last executing test programs:

7.749796217s ago: executing program 1 (id=1755):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="d401000040000000180000000000000000000000000000009500"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x6}, 0x94)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711049000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
r3 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r6, r4, 0x0, 0x1, &(0x7f0000000340)='\x00'}, 0x30)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x3a84821, 0x0)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
r8 = socket$kcm(0x25, 0x1, 0x0)
recvmsg$kcm(r8, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x40010102)
r9 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_BPF(r9, 0x40042408, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2, 0x1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000a80)="d80000001d0081044e81f782db44b904021d080201000000040000a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c16f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace801bcb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd6", 0x81}, {&(0x7f00000006c0)="54f6d4d87eb3f140c5", 0x9}, {&(0x7f0000000980)="027a64c0072ebbb1512b328dda11b4efd4ba07fc642b7e012bea071dbbdea51e41958755533ccce04d3e635cbe848495e723490d8e93db224d82d4fbfe76bd22fd358cd467795ad7febfc220d72f", 0x4e}], 0x3, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r7, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)={0x90, 0x1405, 0x10, 0x70bd2b, 0x25dfdbfd, "", [{{0x8, 0x1, 0x2}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x2}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x2}}, {{0x8}, {0x8}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x1}}, {{0x8, 0x1, 0x1}, {0x8}}, {{0x8, 0x1, 0x1}, {0x8}}]}, 0x90}, 0x1, 0x0, 0x0, 0x200000d4}, 0x40004)
setsockopt$sock_attach_bpf(r3, 0x84, 0x22, &(0x7f0000000000)=r7, 0x10)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fcffffff00000dc3da9d00000040000009000000"], &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r11}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r1, r2, 0x4, r0}, 0x10)

7.610366192s ago: executing program 3 (id=1756):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b7020000000000006f0000000000000085000000c40000009500000000000080"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c}, 0x5c)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x400, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1941}, 0x5000, 0x4, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r0=>0xffffffffffffffff})
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x0, 0x0, &(0x7f0000011c40), 0x15, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x4, 0x0, 0x3, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x200020, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x3, 0x87)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000001946}, 0x10401, 0x2, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c0000000a000000000000000000000b02000000000000000300000d000000000300000003000000000000000300000004000000030000000000000000000005000000000000002e5f"], 0x0, 0x5e, 0x0, 0x1}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xff, '\x00', 0x0, r5, 0x1, 0x4}, 0x50)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNGETVNETBE(r1, 0x800454df, &(0x7f0000000240)=0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x88, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0x88}}, 0x0)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

7.226979074s ago: executing program 1 (id=1759):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x8c42, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0xf}, 0x1000, 0x2, 0xa9eb, 0x8, 0x0, 0x0, 0x806}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffc)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000001600)={r4, 0x0, 0x0}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x10, 0x72bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {0xfff7}, {0x8, 0xffff}, {0x2, 0xb}}}, 0x24}}, 0x40008044)
r5 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r5, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x8, @private=0xa010101}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0xc98f27b754710b80}, 0xc, &(0x7f0000000300)={&(0x7f0000000800)={0xb0, 0x17, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x5b}]}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_HOOK={0x80, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bond0\x00'}, {0x14, 0x1, 'veth1_to_hsr\x00'}, {0x14, 0x1, 'xfrm0\x00'}, {0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'team_slave_1\x00'}, {0x14, 0x1, 'dvmrp0\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0xc090}, 0x40)
sendmsg$inet(r5, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000080)="d4", 0x1}], 0x1}, 0x8001)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

6.660357608s ago: executing program 3 (id=1761):
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$tipc(r0, 0x0, 0x20000040)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x0, 0x21}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000069105a000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x5, 0x8, 0x0, 0x6, 0x2118}, 0x0, 0xb, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x3, 0x0, 0x0)
r1 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80}, 0x10000)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fa, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3, 0x830d}, 0x0, 0x2, 0xfffffffe}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe00}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f00000005c0)=r1, 0x12)

6.291421951s ago: executing program 0 (id=1764):
socket$kcm(0x10, 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000001140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x1, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r1}, 0x20)
socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = socket$kcm(0x2c, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x11b, 0x3, &(0x7f0000000040), 0x4)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000980)={@map, 0xffffffffffffffff, 0x17, 0x34}, 0x20)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={@fallback, 0xffffffffffffffff, 0x1e, 0x32}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f00000002c0)='hugetlb.1GB.usage_in_bytes\x00', 0x26e1, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0xfffffe51)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x2, 0x0, 0x4e20, 0x0, 0x0, 0x20, 0x0, 0x16}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @tfcpad={0x8, 0x16, 0x5}]}, 0x140}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x0)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)="bb", 0x1}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f0000000100)="178d008604bf0bfb0700", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9}, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f904", 0x11}], 0x1}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)

5.991986593s ago: executing program 1 (id=1766):
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0xf9, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000120000000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000001cb, 0x22, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_bp={0x0, 0xc}, 0x8000, 0x0, 0x80000, 0x1, 0x5, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [<r1=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=r1, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x17, 0x4c}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x27}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x28)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2042)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xf}, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='!~u&00\t&&')
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000841}, 0x0)

5.810790869s ago: executing program 3 (id=1767):
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0xf9, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000001cb, 0x22, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_bp={0x0, 0xc}, 0x8000, 0x0, 0x80000, 0x1, 0x5, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x17, 0x4c}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x27}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)}], 0x1}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000841}, 0x0)

5.805612829s ago: executing program 0 (id=1768):
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffc)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r4, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x8, @private=0xa010101}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000)
sendmsg$inet(r4, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000080)="d4", 0x1}], 0x1}, 0x8001)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r5, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x10000)

5.544963864s ago: executing program 4 (id=1770):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0xc8c4)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x12000, 0x2, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x1, 0x84)
sendmsg$nl_xfrm(r1, 0x0, 0x4040085)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8100)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0xfffffffc}, 0x10}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, 0x0, &(0x7f0000000080)=r2}, 0x20)
socket$kcm(0x11, 0x200000000000002, 0x300)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x26e1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{}], 0x1}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="043900002000ef029dd2b97576b11d210a"], 0x33fe0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b00)={&(0x7f0000000a80)=ANY=[], 0x0, 0x1a}, 0x28)
socket(0x1d, 0x2, 0x6)

5.387729185s ago: executing program 1 (id=1772):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866307d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r1, 0x0, 0x9}, 0x18)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080))
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x15, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000004000000000000df0800001a114000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018100000", @ANYRES32, @ANYBLOB="00000000000000009500000000000000180000000000000800000000040000006495c0ff00000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x91, &(0x7f0000000600)=""/145, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080)={0x3, 0xd, 0x8, 0x5}, 0x10, 0x0, r0, 0x2, 0x0, &(0x7f0000000840)=[{0x2, 0x4, 0x5, 0xf}, {0x3, 0x4, 0x4, 0x7}], 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7473be0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)

5.354272826s ago: executing program 3 (id=1773):
socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file/file0\x00', 0x408)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b0400000000000000000200000050000480240001800b000100736f636b65740000140002800800024000000003080001400000000228000180080001006e6174001c0002800800054000000003080001400000000008000240001000020900010073797a30000000000900020073797a32"], 0xa4}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="8510000000000000851000000000000085100000000000008510000008000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100", @ANYBLOB="0000000000000000b70500000800000085000000a5ffffff"], &(0x7f0000000780)='GPL\x00'}, 0x94)
syz_clone(0x26000080, &(0x7f0000000300)="62b86fd43b86a674008feaf0ed50fd5c677ce5d649e1e76f743f7ea814077ebddda0e69138513fddac260c7f3ad57c2e11bc7d5f9283f2c54b559649bc62d1afefd574dc985414ca37ac9fb94b254654", 0x50, &(0x7f0000000140), &(0x7f0000000440), 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a012500000000000000000a0000040900010073797a310000000008000540000000020900020073797a3100000000080013"], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

5.137908809s ago: executing program 4 (id=1774):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="3504000030000511d25a80648c63940d1124fc60040035400c0002000a00002037153e373f04018006041000450055d64a12f76710989a119052acaa1100da3e3b3fa6ba1eb693d93f699e37af0d43f908fa7d995a8feb85d6a4e1b691276cd9561767306b74b409ce9e71fa51bde29f19b06fb9b3ba96da0e93d5a402dc7fe462a6cc4718c94c1747fff68092705b44bb48dd2db4f3127aab13b4af05549571a6c0e03db227b65d459fa5c1232d7b62f12b65354b7e70d32998da02ae0dc28942f682d97191d0b68697bac278c34b2972ca8ed35b61ee6831c78af85c6711cd687694ce3835a98387fcdb8616524ea04449dbedb3250fb366740d6b96307e1d2f0d85dd592ca2d8c2730ad1d16eb4d87cbb48d2f7c4eb7a490aee0493ffe3b72b508c9a8eb2ec9ed353d79ed29ffed1e48bf370bfb8af11085997d38210601155ec361cd6f3577da9cc0a528a4d24ce75fbe297cb75f4b36719edd354ee6312c5527de7ea1a4233b9b0bba0ba2deac12f0257c64ceca8a0a62db179c7d9df7749da38624aab1865024e56a1b2a41e1c7e3a29c01adb31f1865bf6f44aa1e0fd6d827fbae1d57b5ff0026b580c890df83592aceb316fcd6ca200d007b786f9ae", 0x1c0}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673c", 0x275}], 0x2}, 0x44814)

5.026632197s ago: executing program 2 (id=1775):
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4}, 0x38)
perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x60d, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000ac000000ac000000030000000000000005000084040000000d00000000000000f9ffffff0e00000004000000434b00000200000001000000080000000f0000"], 0x0, 0xc7, 0x0, 0x1, 0x2}, 0x28)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2106, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d32, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x4, 0x8}, 0x100e64, 0xc78, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x4b, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x4a, 0x1, 0x0, 0x7, 0x0, 0x6, 0x2000, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x0, 0x1946}, 0x80, 0x0, 0x0, 0x8, 0x3fe, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x6, 0x4, &(0x7f0000000200)=r2, 0x21)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000040)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000801000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x2f08, 0xe, 0x0, &(0x7f0000000000)="46c33c56e981df5e1559014932a2", 0x0, 0x447, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="18000000041401002dbd7000000000000000000000000000bd4b537b9730cc55c62fef5cdd0b98df487e29966dc630ec32654cd69618a072733f4c475995392d1ebde278b04fb02d0dcd231755a1c7b730527773ad4948194151b284a1beb4b4bc91887f52ee6d742e1fd2"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010400000000000000000100000a74000000060a0b04000000000000000002000008400004803c000180080001006c6f670030000280060004400001000008000340fffffffa0a0002407d5def2e21000000080003400000000806000140000100000900010073797a30000000000900020073797a320000000008000b400000000314000000110001"], 0x9c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))

4.978990494s ago: executing program 1 (id=1776):
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000600)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}, 0x10801, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x76, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x1, 0xaea}, 0x4104, 0x2e, 0xfffffbff, 0x7, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x50, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x63, 0x1, 0x0, 0x0, 0x0, 0x100007fef, 0x20800, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={&(0x7f0000000180), 0x4}, 0x10abed, 0x2e, 0xfffffbff, 0x7, 0x3, 0x0, 0xf28, 0x0, 0x0, 0x0, 0xa9e6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x108b84, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r0, &(0x7f00000005c0)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000080), 0x1}, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b08d25a806f8c6394f90524fc602f1a99000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000e40)={0xffffffffffffffff, 0x0, 0x25, 0x1}, 0x14)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000007c0), 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000880)={{0x1}, &(0x7f0000000800), &(0x7f0000000840)='%pi6   \x00'}, 0x20)

4.82185615s ago: executing program 0 (id=1777):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd"], 0xfdef)
bpf$TOKEN_CREATE(0x24, &(0x7f00000006c0)={0x0, r0}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r3, &(0x7f0000000380)={&(0x7f0000000080)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)=""/202, 0xca}, {&(0x7f0000000240)=""/13, 0xd}], 0x2, &(0x7f0000000540)=""/163, 0xa3}, 0x100)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0)
close(r0)
socket$netlink(0x10, 0x3, 0xf)
setsockopt$sock_attach_bpf(r0, 0x10e, 0x2, &(0x7f0000000300), 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4100001c}, 0xc, &(0x7f0000000400)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0x1c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x36}]}, @NFT_MSG_DELSET={0xa8, 0xb, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x9}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x2}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_SET_USERDATA={0x45, 0xd, 0x1, 0x0, "9e4c7f6c973bc13138a24ba721f0d9246b260430ff6b3c5a73c8976d944fa199e267b377542442179cd728d1d36f65436c336fb20e1149afe9ff929f0c4458fb41"}, @NFTA_SET_USERDATA={0xb, 0xd, 0x1, 0x0, "c557a1599a6099"}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}]}, @NFT_MSG_NEWTABLE={0x12c, 0x0, 0xa, 0x5, 0x0, 0x0, {0xa}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x75, 0x6, "c011f72b7c3c244778255c6d0e23e050b0297a764920d3f008c8ee2abe60e05d6397a0683f17f31036bb9eff9da8ea29b3ce7c9952c53be0f3b4d27222fb9e335a770afa631511b2551e8025a7496ae47675c3983ffcf135b8f0be45722b8df4586647b36ee5dee02d5b7c837b6925fb3c"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x45, 0x6, "6a0a10d2fa3e2a3af80c75bb0c26cbc0e16504b21a6329454e3052a0abc64e7cc0e394222005ee2a708615ce4b548c3679c989228e4ddb087dcf1e41c40477b11b"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x218}, 0x1, 0x0, 0x0, 0x800}, 0x0)

4.79201164s ago: executing program 4 (id=1778):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0d0000000500000004000000dd0a000005000000", @ANYRES32, @ANYBLOB='\x00'/14, @ANYRES32=0x0, @ANYRES32], 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a440000000c0a010400000000000000000a00000609000200738895369b0000000900010073797a31000000001800038014000080040001800c0005400000000000000002140000001100010000000000000000000700000a"], 0x6c}, 0x1, 0x0, 0x0, 0x4000840}, 0x40)

4.219663267s ago: executing program 3 (id=1779):
socket$kcm(0x10, 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000001140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x1, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r1}, 0x20)
socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = socket$kcm(0x2c, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x11b, 0x3, &(0x7f0000000040), 0x4)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000980)={@map, 0xffffffffffffffff, 0x17, 0x34}, 0x20)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={@fallback, 0xffffffffffffffff, 0x1e, 0x32}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f00000002c0)='hugetlb.1GB.usage_in_bytes\x00', 0x26e1, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0xfffffe51)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x2, 0x0, 0x4e20, 0x0, 0x0, 0x20, 0x0, 0x16}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @tfcpad={0x8, 0x16, 0x5}]}, 0x140}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x0)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)="bb", 0x1}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f0000000100)="178d008604bf0bfb0700", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9}, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f904", 0x11}], 0x1}, 0x0)

4.012746221s ago: executing program 2 (id=1780):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x26e1, 0x0)
close(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x93, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x8, 0x0, 0x0}}, 0xfffffc80)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x8}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x420}, 0xc, &(0x7f0000000140)={&(0x7f0000000600)={0x27c, 0x12, 0x800, 0x70bd25, 0x25dfdbfb, {0x23, 0x28, 0xf, 0x1, {0x4e20, 0x4e20, [0x2, 0x8ed7, 0x9, 0x1000], [0x5, 0x7, 0x5, 0x5], r2, [0xdc8, 0xd6]}, 0x782f, 0x66}, [@INET_DIAG_REQ_BYTECODE={0x80, 0x1, "d27e5e566954abdf352d8efcedac346ed90b1e9dd237b4b1e91d8a93917eb75307ce6d04b7fd6d9c1d1478b57e53667f65ab2395536551da5ec6aefcf8327a65f9938fce3689f5d0a1b7828bb03f0da744ed77e0f5b45f6a086cabb32a4be3ed12fe32175d96526caab37712ff5c49024336c5a1d387f0f3e8eb4bf4"}, @INET_DIAG_REQ_BYTECODE={0x4a, 0x1, "d70bbd83d4ff6424606422fd8e07dce5bb64c138428ca26ca9c2032274f69b5362c7d83d71f6db4cafcc5cf8a017481e08fa28558c59673ac0546b48bd5bea688ef460318f55"}, @INET_DIAG_REQ_BYTECODE={0xd5, 0x1, "44a3098f7c1f39d27f32051b0b1f57f8daed5f847faa1f5a10be9fb03ea3c5e6ce5d4d975881e903e3bf0d7961a1d0b0abeec8e20e57ad1edc495233554a4f59d016ed9a0575e1ff292088a3cd66531c0436ef5b630aabc4a95d80f526de8db7ed0ba5d794a7d14416681cc5b4356fb8ddfd336f5212c8f824f10678b4e3e1984c9b767a172f86affda2e0530108a70c00984c2295eb8510cb60e3450c6c2a5c4a420dc4ba3a958a5c5bbebb9aa40e8faacb0701aafe2fb6f2fb9ee8260cf4be7d198bbfa65d58c5fa75cd18f1fcd0856d"}, @INET_DIAG_REQ_BYTECODE={0x44, 0x1, "183ce9922e9b2b8ff302a62ae50bbca826e170a9bd628ae60c1dc09316019dd8f1302e0593e3a490f614dd52d8a84dda98b582e081d6b42e5e5d953e5c383ed2"}, @INET_DIAG_REQ_BYTECODE={0x48, 0x1, "1da5e2e3c09bd8ca36a533340ba3da3689b5b3ea4d7ddc5b5b7e85f0d103e5e724dcd8c17ad189d13e6c930cf9d4e77efb3390bb382d46fbf96a114712099c476ffb9988"}]}, 0x27c}, 0x1, 0x0, 0x0, 0x40004}, 0x4000800)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="b40000000000f3ff7910900000000000630000200000000095000000000000008d92133deb6af19a615221a5e9c1c30b6e95cc8fea035580b99721396dc8eb6d5df6dc9e699a633176330ff919676a6af14926d2972f96f1b3b7e18b030df52a4f7a1c2f51146019dbb20ca845aa71fa9b92bea75cad145375cd89be1d82fabf57ee85c5e4129f42d848ed23f5b44542fe5be65239e37e6b198ca137e4432993b4576fa1ecf61a856a521d26758e4ddf6730903b5d22548be0ddaae1e6c1233841b2f6c7e7daef09f949ba0db2a1e1c43aba69adbed02c5d6cf115129ee07e25ca8518500d95e5e3ff3e7503dcf5347bee255eeba0f102d4c4c415eb56239c523a4dde580ed459f309797655222077a0442fb4"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
recvmsg$unix(r0, &(0x7f0000002100)={0x0, 0x0, 0x0}, 0x2100)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x1e, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000600000000000000f6ffffff18110000", @ANYRES8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000b"], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfff}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb010789005e107538e486dd6317ce22000000fffe80000000000000101000007f0600080000000000000071273fa7b49301641184a907"], 0xfdef)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
recvmsg$can_raw(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)=""/128, 0x80}, {&(0x7f0000003140)=""/4097, 0x1001}, {&(0x7f0000000540)=""/146, 0x92}, {&(0x7f0000006140)=""/4105, 0x1009}, {&(0x7f0000000980)=""/4096, 0x1000}, {&(0x7f0000000100)=""/45, 0x2d}], 0x6}, 0x40010102)
r5 = gettid()
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x15, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000d100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x8, 0x7, 0x7, 0x89, 0x0, 0xa5b, 0xb8140, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000080)}, 0x101100, 0x8, 0xd, 0x6, 0x20000000000, 0x7fff, 0x6, 0x0, 0xfffffbff, 0x0, 0x3}, r5, 0xa, r0, 0x8)

3.929321484s ago: executing program 4 (id=1781):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2, 0x4e1d, @multicast2=0xe0000018}, 0xfe3c, &(0x7f0000000000)=[{&(0x7f00000005c0)="476de32199", 0xffe4}], 0x1, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x29}, @multicast1}}}], 0x20}, 0x40004)

3.893982239s ago: executing program 2 (id=1782):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2, 0x4e1d, @multicast2=0xe0000018}, 0xfe3c, &(0x7f0000000000)=[{&(0x7f00000005c0)="476de32199", 0xffe4}], 0x1, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x29}, @multicast1}}}], 0x20}, 0x40004) (fail_nth: 1)

3.765110805s ago: executing program 0 (id=1783):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="5daa0000000000007910180000000000952000000000000062b648ab160cc5972a6d74a367f19ccad08818f6b29a42debbe04b831bacf3c6f374c24a1034c6e700ff89477aab8d45f0cc7b0483b2723b41e0bf14bb52e1d0e2d527e59b44902ad4327fe9841b1c8e8eda3f3d2fad3d8aeb71b0e6920a4b97c38b0129ded661b908c5a6d5f219a0c49bb40cee980202d2408a861f2d63044197be00265c10cd01b9c60aa4fb21a7f5e24bc3e5c989ad0bff01c2ed0e2f86f19bd5b9e1f92446a2a37bda05159e887b32f42a7aba91441616862a7573bae1f315ee488114189a860aa3be36d65e45a8c5428cc1f50b1700"/255], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008084}, 0x880)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[], 0x0, 0x36, 0x0, 0xa}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="5daa0000000000007910180000000000952000000000000062b648ab160cc5972a6d74a367f19ccad08818f6b29a42debbe04b831bacf3c6f374c24a1034c6e700ff89477aab8d45f0cc7b0483b2723b41e0bf14bb52e1d0e2d527e59b44902ad4327fe9841b1c8e8eda3f3d2fad3d8aeb71b0e6920a4b97c38b0129ded661b908c5a6d5f219a0c49bb40cee980202d2408a861f2d63044197be00265c10cd01b9c60aa4fb21a7f5e24bc3e5c989ad0bff01c2ed0e2f86f19bd5b9e1f92446a2a37bda05159e887b32f42a7aba91441616862a7573bae1f315ee488114189a860aa3be36d65e45a8c5428cc1f50b1700"/255], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008084}, 0x880) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[], 0x0, 0x36, 0x0, 0xa}, 0x28) (async)

