  do_syscall_64+0xfa/0x3b0
[  149.708707][ T7239]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.708737][ T7239]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.708758][ T7239]  ? clear_bhb_loop+0x60/0xb0
[  149.708786][ T7239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.708805][ T7239] RIP: 0033:0x7f91fdd8d33c
[  149.708825][ T7239] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  149.708842][ T7239] RSP: 002b:00007f91febef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  149.708864][ T7239] RAX: ffffffffffffffda RBX: 00007f91fdfb6080 RCX: 00007f91fdd8d33c
[  149.708880][ T7239] RDX: 000000000000000f RSI: 00007f91febef0a0 RDI: 0000000000000006
[  149.708893][ T7239] RBP: 00007f91febef090 R08: 0000000000000000 R09: 0000000000000000
[  149.708905][ T7239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  149.708918][ T7239] R13: 0000000000000001 R14: 00007f91fdfb6080 R15: 00007ffc179b2478
[  149.708956][ T7239]  </TASK>
[  150.104569][ T7245] netlink: 'syz.4.495': attribute type 46 has an invalid length.
[  150.559022][ T7263] __nla_validate_parse: 3 callbacks suppressed
[  150.559043][ T7263] netlink: 132 bytes leftover after parsing attributes in process `syz.1.502'.
[  150.726453][ T7270] FAULT_INJECTION: forcing a failure.
[  150.726453][ T7270] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  150.737549][ T7272] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.506'.
[  150.797114][ T7270] CPU: 1 UID: 0 PID: 7270 Comm: syz.3.505 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  150.797146][ T7270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.797159][ T7270] Call Trace:
[  150.797167][ T7270]  <TASK>
[  150.797176][ T7270]  dump_stack_lvl+0x189/0x250
[  150.797219][ T7270]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.797252][ T7270]  ? __pfx__printk+0x10/0x10
[  150.797283][ T7270]  ? should_fail_ex+0x399/0x560
[  150.797313][ T7270]  should_fail_ex+0x414/0x560
[  150.797344][ T7270]  prepare_alloc_pages+0x213/0x610
[  150.797379][ T7270]  __alloc_frozen_pages_noprof+0x123/0x370
[  150.797411][ T7270]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  150.797450][ T7270]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.797485][ T7270]  ? policy_nodemask+0x27c/0x720
[  150.797506][ T7270]  ? alloc_vmap_area+0xc96/0x1490
[  150.797529][ T7270]  alloc_pages_bulk_noprof+0x560/0x710
[  150.797563][ T7270]  ? alloc_pages_noprof+0xbe/0x190
[  150.797590][ T7270]  kasan_populate_vmalloc+0xba/0x1a0
[  150.797628][ T7270]  alloc_vmap_area+0xd51/0x1490
[  150.797666][ T7270]  ? __pfx_alloc_vmap_area+0x10/0x10
[  150.797687][ T7270]  ? __kasan_kmalloc+0x93/0xb0
[  150.797708][ T7270]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  150.797730][ T7270]  ? __get_vm_area_node+0x13f/0x300
[  150.797750][ T7270]  ? reuseport_array_alloc+0x98/0x130
[  150.797777][ T7270]  __get_vm_area_node+0x1f8/0x300
[  150.797806][ T7270]  __vmalloc_node_range_noprof+0x301/0x12f0
[  150.797830][ T7270]  ? reuseport_array_alloc+0x98/0x130
[  150.797857][ T7270]  ? __pfx_perf_tp_event+0x10/0x10
[  150.797897][ T7270]  ? aa_get_newest_label+0xf7/0x5d0
[  150.797927][ T7270]  ? __pfx_aa_get_newest_label+0x10/0x10
[  150.797958][ T7270]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  150.797980][ T7270]  ? rcu_is_watching+0x15/0xb0
[  150.798016][ T7270]  ? apparmor_capable+0x137/0x1b0
[  150.798053][ T7270]  bpf_map_area_alloc+0x12d/0x180
[  150.798085][ T7270]  ? reuseport_array_alloc+0x98/0x130
[  150.798115][ T7270]  reuseport_array_alloc+0x98/0x130
[  150.798144][ T7270]  map_create+0x903/0x1150
[  150.798177][ T7270]  ? security_bpf+0x7e/0x300
[  150.798204][ T7270]  __sys_bpf+0x67e/0x860
[  150.798234][ T7270]  ? __pfx___sys_bpf+0x10/0x10
[  150.798296][ T7270]  __x64_sys_bpf+0x7c/0x90
[  150.798322][ T7270]  do_syscall_64+0xfa/0x3b0
[  150.798355][ T7270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.798375][ T7270]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  150.798396][ T7270]  ? clear_bhb_loop+0x60/0xb0
[  150.798428][ T7270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.798448][ T7270] RIP: 0033:0x7f9f1658e929
[  150.798467][ T7270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.798485][ T7270] RSP: 002b:00007f9f1739a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  150.798507][ T7270] RAX: ffffffffffffffda RBX: 00007f9f167b5fa0 RCX: 00007f9f1658e929
[  150.798522][ T7270] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 0000000000000000
[  150.798535][ T7270] RBP: 00007f9f1739a090 R08: 0000000000000000 R09: 0000000000000000
[  150.798548][ T7270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.798560][ T7270] R13: 0000000000000000 R14: 00007f9f167b5fa0 R15: 00007fff86e4bae8
[  150.798593][ T7270]  </TASK>
[  151.354443][ T7279] netlink: 132 bytes leftover after parsing attributes in process `syz.2.508'.
[  151.423473][ T7279] netlink: 'syz.2.508': attribute type 46 has an invalid length.
[  151.431692][ T7279] netlink: 55 bytes leftover after parsing attributes in process `syz.2.508'.
[  151.514626][ T7287] netlink: 'syz.0.511': attribute type 10 has an invalid length.
[  151.552095][ T7287] netlink: 55 bytes leftover after parsing attributes in process `syz.0.511'.
[  151.885501][ T7300] FAULT_INJECTION: forcing a failure.
[  151.885501][ T7300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.906200][ T7298] netlink: 164880 bytes leftover after parsing attributes in process `syz.0.515'.
[  151.925788][ T7298] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  151.936529][ T7300] CPU: 0 UID: 0 PID: 7300 Comm: syz.2.517 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  151.936557][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  151.936569][ T7300] Call Trace:
[  151.936578][ T7300]  <TASK>
[  151.936587][ T7300]  dump_stack_lvl+0x189/0x250
[  151.936625][ T7300]  ? __pfx____ratelimit+0x10/0x10
[  151.936656][ T7300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.936690][ T7300]  ? __pfx__printk+0x10/0x10
[  151.936713][ T7300]  ? __might_fault+0xb0/0x130
[  151.936750][ T7300]  should_fail_ex+0x414/0x560
[  151.936783][ T7300]  _copy_from_iter+0x1db/0x16f0
[  151.936820][ T7300]  ? rcu_is_watching+0x15/0xb0
[  151.936854][ T7300]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  151.936878][ T7300]  ? __pfx__copy_from_iter+0x10/0x10
[  151.936910][ T7300]  ? __build_skb_around+0x257/0x3e0
[  151.936939][ T7300]  ? netlink_sendmsg+0x642/0xb30
[  151.936961][ T7300]  ? skb_put+0x11b/0x210
[  151.936990][ T7300]  netlink_sendmsg+0x6b2/0xb30
[  151.937027][ T7300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.937055][ T7300]  ? aa_sock_msg_perm+0x94/0x160
[  151.937086][ T7300]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  151.937113][ T7300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.937139][ T7300]  __sock_sendmsg+0x219/0x270
[  151.937176][ T7300]  ____sys_sendmsg+0x505/0x830
[  151.937211][ T7300]  ? __pfx_____sys_sendmsg+0x10/0x10
[  151.937251][ T7300]  ? import_iovec+0x74/0xa0
[  151.937277][ T7300]  ___sys_sendmsg+0x21f/0x2a0
[  151.937307][ T7300]  ? __pfx____sys_sendmsg+0x10/0x10
[  151.937385][ T7300]  ? __fget_files+0x2a/0x420
[  151.937415][ T7300]  ? __fget_files+0x3a0/0x420
[  151.937454][ T7300]  __x64_sys_sendmsg+0x19b/0x260
[  151.937485][ T7300]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  151.937526][ T7300]  ? __pfx_ksys_write+0x10/0x10
[  151.937542][ T7300]  ? rcu_is_watching+0x15/0xb0
[  151.937582][ T7300]  ? do_syscall_64+0xbe/0x3b0
[  151.937620][ T7300]  do_syscall_64+0xfa/0x3b0
[  151.937651][ T7300]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.937682][ T7300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.937703][ T7300]  ? clear_bhb_loop+0x60/0xb0
[  151.937730][ T7300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.937751][ T7300] RIP: 0033:0x7f6d08f8e929
[  151.937769][ T7300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.937787][ T7300] RSP: 002b:00007f6d09d18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  151.937809][ T7300] RAX: ffffffffffffffda RBX: 00007f6d091b5fa0 RCX: 00007f6d08f8e929
[  151.937825][ T7300] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  151.937838][ T7300] RBP: 00007f6d09d18090 R08: 0000000000000000 R09: 0000000000000000
[  151.937851][ T7300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.937863][ T7300] R13: 0000000000000000 R14: 00007f6d091b5fa0 R15: 00007ffc3feaa128
[  151.937900][ T7300]  </TASK>
[  152.292514][ T7302] netlink: 'syz.3.518': attribute type 1 has an invalid length.
[  153.055635][ T7318] netlink: 132 bytes leftover after parsing attributes in process `syz.4.523'.
[  153.175602][ T7320] netlink: 'syz.4.523': attribute type 46 has an invalid length.
[  153.187912][ T7320] netlink: 55 bytes leftover after parsing attributes in process `syz.4.523'.
[  153.351370][ T7324] netlink: 'syz.3.525': attribute type 10 has an invalid length.
[  153.365069][ T7324] netlink: 55 bytes leftover after parsing attributes in process `syz.3.525'.
[  153.722253][ T7338] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.531'.
[  153.899924][ T7341] netlink: 'syz.3.531': attribute type 21 has an invalid length.
[  153.996407][ T7346] netlink: 'syz.1.533': attribute type 21 has an invalid length.
[  154.007210][ T7346] netlink: 'syz.1.533': attribute type 20 has an invalid length.
[  154.825376][ T7374] validate_nla: 2 callbacks suppressed
[  154.825398][ T7374] netlink: 'syz.4.544': attribute type 21 has an invalid length.
[  155.386248][ T7400] netlink: 'syz.4.553': attribute type 46 has an invalid length.
[  155.656280][ T7408] netlink: 'syz.1.557': attribute type 10 has an invalid length.
[  155.714558][ T7408] __nla_validate_parse: 6 callbacks suppressed
[  155.714579][ T7408] netlink: 55 bytes leftover after parsing attributes in process `syz.1.557'.
[  156.204474][ T7425] syzkaller0: entered allmulticast mode
[  157.096775][ T7440] netlink: 132 bytes leftover after parsing attributes in process `syz.2.569'.
[  157.125352][ T7440] netlink: 'syz.2.569': attribute type 46 has an invalid length.
[  157.178119][ T7440] netlink: 55 bytes leftover after parsing attributes in process `syz.2.569'.
[  157.930313][ T7453] netlink: 'syz.2.573': attribute type 10 has an invalid length.
[  157.948614][ T7453] netlink: 55 bytes leftover after parsing attributes in process `syz.2.573'.
[  158.175658][ T7463] netlink: 'syz.0.576': attribute type 10 has an invalid length.
[  158.235109][ T7456] syzkaller0: entered promiscuous mode
[  158.251433][ T7456] syzkaller0: entered allmulticast mode
[  158.256563][ T7463] netlink: 40 bytes leftover after parsing attributes in process `syz.0.576'.
[  158.432121][ T7473] netlink: 1057 bytes leftover after parsing attributes in process `syz.3.580'.
[  158.460508][ T7469] netlink: 'syz.4.577': attribute type 29 has an invalid length.
[  158.470840][ T7463] ipvlan1: entered promiscuous mode
[  158.481280][ T7463] ipvlan1: entered allmulticast mode
[  158.499678][ T7463] bridge0: port 3(ipvlan1) entered blocking state
[  158.522283][ T7463] bridge0: port 3(ipvlan1) entered disabled state
[  158.554927][ T7463] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  158.913644][ T7482] netlink: 132 bytes leftover after parsing attributes in process `syz.0.583'.
[  158.973513][ T7483] netlink: 'syz.0.583': attribute type 46 has an invalid length.
[  158.981767][ T7483] netlink: 55 bytes leftover after parsing attributes in process `syz.0.583'.
[  161.187586][ T7506] netlink: 'syz.4.589': attribute type 10 has an invalid length.
[  161.218349][ T7503] netlink: 180 bytes leftover after parsing attributes in process `syz.2.591'.
[  161.228965][ T7505] netlink: 'syz.1.590': attribute type 21 has an invalid length.
[  161.238448][ T7506] netlink: 55 bytes leftover after parsing attributes in process `syz.4.589'.
[  161.273082][ T7505] netlink: 'syz.1.590': attribute type 10 has an invalid length.
[  161.300139][ T7505] netlink: 55 bytes leftover after parsing attributes in process `syz.1.590'.
[  161.664297][ T7505] vlan0 (unregistering): left allmulticast mode
[  161.700630][ T7505] vlan0 (unregistering): left promiscuous mode
[  161.724492][ T7505] À: port 1(vlan0) entered disabled state
[  161.765394][ T7523] netlink: 132 bytes leftover after parsing attributes in process `syz.3.596'.
[  161.832770][ T7524] netlink: 'syz.3.596': attribute type 46 has an invalid length.
[  161.853011][ T7524] netlink: 55 bytes leftover after parsing attributes in process `syz.3.596'.
[  161.899519][ T7526] FAULT_INJECTION: forcing a failure.
[  161.899519][ T7526] name failslab, interval 1, probability 0, space 0, times 0
[  161.915222][ T7526] CPU: 0 UID: 0 PID: 7526 Comm: syz.4.597 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  161.915252][ T7526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.915265][ T7526] Call Trace:
[  161.915273][ T7526]  <TASK>
[  161.915282][ T7526]  dump_stack_lvl+0x189/0x250
[  161.915320][ T7526]  ? __pfx____ratelimit+0x10/0x10
[  161.915353][ T7526]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.915387][ T7526]  ? __pfx__printk+0x10/0x10
[  161.915420][ T7526]  ? __pfx___might_resched+0x10/0x10
[  161.915462][ T7526]  should_fail_ex+0x414/0x560
[  161.915497][ T7526]  should_failslab+0xa8/0x100
[  161.915524][ T7526]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  161.915558][ T7526]  ? __d_alloc+0x31/0x6f0
[  161.915594][ T7526]  __d_alloc+0x31/0x6f0
[  161.915643][ T7526]  d_alloc_pseudo+0x1f/0xb0
[  161.915670][ T7526]  alloc_file_pseudo+0xcc/0x210
[  161.915702][ T7526]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  161.915725][ T7526]  ? find_get_pmu_context+0x7cd/0x890
[  161.915771][ T7526]  anon_inode_getfile+0xc5/0x1a0
[  161.915798][ T7526]  __se_sys_perf_event_open+0xf20/0x1d70
[  161.915846][ T7526]  ? __pfx___se_sys_perf_event_open+0x10/0x10
[  161.915895][ T7526]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  161.915926][ T7526]  ? __pfx_ksys_write+0x10/0x10
[  161.915942][ T7526]  ? rcu_is_watching+0x15/0xb0
[  161.915983][ T7526]  ? do_syscall_64+0xbe/0x3b0
[  161.916013][ T7526]  ? __x64_sys_perf_event_open+0x20/0xc0
[  161.916045][ T7526]  do_syscall_64+0xfa/0x3b0
[  161.916074][ T7526]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.916103][ T7526]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.916123][ T7526]  ? clear_bhb_loop+0x60/0xb0
[  161.916150][ T7526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.916169][ T7526] RIP: 0033:0x7f8addf8e929
[  161.916188][ T7526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.916205][ T7526] RSP: 002b:00007f8adee7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  161.916226][ T7526] RAX: ffffffffffffffda RBX: 00007f8ade1b5fa0 RCX: 00007f8addf8e929
[  161.916242][ T7526] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000480
[  161.916255][ T7526] RBP: 00007f8adee7f090 R08: 0000000000000000 R09: 0000000000000000
[  161.916267][ T7526] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  161.916280][ T7526] R13: 0000000000000000 R14: 00007f8ade1b5fa0 R15: 00007fff359792e8
[  161.916317][ T7526]  </TASK>
[  162.665168][ T7540] tap0: tun_chr_ioctl cmd 1074025677
[  162.673154][ T7540] tap0: linktype set to 779
[  163.006792][ T7552] netlink: 'syz.4.605': attribute type 10 has an invalid length.