3.55709276s ago: executing program 2 (id=1784):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10000)
r1 = perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x8000)
r2 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000480)={@fallback=r1, r0, 0x8, 0x2000}, 0x20)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4)
r3 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x890b, &(0x7f0000000000))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
socket$kcm(0xa, 0x3, 0x73)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000140081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r5, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000002140)="b9fe030768045c8c989a14f088a8702f86dd", 0x0, 0x8000009e, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.421611917s ago: executing program 0 (id=1785):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x4b}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000140)="7c003307000000000008000081001a", 0x0, 0xffedfff0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0x11, 0x200000000000002, 0x300)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x4}, 0xf242, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xd, &(0x7f0000000040)=[{&(0x7f00000004c0)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000d000000028000001294", 0x2e}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001d80)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3}, 0x0, &(0x7f0000000140)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r3, &(0x7f0000000040)}, 0x20)
socket$kcm(0x1e, 0x4, 0x0)
socket$kcm(0x10, 0x2, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b'], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x60)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x88, 0x90, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0xaba}, 0x0, 0x1, 0xffffffffffffffff, 0x4)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x42)

3.393789821s ago: executing program 4 (id=1786):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x4004010)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0xee, 0xe, 0x0, 0x7, 0x0, 0x0, 0xa01a8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_config_ext={0x8, 0x9}, 0x1000, 0xd, 0x4, 0x3, 0x0, 0xfffffffc, 0x2}, 0x0, 0xfffffffffffdffff, 0xffffffffffffffff, 0x9)
close(r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r1, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x7, 0x4, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x3f, &(0x7f0000000640)=[{}, {}], 0x10, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0x8b, 0x8, 0x8, &(0x7f0000000700)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x11, 0x1f, &(0x7f0000000340)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @ldst={0x3, 0x0, 0x3, 0x7, 0x6, 0x4, 0xfffffffffffffffc}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5ea00000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0x7b}], &(0x7f0000000100)='syzkaller\x00', 0x80000001, 0xde, &(0x7f0000000500)=""/222, 0x41100, 0x1, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0x6, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000008c0)=[r1, r1, r1, r1, r1, r1], &(0x7f0000000900)=[{0x5, 0x5, 0x5, 0xa}], 0x10, 0x7f}, 0x94)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400000000000}, 0x0, 0x0, 0x0, 0x0, 0xf60}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg(r2, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000a00)="8ba0", 0x2}, {&(0x7f0000000a40)="2077b4aa49cf440a0f521864b567a6ca7082ef8ddc90f0902d1b8b841b956a440ee824e7f437d76748485d885aaebeafacd2f3f24bd4b1c02784792e53ec56ec56cd9c9fd835cefad68cf2c9a1d987d28a0f63be0c1b7b31f737ecd928d6c8ba8dd4ac97f1663ac1a5a9ae4a489932ec3216e39693fd854b747f0164a8bf3c2e2ed5d3af52bab9b40e76dc4fc4d0aab564e8fe5d6a3a66ee7d59db02c3a91085f71b12c8e076a9e62a", 0xa9}, {&(0x7f0000000b80)="6d915f2f382524c0901ba5120dbc82e7f5dd63bd11d62b37c66361985c62cd817474a462cec08a68355d907fa002232b19dbada0d28f4b691af6fc18fbc323f29f2fd3c7e0e3ecc5fb226a9790d5dca768e3ab33a7a508177663f8ad86f74bd9a037829afc86841b77fa9be99da9d9f895abd613", 0x74}, {&(0x7f0000000b00)="81b9624b4ac61ae922a40ff1b5b32817b208b7da3cf47af4643da261aae30d659d7d17dc4d", 0x25}, {&(0x7f0000000c00)="814194ec26e09198581e977bec46852503e79cc602fe11086b659813b8a5f3eea1544e52ec6b16da690a553adf95af8326986401e96d8a7c0be74451a920ade6d869262944bf1f70855ee189e040ed9e", 0x50}], 0x5, &(0x7f0000000d00)=[{0x100, 0x119, 0x1, "6ca0a4720e300d0d6975a809c147686dbd1a21407125c9120ae7b7b060e250ec5db844414306dee27e03de66ac8a7fc2fa212f1b4d3053850ca9f701cbec92c4fcb05b493896a90801f6a58d1f05be613dfba69d9b0c2984983c7b21829ecc550cf59d252e39ad33470deb757c88bec38e1479bd5a6bd6da1b932b46a921296e2694b9874c1f96dad22e086d43cfe3f278d24fede10017bc7af517fb9da6c21489b1af6ee2f9ea8d010f879f62e117ec940aebf039543e0d9d943ce12762a28a3e5fe9da6a8d673684ee9fe5fc562940d431770937bf9361d58ffecfa0e2bc8327f238ded45614aebc617dc8e098"}, {0x90, 0x84, 0x7, "115bbe49bb2ddb606d32b63f0c72489d81fef3d3f56bd3a526587acc49d7eb9ae1150c9a6ffc090d176b6569daa411fb29ee7d4aaee52ec46c5e1ded017f340cb851b33021663e8e39d770f3ecf8e6b86e0a06613b31db101ed8b31ff2491ca12314bf8603c8ebe85ecd70142ffa3b62a9bdfd0c3d28b0d9118edd920391f6bf"}], 0x190}, 0x20040800)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d0505040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e0700000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})

3.306686761s ago: executing program 2 (id=1787):
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$tipc(r0, 0x0, 0x20000040)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x0, 0x21}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000069105a000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x5, 0x8, 0x0, 0x6, 0x2118}, 0x0, 0xb, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x3, 0x0, 0x0)
r1 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80}, 0x10000)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fa, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3, 0x830d}, 0x0, 0x2, 0xfffffffe}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe00}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f00000005c0)=r1, 0x12)

138.668139ms ago: executing program 3 (id=1788):
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffc)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r4, &(0x7f00000006c0)={&(0x7f0000000040)={0x2, 0x8, @private=0xa010101}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="e0", 0x1}], 0x1}, 0xc000)
sendmsg$inet(r4, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000080)="d4", 0x1}], 0x1}, 0x8001)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r5, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x10000)

109.137653ms ago: executing program 1 (id=1789):
socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file/file0\x00', 0x408)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b0400000000000000000200000050000480240001800b000100736f636b65740000140002800800024000000003080001400000000228000180080001006e6174001c0002800800054000000003080001400000000008000240001000020900010073797a30000000000900020073797a32"], 0xa4}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="8510000000000000851000000000000085100000000000008510000008000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100", @ANYBLOB="0000000000000000b70500000800000085000000a5ffffff"], &(0x7f0000000780)='GPL\x00'}, 0x94)
syz_clone(0x26000080, &(0x7f0000000300)="62b86fd43b86a674008feaf0ed50fd5c677ce5d649e1e76f743f7ea814077ebddda0e69138513fddac260c7f3ad57c2e11bc7d5f9283f2c54b559649bc62d1afefd574dc985414ca37ac9fb94b254654", 0x50, &(0x7f0000000140), &(0x7f0000000440), 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a012500000000000000000a0000040900010073797a310000000008000540000000020900020073797a3100000000080013"], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

103.494667ms ago: executing program 4 (id=1790):
socket$kcm(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x6, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x2, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
r3 = socket$kcm(0x11, 0x2, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{}, 0x0, 0x0}, 0x20)
sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xc00, 0xe}, 0x80, &(0x7f0000002540)=[{&(0x7f00000006c0)='b', 0x10}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x10558, 0x2, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x6}]}, &(0x7f0000000180)='syzkaller\x00', 0x3, 0xd2, &(0x7f00000002c0)=""/210}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r5 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x24000059)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)

44.916473ms ago: executing program 2 (id=1791):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000088500000087000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="000000000000000000000000006e8f9d13af2fbb0a8519187605000000000000e1359ede3e98d0505cd6879631ef41900415aa34cfd1f1e71ae0f1990db8c70943dd20dff08a465e26e150ec632a203cea29b064f30d877ccc5d7be794fb0ea3313e89d1150be7312abd65cc890587fb82e751ba4654f2aaa4b41f54bad281e76938a05e0163992928eed8abdd9d3209de6cd8992bffd57c11e1da1459a2965c40a0267c99c928ae6caf137cdc8d495d0df7704abe22572b8cf6ba984e5f39733a3601b79dbd6dd6cff7d068fdce1a060c7392e219058952b9d9356e91d3489d5bf2b4cf3b05a7fc4fc683503c154aeb37475169e4c1cb11067519aa5024ab68924ab370", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0xbb, 0x1, 0x0, 0x0, 0x0, 0xe4b8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x2980, 0x2, 0xe, 0x4, 0x1, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair(0x28, 0x5, 0x28, &(0x7f0000000280))
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
sendmsg$inet(r3, &(0x7f0000001680)={&(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000000)="660e9b", 0x3}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="20000000000000008400000002000000050009"], 0x20}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
close(0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x39)
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)

0s ago: executing program 0 (id=1792):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (fail_nth: 10)

kernel console output (not intermixed with test programs):