[  163.033199][ T7552] netlink: 55 bytes leftover after parsing attributes in process `syz.4.605'.
[  163.463291][ T7562] FAULT_INJECTION: forcing a failure.
[  163.463291][ T7562] name failslab, interval 1, probability 0, space 0, times 0
[  163.506389][ T7562] CPU: 1 UID: 0 PID: 7562 Comm: syz.3.610 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  163.506419][ T7562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.506431][ T7562] Call Trace:
[  163.506441][ T7562]  <TASK>
[  163.506452][ T7562]  dump_stack_lvl+0x189/0x250
[  163.506504][ T7562]  ? __pfx____ratelimit+0x10/0x10
[  163.506540][ T7562]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.506579][ T7562]  ? __pfx__printk+0x10/0x10
[  163.506615][ T7562]  ? __pfx___might_resched+0x10/0x10
[  163.506651][ T7562]  ? fs_reclaim_acquire+0x7d/0x100
[  163.506692][ T7562]  should_fail_ex+0x414/0x560
[  163.506736][ T7562]  should_failslab+0xa8/0x100
[  163.506767][ T7562]  __kmalloc_noprof+0xcb/0x4f0
[  163.506789][ T7562]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  163.506841][ T7562]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  163.506900][ T7562]  genl_start+0x180/0x6c0
[  163.506930][ T7562]  ? netlink_lookup+0x30/0x200
[  163.506976][ T7562]  __netlink_dump_start+0x469/0x7e0
[  163.507031][ T7562]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  163.507076][ T7562]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  163.507106][ T7562]  ? genl_get_cmd+0x496/0x910
[  163.507157][ T7562]  ? __pfx_genl_start+0x10/0x10
[  163.507184][ T7562]  ? __pfx_genl_dumpit+0x10/0x10
[  163.507211][ T7562]  ? __pfx_genl_done+0x10/0x10
[  163.507292][ T7562]  genl_rcv_msg+0x5da/0x790
[  163.507347][ T7562]  ? __pfx_genl_rcv_msg+0x10/0x10
[  163.507374][ T7562]  ? ref_tracker_free+0x63a/0x7d0
[  163.507402][ T7562]  ? __pfx_devlink_nl_port_get_dumpit+0x10/0x10
[  163.507436][ T7562]  ? perf_trace_run_bpf_submit+0xee/0x170
[  163.507543][ T7562]  netlink_rcv_skb+0x208/0x470
[  163.507575][ T7562]  ? __pfx_genl_rcv_msg+0x10/0x10
[  163.507615][ T7562]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  163.507697][ T7562]  ? down_read+0x1ad/0x2e0
[  163.507730][ T7562]  genl_rcv+0x28/0x40
[  163.507758][ T7562]  netlink_unicast+0x75b/0x8d0
[  163.507818][ T7562]  netlink_sendmsg+0x805/0xb30
[  163.507876][ T7562]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.507915][ T7562]  ? aa_sock_msg_perm+0x94/0x160
[  163.507951][ T7562]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  163.507978][ T7562]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.508008][ T7562]  __sock_sendmsg+0x219/0x270
[  163.508055][ T7562]  ____sys_sendmsg+0x505/0x830
[  163.508103][ T7562]  ? __pfx_____sys_sendmsg+0x10/0x10
[  163.508160][ T7562]  ? import_iovec+0x74/0xa0
[  163.508197][ T7562]  ___sys_sendmsg+0x21f/0x2a0
[  163.508235][ T7562]  ? __pfx____sys_sendmsg+0x10/0x10
[  163.508330][ T7562]  ? __fget_files+0x2a/0x420
[  163.508394][ T7562]  ? __fget_files+0x2a/0x420
[  163.508416][ T7562]  ? __fget_files+0x3a0/0x420
[  163.508480][ T7562]  __x64_sys_sendmsg+0x19b/0x260
[  163.508515][ T7562]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  163.508568][ T7562]  ? __pfx_ksys_write+0x10/0x10
[  163.508583][ T7562]  ? rcu_is_watching+0x15/0xb0
[  163.508629][ T7562]  ? do_syscall_64+0xbe/0x3b0
[  163.508672][ T7562]  do_syscall_64+0xfa/0x3b0
[  163.508699][ T7562]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.508732][ T7562]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.508754][ T7562]  ? clear_bhb_loop+0x60/0xb0
[  163.508790][ T7562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.508811][ T7562] RIP: 0033:0x7f9f1658e929
[  163.508834][ T7562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.508852][ T7562] RSP: 002b:00007f9f1739a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  163.508874][ T7562] RAX: ffffffffffffffda RBX: 00007f9f167b5fa0 RCX: 00007f9f1658e929
[  163.508889][ T7562] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  163.508902][ T7562] RBP: 00007f9f1739a090 R08: 0000000000000000 R09: 0000000000000000
[  163.508915][ T7562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.508927][ T7562] R13: 0000000000000000 R14: 00007f9f167b5fa0 R15: 00007fff86e4bae8
[  163.508994][ T7562]  </TASK>
[  163.898394][ T7574] netlink: 132 bytes leftover after parsing attributes in process `syz.4.612'.
[  163.981691][ T7575] netlink: 'syz.4.612': attribute type 46 has an invalid length.
[  164.006999][ T7575] netlink: 55 bytes leftover after parsing attributes in process `syz.4.612'.
[  164.164611][ T7580] FAULT_INJECTION: forcing a failure.
[  164.164611][ T7580] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  164.231935][ T7580] CPU: 1 UID: 0 PID: 7580 Comm: syz.1.616 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  164.231964][ T7580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.231977][ T7580] Call Trace:
[  164.231986][ T7580]  <TASK>
[  164.231995][ T7580]  dump_stack_lvl+0x189/0x250
[  164.232034][ T7580]  ? __pfx____ratelimit+0x10/0x10
[  164.232066][ T7580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.232099][ T7580]  ? __pfx__printk+0x10/0x10
[  164.232124][ T7580]  ? fs_reclaim_acquire+0x7d/0x100
[  164.232159][ T7580]  should_fail_ex+0x414/0x560
[  164.232191][ T7580]  prepare_alloc_pages+0x213/0x610
[  164.232225][ T7580]  __alloc_frozen_pages_noprof+0x123/0x370
[  164.232257][ T7580]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  164.232305][ T7580]  alloc_pages_bulk_noprof+0x560/0x710
[  164.232338][ T7580]  ? alloc_pages_noprof+0xbe/0x190
[  164.232364][ T7580]  kasan_populate_vmalloc+0xba/0x1a0
[  164.232401][ T7580]  alloc_vmap_area+0xd51/0x1490
[  164.232439][ T7580]  ? __pfx_alloc_vmap_area+0x10/0x10
[  164.232459][ T7580]  ? __kasan_kmalloc+0x93/0xb0
[  164.232480][ T7580]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  164.232502][ T7580]  ? __get_vm_area_node+0x13f/0x300
[  164.232521][ T7580]  ? reuseport_array_alloc+0x98/0x130
[  164.232548][ T7580]  __get_vm_area_node+0x1f8/0x300
[  164.232576][ T7580]  __vmalloc_node_range_noprof+0x301/0x12f0
[  164.232600][ T7580]  ? reuseport_array_alloc+0x98/0x130
[  164.232645][ T7580]  ? aa_get_newest_label+0xf7/0x5d0
[  164.232675][ T7580]  ? __pfx_aa_get_newest_label+0x10/0x10
[  164.232712][ T7580]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  164.232735][ T7580]  ? rcu_is_watching+0x15/0xb0
[  164.232771][ T7580]  ? apparmor_capable+0x137/0x1b0
[  164.232808][ T7580]  bpf_map_area_alloc+0x12d/0x180
[  164.232840][ T7580]  ? reuseport_array_alloc+0x98/0x130
[  164.232870][ T7580]  reuseport_array_alloc+0x98/0x130
[  164.232899][ T7580]  map_create+0x903/0x1150
[  164.232931][ T7580]  ? security_bpf+0x7e/0x300
[  164.232958][ T7580]  __sys_bpf+0x67e/0x860
[  164.232988][ T7580]  ? __pfx___sys_bpf+0x10/0x10
[  164.233030][ T7580]  ? ksys_write+0x22a/0x250
[  164.233052][ T7580]  ? __pfx_ksys_write+0x10/0x10
[  164.233069][ T7580]  ? rcu_is_watching+0x15/0xb0
[  164.233110][ T7580]  __x64_sys_bpf+0x7c/0x90
[  164.233136][ T7580]  do_syscall_64+0xfa/0x3b0
[  164.233167][ T7580]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.233198][ T7580]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.233218][ T7580]  ? clear_bhb_loop+0x60/0xb0
[  164.233245][ T7580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.233265][ T7580] RIP: 0033:0x7f91fdd8e929
[  164.233284][ T7580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.233301][ T7580] RSP: 002b:00007f91febef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  164.233323][ T7580] RAX: ffffffffffffffda RBX: 00007f91fdfb6080 RCX: 00007f91fdd8e929
[  164.233338][ T7580] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 0000000000000000
[  164.233352][ T7580] RBP: 00007f91febef090 R08: 0000000000000000 R09: 0000000000000000
[  164.233364][ T7580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.233376][ T7580] R13: 0000000000000000 R14: 00007f91fdfb6080 R15: 00007ffc179b2478
[  164.233410][ T7580]  </TASK>
[  164.619857][ T7583] delete_channel: no stack
[  164.624543][ T7583] delete_channel: no stack
[  164.648637][ T7589] netlink: 'syz.0.618': attribute type 2 has an invalid length.
[  164.657332][ T7589] netlink: 'syz.0.618': attribute type 1 has an invalid length.
[  164.666686][ T7589] netlink: 151148 bytes leftover after parsing attributes in process `syz.0.618'.
[  164.676365][ T7589] nbd: must specify at least one socket
[  164.860777][ T7592] netlink: 'syz.1.620': attribute type 10 has an invalid length.
[  164.883602][ T7592] netlink: 55 bytes leftover after parsing attributes in process `syz.1.620'.
[  165.453166][ T7610] netlink: 'syz.1.629': attribute type 46 has an invalid length.
[  166.222615][ T7631] validate_nla: 2 callbacks suppressed
[  166.222638][ T7631] netlink: 'syz.1.635': attribute type 25 has an invalid length.
[  166.304506][ T7633] netlink: 'syz.4.637': attribute type 2 has an invalid length.
[  166.322927][ T7633] netlink: 'syz.4.637': attribute type 1 has an invalid length.
[  166.350889][ T7633] __nla_validate_parse: 7 callbacks suppressed
[  166.350907][ T7633] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.637'.
[  166.381938][ T7633] nbd: illegal input index 65540
[  166.614070][ T7643] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  166.624542][ T7639] netlink: 132 bytes leftover after parsing attributes in process `syz.4.640'.
[  166.693009][ T7647] netlink: 'syz.4.640': attribute type 46 has an invalid length.
[  166.724571][ T7647] netlink: 55 bytes leftover after parsing attributes in process `syz.4.640'.
[  167.156960][ T7664] netlink: 'syz.0.648': attribute type 10 has an invalid length.
[  167.211324][ T7664] netlink: 55 bytes leftover after parsing attributes in process `syz.0.648'.
[  167.213840][ T7667] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.649'.
[  168.569054][ T7696] netlink: 132 bytes leftover after parsing attributes in process `syz.4.656'.
[  168.641833][ T7693] netlink: 'syz.4.656': attribute type 46 has an invalid length.
[  168.650509][ T7693] netlink: 55 bytes leftover after parsing attributes in process `syz.4.656'.
[  169.153714][ T7716] netlink: 'syz.0.663': attribute type 10 has an invalid length.
[  169.187834][ T7716] netlink: 55 bytes leftover after parsing attributes in process `syz.0.663'.
[  169.626446][ T7735] netlink: 132 bytes leftover after parsing attributes in process `syz.4.672'.
[  169.718002][ T7735] netlink: 'syz.4.672': attribute type 46 has an invalid length.
[  169.727448][ T7735] netlink: 55 bytes leftover after parsing attributes in process `syz.4.672'.
[  170.216649][ T7760] netlink: 'syz.4.679': attribute type 10 has an invalid length.
[  170.220897][ T7759] netlink: 'syz.3.680': attribute type 10 has an invalid length.
[  170.249010][ T7760] bridge0: port 4(ipvlan1) entered blocking state
[  170.256014][ T7760] bridge0: port 4(ipvlan1) entered disabled state
[  170.302846][ T7760] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  170.892963][ T7764] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode
[  170.907057][ T7764] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  171.128831][ T7764] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  171.294423][ T7779] validate_nla: 2 callbacks suppressed
[  171.294444][ T7779] netlink: 'syz.1.689': attribute type 46 has an invalid length.
[  171.341100][ T7781] FAULT_INJECTION: forcing a failure.
[  171.341100][ T7781] name failslab, interval 1, probability 0, space 0, times 0
[  171.366549][ T7779] __nla_validate_parse: 7 callbacks suppressed
[  171.366572][ T7779] netlink: 55 bytes leftover after parsing attributes in process `syz.1.689'.
[  171.388039][ T7781] CPU: 1 UID: 0 PID: 7781 Comm: syz.4.690 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  171.388069][ T7781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.388082][ T7781] Call Trace:
[  171.388094][ T7781]  <TASK>
[  171.388106][ T7781]  dump_stack_lvl+0x189/0x250
[  171.388154][ T7781]  ? __pfx____ratelimit+0x10/0x10
[  171.388196][ T7781]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.388239][ T7781]  ? __pfx__printk+0x10/0x10
[  171.388286][ T7781]  ? __pfx___might_resched+0x10/0x10
[  171.388323][ T7781]  ? fs_reclaim_acquire+0x7d/0x100
[  171.388383][ T7781]  should_fail_ex+0x414/0x560
[  171.388449][ T7781]  should_failslab+0xa8/0x100
[  171.388489][ T7781]  __kmalloc_noprof+0xcb/0x4f0
[  171.388515][ T7781]  ? tomoyo_encode+0x28b/0x550
[  171.388578][ T7781]  tomoyo_encode+0x28b/0x550
[  171.388651][ T7781]  tomoyo_realpath_from_path+0x58d/0x5d0
[  171.388699][ T7781]  ? tomoyo_domain+0xd9/0x130
[  171.388771][ T7781]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  171.388807][ T7781]  tomoyo_path_number_perm+0x1e8/0x5a0
[  171.388855][ T7781]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  171.388908][ T7781]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  171.389138][ T7781]  ? __fget_files+0x2a/0x420
[  171.389187][ T7781]  ? __fget_files+0x2a/0x420
[  171.389216][ T7781]  ? __fget_files+0x3a0/0x420
[  171.389242][ T7781]  ? __fget_files+0x2a/0x420
[  171.389298][ T7781]  security_file_ioctl+0xcb/0x2d0
[  171.389344][ T7781]  __se_sys_ioctl+0x47/0x170
[  171.389400][ T7781]  do_syscall_64+0xfa/0x3b0
[  171.389433][ T7781]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.389469][ T7781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.389494][ T7781]  ? clear_bhb_loop+0x60/0xb0
[  171.389541][ T7781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.389562][ T7781] RIP: 0033:0x7f8addf8e929
[  171.389587][ T7781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.389604][ T7781] RSP: 002b:00007f8adee7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  171.389626][ T7781] RAX: ffffffffffffffda RBX: 00007f8ade1b5fa0 RCX: 00007f8addf8e929
[  171.389641][ T7781] RDX: 0000200000000280 RSI: 0000000000008914 RDI: 0000000000000006
[  171.389654][ T7781] RBP: 00007f8adee7f090 R08: 0000000000000000 R09: 0000000000000000
[  171.389666][ T7781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.389678][ T7781] R13: 0000000000000000 R14: 00007f8ade1b5fa0 R15: 00007fff359792e8
[  171.389780][ T7781]  </TASK>
[  171.787255][ T7781] ERROR: Out of memory at tomoyo_realpath_from_path.
[  171.828845][ T7787] netlink: 'syz.0.692': attribute type 10 has an invalid length.
[  171.836733][ T7787] netlink: 40 bytes leftover after parsing attributes in process `syz.0.692'.
[  171.847611][ T7781] wg2: entered allmulticast mode
[  172.175138][ T7798] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  172.202572][ T7796] netlink: 'syz.3.696': attribute type 10 has an invalid length.
[  172.245448][ T7796] netlink: 55 bytes leftover after parsing attributes in process `syz.3.696'.
[  172.608107][ T7819] netlink: 132 bytes leftover after parsing attributes in process `syz.0.705'.
[  172.652479][ T7819] netlink: 'syz.0.705': attribute type 46 has an invalid length.
[  172.667069][ T7819] netlink: 55 bytes leftover after parsing attributes in process `syz.0.705'.
[  172.719347][ T7824] FAULT_INJECTION: forcing a failure.
[  172.719347][ T7824] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  172.751171][ T7824] CPU: 0 UID: 0 PID: 7824 Comm: syz.1.707 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  172.751202][ T7824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.751214][ T7824] Call Trace:
[  172.751223][ T7824]  <TASK>
[  172.751232][ T7824]  dump_stack_lvl+0x189/0x250
[  172.751271][ T7824]  ? __pfx____ratelimit+0x10/0x10
[  172.751303][ T7824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.751335][ T7824]  ? __pfx__printk+0x10/0x10
[  172.751359][ T7824]  ? fs_reclaim_acquire+0x7d/0x100
[  172.751392][ T7824]  should_fail_ex+0x414/0x560
[  172.751423][ T7824]  prepare_alloc_pages+0x213/0x610
[  172.751457][ T7824]  __alloc_frozen_pages_noprof+0x123/0x370
[  172.751488][ T7824]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  172.751520][ T7824]  ? __pfx_perf_trace_lock+0x10/0x10
[  172.751558][ T7824]  ? policy_nodemask+0x27c/0x720
[  172.751576][ T7824]  ? do_raw_spin_lock+0x121/0x290
[  172.751600][ T7824]  ? __pud_alloc+0x1db/0x260
[  172.751634][ T7824]  alloc_pages_mpol+0x232/0x4a0
[  172.751662][ T7824]  alloc_pages_noprof+0xa9/0x190
[  172.751686][ T7824]  __pmd_alloc+0x3a/0x3b0
[  172.751721][ T7824]  __handle_mm_fault+0xa63/0x5620
[  172.751765][ T7824]  ? mt_find+0x46f/0x5f0
[  172.751822][ T7824]  ? __pfx___handle_mm_fault+0x10/0x10
[  172.751876][ T7824]  ? find_vma+0xe7/0x160
[  172.751895][ T7824]  ? __pfx_find_vma+0x10/0x10
[  172.751917][ T7824]  handle_mm_fault+0x40a/0x8e0
[  172.751962][ T7824]  do_user_addr_fault+0x764/0x1390
[  172.752009][ T7824]  exc_page_fault+0x76/0xf0
[  172.752036][ T7824]  ? __might_fault+0xb0/0x130
[  172.752058][ T7824]  asm_exc_page_fault+0x26/0x30
[  172.752079][ T7824] RIP: 0010:__put_user_4+0xd/0x20
[  172.752109][ T7824] Code: 66 89 01 31 c9 0f 01 ca e9 40 3b 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 17 3b 03 00 90 90 90 90 90 90 90 90 90 90
[  172.752126][ T7824] RSP: 0018:ffffc90002f17e50 EFLAGS: 00050206
[  172.752146][ T7824] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000200000000000
[  172.752160][ T7824] RDX: 0000000000000000 RSI: ffffffff8db6ef77 RDI: ffffffff8be28d40
[  172.752174][ T7824] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffffff820c48e0
[  172.752187][ T7824] R10: dffffc0000000000 R11: ffffed100674c181 R12: 0000000000000000
[  172.752200][ T7824] R13: 0000200000000000 R14: 0000000000000025 R15: 0000000000000005
[  172.752221][ T7824]  ? __might_fault+0xb0/0x130
[  172.752251][ T7824]  __sys_socketpair+0xb7/0x560
[  172.752282][ T7824]  __x64_sys_socketpair+0x9b/0xb0
[  172.752304][ T7824]  do_syscall_64+0xfa/0x3b0
[  172.752333][ T7824]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.752362][ T7824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.752381][ T7824]  ? clear_bhb_loop+0x60/0xb0
[  172.752405][ T7824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.752424][ T7824] RIP: 0033:0x7f91fdd8e929
[  172.752442][ T7824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.752458][ T7824] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  172.752479][ T7824] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  172.752493][ T7824] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000025
[  172.752505][ T7824] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  172.752517][ T7824] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.752530][ T7824] R13: 0000000000000001 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  172.752562][ T7824]  </TASK>
[  173.393862][ T7844] netlink: 'syz.3.714': attribute type 10 has an invalid length.
[  173.401846][ T7844] netlink: 55 bytes leftover after parsing attributes in process `syz.3.714'.
[  173.712561][ T7852] netlink: 'syz.1.718': attribute type 10 has an invalid length.
[  174.034540][ T7863] netlink: 132 bytes leftover after parsing attributes in process `syz.4.723'.
[  174.127855][ T7865] netlink: 'syz.4.723': attribute type 46 has an invalid length.
[  174.141138][ T7848] syz.0.717 (7848) used greatest stack depth: 19960 bytes left
[  174.152636][ T7865] netlink: 55 bytes leftover after parsing attributes in process `syz.4.723'.
[  174.176862][ T7868] netlink: 'syz.1.725': attribute type 10 has an invalid length.
[  174.227009][ T7868] netlink: 55 bytes leftover after parsing attributes in process `syz.1.725'.
[  174.758621][ T7893] netlink: 'syz.0.732': attribute type 10 has an invalid length.
[  174.766831][ T7893] netlink: 40 bytes leftover after parsing attributes in process `syz.0.732'.
[  176.466470][ T7893] bridge0: port 3(ipvlan1) entered blocking state
[  176.499947][ T7893] bridge0: port 3(ipvlan1) entered disabled state
[  176.530973][ T7893] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  176.693480][ T7898] netlink: 'syz.3.734': attribute type 21 has an invalid length.
[  176.714608][ T7898] netlink: 168 bytes leftover after parsing attributes in process `syz.3.734'.
[  176.817426][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  176.863722][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  176.892322][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  176.911278][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  176.928943][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  177.012442][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  177.043008][ T7903] Dead loop on virtual device ip6_vti0, fix it urgently!
[  177.102321][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  177.165370][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  177.248342][ T7904] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.737'.
[  177.351228][ T7909] netlink: 'syz.1.738': attribute type 10 has an invalid length.
[  177.494872][ T7915] netlink: 'syz.2.739': attribute type 46 has an invalid length.
[  177.840651][ T7930] FAULT_INJECTION: forcing a failure.
[  177.840651][ T7930] name failslab, interval 1, probability 0, space 0, times 0
[  177.853505][ T7930] CPU: 0 UID: 0 PID: 7930 Comm: syz.1.745 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  177.853532][ T7930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  177.853545][ T7930] Call Trace:
[  177.853553][ T7930]  <TASK>
[  177.853562][ T7930]  dump_stack_lvl+0x189/0x250
[  177.853608][ T7930]  ? __pfx____ratelimit+0x10/0x10
[  177.853640][ T7930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.853673][ T7930]  ? __pfx__printk+0x10/0x10
[  177.853702][ T7930]  ? ref_tracker_alloc+0x318/0x460
[  177.853734][ T7930]  should_fail_ex+0x414/0x560
[  177.853765][ T7930]  should_failslab+0xa8/0x100
[  177.853790][ T7930]  kmem_cache_alloc_noprof+0x73/0x3c0
[  177.853823][ T7930]  ? skb_clone+0x212/0x3a0
[  177.853856][ T7930]  skb_clone+0x212/0x3a0
[  177.853888][ T7930]  __netlink_deliver_tap+0x404/0x850
[  177.853926][ T7930]  ? netlink_deliver_tap+0x2e/0x1b0
[  177.853951][ T7930]  netlink_deliver_tap+0x19c/0x1b0
[  177.853977][ T7930]  netlink_unicast+0x72f/0x8d0
[  177.854011][ T7930]  netlink_sendmsg+0x805/0xb30
[  177.854046][ T7930]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.854075][ T7930]  ? aa_sock_msg_perm+0x94/0x160
[  177.854104][ T7930]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  177.854131][ T7930]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.854157][ T7930]  __sock_sendmsg+0x219/0x270
[  177.854194][ T7930]  ____sys_sendmsg+0x505/0x830
[  177.854228][ T7930]  ? __pfx_____sys_sendmsg+0x10/0x10
[  177.854265][ T7930]  ? import_iovec+0x74/0xa0
[  177.854290][ T7930]  ___sys_sendmsg+0x21f/0x2a0
[  177.854320][ T7930]  ? __pfx____sys_sendmsg+0x10/0x10
[  177.854389][ T7930]  ? __fget_files+0x2a/0x420
[  177.854412][ T7930]  ? __fget_files+0x3a0/0x420
[  177.854446][ T7930]  __x64_sys_sendmsg+0x19b/0x260
[  177.854475][ T7930]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  177.854513][ T7930]  ? __pfx_ksys_write+0x10/0x10
[  177.854530][ T7930]  ? rcu_is_watching+0x15/0xb0
[  177.854568][ T7930]  ? do_syscall_64+0xbe/0x3b0
[  177.854614][ T7930]  do_syscall_64+0xfa/0x3b0
[  177.854645][ T7930]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.854675][ T7930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.854696][ T7930]  ? clear_bhb_loop+0x60/0xb0
[  177.854721][ T7930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.854740][ T7930] RIP: 0033:0x7f91fdd8e929
[  177.854759][ T7930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.854775][ T7930] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  177.854797][ T7930] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  177.854811][ T7930] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  177.854825][ T7930] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  177.854837][ T7930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.854849][ T7930] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  177.854882][ T7930]  </TASK>
[  178.161831][ T7932] netlink: 'syz.2.746': attribute type 10 has an invalid length.
[  178.207181][ T7932] dummy0: entered promiscuous mode
[  178.225566][ T7932] bridge0: port 3(dummy0) entered blocking state
[  178.275116][ T7932] bridge0: port 3(dummy0) entered disabled state
[  178.286034][ T7932] dummy0: entered allmulticast mode
[  178.294168][ T7932] bridge0: port 3(dummy0) entered blocking state
[  178.300718][ T7932] bridge0: port 3(dummy0) entered forwarding state
[  178.426404][ T7939] netlink: 'syz.0.747': attribute type 10 has an invalid length.
[  178.436250][ T7939] bridge0: port 3(ipvlan1) entered blocking state
[  178.443778][ T7939] bridge0: port 3(ipvlan1) entered disabled state
[  178.464498][ T7939] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  178.952246][ T7952] syzkaller1: tun_chr_ioctl cmd 1074812118
[  178.999957][ T7955] netlink: 'syz.4.752': attribute type 10 has an invalid length.
[  179.003147][ T7952] syzkaller1: tun_chr_ioctl cmd 1074025673
[  179.240636][ T7961] netlink: 'syz.3.756': attribute type 46 has an invalid length.
[  179.317818][ T7965] netlink: 'syz.0.759': attribute type 21 has an invalid length.
[  180.127622][ T7984] netlink: 'syz.1.765': attribute type 10 has an invalid length.
[  181.151280][ T8005] netlink: 'syz.0.772': attribute type 46 has an invalid length.
[  181.719757][ T8023] netlink: 'syz.3.779': attribute type 10 has an invalid length.
[  181.736059][ T8023] __nla_validate_parse: 40 callbacks suppressed
[  181.736099][ T8023] netlink: 40 bytes leftover after parsing attributes in process `syz.3.779'.
[  181.778619][ T8023] ipvlan1: entered promiscuous mode
[  181.784064][ T8023] ipvlan1: entered allmulticast mode
[  181.798295][ T8023] veth0_vlan: entered allmulticast mode
[  181.827309][ T8023] bridge0: port 3(ipvlan1) entered blocking state
[  181.838848][ T8023] bridge0: port 3(ipvlan1) entered disabled state
[  182.403297][ T8023] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  182.872740][ T8035] netlink: 'syz.0.782': attribute type 16 has an invalid length.
[  182.883386][ T8035] netlink: 16 bytes leftover after parsing attributes in process `syz.0.782'.
[  183.061806][ T8046] netlink: 132 bytes leftover after parsing attributes in process `syz.1.786'.
[  183.076325][ T8045] netlink: 132 bytes leftover after parsing attributes in process `syz.2.787'.
[  183.150578][ T8046] netlink: 'syz.1.786': attribute type 46 has an invalid length.
[  183.172557][ T8045] netlink: 'syz.2.787': attribute type 46 has an invalid length.
[  183.194119][ T8046] netlink: 55 bytes leftover after parsing attributes in process `syz.1.786'.
[  183.208975][ T8045] netlink: 55 bytes leftover after parsing attributes in process `syz.2.787'.
[  183.222682][ T8049] netlink: 144 bytes leftover after parsing attributes in process `syz.3.788'.
[  183.582023][ T8054] netlink: 'syz.1.790': attribute type 21 has an invalid length.
[  183.594787][ T8054] netlink: 168 bytes leftover after parsing attributes in process `syz.1.790'.
[  183.677129][ T8052] Dead loop on virtual device ip6_vti0, fix it urgently!
[  183.727415][ T8058] netlink: 132 bytes leftover after parsing attributes in process `syz.0.801'.
[  183.746034][ T8060] syzkaller1: tun_chr_ioctl cmd 1074812118
[  183.776336][ T8058] netlink: 'syz.0.801': attribute type 46 has an invalid length.
[  183.785931][ T8060] syzkaller1: tun_chr_ioctl cmd 1074025673
[  183.825507][ T8058] netlink: 55 bytes leftover after parsing attributes in process `syz.0.801'.
[  184.308599][ T8075] netlink: 'syz.0.796': attribute type 10 has an invalid length.
[  184.318293][ T8075] bridge0: port 3(ipvlan1) entered blocking state
[  184.325146][ T8075] bridge0: port 3(ipvlan1) entered disabled state
[  184.339279][ T8075] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  185.096314][ T8088] netlink: 'syz.0.800': attribute type 46 has an invalid length.
[  185.551527][ T8101] netlink: 'syz.4.805': attribute type 21 has an invalid length.
[  185.902101][ T8106] Dead loop on virtual device ip6_vti0, fix it urgently!
[  186.708995][ T8123] netlink: 'syz.4.815': attribute type 46 has an invalid length.
[  186.757051][ T8123] __nla_validate_parse: 6 callbacks suppressed
[  186.757070][ T8123] netlink: 55 bytes leftover after parsing attributes in process `syz.4.815'.
[  186.958117][ T8130] netlink: 144 bytes leftover after parsing attributes in process `syz.2.818'.
[  187.143214][ T8141] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  187.144062][ T8142] netlink: 132 bytes leftover after parsing attributes in process `syz.1.829'.
[  187.185049][ T8138] netlink: 'syz.1.829': attribute type 46 has an invalid length.
[  187.193217][ T8138] netlink: 55 bytes leftover after parsing attributes in process `syz.1.829'.
[  187.299867][ T8144] netlink: 'syz.4.821': attribute type 10 has an invalid length.
[  187.363103][ T8144] netlink: 55 bytes leftover after parsing attributes in process `syz.4.821'.
[  187.893490][ T8152] netlink: 'syz.1.823': attribute type 21 has an invalid length.
[  188.563710][ T8170] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  188.586328][ T8174] tap0: tun_chr_ioctl cmd 1074025677
[  188.592823][ T8174] tap0: linktype set to 779
[  188.626297][ T8174] tap0: tun_chr_ioctl cmd 1074025680
[  188.723011][ T8176] netlink: 'syz.4.832': attribute type 10 has an invalid length.
[  188.764153][ T8176] netlink: 55 bytes leftover after parsing attributes in process `syz.4.832'.
[  188.774800][ T8180] netlink: 132 bytes leftover after parsing attributes in process `syz.1.834'.