+0x205/0x470
[  153.265840][ T6751]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  153.265866][ T6751]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  153.265906][ T6751]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.265940][ T6751]  netlink_unicast+0x82f/0x9e0
[  153.265973][ T6751]  ? __pfx_netlink_unicast+0x10/0x10
[  153.266000][ T6751]  ? netlink_sendmsg+0x642/0xb30
[  153.266022][ T6751]  ? skb_put+0x11b/0x210
[  153.266057][ T6751]  netlink_sendmsg+0x805/0xb30
[  153.266094][ T6751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.266123][ T6751]  ? aa_sock_msg_perm+0xf1/0x1d0
[  153.266158][ T6751]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.266183][ T6751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.266208][ T6751]  __sock_sendmsg+0x219/0x270
[  153.266252][ T6751]  sock_write_iter+0x279/0x360
[  153.266288][ T6751]  ? __pfx_sock_write_iter+0x10/0x10
[  153.266316][ T6751]  ? perf_trace_lock+0xec/0x3b0
[  153.266363][ T6751]  ? bpf_lsm_file_permission+0x9/0x20
[  153.266385][ T6751]  ? security_file_permission+0x75/0x290
[  153.266423][ T6751]  vfs_write+0x5c9/0xb30
[  153.266456][ T6751]  ? __pfx_sock_write_iter+0x10/0x10
[  153.266488][ T6751]  ? __pfx_vfs_write+0x10/0x10
[  153.266538][ T6751]  ? __fget_files+0x2a/0x420
[  153.266581][ T6751]  ksys_write+0x145/0x250
[  153.266611][ T6751]  ? __pfx_ksys_write+0x10/0x10
[  153.266634][ T6751]  ? rcu_is_watching+0x15/0xb0
[  153.266667][ T6751]  ? do_syscall_64+0xbe/0x3b0
[  153.266701][ T6751]  do_syscall_64+0xfa/0x3b0
[  153.266722][ T6751]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.266744][ T6751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.266765][ T6751]  ? clear_bhb_loop+0x60/0xb0
[  153.266792][ T6751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.266818][ T6751] RIP: 0033:0x7fe461f8eec9
[  153.266845][ T6751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.266862][ T6751] RSP: 002b:00007fe462e19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  153.266883][ T6751] RAX: ffffffffffffffda RBX: 00007fe4621e5fa0 RCX: 00007fe461f8eec9
[  153.266898][ T6751] RDX: 000000000000fe33 RSI: 0000200000000580 RDI: 0000000000000003
[  153.266911][ T6751] RBP: 00007fe462e19090 R08: 0000000000000000 R09: 0000000000000000
[  153.266923][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.266935][ T6751] R13: 00007fe4621e6038 R14: 00007fe4621e5fa0 R15: 00007ffdb62f6438
[  153.266973][ T6751]  </TASK>
[  153.268036][ T6748] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.220'.
[  153.824451][ T6759] unsupported nla_type 52263
[  153.874632][ T6753] netlink: 'syz.2.220': attribute type 29 has an invalid length.
[  153.951505][ T3489] wlan1: Trigger new scan to find an IBSS to join
[  154.137940][ T6766] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.225'.
[  154.252487][ T6773] netlink: 132 bytes leftover after parsing attributes in process `syz.3.227'.
[  154.932109][ T3489] wlan1: Creating new IBSS network, BSSID e2:69:b2:31:fa:b3
[  155.187469][ T6784] validate_nla: 2 callbacks suppressed
[  155.187506][ T6784] netlink: 'syz.2.231': attribute type 3 has an invalid length.
[  155.272393][ T6784] netlink: 132 bytes leftover after parsing attributes in process `syz.2.231'.
[  155.452422][ T6788] netlink: 60 bytes leftover after parsing attributes in process `syz.3.233'.
[  158.128706][ T6814] netlink: 'syz.2.241': attribute type 29 has an invalid length.
[  158.176672][ T6814] netlink: 'syz.2.241': attribute type 29 has an invalid length.
[  158.213105][ T6814] __nla_validate_parse: 4 callbacks suppressed
[  158.213138][ T6814] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.241'.
[  158.258102][ T6813] netlink: 'syz.0.240': attribute type 21 has an invalid length.
[  158.286693][ T6813] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.240'.
[  158.300425][ T6814] netlink: 'syz.2.241': attribute type 29 has an invalid length.
[  158.413339][ T6818] netlink: 'syz.4.242': attribute type 29 has an invalid length.
[  158.436098][ T6818] netlink: 'syz.4.242': attribute type 29 has an invalid length.
[  158.449593][ T6818] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.242'.
[  158.480893][ T6819] netlink: 'syz.2.241': attribute type 29 has an invalid length.
[  158.877716][ T6824] FAULT_INJECTION: forcing a failure.
[  158.877716][ T6824] name failslab, interval 1, probability 0, space 0, times 0
[  158.902359][ T6824] CPU: 1 UID: 0 PID: 6824 Comm: syz.0.243 Not tainted syzkaller #0 PREEMPT(full) 
[  158.902389][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  158.902402][ T6824] Call Trace:
[  158.902425][ T6824]  <TASK>
[  158.902449][ T6824]  dump_stack_lvl+0x189/0x250
[  158.902518][ T6824]  ? __pfx____ratelimit+0x10/0x10
[  158.902582][ T6824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.902651][ T6824]  ? __pfx__printk+0x10/0x10
[  158.902785][ T6824]  ? fs_reclaim_acquire+0x7d/0x100
[  158.902845][ T6824]  ? __pfx___might_resched+0x10/0x10
[  158.902868][ T6824]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  158.902985][ T6824]  should_fail_ex+0x414/0x560
[  158.903156][ T6824]  should_failslab+0xa8/0x100
[  158.903249][ T6824]  __kmalloc_noprof+0xcb/0x4f0
[  158.903298][ T6824]  ? bpf_test_init+0x9f/0x150
[  158.903404][ T6824]  bpf_test_init+0x9f/0x150
[  158.903515][ T6824]  bpf_prog_test_run_flow_dissector+0x1e1/0x5c0
[  158.903742][ T6824]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  158.903831][ T6824]  ? __fget_files+0x2a/0x420
[  158.903924][ T6824]  ? __fget_files+0x2a/0x420
[  158.903959][ T6824]  ? __fget_files+0x3a0/0x420
[  158.903993][ T6824]  ? __fget_files+0x2a/0x420
[  158.904127][ T6824]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  158.904193][ T6824]  bpf_prog_test_run+0x2c7/0x340
[  158.904298][ T6824]  __sys_bpf+0x562/0x860
[  158.904388][ T6824]  ? __pfx___sys_bpf+0x10/0x10
[  158.904657][ T6824]  ? do_syscall_64+0xb7/0x3b0
[  158.904725][ T6824]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  158.904778][ T6824]  ? __pfx_ksys_write+0x10/0x10
[  158.904799][ T6824]  ? rcu_is_watching+0x15/0xb0
[  158.904961][ T6824]  __x64_sys_bpf+0x7c/0x90
[  158.905039][ T6824]  do_syscall_64+0xfa/0x3b0
[  158.905072][ T6824]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.905113][ T6824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.905142][ T6824]  ? clear_bhb_loop+0x60/0xb0
[  158.905231][ T6824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.905254][ T6824] RIP: 0033:0x7f8b5f78eec9
[  158.905295][ T6824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.905310][ T6824] RSP: 002b:00007f8b6064e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  158.905329][ T6824] RAX: ffffffffffffffda RBX: 00007f8b5f9e5fa0 RCX: 00007f8b5f78eec9
[  158.905342][ T6824] RDX: 0000000000000050 RSI: 0000200000000500 RDI: 000000000000000a
[  158.905353][ T6824] RBP: 00007f8b6064e090 R08: 0000000000000000 R09: 0000000000000000
[  158.905364][ T6824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.905374][ T6824] R13: 00007f8b5f9e6038 R14: 00007f8b5f9e5fa0 R15: 00007ffebdc1a638
[  158.905633][ T6824]  </TASK>
[  160.528699][ T6818] netlink: 'syz.4.242': attribute type 29 has an invalid length.
[  160.706330][ T6841] netlink: 'syz.3.248': attribute type 3 has an invalid length.
[  160.728946][ T6841] netlink: 132 bytes leftover after parsing attributes in process `syz.3.248'.
[  160.925519][ T6845] IPv6: Can't replace route, no match found
[  161.086859][ T6843] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  161.089934][  T142] wlan1: Selected IBSS BSSID e2:69:b2:31:fa:b3 based on configured SSID
[  161.309431][ T6857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.253'.
[  161.752757][ T6861] IPv6: Can't replace route, no match found
[  161.812424][ T6866] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  161.815022][  T142] wlan1: Selected IBSS BSSID 82:2a:90:b0:1f:dc based on configured SSID
[  162.095308][ T6869] IPv6: Can't replace route, no match found
[  162.845388][ T6869] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  162.857152][ T3489] wlan1: Selected IBSS BSSID 4e:cf:6a:91:67:3f based on configured SSID
[  162.923287][ T6877] netlink: 'syz.1.260': attribute type 29 has an invalid length.
[  162.955540][ T6880] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.260'.
[  162.967518][ T6891] netlink: 'syz.4.262': attribute type 3 has an invalid length.
[  162.987293][ T6891] netlink: 132 bytes leftover after parsing attributes in process `syz.4.262'.
[  163.093587][ T6879] netlink: 'syz.1.260': attribute type 29 has an invalid length.
[  163.170733][ T6881] netlink: 'syz.1.260': attribute type 29 has an invalid length.
[  163.633946][ T6902] FAULT_INJECTION: forcing a failure.
[  163.633946][ T6902] name failslab, interval 1, probability 0, space 0, times 0
[  163.660516][ T6902] CPU: 0 UID: 0 PID: 6902 Comm: syz.1.265 Not tainted syzkaller #0 PREEMPT(full) 
[  163.660547][ T6902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  163.660560][ T6902] Call Trace:
[  163.660569][ T6902]  <TASK>
[  163.660578][ T6902]  dump_stack_lvl+0x189/0x250
[  163.660613][ T6902]  ? __pfx____ratelimit+0x10/0x10
[  163.660636][ T6902]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.660665][ T6902]  ? __pfx__printk+0x10/0x10
[  163.660694][ T6902]  ? __pfx___might_resched+0x10/0x10
[  163.660738][ T6902]  should_fail_ex+0x414/0x560
[  163.660777][ T6902]  should_failslab+0xa8/0x100
[  163.660810][ T6902]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  163.660840][ T6902]  ? __alloc_skb+0x112/0x2d0
[  163.660871][ T6902]  __alloc_skb+0x112/0x2d0
[  163.660902][ T6902]  __ip_append_data+0x2dae/0x40c0
[  163.660964][ T6902]  ? __pfx_udplite_getfrag+0x10/0x10
[  163.661029][ T6902]  ? __pfx___ip_append_data+0x10/0x10
[  163.661078][ T6902]  ip_append_data+0x10e/0x190
[  163.661115][ T6902]  ? __pfx_udplite_getfrag+0x10/0x10
[  163.661153][ T6902]  udp_sendmsg+0x541/0x2170
[  163.661186][ T6902]  ? is_bpf_text_address+0x26/0x2b0
[  163.661218][ T6902]  ? __pfx_trace_call_bpf+0x10/0x10
[  163.661250][ T6902]  ? __pfx_udplite_getfrag+0x10/0x10
[  163.661288][ T6902]  ? __pfx_udp_sendmsg+0x10/0x10
[  163.661329][ T6902]  ? perf_trace_preemptirq_template+0x280/0x340
[  163.661367][ T6902]  ? trace_call_bpf+0xc7/0xb50
[  163.661402][ T6902]  ? irqentry_exit+0x74/0x90
[  163.661424][ T6902]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.661474][ T6902]  udpv6_sendmsg+0x90d/0x24b0
[  163.661523][ T6902]  ? __pfx_udplite_getfrag+0x10/0x10
[  163.661563][ T6902]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  163.661604][ T6902]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  163.661628][ T6902]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  163.661694][ T6902]  ? inet_send_prepare+0x5c/0x270
[  163.661740][ T6902]  ? inet6_sendmsg+0xe4/0x120
[  163.661771][ T6902]  __sock_sendmsg+0xe5/0x270
[  163.661809][ T6902]  ____sys_sendmsg+0x505/0x830
[  163.661845][ T6902]  ? __pfx_____sys_sendmsg+0x10/0x10
[  163.661888][ T6902]  ? import_iovec+0x74/0xa0
[  163.661920][ T6902]  ___sys_sendmsg+0x21f/0x2a0
[  163.661951][ T6902]  ? __pfx____sys_sendmsg+0x10/0x10
[  163.662010][ T6902]  ? __fget_files+0x2a/0x420
[  163.662059][ T6902]  ? __fget_files+0x2a/0x420
[  163.662087][ T6902]  ? __fget_files+0x3a0/0x420
[  163.662133][ T6902]  __x64_sys_sendmsg+0x19b/0x260
[  163.662166][ T6902]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  163.662230][ T6902]  do_syscall_64+0xfa/0x3b0
[  163.662256][ T6902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.662276][ T6902]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  163.662298][ T6902]  ? clear_bhb_loop+0x60/0xb0
[  163.662325][ T6902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.662346][ T6902] RIP: 0033:0x7f7c3c58eec9
[  163.662367][ T6902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.662385][ T6902] RSP: 002b:00007f7c3d3e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  163.662407][ T6902] RAX: ffffffffffffffda RBX: 00007f7c3c7e6090 RCX: 00007f7c3c58eec9
[  163.662422][ T6902] RDX: 0000000004000084 RSI: 0000200000000200 RDI: 0000000000000004
[  163.662436][ T6902] RBP: 00007f7c3d3e5090 R08: 0000000000000000 R09: 0000000000000000
[  163.662448][ T6902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  163.662460][ T6902] R13: 00007f7c3c7e6128 R14: 00007f7c3c7e6090 R15: 00007fffbc0c5e08
[  163.662499][ T6902]  </TASK>
[  164.594998][ T6916] netlink: 'syz.0.269': attribute type 21 has an invalid length.
[  164.603407][ T6916] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.269'.
[  164.712756][ T6922] netlink: 'syz.1.271': attribute type 21 has an invalid length.
[  164.732579][ T6922] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.271'.
[  165.659577][ T6907] netlink: 60 bytes leftover after parsing attributes in process `syz.3.266'.
[  165.860681][ T6938] netlink: 'syz.0.274': attribute type 3 has an invalid length.
[  165.898355][ T6939] netlink: 'syz.1.275': attribute type 29 has an invalid length.
[  165.911869][ T6938] netlink: 132 bytes leftover after parsing attributes in process `syz.0.274'.
[  165.957278][ T6939] netlink: 'syz.1.275': attribute type 29 has an invalid length.
[  166.044583][ T6939] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.275'.
[  166.125062][ T6946] netlink: 'syz.1.275': attribute type 29 has an invalid length.
[  166.176212][ T6940] IPv6: Can't replace route, no match found
[  166.396186][ T6940] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  166.410091][ T6946] netlink: 'syz.1.275': attribute type 29 has an invalid length.
[  168.318615][ T6998] netlink: 'syz.0.292': attribute type 29 has an invalid length.
[  168.369533][ T6993] netlink: 'syz.0.292': attribute type 29 has an invalid length.
[  168.389350][ T6993] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.292'.
[  168.406064][ T6993] netlink: 'syz.0.292': attribute type 29 has an invalid length.
[  168.434525][ T6993] netlink: 'syz.0.292': attribute type 29 has an invalid length.
[  170.455694][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  171.813777][ T7065] netlink: 596 bytes leftover after parsing attributes in process `syz.3.312'.
[  172.085263][ T7078] netlink: 'syz.2.316': attribute type 28 has an invalid length.
[  172.120322][ T7078] netlink: 'syz.2.316': attribute type 29 has an invalid length.
[  172.149023][ T7078] netlink: 132 bytes leftover after parsing attributes in process `syz.2.316'.
[  172.264316][ T7082] netlink: 'syz.4.314': attribute type 21 has an invalid length.
[  172.274429][ T7082] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.314'.
[  174.074033][ T7123] FAULT_INJECTION: forcing a failure.
[  174.074033][ T7123] name failslab, interval 1, probability 0, space 0, times 0
[  174.087803][ T7123] CPU: 0 UID: 0 PID: 7123 Comm: syz.4.327 Not tainted syzkaller #0 PREEMPT(full) 
[  174.087831][ T7123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  174.087844][ T7123] Call Trace:
[  174.087853][ T7123]  <TASK>
[  174.087862][ T7123]  dump_stack_lvl+0x189/0x250
[  174.087895][ T7123]  ? __pfx____ratelimit+0x10/0x10
[  174.087918][ T7123]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.087946][ T7123]  ? __pfx__printk+0x10/0x10
[  174.087972][ T7123]  ? __pfx___might_resched+0x10/0x10
[  174.087995][ T7123]  ? fs_reclaim_acquire+0x7d/0x100
[  174.088032][ T7123]  should_fail_ex+0x414/0x560
[  174.088069][ T7123]  should_failslab+0xa8/0x100
[  174.088101][ T7123]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  174.088129][ T7123]  ? __alloc_skb+0x112/0x2d0
[  174.088157][ T7123]  __alloc_skb+0x112/0x2d0
[  174.088186][ T7123]  netlink_ack+0x146/0xa50
[  174.088207][ T7123]  ? kasan_quarantine_put+0xdd/0x220
[  174.088241][ T7123]  ? kfree+0x18e/0x440
[  174.088272][ T7123]  nfnetlink_rcv+0x2290/0x2520
[  174.088341][ T7123]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  174.088392][ T7123]  ? ref_tracker_free+0x63a/0x7d0
[  174.088456][ T7123]  ? __netlink_deliver_tap+0x807/0x850
[  174.088480][ T7123]  ? netlink_deliver_tap+0x2e/0x1b0
[  174.088524][ T7123]  netlink_unicast+0x82f/0x9e0
[  174.088555][ T7123]  ? __pfx_netlink_unicast+0x10/0x10
[  174.088574][ T7123]  ? netlink_sendmsg+0x642/0xb30
[  174.088592][ T7123]  ? skb_put+0x11b/0x210
[  174.088620][ T7123]  netlink_sendmsg+0x805/0xb30
[  174.088664][ T7123]  ? __pfx_netlink_sendmsg+0x10/0x10
[  174.088692][ T7123]  ? aa_sock_msg_perm+0xf1/0x1d0
[  174.088726][ T7123]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  174.088746][ T7123]  ? __pfx_netlink_sendmsg+0x10/0x10
[  174.088771][ T7123]  __sock_sendmsg+0x219/0x270
[  174.088808][ T7123]  ____sys_sendmsg+0x505/0x830
[  174.088842][ T7123]  ? __pfx_____sys_sendmsg+0x10/0x10
[  174.088880][ T7123]  ? import_iovec+0x74/0xa0
[  174.088910][ T7123]  ___sys_sendmsg+0x21f/0x2a0
[  174.088940][ T7123]  ? __pfx____sys_sendmsg+0x10/0x10
[  174.089008][ T7123]  ? __fget_files+0x2a/0x420
[  174.089037][ T7123]  ? __fget_files+0x3a0/0x420
[  174.089078][ T7123]  __x64_sys_sendmsg+0x19b/0x260
[  174.089109][ T7123]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  174.089148][ T7123]  ? __pfx_ksys_write+0x10/0x10
[  174.089171][ T7123]  ? rcu_is_watching+0x15/0xb0
[  174.089202][ T7123]  ? do_syscall_64+0xbe/0x3b0
[  174.089230][ T7123]  do_syscall_64+0xfa/0x3b0
[  174.089252][ T7123]  ? lockdep_hardirqs_on+0x9c/0x150
[  174.089274][ T7123]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.089295][ T7123]  ? clear_bhb_loop+0x60/0xb0
[  174.089320][ T7123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.089340][ T7123] RIP: 0033:0x7fe461f8eec9
[  174.089359][ T7123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.089377][ T7123] RSP: 002b:00007fe462e19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  174.089399][ T7123] RAX: ffffffffffffffda RBX: 00007fe4621e5fa0 RCX: 00007fe461f8eec9
[  174.089414][ T7123] RDX: 0000000000000080 RSI: 0000200000000c40 RDI: 0000000000000003
[  174.089427][ T7123] RBP: 00007fe462e19090 R08: 0000000000000000 R09: 0000000000000000
[  174.089439][ T7123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  174.089451][ T7123] R13: 00007fe4621e6038 R14: 00007fe4621e5fa0 R15: 00007ffdb62f6438
[  174.089485][ T7123]  </TASK>
[  174.690041][ T7134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.332'.
[  174.700500][ T7134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.332'.
[  174.713628][ T7134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.332'.
[  174.867420][ T7132] netlink: 'syz.4.331': attribute type 21 has an invalid length.
[  174.882072][ T7132] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.331'.
[  175.276992][ T7147] netlink: 28 bytes leftover after parsing attributes in process `syz.1.334'.
[  175.287823][ T7147] netlink: 28 bytes leftover after parsing attributes in process `syz.1.334'.
[  175.670943][ T7154] netlink: 'syz.4.337': attribute type 21 has an invalid length.
[  175.692019][ T7154] netlink: 132 bytes leftover after parsing attributes in process `syz.4.337'.
[  175.770993][ T7159] IPv6: Can't replace route, no match found
[  176.217742][ T7172] tc_dump_action: action bad kind
[  176.748321][ T7179] netlink: 'syz.4.343': attribute type 29 has an invalid length.
[  176.760155][ T7179] netlink: 'syz.4.343': attribute type 29 has an invalid length.
[  177.000109][ T7182] netlink: 'syz.3.344': attribute type 21 has an invalid length.
[  177.051868][ T7182] __nla_validate_parse: 1 callbacks suppressed
[  177.051916][ T7182] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.344'.
[  177.172441][ T7189] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.345'.
[  177.745855][ T7202] netlink: 'syz.2.349': attribute type 3 has an invalid length.
[  177.806599][ T7202] netlink: 132 bytes leftover after parsing attributes in process `syz.2.349'.
[  177.853903][ T7210] IPv6: Can't replace route, no match found
[  178.176483][ T7220] netlink: 14207 bytes leftover after parsing attributes in process `syz.4.352'.
[  178.494563][ T7218] IPv6: Can't replace route, no match found
[  178.775617][ T7230] netlink: 'syz.4.355': attribute type 3 has an invalid length.
[  178.813504][ T7230] netlink: 132 bytes leftover after parsing attributes in process `syz.4.355'.
[  179.477777][ T7245] netlink: 104 bytes leftover after parsing attributes in process `syz.0.361'.
[  179.592576][ T7233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.357'.
[  180.046806][ T7252] netlink: 48 bytes leftover after parsing attributes in process `syz.1.363'.
[  180.206253][ T7245] netlink: 28 bytes leftover after parsing attributes in process `syz.0.361'.
[  180.255663][ T7245] netlink: 28 bytes leftover after parsing attributes in process `syz.0.361'.
[  180.476215][ T7256] netlink: 'syz.3.365': attribute type 3 has an invalid length.
[  181.133928][ T7268] netlink: 'syz.2.368': attribute type 3 has an invalid length.
[  182.986406][ T7285] __nla_validate_parse: 3 callbacks suppressed
[  182.986433][ T7285] netlink: 104 bytes leftover after parsing attributes in process `syz.3.369'.
[  183.659224][ T7291] IPv6: Can't replace route, no match found
[  183.776467][ T7290] netlink: 'syz.4.372': attribute type 21 has an invalid length.
[  183.801513][ T7290] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.372'.
[  185.246625][ T7282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.370'.
[  185.256103][ T7282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.370'.
[  185.276867][ T7292] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  185.279663][   T13] wlan1: Selected IBSS BSSID 82:2a:90:b0:1f:dc based on configured SSID
[  185.523071][ T7298] netlink: 'syz.2.375': attribute type 29 has an invalid length.
[  185.559789][ T7298] netlink: 'syz.2.375': attribute type 29 has an invalid length.
[  185.579811][ T7298] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.375'.
[  185.593828][ T7298] netlink: 'syz.2.375': attribute type 29 has an invalid length.
[  185.668701][ T7298] netlink: 'syz.2.375': attribute type 29 has an invalid length.
[  186.350732][ T7318] netlink: 'syz.4.380': attribute type 3 has an invalid length.
[  186.360383][ T7318] netlink: 132 bytes leftover after parsing attributes in process `syz.4.380'.
[  186.665062][ T7321] netlink: 'syz.2.381': attribute type 3 has an invalid length.
[  186.694550][ T7324] netlink: 'syz.3.382': attribute type 29 has an invalid length.
[  186.722854][ T7321] netlink: 132 bytes leftover after parsing attributes in process `syz.2.381'.
[  186.770858][ T7329] netlink: 'syz.4.383': attribute type 3 has an invalid length.
[  186.775515][ T7324] netlink: 'syz.3.382': attribute type 29 has an invalid length.
[  186.779633][ T7329] netlink: 132 bytes leftover after parsing attributes in process `syz.4.383'.
[  186.859096][ T7324] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.382'.
[  187.798539][ T7347] netlink: 28 bytes leftover after parsing attributes in process `syz.0.387'.
[  188.316237][ T7359] __nla_validate_parse: 2 callbacks suppressed
[  188.316291][ T7359] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.389'.
[  188.407687][ T7363] IPv6: Can't replace route, no match found
[  188.448856][ T7363] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  188.458562][ T3173] wlan1: Selected IBSS BSSID 4e:cf:6a:91:67:3f based on configured SSID
[  191.138067][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  191.229898][ T7398] validate_nla: 3 callbacks suppressed
[  191.229934][ T7398] netlink: 'syz.1.400': attribute type 3 has an invalid length.
[  191.255994][ T7398] netlink: 132 bytes leftover after parsing attributes in process `syz.1.400'.
[  191.269899][ T7395] IPv6: Can't replace route, no match found
[  191.298123][ T7395] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  191.410684][ T7402] IPv6: Can't replace route, no match found
[  191.726436][ T7410] netlink: 'syz.4.403': attribute type 21 has an invalid length.
[  191.793290][ T7410] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.403'.