[  188.846429][ T8180] netlink: 'syz.1.834': attribute type 46 has an invalid length.
[  188.893751][ T8180] netlink: 55 bytes leftover after parsing attributes in process `syz.1.834'.
[  189.065501][ T8183] netlink: 144 bytes leftover after parsing attributes in process `syz.2.836'.
[  189.084591][ T8185] netlink: 'syz.4.838': attribute type 10 has an invalid length.
[  189.096289][ T8185] netlink: 55 bytes leftover after parsing attributes in process `syz.4.838'.
[  189.320459][ T8185] vlan0 (unregistering): left allmulticast mode
[  189.326801][ T8185] vlan0 (unregistering): left promiscuous mode
[  189.399585][ T8194] netlink: 'syz.1.839': attribute type 46 has an invalid length.
[  189.425987][ T8185] À: port 1(vlan0) entered disabled state
[  190.833087][ T1166] wlan1: Trigger new scan to find an IBSS to join
[  191.023267][ T8223] netlink: 'syz.0.846': attribute type 10 has an invalid length.
[  191.148224][ T8225] netlink: 'syz.3.849': attribute type 46 has an invalid length.
[  191.555522][ T8242] netlink: 'syz.4.864': attribute type 10 has an invalid length.
[  191.609232][ T8242] bridge0: port 4(ipvlan1) entered blocking state
[  191.669559][ T8242] bridge0: port 4(ipvlan1) entered disabled state
[  191.716756][ T8242] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  192.296019][ T8260] __nla_validate_parse: 7 callbacks suppressed
[  192.296041][ T8260] netlink: 132 bytes leftover after parsing attributes in process `syz.0.859'.
[  192.340791][ T8261] netlink: 'syz.3.858': attribute type 21 has an invalid length.
[  192.354436][ T8261] netlink: 'syz.3.858': attribute type 6 has an invalid length.
[  192.854925][ T8267] netlink: 'syz.0.862': attribute type 10 has an invalid length.
[  192.963559][ T8267] netlink: 40 bytes leftover after parsing attributes in process `syz.0.862'.
[  193.076476][ T8269] netlink: 'syz.1.863': attribute type 10 has an invalid length.
[  193.113995][ T8267] bridge0: port 3(ipvlan1) entered blocking state
[  193.141024][ T8269] netlink: 55 bytes leftover after parsing attributes in process `syz.1.863'.
[  193.201998][ T8267] bridge0: port 3(ipvlan1) entered disabled state
[  193.345055][ T8267] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  193.496117][ T8274] netlink: 132 bytes leftover after parsing attributes in process `syz.2.865'.
[  193.688606][ T8274] netlink: 'syz.2.865': attribute type 46 has an invalid length.
[  193.696617][ T8274] netlink: 55 bytes leftover after parsing attributes in process `syz.2.865'.
[  194.034818][ T8281] FAULT_INJECTION: forcing a failure.
[  194.034818][ T8281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.087238][ T8281] CPU: 0 UID: 0 PID: 8281 Comm: syz.1.868 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  194.087270][ T8281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  194.087284][ T8281] Call Trace:
[  194.087300][ T8281]  <TASK>
[  194.087318][ T8281]  dump_stack_lvl+0x189/0x250
[  194.087389][ T8281]  ? __pfx____ratelimit+0x10/0x10
[  194.087451][ T8281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  194.087509][ T8281]  ? __pfx__printk+0x10/0x10
[  194.087562][ T8281]  ? __might_fault+0xb0/0x130
[  194.087629][ T8281]  ? __might_fault+0xb0/0x130
[  194.087725][ T8281]  should_fail_ex+0x414/0x560
[  194.087823][ T8281]  _copy_from_user+0x2d/0xb0
[  194.087873][ T8281]  __sys_bpf+0x1ed/0x860
[  194.087959][ T8281]  ? __pfx___sys_bpf+0x10/0x10
[  194.088129][ T8281]  ? ksys_write+0x22a/0x250
[  194.088193][ T8281]  ? __pfx_ksys_write+0x10/0x10
[  194.088215][ T8281]  ? rcu_is_watching+0x15/0xb0
[  194.088353][ T8281]  __x64_sys_bpf+0x7c/0x90
[  194.088417][ T8281]  do_syscall_64+0xfa/0x3b0
[  194.088451][ T8281]  ? lockdep_hardirqs_on+0x9c/0x150
[  194.088496][ T8281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.088522][ T8281]  ? clear_bhb_loop+0x60/0xb0
[  194.088589][ T8281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.088616][ T8281] RIP: 0033:0x7f91fdd8e929
[  194.088655][ T8281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.088674][ T8281] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  194.088701][ T8281] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  194.088716][ T8281] RDX: 0000000000000048 RSI: 00002000000000c0 RDI: 0000000000000000
[  194.088731][ T8281] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  194.088743][ T8281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.088756][ T8281] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  194.088939][ T8281]  </TASK>
[  194.316419][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.323259][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.918309][   T12] wlan1: Trigger new scan to find an IBSS to join
[  195.102833][ T8303] tap0: tun_chr_ioctl cmd 1074025677
[  195.108820][ T8303] tap0: linktype set to 779
[  195.786373][ T8316] netlink: 'syz.3.878': attribute type 10 has an invalid length.
[  195.807106][ T8316] netlink: 55 bytes leftover after parsing attributes in process `syz.3.878'.
[  195.927870][ T8320] netlink: 'syz.2.879': attribute type 10 has an invalid length.
[  195.935750][ T8320] netlink: 40 bytes leftover after parsing attributes in process `syz.2.879'.
[  196.224738][ T8323] netlink: 132 bytes leftover after parsing attributes in process `syz.1.881'.
[  196.306186][ T8328] netlink: 'syz.1.881': attribute type 46 has an invalid length.
[  196.314741][ T8328] netlink: 55 bytes leftover after parsing attributes in process `syz.1.881'.
[  196.639049][ T8340] FAULT_INJECTION: forcing a failure.
[  196.639049][ T8340] name failslab, interval 1, probability 0, space 0, times 0
[  196.659953][ T8343] FAULT_INJECTION: forcing a failure.
[  196.659953][ T8343] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  196.677123][ T8340] CPU: 0 UID: 0 PID: 8340 Comm: syz.0.887 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  196.677150][ T8340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  196.677162][ T8340] Call Trace:
[  196.677171][ T8340]  <TASK>
[  196.677181][ T8340]  dump_stack_lvl+0x189/0x250
[  196.677220][ T8340]  ? __pfx____ratelimit+0x10/0x10
[  196.677252][ T8340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  196.677288][ T8340]  ? __pfx__printk+0x10/0x10
[  196.677333][ T8340]  ? __pfx___might_resched+0x10/0x10
[  196.677387][ T8340]  should_fail_ex+0x414/0x560
[  196.677433][ T8340]  should_failslab+0xa8/0x100
[  196.677464][ T8340]  __kmalloc_cache_noprof+0x70/0x3d0
[  196.677487][ T8340]  ? genl_start+0x1c9/0x6c0
[  196.677534][ T8340]  genl_start+0x1c9/0x6c0
[  196.677564][ T8340]  ? netlink_lookup+0x30/0x200
[  196.677608][ T8340]  __netlink_dump_start+0x469/0x7e0
[  196.677660][ T8340]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  196.677706][ T8340]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  196.677736][ T8340]  ? genl_get_cmd+0x496/0x910
[  196.677786][ T8340]  ? __pfx_genl_start+0x10/0x10
[  196.677812][ T8340]  ? __pfx_genl_dumpit+0x10/0x10
[  196.677839][ T8340]  ? __pfx_genl_done+0x10/0x10
[  196.677917][ T8340]  genl_rcv_msg+0x5da/0x790
[  196.677998][ T8340]  ? __pfx_genl_rcv_msg+0x10/0x10
[  196.678026][ T8340]  ? ref_tracker_free+0x63a/0x7d0
[  196.678054][ T8340]  ? __pfx_devlink_nl_port_get_dumpit+0x10/0x10
[  196.678087][ T8340]  ? perf_trace_run_bpf_submit+0xee/0x170
[  196.678151][ T8340]  netlink_rcv_skb+0x208/0x470
[  196.678183][ T8340]  ? __pfx_genl_rcv_msg+0x10/0x10
[  196.678224][ T8340]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  196.678304][ T8340]  ? down_read+0x1ad/0x2e0
[  196.678337][ T8340]  genl_rcv+0x28/0x40
[  196.678367][ T8340]  netlink_unicast+0x75b/0x8d0
[  196.678430][ T8340]  netlink_sendmsg+0x805/0xb30
[  196.678490][ T8340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  196.678530][ T8340]  ? aa_sock_msg_perm+0x94/0x160
[  196.678568][ T8340]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  196.678596][ T8340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  196.678629][ T8340]  __sock_sendmsg+0x219/0x270
[  196.678678][ T8340]  ____sys_sendmsg+0x505/0x830
[  196.678728][ T8340]  ? __pfx_____sys_sendmsg+0x10/0x10
[  196.678790][ T8340]  ? import_iovec+0x74/0xa0
[  196.678829][ T8340]  ___sys_sendmsg+0x21f/0x2a0
[  196.678869][ T8340]  ? __pfx____sys_sendmsg+0x10/0x10
[  196.678984][ T8340]  ? __fget_files+0x2a/0x420
[  196.679052][ T8340]  ? __fget_files+0x2a/0x420
[  196.679076][ T8340]  ? __fget_files+0x3a0/0x420
[  196.679138][ T8340]  __x64_sys_sendmsg+0x19b/0x260
[  196.679179][ T8340]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  196.679246][ T8340]  ? __pfx_ksys_write+0x10/0x10
[  196.679264][ T8340]  ? rcu_is_watching+0x15/0xb0
[  196.679317][ T8340]  ? do_syscall_64+0xbe/0x3b0
[  196.679366][ T8340]  do_syscall_64+0xfa/0x3b0
[  196.679398][ T8340]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.679430][ T8340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.679454][ T8340]  ? clear_bhb_loop+0x60/0xb0
[  196.679490][ T8340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.679511][ T8340] RIP: 0033:0x7f2e6c78e929
[  196.679534][ T8340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.679553][ T8340] RSP: 002b:00007f2e6d6b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  196.679575][ T8340] RAX: ffffffffffffffda RBX: 00007f2e6c9b5fa0 RCX: 00007f2e6c78e929
[  196.679591][ T8340] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  196.679604][ T8340] RBP: 00007f2e6d6b7090 R08: 0000000000000000 R09: 0000000000000000
[  196.679617][ T8340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  196.679630][ T8340] R13: 0000000000000000 R14: 00007f2e6c9b5fa0 R15: 00007ffde01ba358
[  196.679698][ T8340]  </TASK>
[  197.063251][ T1166] wlan1: Trigger new scan to find an IBSS to join
[  197.098438][ T8343] CPU: 1 UID: 0 PID: 8343 Comm: syz.1.889 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  197.098485][ T8343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  197.098499][ T8343] Call Trace:
[  197.098508][ T8343]  <TASK>
[  197.098518][ T8343]  dump_stack_lvl+0x189/0x250
[  197.098557][ T8343]  ? __pfx____ratelimit+0x10/0x10
[  197.098590][ T8343]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.098625][ T8343]  ? __pfx__printk+0x10/0x10
[  197.098652][ T8343]  ? fs_reclaim_acquire+0x7d/0x100
[  197.098690][ T8343]  should_fail_ex+0x414/0x560
[  197.098726][ T8343]  prepare_alloc_pages+0x213/0x610
[  197.098764][ T8343]  __alloc_frozen_pages_noprof+0x123/0x370
[  197.098791][ T8343]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.098825][ T8343]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  197.098864][ T8343]  ? alloc_pages_mpol+0x262/0x4a0
[  197.098897][ T8343]  alloc_pages_bulk_noprof+0x560/0x710
[  197.098934][ T8343]  ? alloc_pages_noprof+0xbe/0x190
[  197.098963][ T8343]  kasan_populate_vmalloc+0xba/0x1a0
[  197.099003][ T8343]  alloc_vmap_area+0xd51/0x1490
[  197.099048][ T8343]  ? __pfx_alloc_vmap_area+0x10/0x10
[  197.099069][ T8343]  ? __kasan_kmalloc+0x93/0xb0
[  197.099091][ T8343]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  197.099114][ T8343]  ? __get_vm_area_node+0x13f/0x300
[  197.099135][ T8343]  ? reuseport_array_alloc+0x98/0x130
[  197.099164][ T8343]  __get_vm_area_node+0x1f8/0x300
[  197.099196][ T8343]  __vmalloc_node_range_noprof+0x301/0x12f0
[  197.099233][ T8343]  ? reuseport_array_alloc+0x98/0x130
[  197.099284][ T8343]  ? aa_get_newest_label+0xf7/0x5d0
[  197.099315][ T8343]  ? __pfx_aa_get_newest_label+0x10/0x10
[  197.099348][ T8343]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  197.099371][ T8343]  ? rcu_is_watching+0x15/0xb0
[  197.099409][ T8343]  ? apparmor_capable+0x137/0x1b0
[  197.099450][ T8343]  bpf_map_area_alloc+0x12d/0x180
[  197.099482][ T8343]  ? reuseport_array_alloc+0x98/0x130
[  197.099514][ T8343]  reuseport_array_alloc+0x98/0x130
[  197.099545][ T8343]  map_create+0x903/0x1150
[  197.099580][ T8343]  ? security_bpf+0x7e/0x300
[  197.099610][ T8343]  __sys_bpf+0x67e/0x860
[  197.099641][ T8343]  ? __pfx___sys_bpf+0x10/0x10
[  197.099710][ T8343]  __x64_sys_bpf+0x7c/0x90
[  197.099737][ T8343]  do_syscall_64+0xfa/0x3b0
[  197.099772][ T8343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.099793][ T8343]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  197.099815][ T8343]  ? clear_bhb_loop+0x60/0xb0
[  197.099842][ T8343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.099863][ T8343] RIP: 0033:0x7f91fdd8e929
[  197.099882][ T8343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.099901][ T8343] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  197.099924][ T8343] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  197.099940][ T8343] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 0000000000000000
[  197.099953][ T8343] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  197.099967][ T8343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.099979][ T8343] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  197.100017][ T8343]  </TASK>
[  197.554951][ T8352] delete_channel: no stack
[  197.559778][ T8352] delete_channel: no stack
[  197.579200][ T1130] wlan1: Creating new IBSS network, BSSID ca:41:c1:10:ac:51
[  197.780003][ T8356] netlink: 'syz.3.892': attribute type 10 has an invalid length.
[  197.790457][ T8356] netlink: 55 bytes leftover after parsing attributes in process `syz.3.892'.
[  198.132539][ T8377] netlink: 132 bytes leftover after parsing attributes in process `syz.1.900'.
[  198.151179][ T8377] netlink: 'syz.1.900': attribute type 46 has an invalid length.
[  198.159259][ T8377] netlink: 55 bytes leftover after parsing attributes in process `syz.1.900'.
[  198.190562][ T8381] netlink: 'syz.0.901': attribute type 21 has an invalid length.
[  198.226048][ T8383] netlink: 67 bytes leftover after parsing attributes in process `syz.3.903'.
[  198.232408][ T8381] netlink: 156 bytes leftover after parsing attributes in process `syz.0.901'.
[  198.267147][ T8384] netlink: 'syz.0.901': attribute type 21 has an invalid length.
[  198.300418][ T8384] netlink: 156 bytes leftover after parsing attributes in process `syz.0.901'.
[  199.247231][ T8392] netlink: 'syz.0.904': attribute type 13 has an invalid length.
[  199.287220][ T8392] netlink: 61967 bytes leftover after parsing attributes in process `syz.0.904'.
[  199.414901][ T8406] netlink: 48 bytes leftover after parsing attributes in process `syz.2.909'.
[  199.627494][ T8411] netlink: 'syz.3.910': attribute type 10 has an invalid length.
[  199.657335][ T8411] netlink: 55 bytes leftover after parsing attributes in process `syz.3.910'.
[  200.902343][ T8428] netlink: 132 bytes leftover after parsing attributes in process `syz.0.916'.
[  200.937955][ T8429] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  200.948162][ T1164] wlan1: Selected IBSS BSSID ca:41:c1:10:ac:51 based on configured SSID
[  201.034020][ T8428] netlink: 'syz.0.916': attribute type 46 has an invalid length.