[  192.332138][ T7425] netlink: 'syz.4.406': attribute type 29 has an invalid length.
[  192.376856][ T7425] netlink: 'syz.4.406': attribute type 29 has an invalid length.
[  192.394895][ T7412] netlink: 596 bytes leftover after parsing attributes in process `syz.1.404'.
[  192.465354][ T7425] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.406'.
[  192.574311][ T7430] netlink: 'syz.4.406': attribute type 29 has an invalid length.
[  192.696788][ T7430] netlink: 'syz.4.406': attribute type 29 has an invalid length.
[  194.106668][ T7436] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  194.125339][   T13] wlan1: Selected IBSS BSSID 82:2a:90:b0:1f:dc based on configured SSID
[  194.807306][ T7447] IPv6: Can't replace route, no match found
[  194.929504][ T7458] netlink: 12 bytes leftover after parsing attributes in process `syz.2.411'.
[  195.025493][ T7447] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  195.025720][   T13] wlan1: Trigger new scan to find an IBSS to join
[  195.045553][ T3577] wlan1: Selected IBSS BSSID 4e:cf:6a:91:67:3f based on configured SSID
[  195.877544][ T7468] netlink: 'syz.1.419': attribute type 29 has an invalid length.
[  195.914599][ T7468] netlink: 'syz.1.419': attribute type 29 has an invalid length.
[  195.955116][ T7468] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.419'.
[  196.003769][ T7468] netlink: 'syz.1.419': attribute type 29 has an invalid length.
[  196.240206][ T7468] netlink: 'syz.1.419': attribute type 29 has an invalid length.
[  196.696982][ T7480] netlink: 'syz.4.422': attribute type 29 has an invalid length.
[  196.706641][ T7464] netlink: 596 bytes leftover after parsing attributes in process `syz.3.417'.
[  196.787206][ T7482] netlink: 'syz.4.422': attribute type 29 has an invalid length.
[  197.124498][ T7492] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  197.164706][ T7480] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.422'.
[  197.240999][ T7480] netlink: 'syz.4.422': attribute type 29 has an invalid length.
[  197.527201][ T7494] netlink: 'syz.4.422': attribute type 29 has an invalid length.
[  198.079283][ T7502] netlink: 'syz.0.428': attribute type 3 has an invalid length.
[  198.087809][ T7502] netlink: 132 bytes leftover after parsing attributes in process `syz.0.428'.
[  198.277209][ T7505] IPv6: Can't replace route, no match found
[  198.387360][ T7505] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  198.396920][   T13] wlan1: Selected IBSS BSSID 82:2a:90:b0:1f:dc based on configured SSID
[  198.558586][ T7509] IPv6: Can't replace route, no match found
[  198.665908][ T7512] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  198.899655][ T7523] netlink: 100 bytes leftover after parsing attributes in process `syz.3.435'.
[  198.959895][ T7525] netlink: 36 bytes leftover after parsing attributes in process `syz.2.436'.
[  199.080634][ T7523] : entered promiscuous mode
[  199.223981][ T7529] netlink: 24 bytes leftover after parsing attributes in process `syz.0.437'.
[  199.261529][ T7529] netlink: 24 bytes leftover after parsing attributes in process `syz.0.437'.
[  199.309483][ T7529] netlink: 24 bytes leftover after parsing attributes in process `syz.0.437'.
[  199.550770][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  199.557275][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  200.009516][ T7550] netlink: 'syz.1.442': attribute type 29 has an invalid length.
[  200.108445][ T7548] netlink: 'syz.1.442': attribute type 29 has an invalid length.
[  200.155418][ T7550] __nla_validate_parse: 4 callbacks suppressed
[  200.155438][ T7550] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.442'.
[  200.192186][ T7548] netlink: 'syz.1.442': attribute type 29 has an invalid length.
[  200.278382][ T7548] netlink: 'syz.1.442': attribute type 29 has an invalid length.
[  200.301997][ T7557] IPv6: Can't replace route, no match found
[  200.699514][ T7567] netlink: 12 bytes leftover after parsing attributes in process `syz.2.457'.
[  200.817496][ T7565] IPv6: Can't replace route, no match found
[  200.828015][ T7566] netlink: 12 bytes leftover after parsing attributes in process `syz.3.446'.
[  200.904842][ T7570] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  201.480131][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  202.004297][ T7586] netlink: 'syz.3.451': attribute type 29 has an invalid length.
[  202.046260][ T7586] netlink: 'syz.3.451': attribute type 29 has an invalid length.
[  202.114136][ T7586] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.451'.
[  202.186288][ T7591] netlink: 'syz.3.451': attribute type 29 has an invalid length.
[  202.432653][ T7597] netlink: 'syz.4.455': attribute type 3 has an invalid length.
[  202.553438][ T7597] netlink: 132 bytes leftover after parsing attributes in process `syz.4.455'.
[  202.562747][ T7591] netlink: 'syz.3.451': attribute type 29 has an invalid length.
[  202.981964][ T3173] wlan1: Trigger new scan to find an IBSS to join
[  203.447131][ T7614] netlink: 'syz.0.462': attribute type 29 has an invalid length.
[  203.460979][ T7616] netlink: 'syz.0.462': attribute type 29 has an invalid length.
[  203.588149][ T7618] netlink: 'syz.1.463': attribute type 3 has an invalid length.
[  203.602686][ T7614] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.462'.
[  203.612714][ T7618] netlink: 132 bytes leftover after parsing attributes in process `syz.1.463'.
[  203.653667][ T7614] netlink: 'syz.0.462': attribute type 29 has an invalid length.
[  203.794844][ T7622] netlink: 'syz.0.462': attribute type 29 has an invalid length.
[  203.842513][ T7621] IPv6: Can't replace route, no match found
[  203.882389][ T7623] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  205.117519][ T7635] IPv6: Can't replace route, no match found
[  205.151377][ T7635] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  205.839891][ T7638] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.469'.
[  206.357162][ T7644] netlink: 12 bytes leftover after parsing attributes in process `syz.1.471'.
[  206.840613][ T7663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.475'.
[  207.208395][ T7669] validate_nla: 1 callbacks suppressed
[  207.208434][ T7669] netlink: 'syz.4.478': attribute type 3 has an invalid length.
[  207.311545][ T7669] netlink: 132 bytes leftover after parsing attributes in process `syz.4.478'.
[  207.351515][ T7673] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  207.494132][ T7679] netlink: 'syz.2.479': attribute type 3 has an invalid length.
[  207.573441][ T7679] netlink: 132 bytes leftover after parsing attributes in process `syz.2.479'.
[  207.942781][   T13] wlan1: Trigger new scan to find an IBSS to join
[  208.342885][ T7695] netlink: 'syz.1.486': attribute type 21 has an invalid length.
[  208.383894][ T7695] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.486'.
[  209.180552][   T49] wlan1: Creating new IBSS network, BSSID 3e:9b:c4:65:59:0f
[  209.225489][ T7707] netlink: 12 bytes leftover after parsing attributes in process `syz.3.488'.
[  209.945024][   T13] wlan1: Trigger new scan to find an IBSS to join
[  210.283741][ T7716] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'.
[  210.759795][ T7728] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  210.761363][   T36] wlan1: Selected IBSS BSSID 3e:9b:c4:65:59:0f based on configured SSID
[  211.054968][ T7733] netlink: 'syz.3.494': attribute type 21 has an invalid length.
[  211.106103][ T7733] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.494'.
[  211.246102][ T7736] netlink: 'syz.4.495': attribute type 29 has an invalid length.
[  211.274709][ T7738] netlink: 'syz.4.495': attribute type 29 has an invalid length.
[  211.355278][ T7736] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.495'.
[  211.427586][ T7738] netlink: 'syz.4.495': attribute type 29 has an invalid length.
[  211.783788][ T5846] Bluetooth: hci0: command 0x0406 tx timeout
[  211.789997][ T5846] Bluetooth: hci1: command 0x0406 tx timeout
[  211.896205][ T7738] netlink: 'syz.4.495': attribute type 29 has an invalid length.
[  213.145439][ T7760] netlink: 'syz.1.499': attribute type 3 has an invalid length.
[  213.217495][ T7760] netlink: 132 bytes leftover after parsing attributes in process `syz.1.499'.
[  213.715764][ T7770] netlink: 'syz.0.502': attribute type 3 has an invalid length.
[  213.740720][ T7770] netlink: 132 bytes leftover after parsing attributes in process `syz.0.502'.
[  214.274725][ T7786] netlink: 'syz.3.508': attribute type 29 has an invalid length.
[  214.430740][ T7786] netlink: 'syz.3.508': attribute type 29 has an invalid length.
[  214.714814][ T7781] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.508'.
[  214.745012][ T7786] netlink: 'syz.3.508': attribute type 29 has an invalid length.
[  214.769837][ T7781] netlink: 'syz.3.508': attribute type 29 has an invalid length.
[  214.904525][ T3173] wlan1: Trigger new scan to find an IBSS to join
[  214.991002][ T7776] netlink: 146936 bytes leftover after parsing attributes in process `syz.2.506'.
[  215.021740][ T7776] openvswitch: netlink: Message has 6 unknown bytes.
[  215.483413][ T7783] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.506'.
[  215.830446][ T7802] IPv6: Can't replace route, no match found
[  215.852070][ T7797] netlink: 'syz.1.515': attribute type 21 has an invalid length.
[  215.860449][ T7802] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  215.869098][   T36] wlan1: Selected IBSS BSSID 3e:9b:c4:65:59:0f based on configured SSID
[  215.881053][ T3577] wlan1: Creating new IBSS network, BSSID 56:00:22:6b:1c:6c
[  215.916286][ T7797] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.515'.
[  216.548448][ T7809] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  216.551294][ T3530] wlan1: Selected IBSS BSSID 82:2a:90:b0:1f:dc based on configured SSID
[  216.615413][ T7810] FAULT_INJECTION: forcing a failure.
[  216.615413][ T7810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.624853][ T7806] IPv6: Can't replace route, no match found
[  216.683905][ T7813] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  216.696361][  T142] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  216.739969][ T7810] CPU: 0 UID: 0 PID: 7810 Comm: syz.2.517 Not tainted syzkaller #0 PREEMPT(full) 
[  216.740002][ T7810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  216.740015][ T7810] Call Trace:
[  216.740023][ T7810]  <TASK>
[  216.740033][ T7810]  dump_stack_lvl+0x189/0x250
[  216.740081][ T7810]  ? __pfx____ratelimit+0x10/0x10
[  216.740105][ T7810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.740133][ T7810]  ? __pfx__printk+0x10/0x10
[  216.740154][ T7810]  ? __might_fault+0xb0/0x130
[  216.740196][ T7810]  should_fail_ex+0x414/0x560
[  216.740235][ T7810]  _copy_from_user+0x2d/0xb0
[  216.740271][ T7810]  ___sys_sendmsg+0x158/0x2a0
[  216.740303][ T7810]  ? __pfx____sys_sendmsg+0x10/0x10
[  216.740375][ T7810]  ? __fget_files+0x2a/0x420
[  216.740406][ T7810]  ? __fget_files+0x3a0/0x420
[  216.740449][ T7810]  __x64_sys_sendmsg+0x19b/0x260
[  216.740475][ T7810]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  216.740512][ T7810]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  216.740552][ T7810]  ? __pfx_ksys_write+0x10/0x10
[  216.740577][ T7810]  ? rcu_is_watching+0x15/0xb0
[  216.740610][ T7810]  ? do_syscall_64+0xbe/0x3b0
[  216.740639][ T7810]  do_syscall_64+0xfa/0x3b0
[  216.740661][ T7810]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.740683][ T7810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.740704][ T7810]  ? clear_bhb_loop+0x60/0xb0
[  216.740731][ T7810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.740752][ T7810] RIP: 0033:0x7f7912f8eec9
[  216.740776][ T7810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.740793][ T7810] RSP: 002b:00007f7913e7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  216.740816][ T7810] RAX: ffffffffffffffda RBX: 00007f79131e5fa0 RCX: 00007f7912f8eec9
[  216.740832][ T7810] RDX: 0000000000000000 RSI: 0000200000001640 RDI: 0000000000000004
[  216.740845][ T7810] RBP: 00007f7913e7c090 R08: 0000000000000000 R09: 0000000000000000
[  216.740858][ T7810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.740870][ T7810] R13: 00007f79131e6038 R14: 00007f79131e5fa0 R15: 00007ffe5d204758
[  216.740906][ T7810]  </TASK>
[  216.901555][ T5855] Bluetooth: hci4: command 0x0406 tx timeout
[  216.960249][ T5855] Bluetooth: hci2: command 0x0406 tx timeout
[  216.966438][ T5855] Bluetooth: hci3: command 0x0406 tx timeout
[  219.272524][ T7845] IPv6: Can't replace route, no match found
[  219.349829][ T7845] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  219.365095][ T3489] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  219.522293][ T7850] netlink: 'syz.1.528': attribute type 21 has an invalid length.
[  219.540967][ T7850] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.528'.
[  220.513394][ T7862] IPv6: Can't replace route, no match found
[  220.598395][ T7862] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  220.598995][ T7857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.532'.
[  220.618242][   T36] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  220.972473][ T7863] netlink: 15678 bytes leftover after parsing attributes in process `syz.2.530'.
[  222.519610][ T7866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.533'.
[  222.641842][ T7884] IPv6: Can't replace route, no match found
[  222.692238][ T7884] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  222.712426][   T36] wlan1: Selected IBSS BSSID 3e:9b:c4:65:59:0f based on configured SSID
[  223.005002][ T7892] IPv6: Can't replace route, no match found
[  223.146283][ T7893] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  223.155805][ T3577] wlan1: Selected IBSS BSSID 4e:cf:6a:91:67:3f based on configured SSID
[  223.378755][ T7898] netlink: 'syz.2.541': attribute type 3 has an invalid length.
[  223.441378][ T7898] netlink: 132 bytes leftover after parsing attributes in process `syz.2.541'.
[  223.526337][ T7903] netlink: 'syz.3.544': attribute type 21 has an invalid length.
[  223.569585][ T7903] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.544'.
[  224.640572][ T7926] IPv6: Can't replace route, no match found
[  225.224212][ T7931] netlink: 'syz.0.551': attribute type 3 has an invalid length.
[  225.285420][ T7931] netlink: 132 bytes leftover after parsing attributes in process `syz.0.551'.
[  227.099761][ T7957] IPv6: Can't replace route, no match found
[  227.465771][ T7957] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  227.475146][   T49] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  227.500739][ T7946] netlink: 'syz.2.555': attribute type 29 has an invalid length.
[  228.138987][ T7968] netlink: 'syz.1.557': attribute type 21 has an invalid length.
[  228.195814][ T7968] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.557'.
[  228.516397][ T7978] IPv6: Can't replace route, no match found
[  229.457237][ T7987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.562'.
[  231.315729][ T7996] netlink: 'syz.2.564': attribute type 3 has an invalid length.
[  231.325087][ T7996] netlink: 132 bytes leftover after parsing attributes in process `syz.2.564'.
[  231.567311][ T7999] IPv6: Can't replace route, no match found
[  231.679445][ T7999] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  231.680573][   T36] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  232.243618][ T8013] IPv6: Can't replace route, no match found
[  232.338127][ T8002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.575'.
[  232.412415][ T8009] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  232.431106][   T36] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  233.347610][ T8024] netlink: 68 bytes leftover after parsing attributes in process `syz.0.573'.
[  234.516619][ T8025] netlink: 'syz.1.571': attribute type 29 has an invalid length.
[  235.015052][ T8042] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.571'.
[  235.489506][ T8026] netlink: 'syz.1.571': attribute type 29 has an invalid length.
[  235.736456][ T8047] netlink: 'syz.1.571': attribute type 29 has an invalid length.
[  235.773542][ T8025] netlink: 'syz.1.571': attribute type 29 has an invalid length.
[  237.744149][ T8085] IPv6: Can't replace route, no match found
[  237.797769][ T8085] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  238.382694][ T8100] netlink: 12 bytes leftover after parsing attributes in process `syz.2.588'.
[  238.421763][ T8100] netlink: 48 bytes leftover after parsing attributes in process `syz.2.588'.
[  239.565763][ T8121] netlink: 'syz.3.594': attribute type 21 has an invalid length.
[  239.609922][ T8121] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.594'.
[  240.674548][ T8134] IPv6: Can't replace route, no match found
[  240.700296][ T8134] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  242.036146][ T8143] netlink: 'syz.0.601': attribute type 10 has an invalid length.
[  242.738014][ T8156] IPv6: Can't replace route, no match found
[  242.785329][ T8143] team0 (unregistering): Port device team_slave_0 removed
[  242.842232][ T8143] team0 (unregistering): Port device team_slave_1 removed
[  242.925823][ T8156] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  242.949986][ T3173] wlan1: Selected IBSS BSSID 56:00:22:6b:1c:6c based on configured SSID
[  242.963992][ T8145] netlink: 56 bytes leftover after parsing attributes in process `syz.1.602'.
[  243.027347][ T8145] netlink: 20 bytes leftover after parsing attributes in process `syz.1.602'.
[  243.081338][ T8145] netlink: 20 bytes leftover after parsing attributes in process `syz.1.602'.
[  244.065148][ T8177] netlink: 'syz.0.613': attribute type 21 has an invalid length.
[  244.093361][ T8177] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.613'.
[  245.139943][ T8205] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  245.700775][ T8222] IPv6: Can't replace route, no match found
[  245.708617][ T8222] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  246.259554][ T8224] netlink: 'syz.4.626': attribute type 21 has an invalid length.
[  246.268943][ T8224] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.626'.
[  246.638744][  T142] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  246.694028][ T8234] netlink: 'syz.1.631': attribute type 1 has an invalid length.
[  246.713693][ T8234] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.631'.
[  248.060122][ T8257] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  248.172056][ T8258] netlink: 24 bytes leftover after parsing attributes in process `syz.2.636'.
[  248.359413][ T8257] netlink: 100 bytes leftover after parsing attributes in process `syz.2.636'.
[  251.253754][ T8320] netlink: 132 bytes leftover after parsing attributes in process `syz.4.650'.
[  252.050724][ T8328] FAULT_INJECTION: forcing a failure.
[  252.050724][ T8328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  252.131572][ T8328] CPU: 0 UID: 0 PID: 8328 Comm: syz.2.652 Not tainted syzkaller #0 PREEMPT(full) 
[  252.131602][ T8328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  252.131631][ T8328] Call Trace:
[  252.131644][ T8328]  <TASK>
[  252.131657][ T8328]  dump_stack_lvl+0x189/0x250
[  252.131701][ T8328]  ? __pfx____ratelimit+0x10/0x10
[  252.131736][ T8328]  ? __pfx_dump_stack_lvl+0x10/0x10
[  252.131774][ T8328]  ? __pfx__printk+0x10/0x10
[  252.131809][ T8328]  ? __might_fault+0xb0/0x130
[  252.131861][ T8328]  ? __might_fault+0xb0/0x130
[  252.131928][ T8328]  should_fail_ex+0x414/0x560
[  252.131999][ T8328]  _copy_from_iter+0x1de/0x1790
[  252.132070][ T8328]  ? _copy_from_iter+0x24f/0x1790
[  252.132132][ T8328]  ? __pfx__copy_from_iter+0x10/0x10
[  252.132152][ T8328]  ? sock_alloc_send_pskb+0x86b/0x980
[  252.132224][ T8328]  ? __pfx__copy_from_iter+0x10/0x10
[  252.132273][ T8328]  ? page_copy_sane+0x16a/0x280
[  252.132318][ T8328]  copy_page_from_iter+0xdd/0x170
[  252.132375][ T8328]  skb_copy_datagram_from_iter+0x306/0x720
[  252.132504][ T8328]  tun_get_user+0x1691/0x3ea0
[  252.132615][ T8328]  ? trace_call_bpf+0xc7/0xb50
[  252.132648][ T8328]  ? __pfx_trace_call_bpf+0x10/0x10
[  252.132688][ T8328]  ? aa_file_perm+0x44d/0x1550
[  252.132716][ T8328]  ? __pfx_tun_get_user+0x10/0x10
[  252.132776][ T8328]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  252.132842][ T8328]  ? perf_trace_lock+0x2f8/0x3b0
[  252.132916][ T8328]  ? __pfx_perf_trace_lock+0x10/0x10
[  252.132952][ T8328]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  252.133025][ T8328]  ? tun_get+0x1c/0x2f0
[  252.133093][ T8328]  ? tun_get+0x1c/0x2f0
[  252.133126][ T8328]  ? tun_get+0x1c/0x2f0
[  252.133190][ T8328]  tun_chr_write_iter+0x113/0x200
[  252.133240][ T8328]  vfs_write+0x5c9/0xb30
[  252.133304][ T8328]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  252.133343][ T8328]  ? __pfx_vfs_write+0x10/0x10
[  252.133446][ T8328]  ? __fget_files+0x2a/0x420
[  252.133534][ T8328]  ksys_write+0x145/0x250
[  252.133587][ T8328]  ? __pfx_ksys_write+0x10/0x10
[  252.133611][ T8328]  ? rcu_is_watching+0x15/0xb0
[  252.133673][ T8328]  ? do_syscall_64+0xbe/0x3b0
[  252.133726][ T8328]  do_syscall_64+0xfa/0x3b0
[  252.133751][ T8328]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.133780][ T8328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.133805][ T8328]  ? clear_bhb_loop+0x60/0xb0
[  252.133851][ T8328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.133874][ T8328] RIP: 0033:0x7f7912f8eec9
[  252.133900][ T8328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.133918][ T8328] RSP: 002b:00007f7913e7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  252.133940][ T8328] RAX: ffffffffffffffda RBX: 00007f79131e5fa0 RCX: 00007f7912f8eec9
[  252.133956][ T8328] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  252.133970][ T8328] RBP: 00007f7913e7c090 R08: 0000000000000000 R09: 0000000000000000
[  252.133982][ T8328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  252.133996][ T8328] R13: 00007f79131e6038 R14: 00007f79131e5fa0 R15: 00007ffe5d204758
[  252.134100][ T8328]  </TASK>
[  252.783349][ T3530] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  253.825966][ T8347] netlink: 'syz.3.658': attribute type 21 has an invalid length.
[  253.842667][ T8347] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.658'.
[  255.469745][ T8391] netlink: 'syz.3.670': attribute type 5 has an invalid length.
[  255.487906][ T8391] netlink: 44 bytes leftover after parsing attributes in process `syz.3.670'.
[  256.318750][ T8404] IPv6: Can't replace route, no match found
[  256.374661][ T8405] netlink: 'syz.1.674': attribute type 21 has an invalid length.
[  256.393542][ T8404] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  256.449582][ T8405] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.674'.
[  256.706307][ T8410] IPv6: Can't replace route, no match found
[  257.412648][ T8422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.675'.
[  258.076270][ T8428] IPv6: Can't replace route, no match found
[  258.266352][ T8442] netlink: 16 bytes leftover after parsing attributes in process `syz.0.684'.
[  259.050581][ T3489] wlan1: Trigger new scan to find an IBSS to join
[  259.071594][ T8435] netlink: 8 bytes leftover after parsing attributes in process `syz.4.683'.
[  259.569740][ T8456] IPv6: Can't replace route, no match found
[  260.719479][ T8457] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  260.907373][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  260.914101][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  261.254105][ T8460] netlink: 'syz.4.688': attribute type 21 has an invalid length.
[  261.294229][ T8460] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.688'.
[  262.826023][ T8469] IPv6: Can't replace route, no match found
[  265.399470][ T8511] netlink: 68 bytes leftover after parsing attributes in process `syz.2.700'.
[  265.624850][ T8516] netlink: 'syz.4.699': attribute type 3 has an invalid length.
[  265.731665][ T8516] netlink: 132 bytes leftover after parsing attributes in process `syz.4.699'.
[  265.853821][ T8522] netlink: 'syz.3.704': attribute type 21 has an invalid length.
[  265.862082][ T8522] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.704'.
[  265.899451][ T8518] IPv6: Can't replace route, no match found
[  265.941898][   T13] wlan1: Trigger new scan to find an IBSS to join
[  265.992806][ T8523] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  267.749214][ T3173] wlan1: Creating new IBSS network, BSSID ae:32:b3:ed:d8:41
[  268.068240][  T142] wlan1: Trigger new scan to find an IBSS to join
[  268.503518][ T8556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'.
[  268.585555][ T8560] netlink: 68 bytes leftover after parsing attributes in process `syz.1.715'.
[  269.581856][ T8571] netlink: 'syz.1.717': attribute type 3 has an invalid length.
[  269.630354][ T8571] netlink: 132 bytes leftover after parsing attributes in process `syz.1.717'.
[  270.999219][ T8577] netlink: 'syz.0.719': attribute type 21 has an invalid length.
[  271.032400][ T8577] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.719'.
[  271.555782][ T8583] IPv6: Can't replace route, no match found
[  271.614708][ T8588] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  272.908171][ T3489] wlan1: Trigger new scan to find an IBSS to join
[  272.959298][ T3577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  273.153044][ T8611] netlink: 68 bytes leftover after parsing attributes in process `syz.4.728'.
[  273.496310][ T8619] IPv6: Can't replace route, no match found
[  274.010170][ T8619] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  274.810041][ T8634] netlink: 'syz.1.735': attribute type 21 has an invalid length.
[  274.847954][ T8634] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.735'.
[  275.470739][ T8641] IPv6: Can't replace route, no match found
[  275.981624][ T8658] Driver unsupported XDP return value 0 on prog  (id 591) dev N/A, expect packet loss!
[  276.014217][ T8658] FAULT_INJECTION: forcing a failure.
[  276.014217][ T8658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.087062][ T8658] CPU: 1 UID: 0 PID: 8658 Comm: syz.1.744 Not tainted syzkaller #0 PREEMPT(full) 
[  276.087093][ T8658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  276.087107][ T8658] Call Trace:
[  276.087116][ T8658]  <TASK>
[  276.087126][ T8658]  dump_stack_lvl+0x189/0x250
[  276.087161][ T8658]  ? __pfx____ratelimit+0x10/0x10
[  276.087186][ T8658]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.087216][ T8658]  ? __pfx__printk+0x10/0x10
[  276.087243][ T8658]  ? __might_fault+0xb0/0x130
[  276.087281][ T8658]  should_fail_ex+0x414/0x560
[  276.087321][ T8658]  _copy_to_user+0x31/0xb0
[  276.087352][ T8658]  simple_read_from_buffer+0xe1/0x170
[  276.087390][ T8658]  proc_fail_nth_read+0x1b3/0x220
[  276.087420][ T8658]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  276.087450][ T8658]  ? rw_verify_area+0x2a6/0x4d0
[  276.087477][ T8658]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  276.087505][ T8658]  vfs_read+0x200/0xa30
[  276.087531][ T8658]  ? fdget_pos+0x247/0x320
[  276.087577][ T8658]  ? __pfx___mutex_lock+0x10/0x10
[  276.087603][ T8658]  ? __pfx_vfs_read+0x10/0x10
[  276.087634][ T8658]  ? __fget_files+0x2a/0x420
[  276.087672][ T8658]  ? __fget_files+0x3a0/0x420
[  276.087701][ T8658]  ? __fget_files+0x2a/0x420
[  276.087746][ T8658]  ksys_read+0x145/0x250
[  276.087778][ T8658]  ? __pfx_ksys_read+0x10/0x10
[  276.087802][ T8658]  ? rcu_is_watching+0x15/0xb0
[  276.087836][ T8658]  ? do_syscall_64+0xbe/0x3b0
[  276.087868][ T8658]  do_syscall_64+0xfa/0x3b0
[  276.087891][ T8658]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.087914][ T8658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.087935][ T8658]  ? clear_bhb_loop+0x60/0xb0
[  276.087963][ T8658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.087988][ T8658] RIP: 0033:0x7f7c3c58d8dc
[  276.088008][ T8658] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  276.088027][ T8658] RSP: 002b:00007f7c3d406030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  276.088049][ T8658] RAX: ffffffffffffffda RBX: 00007f7c3c7e5fa0 RCX: 00007f7c3c58d8dc
[  276.088065][ T8658] RDX: 000000000000000f RSI: 00007f7c3d4060a0 RDI: 0000000000000005
[  276.088077][ T8658] RBP: 00007f7c3d406090 R08: 0000000000000000 R09: 0000000000000000
[  276.088091][ T8658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  276.088103][ T8658] R13: 00007f7c3c7e6038 R14: 00007f7c3c7e5fa0 R15: 00007fffbc0c5e08
[  276.088143][ T8658]  </TASK>
[  276.529985][ T8660] netlink: 68 bytes leftover after parsing attributes in process `syz.0.742'.
[  276.984486][   T36] wlan1: Trigger new scan to find an IBSS to join
[  277.620742][ T8679] netlink: 'syz.0.748': attribute type 21 has an invalid length.
[  277.632768][ T8679] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.748'.
[  279.572996][ T8704] IPv6: Can't replace route, no match found
[  279.647084][ T8704] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  279.828310][ T8706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.755'.
[  281.975928][ T3577] wlan1: Trigger new scan to find an IBSS to join
[  282.230917][ T8770] netlink: 12 bytes leftover after parsing attributes in process `syz.4.770'.
[  282.261537][ T8771] IPv6: Can't replace route, no match found
[  282.334938][ T8771] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  283.291572][ T8777] netlink: 8 bytes leftover after parsing attributes in process `syz.4.773'.
[  283.911763][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  284.906974][ T3489] wlan1: Trigger new scan to find an IBSS to join
[  285.184427][ T8821] IPv6: Can't replace route, no match found
[  285.411703][ T8824] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  285.431776][ T3489] wlan1: Selected IBSS BSSID ae:32:b3:ed:d8:41 based on configured SSID
[  285.829082][ T8834] netlink: 'syz.0.789': attribute type 46 has an invalid length.
[  285.872879][ T8830] netlink: 'syz.4.788': attribute type 29 has an invalid length.
[  285.967827][ T8830] netlink: 'syz.4.788': attribute type 29 has an invalid length.
[  286.058221][ T8830] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.788'.
[  286.129481][ T8836] netlink: 'syz.4.788': attribute type 29 has an invalid length.
[  286.410540][ T8836] netlink: 'syz.4.788': attribute type 29 has an invalid length.
[  286.733372][ T8843] netdevsim netdevsim3 : renamed from netdevsim0 (while UP)
[  286.981475][ T3489] wlan1: Trigger new scan to find an IBSS to join
[  287.119755][ T8857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.796'.
[  287.945897][ T3577] wlan1: Trigger new scan to find an IBSS to join
[  287.975733][ T8873] IPv6: Can't replace route, no match found
[  288.052507][ T3489] wlan1: Creating new IBSS network, BSSID d2:2d:83:8a:61:c3
[  288.120027][ T8866] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  288.990071][ T8898] netlink: 'syz.0.811': attribute type 3 has an invalid length.
[  289.055732][ T8898] netlink: 132 bytes leftover after parsing attributes in process `syz.0.811'.
[  289.115244][ T8900] netlink: 'syz.1.812': attribute type 21 has an invalid length.
[  289.185049][ T8900] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.812'.
[  289.486048][ T8911] netlink: 'syz.0.814': attribute type 3 has an invalid length.
[  289.531327][ T8911] netlink: 132 bytes leftover after parsing attributes in process `syz.0.814'.
[  291.072737][ T8938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.820'.
[  291.073020][ T3530] wlan1: Trigger new scan to find an IBSS to join
[  291.399200][ T8987] netlink: 'syz.1.824': attribute type 3 has an invalid length.
[  291.519916][ T8987] netlink: 132 bytes leftover after parsing attributes in process `syz.1.824'.
[  291.954111][ T3509] wlan1: Trigger new scan to find an IBSS to join
[  292.263489][ T8969] wlan1: Creating new IBSS network, BSSID 7e:4b:1e:a1:cc:ef
[  292.402767][ T8996] netlink: 'syz.0.828': attribute type 21 has an invalid length.
[  292.428284][ T8996] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.828'.
[  294.364907][ T9032] netlink: 'syz.3.838': attribute type 3 has an invalid length.
[  294.374656][ T9032] netlink: 132 bytes leftover after parsing attributes in process `syz.3.838'.
[  296.917678][ T3509] wlan1: Trigger new scan to find an IBSS to join
[  297.102306][ T9084] netlink: 'syz.1.852': attribute type 3 has an invalid length.
[  297.117946][ T9084] netlink: 132 bytes leftover after parsing attributes in process `syz.1.852'.
[  297.199875][ T9088] netlink: 68 bytes leftover after parsing attributes in process `syz.4.853'.
[  298.047725][ T3509] wlan1: Creating new IBSS network, BSSID 3a:bf:ea:24:c7:45
[  298.639899][ T9105] netlink: 8 bytes leftover after parsing attributes in process `syz.3.859'.
[  298.883621][ T9116] netlink: 40 bytes leftover after parsing attributes in process `syz.1.862'.
[  299.014959][ T9119] netlink: 'syz.2.863': attribute type 1 has an invalid length.
[  299.047140][ T9119] netlink: 12 bytes leftover after parsing attributes in process `syz.2.863'.
[  299.387265][ T9127] netlink: 'syz.2.867': attribute type 3 has an invalid length.
[  299.410848][ T9127] netlink: 132 bytes leftover after parsing attributes in process `syz.2.867'.
[  299.579988][ T9131] netlink: 68 bytes leftover after parsing attributes in process `syz.1.869'.
[  299.751421][ T9125] IPv6: Can't replace route, no match found
[  300.242782][ T9136] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  300.252228][   T12] wlan1: Selected IBSS BSSID 3a:bf:ea:24:c7:45 based on configured SSID
[  302.695642][ T9174] netlink: 'syz.1.880': attribute type 3 has an invalid length.
[  302.731657][ T9174] netlink: 132 bytes leftover after parsing attributes in process `syz.1.880'.
[  303.416181][ T9188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.883'.
[  303.832892][ T9194] netlink: 'syz.4.885': attribute type 29 has an invalid length.
[  303.899716][ T9201] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.885'.
[  304.135278][ T9198] netlink: 'syz.4.885': attribute type 29 has an invalid length.
[  304.206059][ T9204] IPv6: Can't replace route, no match found
[  304.317149][ T9204] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  304.368243][ T9194] netlink: 'syz.4.885': attribute type 29 has an invalid length.
[  305.098920][ T9207] netlink: 'syz.4.885': attribute type 29 has an invalid length.
[  306.898111][ T9222] syz.0.891 (9222) used obsolete PPPIOCDETACH ioctl
[  309.903316][ T9258] netlink: 12 bytes leftover after parsing attributes in process `syz.4.901'.
[  309.958662][ T9261] IPv6: Can't replace route, no match found
[  310.142400][ T9266] IPv6: Can't replace route, no match found
[  310.154456][ T9266] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  310.208000][ T9271] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  310.258322][ T9271] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  310.587508][ T9276] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.907'.
[  310.905991][ T9287] netlink: 'syz.2.911': attribute type 46 has an invalid length.
[  310.918166][ T9287] netlink: 16 bytes leftover after parsing attributes in process `syz.2.911'.
[  311.185417][ T9292] netlink: 68 bytes leftover after parsing attributes in process `syz.2.913'.
[  311.610470][ T9305] netlink: 12 bytes leftover after parsing attributes in process `syz.2.917'.
[  311.640653][ T9307] IPv6: Can't replace route, no match found
[  311.682044][ T9304] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  311.722882][ T9311] netlink: 14719 bytes leftover after parsing attributes in process `syz.3.916'.
[  311.813645][ T9313] FAULT_INJECTION: forcing a failure.
[  311.813645][ T9313] name failslab, interval 1, probability 0, space 0, times 0
[  311.854749][ T9306] netlink: 'syz.3.916': attribute type 29 has an invalid length.
[  311.872560][ T9313] CPU: 1 UID: 0 PID: 9313 Comm: syz.1.920 Not tainted syzkaller #0 PREEMPT(full) 
[  311.872590][ T9313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  311.872603][ T9313] Call Trace:
[  311.872611][ T9313]  <TASK>
[  311.872622][ T9313]  dump_stack_lvl+0x189/0x250
[  311.872657][ T9313]  ? __pfx____ratelimit+0x10/0x10
[  311.872681][ T9313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.872710][ T9313]  ? __pfx__printk+0x10/0x10
[  311.872739][ T9313]  ? __pfx___might_resched+0x10/0x10
[  311.872773][ T9313]  should_fail_ex+0x414/0x560
[  311.872810][ T9313]  should_failslab+0xa8/0x100
[  311.872842][ T9313]  __kmalloc_cache_noprof+0x70/0x3d0
[  311.872875][ T9313]  ? nfnetlink_rcv+0xeff/0x2520
[  311.872914][ T9313]  nfnetlink_rcv+0xeff/0x2520
[  311.872998][ T9313]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  311.873099][ T9313]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  311.873133][ T9313]  ? netlink_deliver_tap+0x2e/0x1b0
[  311.873183][ T9313]  netlink_unicast+0x82f/0x9e0
[  311.873217][ T9313]  ? __pfx_netlink_unicast+0x10/0x10
[  311.873241][ T9313]  ? netlink_sendmsg+0x642/0xb30
[  311.873263][ T9313]  ? skb_put+0x11b/0x210
[  311.873294][ T9313]  netlink_sendmsg+0x805/0xb30
[  311.873332][ T9313]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.873361][ T9313]  ? aa_sock_msg_perm+0xf1/0x1d0
[  311.873397][ T9313]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  311.873417][ T9313]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.873443][ T9313]  __sock_sendmsg+0x219/0x270
[  311.873483][ T9313]  ____sys_sendmsg+0x505/0x830
[  311.873519][ T9313]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.873561][ T9313]  ? import_iovec+0x74/0xa0
[  311.873593][ T9313]  ___sys_sendmsg+0x21f/0x2a0
[  311.873625][ T9313]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.873683][ T9313]  ? __fget_files+0x2a/0x420
[  311.873732][ T9313]  ? __fget_files+0x2a/0x420
[  311.873761][ T9313]  ? __fget_files+0x3a0/0x420
[  311.873806][ T9313]  __x64_sys_sendmsg+0x19b/0x260
[  311.873830][ T9313]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  311.873867][ T9313]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  311.873908][ T9313]  ? __pfx_ksys_write+0x10/0x10
[  311.873932][ T9313]  ? rcu_is_watching+0x15/0xb0
[  311.873972][ T9313]  ? do_syscall_64+0xbe/0x3b0
[  311.874001][ T9313]  do_syscall_64+0xfa/0x3b0
[  311.874023][ T9313]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.874044][ T9313]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.874065][ T9313]  ? clear_bhb_loop+0x60/0xb0
[  311.874092][ T9313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.874111][ T9313] RIP: 0033:0x7f7c3c58eec9
[  311.874130][ T9313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.874147][ T9313] RSP: 002b:00007f7c3d3e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  311.874169][ T9313] RAX: ffffffffffffffda RBX: 00007f7c3c7e6090 RCX: 00007f7c3c58eec9
[  311.874184][ T9313] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 000000000000000e
[  311.874196][ T9313] RBP: 00007f7c3d3e5090 R08: 0000000000000000 R09: 0000000000000000
[  311.874209][ T9313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  311.874221][ T9313] R13: 00007f7c3c7e6128 R14: 00007f7c3c7e6090 R15: 00007fffbc0c5e08
[  311.874259][ T9313]  </TASK>
[  312.473495][ T9317] netlink: 'syz.3.916': attribute type 29 has an invalid length.
[  314.952018][ T9354] FAULT_INJECTION: forcing a failure.
[  314.952018][ T9354] name failslab, interval 1, probability 0, space 0, times 0
[  314.965986][ T9354] CPU: 1 UID: 0 PID: 9354 Comm: syz.1.929 Not tainted syzkaller #0 PREEMPT(full) 
[  314.966016][ T9354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  314.966029][ T9354] Call Trace:
[  314.966041][ T9354]  <TASK>
[  314.966054][ T9354]  dump_stack_lvl+0x189/0x250
[  314.966097][ T9354]  ? __pfx____ratelimit+0x10/0x10
[  314.966131][ T9354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.966170][ T9354]  ? __pfx__printk+0x10/0x10
[  314.966218][ T9354]  ? __pfx___might_resched+0x10/0x10
[  314.966250][ T9354]  ? fs_reclaim_acquire+0x7d/0x100
[  314.966316][ T9354]  should_fail_ex+0x414/0x560
[  314.966387][ T9354]  should_failslab+0xa8/0x100
[  314.966434][ T9354]  __kmalloc_noprof+0xcb/0x4f0
[  314.966465][ T9354]  ? tomoyo_encode+0x28b/0x550
[  314.966531][ T9354]  tomoyo_encode+0x28b/0x550
[  314.966615][ T9354]  tomoyo_realpath_from_path+0x58d/0x5d0
[  314.966668][ T9354]  ? tomoyo_domain+0xd9/0x130
[  314.966730][ T9354]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  314.966769][ T9354]  tomoyo_path_number_perm+0x1e8/0x5a0
[  314.966828][ T9354]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  314.966877][ T9354]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  314.967128][ T9354]  ? __fget_files+0x2a/0x420
[  314.967183][ T9354]  ? __fget_files+0x2a/0x420
[  314.967215][ T9354]  ? __fget_files+0x3a0/0x420
[  314.967247][ T9354]  ? __fget_files+0x2a/0x420
[  314.967310][ T9354]  security_file_ioctl+0xcb/0x2d0
[  314.967360][ T9354]  __se_sys_ioctl+0x47/0x170
[  314.967410][ T9354]  do_syscall_64+0xfa/0x3b0
[  314.967435][ T9354]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.967464][ T9354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.967490][ T9354]  ? clear_bhb_loop+0x60/0xb0
[  314.967537][ T9354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.967565][ T9354] RIP: 0033:0x7f7c3c58eec9
[  314.967592][ T9354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.967610][ T9354] RSP: 002b:00007f7c3d406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  314.967633][ T9354] RAX: ffffffffffffffda RBX: 00007f7c3c7e5fa0 RCX: 00007f7c3c58eec9
[  314.967648][ T9354] RDX: 0000200000000080 RSI: 000000000000541b RDI: 0000000000000006
[  314.967661][ T9354] RBP: 00007f7c3d406090 R08: 0000000000000000 R09: 0000000000000000
[  314.967674][ T9354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  314.967686][ T9354] R13: 00007f7c3c7e6038 R14: 00007f7c3c7e5fa0 R15: 00007fffbc0c5e08
[  314.967795][ T9354]  </TASK>
[  314.967991][ T9354] ERROR: Out of memory at tomoyo_realpath_from_path.
[  315.897062][ T9377] IPv6: Can't replace route, no match found
[  316.156922][ T9374] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  316.229776][   T12] wlan1: Selected IBSS BSSID 7e:4b:1e:a1:cc:ef based on configured SSID
[  316.321692][ T9383] netlink: 'syz.0.936': attribute type 3 has an invalid length.
[  316.337089][ T9383] netlink: 132 bytes leftover after parsing attributes in process `syz.0.936'.
[  316.453874][ T9385] openvswitch: netlink: VXLAN extension 233 out of range max 1
[  316.499500][ T9385] netlink: 232 bytes leftover after parsing attributes in process `syz.2.937'.
[  316.722461][ T9397] netlink: 56 bytes leftover after parsing attributes in process `syz.2.937'.
[  317.337694][ T9421] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  317.338407][ T9414] IPv6: Can't replace route, no match found
[  317.685554][ T9427] netlink: 'syz.3.951': attribute type 3 has an invalid length.
[  317.714565][ T9427] netlink: 132 bytes leftover after parsing attributes in process `syz.3.951'.
[  318.073461][ T9432] netlink: 8 bytes leftover after parsing attributes in process `syz.2.952'.
[  318.114650][   T76] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  318.160416][ T9434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.953'.
[  318.671990][ T9439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.955'.
[  319.102612][ T9463] netlink: 'syz.4.961': attribute type 10 has an invalid length.
[  319.210646][ T9461] IPv6: Can't replace route, no match found
[  322.299893][ T9469] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  322.353505][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  322.359882][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  323.735199][ T9498] netlink: 'syz.3.970': attribute type 21 has an invalid length.
[  323.764714][ T9498] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.970'.
[  323.980290][ T9503] FAULT_INJECTION: forcing a failure.
[  323.980290][ T9503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  324.100549][ T9503] CPU: 1 UID: 0 PID: 9503 Comm: syz.0.972 Not tainted syzkaller #0 PREEMPT(full) 
[  324.100581][ T9503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  324.100594][ T9503] Call Trace:
[  324.100603][ T9503]  <TASK>
[  324.100612][ T9503]  dump_stack_lvl+0x189/0x250
[  324.100646][ T9503]  ? __pfx____ratelimit+0x10/0x10
[  324.100669][ T9503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.100696][ T9503]  ? __pfx__printk+0x10/0x10
[  324.100757][ T9503]  should_fail_ex+0x414/0x560
[  324.100794][ T9503]  _copy_to_user+0x31/0xb0
[  324.100824][ T9503]  simple_read_from_buffer+0xe1/0x170
[  324.100858][ T9503]  proc_fail_nth_read+0x1b3/0x220
[  324.100885][ T9503]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  324.100912][ T9503]  ? rw_verify_area+0x2a6/0x4d0
[  324.100936][ T9503]  ? __lock_acquire+0xab9/0xd20
[  324.100956][ T9503]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  324.100981][ T9503]  vfs_read+0x200/0xa30
[  324.101005][ T9503]  ? fdget_pos+0x247/0x320
[  324.101047][ T9503]  ? __pfx___mutex_lock+0x10/0x10
[  324.101072][ T9503]  ? __pfx_vfs_read+0x10/0x10
[  324.101103][ T9503]  ? __fget_files+0x2a/0x420
[  324.101136][ T9503]  ? __fget_files+0x3a0/0x420
[  324.101163][ T9503]  ? __fget_files+0x2a/0x420
[  324.101202][ T9503]  ksys_read+0x145/0x250
[  324.101231][ T9503]  ? __pfx_ksys_read+0x10/0x10
[  324.101254][ T9503]  ? rcu_is_watching+0x15/0xb0
[  324.101286][ T9503]  ? do_syscall_64+0xbe/0x3b0
[  324.101315][ T9503]  do_syscall_64+0xfa/0x3b0
[  324.101337][ T9503]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.101360][ T9503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.101380][ T9503]  ? clear_bhb_loop+0x60/0xb0
[  324.101405][ T9503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.101425][ T9503] RIP: 0033:0x7f8b5f78d8dc
[  324.101444][ T9503] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  324.101461][ T9503] RSP: 002b:00007f8b6064e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  324.101482][ T9503] RAX: ffffffffffffffda RBX: 00007f8b5f9e5fa0 RCX: 00007f8b5f78d8dc
[  324.101497][ T9503] RDX: 000000000000000f RSI: 00007f8b6064e0a0 RDI: 0000000000000004
[  324.101511][ T9503] RBP: 00007f8b6064e090 R08: 0000000000000000 R09: 0000000000000000
[  324.101523][ T9503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.101535][ T9503] R13: 00007f8b5f9e6038 R14: 00007f8b5f9e5fa0 R15: 00007ffebdc1a638
[  324.101570][ T9503]  </TASK>
[  324.820652][ T9518] netlink: 8 bytes leftover after parsing attributes in process `syz.4.973'.
[  324.985967][   T49] wlan1: Trigger new scan to find an IBSS to join
[  325.182962][ T9524] netlink: 56 bytes leftover after parsing attributes in process `syz.0.978'.
[  326.069887][ T9547] netlink: 'syz.1.986': attribute type 21 has an invalid length.
[  326.078193][ T9547] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.986'.
[  327.043318][ T9567] veth1_macvtap: left promiscuous mode
[  327.048874][ T9567] macsec0: entered promiscuous mode
[  327.354611][ T9571] netlink: 830 bytes leftover after parsing attributes in process `syz.4.992'.
[  327.617570][ T9579] netlink: 'syz.1.994': attribute type 3 has an invalid length.
[  327.626074][ T9579] netlink: 132 bytes leftover after parsing attributes in process `syz.1.994'.
[  330.371433][   T49] wlan1: Trigger new scan to find an IBSS to join
[  331.175699][ T9635] netlink: 'syz.2.1009': attribute type 3 has an invalid length.
[  331.191287][ T9635] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1009'.
[  331.413368][ T8969] wlan1: Creating new IBSS network, BSSID 7a:af:ad:96:cb:e0
[  331.464345][ T9642] netlink: 'syz.2.1011': attribute type 29 has an invalid length.
[  331.536970][ T9643] netlink: 'syz.2.1011': attribute type 29 has an invalid length.