[  201.045811][ T1150] wlan1: Selected IBSS BSSID ca:41:c1:10:ac:51 based on configured SSID
[  201.609942][ T8451] netlink: 'syz.3.925': attribute type 21 has an invalid length.
[  201.841518][ T8459] netlink: 'syz.4.929': attribute type 10 has an invalid length.
[  202.224657][ T8475] netlink: 'syz.4.934': attribute type 46 has an invalid length.
[  203.395983][ T8522] __nla_validate_parse: 7 callbacks suppressed
[  203.396002][ T8522] netlink: 132 bytes leftover after parsing attributes in process `syz.1.950'.
[  203.420191][ T8522] validate_nla: 2 callbacks suppressed
[  203.420212][ T8522] netlink: 'syz.1.950': attribute type 46 has an invalid length.
[  203.434547][ T8522] netlink: 55 bytes leftover after parsing attributes in process `syz.1.950'.
[  203.463858][ T8523] netlink: 'syz.4.951': attribute type 21 has an invalid length.
[  203.472582][ T8523] netlink: 168 bytes leftover after parsing attributes in process `syz.4.951'.
[  203.816380][ T8534] delete_channel: no stack
[  203.847747][ T8534] delete_channel: no stack
[  203.852569][ T8534] FAULT_INJECTION: forcing a failure.
[  203.852569][ T8534] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  203.918309][ T8534] CPU: 1 UID: 0 PID: 8534 Comm: syz.1.956 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  203.918342][ T8534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  203.918356][ T8534] Call Trace:
[  203.918368][ T8534]  <TASK>
[  203.918382][ T8534]  dump_stack_lvl+0x189/0x250
[  203.918428][ T8534]  ? __pfx____ratelimit+0x10/0x10
[  203.918471][ T8534]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.918516][ T8534]  ? __pfx__printk+0x10/0x10
[  203.918571][ T8534]  ? __might_fault+0xb0/0x130
[  203.918633][ T8534]  should_fail_ex+0x414/0x560
[  203.918707][ T8534]  _copy_to_user+0x31/0xb0
[  203.918752][ T8534]  simple_read_from_buffer+0xe1/0x170
[  203.918810][ T8534]  proc_fail_nth_read+0x1df/0x250
[  203.918863][ T8534]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  203.918917][ T8534]  ? rw_verify_area+0x258/0x650
[  203.918956][ T8534]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  203.919001][ T8534]  vfs_read+0x200/0x980
[  203.919076][ T8534]  ? __pfx___mutex_lock+0x10/0x10
[  203.919121][ T8534]  ? __pfx_vfs_read+0x10/0x10
[  203.919177][ T8534]  ? __fget_files+0x2a/0x420
[  203.919243][ T8534]  ? __fget_files+0x3a0/0x420
[  203.919269][ T8534]  ? __fget_files+0x2a/0x420
[  203.919350][ T8534]  ksys_read+0x145/0x250
[  203.919409][ T8534]  ? __pfx_ksys_read+0x10/0x10
[  203.919440][ T8534]  ? rcu_is_watching+0x15/0xb0
[  203.919512][ T8534]  ? do_syscall_64+0xbe/0x3b0
[  203.919574][ T8534]  do_syscall_64+0xfa/0x3b0
[  203.919608][ T8534]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.919646][ T8534]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.919678][ T8534]  ? clear_bhb_loop+0x60/0xb0
[  203.919725][ T8534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.919748][ T8534] RIP: 0033:0x7f91fdd8d33c
[  203.919775][ T8534] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  203.919794][ T8534] RSP: 002b:00007f91fec10030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  203.919817][ T8534] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8d33c
[  203.919833][ T8534] RDX: 000000000000000f RSI: 00007f91fec100a0 RDI: 0000000000000005
[  203.919847][ T8534] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  203.919860][ T8534] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  203.919873][ T8534] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  203.919980][ T8534]  </TASK>
[  204.336152][ T8536] netlink: 'syz.4.957': attribute type 10 has an invalid length.
[  204.344118][ T8536] netlink: 55 bytes leftover after parsing attributes in process `syz.4.957'.
[  204.878517][ T8549] netlink: 132 bytes leftover after parsing attributes in process `syz.0.963'.
[  204.953809][ T8549] netlink: 'syz.0.963': attribute type 46 has an invalid length.
[  204.981198][ T8553] netlink: 'syz.4.964': attribute type 21 has an invalid length.
[  205.027899][ T8549] netlink: 55 bytes leftover after parsing attributes in process `syz.0.963'.
[  205.049608][ T8553] netlink: 168 bytes leftover after parsing attributes in process `syz.4.964'.
[  205.461441][ T8551] netlink: 'syz.2.965': attribute type 29 has an invalid length.
[  205.482907][ T8551] netlink: 'syz.2.965': attribute type 29 has an invalid length.
[  205.891930][ T8570] netlink: 'syz.1.971': attribute type 10 has an invalid length.
[  205.901548][ T8570] netlink: 55 bytes leftover after parsing attributes in process `syz.1.971'.
[  206.133936][ T8577] netlink: 'syz.4.972': attribute type 21 has an invalid length.
[  206.142220][ T8577] netlink: 'syz.4.972': attribute type 20 has an invalid length.
[  206.177878][ T8584] FAULT_INJECTION: forcing a failure.
[  206.177878][ T8584] name failslab, interval 1, probability 0, space 0, times 0
[  206.202820][ T8584] CPU: 1 UID: 0 PID: 8584 Comm: syz.2.974 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  206.202852][ T8584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  206.202865][ T8584] Call Trace:
[  206.202874][ T8584]  <TASK>
[  206.202884][ T8584]  dump_stack_lvl+0x189/0x250
[  206.202924][ T8584]  ? __pfx____ratelimit+0x10/0x10
[  206.202957][ T8584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.202991][ T8584]  ? __pfx__printk+0x10/0x10
[  206.203021][ T8584]  ? __pfx___might_resched+0x10/0x10
[  206.203055][ T8584]  ? fs_reclaim_acquire+0x7d/0x100
[  206.203088][ T8584]  should_fail_ex+0x414/0x560
[  206.203124][ T8584]  should_failslab+0xa8/0x100
[  206.203150][ T8584]  __kmalloc_noprof+0xcb/0x4f0
[  206.203170][ T8584]  ? tomoyo_encode+0x28b/0x550
[  206.203206][ T8584]  tomoyo_encode+0x28b/0x550
[  206.203245][ T8584]  tomoyo_realpath_from_path+0x58d/0x5d0
[  206.203293][ T8584]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  206.203319][ T8584]  tomoyo_path_number_perm+0x1e8/0x5a0
[  206.203357][ T8584]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  206.203384][ T8584]  ? ksys_write+0x1cb/0x250
[  206.203458][ T8584]  ? __fget_files+0x2a/0x420
[  206.203485][ T8584]  ? __fget_files+0x2a/0x420
[  206.203504][ T8584]  ? __fget_files+0x3a0/0x420
[  206.203522][ T8584]  ? __fget_files+0x2a/0x420
[  206.203546][ T8584]  security_file_ioctl+0xcb/0x2d0
[  206.203568][ T8584]  __se_sys_ioctl+0x47/0x170
[  206.203597][ T8584]  do_syscall_64+0xfa/0x3b0
[  206.203625][ T8584]  ? lockdep_hardirqs_on+0x9c/0x150
[  206.203650][ T8584]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.203668][ T8584]  ? clear_bhb_loop+0x60/0xb0
[  206.203690][ T8584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.203706][ T8584] RIP: 0033:0x7f6d08f8e929
[  206.203722][ T8584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.203738][ T8584] RSP: 002b:00007f6d09d18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.203758][ T8584] RAX: ffffffffffffffda RBX: 00007f6d091b5fa0 RCX: 00007f6d08f8e929
[  206.203774][ T8584] RDX: 000000000000030b RSI: 00000000400454cd RDI: 0000000000000003
[  206.203786][ T8584] RBP: 00007f6d09d18090 R08: 0000000000000000 R09: 0000000000000000
[  206.203797][ T8584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.203808][ T8584] R13: 0000000000000000 R14: 00007f6d091b5fa0 R15: 00007ffc3feaa128
[  206.203838][ T8584]  </TASK>
[  206.203864][ T8584] ERROR: Out of memory at tomoyo_realpath_from_path.
[  206.471142][ T8593] tap0: tun_chr_ioctl cmd 1074025677
[  206.484916][ T8593] tap0: linktype set to 779
[  206.503039][ T8584] tap0: tun_chr_ioctl cmd 1074025677
[  206.530668][ T8584] tap0: linktype set to 779
[  206.931572][ T8600] netlink: 132 bytes leftover after parsing attributes in process `syz.4.980'.
[  206.968447][ T8600] netlink: 55 bytes leftover after parsing attributes in process `syz.4.980'.
[  207.735093][ T8627] netlink: zone id is out of range
[  207.754275][ T8627] netlink: zone id is out of range
[  207.770063][ T8627] netlink: zone id is out of range
[  207.775950][ T8627] netlink: zone id is out of range
[  207.782663][ T8627] netlink: zone id is out of range
[  207.808916][ T8627] netlink: zone id is out of range
[  207.814181][ T8627] netlink: zone id is out of range
[  207.819511][ T8627] netlink: zone id is out of range
[  207.824728][ T8627] netlink: zone id is out of range
[  207.830088][ T8627] netlink: zone id is out of range
[  208.199126][ T8632] syz.0.989 (8632) used greatest stack depth: 17808 bytes left
[  208.404168][ T8655] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  208.413862][   T77] wlan1: Selected IBSS BSSID ca:41:c1:10:ac:51 based on configured SSID
[  208.512960][ T8661] validate_nla: 6 callbacks suppressed
[  208.512981][ T8661] netlink: 'syz.2.1002': attribute type 10 has an invalid length.
[  208.567482][ T8661] __nla_validate_parse: 7 callbacks suppressed
[  208.567500][ T8661] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1002'.
[  208.638654][ T8663] FAULT_INJECTION: forcing a failure.
[  208.638654][ T8663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.668447][ T8663] CPU: 1 UID: 0 PID: 8663 Comm: syz.3.1003 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  208.668479][ T8663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  208.668493][ T8663] Call Trace:
[  208.668505][ T8663]  <TASK>
[  208.668518][ T8663]  dump_stack_lvl+0x189/0x250
[  208.668566][ T8663]  ? __pfx____ratelimit+0x10/0x10
[  208.668608][ T8663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.668653][ T8663]  ? __pfx__printk+0x10/0x10
[  208.668689][ T8663]  ? __might_fault+0xb0/0x130
[  208.668731][ T8663]  ? __might_fault+0xb0/0x130
[  208.668792][ T8663]  should_fail_ex+0x414/0x560
[  208.668858][ T8663]  _copy_from_user+0x2d/0xb0
[  208.668892][ T8663]  sock_do_ioctl+0x182/0x300
[  208.668950][ T8663]  ? __pfx_sock_do_ioctl+0x10/0x10
[  208.669089][ T8663]  sock_ioctl+0x576/0x790
[  208.669146][ T8663]  ? __pfx_sock_ioctl+0x10/0x10
[  208.669190][ T8663]  ? __fget_files+0x2a/0x420
[  208.669217][ T8663]  ? __fget_files+0x3a0/0x420
[  208.669243][ T8663]  ? __fget_files+0x2a/0x420
[  208.669294][ T8663]  ? bpf_lsm_file_ioctl+0x9/0x20
[  208.669333][ T8663]  ? __pfx_sock_ioctl+0x10/0x10
[  208.669373][ T8663]  __se_sys_ioctl+0xf9/0x170
[  208.669430][ T8663]  do_syscall_64+0xfa/0x3b0
[  208.669464][ T8663]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.669501][ T8663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.669524][ T8663]  ? clear_bhb_loop+0x60/0xb0
[  208.669571][ T8663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.669594][ T8663] RIP: 0033:0x7f9f1658e929
[  208.669620][ T8663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.669640][ T8663] RSP: 002b:00007f9f1739a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  208.669662][ T8663] RAX: ffffffffffffffda RBX: 00007f9f167b5fa0 RCX: 00007f9f1658e929
[  208.669679][ T8663] RDX: 0000200000000280 RSI: 0000000000008914 RDI: 0000000000000006
[  208.669692][ T8663] RBP: 00007f9f1739a090 R08: 0000000000000000 R09: 0000000000000000
[  208.669706][ T8663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  208.669718][ T8663] R13: 0000000000000000 R14: 00007f9f167b5fa0 R15: 00007fff86e4bae8
[  208.669821][ T8663]  </TASK>
[  209.028882][ T8671] FAULT_INJECTION: forcing a failure.
[  209.028882][ T8671] name failslab, interval 1, probability 0, space 0, times 0
[  209.042377][ T8671] CPU: 1 UID: 0 PID: 8671 Comm: syz.0.1007 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  209.042408][ T8671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  209.042422][ T8671] Call Trace:
[  209.042431][ T8671]  <TASK>
[  209.042440][ T8671]  dump_stack_lvl+0x189/0x250
[  209.042479][ T8671]  ? __pfx____ratelimit+0x10/0x10
[  209.042511][ T8671]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.042545][ T8671]  ? __pfx__printk+0x10/0x10
[  209.042571][ T8671]  ? __pfx___might_resched+0x10/0x10
[  209.042603][ T8671]  ? fs_reclaim_acquire+0x7d/0x100
[  209.042635][ T8671]  should_fail_ex+0x414/0x560
[  209.042668][ T8671]  should_failslab+0xa8/0x100
[  209.042695][ T8671]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  209.042717][ T8671]  ? __lock_acquire+0xab9/0xd20
[  209.042746][ T8671]  ? __alloc_skb+0x112/0x2d0
[  209.042775][ T8671]  __alloc_skb+0x112/0x2d0
[  209.042804][ T8671]  alloc_skb_with_frags+0xca/0x890
[  209.042838][ T8671]  ? is_bpf_text_address+0x26/0x2b0
[  209.042879][ T8671]  sock_alloc_send_pskb+0x857/0x990
[  209.042931][ T8671]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  209.042962][ T8671]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.042996][ T8671]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  209.043027][ T8671]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  209.043060][ T8671]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  209.043085][ T8671]  __ip_append_data+0x2cd3/0x40f0
[  209.043117][ T8671]  ? __local_bh_enable_ip+0xce/0x1c0
[  209.043172][ T8671]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  209.043221][ T8671]  ? ipv4_mtu+0x23/0x5c0
[  209.043253][ T8671]  ? __pfx___ip_append_data+0x10/0x10
[  209.043283][ T8671]  ? ipv4_mtu+0x4b2/0x5c0
[  209.043314][ T8671]  ? ip_setup_cork+0x577/0x9a0
[  209.043357][ T8671]  ip_make_skb+0x1de/0x3f0
[  209.043396][ T8671]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  209.043428][ T8671]  ? __pfx_ip_make_skb+0x10/0x10
[  209.043483][ T8671]  udp_sendmsg+0x191e/0x2300
[  209.043526][ T8671]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  209.043558][ T8671]  ? __pfx_udp_sendmsg+0x10/0x10
[  209.043583][ T8671]  ? perf_trace_preemptirq_template+0xa3/0x340
[  209.043611][ T8671]  ? __local_bh_enable_ip+0xce/0x1c0
[  209.043667][ T8671]  ? __local_bh_enable_ip+0x12d/0x1c0
[  209.043708][ T8671]  ? inet_sendmsg+0x14f/0x370
[  209.043743][ T8671]  ? inet_sendmsg+0x29c/0x370
[  209.043781][ T8671]  __sock_sendmsg+0x19c/0x270
[  209.043818][ T8671]  ____sys_sendmsg+0x505/0x830
[  209.043851][ T8671]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.043888][ T8671]  ? import_iovec+0x74/0xa0
[  209.043914][ T8671]  ___sys_sendmsg+0x21f/0x2a0
[  209.043943][ T8671]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.044010][ T8671]  ? __fget_files+0x2a/0x420
[  209.044033][ T8671]  ? __fget_files+0x3a0/0x420
[  209.044069][ T8671]  __x64_sys_sendmsg+0x19b/0x260
[  209.044100][ T8671]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  209.044138][ T8671]  ? __pfx_ksys_write+0x10/0x10
[  209.044156][ T8671]  ? rcu_is_watching+0x15/0xb0
[  209.044194][ T8671]  ? do_syscall_64+0xbe/0x3b0
[  209.044232][ T8671]  do_syscall_64+0xfa/0x3b0
[  209.044263][ T8671]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.044293][ T8671]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.044314][ T8671]  ? clear_bhb_loop+0x60/0xb0
[  209.044348][ T8671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.044369][ T8671] RIP: 0033:0x7f2e6c78e929
[  209.044389][ T8671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.044408][ T8671] RSP: 002b:00007f2e6d6b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.044430][ T8671] RAX: ffffffffffffffda RBX: 00007f2e6c9b5fa0 RCX: 00007f2e6c78e929
[  209.044447][ T8671] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  209.044460][ T8671] RBP: 00007f2e6d6b7090 R08: 0000000000000000 R09: 0000000000000000
[  209.044473][ T8671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.044486][ T8671] R13: 0000000000000000 R14: 00007f2e6c9b5fa0 R15: 00007ffde01ba358
[  209.044519][ T8671]  </TASK>
[  209.998281][ T8685] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1012'.