[  331.746577][ T9642] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1011'.
[  331.779348][ T9643] netlink: 'syz.2.1011': attribute type 29 has an invalid length.
[  331.914119][ T9642] netlink: 'syz.2.1011': attribute type 29 has an invalid length.
[  332.297600][ T9662] openvswitch: netlink: Message has 4 unknown bytes.
[  332.324779][ T9662] netlink: 'syz.1.1017': attribute type 7 has an invalid length.
[  332.417842][ T9667] FAULT_INJECTION: forcing a failure.
[  332.417842][ T9667] name failslab, interval 1, probability 0, space 0, times 0
[  332.496328][ T9667] CPU: 0 UID: 0 PID: 9667 Comm: syz.1.1020 Not tainted syzkaller #0 PREEMPT(full) 
[  332.496374][ T9667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  332.496394][ T9667] Call Trace:
[  332.496408][ T9667]  <TASK>
[  332.496417][ T9667]  dump_stack_lvl+0x189/0x250
[  332.496452][ T9667]  ? __pfx____ratelimit+0x10/0x10
[  332.496476][ T9667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  332.496505][ T9667]  ? __pfx__printk+0x10/0x10
[  332.496535][ T9667]  ? __ip_dev_find+0x444/0x4e0
[  332.496560][ T9667]  ? __ip_dev_find+0xa2/0x4e0
[  332.496588][ T9667]  should_fail_ex+0x414/0x560
[  332.496627][ T9667]  should_failslab+0xa8/0x100
[  332.496660][ T9667]  kmem_cache_alloc_noprof+0x73/0x3c0
[  332.496686][ T9667]  ? dst_alloc+0x105/0x170
[  332.496723][ T9667]  dst_alloc+0x105/0x170
[  332.496750][ T9667]  ? ip_check_mc_rcu+0x443/0x680
[  332.496781][ T9667]  ip_route_output_key_hash_rcu+0x1560/0x23e0
[  332.496825][ T9667]  ? ip_route_output_key_hash+0xde/0x2e0
[  332.496859][ T9667]  ip_route_output_key_hash+0x1b9/0x2e0
[  332.496899][ T9667]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  332.496941][ T9667]  ? raw_sendmsg+0x626/0x18b0
[  332.496980][ T9667]  ip_route_output_flow+0x2a/0x150
[  332.497006][ T9667]  ? security_sk_classify_flow+0x70/0x180
[  332.497037][ T9667]  raw_sendmsg+0x1039/0x18b0
[  332.497089][ T9667]  ? __pfx_raw_sendmsg+0x10/0x10
[  332.497145][ T9667]  ? aa_sk_perm+0x81e/0x950
[  332.497192][ T9667]  ? __pfx_aa_sk_perm+0x10/0x10
[  332.497221][ T9667]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  332.497261][ T9667]  ? sock_rps_record_flow+0x19/0x410
[  332.497298][ T9667]  ? inet_sendmsg+0x2f4/0x370
[  332.497328][ T9667]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  332.497358][ T9667]  __sock_sendmsg+0x19c/0x270
[  332.497397][ T9667]  ____sys_sendmsg+0x505/0x830
[  332.497433][ T9667]  ? __pfx_____sys_sendmsg+0x10/0x10
[  332.497475][ T9667]  ? import_iovec+0x74/0xa0
[  332.497506][ T9667]  ___sys_sendmsg+0x21f/0x2a0
[  332.497538][ T9667]  ? __pfx____sys_sendmsg+0x10/0x10
[  332.497596][ T9667]  ? __fget_files+0x2a/0x420
[  332.497645][ T9667]  ? __fget_files+0x2a/0x420
[  332.497673][ T9667]  ? __fget_files+0x3a0/0x420
[  332.497719][ T9667]  __x64_sys_sendmsg+0x19b/0x260
[  332.497751][ T9667]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  332.497794][ T9667]  ? __pfx_ksys_write+0x10/0x10
[  332.497818][ T9667]  ? rcu_is_watching+0x15/0xb0
[  332.497850][ T9667]  ? do_syscall_64+0xbe/0x3b0
[  332.497881][ T9667]  do_syscall_64+0xfa/0x3b0
[  332.497904][ T9667]  ? lockdep_hardirqs_on+0x9c/0x150
[  332.497926][ T9667]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.497947][ T9667]  ? clear_bhb_loop+0x60/0xb0
[  332.497974][ T9667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.497996][ T9667] RIP: 0033:0x7f7c3c58eec9
[  332.498015][ T9667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.498032][ T9667] RSP: 002b:00007f7c3d406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  332.498054][ T9667] RAX: ffffffffffffffda RBX: 00007f7c3c7e5fa0 RCX: 00007f7c3c58eec9
[  332.498070][ T9667] RDX: 0000000000000000 RSI: 0000200000000d40 RDI: 0000000000000003
[  332.498082][ T9667] RBP: 00007f7c3d406090 R08: 0000000000000000 R09: 0000000000000000
[  332.498095][ T9667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.498107][ T9667] R13: 00007f7c3c7e6038 R14: 00007f7c3c7e5fa0 R15: 00007fffbc0c5e08
[  332.498146][ T9667]  </TASK>
[  333.197712][ T9675] netlink: 'syz.3.1023': attribute type 3 has an invalid length.
[  333.274700][ T9675] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1023'.
[  333.788098][ T9692] veth0_vlan: entered allmulticast mode
[  333.983205][ T9692] veth0_vlan: left promiscuous mode
[  334.056744][ T9692] veth0_vlan: entered promiscuous mode
[  335.789929][ T9713] IPv6: Can't replace route, no match found
[  335.800491][ T9713] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  335.810042][ T8969] wlan1: Selected IBSS BSSID 7a:af:ad:96:cb:e0 based on configured SSID
[  336.013076][ T9716] netlink: 'syz.4.1036': attribute type 10 has an invalid length.
[  336.051375][ T9716] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1036'.
[  336.081627][ T9716] bond0: entered promiscuous mode
[  336.093484][ T9716] bond_slave_0: entered promiscuous mode
[  336.123686][ T9716] bond_slave_1: entered promiscuous mode
[  336.152128][ T9716] bridge0: port 3(bond0) entered blocking state
[  336.190611][ T9716] bridge0: port 3(bond0) entered disabled state
[  336.212667][ T9716] bond0: entered allmulticast mode
[  336.229326][ T9716] bond_slave_0: entered allmulticast mode
[  336.254224][ T9716] bond_slave_1: entered allmulticast mode
[  336.336558][ T9716] bridge0: port 3(bond0) entered blocking state
[  336.344264][ T9716] bridge0: port 3(bond0) entered forwarding state
[  336.410826][ T9720] veth1_macvtap: left promiscuous mode
[  336.426975][ T9720] macsec0: entered promiscuous mode
[  337.204857][ T9739] IPv6: Can't replace route, no match found
[  337.245922][ T9739] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  337.266249][   T12] wlan1: Selected IBSS BSSID 7a:af:ad:96:cb:e0 based on configured SSID
[  338.727564][ T9766] IPv6: Can't replace route, no match found
[  338.810596][ T9758] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  339.512681][ T9777] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1055'.
[  340.165027][ T9788] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.1058'.
[  340.911324][ T9798] IPv6: Can't replace route, no match found
[  340.936964][ T9798] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  340.945619][   T12] wlan1: Selected IBSS BSSID 7a:af:ad:96:cb:e0 based on configured SSID
[  341.261786][ T9806] IPv6: Can't replace route, no match found
[  341.283802][ T9806] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  341.319149][ T9809] IPv6: Can't replace route, no match found
[  341.393468][ T9809] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  341.404179][   T12] wlan1: Selected IBSS BSSID 7a:af:ad:96:cb:e0 based on configured SSID
[  341.441067][ T9814] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1067'.
[  341.719409][ T9823] netlink: 'syz.1.1070': attribute type 10 has an invalid length.
[  341.848195][ T9824] IPv6: Can't replace route, no match found
[  344.799713][ T9833] netlink: 'syz.4.1074': attribute type 3 has an invalid length.
[  344.813401][ T9833] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1074'.
[  345.726658][ T9856] IPv6: Can't replace route, no match found
[  345.734416][ T9856] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  345.890190][ T9858] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1080'.
[  346.076362][ T9868] IPv6: Can't replace route, no match found
[  346.096528][ T9868] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  346.167060][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  346.411266][ T9879] netlink: 'syz.4.1086': attribute type 10 has an invalid length.
[  346.669147][ T9883] netlink: 'syz.4.1087': attribute type 10 has an invalid length.
[  346.697046][ T9883] macvlan0: entered allmulticast mode
[  346.716012][ T9883] veth1_vlan: entered allmulticast mode
[  346.725690][ T9883] macvlan0: entered promiscuous mode
[  346.735663][ T9883] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  346.747005][ T9881] xt_limit: Overflow, try lower: 324382443/4200216956
[  347.017692][ T9892] netlink: 'syz.0.1090': attribute type 29 has an invalid length.
[  347.038039][ T9892] netlink: 'syz.0.1090': attribute type 29 has an invalid length.
[  347.050288][ T9892] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1090'.
[  347.112664][ T9897] netlink: 'syz.0.1090': attribute type 29 has an invalid length.
[  347.419727][ T9897] netlink: 'syz.0.1090': attribute type 29 has an invalid length.
[  348.168022][ T9914] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1094'.
[  348.281655][ T9916] IPv6: Can't replace route, no match found
[  348.311762][ T9916] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  348.351625][ T9922] netlink: 'syz.1.1098': attribute type 17 has an invalid length.
[  348.367525][ T9922] netlink: 'syz.1.1098': attribute type 16 has an invalid length.
[  348.379811][ T9922] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1098'.
[  348.434711][ T9924] netlink: 'syz.0.1099': attribute type 29 has an invalid length.
[  348.492572][ T9924] netlink: 'syz.0.1099': attribute type 29 has an invalid length.
[  348.519557][ T9924] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1099'.
[  348.551292][ T9924] netlink: 'syz.0.1099': attribute type 29 has an invalid length.
[  348.681732][ T9933] netlink: 'syz.0.1099': attribute type 29 has an invalid length.
[  349.195621][ T9948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1105'.
[  349.789300][ T9964] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1109'.
[  349.908962][ T9966] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1110'.
[  350.323521][ T9973] IPv6: Can't replace route, no match found
[  350.366269][ T9972] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  350.914905][ T9988] FAULT_INJECTION: forcing a failure.
[  350.914905][ T9988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.083024][ T9988] CPU: 1 UID: 0 PID: 9988 Comm: syz.1.1117 Not tainted syzkaller #0 PREEMPT(full) 
[  351.083058][ T9988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  351.083074][ T9988] Call Trace:
[  351.083083][ T9988]  <TASK>
[  351.083093][ T9988]  dump_stack_lvl+0x189/0x250
[  351.083130][ T9988]  ? __pfx____ratelimit+0x10/0x10
[  351.083156][ T9988]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.083185][ T9988]  ? __pfx__printk+0x10/0x10
[  351.083208][ T9988]  ? __might_fault+0xb0/0x130
[  351.083240][ T9988]  ? __might_fault+0xb0/0x130
[  351.083277][ T9988]  should_fail_ex+0x414/0x560
[  351.083317][ T9988]  _copy_from_user+0x2d/0xb0
[  351.083346][ T9988]  ___sys_sendmsg+0x158/0x2a0
[  351.083380][ T9988]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.083439][ T9988]  ? __fget_files+0x2a/0x420
[  351.083488][ T9988]  ? __fget_files+0x2a/0x420
[  351.083517][ T9988]  ? __fget_files+0x3a0/0x420
[  351.083563][ T9988]  __x64_sys_sendmsg+0x19b/0x260
[  351.083589][ T9988]  ? perf_trace_run_bpf_submit+0x100/0x170
[  351.083627][ T9988]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  351.083679][ T9988]  ? __pfx_ksys_write+0x10/0x10
[  351.083703][ T9988]  ? rcu_is_watching+0x15/0xb0
[  351.083738][ T9988]  ? do_syscall_64+0xbe/0x3b0
[  351.083768][ T9988]  do_syscall_64+0xfa/0x3b0
[  351.083795][ T9988]  ? lockdep_hardirqs_on+0x9c/0x150
[  351.083817][ T9988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.083839][ T9988]  ? clear_bhb_loop+0x60/0xb0
[  351.083867][ T9988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.083888][ T9988] RIP: 0033:0x7f7c3c58eec9
[  351.083908][ T9988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.083927][ T9988] RSP: 002b:00007f7c3d3e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.083951][ T9988] RAX: ffffffffffffffda RBX: 00007f7c3c7e6090 RCX: 00007f7c3c58eec9
[  351.083989][ T9988] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  351.084002][ T9988] RBP: 00007f7c3d3e5090 R08: 0000000000000000 R09: 0000000000000000
[  351.084015][ T9988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.084027][ T9988] R13: 00007f7c3c7e6128 R14: 00007f7c3c7e6090 R15: 00007fffbc0c5e08
[  351.084068][ T9988]  </TASK>
[  352.486258][T10010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1120'.
[  352.973131][T10026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1125'.
[  354.230646][T10044] IPv6: Can't replace route, no match found
[  354.301926][T10044] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  354.495491][T10053] IPv6: Can't replace route, no match found
[  354.558985][T10058] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  354.780881][T10064] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  355.170588][T10075] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1140'.
[  355.939812][T10087] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.1145'.
[  356.250708][T10096] IPv6: Can't replace route, no match found
[  356.285578][T10096] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  356.580441][T10100] validate_nla: 4 callbacks suppressed
[  356.580497][T10100] netlink: 'syz.1.1152': attribute type 1 has an invalid length.
[  356.696100][T10100] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1152'.
[  356.983853][   T12] wlan1: Trigger new scan to find an IBSS to join
[  357.356880][T10123] netlink: 'syz.0.1158': attribute type 29 has an invalid length.
[  357.390558][T10123] netlink: 'syz.0.1158': attribute type 29 has an invalid length.
[  357.450265][T10123] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1158'.
[  357.464082][T10123] netlink: 'syz.0.1158': attribute type 29 has an invalid length.
[  357.719168][T10126] netlink: 'syz.0.1158': attribute type 29 has an invalid length.
[  358.096205][T10135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1161'.
[  358.509848][T10140] IPv6: Can't replace route, no match found
[  358.540694][T10140] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  358.675110][T10146] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.1163'.
[  359.368975][T10149] netlink: 'syz.3.1166': attribute type 29 has an invalid length.
[  359.413503][T10149] netlink: 'syz.3.1166': attribute type 29 has an invalid length.
[  359.442389][T10149] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1166'.
[  359.487033][T10156] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1169'.
[  359.499320][T10149] netlink: 'syz.3.1166': attribute type 29 has an invalid length.
[  359.589057][T10160] netlink: 'syz.3.1166': attribute type 29 has an invalid length.
[  359.909190][T10167] netlink: 'syz.1.1172': attribute type 3 has an invalid length.
[  359.919502][T10167] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1172'.
[  360.052576][T10170] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1174'.
[  361.950987][   T49] wlan1: Trigger new scan to find an IBSS to join
[  362.043243][T10214] IPv6: Can't replace route, no match found
[  362.062275][T10214] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  362.257491][T10223] validate_nla: 4 callbacks suppressed
[  362.257531][T10223] netlink: 'syz.2.1181': attribute type 3 has an invalid length.
[  362.282349][T10223] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1181'.
[  362.862606][T10240] netlink: 'syz.3.1185': attribute type 10 has an invalid length.
[  365.808702][T10248] netlink: 'syz.0.1188': attribute type 29 has an invalid length.
[  365.844079][T10248] netlink: 'syz.0.1188': attribute type 29 has an invalid length.
[  365.890808][T10251] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1189'.
[  365.904281][T10248] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1188'.
[  365.916791][T10248] netlink: 'syz.0.1188': attribute type 29 has an invalid length.
[  366.082407][T10248] netlink: 'syz.0.1188': attribute type 29 has an invalid length.
[  366.299508][T10262] IPv6: Can't replace route, no match found
[  366.321301][T10262] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  366.477314][T10271] netlink: 'syz.0.1196': attribute type 29 has an invalid length.
[  366.495662][T10271] netlink: 'syz.0.1196': attribute type 29 has an invalid length.
[  366.505036][T10272] netlink: 'syz.2.1198': attribute type 3 has an invalid length.
[  366.518694][T10271] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1196'.
[  366.536967][T10271] netlink: 'syz.0.1196': attribute type 29 has an invalid length.
[  366.604930][T10272] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1198'.
[  369.994732][T10287] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  370.005713][T10287] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  370.199648][T10297] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1203'.
[  370.520819][T10308] validate_nla: 2 callbacks suppressed
[  370.520856][T10308] netlink: 'syz.1.1207': attribute type 29 has an invalid length.
[  370.581028][T10311] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1209'.
[  370.604741][T10305] netlink: 'syz.1.1207': attribute type 29 has an invalid length.
[  370.629521][T10305] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1207'.
[  370.645445][T10309] IPv6: Can't replace route, no match found
[  370.688571][T10313] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.1210'.
[  370.693475][T10309] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  370.717596][T10308] netlink: 'syz.1.1207': attribute type 29 has an invalid length.
[  370.744127][T10305] netlink: 'syz.1.1207': attribute type 29 has an invalid length.
[  370.840054][T10315] netlink: 14568 bytes leftover after parsing attributes in process `syz.4.1211'.
[  371.310615][T10334] netlink: 'syz.3.1216': attribute type 10 has an invalid length.
[  374.622661][T10354] netlink: 'syz.2.1220': attribute type 3 has an invalid length.
[  374.630548][T10354] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1220'.
[  374.680816][T10357] netlink: 14568 bytes leftover after parsing attributes in process `syz.4.1223'.
[  374.843371][T10363] netlink: 'syz.0.1224': attribute type 29 has an invalid length.
[  374.875642][T10363] netlink: 'syz.0.1224': attribute type 29 has an invalid length.
[  374.898920][T10363] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1224'.
[  374.915409][T10363] netlink: 'syz.0.1224': attribute type 29 has an invalid length.
[  374.991127][T10362] IPv6: Can't replace route, no match found
[  375.042063][T10362] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  375.068673][T10366] netlink: 'syz.0.1224': attribute type 29 has an invalid length.
[  375.260922][T10369] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1229'.
[  375.566466][T10370] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1228'.
[  375.666782][T10375] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1231'.
[  375.723650][T10373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1230'.
[  375.994627][T10386] validate_nla: 1 callbacks suppressed
[  375.994698][T10386] netlink: 'syz.4.1232': attribute type 1 has an invalid length.
[  376.197948][T10386] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1232'.
[  376.345277][T10396] netlink: 'syz.0.1237': attribute type 3 has an invalid length.
[  376.353554][T10396] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1237'.
[  376.629021][T10403] netlink: 'syz.0.1239': attribute type 1 has an invalid length.
[  376.664639][T10403] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1239'.
[  377.392298][T10409] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1240'.
[  378.146322][T10420] netlink: 'syz.1.1243': attribute type 29 has an invalid length.
[  378.284936][T10424] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1243'.
[  378.421323][T10422] netlink: 'syz.1.1243': attribute type 29 has an invalid length.
[  378.499299][T10420] netlink: 'syz.1.1243': attribute type 29 has an invalid length.
[  378.698189][T10424] netlink: 'syz.1.1243': attribute type 29 has an invalid length.
[  379.066367][T10436] IPv6: Can't replace route, no match found
[  379.075724][T10436] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  379.363448][T10441] netlink: 14568 bytes leftover after parsing attributes in process `syz.4.1250'.
[  379.607026][T10448] netlink: 'syz.3.1253': attribute type 1 has an invalid length.
[  380.778956][T10465] netlink: 'syz.0.1256': attribute type 1 has an invalid length.
[  380.803627][T10465] __nla_validate_parse: 1 callbacks suppressed
[  380.803680][T10465] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1256'.
[  381.124572][T10475] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1257'.
[  382.329602][T10498] netlink: 'syz.1.1263': attribute type 29 has an invalid length.
[  382.370142][T10497] netlink: 'syz.1.1263': attribute type 29 has an invalid length.
[  382.388607][T10497] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1263'.
[  382.479705][T10497] netlink: 'syz.1.1263': attribute type 29 has an invalid length.
[  382.664538][T10497] netlink: 'syz.1.1263': attribute type 29 has an invalid length.
[  383.819984][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  383.826456][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  385.490192][T10563] netlink: 'syz.2.1283': attribute type 29 has an invalid length.
[  385.596017][T10563] netlink: 'syz.2.1283': attribute type 29 has an invalid length.
[  385.659931][T10563] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1283'.
[  385.747509][T10568] netlink: 'syz.2.1283': attribute type 29 has an invalid length.
[  386.065849][T10566] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.1282'.
[  386.218913][T10574] netlink: 'syz.2.1283': attribute type 29 has an invalid length.
[  386.769495][T10588] IPv6: Can't replace route, no match found
[  386.814598][T10588] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  389.262517][T10642] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.1298'.
[  389.768505][T10660] IPv6: Can't replace route, no match found
[  389.785121][T10660] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  390.346369][T10668] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.1309'.
[  390.496176][T10673] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1308'.
[  391.708568][T10696] netlink: 'syz.0.1317': attribute type 1 has an invalid length.
[  391.720705][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1317'.
[  391.728592][T10692] IPv6: Can't replace route, no match found
[  391.949284][T10692] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  392.137964][T10710] netlink: 'syz.2.1322': attribute type 1 has an invalid length.
[  392.150143][T10710] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1322'.
[  392.573718][T10720] IPv6: Can't replace route, no match found
[  392.612225][T10721] netlink: 'syz.0.1324': attribute type 1 has an invalid length.
[  392.655793][T10721] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1324'.
[  393.180032][T10738] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1330'.
[  394.785631][T10750] IPv6: Can't replace route, no match found
[  394.803301][T10750] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  395.254173][T10759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1336'.
[  395.368246][T10765] netlink: 'syz.4.1338': attribute type 1 has an invalid length.
[  395.421912][T10765] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1338'.
[  395.588644][T10773] netlink: 'syz.2.1339': attribute type 10 has an invalid length.
[  398.782997][T10793] IPv6: Can't replace route, no match found
[  398.834460][T10793] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  398.907620][T10796] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.1346'.
[  398.953469][T10792] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1344'.
[  399.103431][T10794] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.1347'.
[  399.586082][T10801] IPv6: Can't replace route, no match found
[  399.621895][T10797] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  400.218329][T10810] netlink: 'syz.1.1351': attribute type 29 has an invalid length.
[  400.260967][T10810] netlink: 'syz.1.1351': attribute type 29 has an invalid length.
[  400.299362][T10810] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1351'.
[  400.317638][T10810] netlink: 'syz.1.1351': attribute type 29 has an invalid length.
[  400.413886][T10811] netlink: 'syz.1.1351': attribute type 29 has an invalid length.
[  400.449368][T10815] IPv6: Can't replace route, no match found
[  400.531025][T10813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1352'.
[  401.549192][T10838] IPv6: Can't replace route, no match found
[  401.557044][T10838] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  402.304078][T10847] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1362'.
[  402.475469][T10843] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1360'.
[  402.629574][T10857] netlink: 'syz.2.1366': attribute type 29 has an invalid length.
[  402.654566][T10857] netlink: 'syz.2.1366': attribute type 29 has an invalid length.
[  402.683048][T10857] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1366'.
[  402.706781][T10857] netlink: 'syz.2.1366': attribute type 29 has an invalid length.
[  402.939647][T10859] netlink: 'syz.2.1366': attribute type 29 has an invalid length.
[  404.072530][T10872] netlink: 'syz.4.1370': attribute type 1 has an invalid length.
[  404.131286][T10872] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1370'.
[  407.945730][T10887] netlink: 'syz.3.1375': attribute type 17 has an invalid length.
[  407.975568][T10887] netlink: 'syz.3.1375': attribute type 16 has an invalid length.
[  408.007654][T10887] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1375'.
[  408.075780][T10885] IPv6: Can't replace route, no match found
[  408.099124][T10885] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  408.765808][T10899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'.
[  409.246796][T10907] IPv6: Can't replace route, no match found
[  409.256648][T10907] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  410.112857][T10922] netlink: 'syz.4.1384': attribute type 29 has an invalid length.
[  410.149577][T10922] netlink: 'syz.4.1384': attribute type 29 has an invalid length.
[  410.183605][T10922] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1384'.
[  410.195364][T10922] netlink: 'syz.4.1384': attribute type 29 has an invalid length.
[  410.291726][T10922] netlink: 'syz.4.1384': attribute type 29 has an invalid length.
[  411.363035][T10958] netlink: 'syz.4.1390': attribute type 1 has an invalid length.
[  411.393148][T10958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1390'.
[  412.234328][T10977] netlink: 'syz.0.1396': attribute type 1 has an invalid length.
[  412.254812][T10977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1396'.
[  412.337608][T10980] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1397'.
[  412.759028][T10989] netlink: 'syz.4.1400': attribute type 29 has an invalid length.
[  412.807759][T10988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1398'.
[  412.898460][T10989] netlink: 'syz.4.1400': attribute type 29 has an invalid length.
[  413.001951][T10990] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1400'.
[  413.069959][T10989] netlink: 'syz.4.1400': attribute type 29 has an invalid length.
[  413.253981][T10989] netlink: 'syz.4.1400': attribute type 29 has an invalid length.
[  415.073324][T11029] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1410'.
[  415.430069][T11033] IPv6: Can't replace route, no match found
[  415.459740][T11037] netlink: 'syz.2.1415': attribute type 1 has an invalid length.
[  415.523057][T11037] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1415'.
[  415.662591][T11048] netlink: 'syz.0.1417': attribute type 29 has an invalid length.
[  415.704334][T11049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1414'.
[  415.714933][T11048] netlink: 'syz.0.1417': attribute type 29 has an invalid length.
[  415.758644][T11048] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1417'.
[  415.774474][T11048] netlink: 'syz.0.1417': attribute type 29 has an invalid length.
[  415.845586][T11056] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1418'.
[  415.951024][T11057] netlink: 'syz.0.1417': attribute type 29 has an invalid length.
[  417.708169][T11108] netlink: 'syz.1.1425': attribute type 1 has an invalid length.
[  417.737491][T11108] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1425'.
[  418.677506][T11118] IPv6: Can't replace route, no match found
[  418.877472][T11123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1433'.
[  418.985805][T11126] netlink: 'syz.3.1431': attribute type 1 has an invalid length.
[  419.082120][T11126] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1431'.
[  419.121121][T11132] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1434'.
[  419.370772][T11138] netlink: 'syz.4.1435': attribute type 29 has an invalid length.
[  419.450133][T11139] netlink: 'syz.4.1435': attribute type 29 has an invalid length.
[  419.601034][T11136] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1435'.
[  419.764826][T11138] netlink: 'syz.4.1435': attribute type 29 has an invalid length.
[  419.916238][T11136] netlink: 'syz.4.1435': attribute type 29 has an invalid length.
[  421.197245][T11171] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1442'.
[  422.007644][T11180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1445'.
[  423.323190][T11201] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1452'.
[  425.101841][T11231] netlink: 'syz.1.1459': attribute type 1 has an invalid length.
[  425.109973][T11231] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1459'.
[  425.177089][T11233] netlink: 'syz.3.1460': attribute type 10 has an invalid length.
[  428.605562][T11278] netlink: 'syz.3.1469': attribute type 1 has an invalid length.
[  428.617215][T11278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1469'.
[  429.325579][T11291] netlink: 'syz.2.1472': attribute type 1 has an invalid length.
[  429.378913][T11293] netlink: 'syz.0.1473': attribute type 29 has an invalid length.
[  429.382302][T11291] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1472'.
[  429.410875][T11293] netlink: 'syz.0.1473': attribute type 29 has an invalid length.
[  429.449193][T11293] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1473'.
[  429.472924][T11293] netlink: 'syz.0.1473': attribute type 29 has an invalid length.
[  429.604370][T11298] netlink: 'syz.0.1473': attribute type 29 has an invalid length.
[  430.609225][T11311] IPv6: Can't replace route, no match found
[  430.637136][T11311] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  431.211571][T11345] IPv6: Can't replace route, no match found
[  431.275135][T11348] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  432.668114][T11379] netlink: 'syz.0.1497': attribute type 1 has an invalid length.
[  432.677354][T11379] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1497'.
[  432.818528][T11384] netlink: 'syz.4.1500': attribute type 29 has an invalid length.
[  432.846223][T11384] netlink: 'syz.4.1500': attribute type 29 has an invalid length.
[  432.866973][T11384] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1500'.
[  432.894273][T11384] netlink: 'syz.4.1500': attribute type 29 has an invalid length.
[  433.065710][T11388] netlink: 'syz.4.1500': attribute type 29 has an invalid length.
[  433.543441][T11400] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1504'.
[  433.754717][T11409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1505'.
[  433.864052][T11413] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1509'.
[  434.305232][T11424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1511'.
[  435.543227][T11453] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1524'.
[  436.221246][T11461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1521'.
[  436.612096][T11466] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1527'.
[  436.744371][T11472] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1528'.
[  437.151015][T11479] IPv6: Can't replace route, no match found
[  437.860230][T11486] netlink: 'syz.2.1535': attribute type 1 has an invalid length.
[  437.877070][T11486] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1535'.
[  438.031955][T11494] netlink: 'syz.4.1536': attribute type 29 has an invalid length.
[  438.089529][T11494] netlink: 'syz.4.1536': attribute type 29 has an invalid length.
[  438.117647][T11494] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1536'.
[  438.148933][T11494] netlink: 'syz.4.1536': attribute type 29 has an invalid length.
[  438.287110][T11494] netlink: 'syz.4.1536': attribute type 29 has an invalid length.
[  438.436047][T11502] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1540'.
[  438.577725][T11508] netlink: 'syz.0.1541': attribute type 1 has an invalid length.
[  438.938440][T11514] netlink: 'syz.0.1543': attribute type 10 has an invalid length.
[  442.109359][T11523] __nla_validate_parse: 1 callbacks suppressed
[  442.109387][T11523] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1545'.
[  442.672200][T11539] netlink: 'syz.4.1550': attribute type 1 has an invalid length.
[  442.709701][T11539] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1550'.
[  443.194814][T11550] netlink: 'syz.4.1553': attribute type 1 has an invalid length.
[  443.241287][T11550] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1553'.
[  443.280521][T11541] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1551'.
[  445.253325][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  445.259811][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  445.438636][T11585] netlink: 'syz.2.1561': attribute type 29 has an invalid length.
[  445.447847][T11589] netlink: 'syz.1.1563': attribute type 17 has an invalid length.
[  445.447874][T11589] netlink: 'syz.1.1563': attribute type 16 has an invalid length.
[  445.447892][T11589] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1563'.
[  445.481024][T11590] netlink: 'syz.2.1561': attribute type 29 has an invalid length.
[  445.500508][T11585] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1561'.
[  445.515461][T11585] netlink: 'syz.2.1561': attribute type 29 has an invalid length.
[  445.667913][T11590] netlink: 'syz.2.1561': attribute type 29 has an invalid length.
[  445.742296][T11588] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1562'.
[  447.436676][T11629] netlink: 'syz.2.1574': attribute type 10 has an invalid length.
[  450.636894][T11647] netlink: 'syz.0.1577': attribute type 1 has an invalid length.
[  450.649465][T11647] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1577'.
[  450.799320][T11656] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1580'.
[  450.988223][T11661] netlink: 'syz.0.1581': attribute type 1 has an invalid length.
[  451.001329][T11661] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1581'.
[  451.227244][T11668] IPv6: Can't replace route, no match found
[  451.241829][T11668] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  451.285925][T11669] netlink: 'syz.3.1583': attribute type 29 has an invalid length.
[  451.312443][T11669] netlink: 'syz.3.1583': attribute type 29 has an invalid length.
[  451.362983][T11669] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1583'.
[  451.377297][T11669] netlink: 'syz.3.1583': attribute type 29 has an invalid length.
[  451.619565][T11674] netlink: 'syz.3.1583': attribute type 29 has an invalid length.
[  452.740907][T11691] netlink: 'syz.3.1589': attribute type 10 has an invalid length.
[  452.781613][T11693] netlink: 'syz.0.1591': attribute type 1 has an invalid length.
[  452.789596][T11693] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1591'.
[  456.244260][T11718] IPv6: Can't replace route, no match found
[  456.258727][T11718] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  456.572795][T11705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1594'.
[  456.918800][T11727] IPv6: Can't replace route, no match found
[  457.002579][T11725] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  457.089213][T11731] netlink: 'syz.3.1602': attribute type 17 has an invalid length.
[  457.099316][T11731] netlink: 'syz.3.1602': attribute type 16 has an invalid length.
[  457.111555][T11731] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1602'.
[  457.267520][T11736] netlink: 'syz.0.1604': attribute type 1 has an invalid length.
[  457.276017][T11736] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1604'.
[  458.824315][T11756] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1611'.
[  460.717124][T11806] netlink: 'syz.1.1621': attribute type 1 has an invalid length.
[  460.725305][T11806] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1621'.
[  460.843486][T11786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1617'.
[  464.222745][T11872] netlink: 'syz.0.1639': attribute type 1 has an invalid length.
[  464.322049][T11872] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1639'.
[  464.333222][T11866] netlink: 'syz.1.1640': attribute type 1 has an invalid length.
[  464.368278][T11866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1640'.
[  466.446480][T11880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1643'.
[  466.633582][T11908] netlink: 'syz.4.1649': attribute type 29 has an invalid length.
[  466.677746][T11908] netlink: 'syz.4.1649': attribute type 29 has an invalid length.
[  466.702236][T11908] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1649'.
[  466.714397][T11908] netlink: 'syz.4.1649': attribute type 29 has an invalid length.
[  466.958251][T11914] netlink: 'syz.4.1649': attribute type 29 has an invalid length.
[  467.712492][T11943] netlink: 'syz.2.1660': attribute type 29 has an invalid length.
[  467.751017][T11943] netlink: 'syz.2.1660': attribute type 29 has an invalid length.
[  467.771574][T11943] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1660'.
[  467.787641][T11943] netlink: 'syz.2.1660': attribute type 29 has an invalid length.
[  468.034892][T11946] netlink: 'syz.2.1660': attribute type 29 has an invalid length.
[  469.172664][T11964] FAULT_INJECTION: forcing a failure.
[  469.172664][T11964] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  469.186149][T11964] CPU: 0 UID: 0 PID: 11964 Comm: syz.0.1668 Not tainted syzkaller #0 PREEMPT(full) 
[  469.186176][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  469.186192][T11964] Call Trace:
[  469.186203][T11964]  <TASK>
[  469.186211][T11964]  dump_stack_lvl+0x189/0x250
[  469.186242][T11964]  ? __pfx____ratelimit+0x10/0x10
[  469.186262][T11964]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.186284][T11964]  ? __pfx__printk+0x10/0x10
[  469.186301][T11964]  ? __might_fault+0xb0/0x130
[  469.186341][T11964]  should_fail_ex+0x414/0x560
[  469.186370][T11964]  _copy_from_iter+0x1de/0x1790
[  469.186396][T11964]  ? rcu_is_watching+0x15/0xb0
[  469.186418][T11964]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  469.186443][T11964]  ? __pfx__copy_from_iter+0x10/0x10
[  469.186462][T11964]  ? __build_skb_around+0x257/0x3e0
[  469.186485][T11964]  ? netlink_sendmsg+0x642/0xb30
[  469.186504][T11964]  ? skb_put+0x11b/0x210
[  469.186527][T11964]  netlink_sendmsg+0x6b2/0xb30
[  469.186554][T11964]  ? __pfx_netlink_sendmsg+0x10/0x10
[  469.186577][T11964]  ? aa_sock_msg_perm+0xf1/0x1d0
[  469.186606][T11964]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  469.186622][T11964]  ? __pfx_netlink_sendmsg+0x10/0x10
[  469.186642][T11964]  __sock_sendmsg+0x219/0x270
[  469.186673][T11964]  ____sys_sendmsg+0x505/0x830
[  469.186700][T11964]  ? __pfx_____sys_sendmsg+0x10/0x10
[  469.186730][T11964]  ? import_iovec+0x74/0xa0
[  469.186755][T11964]  ___sys_sendmsg+0x21f/0x2a0
[  469.186784][T11964]  ? __pfx____sys_sendmsg+0x10/0x10
[  469.186838][T11964]  ? __fget_files+0x2a/0x420
[  469.186861][T11964]  ? __fget_files+0x3a0/0x420
[  469.186895][T11964]  __x64_sys_sendmsg+0x19b/0x260
[  469.186919][T11964]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  469.186951][T11964]  ? __pfx_ksys_write+0x10/0x10
[  469.186971][T11964]  ? rcu_is_watching+0x15/0xb0
[  469.186996][T11964]  ? do_syscall_64+0xbe/0x3b0
[  469.187018][T11964]  do_syscall_64+0xfa/0x3b0
[  469.187036][T11964]  ? lockdep_hardirqs_on+0x9c/0x150
[  469.187054][T11964]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.187071][T11964]  ? clear_bhb_loop+0x60/0xb0
[  469.187092][T11964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.187109][T11964] RIP: 0033:0x7f8b5f78eec9
[  469.187125][T11964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.187141][T11964] RSP: 002b:00007f8b6064e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  469.187160][T11964] RAX: ffffffffffffffda RBX: 00007f8b5f9e5fa0 RCX: 00007f8b5f78eec9
[  469.187173][T11964] RDX: 0000000020000040 RSI: 00002000000001c0 RDI: 0000000000000003
[  469.187184][T11964] RBP: 00007f8b6064e090 R08: 0000000000000000 R09: 0000000000000000
[  469.187195][T11964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.187205][T11964] R13: 00007f8b5f9e6038 R14: 00007f8b5f9e5fa0 R15: 00007ffebdc1a638
[  469.187232][T11964]  </TASK>
[  469.503570][T11963] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1666'.
[  469.513192][   T76] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  469.813203][T11975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1670'.
[  469.916104][T11975] netlink: 'syz.0.1670': attribute type 210 has an invalid length.
[  470.146219][T11984] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1672'.
[  470.177436][T11991] netlink: 'syz.2.1673': attribute type 29 has an invalid length.
[  470.271703][T11991] netlink: 'syz.2.1673': attribute type 29 has an invalid length.
[  470.325131][T11996] netlink: 'syz.1.1674': attribute type 1 has an invalid length.
[  470.354214][T11991] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1673'.
[  470.360116][T11996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1674'.
[  470.420070][T11991] netlink: 'syz.2.1673': attribute type 29 has an invalid length.
[  470.461723][T11996] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  470.533089][T11995] netlink: 'syz.2.1673': attribute type 29 has an invalid length.
[  470.845763][T12011] netlink: 'syz.0.1680': attribute type 29 has an invalid length.
[  470.861910][T12011] netlink: 'syz.0.1680': attribute type 29 has an invalid length.
[  470.880040][T12011] netlink: 'syz.0.1680': attribute type 29 has an invalid length.
[  470.988421][T12021] netlink: 'syz.1.1683': attribute type 29 has an invalid length.
[  472.219338][T12048] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1692'.
[  472.659766][T12067] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.1696'.
[  472.958453][T12082] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1702'.
[  476.157937][T12103] validate_nla: 8 callbacks suppressed
[  476.157991][T12103] netlink: 'syz.2.1704': attribute type 1 has an invalid length.
[  476.206292][T12103] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1704'.
[  476.435749][T12118] IPv6: Can't replace route, no match found
[  476.488824][T12118] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  477.537825][T12146] netlink: 'syz.4.1717': attribute type 10 has an invalid length.
[  477.670658][T12150] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1715'.
[  478.102567][T12158] netlink: 'syz.1.1719': attribute type 1 has an invalid length.
[  478.129207][T12158] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1719'.
[  480.979261][T12181] netlink: 'syz.4.1722': attribute type 1 has an invalid length.
[  481.000671][T12181] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1722'.
[  481.194250][T12190] netlink: 'syz.2.1725': attribute type 1 has an invalid length.
[  481.210223][T12190] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1725'.
[  483.289082][T12224] IPv6: Can't replace route, no match found
[  484.075584][T12224] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  484.422738][T12247] netlink: 'syz.0.1741': attribute type 17 has an invalid length.
[  484.438854][T12247] netlink: 'syz.0.1741': attribute type 16 has an invalid length.
[  484.495273][T12247] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1741'.
[  484.633777][T12240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1739'.
[  484.804242][T12254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1742'.
[  484.806927][T12242] IPv6: Can't replace route, no match found
[  484.828274][T12254] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1742'.
[  484.844508][T12251] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  484.896717][T12254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1742'.
[  485.041572][T12254] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1742'.
[  485.067129][T12254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1742'.
[  485.965331][T12272] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.1745'.
[  487.182589][T12299] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1754'.
[  487.638317][T12316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1757'.
[  488.973577][T12340] netlink: 'syz.4.1765': attribute type 6 has an invalid length.
[  489.512624][T12359] __nla_validate_parse: 3 callbacks suppressed
[  489.512680][T12359] netlink: 14568 bytes leftover after parsing attributes in process `syz.4.1770'.
[  489.608939][T12365] IPv6: Can't replace route, no match found
[  489.634836][T12361] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  489.775550][T12370] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.1774'.
[  489.927084][T12372] lo speed is unknown, defaulting to 1000
[  489.950031][T12368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1773'.
[  489.974170][T12372] lo speed is unknown, defaulting to 1000
[  490.014111][T12372] lo speed is unknown, defaulting to 1000
[  490.059970][T12376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1775'.
[  490.115320][T12372] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  490.269503][T12372] lo speed is unknown, defaulting to 1000
[  490.286829][T12372] lo speed is unknown, defaulting to 1000
[  490.303360][T12372] lo speed is unknown, defaulting to 1000
[  490.321915][T12372] lo speed is unknown, defaulting to 1000
[  490.340410][T12372] lo speed is unknown, defaulting to 1000
[  490.494373][T12384] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.1776'.
[  491.000509][T12393] FAULT_INJECTION: forcing a failure.
[  491.000509][T12393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.016298][T12393] CPU: 1 UID: 0 PID: 12393 Comm: syz.2.1782 Not tainted syzkaller #0 PREEMPT(full) 
[  491.016330][T12393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  491.016344][T12393] Call Trace:
[  491.016352][T12393]  <TASK>
[  491.016362][T12393]  dump_stack_lvl+0x189/0x250
[  491.016398][T12393]  ? __pfx____ratelimit+0x10/0x10
[  491.016422][T12393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.016451][T12393]  ? __pfx__printk+0x10/0x10
[  491.016472][T12393]  ? __might_fault+0xb0/0x130
[  491.016505][T12393]  ? __might_fault+0xb0/0x130
[  491.016541][T12393]  should_fail_ex+0x414/0x560
[  491.016580][T12393]  _copy_from_user+0x2d/0xb0
[  491.016619][T12393]  ___sys_sendmsg+0x158/0x2a0
[  491.016653][T12393]  ? __pfx____sys_sendmsg+0x10/0x10
[  491.016710][T12393]  ? __fget_files+0x2a/0x420
[  491.016759][T12393]  ? __fget_files+0x2a/0x420
[  491.016788][T12393]  ? __fget_files+0x3a0/0x420
[  491.016833][T12393]  __x64_sys_sendmsg+0x19b/0x260
[  491.016866][T12393]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  491.016913][T12393]  ? rcu_is_watching+0x15/0xb0
[  491.016941][T12393]  ? trace_sys_enter+0x25/0x100
[  491.016972][T12393]  do_syscall_64+0xfa/0x3b0
[  491.016995][T12393]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.017017][T12393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.017038][T12393]  ? clear_bhb_loop+0x60/0xb0
[  491.017065][T12393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.017087][T12393] RIP: 0033:0x7f7912f8eec9