[  210.089399][ T8686] netlink: 'syz.1.1013': attribute type 21 has an invalid length.
[  210.107087][ T8686] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1013'.
[  210.129992][ T8685] netlink: 'syz.0.1012': attribute type 46 has an invalid length.
[  210.138117][ T8685] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1012'.
[  210.568079][ T8702] netlink: 'syz.3.1019': attribute type 10 has an invalid length.
[  210.576053][ T8702] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1019'.
[  210.738684][ T8715] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1021'.
[  211.711546][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  211.718068][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  211.724838][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  211.731422][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  211.740029][ T5844] Bluetooth: hci4: command 0x0406 tx timeout
[  212.145730][ T8735] netlink: 'syz.0.1027': attribute type 21 has an invalid length.
[  212.155195][ T8735] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1027'.
[  212.304114][ T8738] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1028'.
[  212.334031][ T8743] FAULT_INJECTION: forcing a failure.
[  212.334031][ T8743] name failslab, interval 1, probability 0, space 0, times 0
[  212.364850][ T8738] netlink: 'syz.1.1028': attribute type 46 has an invalid length.
[  212.394698][ T8738] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1028'.
[  212.407290][ T8743] CPU: 1 UID: 0 PID: 8743 Comm: syz.3.1031 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  212.407333][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.407347][ T8743] Call Trace:
[  212.407356][ T8743]  <TASK>
[  212.407365][ T8743]  dump_stack_lvl+0x189/0x250
[  212.407407][ T8743]  ? __pfx____ratelimit+0x10/0x10
[  212.407438][ T8743]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.407470][ T8743]  ? __pfx__printk+0x10/0x10
[  212.407501][ T8743]  ? __pfx___might_resched+0x10/0x10
[  212.407532][ T8743]  ? fs_reclaim_acquire+0x7d/0x100
[  212.407564][ T8743]  should_fail_ex+0x414/0x560
[  212.407598][ T8743]  should_failslab+0xa8/0x100
[  212.407623][ T8743]  kmem_cache_alloc_noprof+0x73/0x3c0
[  212.407673][ T8743]  ? __pmd_alloc+0xc6/0x3b0
[  212.407712][ T8743]  __pmd_alloc+0xc6/0x3b0
[  212.407750][ T8743]  __handle_mm_fault+0xa63/0x5620
[  212.407798][ T8743]  ? mt_find+0x46f/0x5f0
[  212.407837][ T8743]  ? __pfx___handle_mm_fault+0x10/0x10
[  212.407899][ T8743]  ? find_vma+0xe7/0x160
[  212.407919][ T8743]  ? __pfx_find_vma+0x10/0x10
[  212.407949][ T8743]  handle_mm_fault+0x40a/0x8e0
[  212.407997][ T8743]  do_user_addr_fault+0x764/0x1390
[  212.408049][ T8743]  exc_page_fault+0x76/0xf0
[  212.408076][ T8743]  ? __might_fault+0xb0/0x130
[  212.408099][ T8743]  asm_exc_page_fault+0x26/0x30
[  212.408119][ T8743] RIP: 0010:__put_user_4+0xd/0x20
[  212.408150][ T8743] Code: 66 89 01 31 c9 0f 01 ca e9 40 3b 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 17 3b 03 00 90 90 90 90 90 90 90 90 90 90
[  212.408169][ T8743] RSP: 0018:ffffc9001c02fe50 EFLAGS: 00050206
[  212.408189][ T8743] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000200000000000
[  212.408203][ T8743] RDX: 0000000000000000 RSI: ffffffff8db6ef77 RDI: ffffffff8be28d40
[  212.408218][ T8743] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffffff820c48e0
[  212.408231][ T8743] R10: dffffc0000000000 R11: ffffed1005ff7631 R12: 0000000000000000
[  212.408246][ T8743] R13: 0000200000000000 R14: 0000000000000025 R15: 0000000000000005
[  212.408275][ T8743]  ? __might_fault+0xb0/0x130
[  212.408306][ T8743]  __sys_socketpair+0xb7/0x560
[  212.408340][ T8743]  __x64_sys_socketpair+0x9b/0xb0
[  212.408364][ T8743]  do_syscall_64+0xfa/0x3b0
[  212.408394][ T8743]  ? lockdep_hardirqs_on+0x9c/0x150
[  212.408423][ T8743]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.408444][ T8743]  ? clear_bhb_loop+0x60/0xb0
[  212.408472][ T8743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.408492][ T8743] RIP: 0033:0x7f9f1658e929
[  212.408511][ T8743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.408529][ T8743] RSP: 002b:00007f9f1739a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  212.408549][ T8743] RAX: ffffffffffffffda RBX: 00007f9f167b5fa0 RCX: 00007f9f1658e929
[  212.408565][ T8743] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000025
[  212.408577][ T8743] RBP: 00007f9f1739a090 R08: 0000000000000000 R09: 0000000000000000
[  212.408590][ T8743] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.408603][ T8743] R13: 0000000000000001 R14: 00007f9f167b5fa0 R15: 00007fff86e4bae8
[  212.408640][ T8743]  </TASK>
[  212.977571][ T8758] netlink: 'syz.3.1035': attribute type 10 has an invalid length.
[  212.986213][ T8758] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1035'.
[  213.619504][ T8782] netlink: 'syz.0.1043': attribute type 10 has an invalid length.
[  213.712667][ T8785] netlink: 'syz.2.1042': attribute type 21 has an invalid length.
[  213.757610][ T8785] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1042'.
[  214.025923][ T8796] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1046'.
[  214.042522][ T8782] team0: Device veth0_vlan failed to register rx_handler
[  214.097570][ T8796] netlink: 'syz.1.1046': attribute type 46 has an invalid length.
[  214.105549][ T8796] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1046'.
[  214.428119][ T8812] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1051'.
[  214.689798][ T8816] FAULT_INJECTION: forcing a failure.
[  214.689798][ T8816] name failslab, interval 1, probability 0, space 0, times 0
[  214.704990][ T8816] CPU: 1 UID: 0 PID: 8816 Comm: syz.1.1053 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  214.705023][ T8816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  214.705038][ T8816] Call Trace:
[  214.705047][ T8816]  <TASK>
[  214.705056][ T8816]  dump_stack_lvl+0x189/0x250
[  214.705098][ T8816]  ? __pfx____ratelimit+0x10/0x10
[  214.705131][ T8816]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.705166][ T8816]  ? __pfx__printk+0x10/0x10
[  214.705195][ T8816]  ? __pfx___might_resched+0x10/0x10
[  214.705230][ T8816]  ? fs_reclaim_acquire+0x7d/0x100
[  214.705264][ T8816]  should_fail_ex+0x414/0x560
[  214.705300][ T8816]  should_failslab+0xa8/0x100
[  214.705327][ T8816]  kmem_cache_alloc_noprof+0x73/0x3c0
[  214.705361][ T8816]  ? security_file_alloc+0x34/0x330
[  214.705391][ T8816]  security_file_alloc+0x34/0x330
[  214.705417][ T8816]  init_file+0x93/0x2f0
[  214.705450][ T8816]  alloc_empty_file+0x6e/0x1d0
[  214.705479][ T8816]  alloc_file_pseudo+0x13d/0x210
[  214.705512][ T8816]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  214.705537][ T8816]  ? find_get_pmu_context+0x7cd/0x890
[  214.705587][ T8816]  anon_inode_getfile+0xc5/0x1a0
[  214.705618][ T8816]  __se_sys_perf_event_open+0xf20/0x1d70
[  214.705667][ T8816]  ? __pfx___se_sys_perf_event_open+0x10/0x10
[  214.705721][ T8816]  ? __pfx_ksys_write+0x10/0x10
[  214.705738][ T8816]  ? rcu_is_watching+0x15/0xb0
[  214.705781][ T8816]  ? do_syscall_64+0xbe/0x3b0
[  214.705819][ T8816]  ? __x64_sys_perf_event_open+0x20/0xc0
[  214.705852][ T8816]  do_syscall_64+0xfa/0x3b0
[  214.705882][ T8816]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.705914][ T8816]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.705936][ T8816]  ? clear_bhb_loop+0x60/0xb0
[  214.705964][ T8816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.705985][ T8816] RIP: 0033:0x7f91fdd8e929
[  214.706005][ T8816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.706025][ T8816] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  214.706049][ T8816] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  214.706064][ T8816] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000480
[  214.706080][ T8816] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  214.706093][ T8816] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  214.706107][ T8816] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  214.706147][ T8816]  </TASK>
[  215.523615][ T8827] wg2: entered allmulticast mode
[  215.882039][ T8840] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1061'.
[  215.914770][ T8840] netlink: 'syz.0.1061': attribute type 46 has an invalid length.
[  215.923184][ T8840] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1061'.
[  215.971079][ T8844] netlink: 'syz.1.1063': attribute type 10 has an invalid length.
[  215.987102][ T8844] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1063'.
[  216.125608][ T8848] netlink: 'syz.4.1066': attribute type 21 has an invalid length.
[  216.134039][ T8848] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1066'.
[  216.219938][ T8855] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1068'.
[  216.973741][ T8868] FAULT_INJECTION: forcing a failure.
[  216.973741][ T8868] name failslab, interval 1, probability 0, space 0, times 0
[  216.991758][ T8868] CPU: 0 UID: 0 PID: 8868 Comm: syz.0.1073 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  216.991790][ T8868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  216.991804][ T8868] Call Trace:
[  216.991819][ T8868]  <TASK>
[  216.991828][ T8868]  dump_stack_lvl+0x189/0x250
[  216.991868][ T8868]  ? __pfx____ratelimit+0x10/0x10
[  216.991901][ T8868]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.991934][ T8868]  ? __pfx__printk+0x10/0x10
[  216.991961][ T8868]  ? __pfx___might_resched+0x10/0x10
[  216.991996][ T8868]  ? fs_reclaim_acquire+0x7d/0x100
[  216.992028][ T8868]  should_fail_ex+0x414/0x560
[  216.992062][ T8868]  should_failslab+0xa8/0x100
[  216.992088][ T8868]  __kmalloc_noprof+0xcb/0x4f0
[  216.992109][ T8868]  ? tomoyo_encode+0x28b/0x550
[  216.992144][ T8868]  tomoyo_encode+0x28b/0x550
[  216.992181][ T8868]  tomoyo_realpath_from_path+0x58d/0x5d0
[  216.992213][ T8868]  ? tomoyo_domain+0xd9/0x130
[  216.992251][ T8868]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  216.992275][ T8868]  tomoyo_path_number_perm+0x1e8/0x5a0
[  216.992304][ T8868]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  216.992350][ T8868]  ? __lock_acquire+0xab9/0xd20
[  216.992404][ T8868]  ? __fget_files+0x2a/0x420
[  216.992431][ T8868]  ? __fget_files+0x2a/0x420
[  216.992453][ T8868]  ? __fget_files+0x3a0/0x420
[  216.992475][ T8868]  ? __fget_files+0x2a/0x420
[  216.992504][ T8868]  security_file_ioctl+0xcb/0x2d0
[  216.992530][ T8868]  __se_sys_ioctl+0x47/0x170
[  216.992565][ T8868]  do_syscall_64+0xfa/0x3b0
[  216.992597][ T8868]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.992628][ T8868]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.992650][ T8868]  ? clear_bhb_loop+0x60/0xb0
[  216.992676][ T8868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.992697][ T8868] RIP: 0033:0x7f2e6c78e929
[  216.992716][ T8868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.992736][ T8868] RSP: 002b:00007f2e6d6b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  216.992759][ T8868] RAX: ffffffffffffffda RBX: 00007f2e6c9b5fa0 RCX: 00007f2e6c78e929
[  216.992775][ T8868] RDX: 0000200000000080 RSI: 0000000000008982 RDI: 0000000000000007
[  216.992789][ T8868] RBP: 00007f2e6d6b7090 R08: 0000000000000000 R09: 0000000000000000
[  216.992802][ T8868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.992821][ T8868] R13: 0000000000000000 R14: 00007f2e6c9b5fa0 R15: 00007ffde01ba358
[  216.992855][ T8868]  </TASK>
[  216.992939][ T8868] ERROR: Out of memory at tomoyo_realpath_from_path.
[  217.384893][ T8878] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1077'.
[  217.440405][ T8876] netlink: 'syz.4.1077': attribute type 46 has an invalid length.
[  217.525505][ T8886] netlink: 'syz.0.1078': attribute type 10 has an invalid length.
[  217.619654][ T8885] netlink: 'syz.2.1081': attribute type 21 has an invalid length.
[  218.156176][ T8906] netlink: 'syz.1.1088': attribute type 4 has an invalid length.
[  218.657017][ T8923] validate_nla: 1 callbacks suppressed
[  218.657042][ T8923] netlink: 'syz.3.1094': attribute type 10 has an invalid length.
[  218.993247][ T8928] netlink: 'syz.3.1096': attribute type 21 has an invalid length.
[  218.998409][ T8930] __nla_validate_parse: 9 callbacks suppressed
[  218.998440][ T8930] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1097'.
[  219.018538][ T8928] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1096'.
[  219.912139][ T8950] netlink: 'syz.0.1105': attribute type 10 has an invalid length.
[  219.928648][ T8952] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1106'.
[  219.967725][ T8954] netlink: 'syz.2.1107': attribute type 10 has an invalid length.
[  219.983903][ T8954] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1107'.
[  220.005454][ T8952] netlink: 'syz.3.1106': attribute type 46 has an invalid length.
[  220.041843][ T8952] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1106'.
[  220.377629][ T8965] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1110'.
[  220.501297][ T8971] FAULT_INJECTION: forcing a failure.
[  220.501297][ T8971] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  220.535544][ T8971] CPU: 1 UID: 0 PID: 8971 Comm: syz.1.1113 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  220.535579][ T8971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  220.535594][ T8971] Call Trace:
[  220.535603][ T8971]  <TASK>
[  220.535614][ T8971]  dump_stack_lvl+0x189/0x250
[  220.535655][ T8971]  ? __pfx____ratelimit+0x10/0x10
[  220.535692][ T8971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  220.535726][ T8971]  ? __pfx__printk+0x10/0x10
[  220.535753][ T8971]  ? fs_reclaim_acquire+0x7d/0x100
[  220.535792][ T8971]  should_fail_ex+0x414/0x560
[  220.535826][ T8971]  prepare_alloc_pages+0x213/0x610
[  220.535864][ T8971]  __alloc_frozen_pages_noprof+0x123/0x370
[  220.535898][ T8971]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  220.535932][ T8971]  ? perf_trace_lock+0xec/0x3b0
[  220.535970][ T8971]  ? policy_nodemask+0x27c/0x720
[  220.535999][ T8971]  alloc_pages_bulk_noprof+0x560/0x710
[  220.536036][ T8971]  ? alloc_pages_noprof+0xbe/0x190
[  220.536065][ T8971]  kasan_populate_vmalloc+0xba/0x1a0
[  220.536104][ T8971]  alloc_vmap_area+0xd51/0x1490
[  220.536149][ T8971]  ? __pfx_alloc_vmap_area+0x10/0x10
[  220.536169][ T8971]  ? __kasan_kmalloc+0x93/0xb0
[  220.536211][ T8971]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  220.536234][ T8971]  ? __get_vm_area_node+0x13f/0x300
[  220.536255][ T8971]  ? array_map_alloc+0x431/0x6f0
[  220.536288][ T8971]  __get_vm_area_node+0x1f8/0x300
[  220.536320][ T8971]  __vmalloc_node_range_noprof+0x301/0x12f0
[  220.536352][ T8971]  ? array_map_alloc+0x431/0x6f0
[  220.536406][ T8971]  ? perf_trace_lock+0xec/0x3b0
[  220.536451][ T8971]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  220.536477][ T8971]  ? apparmor_capable+0x137/0x1b0
[  220.536514][ T8971]  ? bpf_lsm_capable+0x9/0x20
[  220.536533][ T8971]  ? security_capable+0x7e/0x2e0
[  220.536564][ T8971]  bpf_map_area_mmapable_alloc+0xf6/0x160
[  220.536599][ T8971]  ? array_map_alloc+0x431/0x6f0
[  220.536632][ T8971]  array_map_alloc+0x431/0x6f0
[  220.536665][ T8971]  ? print_vma_addr+0x1d1/0x1f0
[  220.536690][ T8971]  map_create+0x903/0x1150
[  220.536726][ T8971]  ? security_bpf+0x7e/0x300
[  220.536755][ T8971]  __sys_bpf+0x67e/0x860
[  220.536787][ T8971]  ? __pfx___sys_bpf+0x10/0x10
[  220.536833][ T8971]  ? ksys_write+0x22a/0x250
[  220.536857][ T8971]  ? __pfx_ksys_write+0x10/0x10
[  220.536873][ T8971]  ? rcu_is_watching+0x15/0xb0
[  220.536916][ T8971]  __x64_sys_bpf+0x7c/0x90
[  220.536943][ T8971]  do_syscall_64+0xfa/0x3b0
[  220.536977][ T8971]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.536997][ T8971]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  220.537018][ T8971]  ? clear_bhb_loop+0x60/0xb0
[  220.537043][ T8971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.537064][ T8971] RIP: 0033:0x7f91fdd8e929
[  220.537086][ T8971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.537105][ T8971] RSP: 002b:00007f91fec10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  220.537128][ T8971] RAX: ffffffffffffffda RBX: 00007f91fdfb5fa0 RCX: 00007f91fdd8e929
[  220.537145][ T8971] RDX: 0000000000000050 RSI: 00002000000009c0 RDI: 0000000000000000
[  220.537158][ T8971] RBP: 00007f91fec10090 R08: 0000000000000000 R09: 0000000000000000
[  220.537170][ T8971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.537180][ T8971] R13: 0000000000000000 R14: 00007f91fdfb5fa0 R15: 00007ffc179b2478
[  220.537210][ T8971]  </TASK>
[  221.917553][ T8998] netlink: 'syz.2.1120': attribute type 10 has an invalid length.
[  221.919688][ T8999] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1121'.
[  221.925626][ T8998] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1120'.
[  221.970249][ T8992] netlink: 'syz.4.1121': attribute type 46 has an invalid length.
[  221.988164][ T8992] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1121'.
[  222.214877][ T9008] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1125'.
[  222.233553][ T9008] FAULT_INJECTION: forcing a failure.
[  222.233553][ T9008] name failslab, interval 1, probability 0, space 0, times 0
[  222.252092][ T9008] CPU: 1 UID: 0 PID: 9008 Comm: syz.2.1125 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  222.252123][ T9008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  222.252137][ T9008] Call Trace:
[  222.252146][ T9008]  <TASK>
[  222.252157][ T9008]  dump_stack_lvl+0x189/0x250
[  222.252209][ T9008]  ? __pfx____ratelimit+0x10/0x10
[  222.252242][ T9008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.252277][ T9008]  ? __pfx__printk+0x10/0x10
[  222.252304][ T9008]  ? __pfx___might_resched+0x10/0x10
[  222.252335][ T9008]  ? fs_reclaim_acquire+0x7d/0x100
[  222.252366][ T9008]  should_fail_ex+0x414/0x560
[  222.252400][ T9008]  should_failslab+0xa8/0x100
[  222.252424][ T9008]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  222.252445][ T9008]  ? __alloc_skb+0x112/0x2d0
[  222.252474][ T9008]  __alloc_skb+0x112/0x2d0
[  222.252501][ T9008]  netlink_ack+0x146/0xa50
[  222.252523][ T9008]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  222.252543][ T9008]  ? ref_tracker_free+0x63a/0x7d0
[  222.252570][ T9008]  ? __copy_skb_header+0xa7/0x550
[  222.252599][ T9008]  ? __pfx_ref_tracker_free+0x10/0x10
[  222.252627][ T9008]  ? __skb_clone+0x63/0x7a0
[  222.252662][ T9008]  netlink_rcv_skb+0x28c/0x470
[  222.252687][ T9008]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  222.252711][ T9008]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  222.252750][ T9008]  ? netlink_deliver_tap+0x2e/0x1b0
[  222.252774][ T9008]  ? netlink_deliver_tap+0x2e/0x1b0
[  222.252804][ T9008]  netlink_unicast+0x75b/0x8d0
[  222.252839][ T9008]  netlink_sendmsg+0x805/0xb30
[  222.252875][ T9008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.252904][ T9008]  ? aa_sock_msg_perm+0x94/0x160
[  222.252934][ T9008]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  222.252962][ T9008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.252989][ T9008]  __sock_sendmsg+0x219/0x270
[  222.253026][ T9008]  ____sys_sendmsg+0x505/0x830
[  222.253061][ T9008]  ? __pfx_____sys_sendmsg+0x10/0x10
[  222.253097][ T9008]  ? import_iovec+0x74/0xa0
[  222.253124][ T9008]  ___sys_sendmsg+0x21f/0x2a0
[  222.253153][ T9008]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.253229][ T9008]  ? __fget_files+0x2a/0x420
[  222.253254][ T9008]  ? __fget_files+0x3a0/0x420
[  222.253290][ T9008]  __x64_sys_sendmsg+0x19b/0x260
[  222.253320][ T9008]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  222.253358][ T9008]  ? __pfx_ksys_write+0x10/0x10
[  222.253376][ T9008]  ? rcu_is_watching+0x15/0xb0
[  222.253416][ T9008]  ? do_syscall_64+0xbe/0x3b0
[  222.253455][ T9008]  do_syscall_64+0xfa/0x3b0
[  222.253485][ T9008]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.253517][ T9008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.253539][ T9008]  ? clear_bhb_loop+0x60/0xb0
[  222.253565][ T9008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.253587][ T9008] RIP: 0033:0x7f6d08f8e929
[  222.253607][ T9008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.253627][ T9008] RSP: 002b:00007f6d09d18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  222.253651][ T9008] RAX: ffffffffffffffda RBX: 00007f6d091b5fa0 RCX: 00007f6d08f8e929
[  222.253667][ T9008] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  222.253681][ T9008] RBP: 00007f6d09d18090 R08: 0000000000000000 R09: 0000000000000000
[  222.253694][ T9008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.253706][ T9008] R13: 0000000000000000 R14: 00007f6d091b5fa0 R15: 00007ffc3feaa128
[  222.253740][ T9008]  </TASK>
[  223.366241][ T9025] netlink: 'syz.3.1131': attribute type 10 has an invalid length.
[  223.537808][ T9033] netlink: 'syz.2.1134': attribute type 9 has an invalid length.
[  223.581158][ T9034] netlink: 'syz.0.1135': attribute type 10 has an invalid length.
[  223.966406][ T9051] validate_nla: 11 callbacks suppressed
[  223.966435][ T9051] netlink: 'syz.1.1140': attribute type 46 has an invalid length.
[  224.009960][ T9051] __nla_validate_parse: 17 callbacks suppressed
[  224.009987][ T9051] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1140'.
[  224.183706][ T9056] FAULT_INJECTION: forcing a failure.
[  224.183706][ T9056] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  224.199087][ T9056] CPU: 0 UID: 0 PID: 9056 Comm: syz.2.1142 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  224.199119][ T9056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  224.199134][ T9056] Call Trace:
[  224.199143][ T9056]  <TASK>
[  224.199153][ T9056]  dump_stack_lvl+0x189/0x250
[  224.199195][ T9056]  ? __pfx____ratelimit+0x10/0x10
[  224.199233][ T9056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.199267][ T9056]  ? __pfx__printk+0x10/0x10
[  224.199293][ T9056]  ? fs_reclaim_acquire+0x7d/0x100
[  224.199329][ T9056]  should_fail_ex+0x414/0x560
[  224.199363][ T9056]  prepare_alloc_pages+0x213/0x610
[  224.199407][ T9056]  __alloc_frozen_pages_noprof+0x123/0x370
[  224.199440][ T9056]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  224.199474][ T9056]  ? perf_trace_lock+0xec/0x3b0
[  224.199521][ T9056]  alloc_pages_bulk_noprof+0x560/0x710
[  224.199556][ T9056]  ? alloc_pages_noprof+0xbe/0x190
[  224.199585][ T9056]  kasan_populate_vmalloc+0xba/0x1a0
[  224.199624][ T9056]  alloc_vmap_area+0xd51/0x1490
[  224.199669][ T9056]  ? __pfx_alloc_vmap_area+0x10/0x10
[  224.199690][ T9056]  ? __kasan_kmalloc+0x93/0xb0
[  224.199711][ T9056]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  224.199734][ T9056]  ? __get_vm_area_node+0x13f/0x300
[  224.199754][ T9056]  ? reuseport_array_alloc+0x98/0x130
[  224.199784][ T9056]  __get_vm_area_node+0x1f8/0x300
[  224.199815][ T9056]  __vmalloc_node_range_noprof+0x301/0x12f0
[  224.199840][ T9056]  ? reuseport_array_alloc+0x98/0x130
[  224.199871][ T9056]  ? perf_trace_preemptirq_template+0x280/0x340
[  224.199917][ T9056]  ? aa_get_newest_label+0xf7/0x5d0
[  224.199958][ T9056]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  224.199998][ T9056]  bpf_map_area_alloc+0x12d/0x180
[  224.200031][ T9056]  ? reuseport_array_alloc+0x98/0x130
[  224.200062][ T9056]  reuseport_array_alloc+0x98/0x130
[  224.200092][ T9056]  map_create+0x903/0x1150
[  224.200126][ T9056]  ? security_bpf+0x7e/0x300
[  224.200155][ T9056]  __sys_bpf+0x67e/0x860
[  224.200186][ T9056]  ? __pfx___sys_bpf+0x10/0x10
[  224.200235][ T9056]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  224.200305][ T9056]  __x64_sys_bpf+0x7c/0x90
[  224.200333][ T9056]  do_syscall_64+0xfa/0x3b0
[  224.200368][ T9056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.200397][ T9056]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  224.200419][ T9056]  ? clear_bhb_loop+0x60/0xb0
[  224.200454][ T9056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.200476][ T9056] RIP: 0033:0x7f6d08f8e929
[  224.200503][ T9056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.200522][ T9056] RSP: 002b:00007f6d09d18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  224.200545][ T9056] RAX: ffffffffffffffda RBX: 00007f6d091b5fa0 RCX: 00007f6d08f8e929
[  224.200561][ T9056] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 0000000000000000
[  224.200575][ T9056] RBP: 00007f6d09d18090 R08: 0000000000000000 R09: 0000000000000000
[  224.200588][ T9056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.200601][ T9056] R13: 0000000000000000 R14: 00007f6d091b5fa0 R15: 00007ffc3feaa128
[  224.200639][ T9056]  </TASK>
[  224.706679][ T9067] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1145'.
[  225.095429][ T9078] netlink: 'syz.4.1149': attribute type 10 has an invalid length.
[  225.113722][ T9078] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1149'.
[  225.254019][ T9083] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1152'.
[  225.342557][ T9088] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1154'.
[  225.398856][ T9088] netlink: 'syz.0.1154': attribute type 46 has an invalid length.
[  225.413860][ T9088] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1154'.
[  225.773081][ T9101] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1160'.
[  226.100546][ T9109] netlink: 'syz.3.1163': attribute type 10 has an invalid length.
[  226.146316][ T9109] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1163'.
[  226.324549][ T9120] netlink: 'syz.4.1166': attribute type 10 has an invalid length.
[  226.345894][ T9120] veth0_vlan: left promiscuous mode
[  226.361122][ T9120] veth0_vlan: entered promiscuous mode
[  226.372175][ T9120] team0: Device veth0_vlan failed to register rx_handler
[  226.473582][ T9123] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1168'.
[  226.489193][ T9123] netlink: 'syz.3.1168': attribute type 46 has an invalid length.
[  226.497654][ T9123] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1168'.
[  227.139269][ T9139] veth1_to_bond: entered allmulticast mode
[  227.335487][ T9146] netlink: 'syz.4.1178': attribute type 10 has an invalid length.
[  227.750473][ T9165] netlink: 'syz.3.1182': attribute type 46 has an invalid length.
[  228.078844][ T9177] netlink: 'syz.2.1191': attribute type 21 has an invalid length.
[  228.274278][ T9181] netlink: 'syz.1.1192': attribute type 10 has an invalid length.
[  228.651966][ T9189] delete_channel: no stack
[  228.656583][ T9189] delete_channel: no stack
[  229.102338][ T9210] net_ratelimit: 72 callbacks suppressed
[  229.102361][ T9210] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  229.125219][ T9210] nr0: tun_chr_ioctl cmd 1074025677
[  229.130956][ T9210] nr0: linktype set to 778
[  229.189684][ T9213] validate_nla: 2 callbacks suppressed
[  229.189708][ T9213] netlink: 'syz.2.1204': attribute type 10 has an invalid length.
[  229.224368][ T9213] __nla_validate_parse: 9 callbacks suppressed
[  229.224390][ T9213] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1204'.
[  229.748307][ T9228] netlink: 'syz.2.1211': attribute type 21 has an invalid length.
[  229.756215][ T9228] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1211'.
[  229.804108][ T9232] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1213'.
[  229.878831][ T9234] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1212'.
[  229.917769][ T9234] netlink: 'syz.0.1212': attribute type 46 has an invalid length.
[  229.925683][ T9234] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1212'.
[  230.017743][ T9240] netlink: 'syz.2.1215': attribute type 21 has an invalid length.
[  230.026021][ T9240] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1215'.
[  230.218472][ T9246] FAULT_INJECTION: forcing a failure.
[  230.218472][ T9246] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.233924][ T9246] CPU: 1 UID: 0 PID: 9246 Comm: syz.3.1218 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  230.233957][ T9246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  230.233971][ T9246] Call Trace:
[  230.233980][ T9246]  <TASK>
[  230.233990][ T9246]  dump_stack_lvl+0x189/0x250
[  230.234031][ T9246]  ? __pfx____ratelimit+0x10/0x10
[  230.234064][ T9246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.234096][ T9246]  ? __pfx__printk+0x10/0x10
[  230.234131][ T9246]  should_fail_ex+0x414/0x560
[  230.234164][ T9246]  _copy_to_user+0x31/0xb0
[  230.234187][ T9246]  simple_read_from_buffer+0xe1/0x170
[  230.234213][ T9246]  proc_fail_nth_read+0x1df/0x250
[  230.234243][ T9246]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  230.234269][ T9246]  ? rw_verify_area+0x258/0x650
[  230.234299][ T9246]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  230.234325][ T9246]  vfs_read+0x200/0x980
[  230.234363][ T9246]  ? __pfx___mutex_lock+0x10/0x10
[  230.234397][ T9246]  ? __pfx_vfs_read+0x10/0x10
[  230.234432][ T9246]  ? __fget_files+0x2a/0x420
[  230.234461][ T9246]  ? __fget_files+0x3a0/0x420
[  230.234483][ T9246]  ? __fget_files+0x2a/0x420
[  230.234516][ T9246]  ksys_read+0x145/0x250
[  230.234551][ T9246]  ? __pfx_ksys_read+0x10/0x10
[  230.234588][ T9246]  ? do_syscall_64+0xbe/0x3b0
[  230.234622][ T9246]  do_syscall_64+0xfa/0x3b0
[  230.234662][ T9246]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.234682][ T9246]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  230.234702][ T9246]  ? clear_bhb_loop+0x60/0xb0
[  230.234729][ T9246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.234751][ T9246] RIP: 0033:0x7f9f1658d33c
[  230.234771][ T9246] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  230.234790][ T9246] RSP: 002b:00007f9f1739a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  230.234813][ T9246] RAX: ffffffffffffffda RBX: 00007f9f167b5fa0 RCX: 00007f9f1658d33c
[  230.234829][ T9246] RDX: 000000000000000f RSI: 00007f9f1739a0a0 RDI: 0000000000000008
[  230.234842][ T9246] RBP: 00007f9f1739a090 R08: 0000000000000000 R09: 0000000000000000
[  230.234855][ T9246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.234875][ T9246] R13: 0000000000000000 R14: 00007f9f167b5fa0 R15: 00007fff86e4bae8
[  230.234911][ T9246]  </TASK>
[  230.796528][ T9254] netlink: 'syz.4.1221': attribute type 10 has an invalid length.