[  491.017107][T12393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.017126][T12393] RSP: 002b:00007f7913e7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  491.017150][T12393] RAX: ffffffffffffffda RBX: 00007f79131e5fa0 RCX: 00007f7912f8eec9
[  491.017166][T12393] RDX: 0000000000040004 RSI: 0000200000000100 RDI: 0000000000000003
[  491.017180][T12393] RBP: 00007f7913e7c090 R08: 0000000000000000 R09: 0000000000000000
[  491.017193][T12393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.017206][T12393] R13: 00007f79131e6038 R14: 00007f79131e5fa0 R15: 00007ffe5d204758
[  491.017244][T12393]  </TASK>
[  491.796281][T12415] netlink: 'syz.0.1785': attribute type 10 has an invalid length.
[  491.854869][T12416] IPv6: Can't replace route, no match found
[  491.875612][T12416] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  494.882922][T12428] FAULT_INJECTION: forcing a failure.
[  494.882922][T12428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  494.884328][T12428] 
[  494.884371][T12428] ======================================================
[  494.884382][T12428] WARNING: possible circular locking dependency detected
[  494.884396][T12428] syzkaller #0 Not tainted
[  494.884408][T12428] ------------------------------------------------------
[  494.884416][T12428] syz.0.1792/12428 is trying to acquire lock:
[  494.884427][T12428] ffffffff8dd2e920 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x13a/0xc40
[  494.884494][T12428] 
[  494.884494][T12428] but task is already holding lock:
[  494.884501][T12428] ffff8880b8939fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  494.884545][T12428] 
[  494.884545][T12428] which lock already depends on the new lock.
[  494.884545][T12428] 
[  494.884553][T12428] 
[  494.884553][T12428] the existing dependency chain (in reverse order) is:
[  494.884561][T12428] 
[  494.884561][T12428] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  494.884589][T12428]        lock_acquire+0x120/0x360
[  494.884616][T12428]        _raw_spin_lock_nested+0x32/0x50
[  494.884637][T12428]        raw_spin_rq_lock_nested+0x2a/0x140
[  494.884657][T12428]        task_rq_lock+0xbc/0x470
[  494.884676][T12428]        cgroup_move_task+0x92/0x2a0
[  494.884701][T12428]        css_set_move_task+0x658/0x9e0
[  494.884728][T12428]        cgroup_post_fork+0x1ef/0x790
[  494.884754][T12428]        copy_process+0x3862/0x3c00
[  494.884778][T12428]        kernel_clone+0x21e/0x840
[  494.884802][T12428]        user_mode_thread+0xdd/0x140
[  494.884827][T12428]        rest_init+0x23/0x300
[  494.884853][T12428]        start_kernel+0x3ae/0x410
[  494.884879][T12428]        x86_64_start_reservations+0x24/0x30
[  494.884899][T12428]        x86_64_start_kernel+0x143/0x1c0
[  494.884919][T12428]        common_startup_64+0x13e/0x147
[  494.884948][T12428] 
[  494.884948][T12428] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  494.884976][T12428]        lock_acquire+0x120/0x360
[  494.884995][T12428]        _raw_spin_lock_irqsave+0xa7/0xf0
[  494.885025][T12428]        try_to_wake_up+0x67/0x12b0
[  494.885052][T12428]        __wake_up_common_lock+0x137/0x1f0
[  494.885081][T12428]        tty_port_default_wakeup+0xa2/0xf0
[  494.885105][T12428]        serial8250_tx_chars+0x72e/0x970
[  494.885125][T12428]        serial8250_handle_irq+0x633/0xbb0
[  494.885145][T12428]        serial8250_default_handle_irq+0xbf/0x1e0
[  494.885171][T12428]        serial8250_interrupt+0x8a/0x160
[  494.885201][T12428]        __handle_irq_event_percpu+0x292/0xab0
[  494.885230][T12428]        handle_irq_event+0x8b/0x1e0
[  494.885258][T12428]        handle_edge_irq+0x23b/0xa10
[  494.885282][T12428]        __common_interrupt+0x141/0x1f0
[  494.885301][T12428]        common_interrupt+0xb6/0xe0
[  494.885328][T12428]        asm_common_interrupt+0x26/0x40
[  494.885357][T12428]        pv_native_safe_halt+0x13/0x20
[  494.885376][T12428]        default_idle+0x13/0x20
[  494.885398][T12428]        default_idle_call+0x73/0xb0
[  494.885423][T12428]        do_idle+0x1e7/0x510
[  494.885444][T12428]        cpu_startup_entry+0x44/0x60
[  494.885466][T12428]        rest_init+0x2de/0x300
[  494.885490][T12428]        start_kernel+0x3ae/0x410
[  494.885515][T12428]        x86_64_start_reservations+0x24/0x30
[  494.885535][T12428]        x86_64_start_kernel+0x143/0x1c0
[  494.885554][T12428]        common_startup_64+0x13e/0x147
[  494.885583][T12428] 
[  494.885583][T12428] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  494.885611][T12428]        lock_acquire+0x120/0x360
[  494.885629][T12428]        _raw_spin_lock_irqsave+0xa7/0xf0
[  494.885660][T12428]        __wake_up_common_lock+0x2f/0x1f0
[  494.885690][T12428]        tty_port_default_wakeup+0xa2/0xf0
[  494.885713][T12428]        serial8250_tx_chars+0x72e/0x970
[  494.885732][T12428]        serial8250_handle_irq+0x633/0xbb0
[  494.885752][T12428]        serial8250_default_handle_irq+0xbf/0x1e0
[  494.885777][T12428]        serial8250_interrupt+0x8a/0x160
[  494.885807][T12428]        __handle_irq_event_percpu+0x292/0xab0
[  494.885836][T12428]        handle_irq_event+0x8b/0x1e0
[  494.885864][T12428]        handle_edge_irq+0x23b/0xa10
[  494.885888][T12428]        __common_interrupt+0x141/0x1f0
[  494.885907][T12428]        common_interrupt+0xb6/0xe0
[  494.885933][T12428]        asm_common_interrupt+0x26/0x40
[  494.885952][T12428]        _raw_spin_unlock_irqrestore+0xa8/0x110
[  494.885984][T12428]        uart_port_unlock_deref+0x111/0x2f0
[  494.886004][T12428]        uart_write+0xe8/0x130
[  494.886021][T12428]        n_tty_write+0xd24/0x1200
[  494.886046][T12428]        file_tty_write+0x551/0xa20
[  494.886062][T12428]        vfs_write+0x5c9/0xb30
[  494.886085][T12428]        ksys_write+0x145/0x250
[  494.886108][T12428]        do_syscall_64+0xfa/0x3b0
[  494.886129][T12428]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.886149][T12428] 
[  494.886149][T12428] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  494.886177][T12428]        lock_acquire+0x120/0x360
[  494.886194][T12428]        _raw_spin_lock_irqsave+0xa7/0xf0
[  494.886226][T12428]        serial8250_console_write+0x17e/0x1ba0
[  494.886248][T12428]        console_flush_all+0x728/0xc40
[  494.886276][T12428]        console_unlock+0xc4/0x270
[  494.886299][T12428]        vprintk_emit+0x5b7/0x7a0
[  494.886323][T12428]        _printk+0xcf/0x120
[  494.886348][T12428]        register_console+0xa8b/0xf90
[  494.886375][T12428]        univ8250_console_init+0x3a/0x70
[  494.886396][T12428]        console_init+0x10e/0x430
[  494.886414][T12428]        start_kernel+0x254/0x410
[  494.886439][T12428]        x86_64_start_reservations+0x24/0x30
[  494.886460][T12428]        x86_64_start_kernel+0x143/0x1c0
[  494.886479][T12428]        common_startup_64+0x13e/0x147
[  494.886508][T12428] 
[  494.886508][T12428] -> #0 (console_owner){-.-.}-{0:0}:
[  494.886535][T12428]        validate_chain+0xb9b/0x2140
[  494.886559][T12428]        __lock_acquire+0xab9/0xd20
[  494.886578][T12428]        lock_acquire+0x120/0x360
[  494.886596][T12428]        console_flush_all+0x6d2/0xc40
[  494.886623][T12428]        console_unlock+0xc4/0x270
[  494.886647][T12428]        vprintk_emit+0x5b7/0x7a0
[  494.886671][T12428]        _printk+0xcf/0x120
[  494.886686][T12428]        should_fail_ex+0x3f5/0x560
[  494.886713][T12428]        strncpy_from_user+0x36/0x290
[  494.886739][T12428]        strncpy_from_user_nofault+0x72/0x150
[  494.886760][T12428]        bpf_bprintf_prepare+0xb91/0x13a0
[  494.886778][T12428]        bpf_trace_printk+0xdb/0x190
[  494.886802][T12428]        bpf_prog_930ede9872f2967c+0x3e/0x44
[  494.886819][T12428]        bpf_trace_run2+0x281/0x4b0
[  494.886848][T12428]        __bpf_trace_contention_begin+0xdc/0x130
[  494.886873][T12428]        trace_contention_begin+0x114/0x140
[  494.886901][T12428]        __pv_queued_spin_lock_slowpath+0xf0/0xb60
[  494.886924][T12428]        queued_spin_lock_slowpath+0x43/0x50
[  494.886953][T12428]        do_raw_spin_lock+0x21f/0x290
[  494.886986][T12428]        raw_spin_rq_lock_nested+0x2a/0x140
[  494.887007][T12428]        sched_balance_rq+0x3361/0x57a0
[  494.887025][T12428]        sched_balance_newidle+0x6b6/0x1030
[  494.887050][T12428]        pick_next_task_fair+0x40/0xba0
[  494.887073][T12428]        __pick_next_task+0xe4/0x450
[  494.887101][T12428]        __schedule+0x7a4/0x4cc0
[  494.887118][T12428]        schedule+0x165/0x360
[  494.887134][T12428]        synchronize_rcu_expedited+0x583/0x730
[  494.887159][T12428]        synchronize_rcu+0x11a/0x310
[  494.887183][T12428]        nf_tables_abort+0x74cd/0x88a0
[  494.887209][T12428]        nfnetlink_rcv+0x1ca3/0x2520
[  494.887240][T12428]        netlink_unicast+0x82f/0x9e0
[  494.887257][T12428]        netlink_sendmsg+0x805/0xb30
[  494.887296][T12428]        __sock_sendmsg+0x219/0x270
[  494.887327][T12428]        ____sys_sendmsg+0x505/0x830
[  494.887357][T12428]        ___sys_sendmsg+0x21f/0x2a0
[  494.887382][T12428]        __x64_sys_sendmsg+0x19b/0x260
[  494.887407][T12428]        do_syscall_64+0xfa/0x3b0
[  494.887428][T12428]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.887448][T12428] 
[  494.887448][T12428] other info that might help us debug this:
[  494.887448][T12428] 
[  494.887455][T12428] Chain exists of:
[  494.887455][T12428]   console_owner --> &p->pi_lock --> &rq->__lock
[  494.887455][T12428] 
[  494.887489][T12428]  Possible unsafe locking scenario:
[  494.887489][T12428] 
[  494.887496][T12428]        CPU0                    CPU1
[  494.887503][T12428]        ----                    ----
[  494.887508][T12428]   lock(&rq->__lock);
[  494.887523][T12428]                                lock(&p->pi_lock);
[  494.887538][T12428]                                lock(&rq->__lock);
[  494.887554][T12428]   lock(console_owner);
[  494.887568][T12428] 
[  494.887568][T12428]  *** DEADLOCK ***
[  494.887568][T12428] 
[  494.887574][T12428] 7 locks held by syz.0.1792/12428:
[  494.887587][T12428]  #0: ffff88807c2180d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3b/0x100
[  494.887644][T12428]  #1: ffffffff8dd403f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  494.887702][T12428]  #2: ffffffff8dd3a960 (rcu_read_lock){....}-{1:3}, at: sched_balance_newidle+0x2a6/0x1030
[  494.887756][T12428]  #3: ffff8880b8939fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  494.887805][T12428]  #4: ffffffff8dd3a960 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x186/0x4b0
[  494.887862][T12428]  #5: ffffffff8dd2e980 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120
[  494.887907][T12428]  #6: ffffffff8dc16250 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40
[  494.887963][T12428] 
[  494.887963][T12428] stack backtrace:
[  494.887975][T12428] CPU: 0 UID: 0 PID: 12428 Comm: syz.0.1792 Not tainted syzkaller #0 PREEMPT(full) 
[  494.887999][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  494.888013][T12428] Call Trace:
[  494.888021][T12428]  <TASK>
[  494.888031][T12428]  dump_stack_lvl+0x189/0x250
[  494.888061][T12428]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.888090][T12428]  ? __pfx__printk+0x10/0x10
[  494.888111][T12428]  ? print_lock_name+0xde/0x100
[  494.888146][T12428]  print_circular_bug+0x2ee/0x310
[  494.888176][T12428]  check_noncircular+0x134/0x160
[  494.888207][T12428]  validate_chain+0xb9b/0x2140
[  494.888248][T12428]  __lock_acquire+0xab9/0xd20
[  494.888273][T12428]  ? console_flush_all+0x13a/0xc40
[  494.888302][T12428]  lock_acquire+0x120/0x360
[  494.888323][T12428]  ? console_flush_all+0x13a/0xc40
[  494.888366][T12428]  ? do_raw_spin_unlock+0x122/0x240
[  494.888397][T12428]  ? console_flush_all+0x13a/0xc40
[  494.888429][T12428]  console_flush_all+0x6d2/0xc40
[  494.888458][T12428]  ? console_flush_all+0x13a/0xc40
[  494.888490][T12428]  ? console_flush_all+0x13a/0xc40
[  494.888524][T12428]  ? __pfx_console_flush_all+0x10/0x10
[  494.888561][T12428]  ? is_printk_cpu_sync_owner+0x32/0x40
[  494.888596][T12428]  console_unlock+0xc4/0x270
[  494.888625][T12428]  ? __pfx_console_unlock+0x10/0x10
[  494.888653][T12428]  ? is_printk_cpu_sync_owner+0x32/0x40
[  494.888689][T12428]  vprintk_emit+0x5b7/0x7a0
[  494.888718][T12428]  ? __pfx_vprintk_emit+0x10/0x10
[  494.888755][T12428]  _printk+0xcf/0x120
[  494.888773][T12428]  ? __pfx____ratelimit+0x10/0x10
[  494.888797][T12428]  ? __pfx__printk+0x10/0x10
[  494.888823][T12428]  should_fail_ex+0x3f5/0x560
[  494.888857][T12428]  strncpy_from_user+0x36/0x290
[  494.888889][T12428]  strncpy_from_user_nofault+0x72/0x150
[  494.888914][T12428]  bpf_bprintf_prepare+0xb91/0x13a0
[  494.888942][T12428]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  494.888966][T12428]  ? bpf_trace_printk+0xc1/0x190
[  494.888994][T12428]  bpf_trace_printk+0xdb/0x190
[  494.889019][T12428]  ? __lock_acquire+0xab9/0xd20
[  494.889042][T12428]  ? __pfx_bpf_trace_printk+0x10/0x10
[  494.889069][T12428]  ? bpf_trace_run2+0x186/0x4b0
[  494.889111][T12428]  bpf_prog_930ede9872f2967c+0x3e/0x44
[  494.889131][T12428]  bpf_trace_run2+0x281/0x4b0
[  494.889162][T12428]  ? bpf_trace_run2+0x186/0x4b0
[  494.889196][T12428]  ? __pfx_bpf_trace_run2+0x10/0x10
[  494.889232][T12428]  ? __bpf_trace_contention_begin+0xcd/0x130
[  494.889261][T12428]  __bpf_trace_contention_begin+0xdc/0x130
[  494.889289][T12428]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  494.889326][T12428]  trace_contention_begin+0x114/0x140
[  494.889363][T12428]  __pv_queued_spin_lock_slowpath+0xf0/0xb60
[  494.889395][T12428]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  494.889428][T12428]  queued_spin_lock_slowpath+0x43/0x50
[  494.889461][T12428]  do_raw_spin_lock+0x21f/0x290
[  494.889492][T12428]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  494.889529][T12428]  raw_spin_rq_lock_nested+0x2a/0x140
[  494.889554][T12428]  sched_balance_rq+0x3361/0x57a0
[  494.889587][T12428]  ? do_raw_spin_lock+0x121/0x290
[  494.889623][T12428]  ? __pfx_sched_balance_rq+0x10/0x10
[  494.889645][T12428]  ? __lock_acquire+0xab9/0xd20
[  494.889668][T12428]  ? rcu_is_watching+0x15/0xb0
[  494.889714][T12428]  ? __lock_acquire+0xab9/0xd20
[  494.889750][T12428]  sched_balance_newidle+0x6b6/0x1030
[  494.889780][T12428]  ? sched_balance_newidle+0x2a6/0x1030
[  494.889807][T12428]  ? pick_task_fair+0x32d/0x5c0
[  494.889838][T12428]  pick_next_task_fair+0x40/0xba0
[  494.889866][T12428]  __pick_next_task+0xe4/0x450
[  494.889901][T12428]  __schedule+0x7a4/0x4cc0
[  494.889928][T12428]  ? do_raw_spin_lock+0x121/0x290
[  494.889961][T12428]  ? __lock_acquire+0xab9/0xd20
[  494.889982][T12428]  ? __pfx___schedule+0x10/0x10
[  494.890011][T12428]  ? schedule+0x91/0x360
[  494.890031][T12428]  schedule+0x165/0x360
[  494.890051][T12428]  synchronize_rcu_expedited+0x583/0x730
[  494.890083][T12428]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  494.890121][T12428]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  494.890146][T12428]  ? __pfx___might_resched+0x10/0x10
[  494.890170][T12428]  ? __pfx_autoremove_wake_function+0x10/0x10
[  494.890208][T12428]  synchronize_rcu+0x11a/0x310
[  494.890235][T12428]  ? __pfx_synchronize_rcu+0x10/0x10
[  494.890263][T12428]  ? nft_pernet+0x23/0x240
[  494.890292][T12428]  ? nft_pernet+0x23/0x240
[  494.890325][T12428]  nf_tables_abort+0x74cd/0x88a0
[  494.890377][T12428]  ? __pfx_nf_tables_abort+0x10/0x10
[  494.890417][T12428]  ? __kasan_kmalloc+0x93/0xb0
[  494.890449][T12428]  nfnetlink_rcv+0x1ca3/0x2520
[  494.890499][T12428]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  494.890540][T12428]  ? ref_tracker_free+0x63a/0x7d0
[  494.890588][T12428]  ? __netlink_deliver_tap+0x807/0x850
[  494.890670][T12428]  ? netlink_deliver_tap+0x2e/0x1b0
[  494.890705][T12428]  netlink_unicast+0x82f/0x9e0
[  494.890730][T12428]  ? __pfx_netlink_unicast+0x10/0x10
[  494.890750][T12428]  ? netlink_sendmsg+0x642/0xb30
[  494.890771][T12428]  ? skb_put+0x11b/0x210
[  494.890798][T12428]  netlink_sendmsg+0x805/0xb30
[  494.890827][T12428]  ? __pfx_netlink_sendmsg+0x10/0x10
[  494.890853][T12428]  ? aa_sock_msg_perm+0xf1/0x1d0
[  494.890889][T12428]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  494.890910][T12428]  ? __pfx_netlink_sendmsg+0x10/0x10
[  494.890934][T12428]  __sock_sendmsg+0x219/0x270
[  494.890968][T12428]  ____sys_sendmsg+0x505/0x830
[  494.890998][T12428]  ? __pfx_____sys_sendmsg+0x10/0x10
[  494.891028][T12428]  ? import_iovec+0x74/0xa0
[  494.891051][T12428]  ___sys_sendmsg+0x21f/0x2a0
[  494.891080][T12428]  ? __pfx____sys_sendmsg+0x10/0x10
[  494.891123][T12428]  ? __fget_files+0x2a/0x420
[  494.891150][T12428]  ? __fget_files+0x3a0/0x420
[  494.891184][T12428]  __x64_sys_sendmsg+0x19b/0x260
[  494.891211][T12428]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  494.891242][T12428]  ? __pfx_ksys_write+0x10/0x10
[  494.891266][T12428]  ? rcu_is_watching+0x15/0xb0
[  494.891292][T12428]  ? do_syscall_64+0xbe/0x3b0
[  494.891317][T12428]  do_syscall_64+0xfa/0x3b0
[  494.891339][T12428]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.891359][T12428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.891379][T12428]  ? clear_bhb_loop+0x60/0xb0
[  494.891402][T12428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.891422][T12428] RIP: 0033:0x7f8b5f78eec9
[  494.891439][T12428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.891458][T12428] RSP: 002b:00007f8b6064e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  494.891480][T12428] RAX: ffffffffffffffda RBX: 00007f8b5f9e5fa0 RCX: 00007f8b5f78eec9
[  494.891496][T12428] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  494.891510][T12428] RBP: 00007f8b6064e090 R08: 0000000000000000 R09: 0000000000000000
[  494.891522][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  494.891534][T12428] R13: 00007f8b5f9e6038 R14: 00007f8b5f9e5fa0 R15: 00007ffebdc1a638
[  494.891571][T12428]  </TASK>
[  496.460809][T12428] CPU: 0 UID: 0 PID: 12428 Comm: syz.0.1792 Not tainted syzkaller #0 PREEMPT(full) 
[  496.460838][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  496.460854][T12428] Call Trace:
[  496.460863][T12428]  <TASK>
[  496.460873][T12428]  dump_stack_lvl+0x189/0x250
[  496.460906][T12428]  ? __pfx____ratelimit+0x10/0x10
[  496.460929][T12428]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.460957][T12428]  ? __pfx__printk+0x10/0x10
[  496.460985][T12428]  should_fail_ex+0x414/0x560
[  496.461016][T12428]  strncpy_from_user+0x36/0x290
[  496.461047][T12428]  strncpy_from_user_nofault+0x72/0x150
[  496.461073][T12428]  bpf_bprintf_prepare+0xb91/0x13a0
[  496.461102][T12428]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  496.461126][T12428]  ? bpf_trace_printk+0xc1/0x190
[  496.461155][T12428]  bpf_trace_printk+0xdb/0x190
[  496.461180][T12428]  ? __lock_acquire+0xab9/0xd20
[  496.461204][T12428]  ? __pfx_bpf_trace_printk+0x10/0x10
[  496.461231][T12428]  ? bpf_trace_run2+0x186/0x4b0
[  496.461271][T12428]  bpf_prog_930ede9872f2967c+0x3e/0x44
[  496.461291][T12428]  bpf_trace_run2+0x281/0x4b0
[  496.461323][T12428]  ? bpf_trace_run2+0x186/0x4b0
[  496.461356][T12428]  ? __pfx_bpf_trace_run2+0x10/0x10
[  496.461392][T12428]  ? __bpf_trace_contention_begin+0xcd/0x130
[  496.461422][T12428]  __bpf_trace_contention_begin+0xdc/0x130
[  496.461449][T12428]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  496.461494][T12428]  trace_contention_begin+0x114/0x140
[  496.461524][T12428]  __pv_queued_spin_lock_slowpath+0xf0/0xb60
[  496.461555][T12428]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  496.461588][T12428]  queued_spin_lock_slowpath+0x43/0x50
[  496.461621][T12428]  do_raw_spin_lock+0x21f/0x290
[  496.461653][T12428]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  496.461689][T12428]  raw_spin_rq_lock_nested+0x2a/0x140
[  496.461716][T12428]  sched_balance_rq+0x3361/0x57a0
[  496.461750][T12428]  ? do_raw_spin_lock+0x121/0x290
[  496.461785][T12428]  ? __pfx_sched_balance_rq+0x10/0x10
[  496.461808][T12428]  ? __lock_acquire+0xab9/0xd20
[  496.461830][T12428]  ? rcu_is_watching+0x15/0xb0
[  496.461877][T12428]  ? __lock_acquire+0xab9/0xd20
[  496.461913][T12428]  sched_balance_newidle+0x6b6/0x1030
[  496.461943][T12428]  ? sched_balance_newidle+0x2a6/0x1030
[  496.461971][T12428]  ? pick_task_fair+0x32d/0x5c0
[  496.462001][T12428]  pick_next_task_fair+0x40/0xba0
[  496.462030][T12428]  __pick_next_task+0xe4/0x450
[  496.462065][T12428]  __schedule+0x7a4/0x4cc0
[  496.462092][T12428]  ? do_raw_spin_lock+0x121/0x290
[  496.462125][T12428]  ? __lock_acquire+0xab9/0xd20
[  496.462146][T12428]  ? __pfx___schedule+0x10/0x10
[  496.462175][T12428]  ? schedule+0x91/0x360
[  496.462196][T12428]  schedule+0x165/0x360
[  496.462216][T12428]  synchronize_rcu_expedited+0x583/0x730
[  496.462247][T12428]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  496.462283][T12428]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  496.462309][T12428]  ? __pfx___might_resched+0x10/0x10
[  496.462333][T12428]  ? __pfx_autoremove_wake_function+0x10/0x10
[  496.462370][T12428]  synchronize_rcu+0x11a/0x310
[  496.462397][T12428]  ? __pfx_synchronize_rcu+0x10/0x10
[  496.462425][T12428]  ? nft_pernet+0x23/0x240
[  496.462455][T12428]  ? nft_pernet+0x23/0x240
[  496.462494][T12428]  nf_tables_abort+0x74cd/0x88a0
[  496.462535][T12428]  ? __pfx_nf_tables_abort+0x10/0x10
[  496.462574][T12428]  ? __kasan_kmalloc+0x93/0xb0
[  496.462606][T12428]  nfnetlink_rcv+0x1ca3/0x2520
[  496.462657][T12428]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  496.462698][T12428]  ? ref_tracker_free+0x63a/0x7d0
[  496.462746][T12428]  ? __netlink_deliver_tap+0x807/0x850
[  496.462770][T12428]  ? netlink_deliver_tap+0x2e/0x1b0
[  496.462802][T12428]  netlink_unicast+0x82f/0x9e0
[  496.462826][T12428]  ? __pfx_netlink_unicast+0x10/0x10
[  496.462847][T12428]  ? netlink_sendmsg+0x642/0xb30
[  496.462869][T12428]  ? skb_put+0x11b/0x210
[  496.462896][T12428]  netlink_sendmsg+0x805/0xb30
[  496.462925][T12428]  ? __pfx_netlink_sendmsg+0x10/0x10
[  496.462950][T12428]  ? aa_sock_msg_perm+0xf1/0x1d0
[  496.462983][T12428]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  496.463004][T12428]  ? __pfx_netlink_sendmsg+0x10/0x10
[  496.463028][T12428]  __sock_sendmsg+0x219/0x270
[  496.463063][T12428]  ____sys_sendmsg+0x505/0x830
[  496.463093][T12428]  ? __pfx_____sys_sendmsg+0x10/0x10
[  496.463125][T12428]  ? import_iovec+0x74/0xa0
[  496.463153][T12428]  ___sys_sendmsg+0x21f/0x2a0
[  496.463181][T12428]  ? __pfx____sys_sendmsg+0x10/0x10
[  496.463227][T12428]  ? __fget_files+0x2a/0x420
[  496.463253][T12428]  ? __fget_files+0x3a0/0x420
[  496.463288][T12428]  __x64_sys_sendmsg+0x19b/0x260
[  496.463317][T12428]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  496.463350][T12428]  ? __pfx_ksys_write+0x10/0x10
[  496.463375][T12428]  ? rcu_is_watching+0x15/0xb0
[  496.463403][T12428]  ? do_syscall_64+0xbe/0x3b0
[  496.463429][T12428]  do_syscall_64+0xfa/0x3b0
[  496.463451][T12428]  ? lockdep_hardirqs_on+0x9c/0x150
[  496.463479][T12428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.463502][T12428]  ? clear_bhb_loop+0x60/0xb0
[  496.463526][T12428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.463547][T12428] RIP: 0033:0x7f8b5f78eec9
[  496.463566][T12428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.463586][T12428] RSP: 002b:00007f8b6064e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  496.463609][T12428] RAX: ffffffffffffffda RBX: 00007f8b5f9e5fa0 RCX: 00007f8b5f78eec9
[  496.463626][T12428] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  496.463640][T12428] RBP: 00007f8b6064e090 R08: 0000000000000000 R09: 0000000000000000
[  496.463653][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  496.463666][T12428] R13: 00007f8b5f9e6038 R14: 00007f8b5f9e5fa0 R15: 00007ffebdc1a638
[  496.463691][T12428]  </TASK>
[  497.126386][T12420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1789'.