[  230.806439][ T9254] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1221'.
[  231.168440][ T9265] netlink: 29407 bytes leftover after parsing attributes in process `syz.2.1224'.
[  231.275253][ T9266] netlink: 'syz.4.1225': attribute type 21 has an invalid length.
[  231.316909][ T9266] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1225'.
[  231.477534][ T9269] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1226'.
[  231.529370][ T9269] netlink: 'syz.2.1226': attribute type 46 has an invalid length.
[  232.012016][ T9276] FAULT_INJECTION: forcing a failure.
[  232.012016][ T9276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.096662][ T9276] CPU: 1 UID: 0 PID: 9276 Comm: syz.4.1228 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  232.096698][ T9276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.096712][ T9276] Call Trace:
[  232.096721][ T9276]  <TASK>
[  232.096730][ T9276]  dump_stack_lvl+0x189/0x250
[  232.096774][ T9276]  ? __pfx____ratelimit+0x10/0x10
[  232.096808][ T9276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  232.096843][ T9276]  ? __pfx__printk+0x10/0x10
[  232.096873][ T9276]  ? __might_fault+0xb0/0x130
[  232.096899][ T9276]  should_fail_ex+0x414/0x560
[  232.096935][ T9276]  _copy_to_user+0x31/0xb0
[  232.096962][ T9276]  simple_read_from_buffer+0xe1/0x170
[  232.096992][ T9276]  proc_fail_nth_read+0x1df/0x250
[  232.097025][ T9276]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.097056][ T9276]  ? rw_verify_area+0x258/0x650
[  232.097090][ T9276]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.097120][ T9276]  vfs_read+0x200/0x980
[  232.097161][ T9276]  ? __pfx___mutex_lock+0x10/0x10
[  232.097197][ T9276]  ? __pfx_vfs_read+0x10/0x10
[  232.097233][ T9276]  ? __fget_files+0x2a/0x420
[  232.097265][ T9276]  ? __fget_files+0x3a0/0x420
[  232.097287][ T9276]  ? __fget_files+0x2a/0x420
[  232.097325][ T9276]  ksys_read+0x145/0x250
[  232.097362][ T9276]  ? __pfx_ksys_read+0x10/0x10
[  232.097415][ T9276]  do_syscall_64+0xfa/0x3b0
[  232.097450][ T9276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.097479][ T9276]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  232.097501][ T9276]  ? clear_bhb_loop+0x60/0xb0
[  232.097530][ T9276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.097551][ T9276] RIP: 0033:0x7f8addf8d33c
[  232.097572][ T9276] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  232.097592][ T9276] RSP: 002b:00007f8adee7f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  232.097616][ T9276] RAX: ffffffffffffffda RBX: 00007f8ade1b5fa0 RCX: 00007f8addf8d33c
[  232.097632][ T9276] RDX: 000000000000000f RSI: 00007f8adee7f0a0 RDI: 0000000000000006
[  232.097646][ T9276] RBP: 00007f8adee7f090 R08: 0000000000000000 R09: 0000000000000000
[  232.097659][ T9276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.097672][ T9276] R13: 0000000000000000 R14: 00007f8ade1b5fa0 R15: 00007fff359792e8
[  232.097711][ T9276]  </TASK>
[  232.899687][ T9295] netlink: 'syz.3.1236': attribute type 10 has an invalid length.
[  233.098993][ T9301] netlink: 'syz.2.1238': attribute type 21 has an invalid length.
[  233.113192][ T9307] netlink: 'syz.3.1240': attribute type 46 has an invalid length.
[  234.499261][ T9335] netlink: 'syz.2.1250': attribute type 10 has an invalid length.
[  234.536714][ T9335] __nla_validate_parse: 7 callbacks suppressed
[  234.536738][ T9335] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1250'.
[  234.680367][ T9339] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1254'.
[  234.740106][ T9339] netlink: 'syz.4.1254': attribute type 46 has an invalid length.
[  234.779138][ T9339] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1254'.
[  234.927913][ T9348] netlink: 'syz.0.1251': attribute type 21 has an invalid length.
[  235.026746][ T9348] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1251'.
[  235.074965][ T9355] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1258'.
[  235.219152][ T9357] tap0: tun_chr_ioctl cmd 1074025677
[  235.259435][ T9357] tap0: linktype set to 779
[  236.111070][ T9377] netlink: 'syz.2.1266': attribute type 5 has an invalid length.
[  236.167203][ T9377] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.1266'.
[  236.201534][ T9378] netlink: 'syz.0.1265': attribute type 10 has an invalid length.
[  236.227723][ T9378] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1265'.
[  236.245215][ T9382] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1267'.
[  236.294487][ T9382] netlink: 'syz.3.1267': attribute type 46 has an invalid length.
[  236.304316][ T9382] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1267'.
[  236.400704][ T9384] FAULT_INJECTION: forcing a failure.
[  236.400704][ T9384] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  236.470187][ T9384] CPU: 0 UID: 0 PID: 9384 Comm: syz.2.1268 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  236.470220][ T9384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  236.470234][ T9384] Call Trace:
[  236.470250][ T9384]  <TASK>
[  236.470260][ T9384]  dump_stack_lvl+0x189/0x250
[  236.470301][ T9384]  ? __pfx____ratelimit+0x10/0x10
[  236.470335][ T9384]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.470369][ T9384]  ? __pfx__printk+0x10/0x10
[  236.470395][ T9384]  ? fs_reclaim_acquire+0x7d/0x100
[  236.470435][ T9384]  should_fail_ex+0x414/0x560
[  236.470470][ T9384]  prepare_alloc_pages+0x213/0x610
[  236.470506][ T9384]  __alloc_frozen_pages_noprof+0x123/0x370
[  236.470539][ T9384]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  236.470573][ T9384]  ? irqentry_exit+0x74/0x90
[  236.470617][ T9384]  alloc_pages_bulk_noprof+0x560/0x710
[  236.470654][ T9384]  ? alloc_pages_noprof+0xbe/0x190
[  236.470682][ T9384]  kasan_populate_vmalloc+0xba/0x1a0
[  236.470720][ T9384]  alloc_vmap_area+0xd51/0x1490
[  236.470762][ T9384]  ? __pfx_alloc_vmap_area+0x10/0x10
[  236.470782][ T9384]  ? __kasan_kmalloc+0x93/0xb0
[  236.470805][ T9384]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  236.470829][ T9384]  ? __get_vm_area_node+0x13f/0x300
[  236.470850][ T9384]  ? reuseport_array_alloc+0x98/0x130
[  236.470880][ T9384]  __get_vm_area_node+0x1f8/0x300
[  236.470911][ T9384]  __vmalloc_node_range_noprof+0x301/0x12f0
[  236.470937][ T9384]  ? reuseport_array_alloc+0x98/0x130
[  236.470982][ T9384]  ? aa_get_newest_label+0xf7/0x5d0
[  236.471014][ T9384]  ? perf_trace_preemptirq_template+0xa3/0x340
[  236.471043][ T9384]  ? __pfx_aa_get_newest_label+0x10/0x10
[  236.471073][ T9384]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  236.471096][ T9384]  ? rcu_is_watching+0x15/0xb0
[  236.471132][ T9384]  ? apparmor_capable+0x137/0x1b0
[  236.471171][ T9384]  bpf_map_area_alloc+0x12d/0x180
[  236.471202][ T9384]  ? reuseport_array_alloc+0x98/0x130
[  236.471232][ T9384]  reuseport_array_alloc+0x98/0x130
[  236.471275][ T9384]  map_create+0x903/0x1150
[  236.471308][ T9384]  ? security_bpf+0x7e/0x300
[  236.471337][ T9384]  __sys_bpf+0x67e/0x860
[  236.471368][ T9384]  ? __pfx___sys_bpf+0x10/0x10
[  236.471413][ T9384]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  236.471443][ T9384]  ? __pfx_ksys_write+0x10/0x10
[  236.471472][ T9384]  __x64_sys_bpf+0x7c/0x90
[  236.471498][ T9384]  do_syscall_64+0xfa/0x3b0
[  236.471532][ T9384]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.471552][ T9384]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  236.471574][ T9384]  ? clear_bhb_loop+0x60/0xb0
[  236.471599][ T9384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.471620][ T9384] RIP: 0033:0x7f6d08f8e929
[  236.471640][ T9384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.471660][ T9384] RSP: 002b:00007f6d09d18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  236.471683][ T9384] RAX: ffffffffffffffda RBX: 00007f6d091b5fa0 RCX: 00007f6d08f8e929
[  236.471698][ T9384] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 0000000000000000
[  236.471712][ T9384] RBP: 00007f6d09d18090 R08: 0000000000000000 R09: 0000000000000000
[  236.471725][ T9384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  236.471737][ T9384] R13: 0000000000000000 R14: 00007f6d091b5fa0 R15: 00007ffc3feaa128
[  236.471770][ T9384]  </TASK>
[  237.343966][ T9397] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1271'.
[  237.921954][ T9407] netlink: 'syz.0.1275': attribute type 21 has an invalid length.
[  238.018979][ T9413] delete_channel: no stack
[  238.036827][ T9413] delete_channel: no stack
[  238.232554][ T9416] netlink: 'syz.2.1279': attribute type 10 has an invalid length.
[  238.431154][ T9423] netlink: 'syz.4.1280': attribute type 2 has an invalid length.
[  238.524532][ T9421] netlink: 'syz.3.1281': attribute type 46 has an invalid length.
[  239.081350][ T1150] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  239.125653][ T1150] ------------[ cut here ]------------
[  239.148430][ T1150] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1223:5
[  239.181201][ T1150] index 1 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
[  239.231196][ T1150] CPU: 0 UID: 0 PID: 1150 Comm: kworker/u8:6 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  239.231251][ T1150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  239.231267][ T1150] Workqueue: events_unbound cfg80211_wiphy_work
[  239.231299][ T1150] Call Trace:
[  239.231309][ T1150]  <TASK>
[  239.231318][ T1150]  dump_stack_lvl+0x189/0x250
[  239.231361][ T1150]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.231395][ T1150]  ? __pfx__printk+0x10/0x10
[  239.231424][ T1150]  ? __ubsan_handle_out_of_bounds+0x80/0xf0
[  239.231464][ T1150]  ubsan_epilogue+0xa/0x40
[  239.231489][ T1150]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  239.231531][ T1150]  ieee80211_request_ibss_scan+0x600/0x8b0
[  239.231582][ T1150]  ieee80211_ibss_work+0xd85/0x1060
[  239.231613][ T1150]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.231646][ T1150]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  239.231676][ T1150]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  239.231707][ T1150]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  239.231743][ T1150]  ? skb_dequeue+0x10e/0x150
[  239.231774][ T1150]  ? ieee80211_iface_work+0xcdb/0xfe0
[  239.231810][ T1150]  ? ieee80211_iface_work+0xf39/0xfe0
[  239.231845][ T1150]  ? rcu_is_watching+0x15/0xb0
[  239.231885][ T1150]  cfg80211_wiphy_work+0x2df/0x460
[  239.231909][ T1150]  ? process_scheduled_works+0x9ef/0x17b0
[  239.231953][ T1150]  process_scheduled_works+0xae1/0x17b0
[  239.232022][ T1150]  ? __pfx_process_scheduled_works+0x10/0x10
[  239.232077][ T1150]  worker_thread+0x8a0/0xda0
[  239.232143][ T1150]  kthread+0x70e/0x8a0
[  239.232173][ T1150]  ? __pfx_worker_thread+0x10/0x10
[  239.232209][ T1150]  ? __pfx_kthread+0x10/0x10
[  239.232237][ T1150]  ? _raw_spin_unlock_irq+0x23/0x50
[  239.232264][ T1150]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.232293][ T1150]  ? __pfx_kthread+0x10/0x10
[  239.232319][ T1150]  ret_from_fork+0x3fc/0x770
[  239.232354][ T1150]  ? __pfx_ret_from_fork+0x10/0x10
[  239.232392][ T1150]  ? __switch_to_asm+0x39/0x70
[  239.232414][ T1150]  ? __switch_to_asm+0x33/0x70
[  239.232434][ T1150]  ? __pfx_kthread+0x10/0x10
[  239.232460][ T1150]  ret_from_fork_asm+0x1a/0x30
[  239.232503][ T1150]  </TASK>
[  239.234888][ T1150] ---[ end trace ]---
[  239.482294][ T1150] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  239.489745][ T1150] CPU: 1 UID: 0 PID: 1150 Comm: kworker/u8:6 Not tainted 6.16.0-rc3-syzkaller-gee88bddf7f2f #0 PREEMPT(full) 
[  239.501417][ T1150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  239.511506][ T1150] Workqueue: events_unbound cfg80211_wiphy_work
[  239.517795][ T1150] Call Trace:
[  239.521101][ T1150]  <TASK>
[  239.524053][ T1150]  dump_stack_lvl+0x99/0x250
[  239.528686][ T1150]  ? __asan_memcpy+0x40/0x70
[  239.533315][ T1150]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.538550][ T1150]  ? __pfx__printk+0x10/0x10
[  239.543183][ T1150]  panic+0x2db/0x790
[  239.547124][ T1150]  ? __pfx_panic+0x10/0x10
[  239.551576][ T1150]  ? _printk+0xcf/0x120
[  239.555769][ T1150]  ? __pfx__printk+0x10/0x10
[  239.560485][ T1150]  ? __ubsan_handle_out_of_bounds+0x80/0xf0
[  239.566423][ T1150]  check_panic_on_warn+0x89/0xb0
[  239.571490][ T1150]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  239.577264][ T1150]  ieee80211_request_ibss_scan+0x600/0x8b0
[  239.583225][ T1150]  ieee80211_ibss_work+0xd85/0x1060
[  239.589267][ T1150]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.594520][ T1150]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  239.600468][ T1150]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  239.606837][ T1150]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  239.612515][ T1150]  ? skb_dequeue+0x10e/0x150
[  239.617158][ T1150]  ? ieee80211_iface_work+0xcdb/0xfe0
[  239.622759][ T1150]  ? ieee80211_iface_work+0xf39/0xfe0
[  239.628174][ T1150]  ? rcu_is_watching+0x15/0xb0
[  239.632992][ T1150]  cfg80211_wiphy_work+0x2df/0x460
[  239.638137][ T1150]  ? process_scheduled_works+0x9ef/0x17b0
[  239.643907][ T1150]  process_scheduled_works+0xae1/0x17b0
[  239.649532][ T1150]  ? __pfx_process_scheduled_works+0x10/0x10
[  239.655627][ T1150]  worker_thread+0x8a0/0xda0
[  239.660291][ T1150]  kthread+0x70e/0x8a0
[  239.664392][ T1150]  ? __pfx_worker_thread+0x10/0x10
[  239.669552][ T1150]  ? __pfx_kthread+0x10/0x10
[  239.674189][ T1150]  ? _raw_spin_unlock_irq+0x23/0x50
[  239.679431][ T1150]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.684668][ T1150]  ? __pfx_kthread+0x10/0x10
[  239.689296][ T1150]  ret_from_fork+0x3fc/0x770
[  239.693972][ T1150]  ? __pfx_ret_from_fork+0x10/0x10
[  239.699147][ T1150]  ? __switch_to_asm+0x39/0x70
[  239.703930][ T1150]  ? __switch_to_asm+0x33/0x70
[  239.708706][ T1150]  ? __pfx_kthread+0x10/0x10
[  239.713322][ T1150]  ret_from_fork_asm+0x1a/0x30
[  239.718110][ T1150]  </TASK>
[  239.722878][ T1150] Kernel Offset: disabled
[  239.727277][ T1150] Rebooting in 86400 seconds..